Routing Map Introduction
A routing policy uses different matching rules and modes to select routes and change route attributes. There are different filters in the routing policy that can be used independently to filter routes in specific scenarios.
Matching Rule
A routing map is a routing policy consists of N nodes of match and set statements (N ≥ 1). Each node has its own set of match clauses that must be matched in order to accept a policy. The match clauses define matching rules related to route attributes and filters. The system checks routes in the orders of a routing map in ascending order of order IDs.
When a route matches all match clauses in a order, the route enters the matching modes defined in matching-policy and set-action clauses and stops checking match clauses in other nodes. The two supported matching modes are:
- permit: A route is permitted, and actions defined by set-action clauses are performed on the route to set its attributes.
- deny: A route is denied.
If a route does not match any match clause in a node, the route is passed to the next node. If the route does not match any node, the route is filtered out.
Note that, in all configurations, matching-policy is a required clause to enable a route map. Other clauses are optional.
The default action of a route-map, if no entries match, is to deny. I.e. a route-map essentially has as its last entry an empty deny entry, which matches all routes. To change this behaviour, one must specify an empty permit entry as the last entry in the route-map.
Filters
There are different filters specified in match clauses in a routing policy which including IP prefix list, AS_Path filter, community filter, extended community filter, and large community filter. These filters have their own matching rules and modes and can be used independently to filter routes in specific situations. The following offers a brief explanation to each of these filters.
IP Prefix List
IP prefix lists filter routes based on the IP prefixes of the source IP address, destination IP address, and next-hop IP address of packets. They can be used independently when routing protocols advertise and receive routes.
Each IP prefix list consists of multiple indexes, and each index matches a node. An IP prefix list checks routes in the nodes of a routing policy in ascending order of sequence numbers. If a route matches one node, the route is not checked by additional nodes. If a route does not match any one of the nodes, the route is filtered out.
The IP prefix list supports exact matching or matching within a specified mask length.
NOTE:
- When an IP address is 0.0.0.0 (a wildcard address), all routes in the mask length range are permitted or denied.
- When configuring IP prefix list, it is strongly recommended to configure sequence number for each IP prefix list node. Otherwise, the precedence of this IP prefix list will be uncertain, and thus the desired IP filtering effect will not be achieved.
AS_Path Filter
The AS_Path filter uses the AS_Path attribute of BGP to filter routes. It can be used independently when BGP advertises and receives routes.
The AS_Path attribute records all ASs that a route passes through. For details about the AS_Path attribute, see Configuring the AS_Path Attribute.
Community Filter
The community filter uses the community attribute of BGP to filter routes. It can be used independently when BGP advertises and receives routes.
The community attribute identifies a group of routes with the same properties. For details about the community attribute, see Configuring the BGP Community Attribute.
Extended Community Filter
The extended community filter uses the extended community attribute of BGP to filter routes. It can be used independently when VPN targets are used to identify routes in a VPN.
Large Community Filter
The large community filter uses the large community attribute of BGP to filter routes. The commands set routing large-community-list {standard <large-community-list-name>| seq-standard<integer>} {deny|permit} [large-community <large-community-number>] and set routing large-community-list {expanded <large-community-list-name>| seq-expanded <integer>} {deny|permit} regex <line> can be used to define the large community list.
Copyright © 2024 Pica8 Inc. All Rights Reserved.