Policy Rules

NVIDIA Onyx User Manual v3.10.4006

Route maps define conditions for redistributing routes between routing protocols. A route map clause is identified by a name, filter type (permit or deny) and a sequence number. Clauses with the same name are components of a single route map; the sequence number determines the order in which the clauses are compared to a route.

Warning

Route maps can be used only for the BGP protocol.

Warning

Route maps cannot be used for the commands “network” or “redistribute”.

route-map

route-map <map-name> [deny | permit] [sequence-number]

no route-map <map-tag> {deny | permit} [<sequence-number>]

Creates a route map that can be used for importing, exporting routes and applying local policies.

The no form of the command deletes configured route maps.

Syntax Description

name

Name of the route-map

deny | permit

Configures the rule to be used

sequence-number

Sequence number for a route-map specific record

Default

N/A

Configuration Mode

config

History

3.3.5006

Example

switch (config) # route-map mymap permit 1200

switch (config route-map mymap permit 1200)#

Related Commands

Notes

  • All changes in a the route map configuration mode become pending until the end of the route-map session

  • If not configured, deny | permit is configured as permit

  • If not configured, sequence-number default value is 10


continue

continue <sequence-number>

no continue

Enables additional route map evaluation of routes whose parameters meet the clause’s matching criteria.

The no form of the command removes this configuration from the route map clause.

Syntax Description

N/A

Default

N/A

Configuration Mode

config route map

History

3.3.5006

Example

switch (config route-map mymap permit 10)# match as-number 40

switch (config route-map mymap permit 10)# set weight 7

switch (config route-map mymap permit 10)# continue 1200

switch (config route-map mymap permit 10)# exit

Related Commands

route-map <map-name> [deny | permit] [sequence-number]

Notes

  • A clause typically contains a match (route-map) and a set (route-map) statement. The evaluation of routes whose settings are the same as match statement parameters normally end and the clause’s set statement are applied to the route. Routes that match a clause containing a continue statement are evaluated against the clause specified by the continue statement.

  • When a route matches multiple route-map clauses, the filter action (deny or permit) is determined by the last clause that the route matches. The set statements in all clauses matching the route are applied to the route after the route map evaluation is complete. Multiple set statements are applied in the same order by which the route was evaluated against the clauses containing them.

  • Continue cannot be set to go back to a previous clause; <sequence-number> of the continue must always be higher than the current clause’s sequence number.


abort

abort

Discards pending changes and returns to global configuration mode.

Syntax Description

N/A

Default

N/A

Configuration Mode

config route map

History

3.3.5006

Example

switch (config route-map mymap permit 10)# abort

Related Commands

Notes


match as-number

match as-number <number>

no match as-number

Filters according to one of the AS numbers in the AS path of the route.

The no form of the command removes this configuration from the route map clause.

Syntax Description

number

Autonomous system number to check

Default

N/A

Configuration Mode

config route map

History

3.3.5006

Example

switch (config route-map mymap permit 10)# match as-number 40

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number

  • If all clauses fail to permit or deny the route, the route is denied


match as-path

match as-path <as-path-list name>

no match as-path

Creates a route map clause entry that matches the route‘s AS path using an as-path access-list.

The no form of the command removes the match statement from the configuration mode route map clause.

Syntax Description

number

Autonomous system number to check

Default

N/A

Configuration Mode

config route map

History

3.3.5006

3.6.3004

Added note

Example

switch (config route-map mymap permit 10)# match as-path my-list

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number

  • If all clauses fail to permit or deny the route, the route is denied

  • An as-path-list must already exist before a node is configured to use it


match community-list

match community <communities-list-name> exact-match

no match community <communities-list-name> exact-match

Creates a route map clause entry that specifies one route filtering condition.

The no form of the command removes the match clause.

Syntax Description

communities-list-name

A name of an IP community list

Default

N/A

Configuration Mode

config route map

History

3.3.5006

Example

switch (config route-map mymap permit 10)# match community-list COM_LIST exact-match

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement.

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number.

  • If all clauses fail to permit or deny the route, the route is denied.


match ip/ipv6 address

match ip address <prefix-list-name>

no match ip address

match ipv6 address <prefix-list-name>

no match ipv6 address

Filters according to IPv4/IPv6 prefix list.

The no form of the command removes this configuration from the route map clause.

Syntax Description

prefix-list-name

Prefix-list name

Default

N/A

Configuration Mode

config route map

History

3.3.5006

Example

switch (config route-map mymap permit 10)# match ip address listSmallRoutes

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number

  • If all clauses fail to permit or deny the route, the route is denied

  • The prefix-list-name should point to an existing IP prefix-list. If it is not found, no route is considered as a match for this clause.


match ip next-hop

match ip next-hop <ipv4/ipv6>

no match ip next-hop

Configures a route’s entry next-hop match.

The no form of the command removes a route-map’s entry next-hop match.

Syntax Description

ipv4/ipv6

Next hop IP address (e.g. 10.0.13.86)

Default

N/A

Configuration Mode

config route map

History

3.3.5200

3.6.4070

Added support for IPv4 and IPv6

Example

switch (config route-map mymap permit 10)# match ip next-hop 10.10.10.10

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number

  • If all clauses fail to permit or deny the route, the route is denied


match metric

match metric <value>

no match metric

Configures a route’s entry metric match.

The no form of the command removes a route-map’s entry metric match.

Syntax Description

value

Range: 1-2147483647.

Default

N/A

Configuration Mode

config route map

History

3.3.5200

3.4.0000

Updated value range

Example

switch (config route-map mymap permit 10)# match metric 10

Related Commands

Notes

  • When a clause contains multiple match commands, the permit or deny filter applies to a route only if its properties are equal to corresponding parameters in each match statement

  • When a route’s properties do not equal the statement parameters, the route is evaluated against the next clause in the route map, as determined by sequence number

  • If all clauses fail to permit or deny the route, the route is denied


set as-path prepend

set as-path prepend <value1> <value2> ... <valuen>

no set as-path prepend

Modifies as-path on affected routes.

The no form of the command removes the set statement from the route map.

Syntax Description

value

BGP AS number that is prepended to as-path

Range: 1-4294967295

Default

N/A

Configuration Mode

config route map

History

3.4.0000

Example

switch (config route-map mymap permit 10)# set as-path prepend 5 10

Related Commands

Notes


set community additive

set community <list-of-communities> additive

no set community <list-of-communities> additive

Adds the matching communities.

The no form of the command removes the set statement from the clause.

Syntax Description

list-of-communities

List of standard communities:

  • <aa:nn>

  • <number>

  • internet

  • local-AS

  • no-advertise

  • no-export

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set community none

Related Commands

Notes


set community none

set community none

no set community none

Sets the community attribute of a distributed route to be empty.

The no form of the command removes the set statement from the clause.

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set community none

Related Commands

Notes


set community delete

set community <list of communities> delete

no set community <list of communities> delete

Deletes matching communities.

The no form of the command removes the set statement from the clause.

Syntax Description

list of communities

List of standard communities:

  • <aa:nn>

  • <number>

  • internet

  • local-AS

  • no-advertise

  • no-export

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map test_route_map permit 10) # set community 400:1 delete

Related Commands

Notes


set community-list

set community-list <community-list-name>

no set community <list of communities>

Configures a named standard community list.

The no form of the command removes the set statement from the clause.

Syntax Description

<community-list-name>

Name of community list

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10 )# set community internet 1:3 additive

Related Commands

Notes

A community-list must already exist before a node is configured to use it


set community-list additive

set community-list <community-list-name> additive

no set community <list of communities> additive

Adds to existing communities using the communities found in the community list.

The no form of the command removes the set statement from the clause.

Syntax Description

<community-list-name>

Name of community list

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set community-list mycommunity additive

Related Commands

Notes


set community-list delete

set community-list <community-list-name> delete

no set community-list

Deletes the matching community list permit entries from the route community list.

The no form of the command removes the set statement from the clause.

Syntax Description

community-list-name

Name of community list

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set community-list mycommunity delete

Related Commands

Notes


set ip next-hop

set ip next-hop <ipv4/ipv6>

no set ip next-hop

Configures a route’s entry next-hop parameter.

The no form of the command removes a route-map’s entry next-hop setting.

Syntax Description

ipv4/ipv6

Route next-hop IP (e.g. 10.0.13.86)

Default

N/A

Configuration Mode

config route map

History

3.3.5200

3.6.4070

Added support for IPv4 and IPv6

Example

switch (config route-map mymap permit 10)# set ip next-hop 10.10.10.10

Related Commands

Notes


set local-preference

set local-preference <value>

no set local-preference

Configures a route’s entry local-preference parameter.

The no form of the command removes a route-map’s entry local-pref setting.

Syntax Description

value

Route local-pref

Range: 1-2147483648

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set local-preference 10

Related Commands

Notes


set metric

set metric <value>

no set metric

Configures a route’s entry metric parameter.

The no form of the command removes a route-map’s entry metric setting.

Syntax Description

value

Route metric

Range: 1-2147483647

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set metric 10

Related Commands

Notes


set origin

set origin <egp | igp | incomplete>

no set origin

Configures a route’s entry origin parameter.

The no form of the command removes a route-map’s entry origin setting.

Syntax Description

egp

Set a route’s entry origin parameter to external.

igp

Set a route’s entry origin parameter to internal.

incomplete

Set a route’s entry origin parameter to incomplete.

Default

N/A

Configuration Mode

config route map

History

3.3.5200

Example

switch (config route-map mymap permit 10)# set origin egp

Related Commands

Notes


set weight

set weight <number>

no set weight

Configures modifications to redistributed routes.

The no form of the command removes this configuration from the route map clause.

Syntax Description

number

Value of the weight to set

Range: 1-65535

Default

N/A

Configuration Mode

config route map

History

3.3.5006

3.4.0000

Updated parameter range

Example

switch (config route-map mymap permit 10)# set weight 7

Related Commands

route-map <map-name> [deny | permit] [sequence-number]

Notes


show route-map

show route-map [<name>]

Displays route map configuration.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.3.5006

Example

switch (config)# show route-map mymap

route-map mymap, permit, sequence 10

Match clauses:

as-number 40

Set clauses:

weight 7

route-map mymap, permit, sequence 1200

Set clauses:

weight 11

Related Commands

Notes


IP Prefix-List

IP prefix-lists are used to match two components of IP packets or an IP route. Prefix-list is a list of entries that include an IP network address and a bit mask (Range: 1 to 32 and should match the input IP network address).

Configuring Prefix-List with Multiple Entries

To create a new prefix-list with a large number of entries (50K for IPv4 or 25K for IPv6), use "configuration text fetch" to fetch a predefined prefix-list configuration file and then apply it as a whole.
In order to edit an existing prefix-list, the maximum entries that can be updated every time is 1K at most. An update operation of more than 1K entries can be achieved by doing this multiple times.

Configuration fetch example where fetch “prefix-list-001”:

Copy
Copied!
            

 switch (config) # configuration text fetch ?   <download URL> http, https, ftp, tftp, scp and sftp are supported. e.g. scp://username[:password]@hostname/path/filename

Apply:

Copy
Copied!
            

switch (config) # configuration text file prefix-list-001 apply verbose All commands succeeded.   Transcript of all commands executed:   ------------ Begin transcript ------------ Onyx-Demo (config) # ip prefix-list prefix-list-001 Onyx-Demo (config) # seq 1 permit 200.1.1.0 eq 24 Onyx-Demo (config) # seq 2 permit 1.1.1.2 eq 32 Onyx-Demo (config) # seq 3 permit 1.1.1.3 eq 32 Onyx-Demo (config) # seq 4 permit 1.1.1.4 eq 32 Onyx-Demo (config) # seq 5 permit 1.1.1.5 eq 32 Onyx-Demo (config) # seq 6 permit 1.1.1.6 eq 32 Onyx-Demo (config) # seq 7 permit 1.1.1.7 eq 32 Onyx-Demo (config) # seq 8 permit 1.1.1.8 eq 32 Onyx-Demo (config) # exit ------------ End transcript ------------

IP Prefix-List Commands

ip prefix-list

ip prefix-list <list-name> [seq <number>]

no ip prefix-list <list-name> [seq <number>]

ipv6 prefix-list <list-name> [seq <number>]

no ipv6 prefix-list <list-name> [seq <number>]

Configures or updates the IPv4 or IPv6 prefix-list in context mode.

The no form of the command deletes the prefix-list or a prefix-list entry.

Syntax Description

list-name

String

seq <number>

Sequence number assigned to entry

Range: 0-4294967295

Default value: 10

Default

N/A

Configuration Mode

config

History

3.3.5200

3.6.4070

Added support for IPv6

3.8.2100

Updated maximum sequence value. Reorganized the command into ip prefix-list command and sub-commands.

Example

switch (config) # ip prefix-list list-name

switch (config ip prefix-list list-name) # deny 1.1.1.0 /24

switch (config ip prefix-list list-name) # deny 1.1.2.0 /24

switch (config ip prefix-list list-name) # exit

switch (config) #

switch (config) # show ip prefix-list list-name

prefix-list list-name:

count: 2,

range entries: 0,

sequences: 10 - 20

Configuration:

seq 10 deny 1.1.1.0 /24 eq 24

seq 20 deny 1.1.2.0 /24 eq 24

Related Commands

route-table prefix-list

show ip bgp vrf address-family

Notes

The maximum entries for IPv4 prefix-list is 50K and for IPv6 is 25K.


ip prefix-list bulk-mode

ip prefix-list <list-name> bulk-mode

no ip prefix-list <list-name> bulk-mode

Enables bulk-mode for a given prefix-list.

Disables bulk-mode for a given prefix-list.

Syntax Description

list-name

String

Default

N/A

Configuration Mode

config

History

3.9.1900

Example

switch (config) # ip prefix-list list-name

switch (config) # ip prefix-list list-name bulk-mode # bulk-mode will be enabled for the prefix-list

switch (config) # ip prefix-list list-name seq 10 permit 20.20.20.20 /32 eq 32

switch (config) # ip prefix-list list-name seq 20 deny 21.21.21.21 /32 eq 32

switch (config) # ip prefix-list list-name commit # bulk setting of rules applied to Onyx, and bulk-mode for this prefix list is cleared.

Related Commands

Notes

  • In case of bulk-mode enabled, the prefix list rule configuration will be cached in CLI until 'commit' command is issued. Otherwise, the rule configuration will be applied immediately.

  • To apply prefix list configuration in bulk-mode will improve performance greatly in case of a very large prefix list (50K and up). The bulk mode is enabled by default if prefix list rules are configured under CLI prefix mode. When 'exit' is issued to quit from the CLI prefix mode, CLI will aggregate all the rule configuration and apply the bulk setting to the system.


ip prefix-list commit

ip prefix-list <list-name> commit

If bulk-mode is enabled for the prefix list, then commit the whole prefix-list configuration and reset bulk mode (otherwise, nothing will happen).

Syntax Description

list-name

String

Default

N/A

Configuration Mode

config

History

3.9.1900

Example

switch (config) # ip prefix-list list-name commit

Related Commands

Notes


permit

[seq <number>] <permit|deny> <ipv4_address|ipv6_address> <mask> [eq <length> | le <length> | ge <length> [le <length>]]

Configures IPv4 or IPv6 permit/deny clauses.

Syntax Description

permit | deny

Configures the prefixes to be used

ipv4_address

IPv4 address

Ipv6_address

IPv6 address

eq | ge | le <mask>

  • eq—equal to a specified prefix length

  • ge—greater than or equal to a specified prefix length

  • le—less than or equal to a specified prefix length

Default

N/A

Configuration Mode

config

History

3.8.2100

Example

switch (config) # ip prefix-list list-name

switch (config ip prefix-list list-name) # deny 1.1.1.0 /24

switch (config ip prefix-list list-name) # deny 1.1.2.0 /24

switch (config ip prefix-list list-name) # exit

switch (config) #

switch (config) # show ip prefix-list list-name

prefix-list list-name:

count: 2,

range entries: 0,

sequences: 10 - 20

Configuration:

seq 10 deny 1.1.1.0 /24 eq 24

seq 20 deny 1.1.2.0 /24 eq 24

Related Commands

route-table prefix-list

show ip bgp vrf address-family

Notes


show ipv6 prefix-list

show ipv6 prefix-list [<name>]

Displays IPv6 prefix-lists.

Syntax Description

name

Displays a specific prefix-list

Default

N/A

Configuration Mode

Any command mode

History

3.3.5200

3.6.4070

Added support for IPv6

Example

switch (config)# show ipv6 prefix-list

prefix-list: a-list

count: 1, range entries: 1, sequences: 10 - 10

seq 10 permit 2001::0 /64 ge eq 32 (hit count: 0, refcount: 0)

Related Commands

Notes

© Copyright 2023, NVIDIA. Last updated on Mar 5, 2024.