]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _route-map: |
42fc5d26 | 2 | |
655cdc32 QY |
3 | ********** |
4 | Route Maps | |
5 | ********** | |
42fc5d26 | 6 | |
655cdc32 QY |
7 | Route maps provide a means to both filter and/or apply actions to route, hence |
8 | allowing policy to be applied to routes. | |
42fc5d26 | 9 | |
a690202f | 10 | For a route reflector to apply a ``route-map`` to reflected routes, be sure to |
11 | include ``bgp route-reflector allow-outbound-policy`` in ``router bgp`` mode. | |
12 | ||
655cdc32 | 13 | Route maps are an ordered list of route map entries. Each entry may specify up |
d1e7591e | 14 | to four distinct sets of clauses: |
42fc5d26 | 15 | |
013f9762 | 16 | .. glossary:: |
42fc5d26 | 17 | |
013f9762 QY |
18 | Matching Conditions |
19 | A route-map entry may, optionally, specify one or more conditions which | |
20 | must be matched if the entry is to be considered further, as governed by | |
d1e7591e | 21 | the Match Policy. If a route-map entry does not explicitly specify any |
013f9762 | 22 | matching conditions, then it always matches. |
42fc5d26 | 23 | |
013f9762 QY |
24 | Set Actions |
25 | A route-map entry may, optionally, specify one or more Set Actions to set | |
26 | or modify attributes of the route. | |
42fc5d26 | 27 | |
013f9762 QY |
28 | Matching Policy |
29 | This specifies the policy implied if the :term:`Matching Conditions` are | |
30 | met or not met, and which actions of the route-map are to be taken, if | |
31 | any. The two possibilities are: | |
42fc5d26 | 32 | |
013f9762 QY |
33 | - :dfn:`permit`: If the entry matches, then carry out the |
34 | :term:`Set Actions`. Then finish processing the route-map, permitting | |
35 | the route, unless an :term:`Exit Policy` action indicates otherwise. | |
42fc5d26 | 36 | |
013f9762 QY |
37 | - :dfn:`deny`: If the entry matches, then finish processing the route-map and |
38 | deny the route (return `deny`). | |
42fc5d26 | 39 | |
013f9762 QY |
40 | The `Matching Policy` is specified as part of the command which defines |
41 | the ordered entry in the route-map. See below. | |
42fc5d26 | 42 | |
013f9762 | 43 | Call Action |
c9cf9db6 QY |
44 | Call to another route-map, after any :term:`Set Actions` have been |
45 | carried out. If the route-map called returns `deny` then processing of | |
46 | the route-map finishes and the route is denied, regardless of the | |
47 | :term:`Matching Policy` or the :term:`Exit Policy`. If the called | |
48 | route-map returns `permit`, then :term:`Matching Policy` and :term:`Exit | |
49 | Policy` govern further behaviour, as normal. | |
42fc5d26 | 50 | |
013f9762 QY |
51 | Exit Policy |
52 | An entry may, optionally, specify an alternative :dfn:`Exit Policy` to | |
53 | take if the entry matched, rather than the normal policy of exiting the | |
54 | route-map and permitting the route. The two possibilities are: | |
42fc5d26 | 55 | |
013f9762 | 56 | - :dfn:`next`: Continue on with processing of the route-map entries. |
42fc5d26 | 57 | |
013f9762 QY |
58 | - :dfn:`goto N`: Jump ahead to the first route-map entry whose order in |
59 | the route-map is >= N. Jumping to a previous entry is not permitted. | |
42fc5d26 | 60 | |
655cdc32 QY |
61 | The default action of a route-map, if no entries match, is to deny. I.e. a |
62 | route-map essentially has as its last entry an empty *deny* entry, which | |
63 | matches all routes. To change this behaviour, one must specify an empty | |
64 | *permit* entry as the last entry in the route-map. | |
42fc5d26 QY |
65 | |
66 | To summarise the above: | |
67 | ||
655cdc32 QY |
68 | +--------+--------+----------+ |
69 | | | Match | No Match | | |
70 | +========+========+==========+ | |
71 | | Permit | action | cont | | |
72 | +--------+--------+----------+ | |
73 | | Deny | deny | cont | | |
74 | +--------+--------+----------+ | |
75 | ||
76 | action | |
77 | - Apply *set* statements | |
78 | - If *call* is present, call given route-map. If that returns a ``deny``, | |
79 | finish processing and return ``deny``. | |
80 | - If *Exit Policy* is *next*, goto next route-map entry | |
81 | - If *Exit Policy* is *goto*, goto first entry whose order in the | |
82 | list is >= the given order. | |
83 | - Finish processing the route-map and permit the route. | |
84 | ||
85 | deny | |
86 | The route is denied by the route-map (return ``deny``). | |
87 | ||
88 | cont | |
89 | goto next route-map entry | |
42fc5d26 | 90 | |
1fa30509 DS |
91 | .. _route-map-show-command: |
92 | ||
856ed18a | 93 | .. clicmd:: show route-map [WORD] [json] |
1fa30509 DS |
94 | |
95 | Display data about each daemons knowledge of individual route-maps. | |
96 | If WORD is supplied narrow choice to that particular route-map. | |
97 | ||
856ed18a RW |
98 | If the ``json`` option is specified, output is displayed in JSON format. |
99 | ||
1fa30509 DS |
100 | .. _route-map-clear-counter-command: |
101 | ||
1fa30509 DS |
102 | .. clicmd:: clear route-map counter [WORD] |
103 | ||
104 | Clear counters that are being stored about the route-map utilization | |
105 | so that subsuquent show commands will indicate since the last clear. | |
106 | If WORD is specified clear just that particular route-map's counters. | |
107 | ||
0efdf0fe | 108 | .. _route-map-command: |
42fc5d26 QY |
109 | |
110 | Route Map Command | |
111 | ================= | |
112 | ||
655cdc32 | 113 | .. clicmd:: route-map ROUTE-MAP-NAME (permit|deny) ORDER |
42fc5d26 | 114 | |
655cdc32 QY |
115 | Configure the `order`'th entry in `route-map-name` with ``Match Policy`` of |
116 | either *permit* or *deny*. | |
42fc5d26 | 117 | |
0efdf0fe | 118 | .. _route-map-match-command: |
42fc5d26 QY |
119 | |
120 | Route Map Match Command | |
121 | ======================= | |
122 | ||
655cdc32 | 123 | .. clicmd:: match ip address ACCESS_LIST |
42fc5d26 | 124 | |
655cdc32 | 125 | Matches the specified `access_list` |
42fc5d26 | 126 | |
ec3bff6f | 127 | .. clicmd:: match ip address prefix-list PREFIX_LIST |
42fc5d26 | 128 | |
ec3bff6f | 129 | Matches the specified `PREFIX_LIST` |
42fc5d26 | 130 | |
655cdc32 | 131 | .. clicmd:: match ip address prefix-len 0-32 |
42fc5d26 | 132 | |
655cdc32 | 133 | Matches the specified `prefix-len`. This is a Zebra specific command. |
42fc5d26 | 134 | |
655cdc32 | 135 | .. clicmd:: match ipv6 address ACCESS_LIST |
42fc5d26 | 136 | |
655cdc32 | 137 | Matches the specified `access_list` |
42fc5d26 | 138 | |
ec3bff6f | 139 | .. clicmd:: match ipv6 address prefix-list PREFIX_LIST |
42fc5d26 | 140 | |
ec3bff6f | 141 | Matches the specified `PREFIX_LIST` |
42fc5d26 | 142 | |
655cdc32 | 143 | .. clicmd:: match ipv6 address prefix-len 0-128 |
42fc5d26 | 144 | |
655cdc32 | 145 | Matches the specified `prefix-len`. This is a Zebra specific command. |
42fc5d26 | 146 | |
f7517a8b DA |
147 | .. clicmd:: match ip next-hop ACCESS_LIST |
148 | ||
149 | Match the next-hop according to the given access-list. | |
150 | ||
be7735b3 | 151 | .. clicmd:: match ip next-hop address IPV4_ADDR |
42fc5d26 | 152 | |
be7735b3 PG |
153 | This is a BGP specific match command. Matches the specified `ipv4_addr`. |
154 | ||
c5ec8f66 IR |
155 | .. clicmd:: match ip next-hop prefix-list PREFIX_LIST |
156 | ||
157 | Match the next-hop according to the given prefix-list. | |
158 | ||
f7517a8b DA |
159 | .. clicmd:: match ipv6 next-hop ACCESS_LIST |
160 | ||
161 | Match the next-hop according to the given access-list. | |
162 | ||
03030106 | 163 | .. clicmd:: match ipv6 next-hop address IPV6_ADDR |
be7735b3 PG |
164 | |
165 | This is a BGP specific match command. Matches the specified `ipv6_addr`. | |
42fc5d26 | 166 | |
cce442b5 DA |
167 | .. clicmd:: match ipv6 next-hop prefix-list PREFIX_LIST |
168 | ||
169 | Match the next-hop according to the given prefix-list. | |
170 | ||
c7854434 | 171 | .. clicmd:: match as-path AS_PATH |
42fc5d26 | 172 | |
655cdc32 | 173 | Matches the specified `as_path`. |
42fc5d26 | 174 | |
655cdc32 | 175 | .. clicmd:: match metric METRIC |
42fc5d26 | 176 | |
655cdc32 | 177 | Matches the specified `metric`. |
42fc5d26 | 178 | |
a5a48dbf QY |
179 | .. clicmd:: match tag TAG |
180 | ||
181 | Matches the specified tag value associated with the route. This tag value | |
182 | can be in the range of (1-4294967295). | |
183 | ||
655cdc32 | 184 | .. clicmd:: match local-preference METRIC |
42fc5d26 | 185 | |
655cdc32 | 186 | Matches the specified `local-preference`. |
42fc5d26 | 187 | |
655cdc32 | 188 | .. clicmd:: match community COMMUNITY_LIST |
42fc5d26 | 189 | |
655cdc32 | 190 | Matches the specified `community_list` |
42fc5d26 | 191 | |
655cdc32 | 192 | .. clicmd:: match peer IPV4_ADDR |
42fc5d26 | 193 | |
655cdc32 QY |
194 | This is a BGP specific match command. Matches the peer ip address |
195 | if the neighbor was specified in this manner. | |
42fc5d26 | 196 | |
655cdc32 | 197 | .. clicmd:: match peer IPV6_ADDR |
42fc5d26 | 198 | |
655cdc32 QY |
199 | This is a BGP specific match command. Matches the peer ipv6 |
200 | address if the neighbor was specified in this manner. | |
42fc5d26 | 201 | |
655cdc32 | 202 | .. clicmd:: match peer INTERFACE_NAME |
42fc5d26 | 203 | |
655cdc32 | 204 | This is a BGP specific match command. Matches the peer |
42fc5d26 QY |
205 | interface name specified if the neighbor was specified |
206 | in this manner. | |
207 | ||
af21c682 DS |
208 | .. clicmd:: match source-protocol PROTOCOL_NAME |
209 | ||
210 | This is a ZEBRA specific match command. Matches the | |
211 | originating protocol specified. | |
212 | ||
af21c682 DS |
213 | .. clicmd:: match source-instance NUMBER |
214 | ||
215 | This is a ZEBRA specific match command. The number is a range from (0-255). | |
216 | Matches the originating protocols instance specified. | |
217 | ||
79d2f64e CS |
218 | .. clicmd:: match evpn route-type ROUTE_TYPE_NAME |
219 | ||
220 | This is a BGP EVPN specific match command. It matches to EVPN route-type | |
221 | from type-1 (EAD route-type) to type-5 (Prefix route-type). | |
222 | User can provide in an integral form (1-5) or string form of route-type | |
223 | (i.e ead, macip, multicast, es, prefix). | |
224 | ||
225 | .. clicmd:: match evpn vni NUMBER | |
226 | ||
227 | This is a BGP EVPN specific match command which matches to EVPN VNI id. | |
228 | The number is a range from (1-6777215). | |
229 | ||
0efdf0fe | 230 | .. _route-map-set-command: |
42fc5d26 QY |
231 | |
232 | Route Map Set Command | |
233 | ===================== | |
234 | ||
013f9762 QY |
235 | .. program:: configure |
236 | ||
a5a48dbf QY |
237 | .. clicmd:: set tag TAG |
238 | ||
a5a48dbf QY |
239 | Set a tag on the matched route. This tag value can be from (1-4294967295). |
240 | Additionally if you have compiled with the :option:`--enable-realms` | |
241 | configure option. Tag values from (1-255) are sent to the Linux kernel as a | |
242 | realm value. Then route policy can be applied. See the tc man page. | |
243 | ||
655cdc32 | 244 | .. clicmd:: set ip next-hop IPV4_ADDRESS |
42fc5d26 | 245 | |
e13fd66f DS |
246 | Set the BGP nexthop address to the specified IPV4_ADDRESS. For both |
247 | incoming and outgoing route-maps. | |
248 | ||
e13fd66f DS |
249 | .. clicmd:: set ip next-hop peer-address |
250 | ||
251 | Set the BGP nexthop address to the address of the peer. For an incoming | |
252 | route-map this means the ip address of our peer is used. For an outgoing | |
253 | route-map this means the ip address of our self is used to establish the | |
254 | peering with our neighbor. | |
255 | ||
e13fd66f DS |
256 | .. clicmd:: set ip next-hop unchanged |
257 | ||
258 | Set the route-map as unchanged. Pass the route-map through without | |
259 | changing it's value. | |
260 | ||
e13fd66f DS |
261 | .. clicmd:: set ipv6 next-hop peer-address |
262 | ||
263 | Set the BGP nexthop address to the address of the peer. For an incoming | |
264 | route-map this means the ipv6 address of our peer is used. For an outgoing | |
265 | route-map this means the ip address of our self is used to establish the | |
266 | peering with our neighbor. | |
267 | ||
e13fd66f DS |
268 | .. clicmd:: set ipv6 next-hop prefer-global |
269 | ||
270 | For Incoming and Import Route-maps if we receive a v6 global and v6 LL | |
271 | address for the route, then prefer to use the global address as the nexthop. | |
272 | ||
e13fd66f DS |
273 | .. clicmd:: set ipv6 next-hop global IPV6_ADDRESS |
274 | ||
f22744c3 | 275 | Set the next-hop to the specified IPV6_ADDRESS for both incoming and |
e13fd66f | 276 | outgoing route-maps. |
42fc5d26 | 277 | |
655cdc32 | 278 | .. clicmd:: set local-preference LOCAL_PREF |
42fc5d26 | 279 | |
655cdc32 | 280 | Set the BGP local preference to `local_pref`. |
42fc5d26 | 281 | |
94f75688 DA |
282 | .. clicmd:: set local-preference +LOCAL_PREF |
283 | ||
284 | Add the BGP local preference to an existing `local_pref`. | |
285 | ||
94f75688 DA |
286 | .. clicmd:: set local-preference -LOCAL_PREF |
287 | ||
288 | Subtract the BGP local preference from an existing `local_pref`. | |
289 | ||
03750f1e | 290 | .. clicmd:: set distance DISTANCE |
4dac4cc9 DS |
291 | |
292 | Set the Administrative distance to DISTANCE to use for the route. | |
293 | This is only locally significant and will not be dispersed to peers. | |
294 | ||
655cdc32 | 295 | .. clicmd:: set weight WEIGHT |
42fc5d26 | 296 | |
655cdc32 | 297 | Set the route's weight. |
42fc5d26 | 298 | |
03750f1e | 299 | .. clicmd:: set metric <[+|-](1-4294967295)|rtt|+rtt|-rtt> |
42fc5d26 | 300 | |
fe430836 DS |
301 | Set the BGP attribute MED to a specific value. Use `+`/`-` to add or subtract |
302 | the specified value to/from the MED. Use `rtt` to set the MED to the round | |
303 | trip time or `+rtt`/`-rtt` to add/subtract the round trip time to/from the | |
304 | MED. | |
42fc5d26 | 305 | |
655cdc32 | 306 | .. clicmd:: set as-path prepend AS_PATH |
42fc5d26 | 307 | |
655cdc32 | 308 | Set the BGP AS path to prepend. |
42fc5d26 | 309 | |
bedcbe4b LS |
310 | .. clicmd:: set as-path exclude AS-NUMBER... |
311 | ||
312 | Drop AS-NUMBER from the BGP AS path. | |
313 | ||
655cdc32 | 314 | .. clicmd:: set community COMMUNITY |
42fc5d26 | 315 | |
655cdc32 | 316 | Set the BGP community attribute. |
42fc5d26 | 317 | |
655cdc32 | 318 | .. clicmd:: set ipv6 next-hop local IPV6_ADDRESS |
42fc5d26 | 319 | |
655cdc32 | 320 | Set the BGP-4+ link local IPv6 nexthop address. |
42fc5d26 | 321 | |
90da9a14 C |
322 | .. clicmd:: set origin ORIGIN <egp|igp|incomplete> |
323 | ||
324 | Set BGP route origin. | |
325 | ||
951745bd PG |
326 | .. clicmd:: set table (1-4294967295) |
327 | ||
328 | Set the BGP table to a given table identifier | |
329 | ||
ef3e0d04 SM |
330 | .. clicmd:: set sr-te color (1-4294967295) |
331 | ||
332 | Set the color of a SR-TE Policy to be applied to a learned route. The SR-TE | |
333 | Policy is uniquely determined by the color and the BGP nexthop. | |
334 | ||
03750f1e | 335 | |
0efdf0fe | 336 | .. _route-map-call-command: |
42fc5d26 QY |
337 | |
338 | Route Map Call Command | |
339 | ====================== | |
340 | ||
655cdc32 | 341 | .. clicmd:: call NAME |
42fc5d26 | 342 | |
655cdc32 QY |
343 | Call route-map `name`. If it returns deny, deny the route and |
344 | finish processing the route-map. | |
42fc5d26 | 345 | |
03750f1e | 346 | |
0efdf0fe | 347 | .. _route-map-exit-action-command: |
42fc5d26 QY |
348 | |
349 | Route Map Exit Action Command | |
350 | ============================= | |
351 | ||
655cdc32 | 352 | .. clicmd:: on-match next |
42fc5d26 | 353 | |
655cdc32 | 354 | .. clicmd:: continue |
42fc5d26 | 355 | |
655cdc32 | 356 | Proceed on to the next entry in the route-map. |
42fc5d26 | 357 | |
655cdc32 | 358 | .. clicmd:: on-match goto N |
42fc5d26 | 359 | |
655cdc32 | 360 | .. clicmd:: continue N |
42fc5d26 | 361 | |
655cdc32 | 362 | Proceed processing the route-map at the first entry whose order is >= N |
42fc5d26 | 363 | |
03750f1e | 364 | |
009d25a0 NT |
365 | .. _route-map-optimization-command: |
366 | ||
367 | Route Map Optimization Command | |
368 | ============================== | |
369 | ||
38133c4a | 370 | .. clicmd:: route-map ROUTE-MAP-NAME optimization |
009d25a0 | 371 | |
38133c4a IR |
372 | Enable route-map processing optimization for `route-map-name`. |
373 | The optimization is enabled by default. | |
009d25a0 NT |
374 | Instead of sequentially passing through all the route-map indexes |
375 | until a match is found, the search for the best-match index will be | |
376 | based on a look-up in a prefix-tree. A per-route-map prefix-tree | |
377 | will be constructed for this purpose. The prefix-tree will compose | |
378 | of all the prefixes in all the prefix-lists that are included in the | |
379 | match rule of all the sequences of a route-map. | |
380 | ||
1fa30509 | 381 | |
42fc5d26 QY |
382 | Route Map Examples |
383 | ================== | |
384 | ||
385 | A simple example of a route-map: | |
386 | ||
9eb95b3b | 387 | .. code-block:: frr |
42fc5d26 | 388 | |
9eb95b3b QY |
389 | route-map test permit 10 |
390 | match ip address 10 | |
391 | set local-preference 200 | |
a8c90e15 | 392 | |
42fc5d26 QY |
393 | |
394 | This means that if a route matches ip access-list number 10 it's | |
395 | local-preference value is set to 200. | |
396 | ||
c1a54c05 | 397 | See :ref:`bgp-configuration-examples` for examples of more sophisticated |
d1e7591e | 398 | usage of route-maps, including of the ``call`` action. |
42fc5d26 | 399 |