09-29-2011 06:18 AM - edited 03-07-2019 02:30 AM
Hi,
i am reading Route-map and get struck in the middle by the below doubts.Please someone help me with the answers.
1)My first question is like access-list implicit deny at last,does Route-map also have an implicit deny?
2)This is my second question,I have posted the description below which i read in cisco site and i dont understand the meaning.
Each ACL ends with an implicit deny statement, by design convention; there is no similar convention for route-maps. If the end of a route-map is reached during matching attempts, the result depends on the specific application of the route-map. Fortunately, route-maps that are applied to redistribution behave the same way as ACLs: if the route does not match any clause in a route-map then the route redistribution is denied, as if the route-map contained deny statement at the end.
Solved! Go to Solution.
11-03-2011 01:17 PM
11-04-2011 05:35 AM
09-29-2011 06:26 AM
Hi,
1) Yes there is
2) it depends of the usage of the route-map.route-map statements are always processed top-down and once there is a match the processing ends but if there is no match then the implicit deny is matched and in case of redistribution this means no redistribution, in case of PBR it means normal routing, in case of BGP path attributes manipulation it means no advertisement in the update.
Regards.
Alain.
09-29-2011 06:36 AM
Alain,
So you are saying that like accesslist,even route-map has implicit deny at the end in all the occassions right.And can you please elaborate your second answer.
Thanks,
Sathya
09-29-2011 07:02 AM
Hi,
yes that is what I'm saying.
for answer 2: let's suppose we want to use a route-map for PBR then we don't need to use an explicit permit all clause at the end because traffic not matched by explicit permits will just follow the regular RIB and will not be policy routed.
But if we want to modify Local_Pref to influence outbound path in case of 2 paths to same prefix in BGP then we need a catch-all explicit permit at the end otherwise we will not use this path for other prefixes we didn't modify the attribute for.
If that is not clear enough I'll post an example.
Regards.
Alain.
09-29-2011 08:06 AM
Alain,
its better you can post an example.because i partially understood.
And my final question is,can we apply route map outbound because some cisco document says that applying route map outbound will not have any effect.Always it has effect it we apply it inbound...Is it true?
Thanks,
Sathya
09-29-2011 08:36 AM
Cadet is 100% right. But remember when you are reading a route-map it finds the first match and then stops. If there is no match than whatever the route-map is used for will not be included in what you are doing. I'll include a PBR example.
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
route-map LAN1-to-LAN2
match ip address 101
set next-hop x.x.x.x
If you also have lets say, the network 192.168.5.0 on your LAN, it will not match this PBR route-map and therefore will not be included. That doesn't mean that traffic will be denied, but it will just not match the PBR route-map. So it will not go to a next hop of x.x.x.x but will continue normal routing.
Cadet also talked about Local Preference being used.
If you configured a route-map for a group of prefixes but only 3 out of 5 match the route-map than only 3 out of the 5 will have the specified local preference value. So if you gave it a local preference of 500, then 2 out of the 5 will not have that higher local preference and will not go out whatever path it's used for.
11-03-2011 11:07 AM
Ho Alain,
can you please post one example for your above explanation if possible?
Thanks
Sathya
11-03-2011 12:17 PM
Hi,
1)PBR( policy based routing): no need for a last permit all route-map statement because if ther is no match then traffic is simply not policy based routed.
2) BGP path attribute modification: you have 2 links with ISPs and you are doing eBGP on both and advertising some prefix to both but you want some prefix to always go via one path and the others via the other path;
Then you're gonna set the local preference of the prefix you want to go via link A to a value higher than the other prefixes and apply this route-map inbound like this:
ip prefix-list TEST permit 192.168.1.0/24
route-map TEST permit 10
match ip address prefix-list TEST
set local-preference 120
route-map TEST permit 20
router bgp 100
neighbour 10.1.1.1 remote-as 120
neighbour 10.1.1.1 route-map TEST in
If the second statement in the route-map wasn't configured then all prefixes except 192.168.1.0/24 wouldn't be installed in the BGP table and so would be inaccessible.
Hope this clears things up and if not don't hesitate to ask further info.
Alain
11-03-2011 01:04 PM
so is it like if we dont configure the second statement then the network other than 192.168.1.0/24 will be inaccessible on Link A alone or on both the links(link A and Link B).Beacuse as you said that the route map is only for the Link A rite so it should be accessible on the other lin rite?
Please advice
Thnaks,
Sathya
11-03-2011 01:17 PM
yep,
that's right.
Alain
11-04-2011 05:17 AM
so you meant that it will be accessible on the other link rite?
11-04-2011 05:35 AM
Hi,
that's correct.
Alain.
11-04-2011 10:12 AM
Thanks Alain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide