Function
Using the firewall ddos bgp-next-hop fib-filter command, you can implement the FIB filtering on the generated host route.
Using the undo firewall ddos bgp-next-hop fib-filter command, you can cancel the FIB filtering on the generated host route.
Usage Guidelines
You can determine whether to configure the command according to the actual deployment:
- When the UNR route injection is adopted, the cleaning device forwards the traffic to the access routing device according to the generated UNR routes. Therefore, the firewall ddos bgp-next-hop fib-filter [ ipv6 ] command cannot be configured.
- When the static route injection is adopted, the firewall ddos bgp-next-hop fib-filter [ ipv6 ] command should be configured to prevent the situation that the static route forwarding is affected by the generated UNR routes.
- When the MPLS injection is adopted, the firewall ddos bgp-next-hop fib-filter [ ipv6 ] command should be configured to prevent the situation that the MPLS forwarding is affected by the generated UNR routes.
- When the GRE injection is adopted, the firewall ddos bgp-next-hop fib-filter [ ipv6 ] command should be configured to prevent the situation that the GRE forwarding is affected by the generated UNR routes.
- If there are multiple injection links, and the cleaning device already learns the route to the protected destination IP address through routing protocols such as OSPF, the firewall ddos bgp-next-hop fib-filter [ ipv6 ] command should be configured to prevent the situation that the MPLS forwarding is affected by the generated UNR routes.
NOTE: If the firewall ddos bgp-next-hop { ip-address | ipv6 ipv6-address } command is used to set a reinjection interface, the interface must be Up. Otherwise, FIB filtering does not take effect.