Dynamic Routing Route Maps

Route maps are a powerful mechanism which can match or set various values for use by routing daemons, especially BGP. A route map can match based on criteria such as those set by Access Lists and Prefix Lists, among others. Route maps can control, for example, whether or not specific routes are accepted from neighbors, or whether or not specific routes are distributed to neighbors. They can also adjust various properties of routes, which largely depends upon the context in which they are used, such as for BGP or OSPF.

Route maps are managed on the Route Maps tab under Services > FRR Global/Zebra.

Route map entries are complex, and multiple entries can be combined by using the same name on more than one entry, but with different sequence numbers to control the order in which the route map entries are processed by FRR.

Route Map Configuration

To create a new route map, click fa-plus Add from the Route Maps tab.

The General Options section of the page sets data about this route map entry:

Name

The name of this route map entry.

Note

The same name can be used for multiple entries, but each entry using the same name must use a unique sequence number.

Description

A text description of this route map

Action

The action taken by this route map, either permit or deny.

permit

When an entry is matched and permitted, the “set” actions of a route map are carried out, if present, and then Logic Control entries, if present, are performed. The route will be allowed unless the control flow ultimately prevents that from happening.

deny

When an entry is matched and denied, the route is not allowed.

Sequence

The sequence number of this route map. Must be in the range 1-65535.

The order of entries inside route maps is important, and this order is determined by a sequence number.

Each entry in a route map must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding entries in the future. For example, use 10, 20, 30, rather than 1, 2, 3.

Warning

The order of entries displayed in the GUI may be different than the order set by the sequence numbers. The sequence number order is the true order in which rules are evaluated.

Route Map Contents

The remaining sections on the page control what this route map entry will do. There are numerous options available, from control and logic flow, to matching, setting, and altering routes.

Generally speaking, when an option in the remainder of the page is set to None, it will be ignored or have no effect.

Due to complexity, these options are broken up until multiple sections.

Logic Control

Call Route Map

Will immediately process the selected route map. If the called route map returns deny, then processing is stopped and the route is denied.

Exit Action
next

Proceeds to the next rule in the route-map

<sequence> number

Skips to the rule with the given sequence number in this route map.

Access Lists

Sets an Access List used to match this route map entry.

Prefix Lists

Sets a Prefix List used to match this route map entry.

Next Hop

Controls operations matching or setting the next hop for a route.

Next Hop Action

Chooses between actions to take for the next hop of a route.

Match Peer

Matches a specific next hop peer (e.g. BGP Neighbor).

Match ACL

Matches based on a specific Access List.

Match Prefix List

Matches based on a specific Prefix List.

Set (Peer Only)

Changes the next hop on a route to the specified peer (e.g. BGP Neighbor).

Peer

Specifies a peer for Next Hop Action when it is set to Match Peer or Set (Peer Only).

Local (match only)

Matches a route when its next hop is this firewall.

Unchanged (set only)

Leaves the next hop unchanged.

Peer Address (set only)

For inbound IPv4 routes received from a neighbor, sets the next-hop to the address of the neighbor. For outgoing routes this is the local address used to establish an adjacency with the neighbor.

<Neighbor>

A list of available peers fills out the list. Selecting an entry uses that specific peer to match or set.

ACL

Specifies an Access List used to match the next hop value when Next Hop Action is set to Match ACL.

Prefix List

Specifies an Prefix List used to match the next hop value when Next Hop Action is set to Match Prefix List.

Metric

Match or set the metric of a route.

Metric Action

Chooses between actions to take for the metric of a route.

Match

Matches the given metric value.

Set

Sets the MED value for routes. When this router has multiple links to the same AS, the MED value influences which path the router will prefer. The router will prefer to use links with a lower MED value. Adding a + before the metric value will result in a relative adjustment instead of setting an absolute value.

Set OSPF6 External Type 1 Metric

Similar to above, but only operates on the OSPF6 External Type 1 Metric.

Set OSPF6 External Type 2 Metric

Similar to above, but only operates on the OSPF6 External Type 2 Metric.

Metric Value

The metric value to match or apply. When setting a metric, the value may be +rtt, -rtt, + or - value offset, or a specific metric.

Weight

Sets the weight of the route to the supplied value. When a remote AS is reachable via multiple paths through other intermediate AS neighbors, the router will prefer to use a higher weight path to reach it.

Local Preference

The options in this section will either match or set the BGP local preference value of a route using the given Local Preference value.

BGP AS Paths

Matches or sets a BGP AS Path.

AS Path Action
Match AS Path

Match based on the BGP AS Paths selected in Match AS Path below.

Set Exclude

Excludes the AS numbers specified in Set AS List from the path of the route.

Set Prepend

Prepends the AS numbers specified in Set AS List to the AS path.

Set Prepend Last-AS

Prepends the last AS the number of times specified in Set AS List to the leftmost end of the path.

Warning

Do not select Set Prepend Last-AS in an outbound route-map. The set statement would be executed before the local AS number is prepended to the AS-path.

Match AS Path

The specific BGP AS Path to match.

Set AS List

A list of BGP AS Path entries to apply to the route.

BGP Communities

Matches or sets BGP community values in routes.

Community Action
Match

Match based on community value in Match Community.

Match Exact

Match, but only if the community value matches exactly, rather than being part of a list.

Set

Sets the BGP community value to the list in Set Community.

Match Community
internet, no-export, no-advertise, local-as

Match one of the well-known communities.

<Community Name>

Match a community defined at BGP Community Lists.

Set Community

When setting a community, this is a space-separated list of communities in AS:VAL format, or a well-known community: internet, no-export, no-advertise, or local-as. Can also be set to none to remove BGP community values entirely.

Additive

Adds the specified community value to the route without replacing the existing values.

Origin

Origin Action

Match or set based on the origin (source) of the route.

Origin Name
Remote EGP

Routes from Exterior Gateway Protocols (e.g. BGP).

Local IGP

Routes from Interior Gateway Protocols (e.g. OSPF).

Unknown Heritage (Incomplete)

Routes from unknown sources.

Source Protocol

Matched based on a specific route source protocol from a list of possible options.

Note

Not all options in the list are supported by the FRR package currently.

Tags

Tag Action
Match

Match a tag value set by another route map rule.

Set

Set a tag value to be matched by another route map rule.

Tag Value

The specific tag value to match or set. This value is an integer from 1-4294967295.

RPKI

Matches based on the RPKI state.

Prefix Not Found

The prefix is not present in the configuration.

Invalid Prefix

The prefix is known but failed validation.

Valid Prefix

The prefix is known and passed validation.

Route Map Examples

This example creates a route map to control which routes will be sent to peers via BGP. The first rule prevents any route from sending if it matches entries in the RFC1918 prefix list. The second rule allows routes that match networks listed in the MY-ROUTES prefix list. This ensures that even if other mechanisms would try to export routes to peers, that no routes to private networks are leaked.

  • Name: EBGP-OUT, Sequence: 10, Action: Deny, Match Prefix List: RFC1918

  • Name: EBGP-OUT, Sequence: 20, Action: Permit, Match Prefix List: MY-ROUTES