Routing policies are used to:
- Manipulate route attributes (the attribute depends on the routing protocol)
- Decide which routes go into the routing table
- Decide which routes to advertise to neighbours
- Redistribute routes
Policies are applied with a routing table centric perspective.
Import policies control whether routes that we receive are installed into the routing table.
Export policies control whether we take a route from the routing table and advertise it with a routing protocol.
Redistribution is achieved with a type of export policy.
We can prevent redistribution of static routes on a case-by-case basis by configuring them with the ‘no-readvertise’ keyword.
Routing policy configuration uses the same structure as a firewall filter (that is, terms, matching, and actions).
When matching traffic, we can use keywords like ‘exact’, ‘longer’, and ‘orlonger’ for advanced prefix matching.
Each routing protocol has a default policy. In most cases, the import policy will accept routes into the routing table. The export policy will advertise routes that were learned.
RIP is an exception. The default policy will not advertise routes to neighbours. This applies to sharing routes with other RIP neighbours, or redistributing into other protocols.
Keep in mind that export policies are used to share routes within the routing protocol, as well as redistributing between different protocols.
BGP is special, as it has additional databases called RIB-In and RIB-Out.
When prefixes are learned from peers, they are put into the RIB-In database. Policies are applied to decide which prefixes are then imported into the routing table (and what their attributes are).
An export policy will take prefixes from the routing table and install them in the RIB-Out database. Prefixes in this database are then able to be shared with peers.
OSPF and IS-IS are special in their own way too. They are link-state routing protocols, and as such need to build a database that accurately represents the network.
Because of this, we can’t filter the routes between neighbours within an area. If we filtered these routes, the database would be incomplete or inaccurate.
OSPF and IS-IS default export policies reject exporting of all routes. This is because these protocols use LSDB flooding from their databases, not from the routes in the routing table.
Routing policies must have terms. However, we can use a single unnamed term, which can make it look like there is no term in the policy.
Routing policies can be applied to the forwarding table. This is to control routes that are exported from the routing table to the forwarding table.
When matching traffic, we can use route-filters. These can also be used to apply an action while matching.
OSPF does not export routes into the OSPF database. The OSPF database is built using LSAs.
|set policy-options policy-statement NAME||Configuration||Create an empty policy|
|set policy-options policy-statement NAME from protocol||Configuration||Match routes of a certain protocol type|
|set policy-options policy-statement NAME from route-filter||Configuration||Match specific networks|
|set policy-options policy-statement NAME then accept||Configuration||Accept this traffic for use in the policy|
|set protocols PROTOCOL import POLICY||Configuration||Apply an import policy|
|set protocols PROTOCOL export POLICY||Configuration||Apply an export policy|
|show ospf database external extensive||Operational||Show OSPF database in detail|
Understanding Routing Policies
Default Routing Policies
OSPF Routing Policy Overview