Route Filtering and Redistribution

Route filtering lets you exclude routes that neighbors advertise or receive. You can use route filtering to manipulate traffic flows, reduce memory utilization, and improve security.

This section discusses the following route filtering methods:

  • Prefix lists
  • Route maps
  • Route redistribution

Route map and prefix list names must start with a letter and can contain letters, digits, underscores and dashes. For example, you can name a route map MAP10 or ROUTE-MAP_10 but you cannot name a route map 10 or 10_ROUTE-MAP.

Prefix Lists

Prefix lists are access lists for route advertisements that match routes instead of traffic. Prefix lists are typically used with route maps and other filtering methods. A prefix list can match the prefix (the network itself) and the prefix length (the length of the subnet mask).

Configure a Prefix List

The following example commands configure a prefix list that permits all prefixes in the range 10.0.0.0/16 with a subnet mask less than or equal to /30. For networks 10.0.0.0/24, 10.10.10.0/24, and 10.0.0.10/32, only 10.0.0.0/24 matches (10.10.10.0/24 has a different prefix and 10.0.0.10/32 has a greater subnet mask).

cumulus@switch:~$ nv set router policy prefix-list LIST1 rule 1 match 10.0.0.0/16 max-prefix-len 30
cumulus@switch:~$ nv set router policy prefix-list LIST1 rule 1 action permit
cumulus@switch:~$ nv config apply

For IPv6, you need to run the nv set router policy prefix-list <name> type ipv6 command to set the prefix list type to IPv6. For example:

cumulus@switch:~$ nv set router policy prefix-list prefixlistipv6 type ipv6
cumulus@switch:~$ nv set router policy prefix-list prefixlistipv6 rule 1 match 2001:100::1/64
cumulus@switch:~$ nv set router policy prefix-list prefixlistipv6 rule 1 action permit 
cumulus@switch:~$ nv config apply

The following example commands configure a prefix list that permits all prefixes in the range 10.1.1.0/24 with a subnet mask less than 32 but more than 26. For networks 10.1.1.0/25, 10.10.10.0/24, and 10.1.1.2/32, only 10.1.1.2/32 matches (10.1.1.0/25 has a lower subnet mask, and 10.10.10.0/24 has a different prefix and a lower subnet mask).

cumulus@switch:~$ nv set router policy prefix-list LIST1 rule 1 match 10.1.1.0/24 max-prefix-len 32
cumulus@switch:~$ nv set router policy prefix-list LIST1 rule 1 match 10.1.1.0/24 min-prefix-len 26
cumulus@switch:~$ nv set router policy prefix-list LIST1 rule 1 action permit
cumulus@switch:~$ nv config apply

The following example commands configure a prefix list that permits all prefixes in the range 10.0.0.0/16 with a subnet mask less than or equal to /30. For networks 10.0.0.0/24, 10.10.10.0/24, and 10.0.0.10/32, only 10.0.0.0/24 matches (10.10.10.0/24 has a different prefix and 10.0.0.10/32 has a greater subnet mask).

cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# ip prefix-list LIST1 seq 1 permit 10.0.0.0/16 le 30
switch(config)# exit
switch# write memory
switch# exit
cumulus@switch:~$

The following example commands configure a prefix list that permits all prefixes in the range 10.1.1.0/24 with a subnet mask less than 32 but more than 26. For networks 10.1.1.0/29, 10.10.10.0/24, and 10.1.1.2/32, only 10.1.1.2/32 matches (10.10.10.0/24 has a different prefix and a lower subnet mask and 10.1.1.0/29 has a higher subnet mask).

cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# ip prefix-list LIST1 seq 1 permit 10.1.1.0/24 ge 26 le 32
switch(config)# exit
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
router ospf
 ospf router-id 10.10.10.1
 timers throttle spf 80 100 6000
 passive-interface vlan10
 passive-interface vlan20
ip prefix-list LIST1 seq 1 permit 10.0.0.0/16 le 30

To use this prefix list in a route map called MAP1:

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 match type ipv4
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 match ip-prefix-list LIST1
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# match ip address prefix-list LIST1
switch(config-route-map)# exit
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
ip prefix-list LIST1 seq 1 permit 10.0.0.0/16 le 30
route-map MAP1 permit 10
match ip address prefix-list LIST1

Clear Matches Shown Against a Prefix List

You can clear prefix list statistics.

  • To clear the number of matches shown against all prefix lists, run the nv action clear router policy prefix-list command.
  • To clear the number of matches shown against a specific prefix list, run the nv action clear router policy prefix-list <prefix-list-id> command.
  • To clear the number of matches shown against a specific prefix list rule number and match ID, run the nv action clear router policy prefix-list <prefix-list-id> rule <rule-id> match <match-id> command.

The following example clears the number of matches shown against prefix list LIST1:

cumulus@switch:~$ nv action clear router policy prefix-list LIST1
Action succeeded

The following example clears the number of matches shown against LIST1 rule 10 with match criteria 10.0.0.0/16:

cumulus@switch:~$ nv action clear router policy prefix-list LIST1 rule 10 match 10.0.0.0/16
Action succeeded

Route Maps

Route maps are routing policies that Cumulus Linux considers before the router examines the forwarding table. Each statement in a route map has a sequence number, and includes a series of match and set statements. The route map parses from the lowest sequence number to the highest, and stops when there is a match.

Cumulus Linux supports several match and set statements. For example, you can match on an interface, prefix length, next hop or BGP AS path list. You can set the BGP metric, local-preference on routes, source IP, or the tag on the matched route. For a list of supported match and set statements, see Match and Set Statements below.

Configure a Route Map

To configure a route map:

  1. Specify one or more conditions that must match and, optionally, one or more set actions to set or modify attributes of the route. If a route map does not specify any matching conditions, it always matches.
  2. Specify the matching policy: permit (if the entry matches, carry out the set actions) or deny (if the entry matches, deny the route).

To apply the route map, see Apply a Route Map below.

The following example commands configure a route map that sets the BGP metric to 50 for interface swp51:

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 match interface swp51
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 set metric 50
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# match interface swp51
switch(config-route-map)# set metric 50
switch(config-route-map)# end
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
route-map MAP1 permit 10
 match interface swp51
 set metric 50

The following example commands configure a route map to match the prefixes defined in LIST1 and set the nexth hop to 10.10.10.5:

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 match ip-prefix-list LIST1
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 set ip-nexthop 10.10.10.5
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# match ip route-source prefix-list LIST1
switch(config-route-map)# set ip next-hop 10.10.10.5
switch(config-route-map)# end
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
route-map MAP1 permit 10
 match ip route-source prefix-list LIST1
 set ip next-hop 10.10.10.5

The following example commands configure a route map to set the local-preference on routes to 400:

cumulus@switch:~$ nv set router policy route-map MAP2 rule 10 set local-preference 400
cumulus@switch:~$ nv set router policy route-map MAP2 rule 10 action permit
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP2 permit 10
switch(config-route-map)# set local-preference 400
switch(config-route-map)# end
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
route-map MAP2 permit 10
 set local-preference 400

Match and Set Statements

Cumulus Linux supports the following match and set statements.

You can use the following list of supported match and set statements with NVUE commands. For a list of the match and set statements that vtysh supports, see the FRRouting User Guide.

Match
Description
as-path-list Matches the specified AS path list.
interface Matches the specified interface.
ip-prefix-len Matches the specified prefix length.
origin Matches the specified BGP origin. You can specify egp, igp, or incomplete.
type Matches the specified route type, such as IPv4 or IPv6.
community-list Matches the specified community list.
ip-nexthop Matches the specified next hop.
ip-prefix-list Matches the specified prefix list.
peer Matches the specified BGP neighbor.
evpn-default-route Matches the EVPN default route. You can specify on or off.
ip-nexthop-len Matches the specified next hop prefix length.
large-community-list Matches the specified large community list.
source-protocol Matches the specified source protocol, such as BGP, OSPF, or static.
evpn-route-type Matches the specified EVPN route type. You can specify macip, imet, or prefix.
ip-nexthop-list Matches the specified next hop list.
local-preference Matches the specified local preference. You can specify a value between 0 and 4294967295.
source-vrf Matches the specified source VRF.
evpn-vni Matches the specified EVPN VNI.
ip-nexthop-type Matches the specified next hop type, such as blackhole.
metric Matches the specified BGP metric.
tag Matches the specified tag value associated with the route. You can specify a value between 1 and 4294967295.

BGP and zebra support the source-protocol match statement. Route maps configured for other routing protocols, such as OSPF, do not support the match source-protocol statement.

Set
Description
aggregator-as Sets the aggregator AS.
ext-community-rt Sets the BGP extended community RT. See BGP Community Lists.
originator-id Sets the originator ID so that BGP chooses the preferred path.
as-path-exclude Sets BGP AS path exclude attribute to avoid considering the AS path during best path route selection.
ext-community-soo Sets the BGP extended community SOO. See BGP Community Lists.
large-community Sets the BGP large community.
source-ip Sets the source IP address.
as-path-prepend Sets the BGP AS path prepend attribute.
forwarding-address Sets the route forwarding address.
large-community-delete-list Sets the BGP large community delete list.
tag Sets a tag on the matched route. You can specify a value between 1 and 4294967295.
atomic-aggregate Sets the Atomic Aggregate attribute to inform BGP peers that the local router is using a less specific (aggregated) route to a destination.
ip-nexthop Sets the BGP next hop.
local-preference Sets the BGP local preference to local_pref.
weight Sets the route’s weight.
community Sets the BGP community attribute.
ipv6-nexthop-global Sets the IPv6 next hop global attribute.
metric Sets the BGP attribute MED to a specific value. You can specify metric-minus to subtract the specified value from the MED, 34metric-plus to add the specified value to the MED, rtt to set the MED to the round trip time, rtt-minus to subtract the round trip time from the MED, or rtt-plus to add the round trip time to the MED.
community-delete-list Sets the BGP community delete list.
ipv6-nexthop-local Sets the IPv6 next hop local attribute.
metric-type Sets the metric type. You can specify type-1 or type-2.
ext-community-bw Sets the BGP extended community link bandwidth.
ipv6-nexthop-prefer-global Sets IPv6 inbound routes to use the global address when both a global and link-local next hop is available.
origin Sets the BGP route origin, such as eBGP or iBGP.

Permit Action Exit Policies

You can configure the permit action exit policy for a route map to:

  • Go to the next rule when you meet the matching conditions.
  • Go to specific rule when you meet the matching conditions.

To configure the permit action exit policy:

The following command configures the permit action exit policy to go to the next rule when you meet the matching conditions:

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit exit-policy next-rule
cumulus@switch:~$ nv config apply

The following command configures the permit action exit policy to go to rule 20 when you meet the matching conditions:

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit exit-policy rule 20
cumulus@switch:~$ nv config apply

The following command configures the permit action exit policy to exit further rule processing:

cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# continue 30
switch(config-route-map)# end
switch# write memory
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]
switch# exit
cumulus@switch:mgmt:~$ 

The following command configures the permit action exit policy to go to the next rule when you meet the matching conditions:

cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# on-match next
switch(config-route-map)# end
switch# write memory
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]
switch# exit
cumulus@switch:mgmt:~$ 

The following command configures the permit action exit policy to go to rule 20 when you meet the matching conditions:

cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# route-map MAP1 permit 10
switch(config-route-map)# on-match goto 20
switch(config-route-map)# end
switch# write memory
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]
switch# exit
cumulus@switch:mgmt:~$ 

Apply a Route Map

To apply the route map, you specify the routing protocol and the route map name.

The following example commands apply the route map called routemap2 to BGP neighbor swp51:

cumulus@switch:~$ nv set vrf default router bgp neighbor swp51 address-family ipv4-unicast policy inbound route-map MAP2
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# router bgp 65101
switch(config-router)# address-family ipv4 unicast 
switch(config-router-af)# neighbor swp51 route-map MAP2 in
switch(config-router-af)# end
switch# write memory
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]
switch# exit
cumulus@switch:mgmt:~$ 

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
neighbor swp51 route-map MAP2 in

The following example filters routes from Zebra (RIB) into the Linux kernel (FIB). The commands apply the route map called MAP1 to BGP routes in the RIB:

cumulus@switch:~$ nv set vrf default router rib ipv4 fib-filter protocol bgp route-map MAP1
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# ip protocol bgp route-map MAP1
switch(config)# exit
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
ip protocol bgp route-map MAP1

For BGP, you can also apply a route map on route updates from BGP to the RIB. You can match on prefix, next hop, communities, and so on. You can set the metric and next hop only. Route maps do not affect the BGP internal RIB. You can use both IPv4 and IPv6 address families. Route maps work on multi-paths; however, BGP bases the metric setting on the best path only.

To apply a route map to filter route updates from BGP into the RIB:

cumulus@switch:$ nv set vrf default router bgp address-family ipv4-unicast rib-filter MAP1
cumulus@switch:$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# router bgp 65000
switch(config-router)# address-family ipv4 unicast
switch(config-router-af)# table-map MAP1
switch(config-router-af)# end
switch# write memory
switch# exit
cumulus@switch:~$

The vtysh commands save the configuration in the /etc/frr/frr.conf file. For example:

cumulus@switch:~$ sudo cat /etc/frr/frr.conf
...
address-family ipv4 unicast
table-map MAP1

To apply an outbound route map to a route reflector client, you must run the NVUE nv set vrf <vrf> router bgp route-reflection outbound-policy on command or the vtysh neighbor <neighbor> route-map SET_IBGP_ORIG out command under the address family, before you apply the route map.

Route Map Description

To provide a description for a route map, run the NVUE nv set router policy route-map <route-map> rule <rule> description command.

cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 match interface swp51
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 set metric 50
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@switch:~$ nv set router policy route-map MAP1 rule 10 description set-metric-swp51
cumulus@switch:~$ nv config apply

Clear Matches Against a Route Map

To clear the number of matches shown against a route map, run the nv action clear router policy route-map <route-map> command.

The following example clears the number of matches shown against route map MAP1.

cumulus@switch:~$ nv action clear router policy route-map MAP1
Running handle_clear_route_map MAP1
Action succeeded

To clear the number of matches shown against all route maps, run the nv action clear router policy route-map command.

Route Redistribution

Route redistribution allows a network to use a routing protocol to route traffic dynamically based on the information learned from a different routing protocol or from static routes. Route redistribution helps increase accessibility within networks.

The following example commands redistribute routing information from OSPF routes into BGP:

cumulus@switch:~$ nv set vrf default router bgp address-family ipv4-unicast redistribute ospf
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# router bgp
switch(config-router)# redistribute ospf
switch(config-router)# end
switch# write memory
switch# exit
cumulus@switch:~$

To redistribute all directly connected networks, use the redistribute connected command. For example:

cumulus@switch:~$ nv set vrf default router bgp address-family ipv4-unicast redistribute connected
cumulus@switch:~$ nv config apply
cumulus@switch:~$ sudo vtysh
switch# configure terminal
switch(config)# router bgp
switch(config-router)# redistribute connected
switch(config-router)# end
switch# write memory
switch# exit
cumulus@switch:~$

For OSPF, redistribution loads the database unnecessarily with type-5 LSAs. Only use this method to generate real external prefixes (type-5 LSAs).

Configuration Examples

This section provides example route map configurations. The examples do not include commands to apply a route map; for the commands to apply a route map, refer to Appy a Route Map.

Match AS Path List

The following example configures a route map to allow prefixes that pass through AS 65102.

cumulus@leaf01:~$ nv set router policy as-path-list LIST1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy as-path-list LIST1 rule 100 aspath-exp _65102_
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 match as-path-list LIST1
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# bgp as-path access-list LIST1 seq 100 permit 65102
leaf01(config)# route-map MAP1 permit 10
leaf01(config-route-map)# match as-path LIST1
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Origin

The following example configures a route map to allow prefixes originated using an interior gateway protocol (IGP) such as OSPF.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 match origin igp
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 10
leaf01(config-route-map)# match origin igp
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Tag

The following example configures a route map to allow prefixes that match tag 4.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 match tag 4
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 10
leaf01(config-route-map)# match tag 4
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Metric

The following example configures a route map to allow prefixes that match metric 10.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 match metric 10
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match metric 10
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Source Protocol

The following example configures a route map to allow prefixes that match BGP as the source protocol.

When you configure the match source protocol in a route map, the switch only advertises that protocol type to the peers. If you configure route leaking between VRFs and the leaked routes are learned as BGP routes, you need to match the BGP source protocol to advertise that route.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 match source-protocol bgp
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match source-protocol bgp
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

When you configure the match source protocol in a route map, the switch only advertises that protocol type to the peers. If you configure route leaking between VRFs and the leaked routes are learned as BGP routes, you need to match the BGP source protocol to advertise that route in addition to matching the connected source protocol:

cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match source-protocol bgp
leaf01(config-route-map)# match source-protocol connected
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Next Hop

The following example configures a route map to allow prefixes that match next hop 10.0.1.1.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 match ip-nexthop 10.0.1.1
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match ip next-hop address 10.0.1.1
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Next Hop List

The following example configures a route map to allow prefixes that match the next hop prefix list called LIST2.

cumulus@leaf01:~$ nv set router policy prefix-list LIST2 rule 100 action permit
cumulus@leaf01:~$ nv set router policy prefix-list LIST2 rule 100 match 10.0.1.0/32
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 match ip-nexthop-list LIST2
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# ip prefix-list LIST2 seq 100 permit 10.0.1.0/32
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match ip next-hop prefix-list LIST2
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Next Hop Type

The following example configures a route map to allow prefixes that match blackhole as the next hop type.

cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 100 match ip-nexthop-type blackhole
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map MAP1 permit 100
leaf01(config-route-map)# match ip next-hop type blackhole
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Community List

The following example configures a route map to allow prefixes that match BGP community-list 11. For information about BGP community lists, refer to BGP Community Lists.

cumulus@leaf01:~$ nv set router policy community-list 11 rule 100 action permit
cumulus@leaf01:~$ nv set router policy community-list 11 rule 100 community 400:34
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 match community-list 11
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# bgp community-list 11 seq 100 permit 400:34
leaf01(config)# route-map MAP1 permit 10
leaf01(config-route-map)# match community 11
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Match Large Community List

The following example configures a route map to allow prefixes that match BGP large community-list 11.

cumulus@leaf01:~$ nv set router policy large-community-list 11 rule 10 action permit
cumulus@leaf01:~$ nv set router policy large-community-list 11 rule 10 large-community 4200857911:011:011
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map MAP1 rule 10 match large-community-list mylist
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# bgp large-community-list 11 seq 10 permit 4200857911:011:011
leaf01(config)# route-map MAP1 permit 10
leaf01(config-route-map)# match large-community 11
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@leaf01:~$

Set IPv6 Prefer Global

With multiple BGP peerings to the same router when adaptive routing is on, or with multiple peerings to the same router on interfaces that share the same MAC address or physical interface, you can configure a route map to prefer the global IPv6 address when a route contains both link-local and global next hop addresses.

cumulus@leaf01:~$ nv set router policy route-map IPV6-PREFER-GLOBAL rule 10 action permit
cumulus@leaf01:~$ nv set router policy route-map IPV6-PREFER-GLOBAL rule 10 set ipv6-nexthop-prefer-global on
cumulus@leaf01:~$ nv config apply
cumulus@leaf01:~$ sudo vtysh
...
leaf01# configure terminal
leaf01(config)# route-map IPV6-PREFER-GLOBAL permit 10
leaf01(config-route-map)# set ipv6 next-hop prefer-global
leaf01(config-route-map)# end
leaf01# write memory
leaf01# exit
cumulus@sleaf01:~$

Show Route Filtering

To show route filtering results in the BGP routing table after applying inbound policies, run the NVUE nv show vrf <vrf> router bgp address-family <address-family> route command or the vtysh show ip bgp command.

cumulus@leaf01:~$ nv show vrf default router bgp address-family ipv4 route
                                                                                
PathCount - Number of paths present for the prefix, MultipathCount - Number of  
paths that are part of the ECMP, DestFlags - * - bestpath-exists, w - fib-wait- 
for-install, s - fib-suppress, i - fib-installed, x - fib-install-failed        
                                                                                
Prefix           PathCount  MultipathCount  DestFlags
---------------  ---------  --------------  ---------
10.0.1.12/32     2          1               *        
10.0.1.34/32     5          4               *        
10.0.1.255/32    5          4               *        
10.10.10.1/32    1          1               *        
10.10.10.2/32    5          1               *        
10.10.10.3/32    5          4               *        
10.10.10.4/32    5          4               *        
10.10.10.63/32   5          4               *        
10.10.10.64/32   5          4               *        
10.10.10.101/32  2          1               *        
10.10.10.102/32  2          1               *        
10.10.10.103/32  2          1               *        
10.10.10.104/32  2          1               *

Considerations

Match Lists

When you configure a route map to match a prefix list, community list, or aspath list, the permit or deny actions in the list determine the criteria to evaluate in each route map sequence; for example:

  • If you match a list in a route map permit sequence, Cumulus Linux matches the permitted routes in the list for that route map sequence and the policy permits them. Denied routes in the list do not match and Cumulus Linux evaluates them in later route map sequences.
  • If you match a list in a route map deny sequence, Cumulus Linux matches the permitted routes in the list for that route map sequence and the policy denies them. Denied routes in the list do not match and Cumulus Linux evaluates them in later route map sequences.

NVIDIA recommends you always configure a community list as permit, and permit or deny routes using route map sequences.

Set BGP Community Additive

To set more than one community in a route map, you can run the nv set router policy route-map <route-map-id> rule <rule-id> set community additive command. The following example sets both community 100:100 and community 555:111 in the route map called ROUTEMAP1:

cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 action permit
cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 match ip-prefix-list LIST1
cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 match type ipv4
cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 set community 100:100
cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 set community 555:111
cumulus@leaf01:~$ nv set router policy route-map ROUTEMAP1 rule 5 set community additive
cumulus@leaf01:~$ nv config apply

When you unset the additive community with the nv unset router policy route-map <route-map-id> rule <rule-id> set community additive command, NVUE does not remove the communities. You must unset each community and the community additive to remove the communities:

cumulus@leaf01:~$ nv unset router policy route-map ROUTEMAP1 rule 5 set community 100:100
cumulus@leaf01:~$ nv unset router policy route-map ROUTEMAP1 rule 5 set community 555:111
cumulus@leaf01:~$ nv unset router policy route-map ROUTEMAP1 rule 5 set community additive
cumulus@leaf01:~$ nv config apply