Dynamic Routing Route Maps

Route maps are a powerful mechanism which can match or set various values for use by routing daemons, especially BGP. A route map can match based on criteria such as those set by Dynamic Routing Access Lists and Dynamic Routing Prefix Lists, among others. Route maps can control, for example, whether or not specific routes are accepted from neighbors, or whether or not specific routes are distributed to neighbors. They can also adjust various properties of routes, which largely depends upon the context in which they are used, such as for BGP or OSPF.

Route Map Configuration

To create a new route map, use the route dynamic route-map <route-map-name> command, which enters config-route-map mode for the route map named <route-map-name>:

tnsr(config)# route dynamic route-map <route-map-name>
tnsr(config-route-map)#

Once in this mode, there are additional commands:

description <string>:

A text description of this route map.

sequence <sequence>:

The sequence number of this route map. Enters config-route-map-rule mode.

The sequence command may be repeated with different sequence numbers to setup additional rule entries in the same route map.

config-route-map-rule mode offers a variety of commands, which have been broken up into sections.

Route Map General Parameters

description <string>:

A text description of this route map rule.

policy (permit|deny):

The action taken by this route map.

permit:

When an entry is matched and permitted, the Route Map Set Operations portions of the route map are carried out, if present, and then Route Map Control Operations entries, if present, are performed. The route will be allowed unless the control flow ultimately prevents that from happening.

deny:

When an entry is matched and denied, the route is not allowed.

Route Map Matching Criteria

match as-path <as-path-name>:

Match based on BGP AS Path Access Lists.

match community <comm-list-name> [exact-match]:

Match based on BGP Community Lists.

match extcommunity <extcomm-list-name>:

Match based on Extended BGP Community Lists.

match interface <if-name>:

Match based on a specific interface name.

match ip address access-list <access-list-name>:

Match IPv4 route content based on Dynamic Routing Access Lists.

match ip address prefix-list <prefix-list-name>:

Match IPv4 route content based on Dynamic Routing Prefix Lists.

match ip next-hop access-list <access-list-name>:

Match the next-hop of IPv4 routes based on Dynamic Routing Access Lists.

match ip next-hop <ipv4-address>:

Match the next-hop of IPv4 routes based on IPv4 address.

match ip next-hop prefix-list <prefix-list-name>:

Match the next-hop of IPv4 routes based on Dynamic Routing Prefix Lists.

match ipv6 address access-list <access-list-name>:

Match IPv6 route content based on Dynamic Routing Access Lists.

match ipv6 address prefix-list <prefix-list-name>:

Match IPv6 route content based on Dynamic Routing Prefix Lists.

match large-community <large-comm-list-name>:

Match based on Large BGP Community Lists.

match local-preference <preference-uint32>:

Match based on configured local preference of a route.

match metric <metric-uint32>:

Match based on the metric of a route.

match origin (egp|igp|incomplete):

Match based on the origin (source) of a route. It can be one of egp (exterior gateway protocols), igp (interior gateway protocols), or incomplete.

match peer <peer-ip-address>:

Match based on the IP address of the neighbor associated with a route.

match probability <percent>:

Match a subset of routes based on the given percent value. For example, a value of 60 would match 60% of routes.

match rpki (invalid|notfound|valid):

Matches based on the status of RPKI validation information.

invalid:

RPKI information is present and the peer failed validation.

notfound:

There is no RPKI validation information for this peer.

valid:

RPKI information is present and the peer passed validation.

match source-protocol <src-protocol>:

Matches based on the routing protocol for this route (For a list, see Dynamic Routing Protocol Lists.)

match tag <value>:

Match a tag value set by another route map rule. This value is an integer from 1-4294967295.

Route Map Set Operations

set aggregator as <asn> ip address <ipv4-address>:

Sets the AS of an aggregated route to the specified AS number and its origin to the specified IP address.

set as-path exclude <as-number> [<as-number> […]]:

Excludes the specified AS numbers from the path of the route. Multiple AS numbers can be listed separated by spaces.

set as-path prepend <as-number> [<as-number> […]]:

Prepends the specified AS numbers to the AS path. Multiple AS numbers can be listed separated by spaces.

set as-path prepend last-as <asn>:

Prepends the last AS a specified number of times to the leftmost end of the path.

set atomic-aggregate:

Sets the BGP “atomic aggregate” attribute for the route. This informs BGP peers that some routing information may not be present due to route aggregation.

set community none:

Removes information about BGP Community Lists from the route.

set community <community-value> [additive]:

Sets the BGP community to the supplied list. The optional additive keyword causes the community value to be added to the route without replacing the existing values.

Note

To specify multiple communities, enclose a space-separated list of community values in double quotes. For example: set community "100:200 100:300 100:400"

set comm-list <community-list-name> delete:

Removes specific values from BGP Community Lists lists.

set extcommunity rt <extcommunity-list-name>:

Sets the route target to the given extended community list.

set extcommunity soo <extcommunity-list-name>:

Sets the site of origin for the route to the given extended community list.

set forwarding-address <ipv6-address>:

Sets the OSPF forwarding address for this route to the given IPv6 address.

set ip next-hop <ipv4-address>:

Sets the next-hop for an IPv4 route to this specific address.

set ip next-hop peer-address:

For inbound IPv4 routes received from a neighbor, sets the next-hop to the address of the neighbor. For outgoing routes this is the local address used to establish an adjacency with the neighbor.

set ip next-hop unchanged:

Do not change the next-hop on the route.

set ipv4 vpn next-hop (<ipv4-address>|<ipv6-address>):

Sets IPv4 VPN next-hop address to the given value.

set ipv6 next-hop global <ipv6-address>:

Sets IPv6 next-hop address to the given globally routable IPv6 address.

set ipv6 next-hop local <ipv6-address>:

Sets IPv6 next-hop address to the given link-local IPv6 address.

set ipv6 next-hop peer-address:

For inbound IPv6 routes received from a neighbor, sets the next-hop to the address of the neighbor. For outgoing routes this is the local address used to establish an adjacency with the neighbor.

set ipv6 next-hop prefer-global:

For inbound routes with both a global and link-local next-hop available, prefer to use the global address.

set ipv6 vpn next-hop (<ipv4-address>|<ipv6-address>):

Sets IPv6 VPN next-hop address to the given value.

set large-community none:

Removes information about Large BGP Community Lists from the route.

set large-community <large-community-value> [additive]:

Sets the Large BGP community to the supplied list. The optional additive keyword causes the large community value to be added to the route without replacing the existing values.

set large-comm-list <large-comm-list-name> delete:

Removes specific values from Large BGP Community Lists lists.

set local-preference <preference>:

Sets the BGP local preference for the route to the supplied value.

set metric [+]<metric>:

Sets the MED value for routes. When this router has multiple links to the same AS, the MED value influences which path the router will prefer. The router will prefer to use links with a lower MED value. Adding a + before the metric value will result in a relative adjustment instead of setting an absolute value.

set metric-type (type-1|type-2):

Sets the OSPF6 external metric type for this route. Type 1 metrics consider the internal path as a part of calculations, Type 2 do not.

set origin (egp|igp|unknown):

Sets the origin (source) of a route. It can be one of egp (exterior gateway protocols), igp (interior gateway protocols), or incomplete.

set originator <ipv4-addr>:

Sets the originator ID to the supplied address.

set src <ip-address>:

Sets the route source to the supplied address.

set tag <tag>:

Set a tag value to be matched by another route map rule. This value is an integer from 1-4294967295.

set weight <weight>:

Sets the weight of the route to the supplied value. When a remote AS is reachable via multiple paths through other intermediate AS neighbors, the router will prefer to use a higher weight path to reach it.

Route Map Control Operations

call <rt-map-name>:

Will immediately process the named route map. If the called route map returns deny, then processing is stopped and the route is denied.

on-match next:

Proceeds to the next rule in the route-map

on-match goto <sequence>:

Skips to the rule with the given sequence number in this route map.

Route Map Examples

This example creates a route map to control which routes will be sent to peers via BGP. The first rule prevents any route from sending if it matches entries in the RFC1918 prefix list. The second rule allows routes that match networks listed in the MY-ROUTES prefix list. This ensures that even if other mechanisms would try to export routes to peers, that no routes to private networks are leaked.

tnsr(config)# route dynamic route-map EBGP-OUT
tnsr(config-route-map)# sequence 10
tnsr(config-route-map-rule)# policy deny
tnsr(config-route-map-rule)# match ip address prefix-list RFC1918
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# sequence 20
tnsr(config-route-map-rule)# policy permit
tnsr(config-route-map-rule)# match ip address prefix-list MY-ROUTES
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# exit

This route map is to be used with incoming routes from peers. The first rule prevents routes for local networks from being received and processed. The second rule applies attributes to all other received routes.

tnsr(config)# route dynamic route-map PEERS-IN
tnsr(config-route-map)# sequence 10
tnsr(config-route-map-rule)# policy deny
tnsr(config-route-map-rule)# match ip address prefix-list RFC1918
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# sequence 20
tnsr(config-route-map-rule)# policy permit
tnsr(config-route-map-rule)# set metric 5000
tnsr(config-route-map-rule)# set local-preference 100
tnsr(config-route-map-rule)# set community no-export
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# exit

Route Map Status

To view route maps, use the show route dynamic route-map [name] command. Add the name of a route map to restrict the output to a route map.

tnsr(config)# show route dynamic route-map
route-map EBGP-OUT deny 10
    match ip address prefix-list RFC1918
route-map EBGP-OUT permit 30
    match ip address prefix-list MY-ROUTES
route-map PEERS-IN deny 10
    match ip address prefix-list RFC1918
route-map PEERS-IN permit 20
    set community no-export
    set local-preference 100
    set metric 5000