I am currently testing this functionality. We are a dual carrier MPLS shop and we are testing 128T for our headend and branch router use. I need to filter out certain IP's so peering only forms on the respective carrier's node within the router. Each node within the router is handling a carrier link. This ensures paths are formed only over the WAN links each node is responsible for. I have a test lab set up that mimics dual carriers and a set of HA routers; 1 HA Pair emulating the branch and 1 emulating the headend. I'm using the new route map functionality that is in 3.2.2 to test the filtering of certain routes.
##Here's my filter and policy config:
config authority routing filter test-bgp-filter1 type prefix-filter
config authority routing filter test-bgp-filter1 name test-bgp-filter1
config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in name deny-10-13-250-0-in
config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in filter accept
config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in prefix 10.13.250.0/30
config authority routing policy test-policy name test-policy
config authority routing policy test-policy statement block-carrier-ip name block-carrier-ip
config authority routing policy test-policy statement block-carrier-ip policy reject
config authority routing policy test-policy statement block-carrier-ip condition address-prefix-filter-condition type address-prefix-filter-condition
config authority routing policy test-policy statement block-carrier-ip condition address-prefix-filter-condition prefix-filter test-bgp-filter1
config authority routing policy test-policy statement accept-rest name accept-rest
#[#]? this is my BGP config
config authority router us6645ny_lab_headendrtr routing default-instance type default-instance
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp type bgp
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp local-as 65501
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp address-family ipv4-unicast afi-safi ipv4-unicast
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 neighbor-address 10.13.250.13
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 neighbor-as 65400
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 local-as 65501
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 description ""carrier 1""
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 address-family ipv4-unicast afi-safi ipv4-unicast
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 address-family ipv4-unicast prefix-limit max-prefixes 3000
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-address 10.13.250.9
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-as 65300
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 local-as 65501
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-policy inbound-policy test-policy
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 address-family ipv4-unicast afi-safi ipv4-unicast
config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 address-family ipv4-unicast prefix-limit max-prefixes 3000
So far things are working as expected.