]>
Commit | Line | Data |
---|---|---|
42fc5d26 QY |
1 | ********* |
2 | Filtering | |
3 | ********* | |
4 | ||
c1a54c05 QY |
5 | FRR provides many very flexible filtering features. Filtering is used |
6 | for both input and output of the routing information. Once filtering is | |
42fc5d26 QY |
7 | defined, it can be applied in any direction. |
8 | ||
42fc5d26 QY |
9 | IP Access List |
10 | ============== | |
11 | ||
c1a54c05 QY |
12 | .. index:: access-list NAME permit IPV4-NETWORK |
13 | .. clicmd:: access-list NAME permit IPV4-NETWORK | |
42fc5d26 | 14 | |
c1a54c05 QY |
15 | .. index:: access-list NAME deny IPV4-NETWORK |
16 | .. clicmd:: access-list NAME deny IPV4-NETWORK | |
42fc5d26 | 17 | |
c1a54c05 QY |
18 | Basic filtering is done by `access-list` as shown in the |
19 | following example. | |
42fc5d26 | 20 | |
9eb95b3b | 21 | .. code-block:: frr |
42fc5d26 | 22 | |
c1a54c05 QY |
23 | access-list filter deny 10.0.0.0/9 |
24 | access-list filter permit 10.0.0.0/8 | |
a8c90e15 | 25 | |
42fc5d26 | 26 | |
42fc5d26 QY |
27 | IP Prefix List |
28 | ============== | |
29 | ||
30 | *ip prefix-list* provides the most powerful prefix based | |
c1a54c05 | 31 | filtering mechanism. In addition to *access-list* functionality, |
42fc5d26 | 32 | *ip prefix-list* has prefix length range specification and |
c1a54c05 | 33 | sequential number specification. You can add or delete prefix based |
42fc5d26 QY |
34 | filters to arbitrary points of prefix-list using sequential number specification. |
35 | ||
c1a54c05 | 36 | If no ip prefix-list is specified, it acts as permit. If *ip prefix-list* |
42fc5d26 QY |
37 | is defined, and no match is found, default deny is applied. |
38 | ||
c1a54c05 QY |
39 | .. index:: ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN] |
40 | .. clicmd:: ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN] | |
42fc5d26 | 41 | |
c1a54c05 QY |
42 | .. index:: ip prefix-list NAME seq NUMBER (permit|deny) PREFIX [le LEN] [ge LEN] |
43 | .. clicmd:: ip prefix-list NAME seq NUMBER (permit|deny) PREFIX [le LEN] [ge LEN] | |
42fc5d26 | 44 | |
c1a54c05 | 45 | You can create *ip prefix-list* using above commands. |
42fc5d26 | 46 | |
c1a54c05 QY |
47 | seq |
48 | seq `number` can be set either automatically or manually. In the | |
42fc5d26 | 49 | case that sequential numbers are set manually, the user may pick any |
c1a54c05 | 50 | number less than 4294967295. In the case that sequential number are set |
42fc5d26 | 51 | automatically, the sequential number will increase by a unit of five (5) |
c1a54c05 | 52 | per list. If a list with no specified sequential number is created |
42fc5d26 QY |
53 | after a list with a specified sequential number, the list will |
54 | automatically pick the next multiple of five (5) as the list number. | |
55 | For example, if a list with number 2 already exists and a new list with | |
c1a54c05 | 56 | no specified number is created, the next list will be numbered 5. If |
42fc5d26 QY |
57 | lists 2 and 7 already exist and a new list with no specified number is |
58 | created, the new list will be numbered 10. | |
59 | ||
c1a54c05 QY |
60 | le |
61 | Specifies prefix length. The prefix list will be applied if the prefix | |
62 | length is less than or equal to the le prefix length. | |
42fc5d26 | 63 | |
c1a54c05 QY |
64 | ge |
65 | Specifies prefix length. The prefix list will be applied if the prefix | |
66 | length is greater than or equal to the ge prefix length. | |
42fc5d26 | 67 | |
42fc5d26 | 68 | |
c1a54c05 QY |
69 | Less than or equal to prefix numbers and greater than or equal to |
70 | prefix numbers can be used together. The order of the le and ge | |
71 | commands does not matter. | |
42fc5d26 | 72 | |
c1a54c05 QY |
73 | If a prefix list with a different sequential number but with the exact |
74 | same rules as a previous list is created, an error will result. | |
75 | However, in the case that the sequential number and the rules are | |
76 | exactly similar, no error will result. | |
42fc5d26 | 77 | |
c1a54c05 QY |
78 | If a list with the same sequential number as a previous list is created, |
79 | the new list will overwrite the old list. | |
42fc5d26 | 80 | |
c1a54c05 QY |
81 | Matching of IP Prefix is performed from the smaller sequential number to the |
82 | larger. The matching will stop once any rule has been applied. | |
42fc5d26 | 83 | |
c1a54c05 QY |
84 | In the case of no le or ge command, the prefix length must match exactly the |
85 | length specified in the prefix list. | |
42fc5d26 | 86 | |
c1a54c05 QY |
87 | .. index:: no ip prefix-list NAME |
88 | .. clicmd:: no ip prefix-list NAME | |
42fc5d26 | 89 | |
0efdf0fe | 90 | .. _ip-prefix-list-description: |
42fc5d26 QY |
91 | |
92 | ip prefix-list description | |
93 | -------------------------- | |
94 | ||
c1a54c05 QY |
95 | .. index:: ip prefix-list NAME description DESC |
96 | .. clicmd:: ip prefix-list NAME description DESC | |
42fc5d26 | 97 | |
c1a54c05 QY |
98 | Descriptions may be added to prefix lists. This command adds a |
99 | description to the prefix list. | |
42fc5d26 | 100 | |
c1a54c05 QY |
101 | .. index:: no ip prefix-list NAME description [DESC] |
102 | .. clicmd:: no ip prefix-list NAME description [DESC] | |
42fc5d26 | 103 | |
c1a54c05 QY |
104 | Deletes the description from a prefix list. It is possible to use the |
105 | command without the full description. | |
42fc5d26 | 106 | |
0efdf0fe | 107 | .. _ip-prefix-list-sequential-number-control: |
42fc5d26 QY |
108 | |
109 | ip prefix-list sequential number control | |
110 | ---------------------------------------- | |
111 | ||
c1a54c05 QY |
112 | .. index:: ip prefix-list sequence-number |
113 | .. clicmd:: ip prefix-list sequence-number | |
42fc5d26 | 114 | |
c1a54c05 QY |
115 | With this command, the IP prefix list sequential number is displayed. |
116 | This is the default behavior. | |
42fc5d26 | 117 | |
c1a54c05 QY |
118 | .. index:: no ip prefix-list sequence-number |
119 | .. clicmd:: no ip prefix-list sequence-number | |
42fc5d26 | 120 | |
c1a54c05 QY |
121 | With this command, the IP prefix list sequential number is not |
122 | displayed. | |
42fc5d26 | 123 | |
11ab5329 | 124 | .. _showing-ip-prefix-list: |
42fc5d26 QY |
125 | |
126 | Showing ip prefix-list | |
127 | ---------------------- | |
128 | ||
c1a54c05 QY |
129 | .. index:: show ip prefix-list |
130 | .. clicmd:: show ip prefix-list | |
42fc5d26 | 131 | |
c1a54c05 | 132 | Display all IP prefix lists. |
42fc5d26 | 133 | |
c1a54c05 QY |
134 | .. index:: show ip prefix-list NAME |
135 | .. clicmd:: show ip prefix-list NAME | |
42fc5d26 | 136 | |
c1a54c05 | 137 | Show IP prefix list can be used with a prefix list name. |
42fc5d26 | 138 | |
c1a54c05 QY |
139 | .. index:: show ip prefix-list NAME seq NUM |
140 | .. clicmd:: show ip prefix-list NAME seq NUM | |
42fc5d26 | 141 | |
c1a54c05 QY |
142 | Show IP prefix list can be used with a prefix list name and sequential |
143 | number. | |
42fc5d26 | 144 | |
c1a54c05 QY |
145 | .. index:: show ip prefix-list NAME A.B.C.D/M |
146 | .. clicmd:: show ip prefix-list NAME A.B.C.D/M | |
42fc5d26 | 147 | |
c1a54c05 QY |
148 | If the command longer is used, all prefix lists with prefix lengths equal to |
149 | or longer than the specified length will be displayed. If the command first | |
150 | match is used, the first prefix length match will be displayed. | |
42fc5d26 | 151 | |
c1a54c05 QY |
152 | .. index:: show ip prefix-list NAME A.B.C.D/M longer |
153 | .. clicmd:: show ip prefix-list NAME A.B.C.D/M longer | |
154 | .. index:: show ip prefix-list NAME A.B.C.D/M first-match | |
155 | .. clicmd:: show ip prefix-list NAME A.B.C.D/M first-match | |
156 | .. index:: show ip prefix-list summary | |
157 | .. clicmd:: show ip prefix-list summary | |
158 | .. index:: show ip prefix-list summary NAME | |
159 | .. clicmd:: show ip prefix-list summary NAME | |
160 | .. index:: show ip prefix-list detail | |
161 | .. clicmd:: show ip prefix-list detail | |
162 | .. index:: show ip prefix-list detail NAME | |
163 | .. clicmd:: show ip prefix-list detail NAME | |
42fc5d26 QY |
164 | |
165 | Clear counter of ip prefix-list | |
166 | ------------------------------- | |
167 | ||
c1a54c05 QY |
168 | .. index:: clear ip prefix-list |
169 | .. clicmd:: clear ip prefix-list | |
42fc5d26 | 170 | |
c1a54c05 QY |
171 | Clears the counters of all IP prefix lists. Clear IP Prefix List can be used |
172 | with a specified name and prefix. | |
42fc5d26 | 173 | |
c1a54c05 QY |
174 | .. index:: clear ip prefix-list NAME |
175 | .. clicmd:: clear ip prefix-list NAME | |
42fc5d26 | 176 | |
c1a54c05 QY |
177 | .. index:: clear ip prefix-list NAME A.B.C.D/M |
178 | .. clicmd:: clear ip prefix-list NAME A.B.C.D/M |