Skip navigation
Cisco Learning Home > CCNP R&S Study Group > Discussions
This Question is Answered
7306 Views 13 Replies Latest reply: Dec 18, 2009 6:30 AM by toor RSS

Currently Being Moderated

Route-maps

Dec 17, 2009 3:12 AM

mihai.manole 23 posts since
Oct 16, 2009

hello,

I am learning for my BSCI and right now i am stucked with route-maps. Can anyone help me with route-maps? Not necesarily in the way that are constructed but the way that are aplied. any small example will be apreciated[in this way i will understand better].

 

Thank's in advance.

 

Mihai

  • Currently Being Moderated
    1. Dec 17, 2009 5:22 AM (in response to mihai.manole)
    Re: Route-maps

    Hi!

     

    I can try and help with route-maps.  Think of route maps as the ever popular "If, Then" statement in a programmng language.  If this matches then do this.  Well, route maps are very similar to that.  Most times they are used in BGP, but they can be used with other things like route redistribution, conditional routing, etc.  They are very flexible.

     

    I am in a rush to get out the door for work, but I am sure someone can give you an example.  If no one has helped out with an example by the time I get off of work, I will put one together for you after work.

     

    Erick

  • JohnMoore 120 posts since
    Apr 3, 2009
    Currently Being Moderated
    2. Dec 17, 2009 5:37 AM (in response to mihai.manole)
    Re: Route-maps

    This is just off the top of my head fromy studies.

     

    As Eric states above they are very flexible and can be used to do many things with routes, redistribution, filtering routes, etc. For example, say you want to filter a redistributed route from what portion of your network:

     

    Create an access-list with the network you want to filter

    !

    access-list 1 permit 192.168.1.0 0.0.0.255

    !

    Create a route-map to filter

    !

    route-map FILTER deny 10

    match ip address 1

    !

    now you need another statement so all other routes do not get affected by the route-map FILTER

     

    route-map FILTER permit 20

    !

     

    Now in the routing protocol for example ospf

    !

    redistribute route-map FILTER

     

    The access-list allows you to assign multiple blocks of subnets/ip's, the route-map statement allows you to adjust the route to your needs. Say you want to add a different metric to a route from an external ospf route or even another area.

     

    Create the access-list then the route-map statement

     

    !

    route-map METRIC permit 10

    match ip address 1

    set metric 500

    !

    route-map METRIC permit 20

    !

     

    There are many different things you can do with the set commands so I recommend looking at the IOS and reading cisco docs on what you can do with hem.

     

    HTH,

    J

  • Darwin R CCNA/CCDA 580 posts since
    Jun 22, 2009
    Currently Being Moderated
    4. Dec 17, 2009 6:25 AM (in response to mihai.manole)
    Re: Route-maps

    Hello Mihai,

     

    This can definitely be a confusing subject. Even the greatest minds have to watch themselves with this particular feature. Don't feel bad at all, I have to research notes every time I think about this subject...kind of gives me a headache

     

    Thought I'd send this link right along with John's information. Erick will come back with a few tid bits to assist in clearing up any confusion.

     

    http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008047915d.shtml

     

    Buckle down,

     

    Darwin

  • Currently Being Moderated
    5. Dec 17, 2009 6:28 AM (in response to mihai.manole)
    Re: Route-maps

    Hi!

     

    If you want to use it for redistribution.  You would use it in your redistribution statement.

     

    Suppose you are redistributing RIP into OSPF.  You can change the metric or metric type in the redistribution statement or in a route map.  If you choose a route map you would go into the OSPF process and type something like this:

     

    redistribute rip subnets route-map MY_ROUTE_MAP

     

    Now that I made it to work, I actually have to do some work! 

     

    Erick

  • toor 453 posts since
    Sep 22, 2008
    Currently Being Moderated
    7. Dec 17, 2009 9:34 AM (in response to mihai.manole)
    Re: Route-maps

    Hi Mihai,

     

    match ip address 17 means that route map checks ACL 17. If access list permits source IP address (in the case of standard ACL) or source/destination combination (extended ACL) then policy map performs actions specified in set statements.

    The result of route map is taken from permit/deny from route-map NAME permit|deny LINE.

     

    For example you are configuring isis to ospf redistribution. You need to

    1. redistribute routes 20.20.0.0, 20.40.0.0 with the metric 30 and metric type E1

    2. don't redistribute any other route that starts with 20.

    3. redistribute all other routes with metric 40 and metric type E2

    You can accomplish this task with the lfolowing configuration:

     

    access-list 10 permit 20.20.0.0

    access-list 10 permit 20.40.0.0

    access-list 20 permit 20.0.0.0 0.255.255.255

    route-map ISIS-to-OSPF permit 10

      match ip address 10

      set metric 30

      set metric-type type-1

    route-map ISIS-to-OSPF deny 20

      match ip address 20

    route-map ISIS-to-OSPF permit 30

      set metric 40

    router ospf 10

      redistribute isis route-map ISIS-to-OSPF subnets

     

    Here is line 10 of route map ISIS-to-OSPF checks if route is 20.20.0.0 or 20.40.0.0 using ACL 10. If you have those routes metric is set to 30 and metric-type to E1/N1

    Line 20 is being checked only if line 10 match statements didn't actually match. It checks for the route match using ACL 20 and denies redistribution if ACL has match.

    Line 30 doesn't check anything just set metric to 40.

     


    One more example of PBR. You need to influnce routing for the packets received from f0/0 interface

    1. Route all packets destined to 172.16.4.0/24 to s0/0

    2. Leave all other packets to 172.16.0.0/12 to be routed using routing table

    3. Send all other packets to s0/1

     

    access-list 100 permit ip any 172.16.4.0 0.0.0.255

    access-list 110 permit ip any 172.16.0.0 0.15.255.255

    route-map LAN-PBR permit 10

      match ip address 100

      set interface s0/0

    route-map LAN-PBR deny 20

      match ip address 110

    route-map LAN-PBR permit 30

      set interface s0/1

    interface f0/0

      ip policy route-map LAN-PBR

     

    One more this about matching statements in the route map is if you have to match several ACLs in the route map.

    route-map test permit 10

      match ip address 100 120

    route-map test permit 20

      match ip address 200

      match ip address 210

     

    Here is line 10 of route map would work if you match ANY of the ACL 100 or 120 (OR-function)

    Line 20 would work if you have match on the BOTH ACL 200 and 210 (AND-function)

     

    HTH,

     

    Toor

  • welly 114 posts since
    Oct 29, 2009
    Currently Being Moderated
    8. Dec 17, 2009 12:53 PM (in response to mihai.manole)
    Re: Route-maps

    Hi Mihai,

     

    Route-map can be used in policy-based routing (but not limited to PBR only)

    Ref :Understanding policy routing

     

    You have asked how is it applied and and difference between:

    manipulating locally generated traffic vs manipulating routes that being received on particular interface

    1) PBR for routes that being received on particular interface

        -Its configured on the interface that receive incoming traffic

         (config-if)#ip policy route-map [ROUTE_MAP NAME]

     

    2) Local policy routing

        Its configured on global configuration

              (config)#ip local policy route-map [ROUTE_MAP NAME]

     

     

     

    Welly

  • Paul Stewart  -  CCIE Security, CCSI 6,986 posts since
    Jul 18, 2008
    Currently Being Moderated
    10. Dec 18, 2009 5:36 AM (in response to mihai.manole)
    Re: Route-maps

    I would generally just test that by sending traffic.  The problem with issuing a broad statement on troubleshooting route-maps is that they can be used for so many things.  Test it based on what you are using it for.  So if you are manipulating a route metric, look at that.  If you are using policy based nat, debug the nat.  If you are using policy based routing, send some traffic.  Check for counts on your access-lists that are being used for matches.

     

    I will note one thing on your example, I think you have a workable scenario.  However, this can be accomplished without a route-map.  A lot of time we do source based routing with a route-map.  For example traffic from A to B uses next hop of Y, whereas all other hosts use Z.  That is something a bit more interesting and could not be accomplished with just the normal route table.

     

    A=1.1.1.2

    B=2.2.2.2

    Y=3.3.3.2

    Z=3.3.3.1

     

    access-list 101 permit ip host 1.1.1.2 host 2.2.2.2

     

    route-map AtoB permit 10

      match ip address 101

      set ip next-hop 3.3.3.2

     

    interface f0/0

      ip address 1.1.1.254 255.255.255.0

      ip policy route-map AtoB

     

    interface fa0/1

    ip address 3.3.3.254 255.255.255.0

     

    ip route 0.0.0.0 0.0.0.0 3.3.3.1

     

    In this case, only traffic from 1.1.1.2 to 2.2.2.2 will be routed through 3.3.3.2.  Traffic from all other sources will go to 3.3.3.1 for the next hop for everything, event traffic destined to 2.2.2.2.  That cannot be accomplished with the route table and is where using route-maps for policy based routing becomes necessary.

  • toor 453 posts since
    Sep 22, 2008
    Currently Being Moderated
    12. Dec 18, 2009 6:24 AM (in response to mihai.manole)
    Re: Route-maps

    Hi Mihai,

     

    As Paul said each usage of route maps involves different tools for checking if that works.

     

    For PBR you can use sh ip policy to see which route map attached to which interfaces and sh route-map to check route map itself and forwarding statistics  by each route map clause.

    As for check what it does for each particular packet I would use traceroute or extended ping with record option.One more thing you can use is debug ip packet. Just remember not to use that on your production network and disable cef/fast-cache to actually see forwarded packets.

     

    For redistribution you need to check routing table and topology table for each involved protocol.

     

    For nat sh ip nat stat would tell you which route map or acl is being used for the translation

     

    HTH,

     

    Toor

  • toor 453 posts since
    Sep 22, 2008
    Currently Being Moderated
    13. Dec 18, 2009 6:30 AM (in response to mihai.manole)
    Re: Route-maps

    Merry Christmas to you too!

     

    Toor

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)