Dynamic Routing Route Maps

Route maps are a powerful mechanism which can match or set various values for use by routing daemons, especially BGP. A route map can match based on criteria such as those set by Access Lists and Prefix Lists, among others. Route maps can control, for example, whether or not specific routes are accepted from neighbors, or whether or not specific routes are distributed to neighbors. They can also adjust various properties of routes, which largely depends upon the context in which they are used, such as for BGP or OSPF.

Route maps are managed on the Route Maps tab under Services > FRR Global/Zebra.

Route map entries are complex, and multiple entries can be combined by using the same name on more than one entry, but with different sequence numbers to control the order in which the route map entries are processed by FRR.

Route Map Configuration

To create a new route map, click fa-plus Add from the Route Maps tab.

The General Options section of the page sets data about this route map entry:

Name:

The name of this route map entry.

Note

The same name can be used for multiple entries, but each entry using the same name must use a unique sequence number.

Description:

A text description of this route map

Action:

The action taken by this route map, either permit or deny.

permit:

When an entry is matched and permitted, the “set” actions of a route map are carried out, if present, and then Logic Control entries, if present, are performed. The route will be allowed unless the control flow ultimately prevents that from happening.

deny:

When an entry is matched and denied, the route is not allowed.

Sequence:

The sequence number of this route map. Must be in the range 1-65535.

The order of entries inside route maps is important, and this order is determined by a sequence number.

Each entry in a route map must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding entries in the future. For example, use 10, 20, 30, rather than 1, 2, 3.

Warning

The order of entries displayed in the GUI may be different than the order set by the sequence numbers. The sequence number order is the true order in which rules are evaluated.

Route Map Contents

The remaining sections on the page control what this route map entry will do. There are numerous options available, from control and logic flow, to matching, setting, and altering routes.

Generally speaking, when an option in the remainder of the page is set to None, it will be ignored or have no effect.

Due to complexity, these options are broken up until multiple sections.

Logic Control

Call Route Map:

Will immediately process the selected route map. If the called route map returns deny, then processing is stopped and the route is denied.

Exit Action:
next:

Proceeds to the next rule in the route-map

<sequence> number:

Skips to the rule with the given sequence number in this route map.

Access Lists

Sets an Access List used to match this route map entry.

Prefix Lists

Sets a Prefix List used to match this route map entry.

Next Hop

Controls operations matching or setting the next hop for a route.

Next Hop Action:

Chooses between actions to take for the next hop of a route.

Match Peer:

Matches a specific next hop peer (e.g. BGP Neighbor).

Match ACL:

Matches based on a specific Access List.

Match Prefix List:

Matches based on a specific Prefix List.

Set (Peer Only):

Changes the next hop on a route to the specified peer (e.g. BGP Neighbor).

Peer:

Specifies a peer for Next Hop Action when it is set to Match Peer or Set (Peer Only).

Local (match only):

Matches a route when its next hop is this firewall.

Unchanged (set only):

Leaves the next hop unchanged.

Peer Address (set only):

For inbound IPv4 routes received from a neighbor, sets the next-hop to the address of the neighbor. For outgoing routes this is the local address used to establish an adjacency with the neighbor.

<Neighbor>:

A list of available peers fills out the list. Selecting an entry uses that specific peer to match or set.

ACL:

Specifies an Access List used to match the next hop value when Next Hop Action is set to Match ACL.

Prefix List:

Specifies an Prefix List used to match the next hop value when Next Hop Action is set to Match Prefix List.

Metric

Match or set the metric of a route.

Metric Action:

Chooses between actions to take for the metric of a route.

Match:

Matches the given metric value.

Set:

Sets the MED value for routes. When this router has multiple links to the same AS, the MED value influences which path the router will prefer. The router will prefer to use links with a lower MED value. Adding a + before the metric value will result in a relative adjustment instead of setting an absolute value.

Set OSPF6 External Type 1 Metric:

Similar to above, but only operates on the OSPF6 External Type 1 Metric.

Set OSPF6 External Type 2 Metric:

Similar to above, but only operates on the OSPF6 External Type 2 Metric.

Metric Value:

The metric value to match or apply. When setting a metric, the value may be +rtt, -rtt, + or - value offset, or a specific metric.

Weight

Sets the weight of the route to the supplied value. When a remote AS is reachable via multiple paths through other intermediate AS neighbors, the router will prefer to use a higher weight path to reach it.

Local Preference

The options in this section will either match or set the BGP local preference value of a route using the given Local Preference value.

BGP AS Paths

Matches or sets a BGP AS Path.

AS Path Action:
Match AS Path:

Match based on the BGP AS Paths selected in Match AS Path below.

Set Exclude:

Excludes the AS numbers specified in Set AS List from the path of the route.

Set Prepend:

Prepends the AS numbers specified in Set AS List to the AS path.

Set Prepend Last-AS:

Prepends the last AS the number of times specified in Set AS List to the leftmost end of the path.

Warning

Do not select Set Prepend Last-AS in an outbound route-map. The set statement would be executed before the local AS number is prepended to the AS-path.

Match AS Path:

The specific BGP AS Path to match.

Set AS List:

A list of BGP AS Path entries to apply to the route.

BGP Communities

Matches or sets BGP community values in routes.

Community Action:
Match:

Match based on community value in Match Community.

Match Exact:

Match, but only if the community value matches exactly, rather than being part of a list.

Set:

Sets the BGP community value to the list in Set Community.

Match Community:
internet, no-export, no-advertise, local-as:

Match one of the well-known communities.

<Community Name>:

Match a community defined at BGP Community Lists.

Set Community:

When setting a community, this is a space-separated list of communities in AS:VAL format, or a well-known community: internet, no-export, no-advertise, or local-as. Can also be set to none to remove BGP community values entirely.

Additive:

Adds the specified community value to the route without replacing the existing values.

Origin

Origin Action:

Match or set based on the origin (source) of the route.

Origin Name:
Remote EGP:

Routes from Exterior Gateway Protocols (e.g. BGP).

Local IGP:

Routes from Interior Gateway Protocols (e.g. OSPF).

Unknown Heritage (Incomplete):

Routes from unknown sources.

Source Protocol

Matched based on a specific route source protocol from a list of possible options.

Note

Not all options in the list are supported by the FRR package currently.

Tags

Tag Action:
Match:

Match a tag value set by another route map rule.

Set:

Set a tag value to be matched by another route map rule.

Tag Value:

The specific tag value to match or set. This value is an integer from 1-4294967295.

RPKI

Matches based on the RPKI state.

Prefix Not Found:

The prefix is not present in the configuration.

Invalid Prefix:

The prefix is known but failed validation.

Valid Prefix:

The prefix is known and passed validation.

Route Map Examples

This example creates a route map to control which routes will be sent to peers via BGP. The first rule prevents any route from sending if it matches entries in the RFC1918 prefix list. The second rule allows routes that match networks listed in the MY-ROUTES prefix list. This ensures that even if other mechanisms would try to export routes to peers, that no routes to private networks are leaked.

  • Name: EBGP-OUT, Sequence: 10, Action: Deny, Match Prefix List: RFC1918

  • Name: EBGP-OUT, Sequence: 20, Action: Permit, Match Prefix List: MY-ROUTES