7 Route maps provide a means to both filter and/or apply actions to route, hence
8 allowing policy to be applied to routes.
10 For a route reflector to apply a ``route-map`` to reflected routes, be sure to
11 include ``bgp route-reflector allow-outbound-policy`` in ``router bgp`` mode.
13 Route maps are an ordered list of route map entries. Each entry may specify up
14 to four distinct sets of clauses:
19 A route-map entry may, optionally, specify one or more conditions which
20 must be matched if the entry is to be considered further, as governed by
21 the Match Policy. If a route-map entry does not explicitly specify any
22 matching conditions, then it always matches.
25 A route-map entry may, optionally, specify one or more Set Actions to set
26 or modify attributes of the route.
29 This specifies the policy implied if the :term:`Matching Conditions` are
30 met or not met, and which actions of the route-map are to be taken, if
31 any. The two possibilities are:
33 - :dfn:`permit`: If the entry matches, then carry out the
34 :term:`Set Actions`. Then finish processing the route-map, permitting
35 the route, unless an :term:`Exit Policy` action indicates otherwise.
37 - :dfn:`deny`: If the entry matches, then finish processing the route-map and
38 deny the route (return `deny`).
40 The `Matching Policy` is specified as part of the command which defines
41 the ordered entry in the route-map. See below.
44 Call to another route-map, after any :term:`Set Actions` have been
45 carried out. If the route-map called returns `deny` then processing of
46 the route-map finishes and the route is denied, regardless of the
47 :term:`Matching Policy` or the :term:`Exit Policy`. If the called
48 route-map returns `permit`, then :term:`Matching Policy` and :term:`Exit
49 Policy` govern further behaviour, as normal.
52 An entry may, optionally, specify an alternative :dfn:`Exit Policy` to
53 take if the entry matched, rather than the normal policy of exiting the
54 route-map and permitting the route. The two possibilities are:
56 - :dfn:`next`: Continue on with processing of the route-map entries.
58 - :dfn:`goto N`: Jump ahead to the first route-map entry whose order in
59 the route-map is >= N. Jumping to a previous entry is not permitted.
61 The default action of a route-map, if no entries match, is to deny. I.e. a
62 route-map essentially has as its last entry an empty *deny* entry, which
63 matches all routes. To change this behaviour, one must specify an empty
64 *permit* entry as the last entry in the route-map.
66 To summarise the above:
68 +--------+--------+----------+
69 | | Match | No Match |
70 +========+========+==========+
71 | Permit | action | cont |
72 +--------+--------+----------+
73 | Deny | deny | cont |
74 +--------+--------+----------+
77 - Apply *set* statements
78 - If *call* is present, call given route-map. If that returns a ``deny``,
79 finish processing and return ``deny``.
80 - If *Exit Policy* is *next*, goto next route-map entry
81 - If *Exit Policy* is *goto*, goto first entry whose order in the
82 list is >= the given order.
83 - Finish processing the route-map and permit the route.
86 The route is denied by the route-map (return ``deny``).
89 goto next route-map entry
91 .. _route-map-show-command:
93 .. clicmd:: show route-map [WORD] [json]
95 Display data about each daemons knowledge of individual route-maps.
96 If WORD is supplied narrow choice to that particular route-map.
98 If the ``json`` option is specified, output is displayed in JSON format.
100 .. _route-map-clear-counter-command:
102 .. clicmd:: clear route-map counter [WORD]
104 Clear counters that are being stored about the route-map utilization
105 so that subsuquent show commands will indicate since the last clear.
106 If WORD is specified clear just that particular route-map's counters.
108 .. _route-map-command:
113 .. clicmd:: route-map ROUTE-MAP-NAME (permit|deny) ORDER
115 Configure the `order`'th entry in `route-map-name` with ``Match Policy`` of
116 either *permit* or *deny*.
118 .. _route-map-match-command:
120 Route Map Match Command
121 =======================
123 .. clicmd:: match ip address ACCESS_LIST
125 Matches the specified `access_list`
127 .. clicmd:: match ip address prefix-list PREFIX_LIST
129 Matches the specified `PREFIX_LIST`
131 .. clicmd:: match ip address prefix-len 0-32
133 Matches the specified `prefix-len`. This is a Zebra specific command.
135 .. clicmd:: match ipv6 address ACCESS_LIST
137 Matches the specified `access_list`
139 .. clicmd:: match ipv6 address prefix-list PREFIX_LIST
141 Matches the specified `PREFIX_LIST`
143 .. clicmd:: match ipv6 address prefix-len 0-128
145 Matches the specified `prefix-len`. This is a Zebra specific command.
147 .. clicmd:: match ip next-hop ACCESS_LIST
149 Match the next-hop according to the given access-list.
151 .. clicmd:: match ip next-hop address IPV4_ADDR
153 This is a BGP specific match command. Matches the specified `ipv4_addr`.
155 .. clicmd:: match ip next-hop prefix-list PREFIX_LIST
157 Match the next-hop according to the given prefix-list.
159 .. clicmd:: match ipv6 next-hop ACCESS_LIST
161 Match the next-hop according to the given access-list.
163 .. clicmd:: match ipv6 next-hop address IPV6_ADDR
165 This is a BGP specific match command. Matches the specified `ipv6_addr`.
167 .. clicmd:: match ipv6 next-hop prefix-list PREFIX_LIST
169 Match the next-hop according to the given prefix-list.
171 .. clicmd:: match as-path AS_PATH
173 Matches the specified `as_path`.
175 .. clicmd:: match metric METRIC
177 Matches the specified `metric`.
179 .. clicmd:: match tag TAG
181 Matches the specified tag value associated with the route. This tag value
182 can be in the range of (1-4294967295).
184 .. clicmd:: match local-preference METRIC
186 Matches the specified `local-preference`.
188 .. clicmd:: match community COMMUNITY_LIST
190 Matches the specified `community_list`
192 .. clicmd:: match peer IPV4_ADDR
194 This is a BGP specific match command. Matches the peer ip address
195 if the neighbor was specified in this manner.
197 .. clicmd:: match peer IPV6_ADDR
199 This is a BGP specific match command. Matches the peer ipv6
200 address if the neighbor was specified in this manner.
202 .. clicmd:: match peer INTERFACE_NAME
204 This is a BGP specific match command. Matches the peer
205 interface name specified if the neighbor was specified
208 .. clicmd:: match peer PEER_GROUP_NAME
210 This is a BGP specific match command. Matches the peer
211 group name specified for the peer in question.
213 .. clicmd:: match source-protocol PROTOCOL_NAME
215 This is a ZEBRA specific match command. Matches the
216 originating protocol specified.
218 .. clicmd:: match source-instance NUMBER
220 This is a ZEBRA specific match command. The number is a range from (0-255).
221 Matches the originating protocols instance specified.
223 .. clicmd:: match evpn route-type ROUTE_TYPE_NAME
225 This is a BGP EVPN specific match command. It matches to EVPN route-type
226 from type-1 (EAD route-type) to type-5 (Prefix route-type).
227 User can provide in an integral form (1-5) or string form of route-type
228 (i.e ead, macip, multicast, es, prefix).
230 .. clicmd:: match evpn vni NUMBER
232 This is a BGP EVPN specific match command which matches to EVPN VNI id.
233 The number is a range from (1-6777215).
235 .. _route-map-set-command:
237 Route Map Set Command
238 =====================
240 .. program:: configure
242 .. clicmd:: set tag TAG
244 Set a tag on the matched route. This tag value can be from (1-4294967295).
245 Additionally if you have compiled with the :option:`--enable-realms`
246 configure option. Tag values from (1-255) are sent to the Linux kernel as a
247 realm value. Then route policy can be applied. See the tc man page. As
248 a note realms cannot currently be used with the installation of nexthops
249 as nexthop groups in the linux kernel.
251 .. clicmd:: set ip next-hop IPV4_ADDRESS
253 Set the BGP nexthop address to the specified IPV4_ADDRESS. For both
254 incoming and outgoing route-maps.
256 .. clicmd:: set ip next-hop peer-address
258 Set the BGP nexthop address to the address of the peer. For an incoming
259 route-map this means the ip address of our peer is used. For an outgoing
260 route-map this means the ip address of our self is used to establish the
261 peering with our neighbor.
263 .. clicmd:: set ip next-hop unchanged
265 Set the route-map as unchanged. Pass the route-map through without
268 .. clicmd:: set ipv6 next-hop peer-address
270 Set the BGP nexthop address to the address of the peer. For an incoming
271 route-map this means the ipv6 address of our peer is used. For an outgoing
272 route-map this means the ip address of our self is used to establish the
273 peering with our neighbor.
275 .. clicmd:: set ipv6 next-hop prefer-global
277 For Incoming and Import Route-maps if we receive a v6 global and v6 LL
278 address for the route, then prefer to use the global address as the nexthop.
280 .. clicmd:: set ipv6 next-hop global IPV6_ADDRESS
282 Set the next-hop to the specified IPV6_ADDRESS for both incoming and
285 .. clicmd:: set local-preference LOCAL_PREF
287 Set the BGP local preference to `local_pref`.
289 .. clicmd:: set local-preference +LOCAL_PREF
291 Add the BGP local preference to an existing `local_pref`.
293 .. clicmd:: set local-preference -LOCAL_PREF
295 Subtract the BGP local preference from an existing `local_pref`.
297 .. clicmd:: set distance (1-255)
299 Set the Administrative distance to use for the route.
300 This is only locally significant and will not be dispersed to peers.
302 .. clicmd:: set weight WEIGHT
304 Set the route's weight.
306 .. clicmd:: set metric <[+|-](1-4294967295)|rtt|+rtt|-rtt>
308 Set the BGP attribute MED to a specific value. Use `+`/`-` to add or subtract
309 the specified value to/from the MED. Use `rtt` to set the MED to the round
310 trip time or `+rtt`/`-rtt` to add/subtract the round trip time to/from the
313 .. clicmd:: set aigp-metric <igp-metric|(1-4294967295)>
315 Set the BGP attribute AIGP to a specific value. If ``igp-metric`` is specified,
316 then the value is taken from the IGP protocol, otherwise an arbitrary value.
318 .. clicmd:: set as-path prepend AS_PATH
320 Set the BGP AS path to prepend.
322 .. clicmd:: set as-path exclude AS-NUMBER...
324 Drop AS-NUMBER from the BGP AS path.
326 .. clicmd:: set community COMMUNITY
328 Set the BGP community attribute.
330 .. clicmd:: set ipv6 next-hop local IPV6_ADDRESS
332 Set the BGP-4+ link local IPv6 nexthop address.
334 .. clicmd:: set origin ORIGIN <egp|igp|incomplete>
336 Set BGP route origin.
338 .. clicmd:: set table (1-4294967295)
340 Set the BGP table to a given table identifier
342 .. clicmd:: set sr-te color (1-4294967295)
344 Set the color of a SR-TE Policy to be applied to a learned route. The SR-TE
345 Policy is uniquely determined by the color and the BGP nexthop.
347 .. clicmd:: set l3vpn next-hop encapsulation gre
349 Accept L3VPN traffic over GRE encapsulation.
351 .. _route-map-call-command:
353 Route Map Call Command
354 ======================
356 .. clicmd:: call NAME
358 Call route-map `name`. If it returns deny, deny the route and
359 finish processing the route-map.
362 .. _route-map-exit-action-command:
364 Route Map Exit Action Command
365 =============================
367 .. clicmd:: on-match next
371 Proceed on to the next entry in the route-map.
373 .. clicmd:: on-match goto N
375 .. clicmd:: continue N
377 Proceed processing the route-map at the first entry whose order is >= N
380 .. _route-map-optimization-command:
382 Route Map Optimization Command
383 ==============================
385 .. clicmd:: route-map ROUTE-MAP-NAME optimization
387 Enable route-map processing optimization for `route-map-name`.
388 The optimization is enabled by default.
389 Instead of sequentially passing through all the route-map indexes
390 until a match is found, the search for the best-match index will be
391 based on a look-up in a prefix-tree. A per-route-map prefix-tree
392 will be constructed for this purpose. The prefix-tree will compose
393 of all the prefixes in all the prefix-lists that are included in the
394 match rule of all the sequences of a route-map.
400 A simple example of a route-map:
404 route-map test permit 10
406 set local-preference 200
409 This means that if a route matches ip access-list number 10 it's
410 local-preference value is set to 200.
412 See :ref:`bgp-configuration-examples` for examples of more sophisticated
413 usage of route-maps, including of the ``call`` action.