Route maps are pattern-matching tools that can be used to change packet headers or the way packets route. Route maps are often called "access lists on steroids" because they are similar to access lists, but much more powerful. In fact, route maps are a flexible tool that you can use in a variety of situations. Example uses of route maps include
Controlling redistribution— Route maps can permit or deny routes and can change metrics.
Defining policies in policy-based routing (PBR)— PBR is created using route maps and allows complex routing decisions to be implemented on more sophisticated criteria.
To add granularity in the configuration of Network Address Translation (NAT)— Traditional NAT is limited to "static" translations, but NAT using route maps can make arbitrary translations. For instance, an internal server might be translated to one public address when conversing with a business partner and to a different address when speaking to the Internet.
To implement BGP PBR— BGP, at its core, is a way to communicate network policy. Route maps are a common way of defining that policy, and several examples are given in Part VI, "BGP."
The next sections describe the characteristics of route maps and provide a route map example.
Route maps and access lists are similar because they are both processed "top down" and action is taken (permit or deny) on the first match. Route maps can do more than just permit or deny, however. For example, route maps can change the next-hop and metric in the IP header. In fact, the list of attributes that route maps can affect is very long. This chapter discusses some of these capabilities in context as different situations are considered.
The characteristics of route maps are summarized in the following list:
A collection of route map statements with the same name is considered one route map (like an ACL).
Route maps are processed top down until a match is found (like an ACL).
Each route map statement has zero or more match conditions. A statement without a match applies to all traffic (like the any option in an access list). Traffic that is not a match is not changed, but is considered by the next statement. Two logical considerations for route map formulation are
- A single match statement can contain multiple conditions. If any one condition is true then a match is made; this is a logical OR.
- If there are multiple match statements, all must be considered true for the route map statement to be considered matched. This is a logical AND.
Each route map statement has zero or more set statements. set statements define an action to be taken. The parameters of the set statement apply if all the match criteria are met.
Each route map statement has permit or deny permission. Traffic that matches a permit is affected by the route map. Traffic that matches a deny, or does not find a match in the list, is not affected by the route map.
Traffic that is not explicitly permitted is implicitly denied.
Within a route map, each route map statement has a sequence number and can be edited individually.
Using route maps is very common in any network with redistribution of routing protocols. However, route maps should be used with caution because they can cause traffic to forward in ways you may not have fully considered—creating routing loops, for example.
Before going too far, it can be useful to see an example of a route map. Example 12-1 shows how a route map might be applied to cupcakes. Although this is not a real route map, it is intended to demonstrate the flow of the tool.
route-map cupcakes permit 10 match lemon-flavored match poppy-seed set add lemon-butter-frosting Route-map cupcakes deny 20 match granola route-map cupcakes permit 30 match walnuts baked-today set melted-chocolate-frosting Route-map cupcakes permit 40 set vanilla-frosting |
Notice the following facts relating to Example 12-1:
All route maps with the same name are part of a list. In this example, the list name is cupcakes.
Route maps are organized by sequence number (10, 20, or 30 in the example).
Each route map statement has zero or more match conditions:
- Statement 10 has two match statements. Both must be true for the set to apply.
- Statement 20 only applies to cupcakes that match granola. Denied packets are not considered (in the case of route redistribution, the denied routes are not redistributed).
- Statement 30 has two match conditions in the same statement. Either can be true for the set to apply.
- Statement 40 has no match statements, so it applies to all cupcakes.
Each route map statement has zero or more set statements:
- Statements 10, 30, and 40 apply frosting.
- Statement 20 has no set statement, so only the permit/deny action is taken.
Traffic that matches a permit is affected by the route map, traffic that matches a deny, or does not find a match in the list, is not affected by the route map:
- Statement 20 prevents matches from being affected by the list, so anything matching will not be frosted.
- Because of the permit any logic of statement 40, all traffic will find a match.
Example 12-1 could be written in pseudo-code as
If (a and b) then set x
Else if c then stop
Else if (d or e) then set y
Else set z
In plain text, Example 12-1 translates into
If the cupcake is lemon or poppy-seed, then apply lemon-butter frosting. If not, then if the cupcake is granola, do not frost. If none of the above apply, then if the cupcake has walnuts or is freshly baked, then coat it with melted chocolate. Otherwise, just put vanilla frosting on it.
This section deals with the implementation and configuration of route maps.
The route-map command is shown here:
Router(config)# route-map map-tag [{permit | deny} sequence-number]
Entering no route-map map-tag by itself will delete the entire route map.
Table 12-2 describes the syntax options available for the route-map command.
Command | Description |
---|---|
map-tag | The name of the route map. |
permit | deny | If the match criteria are met for this route map and permit is specified, the packet is forwarded as defined by the set actions.
If the match criteria are not met and permit is specified, the next statement with the same map tag is tested. If no match criteria are specified, all packets match. If no set statement is specified, matching packets are permitted unchanged. |
sequence-number | Sequence number indicates processing order. If sequence is not specified, statements are automatically ordered in multiples of ten. |
The strength of route maps lies in their ability to change the route in some way. A common manipulation is changing the metric.
The following commands are summarized here into groups: the match commands that can be configured for redistribution, and the set commands that can be applied if the route matches the criteria stated.
The match commands used in redistribution are summarized in Table 12-3. These match commands are used to determine whether the route is to be redistributed.
Command | Description |
---|---|
match interface (IP) | Distributes routes with the next-hop out one of the interfaces specified. Matches any routes that have their next hop out of one of the listed interfaces. |
match ip address [access-list-number | name] | Matches an access list. |
match ip next-hop | Matches routes that have a particular next hop router address. |
match ip route-source | Redistributes routes that have been advertised from the address specified. |
match metric | Redistributes routes with the metric specified. |
match route-type (IP) | Redistributes routes of the specified type. |
match tag | Redistributes routes in the routing table that match the specified tags. |
Note
A route is not redistributed unless it is matched under a permit entry in the route map.
The command match ip address is often used to match criteria in establishing policy-based routing; access lists referenced by this command are used to specify the addressing of the packets to be affected.
The following set commands are used after the match criteria have been satisfied. Whereas the match parameter determines whether the route will be redistributed, the set parameter determines how the route is to be redistributed.
The set command is
Router(config-route-map)# set {criteria}
The set commands used in redistribution are summarized in Table 12-4.
Command | Description |
---|---|
set level {level-1 | level-2 | level-1-2 | stub-area | backbone} | Used by IS-IS to determine the level of router to which the process should import routes. Also used by OSPF to state the type of area router to which routes should be imported. |
set metric (BGP, OSPF, RIP) | Sets the metric value for a routing protocol. |
set metric-type {internal | external | type-1 | type-2} | Sets the metric type for the destination routing protocol. |
set tag tag-value | Sets a tag value for the destination routing protocol. |
Once configured, the route map must be called into service using the following redistribution statement:
Router(config-router)# redistribute protocol [process-id] [route-map map-tag]
map-tag is the name of the route map to use for redistribution, and must match a map tag specified by a route-map command.
Example 12-2 is very simple, but it illustrates the functionality of the route map. Study the example in reference to Figure 12-1.
Router(config)# router ospf 25 Router(config-router)# redistribute rip route-map rip-routes – Router(config)# route-map rip-routes permit 10 Router(config-route-map)# match metric 1 Router(config-route-map)# set metric 3000 Router(config-route-map)# set metric-type type-1 Router(config-route-map)# set tag 1 Router(config)# route-map rip-routes permit 20 Router(config-route-map)# match metric 2 Router(config-route-map)# set metric 4000 Router(config-route-map)# set metric-type type-1 Router(config-route-map)# set tag 2 Router(config)# route-map rip-routes permit 30 Router(config-route-map)# set metric 32000 |
This route map examines all updates from RIP and redistributes RIP routes into OSPF. Routes with a hop count of 1 will have a tag of 2768 and an OSPF cost of 3000 (and type-1 means it will continue to grow). Routes with a hop count of 2 will have a tag of 2768 and an OSPF external type-1 cost of 4000. All other routes will have a static cost of 32,000 and no tag.
The tag is useful for matching routes during redistribution, when the routes change from one routing domain to another—for example, from RIPv2 to OSPF. The routes are tagged at the point at which they are redistributed into another protocol. Although the routing protocols ignore tags, they are passed between the different domains during redistribution. Later, the tags could be used to match routes redistributed from this router.
Most of the appropriate commands in tracking route maps are the same as those illustrated in Chapter 11. The commands used to test connectivity throughout the network include the following:
show ip protocol
show ip route
show ip route routing-protocol
show ip eigrp neighbors
show ip ospf database
show route-map
In addition to these commands, traceroute and extended ping are also very useful.