Routing Policy Configuration
You can configure routing policy for RIP, OSPFv2 and BGP in these ways:
Routing Policy Configuration
|
Description
|
Configured Using
|
Inbound Route filters
|
Restrict or constrain the set of routes accepted by a given routing protocol.
Inbound Route filters are similar to route maps for an import policy.
|
WebUI
|
Route Redistribution
|
Allow routes learned from one routing protocol to be propagated to another routing protocol. It is also useful for advertising static routes, such as the default route, or aggregates into a protocol.
Route Redistribution are similar to route maps for an export policy.
|
WebUI
|
Routemaps
|
Control which routes are accepted and announced. Used to configure inbound route filters, outbound route filters, and to redistribute routes from one protocol to another.
Route maps offer more configuration options than the WebUI options. However, they are not functionally equivalent.
If one or more route maps are assigned to a protocol (for import or export), any corresponding WebUI configuration is ignored.
|
clish
|
Configuring Inbound Route Filters - WebUI
Inbound route filters allow you to restrict or constrain the set of routes accepted by a given routing protocol.
By default, all RIP and OSPF external routes are accepted. BGP requires an explicit policy to accept routes.
The filters let an operator include or exclude ranges of prefixes from the routes that are accepted into RIP, OSPF and BGP. These filters are configured in the same way as the filters for route redistribution.
You can specify two possible actions for each prefix—accept the address into the routing protocol (with a specified rank) or exclude the prefix.
You can specify the type of prefix matching done for filter entries in the following ways:
- Routes that exactly match the given prefix; that is, have the same network portion and prefix length.
- Routes that match more specific prefixes but do not include the given prefix. For example, if the filter is 10/8, then any network 10 route with a prefix length greater than 8 matches, but those with a prefix length of 8 do not match.
- Routes that match more specific prefixes and include the given prefix. For example, if the filter is 10/8, then any network 10 route with a prefix length greater than or equal to 8 matches.
- Routes that match a given prefix with a prefix length between a given range of prefix lengths. For example, the filter could specify that it match any route in network 10 with a prefix length between 8 and 16.
You can define Inbound route filters only using the WebUI. Inbound route filters are not available in the CLI. However, you can configure the same functionality in the CLI using routemaps.
To configure a policy for OSPF routes:
- Go to the page of the WebUI.
- In the section, select .
- Click .
- In the window, select the :
- Options: Accept or Restrict
- Default: Accept
- If you selected , change the :
- You can fine tune the policy for OSFP External routes. In the section click .
The window opens.
To configure a policy for RIP routes:
- Go to the page of the WebUI.
- In the section, select .
- Click .
- In the window, select the :
- Options: Accept or Restrict
- Default: Accept
- If you selected , change the :
- You can fine tune the policy for RIP routes. In the section click .
The window opens.
To configure a policy for BGP routes:
- Go to the page of the WebUI.
- In the section, click .
The window opens.
- You can fine tune the policy for BGP routes. In the section click .
The window opens.
|
Note - For BGP, no routes are accepted from a peer by default. You must configure an explicit Inbound BGP Route Filter to accept a route from a peer.
|
Add BGP Policy Window
Parameter
|
Description
|
|
An autonomous system can control BGP importation. BGP supports propagation control through the use of AS-PATH regular expressions. BGP version 4 supports the propagation of any destination along a contiguous network mask.
|
|
An autonomous system can control BGP importation. BGP can accept routes from different BGP peers based on the peer AS number.
|
|
The order in which the import lists are applied to each route.
- Range for BGP Type based on AS_PATH Regular Expression: 1-511
- Range for BGP Type based on Autonomous System Number: 512-1024
- Default: No default
|
|
Autonomous system number of the peer AS.
|
|
The following definitions describe how to create regular expressions.
AS-PATH operators are one of the following:
- aspath_term (m n)
A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions. - aspath_term m
A regular expression followed by m, where m is a positive integer and means exactly m repetitions. - aspath_term (m)
A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions. - aspath_term *
A regular expression followed by *, which means zero or more repetitions. - aspath_term +
A regular expression followed by +, which means one or more repetitions. - aspath_term ?
A regular expression followed by ?, which means zero or one repetition. - aspath_term | aspath_term
Match either the AS term on the left or the AS term on the right of the pipe.
|
|
The completeness of AS-PATH information.
- - A route was learned from an interior routing protocol and is probably complete.
- - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
- - The path information is incomplete.
- Options: Any / IGP / EGP / Incomplete
- Default: No default
|
|
BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.
- Range: 0-65535
- Default: No default
|
|
The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.
Note: Do not use the local preference parameter when importing BGP.
The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.
- Range: 0-65535. Larger values are preferred
- Default: No default
|
|
Whether the routing protocol should accept or restrict the All Routes route, equivalent to 0.0.0.0/0, from the given AS-Path or AS. If set to Accept, you can specify a Rank for all routes.
- Options: Accept / Restrict
- Default: Restrict
|
|
If is set to Accept, you can specify a Rank for all routes.
- Range: 0 - 65535
- Default: no default.
|
Fine Tuning Policies
To fine tune your OSPF, RIP or BGP Policy:
- Specify which routes should be filtered by:
- IP address
- Subnet mask
- Match type
- Optional: Parameters that depend on the match type. For routes that match a filter, you can select Accept or Restrict. If the route is accepted, you can specify its rank.
- Specify what actions to perform on a route if it matches the route filter.
Do these steps by configuring the parameters in the window.
Add Route Window
Parameter
|
Description
|
|
The protocol for which you want to create the inbound route filter.
|
|
A baseline route that specifies a route filter. This route is the specified route in the context of a single route filter.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
- Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
BGP stores any routes that are rejected by not mentioning them in a route filter. BGP explicitly mentions these rejected routes in the routing table and assigns them a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which means that it is not installed in the forwarding table or exported to other protocols. This feature eliminates the need to break and re-establish a session upon reconfiguration if importation policy is changed.
- Range: 0-65535
- Default: No default
|
|
The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.
Note: Do not use the local preference parameter when importing BGP.
The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.
- Range: 0-65535. Larger values are preferred
- Default: No default
|
Configuring Route Redistribution - WebUI
Route redistribution allows routes learned from one routing protocol to be propagated to another routing protocol. This is necessary when routes from one protocol such as RIP, OSPF, or BGP need to be advertised into another protocol. Route redistribution is also useful for advertising static routes, such as the default route, or aggregates into a protocol.
You can define Route Redistribution only using the WebUI. Route Redistribution is not available in clish. To configure Route Redistribution using the CLI use routemaps.
To Configure Route Redistribution
- Go to the page of the WebUI.
- In the relevant section:
- To add a redistributed route, click .
- To edit a redistributed route, select it and click .
Redistributed Interfaces
Parameter
|
Description
|
|
The destination protocol.
|
|
The interface from which to distribute the routes
|
|
The cost of the created routes in the destination protocol.
|
Redistributed Static Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
The static route to be distributed to the protocol
|
|
The cost of the created routes in the destination protocol.
Note - This is mandatory when configuring redistributions to RIP.
|
Redistributed Aggregate Routes
Parameter
|
Description
|
|
Redistribute all active aggregate routes into the selected protocol.
|
|
The aggregate route to be distributed to the protocol
|
|
The cost of the created routes in the destination protocol.
Note - This is mandatory when configuring redistributions to RIP.
|
Redistributed RIP Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
Choose which RIP routes to redistribute into the .
- Options:
- Select - All active RIP routes.
- Clear - The RIP routes that match the From Address, Subnet Mask and Matchtype filter.
- Default: Cleared
|
|
The network for the destination to redistribute.
- Range: IP address format.
|
|
The subnet mask for the destination to redistribute.
- Default: the mask of the specified route.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
- Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
The cost of the created routes in the destination protocol.
|
Redistributed OSPF2 Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
Choose which OSPFv2 routes to redistribute into the .
- Options:
- Select - All active OSPFv2 routes.
- Clear - The OSPFv2 routes that match the From Address, Subnet Mask and Matchtype filter.
- Default: Cleared
|
|
The network for the destination to redistribute.
- Range: IP address format.
|
|
The subnet mask for the destination to redistribute.
- Default: the mask of the specified route.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
- Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
The cost of the created routes in the destination protocol.
Note - This is mandatory when configuring redistributions to RIP.
|
Redistributed OSPF2 External Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
Choose which OSPFv2 External routes to redistribute into the .
- Options:
- Select - All active OSPFv2 External routes.
- Clear - The OSPFv2 External routes that match the From Address, Subnet Mask and Matchtype filter.
- Default: Cleared
|
|
The network for the destination to redistribute.
- Range: IP address format.
|
|
The subnet mask for the destination to redistribute.
- Default: the mask of the specified route.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
- Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
The cost of the created routes in the destination protocol.
Note - This is mandatory when configuring redistributions to RIP.
|
Redistributed BGP AS Path Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
The following definitions describe how to create regular expressions.
AS-PATH operators are one of the following:
- aspath_term (m n)
A regular expression followed by (m n), where m and n are both non-negative integers and m is less than or equal to n. This expression means that there are at least m, and at most, n repetitions. - aspath_term m
A regular expression followed by m, where m is a positive integer and means exactly m repetitions. - aspath_term (m)
A regular expression followed by m, where m is a positive integer. This expression means that there are exactly m repetitions. - aspath_term *
A regular expression followed by *, which means zero or more repetitions. - aspath_term +
A regular expression followed by +, which means one or more repetitions. - aspath_term ?
A regular expression followed by ?, which means zero or one repetition. - aspath_term | aspath_term
Match either the AS term on the left or the AS term on the right of the pipe.
|
|
The completeness of AS-PATH information.
- - A route was learned from an interior routing protocol and is probably complete.
- - The route was learned from an exterior routing protocol that does not support AS-PATHs, and the path is probably incomplete.
- - The path information is incomplete.
- Options: Any / IGP / EGP / Incomplete
- Default: No default
|
|
Choose which BGP AS Path routes to redistribute into the .
- Options:
- Select - All active BGP AS Path routes.
- Clear - The BGP AS Path routes that match the From Address, Subnet Mask and Matchtype filter.
- Default: Cleared
|
|
The network for the destination to redistribute.
- Range: IP address format.
|
|
The subnet mask for the destination to redistribute.
- Default: the mask of the specified route.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
The cost of the created routes in the destination protocol.
|
Redistributed BGP AS Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
The BGP AS routes to be distributed to the protocol
|
|
Choose which BGP AS routes to redistribute into the .
- Options:
- Select - All active BGP AS routes.
- Clear - The BGP AS routes that match the From Address, Subnet Mask and Matchtype filter.
- Default: Cleared
|
|
The network for the destination to redistribute.
- Range: IP address format.
|
|
The subnet mask for the destination to redistribute.
- Default: the mask of the specified route.
|
|
The routes that are filtered for the and . These are the ways to compare other routes against it:
- matches any route that equals the specified route or is more specific than the specified route.
- matches a route only if it equals the and of the specified route.
- matches a route only if it is more specific than the specified route.
- matches any route whose Ip prefix equals the specified route's and whose falls within the specified Subnet Mask length range.
- Options: Normal, Exact, Refines, Range.
- Default: Normal.
|
|
What to do with the routes that match the filter that is defined by the , and .
- Options: Accept, Restrict.
- Default: Accept.
|
|
The cost of the created routes in the destination protocol.
|
Redistribute BGP Default Routes
Parameter
|
Description
|
|
The destination protocol.
|
|
Choose which BGP default routes to redistribute into the .
- Options:
- Select - All active BGP default routes.
- Clear - The BGP Default routes that match the BGP Redistribution Settings
- Default: Cleared
|
|
The cost of the created routes in the destination protocol.
|
BGP Redistribution Settings
Parameter
|
Description
|
|
The destination protocol.
|
|
BGP 4 metrics (Multi-Exit Discriminator or MED) are 32-bit unsigned quantities (that is they range from 0 to 4294967295 inclusive, with 0 being the most attractive). If the metric is specified as IGP, any existing metric on the route is sent as the MED. This setting can allow, for example, OSPF costs to be exported as BGP MEDs. Note: If this capability is used, any change in the metric causes a new BGP update.
The MED is a metric that defines the cost of using this route. The range of values is 1 to 16.
|
|
The BGP local preference to the imported route. Check Point recommends that you configure this value to bias the preference of routed for BGP routes.
Note: Do not use the local preference parameter when importing BGP.
The local preference value is sent automatically when redistributing external BGP routes to an internal BGP route. The local preference parameter is ignored if used on internal BGP import statements.
- Range: 0-65535. Larger values are preferred
- Default: No default
|
Configuring Route Maps - CLI (routemap)
Each route map includes a list of match criteria and set statements. You can apply route maps to inbound, outbound, or redistribution routes. Routes are compared to the match criteria, and all the actions specified in the set criteria are applied to those routes which meet all the match conditions. You can specify the match conditions in any order. If you do not specify any match conditions in a route map, the route map matches all routes.
You define route maps, then assign them to protocols for export or import policy for that protocol. Route maps take precedence over WebUI based configuration.
To create a route map, use CLI commands to specify a set of criteria that must be matched for the command to take effect. If the criteria are matched, then the system executes the actions you specify. A route map is identified by name and an identifying number, an Allow or Restrict clause, and a collection of match and set statements.
There can be more than one instance of a route map (same name, different ID). The lowest numbered instance of a route map is checked first. Route map processing stops when either all the match criteria of some instance of the route map are satisfied, or all the instances of the particular route map are exhausted. If the match criteria are satisfied, the actions in the set section are performed.
Routing protocols can use more than one route map when you specify distinct preference values for each. The appropriate route map with lowest preference value is checked first.
Set Routemap Commands
To set a route map:
set routemap rm_name id <1-65535>
<off|on>
allow
inactive
restrict
|
Parameter
|
Description
|
routemap rm_name
|
The name of the routemap.
|
id <1-65535>
|
The ID of the routemap. You can enter the keyword default or the default value 10 .
|
<off|on>
|
on to create a routemap, off to delete a routemap.
|
allow
|
Allow routes that match the routemap.
|
inactive
|
Temporarily disable a routemap. To activate the routemap, use the allow or restrict arguments.
|
restrict
|
Routes that match the routemap are not allowed.
|
To specify actions for a routemap:
|
|
|
|
Note - Some statements affect only a particular protocol. The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.
|
set routemap rm_name id id_number action
aspath-prepend-count <1-25>
community <append | replace | delete> [on|off]
community <1-65535> as <1-65535> [on|off]
community no-export [on|off]
community no-advertise [on|off]
community no-export-subconfed [on|off]
community none [on|off]
localpref <1-65535>
metric <add|subtract> <1-16>
metric igp [<add | subtract>] <1-4294967295>
metric value <1-4294967295>
nexthop <ip ipv4_address>
precedence <1-65535>
preference <1-65535>
route-type <type-1 | type-2>
remove action_name
ospfautomatictag tag
ospfmanualtag tag
riptag tag
|
Parameter
|
Description
|
routemap rm_name
|
Specifies the name of the routemap.
|
id id_number
|
Specifies the ID of the routemap. You can enter the keyword default or the default value 10 .
|
aspath-prepend-count
|
Specifies to affix AS numbers at the beginning of the AS path. It indicates the number of times the local AS number should be prepended to the ASPATH before sending out an update. BGP only.
|
community <append | replace | delete> [on|off]
|
Operate on a BGP community string. A community string can be formed using multiple community action statements. You can specify keywords append, replace, or delete for the kind of operation to be performed using the community string. The default operation is append. BGP only.
|
community <1-65535> as <1-65535> [on|off]
|
Specifies a BGP community value.
|
community no-export [on|off]
|
Routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone autonomous system that is not part of a confederation should be considered a confederation itself)
|
community no-advertise [on|off]
|
Routes received that carry a communities attribute containing this value must not be advertised to other BGP peers.
|
community no-export-subconfed [on|off]
|
All routes received carrying a communities attribute containing this value MUST NOT be advertised to external BGP peers (this includes peers inside a BGP confederation that belong to the autonomous systems of other members).
|
community none [on|off]
|
In action statement, this statement makes sense only if used with replace. This deletes all communities associated with a route so that the route has no communities associated with it. Using it with append or delete would be a no-operation.
The CLI returns an error if you turn "none" on and other community values already defined or if "none" is defined and you add some other community value.
|
localpref <1-65535>
|
Set the local preference for BGP route. BGP only.
|
metric [<add|subtract>]
<1-16>
|
Add to or subtract from the metric value. RIP only.
|
metric igp [<add | subtract>
<1-4294967295>]
|
Set metric to IGP metric value or add to or subtract from the IGP metric value. RIP only.
|
metric value
<1-4294967295>
|
Set the metric value. For RIP the metric is metric, for OSPF the metric is cost, and for BGP the metric is MED.
|
nexthop
<ip ipv4_address>
|
Set IPv4 Nexthop Address. BGP only.
Note: The ipv6 address should not be a link-local address.
|
precedence <1-65535>
|
Sets the rank of the route. Precedence works across protocols. Use this setting to bias routes of one protocol over the other. The lower value has priority.
|
preference <1-65535>
|
Applies only to BGP. This is equivalent to the bgp weight (in Cisco terms) of the route. However, unlike Cisco, the route with lower value will be preferred. This value is only relevant for the local router.
|
route-type
<type-1 | type-2>
|
Type of OSPF external route. The metric type of AS External route is set to the specified value. Only applies to routes redistributed to OSPF.
|
remove action_name
|
Remove the specified action from the routemap. For community, it removes all community statements. Allowed values for action_name are:
aspath-regex
community
ifaddress
interface
metric
neighbor
network
nexthop
protocol
route-type
|
ospfautomatictag tag
|
Creates an automatic OSPF route tag.
|
ospfmanualtag tag
|
Creates a manual OSPF route tag.
|
riptag tag
|
Creates a RIP route tag.
|
To specify the criteria that must be matched for the routemap to take effect:
|
|
|
|
Note - Some statements affect only a particular protocol. The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.
|
set routemap rm_name id <1-65535> match
as <1-65535> [on | off]
aspath-regex ["regular_expression" | empty] origin <any | igp | incomplete>
community <1-65535> as <1-65535> [on|off]
community exact [on|off]
community no-export [on|off]
community no-advertise [on|off]
community no-export-subconfed [on|off]
community none [on|off]
ifaddress IPv4_addr [on | off]
interface interface_name [on | off]
metric value <1-4294967295>
neighbor IPv4_addr [on | off]
network IPv4_network / masklength <all | exact | off | refines>
network<IPv4_network / masklength between masklength and masklength
nexthop IPv4_addr [on | off]
protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>
route-type <type-1 | type-2 | inter-area | intra-area> [on | off]
remove match_condition_name
|
Parameter
|
Description
|
as <1-65535> [on | off]
|
Match the specified autonomous system number with the AS number of a BGP peer. For BGP only.
|
aspath-regex ["< regular-expression>" | empty] origin <any | igp | incomplete>
|
Match the specified aspath regular expression. For BGP only.
Note: Enter the regular expression in quotation marks. Use the empty keyword to match a null ASpath.
|
community <1-65535> as <1-65535> [on|off]
|
Specify the BGP community value.
|
community exact [on|off]
|
Specify that the communities present in the route must exactly match all the communities in the routemap. In absence of the exact clause, the route can have other community values associated with it in addition to the ones contained in the routemap. You can have multiple community statements in a route map to form a community string.
|
community no-export [on|off]
|
All routes received that carry a communities attribute containing this value must not be advertised outside a BGP confederation boundary (a stand-alone AS that is not part of a confederation should be considered a confederation itself).
|
community no-advertise [on|off]
|
All routes received carrying a communities attribute containing this value must not be advertised to other BGP peers.
|
community no-export-subconfed [on|off]
|
All routes received carrying a communities attribute containing this value must not be advertised to external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation).
|
community none [on|off]
|
Matches an empty community string, i.e. a route which does not have any communities associated with it.
The CLI returns an error if you turn "none" on and other community values already defined, or if "none" is defined and you add some other community value.
|
ifaddress IPv4_addr [on | off]
|
Match the specified interface address. There can be multiple if address statements.
|
interface interface_name [on | off]
|
Match the route if the nexthop lies on the specified interface name. There can be multiple interface statements.
|
metric value
<1-4294967295>
|
Match the specified metric value.
|
neighbor IPv4_addr [on | off]
|
Match the neighbors IP address. BGP or RIP. There can be multiple neighbor statements.
|
network IPv4_network / masklength
|
Use with the following keywords:
all : Match all networks belonging to this prefix and masklength. This is a combination of exact and refines.
between masklength and masklength: Specify a range of masklengths to be accepted for the specified prefix.
exact: Match prefix exactly.
off: Delete the network match statement.
refines : Match networks with more specific mask lengths only. Matches only subnets.
There can be multiple network match statements in a route map.
|
nexthop IPv4_addr [on | off]
|
Match the specified nexthop address.
|
protocol <ospf2 | ospf2ase | bgp | rip | static | direct | aggregate>
|
Match the specified protocol. Use this for route redistribution.
|
route-type <type-1 | type-2 | inter-area | intra-area> [on|off]
|
As a match statement in routemap for export policy, it can be used by any protocol to redistribute OSPF routes. If route-type of inter-area or intra-area is specified, the protocol match condition should be set to ospf2 and if route-type of type-1 or type-2 is specified, then protocol match condition should be set to ospf2ase.
While exporting OSPF ASE routes to other protocol, if metric match condition is set but route-type match condition is not set, it will try to match the metric value for both type-1 and type-2 routes.
There can be multiple route-type match statements.
|
remove match_condition_name
|
Remove the specified match condition from the routemap. For match conditions which can have multiple match statements (such as network, neighbor), this argument removes all of them.
|
Show Routemap Commands
show routemap rm_name <all | id VALUE>
show routemaps
|
Routemap Protocol Commands
To assign routemaps to protocols:
The preference value specifies which order the protocol will use each routemap.
set <ospf | rip >
export-routemap rm_name preference VALUE on
import-routemap rm_name preference VALUE on
|
To turn a routemap off:
set <ospf | rip >
export-routemap rm_name off
import-routemap rm_name off
|
To view routemaps assigned to protocols:
show <ospf | rip> routemap
|
To set BGP routemaps for export and import policies:
|
|
|
set bgp external remote-as <1-65535> export-routemap rm_name
off
preference <1-65535> [family inet] on
set bgp external remote-as <1-65535> import-routemap rm_name
off
preference <1-65535> [family inet] on
set bgp internal export-routemap rm_name
off
preference <1-65535> [family inet] on
set bgp internal import-routemap rm_name
off
preference <1-65535> [family inet] on
show bgp routemap
|
|
Note - You cannot use routemaps in BGP confederations. To configure route filters and redistribution for BGP confederations, use the Inbound Route Filters and Route Redistribution pages in the WebUI.
|
Supported Route Map Statements by Protocol
Some statements affect only a particular protocol, for example, matching the Autonomous System Number is applicable only to BGP. If such a condition is in a routemap used by OSPF, the match condition is ignored. Any non-applicable match conditions or actions are ignored and processing is done as if they do not exist. A log message is generated in /var/log/messages for any such statements.
|
Note - The same parameter cannot appear both as a match and action statement in a routemap. These include Community, Metric, and Nexthop.
|
RIP
- Import Match conditions:
Neighbor, Network, Interface, Ifaddress, Metric, Neighbor, Nexthop . - Import Actions:
Precedence, Metric Add/Subtract - Export Match conditions when exporting from RIP -
Interface, Ifaddress, Metric, Network, Nexthop - Export Match Conditions when redistributing using Protocol match: According to the protocol from which route is being redistributed.
- Export Actions when exporting from RIP -
Metric Add/Subtract - Export Actions when redistributing -
Metric Set
OSPFv2
- Import Match conditions:
Network (Route Prefix) - Import Actions:
Precedence - Export Match conditions when other protocols redistribute OSPF routes:
Network, Interface, Ifaddress, Metric, Route-type, Nexthop - Export Match conditions when OSPF redistributes routes from other protocols: Conditions supported by that protocol
- Export Actions when redistributing to AS External:
Metric, Route-type
BGP
When you do initial configuration, set the router ID. You can also use the following commands to change the router ID.
set router‑id default
set router‑id ip_address
|
Parameter
|
Description
|
default
|
Selects the highest interface address when OSPF is enabled.
|
ip_address
|
The Router ID uniquely identifies the router in the autonomous system. The router ID is used by the BGP and OSPF protocols. We recommend setting the router ID rather than relying on the default setting. This prevents the router ID from changing if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1). In a cluster, you must select a router ID and make sure that it is the same on all cluster members.
- Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0
- Default: The interface address of one of the local interfaces.
|
Use the following group of commands to set and view parameters for BGP.
set as as_number
set as off
|
Parameter
|
Description
|
as as_number
|
The local autonomous system number of the router. This number is mutually exclusive from the confederation and routing domain identifier. The router can be configured with either the autonomous system number or confederation number, not both.
Caution: When you change the autonomous system number, all current peer sessions are reset and all BGP routes are deleted.
|
as off
|
Disables the configured local autonomous system number.
|
Redistributing Static, Interface, or Aggregate Routes
When redistributing static routes into BGP, OSPFv2 or RIP the following match conditions are supported:
- Network Prefix,
- Nexthop
- Interface
- Ifaddress
- Protocol (proto = static)
When redistributing interface/direct routes into BGP, OSPFv2 or RIP the following match conditions are supported:
- Network Prefix
- Interface
- Ifaddress
- Protocol (proto = direct)
When redistributing aggregate routes into BGP, OSPFv2 or RIP the following match conditions are supported:
- Network Prefix
- Protocol (proto = aggregate)
Route Map Examples
Example 1
Redistribute interface route for eth3c0 into ospf, and set the ospf route-type to AS type-2 with cost 20.
set routemap direct-to-ospf id 10 on
set routemap direct-to-ospf id 10 match interface eth3c0
set routemap direct-to-ospf id 10 match protocol direct
set routemap direct-to-ospf id 10 action route-type type-2
set routemap direct-to-ospf id 10 action metric value 20
set ospf export-routemap direct-to-ospf preference 1 on
|
Example 2
Do not accept routes from RIP neighbor 192.0.2.3, accept routes from neighbor 192.0.2.4 as is, and for all other routes increment the metric by 2.
set routemap rip-in id 10 on
set routemap rip-in id 10 restrict
set routemap rip-in id 10 match neighbor 192.0.2.3
set routemap rip-in id 15 on
set routemap rip-in id 15 match neighbor 192.0.2.4
set routemap rip-in id 20 on
set routemap rip-in id 20 action metric add 2
set rip import-routemap rip-in preference 1 on
|
Example 3
Redistribute all static routes into BGP AS group 400. Set the MED value to 100, prepend our AS number to the aspath 4 times. If the route belongs to the prefix 192.0.2.0/8, do not redistribute. Send all BGP routes whose aspath matches the regular expression (100 200+) and set the MED value to 200.
set routemap static-to-bgp id 10 on
set routemap static-to-bgp id 10 restrict
set routemap static-to-bgp id 10 match protocol static
set routemap static-to-bgp id 10 match network 192.0.2.0/8 all
set routemap static-to-bgp id 15 on
set routemap static-to-bgp id 15 match protocol static
set routemap static-to-bgp id 15 action metric 100
set routemap static-to-bgp id 15 action aspath-prepend-count 4
set routemap bgp-out id 10 on
set routemap bgp-out id 10 match aspath-regex "(100 200+)" origin any
set routemap bgp-out id 10 action metric 200
set bgp external remote-as 400 export-routemap bgp-out preference 1 family inet on
set bgp external remote-as 400 export-routemap static-to-bgp preference 2 family inet on
|
|
Note - There is no need for a match protocol statement for routes belonging to the same protocol.
|
|
|