Technical Tip: Order of Processing Route-map Rules

Dhruvin_patel · ‎03-26-2024

Description

This article helps to identify in what order the route map rule is processed.

Scope

FortiGate.

Solution

The route map rules will be sorted by ID after adding them in the configuration. The rule ID will determine which rule will be matched first.

As an example, configure the BGP neighbor with route-map rules:

config router bgp
set as 64514
set router-id 10.192.255.253
config neighbor
edit "100.14.1.73"
set remote-as 65014
set route-map-out "community_set"

end

Route-Map:

edit "community_set"
config rule
edit 3
set action deny
set match-ip-address "network192.168.1.0"
set set-community "65110:1"
next
edit 2
set set-community "65110:10"
next
edit 1
set action deny
set match-ip-address "network192.168.3.0"
set set-community "65110:3"
next
end
next
end

Prefix List:

edit "network192.168.1.0"
config rule
edit 1
set prefix 192.168.1.0 255.255.255.0
unset get
unset le
next
end
next
edit "network192.168.3.0"
config rule
edit 1
set prefix 192.168.3.0 255.255.255.0
unset get
unset le
next
end
next
edit "prefix_all"
config rule
edit 1
set prefix 0.0.0.0 0.0.0.0
unset get
unset le
next
end
next
end

Below are the routes that are getting advertised to neighbor 100.14.1.73. It denies 192.168.3.0/24 and allows other routes:

get router info bgp neighbors 100.14.1.73 advertised-routes VRF 0 BGP table version is 233, local router ID is 10.192.255.253 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 100.14.1.74 0 0 65222 64856 i <-/-> *> 192.168.1.0 100.14.1.74 100 32768 0 i <-/-> *> 192.168.248.0/25 100.14.1.74 0 0 65222 i <-/-> *> 192.168.249.1/32 100.14.1.74 0 0 65222 64856 ? <-/-> Total number of prefixes 4

get router info bgp neighbors 100.14.1.73 advertised-routes
VRF 0 BGP table version is 233, local router ID is 10.192.255.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 100.14.1.74 0 0 65222 64856 i <-/->
*> 192.168.1.0 100.14.1.74 100 32768 0 i <-/->
*> 192.168.248.0/25 100.14.1.74 0 0 65222 i <-/->
*> 192.168.249.1/32 100.14.1.74 0 0 65222 64856 ? <-/->

Total number of prefixes 4

Note:

It allows all routes because of the route map rule 2.

Change the route map as follows:

config router route-map
edit "community_set"
config rule
edit 3
set match-ip-address "network192.168.1.0"
set set-community "65110:1"
next
edit 2
set action deny
set set-community "65110:10"
next
edit 1
set match-ip-address "network192.168.3.0"
set set-community "65110:3"
next
end
next
end

As it follows the rule ID, it will advertise 192.168.3.0/24 and deny everything else because rule 1 has a prefix list with network 192.168.3.0/24 and action is allowed.

get router info bgp neighbors 100.14.1.73 advertised-routes VRF 0 BGP table version is 233, local router ID is 10.192.255.253 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 192.168.3.0 100.14.1.74 0 0 65222 i <-/->

Related article:

Technical Tip: Change the order of route-map rules

Technical Tip: Order of Processing Route-map Rules

You are leaving our website