BGP Route Filtering: Route-Maps



This will be the first of a few posts. In preparations for my second attempt at my CCIE RS Lab exam, I am going back to the basics on route filtering for BGP. The first form that I am going to look at is using a route-map. A route-map is similar to an ACL in the sense that sequence numbers are used, but that’s about where the similarities stop. When thinking of a route-map, I think ask myself the following questions:

  • Do I want to permit or deny a route or routes?
    • What route(s) does this include?
  • Have I created an ACL that encompasses these routes?
    • If not, do it.
  • Am I simply permitting or denying routes are am I modifying them in some way?

With these questions, we can look at a basic route-map:

route-map LOCAL-PREF permit 10
 match ip address 1
 set local-preference 110
route-map LOCAL-PREF permit 20

What we can see here is that we are creating a route-map called LOCAL-PREF. The first sequence number is a permit statement. On this sequence, we are matching the ip addresses outlined in access-list 1. Then, to all of those ip addresses (or routes in the case of what we are doing here), the local preference is set to 110. Make note of the next line though: “route-map LOCAL-PREF permit 20”. This line is needed because of how a route-map works. Say you had other routes being shared through this route-map. If they were not included in ACL 1 and there was not an empty permit sequence at the end of the route-map, then those routes would be denied altogether. Similar to an implicit deny with an ACL.

In terms of the “set” command that is used, there are many criteria that can be set. These include the following:


Router(config-route-map)#set ?
  as-path           Prepend string for a BGP AS-path attribute
  automatic-tag     Automatically compute TAG value
  clns              OSI summary address
  comm-list         set BGP community list (for deletion)
  community         BGP community attribute
  dampening         Set BGP route flap dampening parameters
  default           Set default information
  extcomm-list      Set BGP/VPN extended community list (for deletion)
  extcommunity      BGP extended community attribute
  global            Set to global routing table
  interface         Output interface
  ip                IP specific information
  ipv6              IPv6 specific information
  level             Where to import route
  local-preference  BGP local preference path attribute
  metric            Metric value for destination routing protocol
  metric-type       Type of metric for destination routing protocol
  mpls-label        Set MPLS label for prefix
  origin            BGP origin code
  tag               Tag value for destination routing protocol
  traffic-index     BGP traffic classification number for accounting
  vrf               Define VRF name
  weight            BGP weight for routing table

Depending on what your configuration is requiring, you can use one of these options. The most common use is to help influence the routing paths traffic may take by setting local preference or the metric.
That example was to modify routes being shared, but you can also block routes altogether:


route-map FILTER deny 10
match ip address 1
route-map FILTER permit 20

In this case, route-map filter is matching ACL 1 in its first sequence, but notice this is a deny statement. Any routes matched in this sequence will be denied, and not shared. The empty permit sequence would then allow all remaining routes not outlines in ACL 1.


So how is the route-map used then? It’s actually very easy. in BGP you have a neighbor statement to setup your peering to a remote device. You simply add another neighbor statement, specifying the route-map you want to use and the direction. For direction, you can either choose “out” or “in”. This allows you to filter routes on an outbound basis that you are sharing to your peered routers as well as on an inbound basis to control what you receive from other devices.

For an example, say we were working with the route-map FILTER that I used above. I wanted to deny specific routes to my BGP neighbor My BGP configuration may look a bit like this:


route-map LOCAL-PREF permit 10
router bgp 65000
 bgp router-id
 bgp log-neighbor-changes
 neighbor remote-as 65000
 neighbor update-source Loopback0
 neighbor route-map FILTER out

This would set my route-map to filter the routes that I am sharing over to router By changing the word “out” to “in” in the config above, I could easily make this work in the other direction if needed.


  1. Greetings,

    Is it possible to change Local Preference of one network to go out a second circuit if you have to circuits on a router? I have a router with two circuits; primary and secondary. I have a Local Preference set to 200 for all the networks, but one network I would like it to use the secondary circuit. Can this work?

    • With the list of BGP attributes, there are multiple ways to configure primary and standby paths. In the end it’s all about comparing each path for a specific prefix and determining which is best.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.