Configuring Route Policy Manager

This chapter contains the following sections:

About route policy manager

Route Policy Manager is a feature that supports route maps and IP prefix lists for route redistribution and filtering.

  • Supports route maps and IP prefix lists.

  • Enables route redistribution and filtering between routing domains.

  • Prefix lists contain IPv4 or IPv6 network prefixes and associated prefix length values.

Route Policy Manager enables the use of route maps and prefix lists for advanced routing control.

  • Route maps can apply to both routes and IP packets.

  • Prefix lists can be used in BGP templates, route filtering, or redistribution of routes exchanged between routing domains.

Prefix lists

Prefix lists are a method to filter network routes or packets by matching their prefixes against a defined list of permitted or denied prefixes.

  • Permit or deny an address or range of addresses based on prefix matching.

  • Multiple entries can be configured, each with an associated sequence number.

  • Evaluation starts with the lowest sequence number, and processing stops after the first match.

How prefix lists work

Filtering by a prefix list involves matching the prefixes of routes or packets with the prefixes listed in the prefix list. If a given prefix does not match any entries, an implicit deny is assumed.


Note

An empty prefix list permits all routes.

Prefix List Masks

Cisco NX-OS supports masks for IPv4 and IPv6 prefix lists. Masking uses the number 1 and the number 0 to specify how the software treats the corresponding IP address bits.

  • A mask bit 0 means ignore the corresponding bit value.

  • A mask bit 1 means check the corresponding bit value for an exact match.

You can use a prefix list to match the IP address in a route map, which in turn is used in routing protocols during redistribution. The IP address is matched against the prefix list, where the bits corresponding to the mask bit 1 are the same as the subnet provided in the prefix list.

By carefully setting masks, you can select a single or several IP addresses for permit or deny tests.

The prefix list mask allows noncontiguous bits in the mask. You can thus define a range of even- or odd-numbered IP addresses.

Route maps

Route maps are a category of configuration tools that allow you to control route redistribution by specifying match and set criteria for routes or packets.

  • Each route map entry includes a sequence number to determine processing order.

  • Entries specify permission (permit or deny), match criteria, and set changes.

  • Route maps can process entries in a linear or user-defined order using the continue statement.

Route map structure and processing

Route maps are composed of one or more entries, each identified by a sequence number under a unique route map name. Each entry defines how routes or packets are matched and what actions are taken.

The route map entry has the following parameters:

  • Sequence number

  • Permission—permit or deny

  • Match criteria

  • Set changes

By default, a route map processes routes or IP packets in a linear fashion (that is, starting from the lowest sequence number). Route map can be confgured to process in a different order using the continue statement, which determines the route map entry that needs to be processed next.

Default action for sequences in a route map

The default action for any sequence in a route map is permit.

  • If you configure a new sequence in a route map without explicitly specifying either permit or deny. , the default action is permit.

  • If you edit a configured sequence in a route map and do not specify an action, the permit action is applied, even if the sequence was originally configured with deny.

  • Always set the correct action when configuring or editing a sequence of a route map; otherwise, the default action, permit , is applied.

Match criteria

Match criteria are the set of parameters used to determine whether a route or IP packet meets specific conditions in a route map.

  • Some criteria, such as BGP community lists, are applicable only to a specific routing protocol.

  • Other criteria, such as the IP source or destination address, can be used for any route or IP packet.

  • Match criteria are evaluated by comparing the route or packet to each configured match statement in the route map.

Types of match criteria and processing behavior

The match categories and parameters are as follows:

  • BGP parameters—Match based on AS numbers, AS-path, community attributes, or extended community attributes.

  • Prefix lists—Match based on an address or range of addresses.

  • Multicast parameters—Match based on rendezvous point, groups, or sources.

  • Other parameters—Match based on IP next-hop address or packet length.

For match processing:

  1. If multiple match statements of the same type exist within the same route-map sequence, they are processed as an OR operation. This processing applies whether the match statements are on the same line or not.

  2. If multiple match statements of a different type exist within the same route-map sequence, they are processed as an AND operation.

Set changes

Set changes are modifications applied to a route or packet after it matches an entry in a route map, based on configured set statements.

  • Change BGP parameters such as AS-path, tag, community, extended community, dampening, local preference, origin, or weight attributes.

  • Change metrics, including the route-metric or the route-type.

  • Change other parameters, such as the forwarding address or the IP next-hop address.

Set changes are used in route maps to modify route or packet attributes after a match occurs.

Access lists

  • IP access lists can match packets to fields such as source or destination IPv4 or IPv6 address.

  • They can match on protocol, precedence, and ToS.

  • Access lists can be used in a route map for policy-based routing only.

AS numbers for BGP

AS numbers for BGP are identifiers that allow BGP to match peers and establish sessions based on configured Autonomous System numbers.

  • You can configure a list or range of AS numbers to match against BGP peers.

  • If a BGP peer matches an AS number in the list and matches the other BGP peer configuration, BGP creates a session.

  • If the BGP peer does not match an AS number in the list, BGP ignores the peer.

BGP uses AS numbers to determine whether to establish a session with a peer. You can configure these as a list, a range, or use an AS-path list with a regular expression.

AS-path lists for BGP

An AS-path list is a configuration tool that allows filtering of BGP route updates based on the AS-path attribute.

  • Filters inbound or outbound BGP route updates using AS-path attributes.

  • Processes routes according to permit or deny conditions configured in the AS-path list.

  • Supports multiple AS-path entries under the same list name; the router processes the first matching entry.

AS-path list configuration and processing in BGP

You can configure an AS-path list to filter inbound or outbound BGP route updates. If the route update contains an AS-path attribute that matches an entry in the AS-path list, the router processes the route based on the permit or deny condition configured. You can configure AS-path lists within a route map. Multiple AS-path entries can be configured in an AS-path list by using the same AS-path list name. The router processes the first entry that matches.

Community lists for BGP

Community lists for BGP are mechanisms that allow filtering and matching of BGP route updates based on the community attribute using route maps.

  • Community lists can match the community attribute in BGP routes and set the community attribute using route maps.

  • A community list contains one or more community attributes; all must match for a route to be considered a match within a single entry.

  • Multiple community attributes can be configured as individual entries with the same community list name, and the router processes the first matching entry according to its permit or deny action.

Community list formats and usage in BGP

Community attributes in a community list can be configured in several formats to match BGP routes as needed.

  • A named community attribute, such as internet or no-export .

  • In aa:nn format, where the first two bytes represent the two-byte AS number and the last two bytes represent a user-defined network number.

  • A regular expression.

Extended community lists for BGP

Extended community lists for BGP are a category of access lists that support 4-byte AS numbers and allow configuration of community attributes in specific formats.

  • Support 4-byte AS numbers for BGP community attributes.

  • Allow configuration in aa4:nn format, where the first four bytes represent the AS number and the last two bytes represent a user-defined network number.

  • Permit use of regular expressions for matching community attributes.

Properties and behavior of extended community lists

Extended community lists in Cisco NX-OS provide similar functionality to regular community lists for four-byte AS numbers and can be configured with specific properties.

  • Transitive: BGP propagates the community attributes across autonomous systems.

  • Nontransitive: BGP removes community attributes before propagating the route to another autonomous system.

Route redistribution and route maps

Route redistribution with route maps is a process that controls which routes are redistributed between routing domains and how their attributes are modified.

  • Route maps match on route attributes to selectively redistribute routes that meet specific criteria.

  • Route maps can modify route attributes during redistribution using set actions.

  • Routes are evaluated against each route map entry or sequence until a match is found or all entries are processed.

How route maps control route redistribution

Route maps provide granular control over which routes are redistributed and how their attributes are set during the redistribution process.

  • Routes are matched against each route map entry or sequence.

  • If multiple match statements exist under a route-map sequence, the route must satisfy all match criteria.

  • If a route matches the criteria, the set actions are executed.

  • If a route does not match, it is compared against subsequent route map entries or sequences.

  • If no match is found after all entries are processed, the route is denied (either acceptance for inbound or forwarding for outbound route maps).


Note

When redistributing BGP to IGP, iBGP routes are redistributed by default. To override this behavior, insert an additional deny statement into the route map.

Guidelines and limitations for route policy manager

Route Policy Manager enforces configuration guidelines and limitations to ensure correct routing policy behavior. Improper use of unsupported commands or ambiguous configurations can result in unintended routing outcomes. Specific behaviors apply to route-maps, prefix lists, ACLs, and policy application in Cisco NX-OS.

Configuration guidelines and limitations

  • Although the command allows set or match on route-tag , it is not supported and will cause unintended behavior for that particular route-map sequence.

  • Names in the prefix-list are case-insensitive. It is recommended to use unique names. Do not use the same name by modifying upper-case and lowercase characters. For example, CTCPrimaryNetworks and CtcPrimaryNetworks are two different entries.

  • If no route map exists, all routes are denied.

  • If no prefix list exists, all routes are permitted.

  • When matching two irrelevant entities in the route-map entry, the permission (permit or deny) of the route-map entry decides the result for all the routes or packets. It also applies the set criteria of the route-map entry. For example, the following route-map, when associated with the BGP configuration, tries to match the ospf-area which results in permitting the irrelevant match and sets the metric to 100:

  • Without any match statement in a route-map entry, the permission (permit or deny) of the route-map entry decides the result for all the routes or packets.

  • If referred policies (for example, prefix lists) within a match statement of a route-map entry return either a no-match or a deny-match, Cisco NX-OS fails the match statement and processes the next route-map entry.

  • When you change a route map, Cisco NX-OS holds all the changes until you exit from the route-map configuration submode. Cisco NX-OS then sends all the changes to the protocol clients to take effect.

  • Cisco recommends that you do not have both IPv4 and IPv6 match statements in the same route-map sequence. If both are required, they should be specified in different sequences in the same route-map.

  • Because you can use a route map before you define it, verify that all your route maps exist when you finish a configuration change.

  • You can view the route-map usage for redistribution and filtering. Each individual routing protocol provides a way to display these statistics.

  • When you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map.

  • Route Policy Manager does not support MAC lists.

  • The maximum number of characters for ACL names in the ip access-list name command is 64. However, ACL names that are associated with RPM commands (such as ip prefix-list and match ip address) accept a maximum of only 63 characters.

  • BGP supports only specific match commands. For details, see the match commands table in the Configuring Route Maps section.

  • If you create an ACL named "prefix-list," it cannot be associated with a route map that is created using the match ip address command. The RPM command match ip address prefix-list makes the previous command (with the "prefix-list" ACL name) ambiguous.

  • You can configure only one ACL when using the match ip address command.

  • If you configure standard ip community-list and ip large-community-list in multiple lines in config-profile, only the last configured line of that sequence persists. To execute these 2 commands, you need to configure all the community values and execute as a single command in config-profile.

Default settings for route policy manager parameters

The following table lists the default settings for Route Policy Manager.

Table 1. Default route policy manager parameters

Parameters

Default

Route Policy Manager

Enabled

Administrative distance

115

Configure route policy manager

The route policy manager is a feature whose configuration commands in Cisco NX-OS may differ from those in Cisco IOS.

If you are familiar with the Cisco IOS commands, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Configure IP prefix lists

IP prefix lists match the IP packet or route against a list of prefixes and prefix lengths. You can create an IP prefix list for IPv4 and create an IPv6 prefix list for IPv6.

You can configure the prefix list entry to match the prefix length exactly or to match any prefix with a length that matches the configured range of prefix lengths.

Beginning with Cisco NX-OS Release 9.3(9), make sure to add the sequence number when configuring the prefix-list in the NDFC/config-profile/dual-stage configuration modes. Also, when modifying a sequence or inserting a new one, ensure that there is a gap in the sequence number, preferably in increments of 5 or 10, instead of assigning a continuous number.

For example: 

                    ip prefix-list allowprefix seq 
                    
                        10
                     
                     permit 192.0.2.0/23 eq 24
ip prefix-list allowprefix seq 
                    
                        20
                     
                     permit 209.165.201.0/27 eq 28

Note

Beginning with Cisco NX-OS Release 9.3.9, if prefix-list does not have sequence numbers in the config-profile ensure to add the sequence numbers before upgrading to that release or higher.

Use the ge and lt keywords to create a range of possible prefix lengths. The incoming packet or route matches the prefix list if the prefix matches and if the prefix length is greater than or equal to the ge keyword value (if configured) and less than or equal to the lt keyword value (if configured). When using the eq keyword, the value you set must be greater than the mask length for the prefix.

Use the mask keyword to define a range of possible contiguous or non-contiguous routes to be compared to the prefix address.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

{ ip | ipv6 } prefix-list name description string

Example:

switch(config)# ip prefix-list
AllowPrefix description allows
engineering server

Adds an information string about the prefix list.

Step 3

{ ip | ipv6 } prefix-list name [ seq number ] [{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}] [ mask mask ]

Example:

switch(config)# ip prefix-list
AllowPrefix seq 10 permit 192.0.2.0/23 eq 24

switch(config)# ipv6 prefix-list
AllowIPv6Prefix seq 10 permit 2001:0DB8:: le 32
switch(config)# ip prefix-list
even permit 0.0.0.0/32 mask 0.0.0.1
switch(config)# ipv6 prefix-list
even permit 2001:0DB8::/64 mask ffff:1::

Creates an IPv4 or IPv6 prefix list or adds a prefix to an existing prefix list. The prefix-length is matched as follows:

  • eq —Matches the exact prefix-length . This value must be greater than the mask length.

  • ge —Matches a prefix length that is equal to or greater than the configured prefix-length .

  • le —Matches a prefix length that is equal to or less than the configured prefix-length .

  • mask —Specifies the bits of a prefix address in a prefix list that are compared to the bits of the prefix address used in routing protocols. This option is available for IPv6 prefix lists beginning with Cisco NX-OS Release 9.3(3) for Cisco Nexus 9200, 9300-EX, and 9300-FX platform switches and 9700-EX and 9700-FX line cards .

Step 4

(Optional) show { ip | ipv6 } prefix-list name

Example:

switch(config)# show ip prefix-list
AllowPrefix

Displays information about prefix lists.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config

Saves this configuration change.

This example shows how to create an IPv4 prefix list with two entries and apply the prefix list to a BGP neighbor:


                switch# 
                configure terminal
switch(config)# 
                ip prefix-list allowprefix seq 10 permit 192.0.2.0/23 eq 24
switch(config)# 
                ip prefix-list allowprefix seq 20 permit 209.165.201.0/27 eq 28
switch(config)# 
                router bgp 65535
switch(config-router)# 
                neighbor 192.0.2.1/16 remote-as 65534
switch(config-router-neighbor)# 
                address-family ipv4 unicast
switch(config-router-neighbor-af)# 
                prefix-list allowprefix in

This example shows how to create an IPv4 prefix list with a match mask for all /24 odd IP addresses:

switch# configure terminal
switch(config)# ip prefix-list list1 seq 7 permit 22.1.1.0/24 mask 255.255.1.0
switch(config)# show route-map test
route-map test, permit, sequence 7
Match clauses:
ip address prefix-lists: list1
Set clauses:
extcommunity COST:igp:10:20
switch(config)# show ip prefix-list list1
ip prefix-list list1: 1 entries
seq 7 permit 22.1.1.0/24 mask 255.255.1.0

This example shows how to create an IPv4 prefix list that matches all subnets of 21.1.0.0/16 where the subnet prefix is 17 or greater. Due to the mask option, only those incoming prefixes where the first bit in the third octet is unset (even) will be matched. 

switch# configure terminal
switch(config)# ip prefix-list list1 seq 10 permit 21.1.0.0/16 ge 17 mask 255.255.1.0

Configure AS-path lists

You can specify an AS-path list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the AS-path attribute of the route as an ASCII string, the permit or deny condition applies.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

ip as-path access-list name { deny | permit } expression

Example:

switch(config)# ip as-path access-list Allow40 permit 40

Creates a BGP AS-path list using a regular expression.

Step 3

(Optional) show { ip | ipv6 } as-path-access-list name

Example:

switch(config)# show ip as-path-access-list Allow40

Displays information about as-path access lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

Saves this configuration change.

This example shows how to create an AS-path list with two entries and apply the AS path list to a BGP neighbor:


switch# configure terminal
switch(config)# ip as-path access-list AllowAS permit 64510
switch(config)# ip as-path access-list AllowAS permit 64496
switch(config)# copy running-config startup-config
switch(config)# router bgp 65535:20
switch(config-router)# neighbor 192.0.2.1/16 remote-as 65535:20
switch(config-router-neighbor)# address-family ipv4 unicast
switch(config-router-neighbor-af)# filter-list AllowAS in

Replacing BGP AS-path Attribute

The following procedures allow you to manipulate the BGP routing policy by modifying the BGP as-path attribute in inbound and outbound route maps.

Consider the following guidelines when replacing the BGP as-path attribute:

  • This feature is applicable to only eBGP neighbors on a per address family identifier (AFI) basis. If you attempt to configure the feature on iBGP neighbors, the configuration is ignored.

  • A route map with this feature can be applied to both the inbound and outbound sides of a BGP neighbor.

  • This feature supports any combination of AS_SET, AS_SEQUENCE, CONFED_SET, and CONFED_SEQUENCE.

  • When interacting with a BGP speaker that supports only a 2-byte AS, the 4-byte AS number is replaced by the reserved 2-byte AS number 23456.

  • If a confederation indentifier is configured, consider using the confederation indentifier as the local ASN in the CLI when interacting with a peer that is outside the confederation. When interacting with a peer belonging to the same confederation, consider using the process ASN in the router bgp asn command.

  • When the BGP local-as feature is configured, the configured local-as will be considered as local ASN in the CLI.

  • For outbound route-maps, the local ASN will always be prepended to the resulting as_path from the CLI.

  • A maximum of 32 AS numbers can be configured in a set as-path or set as-path replace command.

  • Only one of these options can be configured under one route-map sequence: set as-path , set as-path prepend , and set as-path replace .

  • If remove-private-as is configured, it will be applied before applying the new route-map commands on the outbound side.

  • If as-override is configured, it will be applied after applying the new route-map commands on the outbound side.

  • AS_PATH loop checks will execute on the original AS_PATH before the new route-map commands are applied on both inbound and outbound sides. These checks can be relaxed by using allow-as in on the inbound side and disable-peer-as-check on the outbound side.

Replacing the Complete AS-path

Use this procedure to modify the AS-path in an incoming or outgoing BGP update to a custom AS-path. You can also remove the AS-path completely.

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [permit | deny] [seq]

Example:
switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

[no] set as-path { none | {as-number | remote-as | local-as}+ ] }

Example:
switch(config-route-map)# set as-path 11 local-as remote-as 13

Replaces AS_PATH with a list of custom ASNs or clears the AS_PATH. The command options are:

  • as-number : The specified AS number.

  • remote-as : The AS number of the BGP peer.

  • local-as : The local AS number.

The none keyword removes the AS-path completely.

Example

In the following examples, these values are assumed:

  • The original AS_PATH is 10 20 30 40 50 60.

  • The local-as is 100.

  • The remote-as is 200.

This example shows how to specify a custom AS-path. This command will change the AS-path to 11 100 200 13 200 10.10 65535. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path 11 local-as remote-as 13 remote-as 10.10 65535

This example shows how to clear the AS-path. This command will cause the AS-path to be empty. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path none

Replacing Selected AS Numbers in the AS-path

Use this procedure to replace specific AS numbers in the AS-path and replace them with custom AS numbers in an incoming or outgoing BGP update. You can also specify private-as as a match keyword. In this case, any instance of a private-as is matched and can be replaced or removed.

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [permit | deny] [seq]

Example:
switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

[no] set as-path replace {asn_list | private-as} [with {as-number | remote-as | none}]

Example:
switch(config-route-map)# set as-path replace 1, 2, private-as with remote-as

If the with keyword is not specified, substitute the local-as for any instance of an ASN mentioned in the comma separated asn_list, or for any private-as if the private-as keyword is specified.

If the with keyword is specified, substitute the value after the with keyword for any matched ASN, or any private-as if the private-as keyword is specified.

The command options following the with keyword are:

  • as-number : The matched values are replaced by the specified AS number.

  • remote-as : The matched values are replaced by the AS number of the BGP peer.

  • none : The matched values are removed from the AS-path.

Example

In the following examples, these values are assumed:

  • The original AS_PATH is 1 5 2 10.10 65534 20.

  • The local-as is 100.

  • The remote-as is 200.

This example shows how to replace two specific ASNs and a private-as with the local-as. This command will change the AS-path to 100 5 100 10.10 100 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as

This example shows how to replace two specific ASNs and a private-as with the neighbor's ASN (remote-as). This command will change the AS-path to 200 5 200 10.10 200 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as with remote-as

This example shows how to remove two specific ASNs and a private-as. This command will change the AS-path to 5 10.10 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as with none

Configure community lists

You can use community lists to filter BGP routes based on the community attribute. The community number consists of a 4-byte value in the aa:nn format. The first two bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.

When you configure multiple values in the same community list statement, all community values must match to satisfy the community list filter. When you configure multiple values in separate community list statements, the first list that matches a condition is processed.

Use community lists in a match statement to filter BGP routes based on the community attribute.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

Enter one of the following:

  • ip community-list standard list-name { deny | permit } [ community-list ] [ internet ] [ local-AS ] [ no-advertise ] [ no-export ]

    or

  • ip community-list expanded list-name { deny | permit } expression

Example:

switch(config)# ip community-list standard BGPCommunity permit no-advertise 65535:20

or 

switch(config)# ip community-list expanded BGPComplex deny 50000:[0-9][0-9]

The first option creates a standard BGP community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters. The community-list can be one or more communities in the aa:nn format.

The second option creates an expanded BGP community list using a regular expression.

Step 3

(Optional) show ip community list name

Example:

switch(config)# show ip community-list BGPCommunity

Displays information about community lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

Saves this configuration change.

This example shows how to create a community list with two entries:

switch# configure terminal
switch(config)# ip community-list standard BGPCommunity permit no-advertise 65535:20
switch(config)# ip community-list standard BGPCommunity permit local-AS no-export
switch(config)# copy running-config startup-config

Configure extended community lists

You can use extended community lists to filter BGP routes based on the community attribute. The community number consists of a 6-byte value in the aa4:nn format. The first four bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.

When you configure multiple values in the same extended community list statement, all extended community values must match to satisfy the extended community list filter. When you configure multiple values in separate extended community list statements, the first list that matches a condition is processed.

Use extended community lists in a match statement to filter BGP routes based on the extended community attribute.


Note

Configure extcommunity in AS2:NN or AS4:NN (as-plain) formats always.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

Enter one of the following:

  • ip extcommunity-list standard list-name { deny | permit } 4byteas-generic { transitive | nontransitive } community1 [ community2... ]

    or

  • ip extcommunity-list expanded list-name { deny | permit } expression

Example:

switch(config)# ip extcommunity-list
standard BGPExtCommunity permit
4byteas-generic transitive 65535:20

or 

switch(config)# ip extcommunity-list
expanded BGPExtComplex seq 5 deny
1.5:[0-9][0-9]

The first option creates a standard BGP extended community list. The community can be one or more extended communities in the aa4:nn format.

The second option creates an expanded BGP extended community list using a regular expression.

Step 3

(Optional) show ip community-list name

Example:

switch(config)# show ip community-list
BGPCommunity

Displays information about extended community lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config

Saves this configuration change.

This example shows how to create a generic specific extended community list:

switch# configure terminal
switch(config)# ip extcommunity-list standard test1 seq 5 permit 4byteas-generic transitive
65535:40 65535:60
switch(config)# copy running-config startup-config

Configure route maps

Configuring a route map for BGP triggers an automatic soft clear or refresh of BGP neighbor sessions.

Use this block to include any additional information that helps orient the reader to the task, aiding in successful task completion.

Before you begin

Follow these steps to configure route maps.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [ permit | deny ] [ seq ]

Example:

switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

(Optional) continue seq

Example:

switch(config-route-map)# continue 10

Determines what sequence statement to process next in the route map. Used only for filtering and redistribution.

Step 4

(Optional) exit

Example:

switch(config-route-map)# exit

Exits route-map configuration mode.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config-route-map)# copy running-config startup-config

Copies the running configuration to the startup configuration.

You can configure the following optional match parameters for route maps in route-map configuration mode:

You can configure the following optional match parameters for route maps in route-map configuration mode:

Command

Purpose

match as-path name [ name... ]

Example: 

switch(config-route-map)# match as-path Allow40

Matches against one or more AS-path lists. Create the AS-path list with the ip as-path access-list command.

match as-number { number [, number... ] | as-path-list name [ name... ]}

Example: 

switch(config-route-map)# match as-number 33,50-60

Matches against one or more AS numbers or AS-path lists. Create the AS-path list with the ip as-path access-list command. The number range is from 1 to 65535. The AS-path list name can be any case-sensitive, alphanumeric string up to 63 characters.

match community name [ name... ][ exact-match ]

Example: 

switch(config-route-map)# match community BGPCommunity

Matches against one or more community lists. Create the community list with the ip community-list command.

match extcommunity name [ name... ][ exact-match ]

Example: 

switch(config-route-map)# match extcommunity BGPextCommunity

Matches against one or more extended community lists. Create the community list with the ip extcommunity-list command.

match interface interface-type number [ interface-type number... ]

Example: 

switch(config-route-map)# match interface e 1/2

Matches any routes that have their next hop out one of the configured interfaces. Use ? to find a list of supported interface types.

Note

 

BGP does not support this command.

Verify the route policy manager configuration

To display route policy manager configuration information, perform one of the following tasks.

Command

Purpose

show ip community-list [ name ]

Displays information about a community list.

show ip ext community-list [ name ]

Displays information about an extended community list.

show [ ip | ipv6 ] prefix-list [ name ]

Displays information about an IPv4 or IPv6 prefix list.

show route-map [ name ]

Displays information about a route map.

Configuration examples for route policy manager

This topic provides configuration examples for creating IPv4 prefix lists, AS-path lists, and using address families with Route Policy Manager.

This example shows how to use an address family to configure Route Policy Manager so that any unicast and multicast routes from neighbor 172.16.0.1 are accepted if they match prefix-list AllowPrefix: 

router bgp 64496
neighbor 172.16.0.1 remote-as 64497
address-family ipv4 unicast
route-map filterBGP in
route-map filterBGP
match ip address prefix-list AllowPrefix
ip prefix-list AllowPrefix 10 permit 192.0.2.0/24
ip prefix-list AllowPrefix 20 permit 172.16.201.0/27

Related Topics

The following topics can give more information on Route Policy Manager: