Solved: route-map with prefix-list question

jon_panes24 · ‎01-21-2015

hi,

i will be doing BGP filtering, so I tested it first on a lab scenario GNS3

R1------R2

on R1 i advertised 3 static networks(ip route 55.55.55.55 255.255.255.255 null0,ip route 66.66.66.66 255.255.255.255 null0,ip route 77.77.77.77 255.255.255.255 null0) via redistribution to R2. On R2 I configured this prefix list on R2

ip prefix-list filter-thirtytwo: 2 entries
seq 5 deny 55.0.0.0/8 ge 32
seq 20 permit 0.0.0.0/0 le 32

I applied the prefix-list as an incoming filter

neighbor <IP address of R1> prefix-list filter-thirtytwo in

It worked. I dont see the 55.55.55.55/32 on the routing table.

Using the same prefix-list above I tied it to this route-map:

route-map filter-R1 permit 10
match ip address prefix-list filter-thirtytwo
set metric 10000
route-map filter permit 20
set metric 20000

My understanding based on the route-map is that I will still be denying the 55.55.55.55/32 network other than that set metric for all other routes to 10000. The sequence 20 of my route-map should be used since there is already a permit all based on my prefix-list.

I applied it to R2 as an incoming route-map filter:

neighbor <IP address of R1> route-map filter-R1 in

I thought that this would work but based on my show ip route:

Gateway of last resort is not set

55.0.0.0/32 is subnetted, 1 subnets
B 55.55.55.55 [20/20000] via 10.1.1.1, 00:00:14
66.0.0.0/32 is subnetted, 1 subnets
B 66.66.66.66 [20/10000] via 10.1.1.1, 00:00:14
77.0.0.0/24 is subnetted, 1 subnets
B 77.77.77.0 [20/10000] via 10.1.1.1, 00:00:14

The network 55.55.55.55/32 which I was supposed to be denying based on my prefix-list showed with a metric of 20000, this means seq 20 of my route-map was used which was not supposed to be used at all. Based on my prefix-list I have a deny statement for the 55.55.55.55/32 network and a permit all networks.

cant route-maps be used this way?

hope that someone could help

thanks and regards

jonathan

Jon Marshall · ‎01-21-2015

Jonathan

This is normal behaviour.

When a route map is using a permit statement then within that statement if there is a match in an acl or prefix list with a deny line it simply stops processing within that statement ie. it does not apply any of the set commands within that statement.

If there are other statements it moves onto the next one which is exactly what is happening in your example.

The easiest way of rewriting your route map is to not have a set statement in your second statement and then as you say everything is matched in the first statement except 55.55.55.55 which would fall through to the next statement.

If you didn't want to do that but still not apply a metric to 55.55.55.55 then you could have separate prefix lists for that route and everything else and then within a permit statement match just 55.55.55.55 but don't have a set statement.

That would stop it processing any further and it would just enter your BGP table with the metric it already had

Hope that makes sense.

Jon

View solution in original post

Henrik Grankvist · ‎01-21-2015

If you want to do the same thing as with just the prefix-list but use a route-map instead, you would have to do the following:

ip prefix-list FILTER_PL permit 55.0.0.0/8 ge 32

route-map filter-R1 deny 10
 match ip address prefix-list FILTER_PL
route-map filter permit 20
 set metric 10000

Subnets that are permitted by the prefix-list is processed by the route-map.

Subnets that are denied by the prefix-list are not processed by that sequence number of the route-map and will be able to be processed by the next sequence number in the route-map.

So to make it easy for yourself; always use permit in the prefix-list and then make the decision to permit or deny the traffic in the route-map.