Link Search Menu Expand Document

Routes Tab

Configuration > Networking > Routing > Routes

Each appliance builds a route table with entries that are added automatically by the system, added manually by a user, or learned from a routing protocol (SD-WAN Fabric Subnet Sharing, BGP, or OSPF). On this tab, you can view all routes for all appliances.

You can filter the type of routes displayed by clicking All, Local / Static, SD-WAN Fabric, BGP, OSPF, or OAP.

On this tab there are also links to the following tabs: BGP, OSPF, BFD, Peer Priority, Admin Distance, and Multicast. Clicking Enable Subnet Sharing with System Templates opens the Templates tab and launches the Add/Edit Template dialog box.

Route Maps

Route Maps are policies applied to IP routes during redistribution between routing protocols. They have Match Criteria and Set Actions that allow for filtering routes or modifying metrics and attributes for routes that meet the criteria defined in the match statement. Route-map rules follow a top-down order based on the sequence number defined for each entry.

EdgeConnect Enterprise supports applying Route Maps inbound from and outbound to BGP peers and outbound to OSPF neighbors and the SD-WAN Fabric. It is best practice to use Orchestrator to apply Route Maps using templates.

Route mapping is supported for the following protocols and the direction of those protocols:

  • Local, static to SD-WAN fabric

  • BGP, OSPF to SD-WAN fabric

  • SD-WAN fabric to BGP Outbound peers

  • Local, BGP, OSPF to BGP outbound peers

  • Local BGP Peers to EdgeConnect BGP sessions

The following table lists the routing protocols and the associated commands supported.

Command Redistribution Support BGP OSPF SD-WAN Local/Static
Match prefix Yes Yes Yes Yes Yes
Set metric Yes Yes Yes Yes Yes
Set tag Yes Yes Yes Yes Yes

You can specify up to 20 route maps per protocol per direction, 128 rules per route map, and six prefixes per rule. A route map without any enabled rules is treated as a default deny all.

Additionally, if a route map is not selected for BGP, OSPF, or SD-WAN redistribution points this is also considered a deny all. To advertise routes via one of the protocol intersections you must select a route map.

Import

Click Import to import route details from a CSV file into the selected appliance. Each row in the CSV file should contain values for the following fields in the exact order specified with commas to separate values:

  • Subnet

  • Mask Length

  • Metric

  • Is Local (no longer used; leave this value blank)

  • Advertise to Silver Peak Peers (no longer used; leave this value blank)

  • Advertise to BGP Peers (no longer used; leave this value blank)

  • Next Hop

  • Advertise to OSPF Neighbors (no longer used; leave this value blank)

  • Interface Name

  • Segment

  • Zone

NOTE: Do not include a header row in the CSV file. Also, do not add spaces after commas in rows.

The following lines illustrate what two rows in a CSV import file might look like:

10.1.0.0,16,50,,,,10.1.0.1,,lan0,Default
10.2.0.0,16,50,,,,,,,

Export

Click Export to save the contents of the Routes table to a CSV file.

Filter by Subnet

To filter the routes displayed in the Routes table by subnet, enter the subnet in the Filter by subnet field, and then click Apply.

Filter by Segment

To filter the routes displayed in the Routes table by segment:

  • Select Default from the Segment drop-down list to display for the system-supplied default segment, or

  • Select one of the other listed segments, which reflect the custom segments defined using Routing Segmentation (Configuration > Networking > Routing > Routing Segmentation (VRF)).

Select All to display for all segments, which is the default setting.

A Very Large Query Response pop-up will display if the number of the routes filtered exceeds 500,000. You can filter by subnet and/or segment, or you can cancel or continue waiting to help mitigate this issue.

NOTE: If the number of the routes filtered is greater than 500,000 the following pop-up will display.

img

Segment

The segments you have configured on the Routing Segmentation tab are listed in the Segment field. After you specify the segment, the Routes table displays only the routes belonging to that segment.

The following information is displayed for each route listed in the table:

Field Description
Appliance Name of the appliance.
Segment Routes displayed belonging to this segment.
Subnet/Mask Actual subnet to be shared or learned.
Next Hop Next hop IP address for the route. A maximum of 200 next-hops are supported per logical interface.
Interface Interface for outgoing traffic. Display only.
Zone Firewall zone associated with the route.
State Shows whether the route is up or down.
VXLAN Indicates if static VXLAN is configured (yes or no)
VNI Indicates the Virtual Network Identifier for the route.
VTEP peer MAC Indicates the MAC address for the VXLAN Tunnel End Point peer.
Metric Metric of the subnet. Value must be between 0 and 100. When a peer has more than one tunnel with a matching subnet (for example, in a high availability deployment), it chooses the tunnel with the lower numerical value.
Type Indicates one of the following route types:

Auto (System) – Automatically added subnets of interfaces on this appliance.

Auto (SaaS) – Automatically added subnets from SaaS services.

Added by user – Subnets manually added or configured on this appliance.

SP: Hostname – Subnets added by exchanging information with peer appliances. If the peer has learned the subnet from a remote BGP or OSPF peer, that information is appended.

<BGP peer Type>: <BGP peer ip> – Subnets added by exchanging information with local BGP peers.

OSPF: OSPF neighbor IP – Subnets added by exchanging information with local OSPF peers.

<BGP peer Type> EVPN: <BGP peer ip> – Subnets added by exchanging information with local EVPN enabled BGP peers.

OAP<device id>(STATIC) – Static subnets learned from ORO (Overlay Route Orchestrator).

OAP<device id>(DIRECT) – Direct (connected) subnets learned from ORO.

OAP<device id>(OSPF) – Subnets added by exchanging information with an OAP (Overlay Agent Protocol) OSPF neighbor.

OAP<device id>(EBGP) – Subnets added by ORO exchanging routing information with a router outside the company-wide network.

OAP<device id>(IBGP) – Subnets added by ORO exchanging routing information with a router inside the company-wide network.

OAP<device id>(BGP) – Subnets added by exchanging information with an OAP BGP peer in an external network.

OAP<device id>(IAP-VPN) – Instant Access Point subnets learned from ORO.

OAP<device id>(OVERLAY) – Subnets added by ORO.

OAP<device id>(RIP) – Routing Information Protocol subnets learned from ORO.

OAP<device id>(CFGSET) – BGW (branch gateway) subnets learned from ORO.
Nexthop Tunnel Next hop tunnel for the route.
Region Indicates the physical region where the appliance is located.
Advertise OSPF Tag to SD-WAN Fabric Shows whether an OSPF tag for the route is advertised to the SD-WAN fabric (yes or no).
SD-WAN Site ID Numeric ID used for advertising the route in the SD-WAN fabric.
Subnet Message Type Indicates the highest subnet version supported by the route.
Additional Info Indicates any tags for restricting route lookups:

Tag FROM LAN – Used to restrict route lookups to traffic arriving on a LAN–side interface.

Tag FROM WAN – Used to restrict route lookups to traffic arriving on a WAN–side interface.

NOTE: If the route is a BGP route and EVPN is enabled for the route, only the import route target (labeled “Route Target”) is displayed. The export route target is not displayed.
Comment Any additional information you would like to include.

To edit a route, select the edit icon in the Routes table.

Route Table Lookup Criteria

Each Route table has lookup criteria that is used in the following order:

  • Longest Prefix Match

  • Route Table admin distance of the source protocol (lower the better)

  • Metric (lower the better)

  • Use peer priority (if configured) as a tie-breaker

If there are two or more routes that match all the above criteria, use multiple routes.

Admin Distance Configuration

You can configure the admin distance by using the Admin Distance template on the Templates tab. The default settings in this template determine the most reliable route with the use of admin distance. See the table below for the various default admin distances per route type.

Route Type Default Admin Distance
Local 1
Subnet Shared - Static Routes 10
Subnet Shared - BGP Remote 15
Subnet Shared CFGSET 15
Subnet Shared IAPVPN 15
Subnet Shared - OSPF Remote 15
Subnet Shared Overlay 15
Subnet Shared RIP 15
eBGP 20
OAP BGP 25
OAP CFGSET 25
OAP Direct 25
OAP IAPVPN 25
OAP OSPF 25
OAP Overlay 25
OAP RIP 25
OAP Static 25
OSPF 110
iBGP 200

Navigate to the BGP and OSPF tabs for more information about applying or configuring your route maps.

Edit or Add Routes

The following table describes the elements in the Routes dialog box. They represent various features you can apply to your route.

Field Description
Automatically advertise local LAN subnets Indicates whether the system-created LAN subnets of your appliance should be advertised to your peers.
Automatically advertise local WAN subnets Indicates whether the system-created local WAN subnets of your appliance should be advertised to your peers.
Metric for automatically added routes Metric assigned to subnets of interfaces on this appliance. Specify a value from 0 to 100. The default value is 50. When a peer has more than one tunnel with a matching subnet (for example, in a high-availability deployment), it chooses the tunnel with the lower metric value.
Redistribute routes to SD-WAN fabric Route redistribution map for the SD-WAN fabric. Click the edit icon next to this field and specify the appropriate route redistribution map.
Filter routes from SD-WAN fabric with matching local ASN Indicates whether to filter routes from the SD-WAN fabric with matching local Autonomous System Number (ASN).
Include BGP local ASN to routes sent to SD-WAN fabric Indicates whether all routes must carry local ASN over subnet sharing to remote EdgeConnect peers.
Tag BGP communities to routes Send the specified communities with routes that are advertised to both SD-WAN fabric peers and BGP peers, if the routes are learned from any of the following source protocols:

Local/Static

SD-WAN (Local/Static)

SD-WAN (BGP)

SD-WAN (OSPF)

If you select this option, enter the BGP communities you want to be tagged in the field.
Communities BGP communities to share. A community must be a combination of two numbers (0 to 65535) separated by a colon. For multiple communities, use a comma to separate them. You can have up to nine communities per route shared with subnet sharing. Subnet sharing is the protocol used to exchange routes between EdgeConnect appliances across the SD-WAN fabric.
Use SD-WAN fabric learned routes Indicates whether to use SD-WAN fabric learned routes.
Enable Equal Cost Multi Path (ECMP) Indicates whether you want to enable Equal Cost Multi-Path routing support.

Add Routes

Use the Add Routes dialog box to add a user-defined route to an appliance’s route table.

  1. In the Routes dialog box, click Add Routes.

    The Add Route dialog box opens.

  2. Configure the following elements as needed.

    Field Description
    Subnet/Mask Subnet IP address and mask (for example, 4.4.4.4/32).
    Next Hop Next hop IP address for the route. If you specify a next hop, you cannot select a zone for the route. (Optional)
    Interface Interface for outgoing traffic. Click in the field and select the appropriate interface. If you specify an interface, you cannot select a zone for the route. (Optional)
    Zone Firewall zone to apply to the route. Select the appropriate firewall zone from the drop-down list. Initially, this field is set to Default. If you specify a next hop or an interface, you cannot select a zone for the route; the field automatically sets to None and cannot be changed. (Optional)
    Metric Metric for the subnet. Specify a value from 0 to 100. When a peer has more than one tunnel with a matching subnet (for example, in a high-availability deployment), it chooses the tunnel with the lower metric value. The default value is 50.
    Tag Tag for restricting route lookups. It is primarily used to filter routes from being redistributed in a routing loop. Select one of the following options from the drop-down list:

    ANY – Allows route lookups for traffic arriving on a LAN-side or WAN-side interface.

    FROM_LAN – Restricts route lookups to traffic arriving on a LAN-side interface.

    FROM_WAN – Restricts route lookups to traffic arriving on a WAN-side interface.
    Comments Additional information you want to provide about this route. (Optional)
  3. Click Add.

Import Subnets

Do the following to import route details from a CSV file into the selected appliance.

  1. Click Choose File.

  2. Locate and select the CSV file on your local machine, and then click Open.

  3. Click Import.

    Orchestrator imports the information from the selected file and the Routes table displays new or updated route details.

SD-WAN Fabric Route Redistribution Maps

Route Maps are policies applied to IP routes during redistribution between routing protocols. They have Match Criteria and Set Actions that allow for filtering routes or modifying metrics and attributes for routes that meet the criteria defined in the match statement. Route-map rules follow a top-down order based on the sequence number defined for each entry.

EdgeConnect Enterprise supports applying Route Maps inbound from and outbound to BGP peers and outbound to OSPF neighbors and the SD-WAN Fabric. It is best practice to use Orchestrator to apply Route Maps using templates.

You can specify up to 20 SD-WAN route maps and 128 rules per route map.

You can specify up to 6 comma separated prefixes for each rule applied to a route map.

You can add, delete, rename, or clone route maps using this window. You can add rules to your route map by clicking Add Rule. A route map without any enabled rules is treated as a default deny all.

Prefix Match Criteria

The default for prefix match criteria is exact-match + greater-than. Both the specified prefix and any subnets of that prefix will be matched, up to a length of 32 for IPv4 or 128 for IPv6 (subnet sharing route maps only).

Less-than-or-equal-to (LE) and greater-than-or-equal-to (GE) clauses can also be applied to specify the inclusion of certain subnets.

To match a default-route, deny 0.0.0.0/1, deny 128.0.0.0/1, and then permit any.

GE Clause

If a GE clause is applied, the rule will also include all prefixes that have a prefix length greater than or equal to the GE value and less than or equal to 32 or 128 (for IPv6).

Example: A.B.C.D/X GE Y

In this example the following will be included:

  • The exact match to A.B.C.D/X

  • All the prefixes that belong to the subnet A.B.C.D/X that have a length greater than or equal to Y and less than or equal to 32

For example, you have a route map entry of 192.168.0.0/16 GE 24, and a peer advertises the following prefixes:

  • 192.168.0.0/16

  • 192.168.1.0/24

  • 192.168.2.0/25

  • 192.168.2.128/25

192.168.0.0/16 – The prefix length is 16, which is not greater than or equal to 24. This route does not match.

192.168.1.0/24 – The prefix length is 24, which is equal to the specified value. Therefore, this route matches the condition.

192.168.2.0/25 – The prefix length is 25, which is greater than or equal to 24. Therefore, this route matches the condition.

192.168.2.128/25 – The prefix length is 25, which is greater than or equal to 24. Therefore, this route also matches the condition.

So, the routes that would be matched by the given route map entry are:

  • 192.168.1.0/24

  • 192.168.2.0/25

  • 192.168.2.128/25

LE Clause

If an LE clause is applied, the rule will also include all prefixes that have a prefix length less than or equal to the LE value.

Example: A.B.C.D/X LE Y

In this example the following will be included:

  • The exact match to A.B.C.D/X

  • All the prefixes that belong to the subnet A.B.C.D/X that have a length greater than or equal to X and less than or equal to 32

  • All the prefixes that belong to the subnet A.B.C.D/X that have a length less than or equal to Y

For example, you have a route map entry of 192.168.0.0/16 LE 24, and a peer advertises the following prefixes:

  • 192.168.0.0/16

  • 192.168.1.0/24

  • 192.168.2.0/25

  • 192.168.2.128/25

192.168.0.0/16 – The prefix length is 16, which is less than or equal to 24. This route matches.

192.168.1.0/24 – The prefix length is 24, which is equal to the specified value. This route matches.

192.168.2.0/25 – The prefix length is 25, which is not less than or equal to 24. This route does not match.

192.168.2.128/25 – The prefix length is 25, which is not less than or equal to 24. This route does not match.

So, the routes that would be matched by the given route map entry are:

  • 192.168.0.0/16

  • 192.168.1.0/24

Combining LE and GE Clauses

Example: A.B.C.D/X LE Y GE Z

In this example the following will be included:

  • The exact match to A.B.C.D/X

  • All the prefixes that belong to the subnet A.B.C.D/X that have a length less than or equal to Y

  • All the prefixes that belong to the subnet A.B.C.D/X that have a length greater than or equal to Z and less than or equal to 32

Exact Match

If both GE and LE clauses are specified and are equal, the rule will result in an exact match.

Example: A.B.C.D/X LE Y GE Y

In this example, the following will be included:

  • The exact match to A.B.C.D/X

  • The exact match to the subnet A.B.C.D/X that has a length equal to Y

You can specify the following fields in each rule for the selected route map.

Priority

Field Description
Priority If you are using Orchestrator templates to add rules, Orchestrator will delete all entries from 1000 – 9999 before applying its policies.

You can create rules with higher priority than Orchestrator rules (1 – 999) and rules with lower priority (10000 – 19999 and 25000 – 65534).

NOTE: The priority range from 20000 to 24999 is reserved for Orchestrator.

When adding a rule, the priority is incremented by 10 from the previous rule. The priority can be changed, but this default behavior helps to ensure you can insert new rules without having to change subsequent priorities.

Select Match Criteria

Source Protocol Complete the Following Fields (based on protocol selected)
Local/Static Prefix + optional LE/GE parameters
BGP Prefix + optional LE/GE parameters

BGP Communities
OSPF Prefix + optional LE/GE parameters

OSPF Tag
ANY Prefix + optional LE/GE parameters

OSPF Tag

BGP Communities
OAP-BGP Prefix + optional LE/GE parameters

BGP Communities
OAP-OSPF Prefix + optional LE/GE parameters

OSPF Tag
OAP-CFGSET Prefix + optional LE/GE parameters
OAP-RIP Prefix + optional LE/GE parameters
OAP-OVERLAY Prefix + optional LE/GE parameters
OAP-IAPVPN Prefix + optional LE/GE parameters
OAP-STATIC Prefix + optional LE/GE parameters
OAP-DIRECT Prefix + optional LE/GE parameters

NOTE: The above fields in the right column will change depending on the source protocol chosen.

Set Actions

Field Description
Permit Enable or disable. This setting allows or denies the route map.
OSPF Tag Value of OSPF tag to set in routing information sent to destination.

NOTE: This field is displayed only if Source Protocol is set to OSPF or OAP OSPF.
Metric Metric for the route.
Comment Comment you want to include.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America