8.5 The BGP Routing Process
8.5.3 Implementing BGP routing policy
Input and output policies generally are defined using route maps. Route maps are used with BGP to control and modify routing information and to define the conditions routes are redistributed between routing domains.

Recall from Chapter 7, Route Optimization, that the route-map command is entered using the following syntax:

Router(config)#route-map map-tag [permit | deny] [sequence-number]

Note that map-tag is a name that identifies the route map; the sequence-number indicates the position that an instance of the route map is to have in relation to other instances of the same route map. Instances are ordered sequentially, starting with the number 10 by default.

For example, the route-map command might be used to define a route map named MYMAP:

route-map MYMAP permit 10
! First set of conditions goes here.
route-map MYMAP permit 20
! Second set of conditions goes here.

When BGP applies MYMAP to routing updates, it applies the lowest instance first (in this case, instance 10). If the first set of conditions is not met, the second instance is applied, and so on, until either a set of conditions has been met or there are no more sets of conditions to apply.

The condition portion of a route map is set by using the match and set commands. The match command specifies what criteria must be matched, and the set command specifies an action that is to be taken if the routing update meets the conditions defined by the match command.

Figure shows the commands needed to create a simple route map. Access list 1 is used here as a way to specify routes. 

You may recall that there are two types of access lists, standard and extended; the main difference is that a standard access list is applied to the source IP address, whereas an extended access list is normally applied to the source and destination of a packet. However, when used to filter routes within BGP, the first address/wildcard bit set given in an extended access list applies to the prefix, and the second address/wildcard bit set applies to the subnet mask of the advertised route.

In Figure , access list 1 identifies all routes of the form 1.1.1.x. A routing update of the form 1.1.1.x will match the access list and will be propagated (because of the permit keyword in the access list) with a metric set to 5.

When an update does not meet the criteria of a route map instance, BGP applies the next instance, and so on, until an action is taken or there are no more route map instances to apply. If the update does not match in any instance, the update is not redistributed or controlled.

The route map can be applied on the incoming (using the keyword in) or the outgoing (using the keyword out) BGP updates. Figure shows the commands needed to apply the route map MYMAP on the outgoing updates toward BGP neighbor 172.16.20.2.