< Free Open Study > |
A route map is an extremely powerful and versatile tool for route filtering and attribute manipulation. In regards to BGP, route maps are used in the following commands: aggregate-address address mask advertise-map route-map-name aggregate-address address mask as-set route-map-name aggregate-address address mask attribute-map route-map-name aggregate-address address mask route-map route-map-name aggregate-address address mask suppress-map route-map-name bgp dampening route-map route-map-name neighbor ip-address advertise-map route-map-name non-exist-map route-map-name neighbor ip-address default-originate route-map route-map-name neighbor ip-address route-map route-map-name in neighbor ip-address route-map route-map-name out neighbor ip-address unsuppress-map route-map-name redistribute protocol route-map route-map-name These commands allow you to filter routes, manipulate BGP attributes, or both. The logic of route maps is demonstrated in Figure C-1. Figure C-1. Scenario for Illustrating Route Map Logic
Router A interface loopback 0 ip address 172.16.1.0 255.255.255.0 ! interface loopback 1 ip address 172.16.2.0 255.255.255.0 ! interface loopback 2 ip address 192.16.1.0 255.255.255.0 ! interface loopback 3 ip address 192.16.2.0 255.255.255.0 ! router bgp 1 network 172.16.1.0 mask 255.255.255.0 network 172.16.2.0 mask 255.255.255.0 network 192.16.1.0 network 192.16.2.0 neighbor 172.17.1.2 remote-as 2 ___________________________________________________________________________ Router B router bgp 2 neighbor 172.17.1.1 remote-as 1 Before continuing, verify that Router B is receiving the four network advertisements from Router A. rtrB# show ip bgp BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/24 172.17.1.1 0 0 1 i *> 172.16.2.0/24 172.17.1.1 0 0 1 i *> 192.16.1.0 172.17.1.1 0 0 1 i *> 192.16.2.0 172.17.1.1 0 0 1 i Now modify the BGP configuration on router B to use an empty route-map permit statement. Router B router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! route-map demo permit 10 The BGP neighbor configuration command references the route map by name and indicates whether the route map is an input or output route map. route-map statements are numerically ordered and are executed in numerical order. Because we are using only one route-map statement, the number of the route-map statement really has no effect. Each route-map statement consists of a line referencing the name of the route map, the sequence number associated with the route-map statement, and the keyword permit or deny. The form used here might seem a bit strange , but we want to investigate the effect of using an empty route-map statement. List the BGP table on router B to determine the effect of the empty route map. rtrB# show ip bgp BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/24 172.17.1.1 0 0 1 i *> 172.16.2.0/24 172.17.1.1 0 0 1 i *> 192.16.1.0 172.17.1.1 0 0 1 i *> 192.16.2.0 172.17.1.1 0 0 1 I The empty form of the route-map permit statement allows all routes. This is handy in certain situations. This form is equivalent to permit any in an IP access list. Now change the route map from permit to deny. Router B router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! route-map demo deny 10 Does this have the opposite effect as the permit form? List the BGP table on Router B to find out. rtrB# show ip bgp The deny form of the empty route map denies all routes. A route map has four basic forms. The numbered route-map statement can contain either a permit or deny. The match clause, if used, can also be either a permit or deny. Therefore, there are four permutations that we want to investigate:
For each of these forms, we need to determine under which conditions the routes are accepted, and if the execution of the route map is terminated or if the next route-map statement is executed. The first and second forms are probably the most familiar. We want a route map to permit selected routes to be accepted from Router A while denying all others. For this example, permit only the 172.16.1.0/24 network. router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! access-list 1 permit 172.16.1.0 0.0.0.255 route-map demo permit 10 match ip address 1 When routing updates are received from Router A, each prefix is processed by the input route map. Because we are using the permit form of the route map, only those prefixes that are permitted by the access list are allowed. Remember that an IP access list has an implicit deny all as the last statement. This implicit deny all blocks all routes that are not permitted by the access list. rtrB# show ip bgp BGP table version is 2, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/24 172.17.1.1 0 0 1 I In order to determine if the route map terminates execution when a match is made, add another route-map statement to the route map on Router B: router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! access-list 1 permit 172.16.1.0 0.0.0.255 route-map demo permit 10 match ip address 1 route-map demo permit 20 set metric 77 Using set metric 77 allows us to determine if the route map terminates for either permitted or denied routes. List the BGP table on Router B to determine the result: rtrB# show ip bgp BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/24 172.17.1.1 0 0 1 i *> 172.16.2.0/24 172.17.1.1 77 0 1 i *> 192.16.1.0 172.17.1.1 77 0 1 i *> 192.16.2.0 172.17.1.1 77 0 1 i When there is a match using the permit statement, the route is accepted and the route map is terminated ”at least for that route. When there is a match using a deny statement, the route is not accepted, but execution continues to the next route-map statement. If there is no other route-map statement, all remaining routes are rejected. The 172.17.1.1 route is permitted in the IP access list, so the route is permitted, and the execution of the route map is terminated. This is evident because the metric for this route is unchanged. The other routes are denied by the IP access list, so the routes are not accepted by the first route-map statement. But because the routes are denied, the execution of the route map continues to the second statement. We have proven this because the remaining routes have a metric of 77. The third and fourth forms of a route map contain a deny in the route-map statement. Change the route-map statement to a deny, but do not change the IP access list: router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! access-list 1 permit 172.16.1.0 0.0.0.255 route-map demo deny 10 match ip address 1 This will permit 172.16.1.0/24 to be denied by the route map. What happens to the other prefixes? Are they rejected to be denied? rtrB# show ip bgp Yes, all routes are denied. The important question is, when do the other routes get denied? Are all routes being denied by the route-map statement? We can find out by modifying the route map. router bgp 2 neighbor 172.17.1.1 remote-as 1 neighbor 172.17.1.1 route-map demo in ! access-list 1 permit 172.16.1.0 0.0.0.255 route-map demo deny 10 match ip address 1 ! route-map permit 20 List the BGP table for Router B to determine the answer to the preceding question. rtrB# show ip bgp BGP table version is 4, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.2.0/24 172.17.1.1 0 0 1 i *> 192.16.1.0 172.17.1.1 0 0 1 i *> 192.16.2.0 172.17.1.1 0 0 1 I The first statement in the route map denies only the 172.16.1.0/24 route. Because there were no more statements in the route map, however, the effect was to deny all routes. With an empty route-map statement, which we have seen acts like a permit any, the routes not specifically denied by route-map statement 10 are now permitted by statement 20. We can now formalize the logic associated with route maps. |
< Free Open Study > |