Created on
‎03-26-2024
10:43 PM
Edited on
‎11-25-2024
04:57 AM
By
Stephen_G
Description
This article helps to identify in what order the route map rule is processed.
Scope
FortiGate.
Solution
The route map rules will be sorted by ID after adding them in the configuration. The rule ID will determine which rule will be matched first.
As an example, configure the BGP neighbor with route-map rules:
config router bgp
set as 64514
set router-id 10.192.255.253
config neighbor
edit "100.14.1.73"
set remote-as 65014
set route-map-out "community_set"
end
Route-Map:
edit "community_set"
config rule
edit 3
set action deny
set match-ip-address "network192.168.1.0"
set set-community "65110:1"
next
edit 2
set set-community "65110:10"
next
edit 1
set action deny
set match-ip-address "network192.168.3.0"
set set-community "65110:3"
next
end
next
end
Prefix List:
edit "network192.168.1.0"
config rule
edit 1
set prefix 192.168.1.0 255.255.255.0
unset get
unset le
next
end
next
edit "network192.168.3.0"
config rule
edit 1
set prefix 192.168.3.0 255.255.255.0
unset get
unset le
next
end
next
edit "prefix_all"
config rule
edit 1
set prefix 0.0.0.0 0.0.0.0
unset get
unset le
next
end
next
end
Below are the routes that are getting advertised to neighbor 100.14.1.73. It denies 192.168.3.0/24 and allows other routes:
get router info bgp neighbors 100.14.1.73 advertised-routes
VRF 0 BGP table version is 233, local router ID is 10.192.255.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 100.14.1.74 0 0 65222 64856 i <-/->
*> 192.168.1.0 100.14.1.74 100 32768 0 i <-/->
*> 192.168.248.0/25 100.14.1.74 0 0 65222 i <-/->
*> 192.168.249.1/32 100.14.1.74 0 0 65222 64856 ? <-/->
Total number of prefixes 4
get router info bgp neighbors 100.14.1.73 advertised-routes
VRF 0 BGP table version is 233, local router ID is 10.192.255.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 100.14.1.74 0 0 65222 64856 i <-/->
*> 192.168.1.0 100.14.1.74 100 32768 0 i <-/->
*> 192.168.248.0/25 100.14.1.74 0 0 65222 i <-/->
*> 192.168.249.1/32 100.14.1.74 0 0 65222 64856 ? <-/->
Total number of prefixes 4
Note:
It allows all routes because of the route map rule 2.
Change the route map as follows:
config router route-map
edit "community_set"
config rule
edit 3
set match-ip-address "network192.168.1.0"
set set-community "65110:1"
next
edit 2
set action deny
set set-community "65110:10"
next
edit 1
set match-ip-address "network192.168.3.0"
set set-community "65110:3"
next
end
next
end
As it follows the rule ID, it will advertise 192.168.3.0/24 and deny everything else because rule 1 has a prefix list with network 192.168.3.0/24 and action is allowed.
get router info bgp neighbors 100.14.1.73 advertised-routes
VRF 0 BGP table version is 233, local router ID is 10.192.255.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 192.168.3.0 100.14.1.74 0 0 65222 i <-/->
Related article: