12-30-2015
07:04 PM
- last edited on
07-14-2023
04:01 AM
by
Translator
Hi,
I am searching for this over the internet but couldn't find a good answer: When does
route-map
implicit deny apply?
I knew for BGP route advertisement, a
no-match route
is discarded with implicit deny at the end of
route-map
whereas PBR skips the
no-match packet
and let it go through as it does without the PBR.
Can anyone explain the logic behind
route-map
implicit deny and list out cases when it applies? Thanks in advance!
Solved! Go to Solution.
12-30-2015
07:37 PM
- last edited on
07-14-2023
04:04 AM
by
Translator
Hi,
Please see this link below for a good explanation
http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19
it is very similar to an ACL, there is always an implicit deny at the end of the
route map
for example in
redistribution
in this case BGP into EIGRP
route-map BGP permit 10
match ip address 55 < Access-list 55 contains the routes we want to redistribute
Now according to the document in the link above there is an implicit deny as below that is not seen in the configuration
route-map BGP deny 65536
match ip address all_routes <denies everything else
router eigrp 100
redistribute bgp 64571 route-map BGP
HTH
Richard
12-30-2015
08:35 PM
- last edited on
07-14-2023
04:09 AM
by
Translator
Hello,
Route-map
is used for matching. It can be used for matching the traffic or matching the routes or different criteria.
You can define several
route-maps
with the same name and different numbers.
Route-map test permit 10
match criteria
set action
Route-map test permit 20
match criteria
set action
[ the nest one is implicitly exist. You do need to specify it]
Route-map test deny 30
match all
Remember, you use
route-map
for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).
Route-map
is done here, match or not match
Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the
route-map
1- In matching route in routing protocols.
Match= advertise ( it is general, there is many other cases)
not match= deny to advertise
2- In policy route-map
Matched traffic will be routed based on the next hop on
route map
command, "NOT match" will be checked against the global routing table( you see the treatment is different. "Not match" is not necessarily deny)
Hope it helps,
Masoud
12-30-2015
07:37 PM
- last edited on
07-14-2023
04:04 AM
by
Translator
Hi,
Please see this link below for a good explanation
http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19
it is very similar to an ACL, there is always an implicit deny at the end of the
route map
for example in
redistribution
in this case BGP into EIGRP
route-map BGP permit 10
match ip address 55 < Access-list 55 contains the routes we want to redistribute
Now according to the document in the link above there is an implicit deny as below that is not seen in the configuration
route-map BGP deny 65536
match ip address all_routes <denies everything else
router eigrp 100
redistribute bgp 64571 route-map BGP
HTH
Richard
12-30-2015
08:06 PM
- last edited on
07-14-2023
04:05 AM
by
Translator
Thanks Richard,
If
route maps
are applied in a
policy-routing
environment, packets that do not meet the match criteria are then forwarded according to the route table.
So I guess
policy-routing
is the only special case or we can say "denied by PBR means no PBR". Many thanks.
12-30-2015
08:35 PM
- last edited on
07-14-2023
04:09 AM
by
Translator
Hello,
Route-map
is used for matching. It can be used for matching the traffic or matching the routes or different criteria.
You can define several
route-maps
with the same name and different numbers.
Route-map test permit 10
match criteria
set action
Route-map test permit 20
match criteria
set action
[ the nest one is implicitly exist. You do need to specify it]
Route-map test deny 30
match all
Remember, you use
route-map
for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).
Route-map
is done here, match or not match
Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the
route-map
1- In matching route in routing protocols.
Match= advertise ( it is general, there is many other cases)
not match= deny to advertise
2- In policy route-map
Matched traffic will be routed based on the next hop on
route map
command, "NOT match" will be checked against the global routing table( you see the treatment is different. "Not match" is not necessarily deny)
Hope it helps,
Masoud
12-30-2015 09:26 PM
Thanks Masoud, that is clear and nicely adds up our verdict here!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: