appendix C. Route Map Logic

 <  Free Open Study  >  

A route map is an extremely powerful and versatile tool for route filtering and attribute manipulation. In regards to BGP, route maps are used in the following commands:

  aggregate-address   address mask   advertise-map   route-map-name   aggregate-address   address mask   as-set   route-map-name   aggregate-address   address mask   attribute-map   route-map-name   aggregate-address   address mask   route-map   route-map-name   aggregate-address   address mask   suppress-map   route-map-name   bgp dampening route-map   route-map-name   neighbor   ip-address   advertise-map   route-map-name   non-exist-map   route-map-name   neighbor   ip-address   default-originate route-map   route-map-name   neighbor   ip-address   route-map   route-map-name in   neighbor   ip-address   route-map   route-map-name out   neighbor   ip-address   unsuppress-map   route-map-name   redistribute   protocol   route-map   route-map-name  

These commands allow you to filter routes, manipulate BGP attributes, or both. The logic of route maps is demonstrated in Figure C-1.

Figure C-1. Scenario for Illustrating Route Map Logic

graphics/apcfig01.gif

 Router A  interface loopback 0   ip address 172.16.1.0 255.255.255.0   !   interface loopback 1   ip address 172.16.2.0 255.255.255.0   !   interface loopback 2   ip address 192.16.1.0 255.255.255.0   !   interface loopback 3   ip address 192.16.2.0 255.255.255.0   !   router bgp 1   network 172.16.1.0 mask 255.255.255.0   network 172.16.2.0 mask 255.255.255.0   network 192.16.1.0   network 192.16.2.0   neighbor 172.17.1.2 remote-as 2   ___________________________________________________________________________  Router B  router bgp 2   neighbor 172.17.1.1 remote-as 1  

Before continuing, verify that Router B is receiving the four network advertisements from Router A.

 rtrB#  show ip bgp  BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 172.16.1.0/24    172.17.1.1               0             0 1 i *> 172.16.2.0/24    172.17.1.1               0             0 1 i *> 192.16.1.0       172.17.1.1               0             0 1 i *> 192.16.2.0       172.17.1.1               0             0 1 i 

Now modify the BGP configuration on router B to use an empty route-map permit statement.

 Router B  router bgp 2   neighbor 172.17.1.1 remote-as 1    neighbor 172.17.1.1 route-map demo in    !    route-map demo permit 10   

The BGP neighbor configuration command references the route map by name and indicates whether the route map is an input or output route map. route-map statements are numerically ordered and are executed in numerical order. Because we are using only one route-map statement, the number of the route-map statement really has no effect. Each route-map statement consists of a line referencing the name of the route map, the sequence number associated with the route-map statement, and the keyword permit or deny. The form used here might seem a bit strange , but we want to investigate the effect of using an empty route-map statement. List the BGP table on router B to determine the effect of the empty route map.

 rtrB#  show ip bgp  BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 172.16.1.0/24    172.17.1.1               0             0 1 i *> 172.16.2.0/24    172.17.1.1               0             0 1 i *> 192.16.1.0       172.17.1.1               0             0 1 i *> 192.16.2.0       172.17.1.1               0             0 1 I 

The empty form of the route-map permit statement allows all routes. This is handy in certain situations. This form is equivalent to permit any in an IP access list. Now change the route map from permit to deny.

 Router B  router bgp 2   neighbor 172.17.1.1 remote-as 1    neighbor 172.17.1.1 route-map demo in    !    route-map demo deny 10   

Does this have the opposite effect as the permit form? List the BGP table on Router B to find out.

 rtrB#  show ip bgp  

The deny form of the empty route map denies all routes.

A route map has four basic forms. The numbered route-map statement can contain either a permit or deny. The match clause, if used, can also be either a permit or deny. Therefore, there are four permutations that we want to investigate:

  • route-map permit/match permit

  • route-map permit/match deny

  • route-map deny/match permit

  • route-map deny/match deny

For each of these forms, we need to determine under which conditions the routes are accepted, and if the execution of the route map is terminated or if the next route-map statement is executed.

The first and second forms are probably the most familiar. We want a route map to permit selected routes to be accepted from Router A while denying all others. For this example, permit only the 172.16.1.0/24 network.

  router bgp 2   neighbor 172.17.1.1 remote-as 1    neighbor 172.17.1.1 route-map demo in    !    access-list 1 permit 172.16.1.0 0.0.0.255     route-map demo permit 10     match ip address 1   

When routing updates are received from Router A, each prefix is processed by the input route map. Because we are using the permit form of the route map, only those prefixes that are permitted by the access list are allowed. Remember that an IP access list has an implicit deny all as the last statement. This implicit deny all blocks all routes that are not permitted by the access list.

 rtrB#  show ip bgp  BGP table version is 2, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 172.16.1.0/24    172.17.1.1               0             0 1 I 

In order to determine if the route map terminates execution when a match is made, add another route-map statement to the route map on Router B:

  router bgp 2   neighbor 172.17.1.1 remote-as 1   neighbor 172.17.1.1 route-map demo in   !   access-list 1 permit 172.16.1.0 0.0.0.255   route-map demo permit 10   match ip address 1    route-map demo permit 20     set metric 77   

Using set metric 77 allows us to determine if the route map terminates for either permitted or denied routes. List the BGP table on Router B to determine the result:

 rtrB#  show ip bgp  BGP table version is 5, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 172.16.1.0/24    172.17.1.1               0             0 1 i *> 172.16.2.0/24    172.17.1.1              77             0 1 i *> 192.16.1.0       172.17.1.1              77             0 1 i *> 192.16.2.0       172.17.1.1              77             0 1 i 

When there is a match using the permit statement, the route is accepted and the route map is terminated ”at least for that route. When there is a match using a deny statement, the route is not accepted, but execution continues to the next route-map statement. If there is no other route-map statement, all remaining routes are rejected. The 172.17.1.1 route is permitted in the IP access list, so the route is permitted, and the execution of the route map is terminated. This is evident because the metric for this route is unchanged. The other routes are denied by the IP access list, so the routes are not accepted by the first route-map statement. But because the routes are denied, the execution of the route map continues to the second statement. We have proven this because the remaining routes have a metric of 77.

The third and fourth forms of a route map contain a deny in the route-map statement. Change the route-map statement to a deny, but do not change the IP access list:

  router bgp 2   neighbor 172.17.1.1 remote-as 1    neighbor 172.17.1.1 route-map demo in    !   access-list 1 permit 172.16.1.0 0.0.0.255    route-map demo deny 10     match ip address 1   

This will permit 172.16.1.0/24 to be denied by the route map. What happens to the other prefixes? Are they rejected to be denied?

 rtrB#  show ip bgp  

Yes, all routes are denied. The important question is, when do the other routes get denied? Are all routes being denied by the route-map statement? We can find out by modifying the route map.

  router bgp 2   neighbor 172.17.1.1 remote-as 1   neighbor 172.17.1.1 route-map demo in   !   access-list 1 permit 172.16.1.0 0.0.0.255   route-map demo deny 10   match ip address 1   !   route-map permit 20  

List the BGP table for Router B to determine the answer to the preceding question.

 rtrB#  show ip bgp  BGP table version is 4, local router ID is 172.17.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 172.16.2.0/24    172.17.1.1               0             0 1 i *> 192.16.1.0       172.17.1.1               0             0 1 i *> 192.16.2.0       172.17.1.1               0             0 1 I 

The first statement in the route map denies only the 172.16.1.0/24 route. Because there were no more statements in the route map, however, the effect was to deny all routes. With an empty route-map statement, which we have seen acts like a permit any, the routes not specifically denied by route-map statement 10 are now permitted by statement 20. We can now formalize the logic associated with route maps.

 <  Free Open Study  >  


Cisco[r] BGP-4 Command and Configuration Handbook
Cisco BGP-4 Command and Configuration Handbook
ISBN: 1587055732
EAN: 2147483647
Year: 2001
Pages: 300

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net