Beruflich Dokumente
Kultur Dokumente
Cisco Confidential 1
Upon completion of this module, you will be able
to:
Write policies in RPL
Use hierarchical and parameterized policies
Convert route maps to RPL policies
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
“Using route-maps on a CRS-1 scale
could lead to configurations on the order
of several 100k to over a million lines
depending on the number of BGP peers.”
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The Routing Policy Language (RPL)
was developed to support large scale
routing configurations.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Modularization
Common blocks of policy
Defined and maintained independently
Apply from other blocks to build complete policies
• Parameterization
Same policy structure but different set or matched values
Value passed as parameter by applying block
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Looping/recursion is not allowed
As many layers of hierarchy or parameters
that you want
Parameters can be passed through a policy
block
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Configuration front-end (CLI)
Policy Repository
Policy Execution Engine
Policy Client
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
• Compile policies for execution
• Verify Policies
• Track & manage clients/policy use
• CLI
• Editor
• Syntax Check Filter routes
Attach
policies
Clients
(Protocol)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
The policy language provides two kinds of persistent, namable objects: sets and
policies.
There are five kinds of sets: as-path-set, community-set, extcommunity- set, prefix-set,
and rd-set
Definition of sets and policies is bracketed by beginning and ending command lines in
standard CLI syntax.
For example:
route-policy test1
[ . . . Policy statements . . . ]
end-policy
or:
prefix-set test2
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Route Policy
Language
Extended
Community
AS Path Sets Community Prefix Sets
Sets
Sets
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Hierarchical Policy
A Policy that is referenced by another policy with an apply
statement.
route-policy two
apply one
set community (10:100)
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Parameterized Policy
A hierarchical policy that passes values
route-policy two
apply one (10)
end-policy
route-policy three
apply one (20)
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
RPL uses generic if-then else relationships for expressing logical
relationships.
route-policy foo
if community matches-every(12:34, 54:78) then
if med eq 8 then
drop
endif
set local-preference 100
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Boolean conditions evaluate as either true or false.
The routing policy language provides means to build
compound conditions from simple conditions by means of
Boolean operators.
There are three Boolean operators : negation (not),
conjunction (and), and disjunction (or).
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Boolean operator precedence from highest to lowest is:
negation (not), conjunction (and), and disjunction (or).
Parentheses may be used to force the evaluation differently
than the normal operator precedence.
For example
med eq 10 and not destination in (10.1.3.0/24) or community is (56:78)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
RPL has a default drop condition once a policy is applied
If the route is not accepted it is dropped
similar behavior to Cisco IOS route maps
Acceptance determined by
modifying any route attribute, or
hitting the pass statement.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
•The term set used in its mathematical sense means an
unordered collection of unique elements. The policy language
provides sets as a container for groups of values for matching
purposes.
•They are used in conditional expressions. The elements of the
set are separated by commas.
•There are four kinds of sets: as-path-set, community-set,
extcommunity-set and prefix-set.
•There are two forms for set definition: named form and inline
form.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
•Named set form example:
Prefix-set pfset1
10.1.1.0/24,
10.2.2.0/24
end-set
(10.1.1.0/24 , 10.2.2.0/24)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
To convert a regular route-map into an RPL policy we will use
the following four steps:
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
ip prefix-list 101
10 permit 10.48.0.0/16 le 32
20 permit 172.48.0.0/19
30 permit 192.168.3.0/24
ip prefix-list 102
10 permit 172.16.10.0/24
20 permit 192.168.8.0/21
30 permit 192.168.32.0/21
ip community-list 1
10 permit 10:11
ip community-list 2
10 permit 10:12
ip community-list 3
10 permit 10:13
ip community-list 4
10 permit 10:14
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
route-map sample1 permit 10 route-map sample2 permit 10
match ip address prefix-list 101 match ip address prefix-list 102
match community 1 match community 1
set metric 11 set metric 11
set community 12:34 additive set community 12:35 additive
prefix-set ps102
172.16.10.0/24,
192.168.8.0/21,
192.168.32.0/21
end-set
community-set cs1
10:11
end-set
community-set cs2
10:12
end-set
community-set cs3
10:13
end-set
community-set cs4
10:14
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Convert the first route map to a RPL “route-
policy”. Use a simple condition (“if” and “else
if” in this example) for every match clause in
the route map and an action statement (in this
case “set”) for every set command in the route
map.
route-policy policy1
if destination in ps101 and community matches-any cs1 then
set med 11
set community 12:34 additive
elseif destination in ps101 and community matches-any cs2 then
set med 12
set community 12:34 additive
elseif destination in ps101 and community matches-any cs3 then
set med 13
set community 12:34 additive
elseif destination in ps101 and community matches-any cs4 then
set med 14
set community 12:34 additive
elseif destination in ps101
set med 100
set community 12:34 additive
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Convert the second route map as well
using the same type of “if” and “set”
statements. Note the repetitive statements
“if destination…” and “set community..” in
both policies.
route-policy policy2
if destination in ps102 and community matches-any cs1 then
set med 11
set community (12:35) additive
elseif destination in ps102 and community matches-any cs2 then
set med 12
set community (12:35) additive
elseif destination in ps102 and community matches-any cs3 then
set med 13
set community (12:35) additive
elseif destination in ps102 and community matches-any cs4 then
set med 14
set community (12:35) additive
elseif destination in ps102
set med 100
set community (12:35) additive
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Replace the redundant “if destination in”
conditional and “set community” statements
in the first route policy by just one instance
each.
route-policy policy1
if destination in ps101 then
set community (12:34) additive
if community matches-any cs1 then
set med 11
elseif community matches-any cs2 then
set med 12
elseif community matches-any cs3 then
set med 13
elseif community matches-any cs4 then
set med 14
else Leave the nested ‘if community”
set med 100 conditionals to reduce size and
endif
endif
evaluation processing.
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
route-policy policy2
Perform a similar action on the second
if destination in ps102 then route policy reducing repetitive
set community (12:35) additive conditional statements.
if community matches-any cs1 then
set med 11
elseif community matches-any cs2 then
set med 12
elseif community matches-any cs3 then
set med 13
elseif community matches-any cs4 then
set med 14
else
set med 100
endif
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Replace small named community sets with
inline sets reducing named set references
route-policy policy1 during policy evaluation.
if destination in ps101 then
set community (12:34) additive
if community matches-any (10:11) then
set med 11
elseif community matches-any (10:12) then
set med 12
elseif community matches-any (10:13) then
set med 13
elseif community matches-any (10:14) then
set med 14
else
set med 100
endif
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Perform same replacement of named
community sets in the second route policy.
route-policy policy2
Note that the two route policies are nearly
if destination in ps102 then identical.
set community (12:35) additive
if community matches-any (10:11) then
set med 11
elseif community matches-any (10:12) then
set med 12
elseif community matches-any (10:13) then
set med 13
elseif community matches-any (10:14) then
set med 14
else
set med 100
endif
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Create a parameterized policy block that
Parameter “$tag” replaces contains the common policy structure to
unique community value. be used by the route policies.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Apply the parameterized policy to replace
the similar policy blocks in both of the
route policies.
route-policy policy1
if destination in ps101 then
apply common (34)
pass
endif
end-policy
route-policy policy2
if destination in ps102 then
apply common (35)
pass
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
•The Command Line Interface (CLI) provides the means to enter
and delete route policy statements. It also provides a unique
means to edit the contents of the policy between the begin-end
brackets using a microemacs editor.
•The name of the object being edited must be included following
the object type in the edit command.
RP/0/0/CPU0:pod1#edit ?
as-path-set edit an as-path-set
community-set edit a community-set
extended-community-set edit an extended-community-set
prefix-set edit a prefix-set
route-policy edit a route-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
•Instead of each line being an individual command, one can think of each policy or set as a
configuration object that can manipulated as a unit using the edit command.
•After entering the edit route-policy command, a copy of the route-policy or set is copied to a
temporary file and the pico editor is launched. After editing, save the changes by using the
exit command, ^X (control-X). If changes have been made answer Yes and then return saves
the changes. You will then be prompted to commit the configuration changes
•If you answer no, the running configuration is not changed and the editing session ends.
•If you answer cancel, the editor continues on in the text buffer from where you left off.
•If you answer yes, the configuration is committed. If there is a syntax error in the policy
object, you notified of the error and also prompted to continue editing or not.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
To display the configuration of a specific named route policy, use the
show rpl route-policy <name> command in EXEC mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
To display Border Gateway Protocol (BGP) information about networks
that match an outbound route policy, use the show bgp route-policy
<name> command in EXEC mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
RP/0/RP0/CPU0:router#sh bgp route-policy sample
Tue Nov 8 18:26:01.756 EST
BGP router identifier 192.168.1.24, local AS number 100
BGP generic scan interval 300 secs
BGP table state: Active
Table ID: 0xe0000000
BGP main routing table version 4690934
BGP scan interval 60 secs
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Thank you.