Route-map routing policy

 

[Original] Route-map (1) (14:01:59) reprinted
Tags: route-map route ing cisco miscellaneous classification: Router
<Route-Map>
It is also called a route chart or a route ing table. It is a tool for processing routes.
1. route-map can call ACL or prefix to capture some routes for processing.
2. Each route-map can have multiple statements, and each statement has a sequence number.
3. Each statement has two actions: match and set.
4. Each statement has two processing methods for the captured route: permit or deny.

Route-map is used in three steps:
1. Define the ACL or prefix to capture the route
2. Define route-map to describe the processing method of the matched route.
3. Calling route-map // route-map is only a policy tool and does not work if it is not called.

Match logic of route-map:
Route-map NAME permit 10
Match ip address x y z
-------> OR
Match ip address a challenge
Match ip address B between AND
Match ip address c Branch
If no match/set is written, the default value is match any.
Set nothing

Case 1: Route ing and reallocation
It is required to re-distribute the network in OSPF on R1. Route 172.16.1.0 must be re-distributed with OE1. Route redistribution with the metric value changed to route 100,172.16 .3.0 does not allow re-distribution, other routes are not changed, and are redistributed by default. Only the third eight-bit group is an odd route in the loop ports on R3.

When no policy is configured, the route tables of R2 and R3 are:

R2 # sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D ex 1.1.1.0 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D ex 3.3.3.3 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
111.0.0.0/32 is subnetted, 9 subnets
D ex 111.111.1.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.3.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.2.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.5.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.4.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.7.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.6.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.9.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D ex 111.111.8.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D ex 13.1.1.0 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
R3 # sh ip ro OS
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:00:31, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
O E2 2.2.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.1.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 172.16.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 172.16.3.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.1.1.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
In this case, configure on R1:
R1 # sh run | B r e
Router VPN 100
Redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccie
!
Router ospf 100
Redistribute fig 100 subnets route-map wolf
!
Access-list 1 permit 172.16.1.0 0.0.255
Access-list 2 permit 172.16.2.0 0.0.0.255
Access-list 3 permit 172.16.3.0 0.0.255
Access-list 4 permit 111.111.1.1
Access-list 4 permit 111.111.3.1
Access-list 4 permit 111.111.5.1
Access-list 4 permit 111.111.7.1
Access-list 4 permit 111.111.9.1
Access-list 4 permit 13.1.1.0
!
Route-map ccie permit 10
Match ip address 4
!
Route-map wolf permit 10
Match ip address 1
Set metric-type-1
!
Route-map wolf permit 20
Match ip address 2
Set metric 100
!
Route-map wolf deny 30
Match ip address 3
!
Route-map wolf permit 40
Let's take a look at the route tables of R2 and R3:
R2 # sh ip ro ei
111.0.0.0/32 is subnetted, 5 subnets
D ex 111.111.1.1 [170/2195456] via 12.1.1.1, 00:02:15, Serial1/1
D ex 111.111.3.1 [170/2195456] via 12.1.1.1, 00:01:57, Serial1/1
D ex 111.111.5.1 [170/2195456] via 12.1.1.1, 00:01:56, Serial1/1
D ex 111.111.7.1 [170/2195456] via 12.1.1.1, 00:01:54, Serial1/1
D ex 111.111.9.1 [170/2195456] via 12.1.1.1, 00:01:52, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D ex 13.1.1.0 [170/2195456] via 12.1.1.1, 00:01:43, Serial1/1
R3 # sh ip ro OS
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:16:55, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
O E2 2.2.2.0 [110/20] via 13.1.1.1, 00:16:55, Serial1/0
172.16.0.0/24 is subnetted, 2 subnets
O E1 172.16.1.0 [110/84] via 13.1.1.1, 00:10:36, Serial1/0
O E2 172.16.2.0 [110/100] via 13.1.1.1, 00:10:36, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.1.1.0 [110/20] via 13.1.1.1, 00:16:55, Serial1/0
Take a look at the configurations of the three Routers:
R2 Configuration:
R2 # sh run | B r e
Router VPN 100
Network 2.2.2.2 0.0.0.0
Network 12.1.1.2 0.0.0.0
Network 172.16.0.0
No auto-summary
R1 Configuration:
R1 # sh run | B r e
Router VPN 100
Redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccie
Network 12.1.1.1 0.0.0.0
No auto-summary
!
Router ospf 100
Router-id 1.1.1.1
Log-adjacency-changes
Redistribute fig 100 subnets route-map wolf
Network 1.1.1.1 0.0.0.0 area 0
Network 13.1.1.1 0.0.0.0 area 0
!
Ip classless
No ip http server
!
!
Access-list 1 permit 172.16.1.0 0.0.255
Access-list 2 permit 172.16.2.0 0.0.0.255
Access-list 3 permit 172.16.3.0 0.0.255
Access-list 4 permit 111.111.1.1
Access-list 4 permit 111.111.3.1
Access-list 4 permit 111.111.5.1
Access-list 4 permit 111.111.7.1
Access-list 4 permit 111.111.9.1
Access-list 4 permit 13.1.1.0
!
Route-map ccie permit 10
Match ip address 4
!
Route-map wolf permit 10
Match ip address 1
Set metric-type-1
!
Route-map wolf permit 20
Match ip address 2
Set metric 100
!
Route-map wolf deny 30
Match ip address 3
!
Route-map wolf permit 40
R3 Configuration:
R3 # sh run | B r o
Router ospf 100
Router-id 3.3.3.3
Log-adjacency-changes
Network 3.3.3.3 0.0.0.0 area 0
Network 13.1.1.3 0.0.0.0 area 0
Network 111.111.0.0 0.0.255.255 area 0

Note:
· A deny any statement is hidden at the end of route-map.
· If no blank Route-map clause is written to allow other routes to pass through, no matched routes will be discarded directly.

You can also match an interface when re-distributing direct connections, and write the route-map directly without defining the access list.
R1 (config) # route-map WOLF permit 10
R1 (config-route-map) # match interface e0
Case 2: tag using route-map
Purpose: You can tag some routes so that the subsequent routers can identify these routes based on the tags and apply corresponding policies.

As shown in, requirements:

1. re-distribute RIP to OSPF on R3
2. re-distribute OSPF to the OSPF on R1, but the Routes learned from RIP cannot be taken over.
Tag can be used to solve the problem:
1. When RIP is re-distributed into OSPF on R3, the route-map is used for tag marking.
2. When the OSPF is re-distributed to the OSPF on R1, find the tag-Marked route and then drop the deny.
Now let's take a look at the route table of R2 and R1 when no policy is configured:
R2 # sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D ex 1.1.1.0 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D ex 3.3.3.3 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
172.16.0.0/24 is subnetted, 3 subnets
D ex 172.16.1.0 [170/2195456] via 12.1.1.1, 00:00:41, Serial1/1
D ex 172.16.2.0 [170/2195456] via 12.1.1.1, 00:00:32, Serial1/1
D ex 172.16.3.0 [170/2195456] via 12.1.1.1, 00:00:24, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D ex 13.1.1.0 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
R1 # sh ip ro OS
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 13.1.1.3, 00:00:37, Serial1/1
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.1.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
O E2 172.16.2.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
O E2 172.16.3.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
R1 # sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 64
Redistributing via image100
Advertised by Kerberos 100 metric 10000 100 1 255 1500
Last update from 13.1.1.3 on Serial1/1, 00:01:04 ago
Routing Descriptor Blocks:
* 13.1.1.3, from 3.3.3.3, 00:01:04 ago, via Serial1/1
Route metric is 20, traffic share count is 1
In this case, we configure on 3:
R3 # sh run | B r o
Router ospf 100
Redistribute rip subnets route-map wolf
!
Route-map wolf permit 10
Set tag 20
View the route tables of R2 and R1:
R1 # sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "ospf 100", distance 110, metric 20
Tag 20, type extern 2, forward metric 64
Redistributing via image100
Advertised by Kerberos 100 metric 10000 100 1 255 1500
Last update from 13.1.1.3 on Serial1/1, 00:00:33 ago
Routing Descriptor Blocks:
* 13.1.1.3, from 3.3.3.3, 00:00:33 ago, via Serial1/1
Route metric is 20, traffic share count is 1
R2 # sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "Kerberos 100", distance 170, metric 2195456
Tag 20, type external
Redistributing via image100
Last update from 12.1.1.1 on Serial1/1, 00:02:15 ago
Routing Descriptor Blocks:
* 12.1.1.1, from Fig, 00:02:15 ago, via Serial1/1
Route metric is 2195456, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 1/255, minimum MTU 1500 bytes
Loading 255/255, Hops 1
After arriving at R1, discard the tagged route: Configure on R1:
R1 # sh run | B r e
Router VPN 100
Redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccnp
!
Route-map ccnp deny 10
Match tag 20
!
Route-map ccnp permit 20
Now, check the route table of R2:
R2 # sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D ex 1.1.1.0 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D ex 3.3.3.3 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D ex 13.1.1.0 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1

Case 3: TCP/IP volume 1 Experiment ------ routing policy

Lab requirements:

1: configure policy routes for Router A in Figure 14-14 that forward packets from subnets 172.16.1.0/28 through 172.16.1.112/28 to Router D and forward packets from subnets 172.16.1.128/28 through Router/28 to Router e.
2: Configure policy routes for Router A in Figure 14-14 so that packets from subnets 172.16.1.64/28 through 172.16.1.112/28 are forwarded to Router D if they are already ed from Router C. if packets from the same subnets are already ed from Router B, forward them to Router E. all other packets shocould be forwarded normally.
3: Configure policy routes for Router A in Figure 14-14 that will forward any packets destined for subnets 172.16.1.0/28 through 172.16.1.240/28, sourced from an SMTP port, to Router C. route any other UDP packets destined for the same subnets to Router B. no other packets shocould be forwarded to Routers C or B by either the policy routes or the normal routing protocol.
After the initial configuration is complete, the route tables of RB, RC, RD, And RE are:
RB:
RB # sh ip ro OS
172.16.0.0/16 is variably subnetted, 36 subnets, 3 masks
O 172.16.1.178/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.162/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.146/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.130/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.242/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.226/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.210/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.194/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.50/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.34/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.16/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.18/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.8/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.12/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.2/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.114/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.98/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.82/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.66/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
RC:
RC # sh ip ro OS
172.16.0.0/16 is variably subnetted, 36 subnets, 3 masks
O 172.16.1.177/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.161/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.145/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.129/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.241/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.225/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.209/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.193/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.49/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.33/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.16/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.17/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.4/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.1/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.12/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.113/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.97/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.81/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.65/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
RD:
RD # sh ip ro OS
172.16.0.0/16 is variably subnetted, 36 subnets, 2 masks
O 172.16.1.177/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.178/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.161/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.162/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.145/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.146/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.129/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.130/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.241/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.242/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.225/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.226/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.209/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.210/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.193/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.194/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.49/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.50/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.33/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.34/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.17/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.18/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.14.4/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.14.8/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.1/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.14.12/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.2/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.113/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.114/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.97/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.98/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.81/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.82/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.65/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.66/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2