Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Routing Policy Configuration

You can configure routing policy for RIP, OSPFv2 and BGP in these ways:

Routing Policy Configuration

Description

Configured Using

Inbound Route filters

Restrict or constrain the set of routes accepted by a given routing protocol.

Inbound Route filters are similar to route maps for an import policy.

WebUI

Route Redistribution

Allow routes learned from one routing protocol to be propagated to another routing protocol. It is also useful for advertising static routes, such as the default route, or aggregates into a protocol.

Route Redistribution are similar to route maps for an export policy.

WebUI

Routemaps

Control which routes are accepted and announced. Used to configure inbound route filters, outbound route filters, and to redistribute routes from one protocol to another.

Route maps offer more configuration options than the WebUI options. However, they are not functionally equivalent.

If one or more route maps are assigned to a protocol (for import or export), any corresponding WebUI configuration is ignored.

clish

Related Topics

Configuring Inbound Route Filters - WebUI

Configuring Route Redistribution - WebUI

Configuring Route Maps - CLI (routemap)

Configuring Inbound Route Filters - WebUI

Inbound route filters allow you to restrict or constrain the set of routes accepted by a given routing protocol.

By default, all RIP and OSPF external routes are accepted. BGP requires an explicit policy to accept routes.

The filters let an operator include or exclude ranges of prefixes from the routes that are accepted into RIP, OSPF and BGP. These filters are configured in the same way as the filters for route redistribution.

You can specify two possible actions for each prefix—accept the address into the routing protocol (with a specified rank) or exclude the prefix.

You can specify the type of prefix matching done for filter entries in the following ways:

  • Routes that exactly match the given prefix; that is, have the same network portion and prefix length.
  • Routes that match more specific prefixes but do not include the given prefix. For example, if the filter is 10/8, then any network 10 route with a prefix length greater than 8 matches, but those with a prefix length of 8 do not match.
  • Routes that match more specific prefixes and include the given prefix. For example, if the filter is 10/8, then any network 10 route with a prefix length greater than or equal to 8 matches.
  • Routes that match a given prefix with a prefix length between a given range of prefix lengths. For example, the filter could specify that it match any route in network 10 with a prefix length between 8 and 16.

You can define Inbound route filters only using the WebUI. Inbound route filters are not available in the CLI. However, you can configure the same functionality in the CLI using routemaps.

To configure a policy for OSPF routes:

  1. Go to the Advanced Routing > Inbound Route Filters page of the WebUI.
  2. In the Inbound Route Protocols and BGP Policies section, select OSPF External Routes.
  3. Click Edit.
  4. In the Configure OSPF External All Routes window, select the Action:
    • Options: Accept or Restrict
    • Default: Accept
  5. If you selected Accept, change the Rank:
    • Range: 0-255
    • Default: 150
  6. You can fine tune the policy for OSFP External routes. In the Individual Routes section click Add.

    The Add Route window opens.

To configure a policy for RIP routes:

  1. Go to the Advanced Routing > Inbound Route Filters page of the WebUI.
  2. In the Inbound Route Protocols and BGP Policies section, select RIP Routes.
  3. Click Edit.
  4. In the Configure RIP All Routes window, select the Action:
    • Options: Accept or Restrict
    • Default: Accept
  5. If you selected Accept, change the Rank:
    • Range: 0-255
    • Default: 100
  6. You can fine tune the policy for RIP routes. In the Individual Routes section click Add.

    The Add Route window opens.

To configure a policy for BGP routes:

  1. Go to the Advanced Routing > Inbound Route Filters page of the WebUI.
  2. In the Inbound Route Protocols and BGP Policies section, click Add BGP Policy.

    The Add BGP Policy window opens.

  3. You can fine tune the policy for BGP routes. In the Individual Routes section click Add.

    The Add Route window opens.

    Note - For BGP, no routes are accepted from a peer by default. You must configure an explicit Inbound BGP Route Filter to accept a route from a peer.

Add BGP Policy Window

Parameter

Description

BGP Type:
Based on AS_PATH Regular Expression (1-511)

An autonomous system can control BGP importation. BGP supports propagation control through the use of AS-PATH regular expressions. BGP version 4 supports the propagation of any destination along a contiguous network mask.

BGP Type:
Based on Autonomous System Number (512-1024)

An autonomous system can control BGP importation. BGP can accept routes from different BGP peers based on the peer AS number.

Import ID

The order in which the import lists are applied to each route.

  • Range for BGP Type based on AS_PATH Regular Expression: 1-511
  • Range for BGP Type based on Autonomous System Number: 512-1024
  • Default: No default

AS Number

Autonomous system number of the peer AS.

  • Range: 0-65535

AS-PATH Regular Expression

The following definitions describe how to create regular expressions.

AS-PATH operators are one of the following:

  • aspath_term (m n)
    A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions.
  • aspath_term m
    A regular expression followed by m, where m is a positive integer and means exactly m repetitions.
  • aspath_term (m)
    A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions.
  • aspath_term *
    A regular expression followed by *, which means zero or more repetitions.
  • aspath_term +
    A regular expression followed by +, which means one or more repetitions.
  • aspath_term ?
    A regular expression followed by ?, which means zero or one repetition.
  • aspath_term | aspath_term
    Match either the AS term on the left or the AS term on the right of the pipe.

Origin

The completeness of AS-PATH information.

  • Any -
  • IGP - A route was learned from an interior routing protocol and is probably complete.
  • EGP - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
  • Incomplete - The path information is incomplete.
  • Options: Any / IGP / EGP / Incomplete
  • Default: No default

Weight

BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.

  • Range: 0-65535
  • Default: No default

Local Pref.

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

  • Range: 0-65535. Larger values are preferred
  • Default: No default

All Routes: Action

Whether the routing protocol should accept or restrict the All Routes route, equivalent to 0.0.0.0/0, from the given AS-Path or AS. If set to Accept, you can specify a Rank for all routes.

  • Options: Accept / Restrict
  • Default: Restrict

All Routes: Rank

If All Routes: Action is set to Accept, you can specify a Rank for all routes.

  • Range: 0 - 65535
  • Default: no default.

Fine Tuning Policies

To fine tune your OSPF, RIP or BGP Policy:

  1. Specify which routes should be filtered by:
    • IP address
    • Subnet mask
    • Match type
    • Optional: Parameters that depend on the match type. For routes that match a filter, you can select Accept or Restrict. If the route is accepted, you can specify its rank.
  2. Specify what actions to perform on a route if it matches the route filter.

Do these steps by configuring the parameters in the Add Route window.

Add Route Window

Parameter

Description

Protocol

The protocol for which you want to create the inbound route filter.

Address

Subnet mask

A baseline route that specifies a route filter. This route is the specified route in the context of a single route filter.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.
  • Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Weight

BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.

  • Range: 0-65535
  • Default: No default

Local Pref

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

  • Range: 0-65535. Larger values are preferred
  • Default: No default

Configuring Route Redistribution - WebUI

Route redistribution allows routes learned from one routing protocol to be propagated to another routing protocol. This is necessary when routes from one protocol such as RIP, OSPF, or BGP need to be advertised into another protocol. Route redistribution is also useful for advertising static routes, such as the default route, or aggregates into a protocol.

You can define Route Redistribution only using the WebUI. Route Redistribution is not available in clish. To configure Route Redistribution using the CLI use routemaps.

To Configure Route Redistribution

  1. Go to the Advanced Routing > Route Redistribution page of the WebUI.
  2. In the relevant section:
    • To add a redistributed route, click Add.
    • To edit a redistributed route, select it and click Edit.

Redistributed Interfaces

Parameter

Description

To Protocol

The destination protocol.

From Interface

The interface from which to distribute the routes

Metric

The cost of the created routes in the destination protocol.

Redistributed Static Routes

Parameter

Description

To Protocol

The destination protocol.

From Static Route

The static route to be distributed to the protocol

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

Redistributed Aggregate Routes

Parameter

Description

To Protocol

Redistribute all active aggregate routes into the selected protocol.

From Aggregate Route

The aggregate route to be distributed to the protocol

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

Redistributed RIP Routes

Parameter

Description

To Protocol

The destination protocol.

All RIP Routes

Choose which RIP routes to redistribute into the To Protocol.

  • Options:
    • Select - All active RIP routes.
    • Clear - The RIP routes that match the From Address, Subnet Mask and Matchtype filter.
  • Default: Cleared

From Address

The network for the destination to redistribute.

  • Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

  • Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.
  • Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Redistributed OSPF2 Routes

Parameter

Description

To Protocol

The destination protocol.

All OSPF2 Routes

Choose which OSPFv2 routes to redistribute into the To Protocol.

  • Options:
    • Select - All active OSPFv2 routes.
    • Clear - The OSPFv2 routes that match the From Address, Subnet Mask and Matchtype filter.
  • Default: Cleared

From Address

The network for the destination to redistribute.

  • Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

  • Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.
  • Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

Redistributed OSPF2 External Routes

Parameter

Description

To Protocol

The destination protocol.

All OSPF2 Ex Routes

Choose which OSPFv2 External routes to redistribute into the To Protocol.

  • Options:
    • Select - All active OSPFv2 External routes.
    • Clear - The OSPFv2 External routes that match the From Address, Subnet Mask and Matchtype filter.
  • Default: Cleared

From Address

The network for the destination to redistribute.

  • Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

  • Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.
  • Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

Redistributed BGP AS Path Routes

Parameter

Description

To Protocol

The destination protocol.

AS Path RegEx

The following definitions describe how to create regular expressions.

AS-PATH operators are one of the following:

  • aspath_term (m n)
    A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions.
  • aspath_term m
    A regular expression followed by m, where m is a positive integer and means exactly m repetitions.
  • aspath_term (m)
    A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions.
  • aspath_term *
    A regular expression followed by *, which means zero or more repetitions.
  • aspath_term +
    A regular expression followed by +, which means one or more repetitions.
  • aspath_term ?
    A regular expression followed by ?, which means zero or one repetition.
  • aspath_term | aspath_term
    Match either the AS term on the left or the AS term on the right of the pipe.

Origin

The completeness of AS-PATH information.

  • Any -
  • IGP - A route was learned from an interior routing protocol and is probably complete.
  • EGP - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
  • Incomplete - The path information is incomplete.
  • Options: Any / IGP / EGP / Incomplete
  • Default: No default

All Routes

Choose which BGP AS Path routes to redistribute into the To Protocol.

  • Options:
    • Select - All active BGP AS Path routes.
    • Clear - The BGP AS Path routes that match the From Address, Subnet Mask and Matchtype filter.
  • Default: Cleared

From Address

The network for the destination to redistribute.

  • Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

  • Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.

Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Redistributed BGP AS Routes

Parameter

Description

To Protocol

The destination protocol.

From BGP AS

The BGP AS routes to be distributed to the protocol

All Routes

Choose which BGP AS routes to redistribute into the To Protocol.

  • Options:
    • Select - All active BGP AS routes.
    • Clear - The BGP AS routes that match the From Address, Subnet Mask and Matchtype filter.
  • Default: Cleared

From Address

The network for the destination to redistribute.

  • Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

  • Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

  • Normal - matches any route that equals the specified route or is more specific than the specified route.
  • Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
  • Refines - matches a route only if it is more specific than the specified route.
  • Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.
  • Options: Normal, Exact, Refines, Range.
  • Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

  • Options: Accept, Restrict.
  • Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Redistribute BGP Default Routes

Parameter

Description

To Protocol

The destination protocol.

Redistribute All

Choose which BGP default routes to redistribute into the To Protocol.

  • Options:
    • Select - All active BGP default routes.
    • Clear - The BGP Default routes that match the BGP Redistribution Settings
  • Default: Cleared

Metric

The cost of the created routes in the destination protocol.

BGP Redistribution Settings

Parameter

Description

To Protocol

The destination protocol.

MED

BGP 4 metrics (Multi-Exit Discriminator or MED) are 32-bit unsigned quantities (that is they range from 0 to 4294967295 inclusive, with 0 being the most attractive). If the metric is specified as IGP, any existing metric on the route is sent as the MED. This setting can allow, for example, OSPF costs to be exported as BGP MEDs. Note: If this capability is used, any change in the metric causes a new BGP update.

The MED is a metric that defines the cost of using this route. The range of values is 1 to 16.

Local Preference

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

  • Range: 0-65535. Larger values are preferred
  • Default: No default

Configuring Route Maps - CLI (routemap)

Each route map includes a list of match criteria and set statements. You can apply route maps to inbound, outbound, or redistribution routes. Routes are compared to the match criteria, and all the actions specified in the set criteria are applied to those routes which meet all the match conditions. You can specify the match conditions in any order. If you do not specify any match conditions in a route map, the route map matches all routes.

You define route maps, then assign them to protocols for export or import policy for that protocol. Route maps take precedence over WebUI based configuration.

To create a route map, use CLI commands to specify a set of criteria that must be matched for the command to take effect. If the criteria are matched, then the system executes the actions you specify. A route map is identified by name and an identifying number, an Allow or Restrict clause, and a collection of match and set statements.

There can be more than one instance of a route map (same name, different ID). The lowest numbered instance of a route map is checked first. Route map processing stops when either all the match criteria of some instance of the route map are satisfied, or all the instances of the particular route map are exhausted. If the match criteria are satisfied, the actions in the set section are performed.

Routing protocols can use more than one route map when you specify distinct preference values for each. The appropriate route map with lowest preference value is checked first.

Set Routemap Commands

To set a route map:

set routemap rm_name id <1-65535>
	<off|on>
	allow
	inactive
	restrict

Parameter

Description

routemap rm_name

The name of the routemap.

id <1-65535>

The ID of the routemap. You can enter the keyword default or the default value 10.

<off|on>

  • on to create a routemap,
  • off to delete a routemap.

allow

Allow routes that match the routemap.

inactive

Temporarily disable a routemap. To activate the routemap, use the allow or restrict arguments.

restrict

Routes that match the routemap are not allowed.

To specify actions for a routemap:

Note - Some statements affect only a particular protocol.
The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.

set routemap rm_name id id_number action
	aspath-prepend-count <1-25>
	community <append | replace | delete> [on|off]
	community <1-65535> as <1-65535> [on|off]
	community no-export [on|off]
	community no-advertise [on|off]
	community no-export-subconfed [on|off]
	community none [on|off]
	localpref <1-65535>
	metric <add|subtract> <1-16>
	metric igp [<add | subtract>] <1-4294967295>
	metric value <1-4294967295>
	nexthop <ip ipv4_address>
	precedence <1-65535>
	preference <1-65535>
	route-type <type-1 | type-2>
	remove action_name
	ospfautomatictag tag
	ospfmanualtag tag
	riptag tag

Parameter

Description

routemap rm_name

Specifies the name of the routemap.

id id_number

Specifies the ID of the routemap. You can enter the keyword default or the default value 10.

aspath-prepend-count

Specifies to affix AS numbers at the beginning of the AS path. It indicates the number of times the local AS number should be prepended to the ASPATH before sending out an update. BGP only.

community <append | replace | delete> [on|off]

Operate on a BGP community string. A community string can be formed using multiple community action statements. You can specify keywords append, replace, or delete for the kind of operation to be performed using the community string. The default operation is append. BGP only.

community <1-65535> as <1-65535> [on|off]

Specifies a BGP community value.

community no-export [on|off]

Routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone autonomous system that is not part of a confederation should be considered a confederation itself)

community no-advertise [on|off]

Routes received that carry a communities attribute containing this value must not be advertised to other BGP peers.

community no-export-subconfed [on|off]

All routes received carrying a communities attribute containing this value MUST NOT be advertised to external BGP peers (this includes peers inside a BGP confederation that belong to the autonomous systems of other members).

community none [on|off]

In action statement, this statement makes sense only if used with replace. This deletes all communities associated with a route so that the route has no communities associated with it. Using it with append or delete would be a no-operation.

The CLI returns an error if you turn "none" on and other community values already defined or if "none" is defined and you add some other community value.

localpref <1-65535>

Set the local preference for BGP route. BGP only.

metric [<add|subtract>]
<1-16>

Add to or subtract from the metric value. RIP only.

metric igp [<add | subtract>
<1-4294967295>]

Set metric to IGP metric value or add to or subtract from the IGP metric value. RIP only.

metric value
<1-4294967295>

Set the metric value. For RIP the metric is metric, for OSPF the metric is cost, and for BGP the metric is MED.

nexthop
<ip ipv4_address>

Set IPv4 Nexthop Address. BGP only.

Note: The ipv6 address should not be a link-local address.

precedence <1-65535>

Sets the rank of the route. Precedence works across protocols. Use this setting to bias routes of one protocol over the other. The lower value has priority.

preference <1-65535>

Applies only to BGP. This is equivalent to the bgp weight (in Cisco terms) of the route. However, unlike Cisco, the route with lower value will be preferred. This value is only relevant for the local router.

route-type
<type-1 | type-2>

Type of OSPF external route. The metric type of AS External route is set to the specified value. Only applies to routes redistributed to OSPF.

remove action_name

Remove the specified action from the routemap. For community, it removes all community statements. Allowed values for action_name are:

aspath-regex
community
ifaddress
interface
metric
neighbor
network
nexthop
protocol
route-type

ospfautomatictag tag

Creates an automatic OSPF route tag.

ospfmanualtag tag

Creates a manual OSPF route tag.

riptag tag

Creates a RIP route tag.

To specify the criteria that must be matched for the routemap to take effect:

Note - Some statements affect only a particular protocol.
The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.

set routemap rm_name id <1-65535> match
	as <1-65535> [on | off]
	aspath-regex ["regular_expression" | empty] origin 	<any | igp | incomplete>
	community <1-65535> as <1-65535> [on|off]
	community exact [on|off]
	community no-export [on|off]
	community no-advertise [on|off]
	community no-export-subconfed [on|off]
	community none [on|off]
	ifaddress IPv4_addr [on | off]
	interface interface_name [on | off]
	metric value <1-4294967295>
	neighbor IPv4_addr [on | off]
	network IPv4_network / masklength 
<all | exact | off | refines>
	network<IPv4_network / masklength between masklength and masklength
	nexthop IPv4_addr [on | off]
	protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>
	route-type <type-1 | type-2 | inter-area | intra-area> [on | off]
	remove match_condition_name

Parameter

Description

as <1-65535> [on | off]

Match the specified autonomous system number with the AS number of a BGP peer. For BGP only.

aspath-regex ["<regular-expression>" | empty] origin <any | igp | incomplete>

Match the specified aspath regular expression. For BGP only.

Note: Enter the regular expression in quotation marks. Use the empty keyword to match a null ASpath.

community <1-65535> as <1-65535> [on|off]

Specify the BGP community value.

community exact [on|off]

Specify that the communities present in the route must exactly match all the communities in the routemap. In absence of the exact clause, the route can have other community values associated with it in addition to the ones contained in the routemap. You can have multiple community statements in a route map to form a community string.

community no-export [on|off]

All routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone AS that is not part of a confederation should be considered a confederation itself).

community no-advertise [on|off]

All routes received carrying a communities attribute containing this value must not be advertised to other BGP peers.

community no-export-subconfed [on|off]

All routes received carrying a communities attribute containing this value must not be advertised to external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation).

community none [on|off]

Matches an empty community string, i.e. a route which does not have any communities associated with it.

The CLI returns an error if you turn "none" on and other community values already defined, or if "none" is defined and you add some other community value.

ifaddress IPv4_addr [on | off]

Match the specified interface address. There can be multiple if address statements.

interface interface_name [on | off]

Match the route if the nexthop lies on the specified interface name. There can be multiple interface statements.

metric value
<1-4294967295>

Match the specified metric value.

neighbor IPv4_addr [on | off]

Match the neighbors IP address. BGP or RIP. There can be multiple neighbor statements.

network IPv4_network / masklength

Use with the following keywords:

all: Match all networks belonging to this prefix and masklength. This is a combination of exact and refines.

between masklength and masklength: Specify a range of masklengths to be accepted for the specified prefix.

exact: Match prefix exactly.

off: Delete the network match statement.

refines: Match networks with more specific mask lengths only. Matches only subnets.

There can be multiple network match statements in a route map.

nexthop IPv4_addr [on | off]

Match the specified nexthop address.

protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>

Match the specified protocol. Use this for route redistribution.

route-type <type-1 | type-2 | inter-area | intra-area> [on|off]

As a match statement in routemap for export policy, it can be used by any protocol to redistribute OSPF routes. If route-type of inter-area or intra-area is specified, the protocol match condition should be set to ospf2 and if route-type of type-1 or type-2 is specified, then protocol match condition should be set to ospf2ase.

While exporting OSPF ASE routes to other protocol, if metric match condition is set but route-type match condition is not set, it will try to match the metric value for both type-1 and type-2 routes.

There can be multiple route-type match statements.

remove match_condition_name

Remove the specified match condition from the routemap. For match conditions which can have multiple match statements (such as network, neighbor), this argument removes all of them.

Show Routemap Commands

show routemap rm_name <all | id VALUE>
show routemaps

Routemap Protocol Commands

To assign routemaps to protocols:

The preference value specifies which order the protocol will use each routemap.

set <ospf | rip > 
	export-routemap rm_name preference VALUE on
	import-routemap rm_name preference VALUE on

To turn a routemap off:

set <ospf | rip > 
export-routemap rm_name off
	import-routemap rm_name off

To view routemaps assigned to protocols:

show <ospf | rip> routemap

To set BGP routemaps for export and import policies:

set bgp external remote-as <1-65535> export-routemap rm_name 
   off 
   preference <1-65535> [family inet] on
 
set bgp external remote-as <1-65535> import-routemap rm_name 
   off
   preference <1-65535> [family inet] on
 
set bgp internal export-routemap rm_name
   off
   preference <1-65535> [family inet] on
 
set bgp internal import-routemap rm_name
   off
   preference <1-65535> [family inet] on
 
show bgp routemap

Note - You cannot use routemaps in BGP confederations. To configure route filters and redistribution for BGP confederations, use the Inbound Route Filters and Route Redistribution pages in the WebUI.

Supported Route Map Statements by Protocol

Some statements affect only a particular protocol, for example, matching the Autonomous System Number is applicable only to BGP. If such a condition is in a routemap used by OSPF, the match condition is ignored. Any non-applicable match conditions or actions are ignored and processing is done as if they do not exist. A log message is generated in /var/log/messages for any such statements.

Note - The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.

RIP

  • Import Match conditions: Neighbor, Network, Interface, Ifaddress, Metric, Neighbor, Nexthop.
  • Import Actions: Precedence, Metric Add/Subtract
  • Export Match conditions when exporting from RIP - Interface, Ifaddress, Metric, Network, Nexthop
  • Export Match Conditions when redistributing using Protocol match: According to the protocol from which route is being redistributed.
  • Export Actions when exporting from RIP - Metric Add/Subtract
  • Export Actions when redistributing - Metric Set

OSPFv2

  • Import Match conditions: Network (Route Prefix)
  • Import Actions: Precedence
  • Export Match conditions when other protocols redistribute OSPF routes: Network, Interface, Ifaddress, Metric, Route-type, Nexthop
  • Export Match conditions when OSPF redistributes routes from other protocols: Conditions supported by that protocol
  • Export Actions when redistributing to AS External: Metric, Route-type

BGP

When you do initial configuration, set the router ID. You can also use the following commands to change the router ID.

set  router‑id default
set  router‑id ip_address

Parameter

Description

default

Selects the highest interface address when OSPF is enabled.

ip_address

The Router ID uniquely identifies the router in the autonomous system. The router ID is used by the BGP and OSPF protocols. We recommend setting the router ID rather than relying on the default setting. This prevents the router ID from changing if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1). In a cluster, you must select a router ID and make sure that it is the same on all cluster members.

  • Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0
  • Default: The interface address of one of the local interfaces.

Use the following group of commands to set and view parameters for BGP.

set as as_number
set as off

Parameter

Description

as as_number

The local autonomous system number of the router. This number is mutually exclusive from the confederation and routing domain identifier. The router can be configured with either the autonomous system number or confederation number, not both.

Caution: When you change the autonomous system number, all current peer sessions are reset and all BGP routes are deleted.

as off

Disables the configured local autonomous system number.

Redistributing Static, Interface, or Aggregate Routes

When redistributing static routes into BGP, OSPFv2 or RIP the following match conditions are supported:

  • Network Prefix,
  • Nexthop
  • Interface
  • Ifaddress
  • Protocol (proto = static)

When redistributing interface/direct routes into BGP, OSPFv2 or RIP the following match conditions are supported:

  • Network Prefix
  • Interface
  • Ifaddress
  • Protocol (proto = direct)

When redistributing aggregate routes into BGP, OSPFv2 or RIP the following match conditions are supported:

  • Network Prefix
  • Protocol (proto = aggregate)

Route Map Examples

Example 1

Redistribute interface route for eth3c0 into ospf, and set the ospf route-type to AS type-2 with cost 20.

set routemap direct-to-ospf id 10 on
set routemap direct-to-ospf id 10 match interface eth3c0
set routemap direct-to-ospf id 10 match protocol direct
set routemap direct-to-ospf id 10 action route-type type-2
set routemap direct-to-ospf id 10 action metric value 20
 
set ospf export-routemap direct-to-ospf preference 1 on

Example 2

Do not accept routes from RIP neighbor 192.0.2.3, accept routes from neighbor 192.0.2.4 as is, and for all other routes increment the metric by 2.

set routemap rip-in id 10 on
set routemap rip-in id 10 restrict
set routemap rip-in id 10 match neighbor 192.0.2.3
 
set routemap rip-in id 15 on
set routemap rip-in id 15 match neighbor 192.0.2.4
 
set routemap rip-in id 20 on
set routemap rip-in id 20 action metric add 2
 
set rip import-routemap rip-in preference 1 on

Example 3

Redistribute all static routes into BGP AS group 400. Set the MED value to 100, prepend our AS number to the aspath 4 times. If the route belongs to the prefix 192.0.2.0/8, do not redistribute. Send all BGP routes whose aspath matches the regular expression (100 200+) and set the MED value to 200.

set routemap static-to-bgp id 10 on
set routemap static-to-bgp id 10 restrict
set routemap static-to-bgp id 10 match protocol static
set routemap static-to-bgp id 10 match network 192.0.2.0/8 all
 
set routemap static-to-bgp id 15 on
set routemap static-to-bgp id 15 match protocol static
set routemap static-to-bgp id 15 action metric 100
set routemap static-to-bgp id 15 action aspath-prepend-count 4
 
set routemap bgp-out id 10 on
set routemap bgp-out id 10 match aspath-regex "(100 200+)" origin any
set routemap bgp-out id 10 action metric 200
 
set bgp external remote-as 400 export-routemap bgp-out preference 1 family inet on
set bgp external remote-as 400 export-routemap static-to-bgp preference 2 family inet on

Note - There is no need for a match protocol statement for routes belonging to the same protocol.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print