Introduction to Route-maps

Route-maps are the “if-then” programming solution for Cisco devices.  A route-map allows you to check for certain match conditions and (optionally) set a value.

Route-maps are the "if-then" programming solution for Cisco devices.  A route-map allows you to check for certain match conditions and (optionally) set a value. https://vimeo.com/296874107 Here are some quick examples: Only advertise some EIGRP routes to your neighbor. Example: if prefix matches 192

Here are some quick examples:

  • Only advertise some EIGRP routes to your neighbor.
    • Example: if prefix matches 192.168.1.0/24 in access-list then advertise it.
  • Set BGP attributes based on certain match conditions.
    • Example: if prefix matches 192.168.0.0/24 then set the local preference to 500.
  • Redistribute networks from OSPF into EIGRP based on certain match conditions.
    • Example: if prefix matches 192.168.4.0/24 then redistribute it from OSPF into EIGRP.
  • Change the next hop IP address with policy-based routing.
    • Example: if packet length > 500 bytes, change the next hop IP address to 192.168.1.254.

Route-maps are a bit like access-lists on steroids. They are far more powerful since besides prefixes, there are a lot of different match conditions and you set certain values.

In this lesson, I’ll give you a global overview of how route-maps work and I’ll show you how to configure them.

Like access-lists, route-maps work with different permit or deny statements:

Route Map Overview

We start at the top and process the first statement. There are two possible outcomes:

  • Match: there is a match, we apply our action and that’s it. We don’t check the other route-map statements to see if there is another match.
  • No match: we continue and check the next route-map statement.

When you don’t have any matches, we hit the invisible implicit deny at the bottom of the route-map. This is similar to how an access-list works.

Each route-map can have one or more match conditions. Here’s an example:

Route Map Match Condition

Our first two statements (10 and 20) have a match condition. There are a lot of possible match conditions. To name a few:

  • prefix-list
  • access-list
  • BGP local preference
  • BGP AS path
  • Packet Length
  • And many more…

If you don’t have a match condition then your statement matches everything.

Besides a match condition, we can also change something with a set command:

Route Map Set

Route-map statements 10 and 30 have a set command. Here are some examples of set commands:

  • Change the BGP AS path length.
  • Set a BGP community.
  • Set the BGP weight.
  • Set the metric of an OSPF or EIGRP route in redistribution.
  • Set a redistribution tag.
  • Set the next hop IP address in policy-based routing.
  • Set the DSCP value of an IP packet.
  • And many other options…

This is the “if-then” logic of the route-map. IF we match a certain match condition, then SET something.

The best way to learn about route-maps is to see them in action.

Configuration

Route-maps are the "if-then" programming solution for Cisco devices.  A route-map allows you to check for certain match conditions and (optionally) set a value. https://vimeo.com/296874107 Here are some quick examples: Only advertise some EIGRP routes to your neighbor. Example: if prefix matches 192



To demonstrate route-maps, we need to create route-maps and have something to apply them to.  I’ll use two routers for this lesson:

R1 R2 Gigabit Interfaces

EIGRP is pre-configured and R1 advertises some loopback interfaces to R2. We’ll use route-maps to filter networks that R1 advertises to R2.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

R1

hostname R1
!
ip cef
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.12.1 255.255.255.0
!
router eigrp 1
 network 192.168.0.0 0.0.255.255
!
end

R2

hostname R2
!
ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.12.2 255.255.255.0
!
router eigrp 1
 network 192.168.0.0 0.0.255.255
!
end

R2 has learned these four networks:

R2#show ip route eigrp | include /24
D     192.168.0.0/24 
D     192.168.1.0/24 
D     192.168.2.0/24 
D     192.168.3.0/24

Let’s see what we can do with route-maps.

Match Condition- Permit

Let’s create a new route-map and see what options we have:

R2(config)#route-map ?
WORD  Route map tag

First, we need to give it a name. Let’s call it TEST_1:

R2(config)#route-map TEST_1 ?
  <0-65535>  Sequence to insert to/delete from existing route-map entry
  deny       Route map denies set operations
  permit     Route map permits set operations
  

I can choose between a permit or deny statement. So far, this is similar to how an access-list looks. Let’s go for permit and use sequence number 10:

R2(config)#route-map TEST_1 permit 10

Let’s look at the options of our route-map:

R2(config-route-map)#?
    Route Map configuration commands:
      continue     Continue on a different entry within the route-map
      default      Set a command to its defaults
      description  Route-map comment
      exit         Exit from route-map configuration mode
      help         Description of the interactive help system
      match        Match values from routing table
      no           Negate a command or set its defaults
      set          Set values in destination routing protocol

There are a couple of options to choose from. We’ll start with match:

R2(config-route-map)#match ?
    additional-paths  BGP Add-Path match policies
    as-path           Match BGP AS path list
    clns              CLNS information
    community         Match BGP community list
    extcommunity      Match BGP/VPN extended community list
    interface         Match first hop interface of route
    ip                IP specific information
    ipv6              IPv6 specific information
    length            Packet length
    local-preference  Local preference for route
    mdt-group         Match routes corresponding to MDT group
    metric            Match metric of route
    mpls-label        Match routes which have MPLS labels
    policy-list       Match IP policy list
    route-type        Match route-type of route
    rpki              Match RPKI state of route
    security-group    Security Group
    source-protocol   Match source-protocol of route
    tag               Match tag of route
    track             tracking object

Above, you see a big list of stuff you can match on. I want to use an access-list as my match condition. We can find this under the ip parameter:

R2(config-route-map)#match ip ?                      
    address                Match address of route or match packet
    flowspec               Match src/dest prefix component of flowspec prefix
    next-hop               Match next-hop address of route
    redistribution-source  route redistribution source (EIGRP only)
    route-source           Match advertising source address of route

We have a couple of options. Let’s pick address:

R2(config-route-map)#match ip address ?
    <1-199>      IP access-list number
    <1300-2699>  IP access-list number (expanded range)
    WORD         IP access-list name
    prefix-list  Match entries of prefix-lists

Now I can choose between an access-list of prefix-list. Let’s refer to an access-list called “R1_L0_PERMIT”:

R2(config-route-map)#match ip address R1_L0_PERMIT

We now have a route-map…great! It doesn’t do anything yet though, and we still need to create that access-list.

Access-list Permit

Let’s create the access-list that we refer to in our route-map. I’ll create a permit statement that matches network 192.168.0.0/24:

R2(config)#ip access-list standard R1_L0_PERMIT 
R2(config-std-nacl)#permit 192.168.0.0 0.0.0.255

The only thing left to do is to attach our route-map to something. We’ll keep it simple, I’ll attach it to a distribute-list in EIGRP. This allows us to filter networks that R1 advertises to R2:

R2(config)#router eigrp 1
R2(config-router)#distribute-list route-map TEST_1 in

What I like about EIGRP is that it resyncs when you apply a distribute-list. This helps to speed things up when testing. You’ll see the following message on your console:

 %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 192.168.12.1 (GigabitEthernet0/1) is resync: route configuration changed

Right now, we have the following access-list and route-map:

ip access-list standard R1_L0_PERMIT
permit 192.168.0.0 0.0.0.255

route-map TEST_1 permit 10
 match ip address R1_L0_PERMIT

Let’s check the routing table of R2:

R2#show ip route eigrp | include /24
D     192.168.0.0/24

We only see the 192.168.0.0/24 network. What happened?

  • Our route-map has a single permit statement that has our access-list as a match condition.
  • Our access-list has a single permit statement for 192.168.0.0/24.
  • Everything else is denied in the access-list by the invisible implicit deny any.
  • We only have one route-map statement so we hit the invisible implicit deny any in the route-map.

Let’s continue with our next example.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

505 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi René,
    good lesson i read in detail
    I am not a BGP expert as i am studying now (only) for CCNP
    I read other sources for description of attributes (i dont know if i may give this source name)
    This (well known) source give 2 more attributes

    • the first one between 8 (Shortest IGP path to BGP next hop) and 9 (Oldest Path) he call “Multipath”: determines wether or not multiple paths need to be injected into the routing table, and continues if the best path is not yet selected.
    • the second between 10 (router-id) and 11(neighbor IP address) he call “Minimum Cluster L
    ... Continue reading in our forum

  2. Hello Dominique

    Looking at Cisco’s official BGP documentation whose link is below, it does indeed include these two attributes that you mention. I’ll let Rene take a look and see if those should be added as well.

    Thanks for pointing that out!

    Laz

  3. Hi Dominique,

    The link @lagapides added is the most complete list of BGP attributes and the path selection:

    I didn’t include multipath because by default, it’s not enabled in BGP. Internal and external BGP only install a single best path (unless you enable multipath). If you do use multi

    ... Continue reading in our forum

  4. Hello Carlo

    When configuring attributes such as weight (or any attributes in BGP), you must keep in mind that they affect the choice of route based on the same routing protocol. A router will consider iBGP and eBGP as two separate routing protocols. For example, if you have two routes to 8.8.8.8 via iBGP, then the weight can be used to force the router to route via one path and not the other. If you have one route via iBGP and the other via eBGP, the weight will not affect the choice. It’s like trying to make the router choose a path via iBGP and not via EI

    ... Continue reading in our forum

12 more replies! Ask a question or join the discussion by visiting our Community Forum