Route Map

Route maps are used when redistributing routes into any routing process. They are also used when generating a default route into routing process. A route map defines which of the routes from the specified routing protocol are allowed to be redistributed into the target routing process. Configure a route map, to create a new route map entry for a Route Map object or to edit an existing one.

You can use this object with threat defense devices.

Before you begin

A Route Map may use one or mores of these objects; it is not mandatory to add all these objects. Create and use any of these objects as required, to configure your route map.

  • Add ACLs.

  • Add Prefix Lists.

  • Add AS Path.

  • Add Community Lists.

  • Add Extended Community Lists.

    Note

    The extended community lists are applicable only for configuring import or export of routes.

  • Add Policy Lists.

Procedure

Step 1

Select Objects > Object Management and choose Route Map from the table of contents.

Step 2

Click Add Route Map.

Step 3

Click Add on the New Route Map Object window.

Step 4

In the Sequence No. field, enter a number, from 0 through 65535, that indicates the position a new route map entry has in the list of route maps entries already configured for this route map object.

Note
We recommend that you number clauses in intervals of at least 10 to reserve numbering space in case you want to insert clauses in the future.

Step 5

Select the appropriate action, Allow or Block, from the Redistribution drop-down list, to indicate the redistribution access.

Step 6

Click the Match Clauses tab to match (routes/traffic) based on the following criteria, which you select in the table of contents:

  • Security Zones —Match traffic based on the (ingress/egress) interfaces. You can select zones and add them, or type in interface names and add them.

  • IPv4 — Match IPv4 (routes/traffic) based on the following criteria; select the tab to define the criteria.

    1. Click the Address tab to match routes based on the route address. For IPv4 addresses, choose whether to use an Access list or Prefix list for matching from the drop-down list and then enter or select the ACL objects or Prefix list objects you want to use for matching.

    2. Click the Next Hop tab to match routes based on the next hop address of a route. For IPv4 addresses, choose whether to use an access list or Prefix list for matching from the drop-down list and then enter or select the ACL objects or Prefix list objects you want to use for matching.

    3. Click the Route Source tab to match routes based on the advertising source address of the route. For IPv4 addresses, choose whether to use an access list or Prefix list for matching from the drop-down list and then enter or select the ACL objects or Prefix list objects you want to use for matching.

  • IPv6 —Match IPv6 (routes/traffic) based on the route address, next-hop address or advertising source address of route.

  • BGP —Match BGP (routes/traffic) based on the following criteria; select the tab to define the criteria.

    1. Click the AS Path tab to enable matching the BGP autonomous system path access list with the specified path access list. If you specify more than one path access list, then the route can match either path access list.

    2. Click the Community List tab to enable matching of the BGP community or extended community with the specified community list objects or the extended community list objects respectively.

      • To specify a community list to the rule, click Edit (edit icon) given in the Selected Community List field. The community lists appears under Available Community List. Select the required list, click Add, and then click Ok. For information on how to create community list objects, see Community List

      • To add the extended community list, click Edit (edit icon) given in the Selected Extended Community List field. The extended community lists appears under the Available Extended Community List. Select the required list, click Add, and then click Ok. For information on how to create extended community list objects, see Extended Community.

      To enable matching the BGP community exactly with the specified community list objects, check the Match the specified community exactly check box. This option is not applicable for the extended community list.

      Note

      If you specify more than one rule, the routes are verified against the rules until a matching permit or deny condition is met. Any route that does not match at least one Match community will not be advertised for outbound route maps.

    3. Click the Policy List tab to configure a route map to evaluate and process a BGP policy. When multiple policy lists perform matching within a route map entry, all policy lists match on the incoming attribute only.

  • Others —Match routes or traffic based on the following criteria.

    1. Enter the metric values to use for matching in the Metric Route Value field, to enable matching the metric of a route. You can enter multiple values separated by commas. This setting allows you to match any routes that have a specified metric. The metric values can range from 0 to 4294967295.

    2. Enter the tag values to use for matching in the Tag Values field. You can enter multiple values separated by commas. This setting allows you to match any routes that have a specified security group tag. The tag values can range from 0 to 4294967295.

    3. Check the appropriate Route Type option to enable matching of the route type. Valid route types are External1, External2, Internal, Local, NSSA-External1, and NSSA-External2. You can choose more than one route type from the list.

Step 7

Click the Set Clauses tab to set routes/traffic based on the following criteria, which you select in the table of contents:

  • Metric Values—Set either Bandwidth, all of the values or none of the values.

    1. Enter a metric value or bandwidth in Kbits per second in the Bandwidth field. Valid values are an integer value in the range from 0 to 4294967295.

    2. Select to specify the type of metric for the destination routing protocol, from the Metric Type drop-down list. Valid values are : internal, type-1, or type-2.

  • BGP Clauses —Set BGP routes based on the following criteria; select the tab to define the criteria.

    1. Click the AS Path tab to modify an autonomous system path for BGP routes.

      1. Enter an AS path number in the Prepend AS Path field to prepend an arbitrary autonomous system path string to BGP routes. Usually the local AS number is prepended multiple times, increasing the autonomous system path length. If you specify more than one AS path number then the route can prepend either AS number.

      2. Enter an AS path number in the Prepend Last AS to AS Path field to prepend the AS path with the last AS number. Enter a value for the AS number from 1 to 10.

      3. Check the Convert route tag into AS path check box to convert the tag of a route into an autonomous system path.

    2. Click the Community List tab to set the community attributes:

      Under Specific Community:

      1. Click the None radio button, to remove the community attribute from the prefixes that pass the route map.

      2. Click the Specific Community radio button, to enter a community number, if applicable. Valid values are from 1 to 4294967295.

      3. Check the Add to existing communities check box, to add the community to the already existing communities.

      4. Select the Internet, No-Advertise, or No-Export check-boxes to use one of the well-known communities.

      Under Specific Extended Community, in the Route Target field, enter the route target number in ASN:nn format:

      • You can enter values that ranges from 1:1 to 65534:65535.

        You can add a single route target or a set of route targets separated by commas in a single entry. For example, 1:2,1:4,1:6.

      • You can have a maximum of 8 route targets in an entry.

      • You cannot have redundant route target entries across route maps.

    3. Click the Others tab to set additional attributes.

      1. Check the Set Automatic Tag check-box to automatically compute the tag value.

      2. Enter a preference value for the autonomous system path in the Set Local Preference field. Enter a value between 0 and 4294967295.

      3. Enter a BGP weight for the routing table in the Set Weight field. Enter a value between 0 and 65535.

      4. Select to specify the BGP origin code. Valid values are Local IGP Local IGP and Incomplete.

      5. In the IPv4 Settings section, specify a next hop IPv4 address of the next hop to which packets are output. It need not be an adjacent router. If you specify more than one IPv4 address then the packets can output at either IP address.

        Select to specify an IPv4 prefix list in the Prefix List drop-down list.

      6. In the IPv6 Settings section, specify a next hop IPv6 address of the next hop to which packets are output. It need not be an adjacent router. If you specify more than one IPv6 address, then the packets can output at any of the IP addresses.

        Select to specify an IPv6 prefix in the Prefix List drop-down list.

Step 8

Click Add.

Step 9

If you want to allow overrides for this object, check the Allow Overrides check box; see Allowing Object Overrides.

Step 10

Click Save.