Routing Policy Configuration

Inbound Route filters

Restrict or constrain the set of routes accepted by a given routing protocol.

Inbound Route filters are similar to route maps for an import policy.

WebUI

Route Redistribution

Allow routes learned from one routing protocol to be propagated to another routing protocol. It is also useful for advertising static routes, such as the default route, or aggregates into a protocol.

Route Redistribution are similar to route maps for an export policy.

WebUI

Routemaps

Control which routes are accepted and announced. Used to configure inbound route filters, outbound route filters, and to redistribute routes from one protocol to another.

Route maps offer more configuration options than the WebUI options. However, they are not functionally equivalent.

If one or more route maps are assigned to a protocol (for import or export), any corresponding WebUI configuration is ignored.

clish

BGP Type:
Based on AS_PATH Regular Expression (1-511)

An autonomous system can control BGP importation. BGP supports propagation control through the use of AS-PATH regular expressions. BGP version 4 supports the propagation of any destination along a contiguous network mask.

BGP Type:
Based on Autonomous System Number (512-1024)

An autonomous system can control BGP importation. BGP can accept routes from different BGP peers based on the peer AS number.

Import ID

The order in which the import lists are applied to each route.

• Range for BGP Type based on AS_PATH Regular Expression: 1-511
• Range for BGP Type based on Autonomous System Number: 512-1024
• Default: No default

AS Number

Autonomous system number of the peer AS.

• Range: 0-65535

AS-PATH Regular Expression

The following definitions describe how to create regular expressions.

AS-PATH operators are one of the following:

• aspath_term (m n)
  A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions.
• aspath_term m
  A regular expression followed by m, where m is a positive integer and means exactly m repetitions.
• aspath_term (m)
  A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions.
• aspath_term *
  A regular expression followed by *, which means zero or more repetitions.
• aspath_term +
  A regular expression followed by +, which means one or more repetitions.
• aspath_term ?
  A regular expression followed by ?, which means zero or one repetition.
• aspath_term | aspath_term
  Match either the AS term on the left or the AS term on the right of the pipe.

Origin

The completeness of AS-PATH information.

• Any -
• IGP - A route was learned from an interior routing protocol and is probably complete.
• EGP - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
• Incomplete - The path information is incomplete.

• Options: Any / IGP / EGP / Incomplete
• Default: No default

Weight

BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.

• Range: 0-65535
• Default: No default

Local Pref.

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

• Range: 0-65535. Larger values are preferred
• Default: No default

All Routes: Action

Whether the routing protocol should accept or restrict the All Routes route, equivalent to 0.0.0.0/0, from the given AS-Path or AS. If set to Accept, you can specify a Rank for all routes.

• Options: Accept / Restrict
• Default: Restrict

All Routes: Rank

If All Routes: Action is set to Accept, you can specify a Rank for all routes.

• Range: 0 - 65535
• Default: no default.

Protocol

The protocol for which you want to create the inbound route filter.

Address

Subnet mask

A baseline route that specifies a route filter. This route is the specified route in the context of a single route filter.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.
• Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Weight

BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.

• Range: 0-65535
• Default: No default

Local Pref

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

• Range: 0-65535. Larger values are preferred
• Default: No default

To Protocol

The destination protocol.

From Interface

The interface from which to distribute the routes

Metric

The cost of the created routes in the destination protocol.

To Protocol

The destination protocol.

From Static Route

The static route to be distributed to the protocol

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

To Protocol

Redistribute all active aggregate routes into the selected protocol.

From Aggregate Route

The aggregate route to be distributed to the protocol

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

To Protocol

The destination protocol.

All RIP Routes

Choose which RIP routes to redistribute into the To Protocol.

• Options:
  • Select - All active RIP routes.
  • Clear - The RIP routes that match the From Address, Subnet Mask and Matchtype filter.
• Default: Cleared

From Address

The network for the destination to redistribute.

• Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

• Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.
• Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Metric

The cost of the created routes in the destination protocol.

To Protocol

The destination protocol.

All OSPF2 Routes

Choose which OSPFv2 routes to redistribute into the To Protocol.

• Options:
  • Select - All active OSPFv2 routes.
  • Clear - The OSPFv2 routes that match the From Address, Subnet Mask and Matchtype filter.
• Default: Cleared

From Address

The network for the destination to redistribute.

• Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

• Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.
• Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

To Protocol

The destination protocol.

All OSPF2 Ex Routes

Choose which OSPFv2 External routes to redistribute into the To Protocol.

• Options:
  • Select - All active OSPFv2 External routes.
  • Clear - The OSPFv2 External routes that match the From Address, Subnet Mask and Matchtype filter.
• Default: Cleared

From Address

The network for the destination to redistribute.

• Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

• Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.
• Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Metric

The cost of the created routes in the destination protocol.

Note - This is mandatory when configuring redistributions to RIP.

To Protocol

The destination protocol.

AS Path RegEx

The following definitions describe how to create regular expressions.

AS-PATH operators are one of the following:

• aspath_term (m n)
  A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions.
• aspath_term m
  A regular expression followed by m, where m is a positive integer and means exactly m repetitions.
• aspath_term (m)
  A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions.
• aspath_term *
  A regular expression followed by *, which means zero or more repetitions.
• aspath_term +
  A regular expression followed by +, which means one or more repetitions.
• aspath_term ?
  A regular expression followed by ?, which means zero or one repetition.
• aspath_term | aspath_term
  Match either the AS term on the left or the AS term on the right of the pipe.

Origin

The completeness of AS-PATH information.

• Any -
• IGP - A route was learned from an interior routing protocol and is probably complete.
• EGP - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
• Incomplete - The path information is incomplete.

• Options: Any / IGP / EGP / Incomplete
• Default: No default

All Routes

Choose which BGP AS Path routes to redistribute into the To Protocol.

• Options:
  • Select - All active BGP AS Path routes.
  • Clear - The BGP AS Path routes that match the From Address, Subnet Mask and Matchtype filter.
• Default: Cleared

From Address

The network for the destination to redistribute.

• Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

• Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.

Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Metric

The cost of the created routes in the destination protocol.

To Protocol

The destination protocol.

From BGP AS

The BGP AS routes to be distributed to the protocol

All Routes

Choose which BGP AS routes to redistribute into the To Protocol.

• Options:
  • Select - All active BGP AS routes.
  • Clear - The BGP AS routes that match the From Address, Subnet Mask and Matchtype filter.
• Default: Cleared

From Address

The network for the destination to redistribute.

• Range: IP address format.

Subnet mask

The subnet mask for the destination to redistribute.

• Default: the mask of the specified route.

Matchtype

The routes that are filtered for the From Address and Subnet mask. These are the ways to compare other routes against it:

• Normal - matches any route that equals the specified route or is more specific than the specified route.
• Exact - matches a route only if it equals the From Address and Subnet mask of the specified route.
• Refines - matches a route only if it is more specific than the specified route.
• Range - matches any route whose Ip prefix equals the specified route's From Address and whose Subnet Mask falls within the specified Subnet Mask length range.

• Options: Normal, Exact, Refines, Range.
• Default: Normal.

Action

What to do with the routes that match the filter that is defined by the From Address, Subnet mask and Matchtype.

• Options: Accept, Restrict.
• Default: Accept.

Metric

The cost of the created routes in the destination protocol.

To Protocol

The destination protocol.

Redistribute All

Choose which BGP default routes to redistribute into the To Protocol.

• Options:
  • Select - All active BGP default routes.
  • Clear - The BGP Default routes that match the BGP Redistribution Settings
• Default: Cleared

Metric

The cost of the created routes in the destination protocol.

To Protocol

The destination protocol.

MED

BGP 4 metrics (Multi-Exit Discriminator or MED) are 32-bit unsigned quantities (that is they range from 0 to 4294967295 inclusive, with 0 being the most attractive). If the metric is specified as IGP, any existing metric on the route is sent as the MED. This setting can allow, for example, OSPF costs to be exported as BGP MEDs. Note: If this capability is used, any change in the metric causes a new BGP update.

The MED is a metric that defines the cost of using this route. The range of values is 1 to 16.

Local Preference

The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.

Note: Do not use the local preference parameter when importing BGP.

The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.

• Range: 0-65535. Larger values are preferred
• Default: No default

set routemap rm_name id <1-65535>

	<off|on>

	allow

	inactive

	restrict

routemap rm_name

The name of the routemap.

id <1-65535>

The ID of the routemap. You can enter the keyword default or the default value 10.

<off|on>

• on to create a routemap,
• off to delete a routemap.

allow

Allow routes that match the routemap.

inactive

Temporarily disable a routemap. To activate the routemap, use the allow or restrict arguments.

restrict

Routes that match the routemap are not allowed.

set routemap rm_name id id_number action

	aspath-prepend-count <1-25>

	community <append | replace | delete> [on|off]

	community <1-65535> as <1-65535> [on|off]

	community no-export [on|off]

	community no-advertise [on|off]

	community no-export-subconfed [on|off]

	community none [on|off]

	localpref <1-65535>

	metric <add|subtract> <1-16>

	metric igp [<add | subtract>] <1-4294967295>

	metric value <1-4294967295>

	nexthop <ip ipv4_address>

	precedence <1-65535>

	preference <1-65535>

	route-type <type-1 | type-2>

	remove action_name

	ospfautomatictag tag

	ospfmanualtag tag

	riptag tag

routemap rm_name

Specifies the name of the routemap.

id id_number

Specifies the ID of the routemap. You can enter the keyword default or the default value 10.

aspath-prepend-count

Specifies to affix AS numbers at the beginning of the AS path. It indicates the number of times the local AS number should be prepended to the ASPATH before sending out an update. BGP only.

community <append | replace | delete> [on|off]

Operate on a BGP community string. A community string can be formed using multiple community action statements. You can specify keywords append, replace, or delete for the kind of operation to be performed using the community string. The default operation is append. BGP only.

community <1-65535> as <1-65535> [on|off]

Specifies a BGP community value.

community no-export [on|off]

Routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone autonomous system that is not part of a confederation should be considered a confederation itself)

community no-advertise [on|off]

Routes received that carry a communities attribute containing this value must not be advertised to other BGP peers.

community no-export-subconfed [on|off]

All routes received carrying a communities attribute containing this value MUST NOT be advertised to external BGP peers (this includes peers inside a BGP confederation that belong to the autonomous systems of other members).

community none [on|off]

In action statement, this statement makes sense only if used with replace. This deletes all communities associated with a route so that the route has no communities associated with it. Using it with append or delete would be a no-operation.

The CLI returns an error if you turn "none" on and other community values already defined or if "none" is defined and you add some other community value.

localpref <1-65535>

Set the local preference for BGP route. BGP only.

metric [<add|subtract>]
<1-16>

Add to or subtract from the metric value. RIP only.

metric igp [<add | subtract>
<1-4294967295>]

Set metric to IGP metric value or add to or subtract from the IGP metric value. RIP only.

metric value
<1-4294967295>

Set the metric value. For RIP the metric is metric, for OSPF the metric is cost, and for BGP the metric is MED.

nexthop
<ip ipv4_address>

Set IPv4 Nexthop Address. BGP only.

Note: The ipv6 address should not be a link-local address.

precedence <1-65535>

Sets the rank of the route. Precedence works across protocols. Use this setting to bias routes of one protocol over the other. The lower value has priority.

preference <1-65535>

Applies only to BGP. This is equivalent to the bgp weight (in Cisco terms) of the route. However, unlike Cisco, the route with lower value will be preferred. This value is only relevant for the local router.

route-type
<type-1 | type-2>

Type of OSPF external route. The metric type of AS External route is set to the specified value. Only applies to routes redistributed to OSPF.

remove action_name

Remove the specified action from the routemap. For community, it removes all community statements. Allowed values for action_name are:

aspath-regex
community
ifaddress
interface
metric
neighbor
network
nexthop
protocol
route-type

ospfautomatictag tag

Creates an automatic OSPF route tag.

ospfmanualtag tag

Creates a manual OSPF route tag.

riptag tag

Creates a RIP route tag.

set routemap rm_name id <1-65535> match

	as <1-65535> [on | off]

	aspath-regex ["regular_expression" | empty] origin 	<any | igp | incomplete>

	community <1-65535> as <1-65535> [on|off]

	community exact [on|off]

	community no-export [on|off]

	community no-advertise [on|off]

	community no-export-subconfed [on|off]

	community none [on|off]

	ifaddress IPv4_addr [on | off]

	interface interface_name [on | off]

	metric value <1-4294967295>

	neighbor IPv4_addr [on | off]

	network IPv4_network / masklength 
	<all | exact | off | refines>

	network<IPv4_network / masklength between masklength and masklength

	nexthop IPv4_addr [on | off]

	protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>

	route-type <type-1 | type-2 | inter-area | intra-area> [on | off]

	remove match_condition_name

as <1-65535> [on | off]

Match the specified autonomous system number with the AS number of a BGP peer. For BGP only.

aspath-regex ["<regular-expression>" | empty] origin <any | igp | incomplete>

Match the specified aspath regular expression. For BGP only.

Note: Enter the regular expression in quotation marks. Use the empty keyword to match a null ASpath.

community <1-65535> as <1-65535> [on|off]

Specify the BGP community value.

community exact [on|off]

Specify that the communities present in the route must exactly match all the communities in the routemap. In absence of the exact clause, the route can have other community values associated with it in addition to the ones contained in the routemap. You can have multiple community statements in a route map to form a community string.

community no-export [on|off]

All routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone AS that is not part of a confederation should be considered a confederation itself).

community no-advertise [on|off]

All routes received carrying a communities attribute containing this value must not be advertised to other BGP peers.

community no-export-subconfed [on|off]

All routes received carrying a communities attribute containing this value must not be advertised to external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation).

community none [on|off]

Matches an empty community string, i.e. a route which does not have any communities associated with it.

The CLI returns an error if you turn "none" on and other community values already defined, or if "none" is defined and you add some other community value.

ifaddress IPv4_addr [on | off]

Match the specified interface address. There can be multiple if address statements.

interface interface_name [on | off]

Match the route if the nexthop lies on the specified interface name. There can be multiple interface statements.

metric value
<1-4294967295>

Match the specified metric value.

neighbor IPv4_addr [on | off]

Match the neighbors IP address. BGP or RIP. There can be multiple neighbor statements.

network IPv4_network / masklength

Use with the following keywords:

all: Match all networks belonging to this prefix and masklength. This is a combination of exact and refines.

between masklength and masklength: Specify a range of masklengths to be accepted for the specified prefix.

exact: Match prefix exactly.

off: Delete the network match statement.

refines: Match networks with more specific mask lengths only. Matches only subnets.

There can be multiple network match statements in a route map.

nexthop IPv4_addr [on | off]

Match the specified nexthop address.

protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>

Match the specified protocol. Use this for route redistribution.

route-type <type-1 | type-2 | inter-area | intra-area> [on|off]

As a match statement in routemap for export policy, it can be used by any protocol to redistribute OSPF routes. If route-type of inter-area or intra-area is specified, the protocol match condition should be set to ospf2 and if route-type of type-1 or type-2 is specified, then protocol match condition should be set to ospf2ase.

While exporting OSPF ASE routes to other protocol, if metric match condition is set but route-type match condition is not set, it will try to match the metric value for both type-1 and type-2 routes.

There can be multiple route-type match statements.

remove match_condition_name

Remove the specified match condition from the routemap. For match conditions which can have multiple match statements (such as network, neighbor), this argument removes all of them.

show routemap rm_name <all | id VALUE>

show routemaps

set <ospf | rip > 

	export-routemap rm_name preference VALUE on

	import-routemap rm_name preference VALUE on

set <ospf | rip > 
	export-routemap rm_name off

	import-routemap rm_name off

show <ospf | rip> routemap

set bgp external remote-as <1-65535> export-routemap rm_name 

   off 

   preference <1-65535> [family inet] on

set bgp external remote-as <1-65535> import-routemap rm_name 

   off

   preference <1-65535> [family inet] on

set bgp internal export-routemap rm_name

   off

   preference <1-65535> [family inet] on

set bgp internal import-routemap rm_name

   off

   preference <1-65535> [family inet] on

show bgp routemap

Note - You cannot use routemaps in BGP confederations. To configure route filters and redistribution for BGP confederations, use the Inbound Route Filters and Route Redistribution pages in the WebUI.

set  router‑id default

set  router‑id ip_address

default

Selects the highest interface address when OSPF is enabled.

ip_address

The Router ID uniquely identifies the router in the autonomous system. The router ID is used by the BGP and OSPF protocols. We recommend setting the router ID rather than relying on the default setting. This prevents the router ID from changing if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1). In a cluster, you must select a router ID and make sure that it is the same on all cluster members.

• Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0
• Default: The interface address of one of the local interfaces.

set as as_number

set as off

as as_number

The local autonomous system number of the router. This number is mutually exclusive from the confederation and routing domain identifier. The router can be configured with either the autonomous system number or confederation number, not both.

Caution: When you change the autonomous system number, all current peer sessions are reset and all BGP routes are deleted.

as off

Disables the configured local autonomous system number.

set routemap direct-to-ospf id 10 on

set routemap direct-to-ospf id 10 match interface eth3c0

set routemap direct-to-ospf id 10 match protocol direct

set routemap direct-to-ospf id 10 action route-type type-2

set routemap direct-to-ospf id 10 action metric value 20

set ospf export-routemap direct-to-ospf preference 1 on

set routemap rip-in id 10 on

set routemap rip-in id 10 restrict

set routemap rip-in id 10 match neighbor 192.0.2.3

set routemap rip-in id 15 on

set routemap rip-in id 15 match neighbor 192.0.2.4

set routemap rip-in id 20 on

set routemap rip-in id 20 action metric add 2

set rip import-routemap rip-in preference 1 on

set routemap static-to-bgp id 10 on

set routemap static-to-bgp id 10 restrict

set routemap static-to-bgp id 10 match protocol static

set routemap static-to-bgp id 10 match network 192.0.2.0/8 all

set routemap static-to-bgp id 15 on

set routemap static-to-bgp id 15 match protocol static

set routemap static-to-bgp id 15 action metric 100

set routemap static-to-bgp id 15 action aspath-prepend-count 4

set routemap bgp-out id 10 on

set routemap bgp-out id 10 match aspath-regex "(100 200+)" origin any

set routemap bgp-out id 10 action metric 200

set bgp external remote-as 400 export-routemap bgp-out preference 1 family inet on

set bgp external remote-as 400 export-routemap static-to-bgp preference 2 family inet on