Configuring Route Policy Manager

This chapter contains the following sections:

About Route Policy Manager

Route Policy Manager supports route maps and IP prefix lists. These features are used for route redistribution. A prefix list contains one or more IPv4 or IPv6 network prefixes and the associated prefix length values. You can use a prefix list by itself in features such as Border Gateway Protocol (BGP) templates, route filtering, or redistribution of routes that are exchanged between routing domains.

Route maps can apply to both routes and IP packets. Route filtering and redistribution pass a route through a route map.

Prefix Lists

You can use prefix lists to permit or deny an address or range of addresses. Filtering by a prefix list involves matching the prefixes of routes or packets with the prefixes listed in the prefix list. An implicit deny is assumed if a given prefix does not match any entries in a prefix list.

You can configure multiple entries in a prefix list and permit or deny the prefixes that match the entry. Each entry has an associated sequence number that you can configure. If you do not configure a sequence number, Cisco NX-OS assigns a sequence number automatically. Cisco NX-OS evaluates prefix lists starting with the lowest sequence number. Cisco NX-OS processes the first successful match for a given prefix. Once a match occurs, Cisco NX-OS processes the permit or deny statement and does not evaluate the rest of the prefix list.


Note

An empty prefix list permits all routes.

MAC Lists

You can use MAC lists to permit or deny a MAC address or range of addresses. A MAC list consists of a list of MAC addresses and optional MAC masks. A MAC mask is a wild-card mask that is logically AND-ed with the MAC address when the route map matches on the MAC list entry. Filtering by a MAC list involves matching the MAC address of packets with the MAC addresses listed in the MAC list. An implicit deny is assumed if a given MAC address does not match any entries in a MAC list.

You can configure multiple entries in a MAC list and permit or deny the MAC addresses that match the entry. Each entry has an associated sequence number that you must configure. Cisco NX-OS evaluates MAC lists starting with the lowest sequence number. Cisco NX-OS processes the first successful match for a given MAC address. Once a match occurs, Cisco NX-OS processes the permit or deny statement and does not evaluate the rest of the MAC list.

Route Maps

You can use route maps for route redistribution. Route map entries consist of a list of match and set criteria. The match criteria specify match conditions for incoming routes or packets, and the set criteria specify the action taken if the match criteria are met.

You can configure multiple entries in the same route map. These entries contain the same route map name and are differentiated by a sequence number.

You create a route map with one or more route map entries arranged by the sequence number under a unique route map name. The route map entry has the following parameters:

  • Sequence number

  • Permission—permit or deny

  • Match criteria

  • Set changes

By default, a route map processes routes or IP packets in a linear fashion (that is, starting from the lowest sequence number). You can configure the route map to process in a different order using the continue statement, which allows you to determine which route map entry to process next.

Default Action for Sequences in a Route Map

The default action for any sequence in a route map is permit. The permit action is applied under the following situations:

  • When you configure a new sequence in a route map without explicitly specifying either permit or deny.

  • When you edit a configured sequence in a route map and do not specify an action. In this situation, the permit action is applied even if the edited route map was configured originally with deny. For example, assume sequence 10 was configured with deny. If you later edit sequence 10 without specifying deny again, the action for that sequence is set to permit.

When configuring or editing a sequence of a route map, always set the correct action. Failure to do so causes the default action, permit , to be applied.

Default Sequence Number for a Route Map

The default sequence number for a route-map with no specified sequence value is 10. If you create a new route-map without specifying a sequence number, by default the sequence number for the new route will be 10. The default sequence number is applied under the following situations as well:

  • Existing Route-map with Sequence Number 10: If a route-map already exists with sequence number 10 and you configure the same route-map again without specifying a sequence number, any modifications will be applied to sequence number 10 of that route-map.

  • Existing Route-map with other Sequence Numbers (20, 30, 40, and so on): If a route-map already has sequence numbers assigned (20, 30, 40, etc.) and you configure it again without specifying a sequence number, a new entry with sequence number 10 will be created for that route-map.

Match Criteria

You can use a variety of criteria to match a route or IP packet in a route map. Some criteria, such as BGP community lists, are applicable only to a specific routing protocol while other criteria, such as the IP source or the destination address, can be used for any route or IP packet.

When Cisco NX-OS processes a route or packet through a route map, it compares the route or packet to each of the match statements configured. If the route or packet matches the configured criteria, Cisco NX-OS processes it based on the permit or deny configuration for that match entry in the route map and any set criteria configured.

The match categories and parameters are as follows:

  • BGP parameters—Match based on AS numbers, AS-path, community attributes, or extended community attributes.

  • Prefix lists—Match based on an address or range of addresses.

  • Multicast parameters—Match based on rendezvous point, groups, or sources.

  • Other parameters—Match based on IP next-hop address or packet length.

Set Changes

Once a route or packet matches an entry in a route map, the route or packet can be changed based on one or more configured set statements.

The set changes are as follows:

  • BGP parameters—Change the AS-path, tag, community, extended community, dampening, local preference, origin, or weight attributes.

  • Metrics—Change the route-metric or the route-type.

  • Other parameters—Change the forwarding address or the IP next-hop address.

Access Lists

IP access lists can match the packet to a number of IP packet fields such as the following:

  • Source or destination IPv4 or IPv6 address

  • Protocol

  • Precedence

  • ToS

  • You can use ACLs in a route map for policy-based routing only.

AS Numbers for BGP

You can configure a list of AS numbers to match against BGP peers. If a BGP peer matches an AS number in the list and matches the other BGP peer configuration, BGP creates a session. If the BGP peer does not match an AS number in the list, BGP ignores the peer. You can configure the AS numbers as a list or a range of AS numbers, or you can use an AS-path list to compare the AS numbers against a regular expression.

AS-Path Lists for BGP

You can configure an AS-path list to filter inbound or outbound BGP route updates. If the route update contains an AS-path attribute that matches an entry in the AS-path list, the router processes the route based on the permit or deny condition configured. You can configure AS-path lists within a route map.

You can configure multiple AS-path entries in an AS-path list by using the same AS-path list name. The router processes the first entry that matches.

Community Lists for BGP

You can filter BGP route updates based on the BGP community attribute by using community lists in a route map. You can match the community attribute based on a community list, and you can set the community attribute using a route map.

A community list contains one or more community attributes. If you configure more than one community attribute in the same community list entry, the BGP route must match all community attributes listed to be considered a match.

You can also configure multiple community attributes as individual entries in the community list by using the same community list name. In this case, the router processes the first community attribute that matches the BGP route, using the permit or deny configuration for that entry.

You can configure community attributes in the community list in one of the following formats:

  • A named community attribute, such as internet or no-export .

  • In aa:nn format, where the first two bytes represent the two-byte AS number and the last two bytes represent a user-defined network number.

  • A regular expression.

Extended Community Lists for BGP

Extended community lists support 4-byte AS numbers. You can configure community attributes in the extended community list in one of the following formats:

  • In aa4:nn format, where the first four bytes represent the four-byte AS number and the last two bytes represent a user-defined network number.

  • A regular expression.

Cisco NX-OS supports generic specific extended community lists, which provide similar functionality to regular community lists for four-byte AS numbers. You can configure generic specific extended community lists with the following properties:

  • Transitive—BGP propagates the community attributes across autonomous systems.

  • Nontransitive—BGP removes community attributes before propagating the route to another autonomous system.

Configuring NX-OS BGP Large Communities

About NX-OS BGP Large Communities

NX-OS BGP supports only standard and extended communities. The use of a 4-byte ASN is limited to how you classify the routes as each standard communities have a limit of 4 bytes each and extended communities have a limit of 8 bytes. Out of 8 bytes, 2 bytes are used to define the community type and the remaining 6 bytes available. Large communities are standardized by an IETF RFC (8092) which allows you to define large communities that are 12 bytes in size and provides the flexibility in classification of BGP routes.

This feature provides the ability to classify routes from different data centers in different ASNs using communities to tag the routes. Large communities serve the purpose of classification of routes from different ASNs as they are each 12-bytes long. By adding support for RFC8092, NX-OS BGP will allow you the capability to classify the routes from 4-byte ASNs using standard route policy methods. It will also enable more flexibility in configuring networks and routing policies by removing the 4-byte restrictions of standard BGP communities.

Configuring Large Community List (Expanded)

The following are the steps to configure large community list in expanded form:

SUMMARY STEPS

  1. configure terminal
  2. ip large-community-list expanded
  3. ip large-community-list expanded list-name
  4. ip large-community-list expanded abcd seq
  5. ip large-community-list expanded abcd seq 10 {deny | permit }
  6. ip large-community-list expanded abcd seq 10 permit XX:YY:ZZ

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

ip large-community-list expanded

Example:
switch(config)# ip large-community-list
expanded

This option adds an expanded large community list entry.

Step 3

ip large-community-list expanded list-name

Example:
switch(config)# ip large-community-list expanded
list-name

This option provides the name of the expanded large community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters.

Step 4

ip large-community-list expanded abcd seq

Example:
switch(config)# ip large-community-list expanded abcd
seq

This option provides the sequence number of the entry.

Step 5

ip large-community-list expanded abcd seq 10 {deny | permit }

Example:
switch(config)# ip large-community-list expanded abcd seq 10
{deny | permit}

The first option specifies the large community to reject.

The second option specifies the large community to accept.

Step 6

ip large-community-list expanded abcd seq 10 permit XX:YY:ZZ

Example:
switch(config)# ip large-community-list expanded abcd seq 10 permit
XX:YY:ZZ

This option provides the regular expression which uses a XX:YY:ZZ format. XX can have a range of <0-4294967294> and is a four octet global administrator field which represents ASN. Whereas, YY and ZZ are four octet local data fields, which are defined by an owner of the ASN.

The ":" is a separator between global and local data fields.
Example
The following example shows how to create a large community list in expanded form:
switch(config)# ip large-community-list expanded abcd seq 10 permit ”^100:200:300$"
switch(config)# sh run rpm
<<SNIP>>
ip large-community-list expanded abcd seq 10 permit ”^100:200:300$"
Configuring Large Community List (Standard)

The following are the steps to configure large community list in standard form:

SUMMARY STEPS

  1. configure terminal
  2. ip large-community-list standard
  3. ip large-community-list standard list-name
  4. ip large-community-list standard efgh seq
  5. ip large-community-list standard efgh seq 15 {deny | permit }
  6. ip large-community-list standard efgh seq 15 deny XX:YY:ZZ

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

ip large-community-list standard

Example:
switch(config)# ip large-community-list
standard

This option adds a standard large community list entry.

Step 3

ip large-community-list standard list-name

Example:
switch(config)# ip large-community-list standard
list-name

This option provides the name of the standard large community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters.

Step 4

ip large-community-list standard efgh seq

Example:
switch(config)# ip large-community-list standard efgh
seq

This option provides the sequence number of the entry.

Step 5

ip large-community-list standard efgh seq 15 {deny | permit }

Example:
switch(config)# ip large-community-list standard efgh seq 15
{deny | permit}

The first option specifies the large community to reject.

The second option specifies the large community to accept.

Step 6

ip large-community-list standard efgh seq 15 deny XX:YY:ZZ

Example:
switch(config)# ip large-community-list standard efgh seq 15 deny
XX:YY:ZZ

This option provides the regular expression which uses a XX:YY:ZZ format. XX can have a range of <0-4294967294> and is a four octet global administrator field which represents ASN. Whereas, YY and ZZ are four octet local data fields, which are defined by an owner of the ASN.

The ":" is a separator between global and local data fields.
Example
The following example shows how to create a large community list in standard form:
switch(config-route-map)# ip large-community-list standard efgh seq 15 deny 1000300:123:456
switch(config)# sh run rpm
<<SNIP>>
ip large-community-list standard efgh seq 15 deny 1000300:123:456
Configuring Route-map Match for Large Community

The following are the steps to configure route-map match for large community:

SUMMARY STEPS

  1. configure terminal
  2. match large-community
  3. match large-community list-name
  4. match large-community abcd exact-match

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

match large-community

Example:
switch(config-route-map)# match
large-community

This option matches BGP large community list.

Step 3

match large-community list-name

Example:
switch(config-route-map)# match large-community
list-name

This option provides the name of the community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters.

Step 4

match large-community abcd exact-match

Example:
switch(config-route-map)# match large-community abcde
exact-match

This option does the exact matching of the communities.
Example
The following example shows how to create a large community list in expanded form:
switch(config-route-map)# sh run rpm
<<SNIP>>
route-map test permit 10
  match large-community abcd efgh
Configuring Route Map Set for Large Community

The following are the steps to configure route-map set for large community:

SUMMARY STEPS

  1. configure terminal
  2. set large-community-list
  3. set large-community-list list-name
  4. set large-community-list list-name delete
  5. set large-community {none | XX:YY:ZZ [additive ] | additive }

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

set large-community-list

Example:
switch(config-route-map)# set
large-community-list

This option sets BGP large community attribute.

Step 3

set large-community-list list-name

Example:
switch(config-route-map)# set large-community-list
list-name

This option sets the name of the large community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters.

Step 4

set large-community-list list-name delete

Example:
switch(config-route-map)# set large-community-list list-name
delete
Example:
switch(config-route-map)# sh run rpm
route-map test permit 10
set large-community-list list-name delete

This option deletes the matching large communities.

Step 5

set large-community {none | XX:YY:ZZ [additive ] | additive }

Example:
switch(config-route-map)# set large-community
{none | XX:YY:ZZ [additive] | additive}
switch(config-route-map)# set large-community
1000:1235:7629 200:30048:234 additive
Example:
switch(config-route-map)# sh run rpm
route-map test permit 10
set large-community additive
switch(config-route-map)# sh run rpm
route-map test permit 10
set large-community 1000300:123:456
switch(config-route-map)# sh run rpm
route-map test permit 10
set large-community none

This command sets the large-community attribute for a BGP route update.

  • The 'XX:YY:ZZ' option represents the large-community attribute in XX:YY:ZZ format and sets that value alone for a BGP route update. A maximum of 32 large-community attributes can be added in one set command.

  • The 'additive' option represents an addition to the existing large-community attribute, and is used along with the XX:YY:ZZ option. When used in this manner, it adds the XX:YY:ZZ attribute to the existing large-community attribute.

  • The 'none' option represents that no large-community attribute will be set.

Route Redistribution and Route Maps

You can use route maps to control the redistribution of routes between routing domains. Route maps match on the attributes of the routes to redistribute only those routes that pass the match criteria. The route map can also modify the route attributes during this redistribution using the set changes.

The router matches redistributed routes against each route map sequences. If there are multiple match statements under a route-map sequence, then the route must pass all the match criteria under that route-map sequence. If a route passes the match criteria defined in a route map sequence, then the set-actions defined in that sequences are executed. If the route does not match the criteria in a route-map sequence, then the router compares the route against subsequent route map sequence. This route evaluation against the route-map continues until a match is made, or the route is evaluated by all the sequences in the route map. Finally, if the route does not match against any of the route-map sequences, then the router denies acceptance of the route (for inbound route maps) or denies forwarding of the route (for outbound route maps).


Note

When you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map.

Guidelines and Limitations for Route Policy Manager

Route Policy Manager has the following configuration guidelines and limitations:

  • Names in the prefix-list are case-insensitive. We recommend using unique names. Do not use the same name by modifying upper-case and lowercase characters. For example, CTCPrimaryNetworks and CtcPrimaryNetworks are two different entries.

  • If no route map exists, all routes are denied.

  • If no prefix list exists, all routes are permitted.

  • When matching two irrelevant entities in the route-map entry, the permission (permit or deny) of the route-map entry decides the result for all the routes or packets. It also applies the set criteria of the route-map entry. For example, the following route-map, when associated with the BGP configuration, tries to match the ospf-area which results in permitting the irrelevant match and sets the metric to 100:
    route-map abc permit seq 10
match ospf-area 2
set metric 100

  • Without any match statement in a route-map entry, the permission (permit or deny) of the route-map entry decides the result for all the routes or packets.

  • If referred policies (for example, prefix lists) within a match statement of a route-map entry return either a no-match or a deny-match, Cisco NX-OS fails the match statement and processes the next route-map entry.

  • When you change a route map, Cisco NX-OS holds all the changes until you exit from the route-map configuration submode. Cisco NX-OS then sends all the changes to the protocol clients to take effect.

  • Cisco recommends that you do not have both IPv4 and IPv6 match statements in the same route-map sequence. If both are required, they should be specified in different sequences in the same route-map.

  • Because you can use a route map before you define it, verify that all your route maps exist when you finish a configuration change.

  • You can view the route-map usage for redistribution and filtering. Each individual routing protocol provides a way to display these statistics.

  • When you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map.

  • Route Policy Manager does not support MAC lists.

  • The maximum number of characters for ACL names in the ip access-list name command is 64. However, ACL names that are associated with RPM commands (such as ip prefix-list and match ip address) accept a maximum of only 63 characters.

  • BGP supports only specific match commands. For details, see the match commands table in the Configuring Route Maps section.

  • If you create an ACL named "prefix-list," it cannot be associated with a route map that is created using the match ip address command. The RPM command match ip address prefix-list makes the previous command (with the "prefix-list" ACL name) ambiguous.

  • You can configure only one ACL when using the match ip address command.

  • If policy is applied via config profile, it is not preferred to attempt unconfiguration (with short no form) of the particular CLI via normal CLI configuration mode. If any changes are required, unapply the profile first, and then modify the profile and apply again.

  • For any RPM profile, if you're planning to configure and apply the config profile ensure not to configure and unconfigure (with short no form) the same profile, if you wish to use "config profile" later.

  • If you configure standard ip community-list and ip large-community-list in multiple lines in config-profile, only the last configured line of that sequence persists. To execute these 2 commands, you need to configure all the community values and execute as a single command in config-profile.

  • Beginning with Cisco NX-OS Release 10.2(2)F, matching on tags for BGP NLRI (for inbound and outbound facing route-maps) is now supported. However, this is only intended for the use of the L2VPN EVPN address family in L4-7 service integration in VXLAN.

Default Settings for Route Policy Manager Parameters

The following table lists the default settings for Route Policy Manager.

Table 1. Default Route Policy Manager Parameters

Parameters

Default

Route Policy Manager

Enabled

Administrative distance

115

Configuring Route Policy Manager


Note

If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Configuring IP Prefix Lists

IP prefix lists match the IP packet or route against a list of prefixes and prefix lengths. You can create an IP prefix list for IPv4 and create an IPv6 prefix list for IPv6.

You can configure the prefix list entry to match the prefix length exactly or to match any prefix with a length that matches the configured range of prefix lengths.

Beginning with Cisco NX-OS Release 9.3(9), make sure to add the sequence number when configuring the prefix-list in the NDFC/config-profile/dual-stage configuration modes. Also, when modifying a sequence or inserting a new one, ensure that there is a gap in the sequence number, preferably in increments of 5 or 10, instead of assigning a continuous number.

For example: 
ip prefix-list allowprefix seq 10 permit 192.0.2.0/23 eq 24
ip prefix-list allowprefix seq 20 permit 209.165.201.0/27 eq 28

Note

Beginning with Cisco NX-OS Release 9.3.9, if prefix-list does not have sequence numbers in the config-profile ensure to add the sequence numbers before upgrading to that release or higher.

Use the ge and lt keywords to create a range of possible prefix lengths. The incoming packet or route matches the prefix list if the prefix matches and if the prefix length is greater than or equal to the ge keyword value (if configured) and less than or equal to the lt keyword value (if configured). When using the eq keyword, the value you set must be greater than the mask length for the prefix.

Use the mask keyword to define a range of possible contiguous or non-contiguous routes to be compared to the prefix address.

SUMMARY STEPS

  1. configure terminal
  2. { ip | ipv6 } prefix-list name description string
  3. {ip | ipv6} prefix-list name [ seq number ] [{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}] [ mask mask ]
  4. (Optional) show { ip | ipv6 } prefix-list name
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

{ ip | ipv6 } prefix-list name description string

Example:

switch(config)# ip prefix-list
AllowPrefix description allows
engineering server

Adds an information string about the prefix list.

Step 3

{ip | ipv6} prefix-list name [ seq number ] [{ permit | deny } prefix {[ eq prefix-length ] | [ ge prefix-length ] [ le prefix-length ]}] [ mask mask ]

Example:

switch(config)# ip prefix-list
AllowPrefix seq 10 permit 192.0.2.0/23 eq 24

switch(config)# ipv6 prefix-list
AllowIPv6Prefix seq 10 permit 2001:0DB8:: le 32
switch(config)# ip prefix-list
even permit 0.0.0.0/32 mask 0.0.0.1
switch(config)# ipv6 prefix-list
even permit 2001:0DB8::/64 mask ffff:1::

Creates an IPv4 or IPv6 prefix list or adds a prefix to an existing prefix list. The prefix-length is matched as follows:

  • eq —Matches the exact prefix-length . This value must be greater than the mask length.

  • ge —Matches a prefix length that is equal to or greater than the configured prefix-length .

  • le —Matches a prefix length that is equal to or less than the configured prefix-length .

  • mask —Specifies the bits of a prefix address in a prefix list that are compared to the bits of the prefix address used in routing protocols. This option is available for IPv6 prefix lists beginning with Cisco NX-OS Release 9.3(3) for Cisco Nexus 9200, 9300-EX, and 9300-FX platform switches and 9700-EX and 9700-FX line cards.

Step 4

(Optional) show { ip | ipv6 } prefix-list name

Example:

switch(config)# show ip prefix-list
AllowPrefix
 (Optional)

Displays information about prefix lists.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config
(Optional)

Saves this configuration change.

Example

This example shows how to create an IPv4 prefix list with two entries and apply the prefix list to a BGP neighbor: 

switch# configure terminal
switch(config)# ip prefix-list allowprefix seq 10 permit 192.0.2.0/23 eq 24
switch(config)# ip prefix-list allowprefix seq 20 permit 209.165.201.0/27 eq 28
switch(config)# router bgp 65535
switch(config-router)# neighbor 192.0.2.1/16 remote-as 65534
switch(config-router-neighbor)# address-family ipv4 unicast
switch(config-router-neighbor-af)# prefix-list allowprefix in

This example shows how to create an IPv4 prefix list with a match mask for all /24 odd IP addresses:

switch# configure terminal
switch(config)# ip prefix-list list1 seq 7 permit 22.1.1.0/24 mask 255.255.1.0
switch(config)# show route-map test
route-map test, permit, sequence 7
Match clauses:
ip address prefix-lists: list1
Set clauses:
extcommunity COST:igp:10:20
switch(config)# show ip prefix-list list1
ip prefix-list list1: 1 entries
seq 7 permit 22.1.1.0/24 mask 255.255.1.0

This example shows how to create an IPv4 prefix list that matches all subnets of 21.1.0.0/16 where the subnet prefix is 17 or greater. Due to the mask option, only those incoming prefixes where the first bit in the third octet is unset (even) will be matched. 

switch# configure terminal
switch(config)# ip prefix-list list1 seq 10 permit 21.1.0.0/16 ge 17 mask 255.255.1.0

Configuring MAC Lists

You can configure a MAC list to permit or deny a range of MAC addresses.

Beginning with Cisco NX-OS Release 10.4(2)F, make sure to add the sequence number when configuring the prefix-list in the NDFC/config-profile/dual-stage configuration modes. Also, when modifying a sequence or inserting a new one, ensure that there is a gap in the sequence number, preferably in increments of 5 or 10, instead of assigning a continuous number.

For example: 
mac-list AllowMac seq 5 permit 0022.5579.a4c1 ffff.ffff.0000
mac-list AllowMac seq 10 permit 0033.5510.a4c1 ffff.ffff.0000

Note

Beginning with Cisco NX-OS Release 10.4(2)F, if mac-list does not have sequence numbers in the config-profile ensure to add the sequence numbers before upgrading to that release or higher.

SUMMARY STEPS

  1. configure terminal
  2. mac-list name seq number {permit | deny } mac-address [mac-mask]
  3. (Optional) show mac-list name
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

mac-list name seq number {permit | deny } mac-address [mac-mask]

Example:

switch(config)# mac-list AllowMac seq 5 permit 0022.5579.a4c1 ffff.ffff.0000

Creates a MAC list or adds a MAC address to an existing MAC list. The seq range is from 1 to 4294967294. The mac-mask specifies the portion of the MAC address to match against and is in MAC address format.

Step 3

(Optional) show mac-list name

Example:

switch(config)# show mac-list name
 (Optional)

Displays information about prefix lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config
(Optional)

Saves this configuration change.

Configuring AS-path Lists

You can specify an AS-path list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the AS-path attribute of the route as an ASCII string, the permit or deny condition applies.

SUMMARY STEPS

  1. configure terminal
  2. ip as-path access-list name {deny | permit } expression
  3. (Optional) show {ip | ipv6 } as-path-access-list name
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

ip as-path access-list name {deny | permit } expression

Example:

switch(config)# ip as-path access-list
Allow40 permit 40

Creates a BGP AS-path list using a regular expression.

Step 3

(Optional) show {ip | ipv6 } as-path-access-list name

Example:

switch(config)# show ip
as-path-access-list Allow40
 (Optional)

Displays information about as-path access lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config
(Optional)

Saves this configuration change.

Example

This example shows how to create an AS-path list with two entries and apply the AS path list to a BGP neighbor: 

switch# configure terminal
switch(config)# ip as-path access-list AllowAS permit 64510
switch(config)# ip as-path access-list AllowAS permit 64496
switch(config)# copy running-config startup-config
switch(config)# router bgp 65535:20
switch(config-router)# neighbor 192.0.2.1/16 remote-as 65535:20
switch(config-router-neighbor)# address-family ipv4 unicast
switch(config-router-neighbor-af)# filter-list AllowAS in

Replacing BGP AS-path Attribute

The following procedures allow you to manipulate the BGP routing policy by modifying the BGP as-path attribute in inbound and outbound route maps.

Consider the following guidelines when replacing the BGP as-path attribute:

  • This feature is applicable to only eBGP neighbors on a per address family identifier (AFI) basis. If you attempt to configure the feature on iBGP neighbors, the configuration is ignored.

  • A route map with this feature can be applied to both the inbound and outbound sides of a BGP neighbor.

  • This feature supports any combination of AS_SET, AS_SEQUENCE, CONFED_SET, and CONFED_SEQUENCE.

  • When interacting with a BGP speaker that supports only a 2-byte AS, the 4-byte AS number is replaced by the reserved 2-byte AS number 23456.

  • If a confederation indentifier is configured, consider using the confederation indentifier as the local ASN in the CLI when interacting with a peer that is outside the confederation. When interacting with a peer belonging to the same confederation, consider using the process ASN in the router bgp asn command.

  • When the BGP local-as feature is configured, the configured local-as will be considered as local ASN in the CLI.

  • For outbound route-maps, the local ASN will always be prepended to the resulting as_path from the CLI.

  • A maximum of 32 AS numbers can be configured in a set as-path or set as-path replace command.

  • Only one of these options can be configured under one route-map sequence: set as-path , set as-path prepend , and set as-path replace .

  • If remove-private-as is configured, it will be applied before applying the new route-map commands on the outbound side.

  • If as-override is configured, it will be applied after applying the new route-map commands on the outbound side.

  • AS_PATH loop checks will execute on the original AS_PATH before the new route-map commands are applied on both inbound and outbound sides. These checks can be relaxed by using allow-as in on the inbound side and disable-peer-as-check on the outbound side.

Replacing the Complete AS-path

Use this procedure to modify the AS-path in an incoming or outgoing BGP update to a custom AS-path. You can also remove the AS-path completely.

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [permit | deny] [seq]

Example:
switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

[no] set as-path { none | {as-number | remote-as | local-as}+ ] }

Example:
switch(config-route-map)# set as-path 11 local-as remote-as 13

Replaces AS_PATH with a list of custom ASNs or clears the AS_PATH. The command options are:

  • as-number : The specified AS number.

  • remote-as : The AS number of the BGP peer.

  • local-as : The local AS number.

The none keyword removes the AS-path completely.

Example

In the following examples, these values are assumed:

  • The original AS_PATH is 10 20 30 40 50 60.

  • The local-as is 100.

  • The remote-as is 200.

This example shows how to specify a custom AS-path. This command will change the AS-path to 11 100 200 13 200 10.10 65535. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path 11 local-as remote-as 13 remote-as 10.10 65535

This example shows how to clear the AS-path. This command will cause the AS-path to be empty. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path none

Replacing Selected AS Numbers in the AS-path

Use this procedure to replace specific AS numbers in the AS-path and replace them with custom AS numbers in an incoming or outgoing BGP update. You can also specify private-as as a match keyword. In this case, any instance of a private-as is matched and can be replaced or removed.

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:
switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [permit | deny] [seq]

Example:
switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

[no] set as-path replace {asn_list | private-as} [with {as-number | remote-as | none}]

Example:
switch(config-route-map)# set as-path replace 1, 2, private-as with remote-as

If the with keyword is not specified, substitute the local-as for any instance of an ASN mentioned in the comma separated asn_list, or for any private-as if the private-as keyword is specified.

If the with keyword is specified, substitute the value after the with keyword for any matched ASN, or any private-as if the private-as keyword is specified.

The command options following the with keyword are:

  • as-number : The matched values are replaced by the specified AS number.

  • remote-as : The matched values are replaced by the AS number of the BGP peer.

  • none : The matched values are removed from the AS-path.

Example

In the following examples, these values are assumed:

  • The original AS_PATH is 1 5 2 10.10 65534 20.

  • The local-as is 100.

  • The remote-as is 200.

This example shows how to replace two specific ASNs and a private-as with the local-as. This command will change the AS-path to 100 5 100 10.10 100 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as

This example shows how to replace two specific ASNs and a private-as with the neighbor's ASN (remote-as). This command will change the AS-path to 200 5 200 10.10 200 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as with remote-as

This example shows how to remove two specific ASNs and a private-as. This command will change the AS-path to 5 10.10 20. 


switch# configure terminal
switch(config)# route-map Testmap permit 10
switch(config-route-map)# set as-path replace 1, 2, private-as with none

Configuring Community Lists

You can use community lists to filter BGP routes based on the community attribute. The community number consists of a 4-byte value in the aa:nn format. The first two bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.

When you configure multiple values in the same community list statement, all community values must match to satisfy the community list filter. When you configure multiple values in separate community list statements, the first list that matches a condition is processed.

Use community lists in a match statement to filter BGP routes based on the community attribute.

SUMMARY STEPS

  1. configure terminal
  2. Enter one of the following:
    • ip community-list standard list-name {deny | permit } [community-list ] [internet ] [local-AS ] [no-advertise ] [no-export ] [graceful-shutdown ] [blackhole ]

      or

    • ip community-list expanded list-name {deny | permit } expression
  3. (Optional) show ip community list name
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

Enter one of the following:

  • ip community-list standard list-name {deny | permit } [community-list ] [internet ] [local-AS ] [no-advertise ] [no-export ] [graceful-shutdown ] [blackhole ]

    or

  • ip community-list expanded list-name {deny | permit } expression

Example:

switch(config)# ip community-list
standard BGPCommunity permit
no-advertise 65535:20

or 

switch(config)# ip community-list
expanded BGPComplex deny
50000:[0-9][0-9]

The first option creates a standard BGP community list. The list-name can be any case-sensitive, alphanumeric string up to 63 characters. The community-list can be one or more communities in the aa:nn format.

The second option creates an expanded BGP community list using a regular expression.

Step 3

(Optional) show ip community list name

Example:

switch(config)# show ip community-list
BGPCommunity
 (Optional)

Displays information about community lists.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config
(Optional)

Saves this configuration change.

Example

This example shows how to create a community list with two entries: 

switch# configure terminal
switch(config)# ip community-list standard BGPCommunity permit no-advertise 65535:20
switch(config)# ip community-list standard BGPCommunity permit local-AS no-export
switch(config)# copy running-config startup-config

Configuring Extended Community Lists

You can use extended community lists to filter BGP routes based on the community attribute. The community number consists of a 6-byte value in the aa4:nn format. The first four bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.

When you configure multiple values in the same extended community list statement, all extended community values must match to satisfy the extended community list filter. When you configure multiple values in separate extended community list statements, the first list that matches a condition is processed.

Use extended community lists in a match statement to filter BGP routes based on the extended community attribute.


Note

Configure extcommunity in AS2:NN or AS4:NN (as-plain) formats always.

Beginning with NX-OS release 10.4(3)F, you can configure extcommunity in AS.dot format.

SUMMARY STEPS

  1. configure terminal
  2. Enter one of the following:
    • ip extcommunity-list standard list-name {deny | permit } seq 5 4byteas-generic {transitive | nontransitive } community1 [community2... ] rt 2:2 soo 3:3

      or

    • ip extcommunity-list expanded list-name seq 5 {deny | permit } expression
  3. ip extcommunity-list standard commext seq 5 permit 4byteas-generic transitive 1:1 rt 2:2 soo 3:3
  4. (Optional) show ip community-list name
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

Enter one of the following:

  • ip extcommunity-list standard list-name {deny | permit } seq 5 4byteas-generic {transitive | nontransitive } community1 [community2... ] rt 2:2 soo 3:3

    or

  • ip extcommunity-list expanded list-name seq 5 {deny | permit } expression

Example:

switch(config)# ip extcommunity-list
standard BGPExtCommunity seq 5 permit
4byteas-generic transitive 65535:20 rt 2:2 soo 3:3

or 

switch(config)# ip extcommunity-list
expanded BGPExtComplex seq 5 deny
1.5:[0-9][0-9]

The first option creates a standard BGP extended community list. The community can be one or more extended communities in the aa4:nn format.

The second option creates an expanded BGP extended community list using a regular expression.

Step 3

ip extcommunity-list standard commext seq 5 permit 4byteas-generic transitive 1:1 rt 2:2 soo 3:3

Example:

switch(config)# ip extcommunity-list standard commext seq 5 permit 4byteas-generic transitive 1:1 rt 2:2 soo 3:3

Sequence number is added as an input parameter to the CLI.

Henceforth, you must enter the input sequence number while configuring extcommunity lists.

Note

 

For config replace, the user config file must contain a valid running configuration collected from a device. It can be collected from a device running any NX-OS image label. It must be a valid file that which is not tampered manually.

Step 4

(Optional) show ip community-list name

Example:

switch(config)# show ip community-list
BGPCommunity
 (Optional)

Displays information about extended community lists.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config
startup-config
(Optional)

Saves this configuration change.

Example

This example shows how to create a generic specific extended community list: 

switch# configure terminal
switch(config)# ip extcommunity-list standard test1 seq 5 permit 4byteas-generic transitive
65535:40 65535:60
switch(config)# copy running-config startup-config

Configuring Route Maps

You can use route maps for route redistribution or route filtering. Route maps can contain multiple match criteria and multiple set criteria.

Configuring a route map for BGP triggers an automatic soft clear or refresh of BGP neighbor sessions.

SUMMARY STEPS

  1. configure terminal
  2. route-map map-name [permit | deny] [seq]
  3. (Optional) continue seq
  4. (Optional) exit
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

route-map map-name [permit | deny] [seq]

Example:

switch(config)# route-map Testmap permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

(Optional) continue seq

Example:

switch(config-route-map)# continue 10
(Optional)

Determines what sequence statement to process next in the route map. Used only for filtering and redistribution.

Step 4

(Optional) exit

Example:

switch(config-route-map)# exit
(Optional)

Exits route-map configuration mode.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config-route-map)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Example

You can configure the following optional match parameters for route maps in route-map configuration mode:


Note

The default-information originate command ignores match statements in the optional route map.

Command

Purpose

match as-path name [ name...]

Example:

switch(config-route-map)# match as-path Allow40

Matches against one or more AS-path lists. Create the AS-path list with the ip as-path access-list command.

match as-number { number [,number...] | as-path-list name [ name... ]}

Example:

switch(config-route-map)# match as-number 33,50-60

Matches against one or more AS numbers or AS-path lists. Create the AS-path list with the ip as-path access-list command. The number range is from 1 to 65535. The AS-path list name can be any case-sensitive, alphanumeric string up to 63 characters.

match community name [name... ][ exact-match ]

Example:

switch(config-route-map)# match community BGPCommunity

Matches against one or more community lists. Create the community list with the ip community-list command.

match extcommunity name [name... ][ exact-match ]

Example:

switch(config-route-map)# match extcommunity BGPextCommunity

Matches against one or more extended community lists. Create the community list with the ip extcommunity-list command.

match interface interface-type number [ interface-type number...]

Example:

switch(config-route-map)# match interface e 1/2

Matches any routes that have their next hop out one of the configured interfaces. Use ? to find a list of supported interface types.

Note

 

BGP does not support this command.

match ip address prefix-list name [ name... ]

Example:

switch(config-route-map)# match ip address prefix-list AllowPrefix

Matches against one or more IPv4 prefix lists. Use the ip prefix-list command to create the prefix list.

match ipv6 address prefix-list name [ name... ]

Example:

switch(config-route-map)# match ip address prefix-list AllowIPv6Prefix

Matches against one or more IPv6 prefix lists. Use the ipv6 prefix-list command to create the prefix list.

match ip multicast [ source ipsource ] [[ group ipgroup] [ rp iprp ]]

Example:

switch(config-route-map)# match ip multicast rp 192.0.2.1

Matches an IPv4 multicast packet based on the multicast source, group, or rendezvous point.

Note

 

BGP does not support this command.

match ipv6 multicast [source ipsource ][[ group ipgroup ] [ rp iprp ]]

Example:

switch(config-route-map)# match ip multicast source 2001:0DB8::1

Matches an IPv6 multicast packet based on the multicast source, group, or rendezvous point.

Note

 

BGP does not support this command.

match ip next-hop prefix-list name [ name ... ]

Example:

switch(config-route-map)# match ip next-hop prefix-list AllowPrefix

Matches the IPv4 next-hop address of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.

match ipv6 next-hop prefix-list name [ name ... ]

Example:

switch(config-route-map)# match ipv6 next-hop prefix-list AllowIPv6Prefix

Matches the IPv6 next-hop address of a route to one or more IP prefix lists. Use the ipv6 prefix-list command to create the prefix list.

match ip route-source prefix-list name [ name ...]

Example:

switch(config-route-map)# match ip route-source prefix-list AllowPrefix

Matches the IPv4 route source address of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.

match ipv6 route-source prefix-list name [ name ...]

Example:

switch(config-route-map)# match ipv6 route-source prefix-list AllowIPv6Prefix
 Matches the IPv6 route-source address of a route to one or more IP prefix lists. Use the ipv6 prefix-list command to create the prefix list.

match metric value [ +- deviation. ] [ value.. ]

Example:

switch(config-route-map)# match metric 50 + 10

Matches the route metric against one or more metric values or value ranges. Use +- deviation argument to set a metric range. The route map matches any route metric that falls within the range:

value - deviation to value + deviation.

match ospf-area area-id

Example:

switch(config-route-map)# match ospf-area 1

Matches the OSPFv2 or OSPFv3 area ID.

The area-id range is from 0 to 4294967295.

Note

 

BGP does not support this command.

match route-type route-type

Example:

switch(config-route-map)# match route-type level 1 level 2

Matches against a type of route. The route-type can be one or more of the following:

  • external—The external route (BGP, EIGRP, and OSPF type 1 or 2)

  • inter-area—The OSPF inter-area route

  • internal—The internal route (including the OSPF intra- or inter-area)

  • intra-area—The OSPF intra-area route

  • level-1—The IS-IS level 1 route

  • level-2—The IS-IS level 2 route

  • local—The locally generated route

  • nssa-external—The NSSA external route (OSPF type 1 or 2).

  • type-1—The OSPF external type 1 route

  • type-2—The OSPF external type 2 route

Note

 

BGP does not support this command.

match vlan vlan-id [ vlan-range ]

Example:

switch(config-route-map)# match vlan 3, 5-10

Matches against a VLAN.

Note

 

BGP does not support this command.

match rpki { invalid | not-found | valid }

Example:

switch(config-route-map)# match rpki invalid

For iBGP learned paths, matches against the incoming RPKI EXTCOMM update.

For eBGP learned paths, matches against the validation state obtained from the ROA database lookup.

The parameters of the match rpki command are described as follows:

  • invalid: This is an invalid origin-AS in the RPKI database.

  • not-found: This origin-AS is unknown in the RPKI database.

  • valid: This is a valid origin-AS in the RPKI database.

You can configure the following optional set parameters for route maps in route-map configuration mode:

Command

Purpose

set as-path { tag | prepend { last-as number | as-1 [as-2... ]}}

Example:

switch(config-route-map)# set as-path prepend 10 100 110

Modifies an AS-path attribute for a BGP route. You can prepend the configured number of last AS numbers or a string of particular AS-path values ( as-1 as-2...as-n).

set comm-list name delete

Example:

switch(config-route-map)# set comm-list BGPCommunity delete

Removes communities from the community attribute of an inbound or outbound BGP route update. Use the ip community-list command to create the community list.

set community { none | additive | local-AS | no-advertise | no-export | graceful-shutdown | blackhole | community-1 [community-2...]}

Example:

switch(config-route-map)# set community local-AS

Sets the community attribute for a BGP route update.

Note

 

When you use both the set community and set comm-list delete commands in the same sequence of a route map attribute, the deletion operation is performed before the set operation.

Note

 

Use the send-community command in BGP neighbor address-family configuration mode to propagate BGP community attributes to BGP peers.

set dampening half life reuse suppress duration

Example:

switch(config-route-map)# set dampening 30 1500 10000 120

Sets the following BGP route dampening parameters:

  • halflife —The range is from 1 to 45 minutes. The default is 15.

  • reuse —The range is from is 1 to 20000 seconds. The default is 750.

  • suppress —The range is from is 1 to 20000. The default is 2000.

  • duration —The range is from is 1 to 255 minutes. The default is 60.

set distance value

Example:

switch(config-route-map)# set distance 150

Sets the administrative distance of routes for OSPFv2 or OSPFv3. The range is from 1 to 255.

set extcomm-list name delete

Example:

switch(config-route-map)# set extcomm-list BGPextCommunity delete

Removes communities from the extended community attribute of an inbound or outbound BGP route update. Use the ip extcommunity-list command to create the extended community list.

set extcommunity 4byteas-generic { transitive | nontransitive }{ none | additive ] community-1 [community-2...]}

Example:

switch(config-route-map)# set extcommunity generic transitive 1.0:30

Sets the extended community attribute for a BGP route update.

Note

 

When you use both the set extcommunity and set extcomm-list delete commands in the same sequence of a route map attribute, the deletion operation is performed before the set operation.

Use the send-community command in BGP neighbor address-family configuration mode to propagate BGP extended community attributes to BGP peers.

set extcommunity cost community-id1 cost [ igp | pre-bestpath ] [community-id2...]}

Example:

switch(config-route-map)# set extcommunity cost 33 1.0:30

Sets the cost community attribute for a BGP route update. This attribute allows you to customize the BGP best-path selection process for a local autonomous system or confederation. The community-id range is from 0 to 255. The cost range is from 0 to 4294967295. The path with the lowest cost is preferred. For paths with equal cost, the path with the lowest community ID is preferred.

The igp keyword compares the cost after the IGP cost comparison. The pre-bestpath keyword compares before all other steps in the bestpath algorithm.

set extcommunity rt community-1 [ additive ] [community-2...]}

Example:

switch(config-route-map)# set extcommunity rt 1.0:30

Sets the extended community route target attribute for a BGP route update. The community value can be a 2-byte AS number:4-byte network number, a 4-byte AS number:2-byte network number, or an IP address:2-byte network number.

Use the additive keyword to add a route target to an existing extended community route target attribute.

set forwarding-address

Example:

switch(config-route-map)# set forwarding-address

Sets the forwarding address for OSPF.

set ip next-hop unchanged

Example:

switch(config-route-map)# set ip next-hop unchanged

Specifies an unchanged next-hop IP address. This command is required for BGP IPv6-over-IPv4 peering.

Note

 

For a BGP IPv6 unicast route with IPv4 next-hop, NX-OS does not support set IPv6 next-hop unchanged command configured in an outbound route-map configured towards a BGP neighbor.

set level { backbone | level-1 | level-1-2 | level-2 }

Example:

switch(config-route-map)# set level backbone

Sets what area to import routes to for IS-IS. The options for IS-IS are level-1, level-1-2, or level-2. The default is level-1.

set local-preference value

Example:

switch(config-route-map)# set local-preference 4000

Sets the BGP local preference value. The range is from 0 to 4294967295.

set metric [ + | - ] bandwidth-metric

Example:

switch(config-route-map)# set metric +100

Adds or subtracts from the existing metric value. The metric is in Kb/s. The range is from 0 to 4294967295.

set metric bandwidth [ delay reliability load mtu ]

Example :

switch(config-route-map)# set metric 33 44 100 200 1500

Sets the route metric values.

Metrics are as follows:

  • metric0 —Bandwidth in Kb/s. The range is from 0 to 4294967295.

  • metric1 —Delay in 10-microsecond units.

  • metric2 —Reliability. The range is from 0 to 255 (100 percent reliable).

  • metric3 —Loading. The range is from 1 to 255 (100 percent loaded).

  • metric4 —MTU of the path. The range is from 1 to 16777215.

set metric-type { external | internal | type-1 | type-2 }

Example:

switch(config-route-map)# set metric-type internal

Sets the metric type for the destination routing protocol. The options are as follows:

external—IS-IS external metric

internal— IGP metric as the MED for BGP

type-1—OSPF external type 1 metric

type-2—OSPF external type 2 metric

set nssa-only

Example:

switch(config-route-map)# set nssa-only

Sets Type-7 LSA generated on ASBR with no P bit set. This prevents Type-7 to Type-5 LSA translation in OSPF.

set origin { egp as-number | igp | incomplete }

Example:

switch(config-route-map)# set origin incomplete

Sets the BGP origin attribute. The EGP as-number range is from 0 to 65535.

set weight count

Example:

switch(config-route-map)# set weight 33

Sets the weight for the BGP route. The range is from 0 to 65535.

set as-path-length difference <value>

Example:

switch(config-route-map)# set as-path-length difference 5

Configures the difference in as-path-length of path compared to best path for unequal cost load balance. The range is 1–255.

set metric difference <value>

Example:

switch(config-route-map)# set metric difference 100

Configures the difference in metric value of path compared to best path for unequal cost load balance. The range is 1–65535.

set maximum-paths <value>

Example:

switch(config-route-map)# set maximum-paths 5

Configures the maximum number of multipaths to be computed and installed for egress load-balancing. The range is 1–64.

The set metric-type internal command affects an outgoing policy and an eBGP neighbor only. If you configure both the metric and metric-type internal commands in the same BGP peer outgoing policy, Cisco NX-OS ignores the metric-type internal command.

Global Commands to Block the Deletion of Route-Map

This section provides the details of global commands to block the deletion of route-map. The following are the global commands:

  • Use the system default route-map validate-applied command to enable the blocking of the deletion of route-map.

  • Use the no system default route-map validate-applied command to disable the blocking of the deletion of route-map.

  • Use the show running-config rpm command to view the non-default configuration.


    Note

    By default this command is in default state.

  • Use the show running-config rpm all command to view the default configuration.


    Note

    By default this command is in default state.

Note

The global commands are by default generic. Beginning with Cisco NX-OS release 10.2(2)F, the functionality to block the route-map deletion, if used by client is applicable only for BGP.

Verifying the Route Policy Manager Configuration

To display route policy manager configuration information, perform one of the following tasks:

Command Purpose

show ip community-list [name ]

Displays information about a community list.

show ip ext community-list [name ]

Displays information about an extended community list.

show [ip | ipv6 ] prefix-list [name ]

Displays information about an IPv4 or IPv6 prefix list.

show route-map [name ]

Displays information about a route map.

show route-map [name] brief

Provides information about blocking route-map deletion functionality and the list of clients associated with the route-map.

Configuration Examples for Route Policy Manager

This example shows how to use an address family to configure Route Policy Manager so that any unicast and multicast routes from neighbor 172.16.0.1 are accepted if they match prefix-list AllowPrefix: 


router bgp 64496
 
neighbor 172.16.0.1 remote-as 64497
  address-family ipv4 unicast
    route-map filterBGP in

route-map filterBGP
 match ip address prefix-list AllowPrefix

ip prefix-list AllowPrefix 10 permit 192.0.2.0/24
ip prefix-list AllowPrefix 20 permit 172.16.201.0/27

Related Topics

The following topics can give more information on Route Policy Manager: