Routing utilities¶
Routing packets requires to handle the core element of a routing table : the prefix. Prefix is generally an IPv4 or an IPv6 address associated with a mask. There are needs on routing protocols to have tools that permit apply some filtering. This is true for BGP, but it is also true for OSPF. Some information is given about 2 useful tools that are used on the above mentioned routing protocols : IPv4 Access-Lists and IPv4 Prefix-List.
Also, this chapter presents the route-map object. This objects works on the match/set mechanism. It is feeded by input given by routing protocols, and it returns an output that is modified to be conform with the set rules contained in the route-map.
Finally, this chapter gives an overview about routing priorities between the various routing protocols, by explaining the distance.
IPv4/IPv6 Access-Lists¶
Configure the IPv4 access-list
vrouter running config# routing
vrouter running routing# ipv4-access-list ACCESS-LIST-NAME {permit|deny} A.B.C.D/M [exact-match]
vrouter running routing# commit
It is possible to give a description to an access list by typing the command
vrouter running routing# ipv4-access-list ACCESS-LIST-NAME remark "comment between inverted commas"
As described, a prefix will match an access-list entry if that prefix is
included in that access-list entry. It is possible to override the behaviour
with the exact-match
keyword so that the access-list will need to match the
exact prefix value.
Conversely, it is possible to create IPv6 Access List:
vrouter running config# routing
vrouter running routing# ipv6-access-list ACCESS-LIST-NAME {permit|deny} X:X::X:X/M [exact-match]
vrouter running routing# ipv6-access-list ACCESS-LIST-NAME remark "comment between inverted commas"
vrouter running routing# commit
The below prefix-list should be preferred to the access-lists described here.
IP Prefix List¶
A prefix filter is more powerful than an access-list filter to process the network prefixes.
In comparison to access-list prefix-list have the following advantages:
Can process a range of values
Performance improvement in prefix lookup of large lists
More flexible
Filtering by prefix list involves the following rules :
An empty prefix list permits all prefixes.
An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
When multiple entries of a prefix list match a given prefix, the longest match is chosen.
The router prefix-list lookup begins at the top with sequence number 1, if a match occurs then the router do not go through the rest of the prefix list.
The syntax to define a prefix filter is:
vrouter running config# routing
vrouter running routing# ipv4-prefix-list PREFIX-LIST-NAME
vrouter running ipv4-prefix-list# seq SEQ policy {permit|deny} [address PREFIX/M
[prefix-min A | prefix-max B]]
vrouter running routing# ipv6-prefix-list PREFIX-LIST-NAME
vrouter running ipv6-prefix-list# seq SEQ policy {permit|deny} [address PREFIX/M
[prefix-min A | prefix-max B]]
- PREFIX-LIST-NAME
unique identifier name of the prefix list context
- SEQ
Sequence of the rule named PREFIX-LIST-NAME Range varies from 1 to 4294967295
- PREFIX/M
Network prefix and M the length of the mask. The format is an IPv4 address for an IPv4 prefix list, or an IPv6 address for an IPv6 prefix list.
- A and B
A and B range goes from 0 to 32 for an IPv4 prefix list, while it goes from 0 to 128 for an IPv6 prefix list. Those integers up to 32 that can be used to form a block of prefixes. A, B and M are such as:
M < A
M < B
A ( B
M < A ( B ( 32
Example with IPv4 prefix list
Let P1/m be a network prefix that matches PREFIX/M. For example PREFIX/M could be 192.168.0.0/16 and P1/m could be 192.168.10.0/24.
Moreover, if A and B are defined, P1/M matches this rule if M is greater or equal than A and if M is less or equal to B (A ( M ( B). For example 192.168.10.0/24 matches the rule 5, however it does not match the rule 10.
vrouter running routing# ipv4-prefix-list PREFIX-FILTER-NAME
vrouter running ipv4-prefix-list# seq 5 policy permit address 192.168.0.0/16 prefix-min 17 prefix-max 25
vrouter running ipv4-prefix-list#
The prefix lists can be used in many cases:
route-map:
match ip address prefix-list FILTER-NAME
match ipv6 address prefix-list FILTER-NAME
match ip next-hop address prefix-list FILTER-NAME
neighbor configuration:
neighbor A.B.C.D address-family ADDRESSFAMILY
prefix-list {in|out} prefix-list-name FILTER-NAME
Note
The command ‘match ip/ipv6 address’ can be used with an access-list too. However, you can check that the syntax is not exactly the same:
match ip address prefix-list FILTER-NAME
vs.match ip address access-list ACCESS-LIST-NAME
.
Route-Maps¶
Route-Maps operate on the match/set mechanism. it applies a set of actions to the incoming entries that matches the set criteria. Incoming entries stand for routing information. For instance, BGP updates.
To create a route-map object, use the following command:
vrouter running routing# route-map ROUTEMAP-NAME seq SEQ policy {permit|deny}
vrouter running route-map SEQ#
- ROUTEMAP-NAME
unique identifier name of the route-map context
- SEQ
Sequence of the rule named ROUTEMAP-NAME. Range varies from 1 to 65535
The route-map introduces a sequence number that permits introducing several match/set rules sequentially. If the first sequence does not match the incoming entry, then the next sequence is looked up.
The match and set operations vary from one routing protocol to an other one. BGP gathers a wide variety of match/set combinations. Here below is depicted some basic examples:
To configure a route-map based on a peer criterion, and apply a weight to the routing entry, use the following command:
vrouter running routing# route-map ROUTEMAP-NAME seq SEQ policy {permit|deny}
vrouter running route-map SEQ# match peer A.B.C.D
vrouter running route-map SEQ# set weight (0-4294967295)
Routing Administrative Distance¶
Actually, even if prefixes can be filtered, the origin of the route entry is kept, and a weight is associated to each route entry, according to the origin of the routing protocol. That weight is called the administrative distance. For instance, if the same prefix has 2 entries in both static routing table, and BGP routing table, the prefix with the least administrative distance will be chosen locally and installed in the system. Here it will be the static routing table.
We give here a reminder of the common routing protocols administrative distance:
Routing protocol |
Administrative distance |
---|---|
Connected prefixes (routes) |
0 |
Static routes |
1 |
iBGP |
200 |
eBGP |
20 |
OSPF v2 and OSPF v3 |
110 |
RIP and RIPng |
120 |
Logging¶
Routing logging options are configurable from the global routing context:
vrouter running config# routing logging
All logs are sent to the daemon
syslog facility. By default, only messages of
severity higher than error
are logged. This can be modified by changing the
level
option:
vrouter running logging# level LEVEL
- LEVEL
Severity from which messages should be logged.
Here is the list of severities from the most serious to the least:
severity |
description |
---|---|
emergency |
System is unusable. |
alert |
Action must be taken immediately. |
critical |
Critical conditions. |
error |
Error conditions. |
info |
Informational messages. |
notice |
Normal but significant conditions. |
warning |
Warning conditions. |
debug |
Debug-level messages. |
The verbosity of these logs is configurable per routing protocol. See the routing global command reference guide for details.