Route Map

Route maps provide a powerful and flexible mechanism for controlling route redistribution, filtering, and attribute manipulation in NX-OS routing policies through ordered sequences of match and set clauses. Each route map entry defines permit or deny actions with match criteria based on prefix lists, AS paths, community values, interfaces, metrics, tags, and route types, combined with set actions for modifying attributes like next-hop, local preference, metric, community, and weight. Route maps are essential for implementing complex routing policies across BGP, OSPF, IS-IS, and static route redistribution scenarios.

Diagram

Classes

configuration (nxos.devices)

Name	Type	Constraint	Mandatory	Default Value
route_maps	List	`[route_maps]`	No

route_maps (nxos.devices.configuration)

Name	Type	Constraint	Mandatory
name	String		Yes
pbr_statistics	Boolean	`true`, `false`	No
entries	List	`[entries]`	No

entries (nxos.devices.configuration.route_maps)

Name	Type	Constraint	Mandatory	Default Value
order	Integer	min: `0`, max: `65535`	Yes
action	Choice	`permit`, `deny`	No
description	String		No
drop_on_fail_v4	Boolean	`true`, `false`	No
drop_on_fail_v6	Boolean	`true`, `false`	No
force_order_v4	Boolean	`true`, `false`	No
force_order_v6	Boolean	`true`, `false`	No
load_share_v4	Boolean	`true`, `false`	No
load_share_v6	Boolean	`true`, `false`	No
set_default_next_hop_v4	Boolean	`true`, `false`	No
set_default_next_hop_v6	Boolean	`true`, `false`	No
set_vrf_v4	Boolean	`true`, `false`	No
set_vrf_v6	Boolean	`true`, `false`	No
verify_availability_v4	Boolean	`true`, `false`	No
verify_availability_v6	Boolean	`true`, `false`	No
match_ip_prefix_list	String		No
match_tags	List	Integer[min: `0`, max: `4294967295`]	No
set_community	String		No
set_community_additive	Boolean	`true`, `false`	No	`false`
set_community_none	Boolean	`true`, `false`	No	`false`
set_community_criteria	Choice	`none`, `append`, `replace`, `igp`, `pre-bestpath`	No	`none`

Examples

Example 1: Simple route map to tag loopback routes redistributed into BGP with a community value

nxos:
  devices:
    - name: SPINE1
      configuration:
        route_maps:
          - name: RM-LOOPBACKS-OUT
            entries:
              - order: 10
                action: permit
                description: "Match loopback prefixes and set community"
                match_ip_prefix_list: PL-LOOPBACKS
                set_community: "65000:100"

Example 2: Route map with multiple entries for BGP peer policy — permit specific prefixes with different community treatments

nxos:
  devices:
    - name: LEAF1
      configuration:
        route_maps:
          - name: RM-TENANT-EXPORT
            entries:
              - order: 10
                action: permit
                description: "Tag tenant subnet routes with community"
                match_ip_prefix_list: PL-TENANT-NETS
                set_community: "65000:1010"
                set_community_criteria: replace
              - order: 20
                action: permit
                description: "Allow default route with additive community"
                match_ip_prefix_list: PL-DEFAULT-ONLY
                set_community: "65000:9999"
                set_community_additive: true
              - order: 30
                action: deny
                description: "Deny all other prefixes"

Example 3: Multiple route maps on a border leaf for inbound/outbound BGP filtering, tag-based matching, and PBR statistics

nxos:
  devices:
    - name: BORDER-LEAF1
      configuration:
        route_maps:
          # Inbound policy from external BGP peer
          - name: RM-EXTERNAL-IN
            entries:
              - order: 10
                action: permit
                description: "Accept external routes and tag with community"
                match_ip_prefix_list: PL-EXTERNAL-PREFIXES
                set_community: "65000:500"
                set_community_criteria: replace
              - order: 20
                action: deny
                description: "Implicit deny all other inbound routes"
          # Outbound policy to external BGP peer
          - name: RM-EXTERNAL-OUT
            entries:
              - order: 10
                action: permit
                description: "Advertise loopbacks to external peer"
                match_ip_prefix_list: PL-LOOPBACKS
                set_community: "65000:100"
                set_community_additive: true
              - order: 20
                action: permit
                description: "Advertise tenant subnets with tag 1000"
                match_tags:
                  - 1000
                set_community: "65000:200"
              - order: 30
                action: deny
                description: "Block everything else outbound"
          # PBR route map for traffic steering
          - name: RM-PBR-STEERING
            pbr_statistics: true
            entries:
              - order: 10
                action: permit
                description: "Steer matched traffic to firewall"
                match_ip_prefix_list: PL-FIREWALL-REDIRECT
                set_default_next_hop_v4: true