The ip rd-filter command configures a route distinguisher (RD) filter.
The undo ip rd-filter command deletes an RD filter.
By default, no RD filter is configured.
ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>
undo ip rd-filter rd-filter-number [ { deny | permit } route-distinguisher &<1-10> ]
| Parameter | Description | Value |
|---|---|---|
| rd-filter-number | Specifies the number of the RD filter. | The value is an integer ranging from 1 to 255. |
| permit | Permits a route to match the rules if its RD matches the rules. | - |
| deny | Denied a route if its RD matches the rules. | - |
| route-distinguisher | Specifies the RD. You can set a maximum of 10 RDs. The router supports RDs in the following formats:
|
- |
Usage Scenario
The RD attribute is carried in VPN routes. RDs are used to distinguish address spaces with the same IPv4 address prefix. An RD filter is used to filter VPN routes. The VPN target attribute of the VPN route controls the route exchange between VPN instances. The RD filter can filter a VPN route or multiple VPN routes from VPN instances.
The RD filter is used when configuring tunnel policies. For example, in BGP/MPLS IP VPN networking, VPNv4 and labeled BGP routes direct traffic to LSPs by default, and load balancing is not performed. To apply a tunnel policy to a specified VPNv4 route or a labeled BGP route, run the ip rd-filter command to configure the RD filter.
Implementation
The RD filter has the following rules:
If the RD filter is not configured but is used to filter routes, the matching result is permit.
For example, the RD filter 100 is not configured but is used by the route-policy:
route-policy test permit node 10
if-match rd-filter 100
When the route-policy is used to filter routes, the routes match this if-match clause, and the routes match the node 10 in the route-policy named test.
If the RD filter is configured but the RD of routes does not match any RD defined in the RD filter, the default matching result is deny.
For example, the RD of routes is 100:1, and the configuration of the RD filter is as follows:
ip rd-filter 100 permit 1.1.1.1:100
When the RD filter is used to filter routes, the matching result is deny.
The relationship between the rules of the RD filter is "OR". This is different from the community filter. This is because each route has only one RD but can have multiple communities.
For example, the RD filters in the following formats have the same matching results:
Format 1:
ip rd-filter 100 permit 100:1 200:1 2.2.2.2:1 3.3.3.3:1
Format 2:
ip rd-filter 100 permit 100:1 200:1
ip rd-filter 100 permit 2.2.2.2:1
ip rd-filter 100 permit 3.3.3.3:1
The community filters in the following formats have different matching results:
Format 1:
ip community-filter 1 permit 100:1 200:1 300:1
Format 2:
ip community-filter 1 permit 100:1
ip community-filter 1 permit 200:1 300:1
In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.
Routes are filtered according to the configuration order of multiple rules. For example:
ip rd-filter 100 deny 200:1 5.5.5.5:1
ip rd-filter 100 permit 200:* 5.5.5.5:*
In this situation, the route with the RD 200:1 or 5.5.5.5:1 is denied. If the configuration order of multiple rules is reversed as follows:
ip rd-filter 100 permit 200:* 5.5.5.5:*
ip rd-filter 100 deny 200:1 5.5.5.5:1
In this situation, the route with the RD 200:1 or 5.5.5.5:1 is permitted.
Each RD filter can be configured with a maximum of 255 rules.
Precautions
After the RD filter is configured, by default, RM immediately notifies the protocols of applying the RD filter. To prevent the protocols from re-applying the routing policies that are not completely configured, run the route-policy-change notify-delay command to configure delay time for the routing policies.