8.7 The Routing Process
8.7.4 BGP route maps

Input and output policies are defined, generally, using route maps. Route maps are used with BGP to control and modify routing information and to define the conditions by which routes are redistributed between routing domains.

The format of a route map follows:

route-map map-tag [[permit | deny] | [sequence-number]]

The map tag is a name that identifies the route map; the sequence number indicates the position that an instance of the route map is to have in relation to
other instances of the same route map. (Instances are ordered sequentially.)

You might, for example, use the following commands to define a route map named MYMAP:

route-map MYMAP permit 10
! First set of conditions goes here.
route-map MYMAP permit 20
! Second set of conditions goes here.

When BGP applies MYMAP to routing updates, it applies the lowest instance first (in this case, instance 10). If the first set of conditions is not met, the second
instance is applied, and so on, until either a set of conditions has been met, or there are no more sets of conditions to apply.

The condition portion of a route map is set by using the match and set commands. The match command specifies criteria that must be matched, and the set command specifies an action that is to be taken if the routing update meets the conditions defined by the match command.

Following is an example of a simple route map:

route-map MYMAP permit 10
match ip address 1
set metric 5
access-list 1 permit 1.1.1.0 0.0.0.255

The access list is a way to identify routes. There are two types of access lists, standard and extended; the main difference is that a standard access list is applied to the source IP address, whereas an extended access list is normally applied to the source and destination of a packet. When used to filter routes within BGP, however, the first address/wildcard bit set given in an extended access list applies to the prefix, and the second address/wildcard bit set applies to the subnet mask of the advertised route. The following global command defines a standard access list:

access-list access-list-number {deny | permit} source [source-wildcard]

A standard access list is used to match on a particular source IP network or host, to permit or deny a specific routing update. The access list number falls between 1 and 99.

In this example, access-list 1 identifies all routes of the form 1.1.1.x (note the inverse mask notation 0.0.0.255). A routing update of the form 1.1.1.x will match the access list and will be propagated (because of the permit keyword) with a metric set to 5. The logic will then break out of the list of route map instances because a match has occurred.

When an update does not meet the criteria of a route map instance, BGP applies the next instance, and so on, until an action is taken, or there are no more route map instances to apply. If the update does not match in any instance, the update is not controlled.

The route map can be applied on the incoming (in) or the outgoing (out) BGP updates. The following is an example of the route map MYMAP applied on the outgoing updates toward BGP neighbor 172.16.20.2:

router bgp 1
neighbor 172.16.20.2 remote-as 3
neighbor 172.16.20.2 route-map MYMAP out