- Spot Maps 1 3 2 – Map Your Network Router Password
- Spot Maps 1 3 2 – Map Your Network Router Settings
- Spot Maps 1 3 2 – Map Your Network Router Ip
This map was created by a user. Learn how to create your own. Add your SPOT Device to Spotwalla. Well then, you got your Spotwalla account, so time to log in and add your SPOT device to your account! Once logged in, click on your username in the top right hand corner and go to Devices. If you haven't added any devices yet, the list will be empty. Why adding another route-map permit statement allowed other 3 subnets. Rene created the R1L0PERMIT access list with a permit statement for the 192.168.0.0/24 subnet. This was then referenced by the TEST3 route map with a deny statement for matches to this access list. So this route map is applied to the distribute-list of EIGRP. Apply a route map, based on the application of the route map, it may be applied in so many ways. Some more common application, such as route redistribution, BGP and PBR. In the above configuration, 3 primary commands are used to configure the route maps such as a route map command, set commands and match commands. Route map commands. If your ISP installed your modem (and Wi-Fi router) in an inconvenient location (like the basement), that's all the more reason to use a dedicated Wi-Fi router. You can run a long ethernet cable from your modem to the best location in your home and connect your Wi-Fi router there. If your ISP supplied Wi-Fi router/modem only broadcasts on the.
The route maps are like the duct tape for a network. It is not important because it can be used to mend or fix something broken, however, it can be applied to the numerous situation to overtake many issues. It is not the prettiest solutions, but it will be very effective. This route maps are like the 'Then . IF.' statements of various programming languages. 'If' the specific condition is true and 'then' will do something. The route maps enable to define routing policy which will considered before the router will examine the forwarding table and therefore it can define the routing policy which takes the precedence over the various route processes. Let us see the concepts of the route maps and how powerful it is.
Route maps:
One of the main purpose of the route map in the Cisco router is the customize traffic management beyond the routing tables boundaries. The route maps are mostly used when distributing the routes into the RIP, EIGRP or OSPF routing process. It is also used while generating the default route into the OSPF routing process. The route map also defines which of the routes from a specified routing protocol that are allowed to be redistributed into a target routing process. The route maps have so many features with widely known ACL. The common traits for both are as follows:
They are generic mechanism. The match interpretation and criteria matches are dictated by applying it. Then the same route maps applied to the various tasks may be interpreted differently.
They are the ordered sequence of the individual statements, everyone has the deny or permit result. The evaluation of the route or ACL comprises of the list scan, in the predetermined order as well as an evaluation of a criteria of each matching statement. The list scan will abort when the first statement match is available and the action associated with a statement match is performed.
There are few differences between the ACL and route maps are as follows:
The route maps are very flexible than the ACL and it can verify the routes based on the criteria that ACL will not verify.
The result from an evaluation process of the access list is the no or yes answer. The ACL will either deny or permit the input data. When applied to redistribution, the ACL determines if the specific route can or cannot be redistributed. The typical route map is not only permitted the redistributed route and also modify the information which are associated with the route, when they are redistributed into the other protocol.
Each ACL will end with the implicit deny statements, by means of design convention and there is no same convention for the route maps. If the route map end is reached when matching attempts, then the results depend upon the certain route map application. Since, the route maps which are applied to the redistribution will behave the similar way like ACL and if the path does not match any of the clauses in the route map, then route redistribution is denied, if a route map contained the deny statement at an end.
The route map frequently uses the ACL as the matching criteria.
Given below is the route map logic:
In the nutshell, the route maps will work in the below manner:
This process is whether it is the redistribution process, some other process or policy routing such as NAT- network address translation will call the route map by the text based name. Then the route maps, in turns have the match statements or conditions, that are usually, but it is not always, the extended list or access list. The BGP may match on ASN- autonomous system number or any different attributes. In case, the route maps function during the redistribution as follows:
The below one demonstrates how the route map is applied during the redistribution:
The route map is mainly used to control as well as tag the route from EIGRP when it is redistributed into the OSPF. While processing the OSPF redistribution, the route map titles as set_tag is called there. A route map comprises of 3 parts. The 1st part calls the ACL- access control list 10, that will permit the 172.16.32x network and set the tag of 10. Then the 2nd part calls the ACL 11, that in turns matches the 172.16.1.x IP address. If the match occurs, then the metric can be set in such a way that the route is redistributed. Then it turns into the OSPF type route 1 and finally the tag has to be set to 11. Then the final or 3 rd part of a route map cannot call the ACL, hence all the routes are matched as well as the condition of the set will be applied. In this case, the routers are setting the tag in 300 and you can set the tag to help the network document or else use the tags to find routes which you like to perform or filter some other action.
The route maps have some common characteristics such as;
- The route maps are executed from the lowest sequence of number to the highest sequence. You can modify or edit the maps with the help of sequence number.
- You can use the route maps to deny or permit the information is true by match statements.
- If the match is found in the route map instance, the execution of the other further route map will stop.
- If the route map is applied in the policy routing environments, the packets which don't meet a match criteria are forwarded based on a routing table.
- If the multiple match statements within the single instance of route map is called, then all the match statements should match for a route map instances to obtain the true result.
- As with the ACL, an implicit denies are included at the route map policy end.
- If it is not a corresponding ACL to match statements in an instance of the route map, then the entire routes are matched. Then set statement, in result, apples to whole routes.
- In case, there is no match statement in the instance of the route map, the whole packets and routes are matched. Then the set statement can apply to all the packets or routes.
- You can use the route maps to create the policies based on the packet size, IP address, application, end system ID and protocol.
Route map configuration:
A route map syntax is comprised of roughly 3 separate Cisco commands based on the accomplishing route map and type of process which calling it. When configuring the route map, follow the 5 step configuration process. Based on the application of the route map, additional configuration can also be needed, including with PBR or BGP communities.
Step 1:
Configure any AS_Path, ACL or any match criteria which the route map can be used in a match command. It should be the first, so that you will not call an empty AS_PATH list or ACL.
Step 2:
Configure a route map instance. It is established with a command of route-map name permit|deny sequence number. Assure to leave the room between the sequence numbers for the future modifications or updates. A route map instance along with a lower sequence numbers are executed first.
Step 3:
This step defines a match criteria as well as configure the statements of match which can be used in the single instance of the route map. In case, the absence of the match commands, the entire routes or packets are matched here.
Step 4:
It is the optional step. It defines a set criteria as well as configures set statements which are used in the single instance of the route map. You can also do with a route map configuration set command.
Step 5:
Again, it is the optional step. Configure any AS_PATH, ACL or any match criteria which a route map can use the match command.
Step 6:
Apply a route map, based on the application of the route map, it may be applied in so many ways. Some more common application, such as route redistribution, BGP and PBR.
In the above configuration, 3 primary commands are used to configure the route maps such as a route map command, set commands and match commands.
Route map commands:
Here the complete route map syntax is:
Here, the route_map_name is also called as the map tag. It is the text-based route map name. In that the name is logically grouped and unique as well as defined all the route map policies. It is the name which is used to call a route map during the process and redistribution. The deny and permit keywords are always optional and a default keyword is permit. If a route map is called from the redistribution process, then the keywords are set to permit and a match criteria are met for a route map, a route is redistributed. If a keyword is set to deny, in same criteria, then a route might be denied. Suppose a route map is called from the policy routing statement, then match criteria is met for route map as well as a keywords are set to permit, then the packets might be policy routed. If a deny keyword is used, hen the packets are forwarded based on the normal route processes.
The sequence number implies in which order that the statement of the route map has to be executed. While the route maps are called, then a route map with a lower sequence number will execute first. Suppose, the match is not available in a route map with a lower sequence number, a route map with a next higher sequence numbers are executed. Again, this process will repeat automatically until the match is identified or no more route map statement exists. If the match is caught, then the execution for the individual route or packet stops and a next route or packet starts the process with a route map statements with a lower sequence number. There, the default sequence number is 10.
In short, it is the process called the route map by the text based name.
Match commands:
A route map has specific match statements or conditions. It is usually an extended access list or access list. This command also enables you to define the route map criteria. You can also match commands to call the ACL to compare the routes. The match statement can also match the route type, packet length or route tag. In the IP networks, the command enables to match the routes which have the network address matching 1 or more in the prefix list or specific ACL. Use the standard, expanded or extended range ACL. Then the next hop keyword will enable to match the routes which has the next hop addresses matching 1 or more in an ACL. It is most primarily used in the BGP.
Set commands:
Here, the match statements are followed by the set statements. Suppose, the match statement turns the true result or output, then the set statements are executed. These set commands are mostly executed after the successful match being made in a route map instance. This set command may be omitted in some cases, because it is only optional command. The set commands are divided into 2 categories such as routing protocols, or redistribution - certain set commands, policy routing certain set commands, and BGP- certain set commands. If the route maps are used on the redistribution, or simply to filter the networks, it is not necessary to use the set command until you like to tag or influence the route further.
The route map is the one which helps in defining the routing policy which will be considered before a router examines the forwarding table. However, it is considered as the perfect solution for the problem, it offers the effective solution which can be applied to different situations to solve the various problems. The configuration of the route maps and its valuable 3 commands are explained in detail. The concepts and characteristic of the route maps give you the idea about the route maps.
Have you ever wanted to customize how your router works? In some cases, you simply have no alternative. In fact, you may want to modify the route selection process, the route leaking, or routing itself. Because of that, Cisco created great technology: the route map. Route maps have a great power, that comes with some complexity. Thus, you don't find route maps in the CCNA, but as part of the CCNP curriculum instead. This article will help you progress with your CCNP, by covering the route map technology in detail.
To better understand this article, you should have a CCNA-equivalent knowledge. We will talk about routing protocols and ACLs assuming you know them. If you are unsure about your level, just check out our Free CCNA Course.
Introducing Route Maps
What does a route map do?
You can think of a route map like an advanced ACL. The Access Control List matches an IP address, and performs two actions: permit or deny. In fact, an ACL can process any IP address permit or deny it, according to its rules. Because of that, ACLs are a natural choice for blocking or permitting traffic. However, you can use them in other applications as well. For example, you can use them to define which IP addresses the router should NAT.
ACLs can go a step further, as we explained in this article. They can also match on static L3 and L4 information, like protocol or TCP flags.
Route maps also perform a match and apply an action. However, the match many different things, and can perform many different actions. They go far beyond the classic permit and deny of an ACL. In fact, you don't use them to simply match IP addresses. You use them to match routes. This means they are not an alternative to ACLs, but a more powerful match-and-act statement that you can use in specific circumstances.
A route map doesn't simply match IP addresses. It matches routes.
A route map can match on metrics, on IP addresses, prefix length, routing protocol, and more. With all this power, how do we use a route map?
Applications of a route map
As we will see in this article, we use route maps for Policy Based Routing and Route Redistribution.
Policy-Based Routing (PBR) is just what the name says. Instead of routing packets according to the best match in the routing table, we route them according to a policy. This means we can direct packets coming from a subnet to a next-hop, and packets coming from another subnet to another next-hop. We can administratively define the policy and have custom and predictable routing.
Route Redistribution, instead, is the propagation of routing updates between different routing protocols. Even for link-state routing protocols, route redistribution communicates routes (and not link-state updates). Since a route map specifically matches routes, we can put it to good use here. Furthermore, it doesn't simply permit or deny the redistribution of a route. It can alter its parameters, like the metric, or even the next-hop. Route maps are extremely handy when configuring BGP, as it has several parameters that we can alter to satisfy our needs.
Creating a Route Map
The anatomy of a route map
Despite their overall complexity, the structure of a route map is very simple. Just like an ACL, a route map is a set of rules. Each rule has just three items: the action type, the match clause, and the set clause. The action-type is just permit or deny, and defines what to do in case we have a match. Instead, the match clause defines what this rule should match. When we have a match inside a permit rule (and not a deny rule), we execute the set clause, which is the action. In the set statements, we can alter the parameter, like the metric or next-hop.
Spot Maps 1 3 2 – Map Your Network Router Password
Each rule inside a route map has an ID, that you associate with the permit
or deny
action. Inside of it, we can find multiple match
commands and multiple set
commands, creating the match and set clauses. To define each rule, we use the route-map
command, followed by the route map name, permit
or deny
and the ID of the statement. Cisco recommends to use IDs in increment of 10: this will leave some space for further growth. You create the route map by simply creating one of its rules. Furthermore, you can completely omit the match clause in a rule. If you do, the rule will match everything.
Match Clauses: AND and OR
This is probably the most important part of the entire article. If you get this right, you will get route maps right. We know that we can use one or more match statements inside a match clause. The way we use them will change the way the match clause works. To create the match clause, we use the match
command. In fact, we can say that all the match
commands create the match clause.
In a single match command, you can match one or more items. For example, you can match the source routing protocol and the route map in the same command (in the same line). You are matching two things, so you could also use two different match
commands. What is the difference?
The router will consider multiple match conditions in the same line as a logical OR. This means that, if at least one of them is true, the line matches. Instead, match conditions on different lines are a logical AND: they must all be true for the rule to match. We can easily combine the two things together in a single match clause. Here we have an example.
This means that we are matching routes with tag 20 coming from either OSPF 1 or EIGRP 65535. If the route has not 20 as a tag, or if it doesn't come from either OSPF 1 or EIGRP 65535, we don't have a match. Instead, it doesn't have to be from OSPF 1 and from EIGRP 65535 at the same time (and it would be impossible).
Note that in the same line you can only match on the same item. For example, you can match on multiple routing protocols, because the item of the match is always the routing protocol. You can't match, for example, routing protocol and tag on the same line.
ACLs inside a match statement
In a route map, you can use ACLs inside match commands to match against IP addresses. How does the permit and deny instructions inside an ACL relates to the ones inside the route map?
If the ACL returns a deny
action, for the route-map the IP address didn't match the ACL. If, instead, the ACL returns a permit
action, the route map considers the IP address to match the ACL. Thus, we can summarize in the following four cases.
Of course, you need to give context to this table. In case you are using multiple statements in logical AND, you need to consider them as well. Can you play fortnite now.
The set clause
The set clause is much easier. You just have a list of set
commands, and you can apply them all. These commands will only make sense if the action of the route map is permit
. Reformat my external hard drive. Otherwise, the router will simply ignore these commands. However, a permit route map can have no set
commands as well. If this is the case, we simply allow the route, and do not perform alteration of any kind.
Multiple rules in a route map
A route map is a set of rules, and this means it can have multiple rules of course. How does the router behaves when we have overlapping match statements between different rules? It is simple, and it works exactly like an ACL. The router processes the rules of a route map in a top-down approach, from the lowest ID to the highest. As soon as we have a match to a rule, we execute that rule and exit. The router won't execute the following rules. We can summarize this behavior as top-down first-match.
An entire route map
Now that we have the tool to understand (and create) a route map, it is time to create our route map. Take a look at the route map below, and try to understand what it does. Then, check the explanation right after the route map.
We have the OSPF-TO-EIGRP
route map, that contains 5 rules. In the first rule (10
), we do not allow any route coming from any IP address matching the BAD-SOURCE
ACL. We are matching on the neighboring router. Instead, in the following rule (20
) we block any route that matches the OVERLAPPING-SUBNETS
ACL. This time we are matching against the routes, not their sources. In the rule 30
Omnigraffle pro 7 0 2 download free. , we also deny any route tagged as 6500. Then, in the rule 40
we permit routes coming from routers that match ACLs named R3
and R4
. We permit them, but also set metric and tag. Finally, in the last rule (50
) we permit all routes and set metric and tag for them.
We can easily apply this rule in a redistribution context, while it would make no sense in a PBR context.
All you can match…
Spot Maps 1 3 2 – Map Your Network Router Settings
In a route map, you can match against a lot of stuff. Some things may be version-dependent, and you can find them only on some IOS routers. However, here are some common items you can check in a match
command.
as-path
, a BGP-specific attributeclns
, an OSI protocol comparable to IP or UDPcommunity
, another BGP-specific attributeextcommunity
, this is for BGP as wellinterface
, interface the route (or packet, in case of PBR) is received ontoip address
, match the target subnet of the route itself (available foripv6
as well)ip route-source
, the IP of the router that advertised the route to us (available foripv6
as well)ip next-hop
for the route (available foripv6
as well)local-preference
, yet another BGP-specific attributemetric
, of the source routing protocolmpls-label
, in case you are working with MPLSnlri
, this is for BGP as wellpolicy-list
, match against a policy maproute-type
, an attribute of the route: internal, external, local, IS-IS level 1 or IS-IS level 2source-protoco
l, the source routing protocol, including static and connected routestag
, the route tag
All you can set…
We can say the same about the attributes we can set. In fact, many of them may depend on the IOS version. However, below some of the most common ones you should find on almost any router.
as-path
, a BGP-specific attributeautomatic-tag
automatically sets the route tagclns
, an OSI protocol comparable to IP or UDPcomm-list
, a BGP settingcommunity
, another BGP-specific attributedampening
, BGP route-flap dampening parametersdefault interface
as exit interfaceextcommunity
, this is for BGP as wellinterface
, interface the route (or packet, in case of PBR) is received ontoip address
, match the target subnet of the route itself (available foripv6
as well)ip default next-hop
for the routeip df
, Don't Fragment flag for PBRip next-hop
for the route (available foripv6
as well)ip precedence
, QoS setting for PBRip qos-group
, QoS setting for PBRip tos
, yet another QoS setting for PBRlevel
, an OSPF-specific attributelocal-preference
, yet another BGP-specific attributemetric
, of the source routing protocolmetric-type
, the type for metric (e.g. E1, E2)mpls-label
, in case you are working with MPLSnlri
, this is for BGP as wellpolicy-list
, match against a policy maporigin
, BGP origin (IGP, EGP, incomplete)route-type
, an attribute of the route: internal, external, local, IS-IS level 1 or IS-IS level 2source-protoco
l, the source routing protocol, including static and connected routestag
, the route tagtraffic-index
, an index for BGP traffic classificationvrf
, exit VRF, useful for inter-VRF route-leakingweight
, a Cisco-proprietary BGP attribute local to this router
Applying route maps
A route map, in the end, is a complex rule. It doesn't do anything (literally, unless we apply it somewhere. As we anticipated at the beginning of the article, we can apply them in two cases: route redistribution and PBR. Just read on…
For Route Redistribution
When applying the route map for redistribution, you use it to tell the allowed routes. Using a route map for redistribution is simple. First, you need to enter the configuration of the protocol that will receive the routes. Then, you use the redistribute
command to define the protocol that will generate the route to import. Just after that, you use the keyword route-map
and specify the route map name. Take a look at the following example.
Here we are redistributing EIGRP 65535 into OSPF 1, using the route-map EIGRP-TO-OSPF
to filter the routes. The subnets
keyword is part of the OSPF configuration. This is it, we now have a working redistribution configuration that leverages a route map.
For Policy-Based Routing (PBR)
Applying a route map to PBR differs from using the same route map in route redistribution. In fact, here the set
commands will alter the packets or its routing process (e.g. next-hop). Here, you apply the route map to an interface, and all packets the router receives on that interface will be processed according to the route map. In case the route map has no match, it passes the packet to the standard routing table.
To apply the route map to an interface, we use the command ip policy route-map
, followed by the name of the route map. On very old routers, doing this meant the router had to do software-switching. In other words, the forwarding of packets on that interface would have been very slow. In later releases, Cisco enabled fast-switching for PBR, that you can enable with ip route-cache policy
command under the desired interface. However, modern routers are even better. They now support CEF-switched PBR, at wire speed. In other words, applying PBR doesn't slow down the traffic at all, and you don't need any additional command. You can apply only one route map for each interface.
Here we apply the PRIVILEGED-ON-SECONDARY-LINK
route map to the interface GigabitEthernet 0/1
. This type of configuration comes with a concern that we need to point out. We make PBR for traffic the router receives, not for traffic the router generates on its own (like management traffic). In some circumstances, we may want to do PBR for the traffic the router generates. In that case, we need to use Local PBR. This simply means applying a PBR route map to router's traffic, and we do it with ip local policy route-map
, in global configuration.
Wrapping it up
In this article got you up and running with route maps. Now you can fine-tune route redistribution, and implement PBR the way you want. If you are in a hurry, here are the key takeaways of this article. You can probably get by with ?
in the configuration if you know these key points.
Spot Maps 1 3 2 – Map Your Network Router Ip
- A route map is a set of rules, processed on a top-down first-match basis.
- Each rule can be a
permit
(default) ordeny
. The first may also alter some parameters of the route or packet being matched. - To define if a rule inside a route map matches, you use the
match
command. Matching multiple items on the same line means joining them with a logical OR, using multiplematch
commands means joining them with a logical AND. - You can have multiple
set
commands inside the same rule. - A rule with no
match
command will match anything. - Apply the route map to the
redistribute
command if you want to use it for route redistribution. - Use
ip policy route-map
on an interface if you want to use the route for PBR; if the route map doesn't match a packet it will be routed with the normal process. - For additional reference, consult the Cisco documentation.
Hopefully, this knowledge will help you in several circumstances! As always, let me know what you think about route maps and how do you see yourself using them.
Have you ever wanted to customize how your router works? In some cases, you simply have no alternative. In fact, you may want to modify the route selection process, the route leaking, or routing itself. Because of that, Cisco created great technology: the route map. Route maps have a great power, that comes with some complexity. Thus, you don't find route maps in the CCNA, but as part of the CCNP curriculum instead. This article will help you progress with your CCNP, by covering the route map technology in detail.
To better understand this article, you should have a CCNA-equivalent knowledge. We will talk about routing protocols and ACLs assuming you know them. If you are unsure about your level, just check out our Free CCNA Course.
Introducing Route Maps
What does a route map do?
You can think of a route map like an advanced ACL. The Access Control List matches an IP address, and performs two actions: permit or deny. In fact, an ACL can process any IP address permit or deny it, according to its rules. Because of that, ACLs are a natural choice for blocking or permitting traffic. However, you can use them in other applications as well. For example, you can use them to define which IP addresses the router should NAT.
ACLs can go a step further, as we explained in this article. They can also match on static L3 and L4 information, like protocol or TCP flags.
Route maps also perform a match and apply an action. However, the match many different things, and can perform many different actions. Can you download the sims 4 on mac. They go far beyond the classic permit and deny of an ACL. In fact, you don't use them to simply match IP addresses. You use them to match routes. This means they are not an alternative to ACLs, but a more powerful match-and-act statement that you can use in specific circumstances.
A route map doesn't simply match IP addresses. It matches routes.
A route map can match on metrics, on IP addresses, prefix length, routing protocol, and more. With all this power, how do we use a route map?
Applications of a route map
As we will see in this article, we use route maps for Policy Based Routing and Route Redistribution.
Policy-Based Routing (PBR) is just what the name says. Instead of routing packets according to the best match in the routing table, we route them according to a policy. This means we can direct packets coming from a subnet to a next-hop, and packets coming from another subnet to another next-hop. We can administratively define the policy and have custom and predictable routing.
Route Redistribution, instead, is the propagation of routing updates between different routing protocols. Even for link-state routing protocols, route redistribution communicates routes (and not link-state updates). Since a route map specifically matches routes, we can put it to good use here. Furthermore, it doesn't simply permit or deny the redistribution of a route. It can alter its parameters, like the metric, or even the next-hop. Route maps are extremely handy when configuring BGP, as it has several parameters that we can alter to satisfy our needs.
Creating a Route Map
The anatomy of a route map
Despite their overall complexity, the structure of a route map is very simple. Just like an ACL, a route map is a set of rules. Each rule has just three items: the action type, the match clause, and the set clause. The action-type is just permit or deny, and defines what to do in case we have a match. Instead, the match clause defines what this rule should match. When we have a match inside a permit rule (and not a deny rule), we execute the set clause, which is the action. In the set statements, we can alter the parameter, like the metric or next-hop.
Each rule inside a route map has an ID, that you associate with the permit
or deny
action. Inside of it, we can find multiple match
commands and multiple set
commands, creating the match and set clauses. To define each rule, we use the route-map
command, followed by the route map name, permit
or deny
and the ID of the statement. Cisco recommends to use IDs in increment of 10: this will leave some space for further growth. Polarr photo editor pro 5 4 99. You create the route map by simply creating one of its rules. Furthermore, you can completely omit the match clause in a rule. If you do, the rule will match everything.
Match Clauses: AND and OR
This is probably the most important part of the entire article. If you get this right, you will get route maps right. We know that we can use one or more match statements inside a match clause. The way we use them will change the way the match clause works. To create the match clause, we use the match
command. In fact, we can say that all the match
commands create the match clause.
In a single match command, you can match one or more items. For example, you can match the source routing protocol and the route map in the same command (in the same line). You are matching two things, so you could also use two different match
commands. What is the difference?
The router will consider multiple match conditions in the same line as a logical OR. This means that, if at least one of them is true, the line matches. Instead, match conditions on different lines are a logical AND: they must all be true for the rule to match. We can easily combine the two things together in a single match clause. Here we have an example.
This means that we are matching routes with tag 20 coming from either OSPF 1 or EIGRP 65535. If the route has not 20 as a tag, or if it doesn't come from either OSPF 1 or EIGRP 65535, we don't have a match. Instead, it doesn't have to be from OSPF 1 and from EIGRP 65535 at the same time (and it would be impossible).
Note that in the same line you can only match on the same item. For example, you can match on multiple routing protocols, because the item of the match is always the routing protocol. You can't match, for example, routing protocol and tag on the same line.
ACLs inside a match statement
In a route map, you can use ACLs inside match commands to match against IP addresses. How does the permit and deny instructions inside an ACL relates to the ones inside the route map?
If the ACL returns a deny
action, for the route-map the IP address didn't match the ACL. If, instead, the ACL returns a permit
action, the route map considers the IP address to match the ACL. Thus, we can summarize in the following four cases.
Of course, you need to give context to this table. In case you are using multiple statements in logical AND, you need to consider them as well.
The set clause
The set clause is much easier. You just have a list of set
commands, and you can apply them all. These commands will only make sense if the action of the route map is permit
. Otherwise, the router will simply ignore these commands. However, a permit route map can have no set
commands as well. If this is the case, we simply allow the route, and do not perform alteration of any kind.
Multiple rules in a route map
A route map is a set of rules, and this means it can have multiple rules of course. How does the router behaves when we have overlapping match statements between different rules? It is simple, and it works exactly like an ACL. The router processes the rules of a route map in a top-down approach, from the lowest ID to the highest. As soon as we have a match to a rule, we execute that rule and exit. The router won't execute the following rules. We can summarize this behavior as top-down first-match.
An entire route map
Now that we have the tool to understand (and create) a route map, it is time to create our route map. Take a look at the route map below, and try to understand what it does. Then, check the explanation right after the route map.
We have the OSPF-TO-EIGRP
route map, that contains 5 rules. In the first rule (10
), we do not allow any route coming from any IP address matching the BAD-SOURCE
ACL. We are matching on the neighboring router. Instead, in the following rule (20
) we block any route that matches the OVERLAPPING-SUBNETS
ACL. This time we are matching against the routes, not their sources. In the rule 30
, we also deny any route tagged as 6500. Then, in the rule 40
we permit routes coming from routers that match ACLs named R3
and R4
. We permit them, but also set metric and tag. Finally, in the last rule (50
) we permit all routes and set metric and tag for them.
We can easily apply this rule in a redistribution context, while it would make no sense in a PBR context.
All you can match…
In a route map, you can match against a lot of stuff. Some things may be version-dependent, and you can find them only on some IOS routers. However, here are some common items you can check in a match
command.
as-path
, a BGP-specific attributeclns
, an OSI protocol comparable to IP or UDPcommunity
, another BGP-specific attributeextcommunity
, this is for BGP as wellinterface
, interface the route (or packet, in case of PBR) is received ontoip address
, match the target subnet of the route itself (available foripv6
as well)ip route-source
, the IP of the router that advertised the route to us (available foripv6
as well)ip next-hop
for the route (available foripv6
as well)local-preference
, yet another BGP-specific attributemetric
, of the source routing protocolmpls-label
, in case you are working with MPLSnlri
, this is for BGP as wellpolicy-list
, match against a policy maproute-type
, an attribute of the route: internal, external, local, IS-IS level 1 or IS-IS level 2source-protoco
l, the source routing protocol, including static and connected routestag
, the route tag
All you can set…
We can say the same about the attributes we can set. In fact, many of them may depend on the IOS version. However, below some of the most common ones you should find on almost any router.
as-path
, a BGP-specific attributeautomatic-tag
automatically sets the route tagclns
, an OSI protocol comparable to IP or UDPcomm-list
, a BGP settingcommunity
, another BGP-specific attributedampening
, BGP route-flap dampening parametersdefault interface
as exit interfaceextcommunity
, this is for BGP as wellinterface
, interface the route (or packet, in case of PBR) is received ontoip address
, match the target subnet of the route itself (available foripv6
as well)ip default next-hop
for the routeip df
, Don't Fragment flag for PBRip next-hop
for the route (available foripv6
as well)ip precedence
, QoS setting for PBRip qos-group
, QoS setting for PBRip tos
, yet another QoS setting for PBRlevel
, an OSPF-specific attributelocal-preference
, yet another BGP-specific attributemetric
, of the source routing protocolmetric-type
, the type for metric (e.g. E1, E2)mpls-label
, in case you are working with MPLSnlri
, this is for BGP as wellpolicy-list
, match against a policy maporigin
, BGP origin (IGP, EGP, incomplete)route-type
, an attribute of the route: internal, external, local, IS-IS level 1 or IS-IS level 2source-protoco
l, the source routing protocol, including static and connected routestag
, the route tagtraffic-index
, an index for BGP traffic classificationvrf
, exit VRF, useful for inter-VRF route-leakingweight
, a Cisco-proprietary BGP attribute local to this router
Applying route maps
A route map, in the end, is a complex rule. It doesn't do anything (literally, unless we apply it somewhere. As we anticipated at the beginning of the article, we can apply them in two cases: route redistribution and PBR. Just read on…
For Route Redistribution
When applying the route map for redistribution, you use it to tell the allowed routes. Using a route map for redistribution is simple. First, you need to enter the configuration of the protocol that will receive the routes. Then, you use the redistribute
command to define the protocol that will generate the route to import. Just after that, you use the keyword route-map
and specify the route map name. Take a look at the following example.
Here we are redistributing EIGRP 65535 into OSPF 1, using the route-map EIGRP-TO-OSPF
to filter the routes. The subnets
keyword is part of the OSPF configuration. This is it, we now have a working redistribution configuration that leverages a route map.
For Policy-Based Routing (PBR)
Applying a route map to PBR differs from using the same route map in route redistribution. In fact, here the set
commands will alter the packets or its routing process (e.g. next-hop). Here, you apply the route map to an interface, and all packets the router receives on that interface will be processed according to the route map. In case the route map has no match, it passes the packet to the standard routing table.
To apply the route map to an interface, we use the command ip policy route-map
, followed by the name of the route map. On very old routers, doing this meant the router had to do software-switching. In other words, the forwarding of packets on that interface would have been very slow. In later releases, Cisco enabled fast-switching for PBR, that you can enable with ip route-cache policy
command under the desired interface. However, modern routers are even better. They now support CEF-switched PBR, at wire speed. In other words, applying PBR doesn't slow down the traffic at all, and you don't need any additional command. You can apply only one route map for each interface.
Here we apply the PRIVILEGED-ON-SECONDARY-LINK
route map to the interface GigabitEthernet 0/1
. This type of configuration comes with a concern that we need to point out. We make PBR for traffic the router receives, not for traffic the router generates on its own (like management traffic). In some circumstances, we may want to do PBR for the traffic the router generates. In that case, we need to use Local PBR. This simply means applying a PBR route map to router's traffic, and we do it with ip local policy route-map
, in global configuration.
Wrapping it up
In this article got you up and running with route maps. Now you can fine-tune route redistribution, and implement PBR the way you want. https://ameblo.jp/52stabatadgo6n/entry-12652183871.html. If you are in a hurry, here are the key takeaways of this article. You can probably get by with ?
in the configuration if you know these key points.
- A route map is a set of rules, processed on a top-down first-match basis.
- Each rule can be a
permit
(default) ordeny
. The first may also alter some parameters of the route or packet being matched. - To define if a rule inside a route map matches, you use the
match
command. Matching multiple items on the same line means joining them with a logical OR, using multiplematch
commands means joining them with a logical AND. - You can have multiple
set
commands inside the same rule. - A rule with no
match
command will match anything. - Apply the route map to the
redistribute
command if you want to use it for route redistribution. - Use
ip policy route-map
on an interface if you want to use the route for PBR; if the route map doesn't match a packet it will be routed with the normal process. - For additional reference, consult the Cisco documentation.
Hopefully, this knowledge will help you in several circumstances! As always, let me know what you think about route maps and how do you see yourself using them.