cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10117
Views
11
Helpful
4
Replies

Route-map implicit deny

Quang Do Xuan
Beginner
Beginner

Hi,

I am searching for this over the internet but couldn't find a good answer: When does

route-map

implicit deny apply?

I knew for BGP route advertisement, a

no-match route

is discarded with implicit deny at the end of

route-map

whereas PBR skips the

no-match packet

and let it go through as it does without the PBR.

Can anyone explain the logic behind

route-map

implicit deny and list out cases when it applies? Thanks in advance!

2 Accepted Solutions

Accepted Solutions

Richard Bradfield
Frequent Contributor
Frequent Contributor

Hi,

Please see this link below for a good explanation

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19

it is very similar to an ACL, there is always an implicit deny at the end of the

route map

for example in

redistribution 

in this case BGP into EIGRP

route-map BGP permit 10
match ip address 55  < Access-list 55 contains the routes we want to redistribute

Now according to the document in the link above there is an implicit deny as below that is not seen  in the configuration

route-map BGP deny 65536

match ip address all_routes <denies everything else

router eigrp 100
redistribute bgp 64571 route-map BGP 

HTH

Richard

 

 

View solution in original post

Hello,

Route-map

is used for matching. It can be used for matching the traffic or matching the routes or different criteria.

You can define several

route-maps

with the same name and different numbers. 

Route-map  test permit 10

match criteria

set action

Route-map  test permit 20

match criteria

set action

[ the nest one is implicitly exist. You do need to specify it]

Route-map  test deny 30

match all

Remember, you use

route-map

for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).

Route-map

is done here, match or not match

Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the

route-map
1- In matching route in routing protocols.

Match= advertise ( it is general, there is many other cases)

not match= deny to advertise

2- In policy route-map

Matched traffic will be routed based on the next hop on

route map

command,  "NOT match" will be checked against the global routing table( you see the treatment is different.  "Not match" is not necessarily deny)

Hope it helps,

Masoud

 

 

View solution in original post

4 Replies 4

Richard Bradfield
Frequent Contributor
Frequent Contributor

Hi,

Please see this link below for a good explanation

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19

it is very similar to an ACL, there is always an implicit deny at the end of the

route map

for example in

redistribution 

in this case BGP into EIGRP

route-map BGP permit 10
match ip address 55  < Access-list 55 contains the routes we want to redistribute

Now according to the document in the link above there is an implicit deny as below that is not seen  in the configuration

route-map BGP deny 65536

match ip address all_routes <denies everything else

router eigrp 100
redistribute bgp 64571 route-map BGP 

HTH

Richard

 

 

Thanks Richard,

If

route maps

are applied in a

policy-routing

environment, packets that do not meet the match criteria are then forwarded according to the route table.

So I guess

policy-routing

is the only special case or we can say "denied by PBR means no PBR". Many thanks.

Hello,

Route-map

is used for matching. It can be used for matching the traffic or matching the routes or different criteria.

You can define several

route-maps

with the same name and different numbers. 

Route-map  test permit 10

match criteria

set action

Route-map  test permit 20

match criteria

set action

[ the nest one is implicitly exist. You do need to specify it]

Route-map  test deny 30

match all

Remember, you use

route-map

for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).

Route-map

is done here, match or not match

Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the

route-map
1- In matching route in routing protocols.

Match= advertise ( it is general, there is many other cases)

not match= deny to advertise

2- In policy route-map

Matched traffic will be routed based on the next hop on

route map

command,  "NOT match" will be checked against the global routing table( you see the treatment is different.  "Not match" is not necessarily deny)

Hope it helps,

Masoud

 

 

Thanks Masoud, that is clear and nicely adds up our verdict here!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: