Skip to main content
rkinsp
rkinsp
New Member
March 24, 2021
Solved

BGP Route-map - set match-interface

  • March 24, 2021
  • 1 reply
  • 9759 views

Hey everyone!

We are trying to limit distributed BGP routes to neighbors using "set match-interface" for the source of the route. The issue we are having is that this does not seem to work together with neighbor route-map-out.

 

As a work around, we are using set match-interface on redistribute connected and redistribute static and setting tags to later filter on the neighbor route-map-out.

 

The question is how does "set match interface" actually work on a route-map-out. Documentation seemed very scarce on this topic. I am guessing it is matching the interface the neighbor is on, and not actually the source of the route?

 

Any ideas?

 

 

Thanks in advance,

RK

    Best answer by Toshi_Esumi

    I think your "work around" is actually the correct way to use "match-interface" in a route-map as in this KB.

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD50786

    "route-map-out" under neighbor config is to filter routes already in BGP table. So it wouldn't deal with the outside source, like other protocol like OSPF, static routes, or connected routes, etc. You have to use "match-interface" for connected route redistribution, which deals with interfaces.

     

     

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    March 24, 2021

    I think your "work around" is actually the correct way to use "match-interface" in a route-map as in this KB.

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD50786

    "route-map-out" under neighbor config is to filter routes already in BGP table. So it wouldn't deal with the outside source, like other protocol like OSPF, static routes, or connected routes, etc. You have to use "match-interface" for connected route redistribution, which deals with interfaces.

     

     

    rkinsp
    rkinspAuthor
    New Member
    March 24, 2021

    Thanks Toshi!

     

    Guess I was hoping it was more like Cisco's and allow me to skip the step of having two route-maps

     

    https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/match-ip-address.html

     

    match interface

    Distributes any routes that have their next hop out one of the interfaces specified.

     

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 24, 2021

    You can still filter the prefix configured on the interface in a route-map, instead of using "match-interface", and apply the route-map to route-map-out. That's what we regularly do so we never used "match-interface" so far.

    But on the other hand, filtering as closest to the source as possible is always a good mantra to have.

    This part of routing protocol implementation is vendor proprietary. Each like Fortinet, Cisco, Juniper, etc. seems to be different some ways with my experience. Until you test each yourself, you wouldn't be able to know. 

    Terms & ConditionsAccessibility statement