Support Center > Search Results > SecureKnowledge Details
How to configure Routemaps in Gaia Clish
Solution

This article explains how to configure routing policy with the routemaps utility on Gaia OS. This allows routes to be shared among different routing protocols, and allows the user to configure different policies for different sets of routes.

Table of Contents:

  1. Routemap Behavior
  2. Warnings
  3. Configuring Import Routemaps
    1. Importing all routes from a specific protocol
    2. Importing only selected routes
    3. Rejecting selected routes while importing
    4. Applying parameters to selected imported routes
  4. Configuring Export Routemaps
    1. Exporting all routes from one or more protocols
    2. Exporting only selected routes
    3. Restricting routes while exporting
  5. Verifying the Routemap Configuration
  6. Related documentation
  7. Related solutions

 

(1) Routemap Behavior

Each protocol with Routemap support allows configuration of Import Routemaps and Export Routemaps.
A protocol's Import Routemaps govern, which routes will be imported into the routing table from that protocol.
A protocol's Export Routemaps govern, which routes from other routing protocols will be sent out with that protocol.

When multiple import routemaps or export routemaps are configured for the same protocol, the routemap with the lowest configured preference value is applied first; if no match is found, the next highest preference is checked, etc.
Within a routemap, the same procedure applies when checking individual routemap IDs: the IDs are checked from lowest to highest until a match is found. Therefore, more specific match conditions should have lower IDs or should be present in lower preference routemaps so that they are checked first, instead of being ignored in favor of less specific match conditions.
For a single protocol, or BGP AS, two or more routemaps of the same type (import, export) may not have the same configured preference value.

Routemaps automatically match the protocol that is using them, unless another protocol is specified. Therefore, when no match protocol condition is specified on a routemap, it automatically matches all routes from that protocol.

Adding match conditions of the same type increases the number of routes matched, while adding match conditions of different types decreases the number of routes matched. Therefore, "match interface eth1" + "match interface eth2" is equivalent to "match routes with nexthop interface eth1 or eth2" (less specific), while "match interface eth1" + "match network 192.168.0.0/16" is equivalent to "match routes with nexthop interface eth1 and network 192.168.0.0/16" (more specific).

Note: VLANs and bonding groups are treated the same as other logical interfaces for the purposes of routemap policy.

(2) Warnings

Configuring routemaps will change the default behavior of routing protocols. While it is possible to import routes, which were not present before, it is also possible to block routes that were previously imported, which may result in a loss of connectivity, or send routes out publicly, which could potentially cause security vulnerabilities. Care should be exercised when configuring these settings.

Enabling a routemap for any protocol will cause any Inbound Route Filters or Route Redistribution settings for that protocol to be ignored.

 

(3) Configuring Import Routemaps

 

(3-A) Importing all routes from a specific protocol

  1. Create the routemap:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on
  2. Optionally, you may specify one or more actions you wish to take on the imported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action ACTION_IF_MATCH_SUCCEEDS
  3. Since no match conditions are specified, this routemap matches all routes for the protocol that is using it. Set the import routemap on the protocol(s), from which you wish to import the routes:

    HostName> set PROTOCOL import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  4. Save Gaia configuration:

    HostName> save config
  5. All routes from that protocol will now be imported.

Repeat these steps for all protocols, from which you wish to import the routes.
Note that if identical behavior is desired for multiple protocols, the same routemap may be used for each of those protocols.

Example:

Import all routes from BGP Internal and BGP AS 100, and set the weight to 15:

HostName> set routemap bgp_import id 1 on
HostName> set routemap bgp_import id 1 action preference 15
HostName> set bgp internal import-routemap bgp_import preference 1 on
HostName> set bgp external remote-as 100 import-routemap bgp_import preference 1 on
HostName> save config

 

(3-B) Importing only selected routes

  1. Create several routemap IDs on the same routemap:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on

    Note: Create a routemap for each set of match conditions you wish to specify.
  2. Set the match conditions for each ID:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match

    Note: These match conditions should be tailored to the routes that you wish to accept.
  3. For each ID, set the ID type to "Allow" to allow the matched routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER allow
  4. Optionally, for each ID, you may specify one or more actions you wish to take on the imported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action ACTION_IF_MATCH_SUCCEEDS
  5. Set the import routemap to this newly created routemap on the protocol(s), from which you wish to import the routes:

    HostName> set PROTOCOL import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  6. Save Gaia configuration:

    HostName> save config

Example:

Import RIP routes with metric 100, or with nexthop interface eth0 or eth2.
For the routes matched to nexthop interface, add 10 to the metric value:

HostName> set routemap rip_import id 1 on
HostName> set routemap rip_import id 1 match metric value 100
HostName> set routemap rip_import id 1 allow
HostName> set routemap rip_import id 2 on
HostName> set routemap rip_import id 2 match interface eth0
HostName> set routemap rip_import id 2 match interface eth2
HostName> set routemap rip_import id 2 action metric add 10
HostName> set routemap rip_import id 2 allow
HostName> set rip import-routemap rip_import preference 1 on
HostName> save config

 

(3-C) Rejecting selected routes while importing

  1. Create several routemap IDs on the same routemap:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on

    Notes:

    • Create a routemap for each set of match conditions you wish to specify.
    • Create a routemap ID higher than all others with no match conditions to allow any routes not explicitly restricted.
  2. Set the match conditions for each ID:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match

    Note: These match conditions should be tailored to the routes that you wish to reject.
  3. For each ID with match conditions, set the ID type to "Restrict" to block the routes matched. Set the highest ID to "Allow":

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER restrict
    or
    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER allow

  4. Optionally, for the ID with the "Allow" type, you may specify one or more actions you wish to take on the imported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action ACTION_IF_MATCH_SUCCEEDS
  5. Set the import routemap to this newly created routemap on the protocol(s), from which you wish to import the routes:

    HostName> set import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  6. Save Gaia configuration:

    HostName> save config

Example:

Import all OSPFv2 External routes except those to network 10.0.0.0/8 with nexthop interface eth2, and those to network 192.168.0.0/16 on any interface.
The remaining routes have the OSPFv2 External route type set to Type 1:

HostName> set routemap ospf_import id 10 on
HostName> set routemap ospf_import id 10 match network 10.0.0.0/8 all
HostName> set routemap ospf_import id 10 match interface eth2
HostName> set routemap ospf_import id 10 restrict
HostName> set routemap ospf_import id 20 on
HostName> set routemap ospf_import id 20 match network 192.168.0.0/16 all
HostName> set routemap ospf_import id 20 restrict
HostName> set routemap ospf_import id 30 on
HostName> set routemap ospf_import id 30 action route-type type-1
HostName> set routemap ospf_import id 30 allow
HostName> set ospf import-routemap ospf_import preference 1 on
HostName> save config

 

(3-D) Applying parameters to selected imported routes

  1. Create several routemap IDs on the same routemap:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on

    Notes:

    • Create a routemap for each set of match conditions you wish to specify.
    • Create a routemap ID higher than all others with no match conditions to allow any routes not explicitly defined.
  2. Set the match conditions for each ID:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match

    Note: These match conditions should be tailored to the routes that you wish to reject.
  3. For each ID, set the ID type to "Allow" to allow the routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER allow
  4. For each ID, specify any number of actions you wish to take on the imported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action
  5. Set the import routemap to this newly created routemap on the protocol(s), from which you wish to import the routes:

    HostName> set import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  6. Save Gaia configuration:

    HostName> save config

Example:

Import routes from BGP AS 1. Routes with network 10.1.0.0/16 have the local preference set to 10. Routes from neighbor 192.168.100.100 have the protocol rank set to 50. All other routes are imported and have the weight set to 100:

HostName> set routemap bgp_import id 1 on
HostName> set routemap bgp_import id 1 match network 10.1.0.0/16 all
HostName> set routemap bgp_import id 1 action localpref 10
HostName> set routemap bgp_import id 1 allow
HostName> set routemap bgp_import id 2 on
HostName> set routemap bgp_import id 2 match neighbor 192.168.100.100 on
HostName> set routemap bgp_import id 2 action precedence 50
HostName> set routemap bgp_import id 2 allow
HostName> set routemap bgp_import id 3 on
HostName> set routemap bgp_import id 3 action preference 100
HostName> set routemap bgp_import id 3 allow
HostName> set bgp external remote-as 1 import-routemap bgp_import preference 1 on
HostName> save config

 

(4) Configuring Export Routemaps

 

(4-A) Exporting all routes from one or more protocols

  1. Create a routemap with one ID for every protocol you wish to export:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on
  2. For each ID, specify a match condition for a protocol you wish to export:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match protocol PROTOCOL

    Note: Each protocol should only be matched in one ID, and each ID should have a match condition.
  3. For each ID, set the ID type to "Allow" to export the routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER allow
  4. Optionally, for each ID, you may specify one or more actions you wish to take on the exported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action ACTION_IF_MATCH_SUCCEEDS
  5. Set the export routemap to this newly created routemap on the protocol(s), from which you wish to export the routes:

    HostName> set PROTOCOL import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  6. Save Gaia configuration:

    HostName> save config

Example:

Export all Interface and Static routes to both RIP and OSPFv2. Exported interface routes have their metric set to 5, while exported static routes have their metric set to 25:

HostName> set routemap if_static id 1 on
HostName> set routemap if_static id 1 match protocol direct
HostName> set routemap if_static id 1 action metric value 5
HostName> set routemap if_static id 2 on
HostName> set routemap if_static id 2 match protocol static
HostName> set routemap if_static id 2 action metric value 25
HostName> set rip export-routemap if_static preference 1 on
HostName> set ospf export-routemap if_static preference 1 on
HostName> save config

 

(4-B) Exporting only selected routes

  1. Create several routemap IDs on the same routemap:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on

    Note: Create one for each set of match conditions you wish to specify.
  2. Set the match conditions for each ID:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match protocol PROTOCOL
    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER match MATCH_CONDITION
    

    Notes:

    • These match conditions should be tailored to the routes you wish to export.
    • One of these match conditions should match the protocol, from which you are exporting, unless that protocol is the same protocol, to which you are exporting.
  3. For each ID, set the ID type to "Allow" to export the routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER allow
  4. Optionally, for each ID, you may specify one or more actions to perform on the exported routes:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER action ACTION_IF_MATCH_SUCCEEDS
  5. Set the import routemap to this newly created routemap on the protocol(s), to which you wish to import the routes:

    HostName> set PROTOCOL import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on
  6. Save Gaia configuration:

    HostName> save config

Example:

Export two sets of routes to BGP AS 1: OSPFv2 routes in the prefix 10.0.0.0/8 with mask length between 24 and 32, and BGP AS 100 routes:

Note: There is no match protocol condition for the BGP routes, because there is an implicit match condition for the same protocol, if no match protocol statement is present.

HostName> set routemap bgp_export id 1 on
HostName> set routemap bgp_export id 1 match protocol ospf2
HostName> set routemap bgp_export id 1 match network 10.0.0.0/8 between 24 and 32
HostName> set routemap bgp_export id 1 allow
HostName> set routemap bgp_export id 2 on
HostName> set routemap bgp_export id 2 match as 100 on
HostName> set routemap bgp_export id 2 allow
HostName> set bgp external remote-as 1 export-routemap bgp_export preference 2 on
HostName> save config

 

(4-C) Restricting routes while exporting

  1. Create a routemap to export a set of routes that you wish to restrict a subset of (see the"Exporting all routes from one or more protocols" section or "Exporting only selected routes" section above).

  2. Create a separate new routemap, and create one routemap ID belonging to it for each set of match conditions you wish to specify:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER on
  3. For each ID, set the ID type to "Restrict" to block the routes matched:

    HostName> set routemap ROUTEMAP_NAME id ID_NUMBER restrict
  4. Set the import routemap on the protocol, to which you wish to import the routes:

    HostName> set PROTOCOL import-routemap ROUTEMAP_NAME preference ROUTEMAP_PREFERENCE_NUMBER on

    Notes:

    • There will be two export routemaps - one routemap to restrict routes, and one routemap to allow them.
    • The restrict routemap should have a lower preference value, so that it takes priority over the allow routemap. Otherwise, the allow routemap may allow routes that you wish to restrict, since it is matched first.
  5. Save Gaia configuration:

    HostName> save config

Example:

Using the following routemaps:

  • routemap 'bgp_export' from the "Exporting only selected routes" section as the "Allow" routemap
  • new routemap as the "Restrict" routemap

Notes:

  • The preference value for the "Allow" routemap is higher than the preference value for the "Restrict" routemap, so the restrict routes are matched first.
  • The command to set the "Allow" routemap for BGP is re-stated here. This restrict routemap will restrict routes from BGP AS 100 that are in the prefix 192.168.0.0/16.

Commands:

HostName> set routemap bgp_restrict id 1 on
HostName> set routemap bgp_restrict id 1 match as 100
HostName> set routemap bgp_restrict id 1 match network 192.168.0.0/16 all
HostName> set routemap bgp_restrict id 1 restrict
HostName> set bgp external remote-as 1 export-routemap bgp_restrict preference 1 on
HostName> set bgp external remote-as 1 export-routemap bgp_export preference 2 on
HostName> save config

 

(5) Verifying the Routemap Configuration

Using the following command to verify that the configured routemaps are present in a protocol:

HostName> show PROTOCOL routemap

In order to confirm that the desired Import Routemap behavior is present:

  • Verify that any routes that should be imported appear in the routing table (run in Clish "show route" command for IPv4 or "show ipv6 route" command for IPv6).
  • Verify that any routes that should not be imported are not present.

If a route that should be present does not appear, then check whether it appears when running in Clish "show route all" command for IPv4, or "show ipv6 route all" command for IPv6:

  • If it appears (and is marked as Hidden or Inactive), then the Import Routemap for that protocol has a configuration problem.
    For example, an incorrect family has been configured for BGP import. For IPv6 routes a family of “inet6” or “inet-and-inet6” should be used.
  • If it does not appear, then the route was never received by the routing protocol in question.

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment