Configuring BGP and OSPF Routing Policies on SteelHead SD
  
Configuring BGP and OSPF Routing Policies on SteelHead SD
This topic describes how to configure autonomous system boundary routers (ASBR) and route policies. It includes these sections:
Overview of routing policies on SteelHead SD
What are routing policies?
Creating routing IPv4 prefix lists
Creating routing community lists
Creating routing AS path lists
Configuring route maps
Overview of routing policies on SteelHead SD
SteelHead SD appliances act as a full ASBR when they are located at the branch. ASBR-full routing policies are supported on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. ASBR-full support is not available on SteelConnect SDI-130/330/1030 and virtual gateways.
An ASBR is a router that is connected to several autonomous systems (ASs) using multiple protocols. Typically, ASBRs are connected via an exterior routing protocol (for example, BGP). An ASBR can also connect LAN routers through an interior gateway protocol (IGP), such as OSPF within its own AS. Basically, with an ASBR you are distributing routes from BGP to OSPF and from OSPF to BGP. An ASBR can also distribute static and connected routes into these protocols.
For example, if you have a SteelHead SD on Branch-1 with eBGP configured on the WAN uplink and OSPF configured on the LAN zones. The SteelHead SD can distribute LAN routes to the WAN and WAN routes to the LAN. This method of redistributing routes received via one routing protocol through another protocol is called route redistribution or route injection.
ASBR deployment in branch 1
SteelHead SD provides:
BGP redistribution - Support includes static and connected route redistribution, OSPF route redistribution, and default route redistribution to BGP neighbors.
OSPF redistribution - Support includes static and connected route redistribution, OSPF route redistribution, and default route redistribution.
Extended ASN capability - Extended autonomous system number (ASN) capability is set as the default when the first AS number is configured. Normal ASN ranges from 1 to 65535, but with the extended ASN capability the range 65536 to 4294967295 is also supported.
ASBR routing policies are available only on underlay branch networks.
What are routing policies?
Routing polices are rules that are applied when routes are distributed between the routers. Creating routing policies enables you to redistribute BGP, OSPF, static, and connected routes.
ASBR routing policies are not policy-based routing where routing decisions are made while directing the traffic.
Creating routing policies enables you to apply certain rules and route attributes while redistributing BGP, OSPF, static and connected routes. You can create route-maps for the following purposes:
Route injection in OSPF.
Default route origination in OSPF.
Static and connected route injection BGP.
OSPF route injection in BGP.
Policies at the BGP neighbor level.
Default route origination in BGP for a neighbor.
Each route map clause has two types of values:
A match value selects routes to which the clause should be applied.
A set value modifies information that will be redistributed into the target protocol.
For each route that is being redistributed, the router evaluates the match criteria of a clause in the route map. If the match criteria succeed, then the route is redistributed and some of the attributes may be modified by the set clause. If the route doesn’t match any clause in a route map, then the route redistribution is denied.
Once configured, the route-maps can be applied to satisfy the needs of these use-cases:
Route Injection in OSPF - OSPF redistributes static, connected, and BGP routes. This route-map category contains only a match criteria. The route map depends on the following objects:
IP prefix lists
Interface (all zones/uplinks associated with SteelHead SD appliances in the given organization)
Default Route Origination in OSPF - Redistributes the default route in OSPF. This category of route-map contains both match and set criteria. This is the simplest route-map category that is not dependent on other objects.
Static and Connected Route Injection in BGP - Redistributes static and connected routes in BGP using a list of IPv4 prefixes. This route-map category contains both match and set criteria. Also dependent on the following objects:
IPv4 prefix lists
Interface
OSPF Route Injection in BGP - Redistributes OSPF routes in BGP using a list of IPv4 prefixes. This category of route map contains both match and set criteria.
Policies at the BGP Neighbor Level - Redistributes routes for BGP neighbors using a community list and list of IP next-hop prefixes. You can set the origin-type attribute in this use case to influence path selection based on the origin of a prefix. This route-map category contains both match and set criteria. The match criteria in this use case is dependent on:
Community list
Prefix list
Default Route Origination in BGP for a Neighbor -Redistributes the route in BGP. This route-map category contains both match and set criteria. There are not any dependent objects for this type of route map.
User Defined Route Map - Enables you to create route map that includes all the match and set criteria available.
Basic steps
Perform these basic steps to configure routing polices.
1. If you have a SteelConnect SDI-2030 gateway, configure a dynamic routing policy. For details, see Dynamic routing overview in the SteelConnect Manager User Guide.
You can’t create dynamic routing policies for SteelHead SD 570-SD, 770-SD, and 3070-SD appliances located at the branch.
2. Configure IPv4 prefix lists. For details, see Creating routing IPv4 prefix lists.
3. Configure community lists. For details, see Creating routing community lists.
4. Configure AS prefix lists. For details, see Creating routing AS path lists.
5. Configure route maps by specifying the available use cases. For example, create a route map for a routing policy to establish BGP neighbors. For details, see Configuring BGP route redistribution.
6. Configure inbound and outbound route maps and prefixes for BGP neighbors using the configured route maps. For details on configuring BGP neighbors, see Enabling BGP and configuring BGP neighbors on SteelHead SD.
7. Configure BGP redistribution and BGP summarization settings using the configured route maps. For details, see Configuring BGP route redistribution and Configuring BGP route summarization.
Creating routing IPv4 prefix lists
An IPv4 prefix list contains a list of IPv4 prefixes and a name that is associated for each list. For details on how prefix lists is used in BGP routing, see Configuring conditional default-route originate routing.
To create a IPv4 prefix list
1. Choose Routing > IPv4 Prefix Lists.
2. Click Add IPv4 Prefix List.
Creating an IPv4 prefix list
3. Specify the name of the IPV4 prefix list.
4. Click Submit.
5. To define the prefixes for the list, select the list in the IPv4 Prefix List page.
Defining IPv4 prefixes list
6. Click Allow to distribute only the specified prefixes and deny the rest. Click Deny to stop distribution of the prefixes specified and allow the rest.
7. Click Add Prefix.
Adding a prefix
8. Enter the IP prefix designated for the range of addresses to distribute. Use the format: xxx.xxx.xxx.xxx/xx
9. Click Submit.
Click Actions to delete a list.
Creating routing community lists
A BGP community is a group of routes to which a BGP router applies the same policies. You specify the name of the community list and a string that contains values only from a predefined set of keywords and numbers. For details on how community lists is used in BGP path selection, see Configuring BGP path selection.
To create a community list
1. Choose Routing > Community Lists.
2. Click Add Community List.
Creating a community list
3. Enter a descriptive name for the community list.
4. Click the search selector for community list options. In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535.
internet - Advertises this route to the internet community; by default, all prefixes are members of the internet community.
local-AS - Doesn’t advertise the route to any external peers.
no-export - Instructs routers not to export a prefix to eBGP neighbors. For instance, subnets of a larger block can be advertised to influence external AS best-path selection, and those not required for this traffic engineering purpose may be tagged NO-EXPORT to prevent them from being leaked to the internet (and thus contributing to unnecessary global routing table growth).
no-advertise - Instructs a BGP router not to advertise the tagged prefix to any other neighbor, including other iBGP or eBGP routers.
5. Click Submit.
6. To edit a community list, select the list in the Community List page, edit the expressions, and click Submit.
Editing an AS path list
Click Actions to delete a list.
Creating routing AS path lists
You specify the name of the AS path list and define a regular expression that defines the attributes of the AS path. For details on how AS path lists are used in BGP path selection, see Configuring BGP path selection.
You must be familiar with creating regular expressions (that is, regex) to create AS path lists. If you are not familiar with regex, we recommend that you do not configure this feature.
The AS path list can be used while applying route policies at the BGP neighbor level.
To create an AS path list
1. Choose Routing > AS Path List.
2. Click Add AS Path List to expand the page.
Creating an AS path list
3. Enter a descriptive name for the AS path list.
4. Click the search selector for a list of AS list options. Enter one or more AS numbers from 1 to 4294967295. Separate multiple numbers with a space.
Anything - Specifies the BGP expression “.*”, which matches anything. The “.*” matches any single character (“.”), and then finds zero or more instances of that single character (“*”).
Learned from AS - Enter one or more AS numbers from 1 to 4294967295 and click Submit. Separate multiple numbers with a space.
Locally originated routes - Specifies the BGP expression: “^$”, which matches locally originated routes. “^$” means that the string is null. Within the scope of BGP, the only time that the AS path is null is when you are looking at a route within your own AS that you or one of your iBGP peers has originated.
Originated in AS - Enter one or more AS numbers from 1 to 4294967295. Separate multiple numbers with a space and click Submit.
Any instance of AS - Enter one or more AS numbers from 1 to 4294967295. Separate multiple numbers with a space and click Submit.
Directly connected to AS - Specifies the BGP expression “^[0-9]+$”, which matches all routes originated in any directly connected single AS. These are the routes directly originated by the peers of your AS.
5. Click Submit.
6. To edit an AS path list, select the list in the AS Path page, edit the expressions, and click Submit.
Editing an AS path list
Click Actions to delete a list.
Configuring route maps
After you configure AS lists, community lists, and IPv4 lists, you configure route maps. A route map defines the routes from the specified routing protocol that are redistributed into the target routing process. You define each route map with match and set conditions for each use case.
For details on how route maps is used in BGP path selection, see Configuring BGP path selection.
To create use case route maps
1. Choose Routing > Route Maps.
2. Click Add Route Map.
Creating route maps
3. Specify the name of the route map.
4. Select a use case from the drop-down list:
Route injection in OSPF - Allows the creation of match clauses that can be applied during BGP, static, and connected route injection in OSPF.
Default route origination in OSPF - Allows the creation of match and set clauses that can be used during the default route origination in OSPF.
Static and connected route injection in BGP - Allows the configuration of match and set clauses that can applied while redistributing static and connected routes in BGP.
OSPF route injection in BGP - Allows the creation of match and set clauses that can be applied while redistributing OSPF routes in BGP.
Policies at a BGP neighbor level - Allows the configuration of match and set clauses that can be applied while establishing a BGP neighbor. For details on how route map criteria are used in BGP path selection, see Configuring BGP path selection.
Default route origination in BGP for a neighbor - Allows the configuration of match and set clauses that can be applied while advertising a default route to a BGP neighbor.
User defined route map - Allows the configuration of match and set clauses that can be applied while applying all the route use cases. For details on how route map criteria are used in BGP path selection, see Configuring BGP path selection.
5. Click Submit. The route map is displayed on the Route Map page.
Click Deny on the Route Map page to stop distribution of the route map.
6. To define the match and set criteria, select the route map to expand the page. The Match Criteria and Set Criteria tabs are displayed depending on the match and set requirements for each use case.
Match Criteria and Set Criteria tabs
7. Fill out the fields for the Match Criteria and Set Criteria using this table. The criteria differ according to the use case you have chosen.
Use case
Match criteria
Set criteria
Route injection in OSPF
Interface- Optionally, select the interface. When the interface matches the next-hop interface of the route, the route qualifies for redistribution by the router.
IP list - Optionally, select an IP list. When a routes prefix address matches a prefix in the list, then that route is qualified for distribution.
Next hop list - Optionally, select the next-hop prefix. When the next-hop address matches the selected address, the route qualifies for distribution by the router.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
No set criteria required.
Default route origination in OSPF
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Static and connected route injection in BGP
Interface - Optionally, click the search selector and select the interface. When the interface matches the next-hop interface of the route, the route qualifies for redistribution by the router.
IP list - Optionally, select the IPv4 prefix list.
Next hop list - Optionally, select the next-hop prefix. When the next-hop address matches the selected address, the route qualifies for distribution by the router.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
AS path - Click On to set the AS path for the route. Specify the AS string as space separated list from 1 to 4294967295. For details, see Configuring BGP path selection.
Tag - If On, then the value is prepended with the AS path of the BGP route.
IP next hop - If On, then updates the IP next-hop address of the routes. Enter the IP address to be used as the next hop.
Self address - If On, under Self address, click On to use the self address as the next-hop address.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Community - In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535. For details, see Configuring BGP path selection.
internet
local-AS
no-export
no-advertise
Additive - The specified community string is added to the route’s community string.
OSPF route injection in BGP
Interface - Optionally, select the interface. When the interface matches the next-hop interface of the route, the route qualifies for redistribution by the router.
IP list - Optionally, select the IPv4 prefix list.
Next hop list - Optionally, select the next-hop prefix. When the next-hop address matches the selected address, the route qualifies for distribution by the router.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Metric type - When the type matches the value specified, then that route is qualified to be distributed:
Type 1 - This type includes the external cost to the destination as well as the cost (metric) to reach the AS boundary router.
Type 2 - This type uses only the external cost to the destination and ignores the cost (metric) to reach the AS boundary router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
AS path - Click On to set the AS path for the route. Specify the AS string as space separated list from 1 to 4294967295. For details, see Configuring BGP path selection.
Tag - If On, then the value is prepended with the AS path of the BGP route.
IP next hop - If On, then updates the IP next-hop address of the routes. Enter the IP address to be used as the next hop.
Self address - If On, under Self address, click On to use the self address as the next-hop address.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Community - In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535. For details, see Configuring BGP path selection.
internet
local-AS
no-export
no-advertise
Additive - The specified community string is added to the route’s community string.
Policies at the BGP neighbor level
Origin type - The path attribute in the BGP update message that indicates the origin of the route. For details, see Configuring BGP path selection. Select the origin type from the list:
igp - The route is interior gateway protocol (IGP) (such as OSPF) to the AS of origination. The routes received from BGP are marked with the ‘i”.
egp -Route is received from BGP via Exterior Gateway Protocol (EGP), as indicated by “e” in the BGP table.
incomplete - The routes that are redistributed into BGP using the redistribution command. These routes are marked with “?” in the BGP routing table.
Community - Optionally, select the community list. A BGP route is permitted if it belongs to the specified community string. For details, see Configuring BGP path selection.
Next hop list - Optionally, select the next-hop prefix. When the next-hop address matches the selected address, the route qualifies for distribution by the router.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Origin type - The path attribute in the BGP update message that indicates the origin of the route. For details, see Configuring BGP path selection. Select the origin type from the list:
igp - The route is interior gateway protocol (IGP) (such as OSPF) to the AS of origination. The routes received from BGP are marked with the ‘i”.
egp -Route is received from BGP via Exterior Gateway Protocol (EGP), as indicated by “e” in the BGP table.
incomplete - The routes that are redistributed into BGP using the redistribution command. These routes are marked with “?” in the BGP routing table.
AS path - Click On to set the AS path for the route. Specify the AS string as space separated list from 1 to 4294967295. For details, see Configuring BGP path selection.
Tag - If On, then the value is prepended with the AS path of the BGP route.
IP next hop - If On, then updates the IP next-hop address of the routes. Enter the IP address to be used as the next hop.
Self address - If On, under Self address, click On to use the self address as the next-hop address.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Local-preference - Optionally, enter the value from 0 to 4294967295 to set the value to the received routes. The default value for the local preference is 100. If a route has no local preference specified it is treated as if it had a local preference of 100. If the iBGP speaker receives multiple routes to the same destination, then the route with the highest value is preferred. For details, see Configuring BGP path selection.
Policies at the BGP neighbor level cont.
 
Tag - Optionally, enter value to be attached to all routes. The range is from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Community - In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535. For details, see Configuring BGP path selection.
internet
local-AS
no-export
no-advertise
Additive - The specified community string is added to the route’s community string.
Default route origination in BGP for a neighbor
IP list - Select a route prefix that can be allowed or denied.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Tag - Optionally, enter a value from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Prefix list - Select the prefix list. The injected default route will be advertised only if the prefix is present in the FIB. If at least one prefix in the route-map is matched in the local routing table, a default will be originated. For details, see Creating routing IPv4 prefix lists.
AS path - Click On to set the AS path for the route. Specify the AS string as space separated list from 1 to 4294967295. For details, see Configuring BGP path selection.
Tag - If On, then the value is prepended with the AS path of the BGP route.
IP next hop - If On, then updates the IP next-hop address of the routes. Enter the IP address to be used as the next hop.
Self address - If On, under Self address, click On to use the self address as the next-hop address.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Default route origination in BGP for a neighbor cont.
 
Tag - Optionally, enter value to be attached to all routes. The range is from 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
Community - In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535. For details, see Configuring BGP path selection.
internet
local-AS
no-export
no-advertise
Additive - The specified community string is added to the route’s community string.
User defined route map
Interface- Optionally, select the interface. When the interface matches the next-hop interface of the route, the route qualifies for redistribution by the router.
Origin type - The path attribute in the BGP update message that indicates the origin of the route. For details, see Configuring BGP path selection. Select the origin type from the list:
igp - The route is interior gateway protocol (IGP) (such as OSPF) to the AS of origination. The routes received from BGP are marked with the ‘i”.
egp -Route is received from BGP via Exterior Gateway Protocol (EGP), as indicated by “e” in the BGP table.
incomplete - The routes that are redistributed into BGP using the redistribution command. These routes are marked with “?” in the BGP routing table.
Origin type - The path attribute in the BGP update message that indicates the origin of the route. For details, see Configuring BGP path selection. Select the origin type from the list:
igp - The route is interior gateway protocol (IGP) (such as OSPF) to the AS of origination. The routes received from BGP are marked with the ‘i”.
egp -Route is received from BGP via Exterior Gateway Protocol (EGP), as indicated by “e” in the BGP table.
incomplete - The routes that are redistributed into BGP using the redistribution command. These routes are marked with “?” in the BGP routing table.
User defined route map cont.
Community - Optionally, select the community list. A BGP route is permitted if it belongs to the specified community string. For details, see Configuring BGP path selection.
IP list - Optionally, select an IP list. When a routes prefix address matches a prefix in the list, then that route is qualified for distribution.
Next hop list - Optionally, select the next-hop prefix. When the next-hop address matches the selected address, the route qualifies for distribution by the router.
Metric - Optionally, enter a value from 0 to 4294967295. When a metric value in a route matches this value, the route qualifies for distribution by the router.
Metric type - When the type matches the value specified, then that route is qualified to be distributed:
Type 1 - This type includes the external cost to the destination as well as the cost (metric) to reach the AS boundary router.
Type 2 - This type uses only the external cost to the destination and ignores the cost (metric) to reach the AS boundary router.
AS path - Click On to set the AS path for the route. Specify the AS string as space separated list from 1 to 4294967295. For details, see Configuring BGP path selection.
Tag - If On, then the value is prepended with the AS path of the BGP route.
Community - In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535. For details, see Configuring BGP path selection.
internet
local-AS
no-export
no-advertise
internet
local-AS
no-export
no-advertise
Additive - The specified community string is added to the route’s community string.
8. Click Submit.