Application and note of Route-Map in redistriing and Policy-Routing

 

Route-map can be applied in two different places: redistribute and policy routing, but the difference must be clear:

 

I. deny statement

1. If the deny statement in route-map matches, matched entries will not be redistributed during redistribute.

2. If the deny statement in the route-map matches the policy routing, the policy routing will not be performed, but will be forwarded to the normal route table.

 

 

Ii. default deny all

Like access-list, route-map has an implicit deny all

 

 

Iii. Smooth route-map statement number

1. When editing a route-map, if permit xx is not specified, the first sentence is permit 10 by default.

Example:

Route-map cracker

Matches ip address 101

Set ip next-hop 211.81.157.1

Route-map cracker

Match interface f0/0

Set metric 100

 

Equivalent:

Route-map cracker permit 10

Match ip Active Directory 101

Set ip next-hop 211.81.157.1

Route-map cracker permit 20

Match int f0/0

Set metric 100

2. When deleting an entry, if the statement number is not specified, the entire route-map will be deleted directly.

Example:

No route-map cracker

The above command will delete the entire route-map instead of the 20 Statement we want to delete. The correct usage is:

No route-map cracker 20

 

3. If the match statement is placed under the same statement, it will match all:

Example 3-1:

Route-map cracker permit 10

Matches ip address 101

Match ip length 1500

Set ip next-hop 211.81.157.1

Set metric 100

In the preceding example, if both conditions are met, set metric and forward it to 211.81.157.1.

 

Example 3-2:

Route-map cracker permit 10

Matches ip address 101

Set ip next-hop 211.81.157.1

Route-map cracker permit 20

Matches ip address 102

Set ip next-hop 211.81.157.2

Route-map cracker permit 30

The preceding example indicates that each statement is matched sequentially. However, if one statement is matched, the route-map statement is displayed.

 

Iv. policy routing

Note that policy routing can only be used on the router's inbound interface!

Example: 4-1

For example, s0/0 on R1 is the inbound interface, s0/1 is the outbound interface, and two external network segments are connected, 172.16.1.1 and 2 respectively.

 

Route-map cracker

Match ip address 10

Set ip next-hop 172.16.1.1

Route-map cracker

Match ip address 20

Set ip next-hop 172.16.1.2

 

Access-list 10 permit 172.16.6.0 0.0.255

Access-list 20 permit 172.16.7.0 0.0.255

 

Int s0/0

Ip ad 172.16.8.254 255.255.255.0

Ip policy route-map cracker

 

In the above example, if the packet of the 6-segment is forwarded to 1.1, the packet of the 7-segment is forwarded to 1.2. The packet in the 8-segment network is forwarded to the normal route table for forwarding because there is no statement matching. The result is generally load balancing, and each of the two purposes bears half of the traffic.

 

In fact, the application of policy routing is very wide, including matching packet size, packet taking one link, and big packet taking another, so as not to cause the congestion of voice data.

 

You can also match the protocol type, HTTP, FTP, TELNET, BT, and other protocols, or even match the URLs in the layer-7 protocol, such as the traffic to the ttp: // blog.sina.com.cn/cisco site :)

 

Vi. Application of route-map in redistribute

Such applications are also very important because of the existing market environment. Many companies have been acquiring, acquiring, operating, and integrating the new company network with the existing network all year round, this has to mention redistribute. Redistribution can allow networks under two different routing protocols to exchange route information, but if we need to precisely manage which entries can be distributed and which cannot, at this time, generally, you can use two methods: route-filter and route-map.

 

Example:

Route-map cracker deny 10

Match ip address 10

Route-map cracker permit 20

 

Route-map cuijian permit 20

Match ip address 20

 

Access-list 10 permit 10.1.0.0 0.0.255.255

Access-list 20 permit 172.16.0.0 0.0.255.255

 

Router ospf 1

Redis rip metric 100 subnets route-map cracker

 

In the preceding example, route entries in the 10 CIDR block are not redistributed to ospf. Note that the statement is deny, and the 20th entries in the cracker statement will match all entries because there is no match statement. The entire statement is used to re-distribute route entries except 10.1.0.0.

 

Route-map cuijian does not resend all routes except the 172.16.0.0 segment due to the deny all implied at the end.

 

In fact, route-map cracker and route-map cuijian play the same role here. Do not resend 10 CIDR Block entries.

 

With a similar design, we can isolate two domains from the routing aspect to implement basic security policies.