13 Replies Latest reply: Dec 18, 2009 6:30 AM by toor RSS

    Route-maps

    mihai.manole

      hello,

      I am learning for my BSCI and right now i am stucked with route-maps. Can anyone help me with route-maps? Not necesarily in the way that are constructed but the way that are aplied. any small example will be apreciated[in this way i will understand better].

       

      Thank's in advance.

       

      Mihai

        • 1. Re: Route-maps
          Erick

          Hi!

           

          I can try and help with route-maps.  Think of route maps as the ever popular "If, Then" statement in a programmng language.  If this matches then do this.  Well, route maps are very similar to that.  Most times they are used in BGP, but they can be used with other things like route redistribution, conditional routing, etc.  They are very flexible.

           

          I am in a rush to get out the door for work, but I am sure someone can give you an example.  If no one has helped out with an example by the time I get off of work, I will put one together for you after work.

           

          Erick

          • 2. Re: Route-maps
            JohnMoore

            This is just off the top of my head fromy studies.

             

            As Eric states above they are very flexible and can be used to do many things with routes, redistribution, filtering routes, etc. For example, say you want to filter a redistributed route from what portion of your network:

             

            Create an access-list with the network you want to filter

            !

            access-list 1 permit 192.168.1.0 0.0.0.255

            !

            Create a route-map to filter

            !

            route-map FILTER deny 10

            match ip address 1

            !

            now you need another statement so all other routes do not get affected by the route-map FILTER

             

            route-map FILTER permit 20

            !

             

            Now in the routing protocol for example ospf

            !

            redistribute route-map FILTER

             

            The access-list allows you to assign multiple blocks of subnets/ip's, the route-map statement allows you to adjust the route to your needs. Say you want to add a different metric to a route from an external ospf route or even another area.

             

            Create the access-list then the route-map statement

             

            !

            route-map METRIC permit 10

            match ip address 1

            set metric 500

            !

            route-map METRIC permit 20

            !

             

            There are many different things you can do with the set commands so I recommend looking at the IOS and reading cisco docs on what you can do with hem.

             

            HTH,

            J

            • 3. Re: Route-maps
              mihai.manole

              i am trying  to use it for a redistribution. ok, let's say that i want to change the metric or the metric-type: with the #match i make the link to the access-list previously created and with the set i make the change. But how is aplied [i mean locally and/or interface /// for the local routes or for the routes received]?

               

              what about  #ip local policy route-map  command ?

               

              thank you for your answers until now and hoping for more.

               

              Mihai

              • 4. Re: Route-maps
                Darwin R CCNA/CCDA

                Hello Mihai,

                 

                This can definitely be a confusing subject. Even the greatest minds have to watch themselves with this particular feature. Don't feel bad at all, I have to research notes every time I think about this subject...kind of gives me a headache

                 

                Thought I'd send this link right along with John's information. Erick will come back with a few tid bits to assist in clearing up any confusion.

                 

                http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008047915d.shtml

                 

                Buckle down,

                 

                Darwin

                • 5. Re: Route-maps
                  Erick

                  Hi!

                   

                  If you want to use it for redistribution.  You would use it in your redistribution statement.

                   

                  Suppose you are redistributing RIP into OSPF.  You can change the metric or metric type in the redistribution statement or in a route map.  If you choose a route map you would go into the OSPF process and type something like this:

                   

                  redistribute rip subnets route-map MY_ROUTE_MAP

                   

                  Now that I made it to work, I actually have to do some work! 

                   

                  Erick

                  • 6. Re: Route-maps
                    mihai.manole

                    let's say that i 'think' that i figured this out [i mean with redistribution part(i tested and it works---redistrib RIP in OSPF)] but i still have problems with # match ip address 17 -like things [] and also with PBR [to be honest, even that i have read the files severeal times i can not  aply it on the router in order to have some effects].

                     

                    May sounds stupid what i am saying here but i am prefering to appear stupi instead of just beeing .

                     

                    thank's again

                     

                    Mihai

                    • 7. Re: Route-maps
                      toor

                      Hi Mihai,

                       

                      match ip address 17 means that route map checks ACL 17. If access list permits source IP address (in the case of standard ACL) or source/destination combination (extended ACL) then policy map performs actions specified in set statements.

                      The result of route map is taken from permit/deny from route-map NAME permit|deny LINE.

                       

                      For example you are configuring isis to ospf redistribution. You need to

                      1. redistribute routes 20.20.0.0, 20.40.0.0 with the metric 30 and metric type E1

                      2. don't redistribute any other route that starts with 20.

                      3. redistribute all other routes with metric 40 and metric type E2

                      You can accomplish this task with the lfolowing configuration:

                       

                      access-list 10 permit 20.20.0.0

                      access-list 10 permit 20.40.0.0

                      access-list 20 permit 20.0.0.0 0.255.255.255

                      route-map ISIS-to-OSPF permit 10

                        match ip address 10

                        set metric 30

                        set metric-type type-1

                      route-map ISIS-to-OSPF deny 20

                        match ip address 20

                      route-map ISIS-to-OSPF permit 30

                        set metric 40

                      router ospf 10

                        redistribute isis route-map ISIS-to-OSPF subnets

                       

                      Here is line 10 of route map ISIS-to-OSPF checks if route is 20.20.0.0 or 20.40.0.0 using ACL 10. If you have those routes metric is set to 30 and metric-type to E1/N1

                      Line 20 is being checked only if line 10 match statements didn't actually match. It checks for the route match using ACL 20 and denies redistribution if ACL has match.

                      Line 30 doesn't check anything just set metric to 40.

                       


                      One more example of PBR. You need to influnce routing for the packets received from f0/0 interface

                      1. Route all packets destined to 172.16.4.0/24 to s0/0

                      2. Leave all other packets to 172.16.0.0/12 to be routed using routing table

                      3. Send all other packets to s0/1

                       

                      access-list 100 permit ip any 172.16.4.0 0.0.0.255

                      access-list 110 permit ip any 172.16.0.0 0.15.255.255

                      route-map LAN-PBR permit 10

                        match ip address 100

                        set interface s0/0

                      route-map LAN-PBR deny 20

                        match ip address 110

                      route-map LAN-PBR permit 30

                        set interface s0/1

                      interface f0/0

                        ip policy route-map LAN-PBR

                       

                      One more this about matching statements in the route map is if you have to match several ACLs in the route map.

                      route-map test permit 10

                        match ip address 100 120

                      route-map test permit 20

                        match ip address 200

                        match ip address 210

                       

                      Here is line 10 of route map would work if you match ANY of the ACL 100 or 120 (OR-function)

                      Line 20 would work if you have match on the BOTH ACL 200 and 210 (AND-function)

                       

                      HTH,

                       

                      Toor

                      • 8. Re: Route-maps
                        welly

                        Hi Mihai,

                         

                        Route-map can be used in policy-based routing (but not limited to PBR only)

                        Ref :Understanding policy routing

                         

                        You have asked how is it applied and and difference between:

                        manipulating locally generated traffic vs manipulating routes that being received on particular interface

                        1) PBR for routes that being received on particular interface

                            -Its configured on the interface that receive incoming traffic

                             (config-if)#ip policy route-map [ROUTE_MAP NAME]

                         

                        2) Local policy routing

                            Its configured on global configuration

                                  (config)#ip local policy route-map [ROUTE_MAP NAME]

                         

                         

                         

                        Welly

                        • 9. Re: Route-maps
                          mihai.manole

                          Thank you for your answers,

                           

                          Toor [or anyone else], can you tell me how can i check if it's corect? what commands shall i use?

                          i refering to this part:

                           

                          "One more example of PBR. You need to influnce routing for the packets received from f0/0 interface

                          1. Route all packets destined to 172.16.4.0/24 to s0/0

                          2. Leave all other packets to 172.16.0.0/12 to be routed using routing table

                          3. Send all other packets to s0/1

                           

                          access-list 100 permit ip any 172.16.4.0 0.0.0.255

                          access-list 110 permit ip any 172.16.0.0 0.15.255.255

                          route-map LAN-PBR permit 10

                            match ip address 100

                            set interface s0/0

                          route-map LAN-PBR deny 20

                            match ip address 110

                          route-map LAN-PBR permit 30

                            set interface s0/1

                          interface f0/0

                            ip policy route-map LAN-PBR"

                           

                          Mihai

                          • 10. Re: Route-maps
                            Paul Stewart  -  CCIE Security

                            I would generally just test that by sending traffic.  The problem with issuing a broad statement on troubleshooting route-maps is that they can be used for so many things.  Test it based on what you are using it for.  So if you are manipulating a route metric, look at that.  If you are using policy based nat, debug the nat.  If you are using policy based routing, send some traffic.  Check for counts on your access-lists that are being used for matches.

                             

                            I will note one thing on your example, I think you have a workable scenario.  However, this can be accomplished without a route-map.  A lot of time we do source based routing with a route-map.  For example traffic from A to B uses next hop of Y, whereas all other hosts use Z.  That is something a bit more interesting and could not be accomplished with just the normal route table.

                             

                            A=1.1.1.2

                            B=2.2.2.2

                            Y=3.3.3.2

                            Z=3.3.3.1

                             

                            access-list 101 permit ip host 1.1.1.2 host 2.2.2.2

                             

                            route-map AtoB permit 10

                              match ip address 101

                              set ip next-hop 3.3.3.2

                             

                            interface f0/0

                              ip address 1.1.1.254 255.255.255.0

                              ip policy route-map AtoB

                             

                            interface fa0/1

                            ip address 3.3.3.254 255.255.255.0

                             

                            ip route 0.0.0.0 0.0.0.0 3.3.3.1

                             

                            In this case, only traffic from 1.1.1.2 to 2.2.2.2 will be routed through 3.3.3.2.  Traffic from all other sources will go to 3.3.3.1 for the next hop for everything, event traffic destined to 2.2.2.2.  That cannot be accomplished with the route table and is where using route-maps for policy based routing becomes necessary.

                            • 11. Re: Route-maps
                              mihai.manole

                              I want to say Thank You to all of you that had patience to answer. everything that you have told me i've tried and [the most important] it worked

                               

                              Again: Thank you.

                               

                              Because very soon i will enter in vacation  so i wish you Merry Christmas.

                               

                              All the best,

                               

                               

                              Mihai

                              • 12. Re: Route-maps
                                toor

                                Hi Mihai,

                                 

                                As Paul said each usage of route maps involves different tools for checking if that works.

                                 

                                For PBR you can use sh ip policy to see which route map attached to which interfaces and sh route-map to check route map itself and forwarding statistics  by each route map clause.

                                As for check what it does for each particular packet I would use traceroute or extended ping with record option.One more thing you can use is debug ip packet. Just remember not to use that on your production network and disable cef/fast-cache to actually see forwarded packets.

                                 

                                For redistribution you need to check routing table and topology table for each involved protocol.

                                 

                                For nat sh ip nat stat would tell you which route map or acl is being used for the translation

                                 

                                HTH,

                                 

                                Toor

                                • 13. Re: Route-maps
                                  toor

                                  Merry Christmas to you too!

                                   

                                  Toor