route-policy [name] [in|out]
Applies a route-policy to filter or modify BGP routes on incoming or outgoing updates for a specific address family.
Overview
The route-policy command in Cisco IOS-XR is a powerful tool used within BGP address family configuration to control the flow of routing information. It allows network engineers to filter, modify, or tag BGP routes as they are received from or sent to BGP neighbors. This command is essential for implementing routing policies such as prefix filtering, attribute manipulation (e.g., local preference, MED, communities), and route redistribution control. In IOS-XR, route-policies are defined separately using the route-policy configuration construct and can contain complex conditional logic, making them more flexible than traditional route-maps. The command is applied under the address family configuration mode (e.g., address-family ipv4 unicast) and can be used for both inbound (in) and outbound (out) directions. When used for inbound policies, it filters or modifies routes before they enter the BGP table; for outbound, it affects routes before they are advertised to peers. This command is critical in troubleshooting scenarios where route propagation issues arise, as misconfigured policies can lead to missing routes or suboptimal routing. Understanding how to apply and verify route-policies is fundamental for CCNP-level BGP configuration.
route-policy <policy-name> [in | out]When to Use This Command
- Filtering incoming BGP routes from a specific neighbor to only accept prefixes matching a prefix-set.
- Setting BGP community values on outbound routes to influence routing decisions in upstream networks.
- Implementing local preference manipulation for inbound routes to control best path selection.
- Applying QoS marking or traffic-index policies based on BGP attributes before redistributing routes.
Parameters
| Parameter | Syntax | Description |
|---|---|---|
| policy-name | WORD | The name of the route-policy to apply. This policy must be defined in the configuration using the 'route-policy' top-level command. The policy can contain match conditions and actions. |
| direction | in | out | Specifies whether the policy applies to incoming (in) or outgoing (out) BGP updates. 'in' filters/modifies routes received from neighbors; 'out' affects routes sent to neighbors. |
Command Examples
Apply inbound route-policy to filter prefixes
route-policy FILTER-PREFIXES inThis command applies the route-policy named FILTER-PREFIXES to all incoming BGP updates under the current address family configuration. No direct output is shown; use 'show bgp' to verify.
Apply outbound route-policy to set community
route-policy SET-COMMUNITY outThis applies the route-policy SET-COMMUNITY to all outgoing BGP updates. The policy will modify routes before sending them to neighbors.
Understanding the Output
The route-policy command itself does not produce output. Instead, its effects are observed through BGP table and neighbor commands. After applying a route-policy, use 'show bgp' to see filtered or modified routes. For inbound policies, routes that are denied will not appear in the BGP table. For outbound policies, use 'show bgp neighbors <ip> advertised-routes' to see the routes after policy application. The 'show bgp policy' command can display the policy statistics, including number of routes accepted, rejected, or modified. Healthy operation shows expected counts; problems appear as unexpected drops or missing routes.
Configuration Scenarios
Filtering Inbound Prefixes
An ISP wants to accept only specific prefixes from a customer to prevent route leaks.
Topology
ISP-Router --- Customer-RouterSteps
- 1.Define a prefix-set with allowed prefixes.
- 2.Create a route-policy that passes only matching prefixes.
- 3.Apply the route-policy inbound under the BGP address family.
!
prefix-set ALLOWED-PREFIXES
10.0.0.0/8 le 24,
192.168.0.0/16 le 24
end-set
!
route-policy FILTER-IN
if destination in ALLOWED-PREFIXES then
pass
else
drop
endif
end-policy
!
router bgp 65000
address-family ipv4 unicast
neighbor 10.1.1.1
route-policy FILTER-IN in
!
!Verify: Use 'show bgp neighbors 10.1.1.1 routes' to see received routes after policy; only allowed prefixes should appear.
Watch out: If the prefix-set is empty or incorrect, all routes may be dropped, causing loss of connectivity.
Setting Community on Outbound Routes
An enterprise wants to tag routes with community 100:200 before advertising to a partner.
Topology
Enterprise-Router --- Partner-RouterSteps
- 1.Create a route-policy that sets community on all outbound routes.
- 2.Apply the policy outbound under the BGP address family.
!
route-policy SET-COMM
set community (100:200)
pass
end-policy
!
router bgp 65001
address-family ipv4 unicast
neighbor 10.2.2.2
route-policy SET-COMM out
!
!Verify: Use 'show bgp neighbors 10.2.2.2 advertised-routes' to verify community is set.
Watch out: If the route-policy does not include a 'pass' statement, routes may be dropped instead of modified.
Troubleshooting with This Command
When troubleshooting route-policy issues on Cisco IOS-XR, start by verifying that the route-policy is correctly applied using 'show running-config router bgp' under the relevant address family. If routes are missing, check the policy logic: use 'show bgp policy statistics' to see how many routes were accepted, rejected, or modified. For inbound policies, examine the BGP table with 'show bgp' to see if expected routes are present. If a route is missing, check the prefix-set or match conditions. For outbound policies, use 'show bgp neighbors <ip> advertised-routes' to see what is being sent. If routes are not advertised, ensure the policy does not drop them inadvertently. Common issues include incorrect direction (in vs out), missing 'pass' statements, or syntax errors in the policy. Use 'show bgp neighbors <ip> received routes' to see raw received routes before policy application. Also, check BGP session state; a misconfigured policy can cause session reset if it triggers an error. Use 'debug bgp update' with caution to see real-time policy application. In IOS-XR, route-policies are compiled; use 'show route-policy' to verify the policy is valid. If changes are made, remember to commit.
CCNA Exam Tips
Remember that route-policy is applied per address family, not globally under router bgp.
In CCNP exams, know that route-policy uses 'if' and 'then' logic; 'in' applies to received routes, 'out' to sent routes.
Be aware that route-policy can be used with 'pass' or 'drop' statements; 'drop' silently discards routes.
Common Mistakes
Applying route-policy in the wrong direction (in vs out) causing unintended filtering.
Forgetting to commit the configuration after applying the route-policy, leading to no effect.
Using a route-policy that does not exist or has syntax errors, causing the BGP session to reset.
Platform Notes
In Cisco IOS-XR, route-policies are more powerful than IOS route-maps, supporting nested if-then-else, Boolean operators, and parameterization. Unlike IOS, IOS-XR requires explicit 'pass' or 'drop' actions; there is no implicit permit/deny. The route-policy command is applied per address family, not per neighbor globally. In IOS, the equivalent is 'neighbor <ip> route-map <name> in|out' under router bgp. In IOS-XR, the command is 'route-policy' under the neighbor address family configuration. Also, IOS-XR uses a commit model; changes are not active until committed. For NX-OS, the equivalent is 'neighbor <ip> route-map <name> in|out' under address family. Version differences: In IOS-XR 6.0+, route-policies support 'community' and 'extcommunity' actions with set operations. Always check the specific version documentation for supported features.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions