Help Center/ Enterprise Router/ User Guide/ Routing Control/ Route Policies/ Route Policy Overview
Updated on 2024-10-14 GMT+08:00
View PDF
Share

Route Policy Overview

Introduction

Route policies filter routes. You can configure route policy values to change the paths through which network traffic passes.

A route policy can be applied to the following types of attachments:
  • Virtual gateway attachments
  • Peering connection attachments
  • VPN gateway attachments
  • Global DC gateway attachments
An enterprise router can use a route policy to:
  • Advertise only the routes that match the conditions specified in the route policy.
  • Accept only wanted and valid routes. This reduces route table size and improves network security.
  • Filter routes. To enrich routing information, a routing protocol may import routes discovered by other routing protocols. Only the routes that match the conditions of the route policy can be imported and the attributes of the routes can be changed as required.
  • Change the policy values of routes as needed.

Advantages

  • The size of route tables can be controlled to conserve system resources.
  • The route advertisement and acceptance can be controlled to improve network security.
  • Route policy values can be modified to control traffic and improve network performance.

Functions

A route policy can contain one or more route policy nodes. A node consists of match conditions and policy values and can be considered as a route filter.
  • Routes that match conditions are allowed or denied. For details, see Table 1.
  • Policy values of routes that match conditions can be changed. For details, see Table 2.
Table 1 Route match conditions

Match Condition

Description

Route types
  • Static: Manually configured routes

    Custom routes and propagated routes of VPC attachments in enterprise router route tables are static routes.

  • BGP: Routes learned through BGP

    Direct Connect virtual gateways communicate with enterprise routers using BGP so the routes of virtual gateway attachments propagated to enterprise router route tables are BGP routes.

    Also, the routes of peering connection attachments, VPN gateway attachments, and global DC gateway attachments propagated to enterprise router route tables are BGP routes.

IP prefix lists

An IP prefix list contains prefix rules for route filtering. You can define IP prefixes and netmasks in prefix rules to match the destination addresses or next hops of routes.

An IP prefix list is used to filter routes that are advertised and received by dynamic routing protocols. For more information, see IP Prefix List Overview.

AS_Path lists

An AS_Path list is a collection of filters that are used to filter BGP routes based on AS_Path attributes contained in BGP routes. AS_Path attributes record the number of each AS that BGP routes pass through from the source to the destination in distance-vector order.

AS_Path attributes are private attributes of BGP and AS_Path filters take effect only on BGP routes. For more information, see AS_Path List Overview.
Table 2 Route policy values

Policy Value

Description

PrefVal
  • PrefVal is a Huawei-specific route attribute. A larger PrefVal value indicates a higher route priority.
  • You can change the PrefVal value of a route by changing the PrefVal value in the route policy.
    The default PrefVal values of routes for different types of enterprise router attachments are as follows:
    • Virtual gateway attachments: 100
    • Peering connection attachments: 60
    • VPN gateway attachments: 80
    • Global DC gateway attachments: 100
    NOTICE:

    Changing the PrefVal value of a route may adversely affect route selection of attachments. Submit a service ticket to evaluate the change.

AS_Path
  • AS_Path attributes record the number of each AS that BGP routes pass through from the source to the destination in distance-vector order.
  • You can add, replace, or delete AS_Path policy values.
    • Add a policy value to the left of AS_Path.
    • Replace the original policy value of AS_Path.
    • Delete the specified policy value of AS_Path.

Match Rules

A route policy can contain one or more nodes. A node consists of match conditions and policy values. Figure 1 describes the match process. When a route policy is used to filter routes, a node with a smaller number is matched first.
  • If a route matches all filtering conditions of a node:
    • If Action of the node is Allow, the route is allowed.

      You can add, replace, or delete policy values.

    • If Action of the node is Deny, the route is denied.
  • If a route does not match any node in the route policy, the route is denied.
Figure 1 Match process

A route policy filters routes by sequential match, unique match, or deny by default.

  • Sequential match: Nodes will be matched by sequence, and a node with a smaller number is matched first. Nodes in a route policy may be sorted in different orders if their numbers are changed, and the filtering results may be different.
  • Unique match: If a route matches a node, it no longer tries to match other nodes.
  • Deny by default: By default, routes that do not match any node in a route policy are denied. If a route policy has one or more deny nodes, you need to create a node to allow all other routes.

Notes and Constraints

  • By default, an account can have up to five route policies.
  • By default, a route policy can have up to 100 nodes.
  • Changing a route policy will also change the associated routes. To reduce the impact on network performance, a route policy can only be changed once within 40 seconds.
Parent topic: Route Policies