[Technical Insights] Comparison of Route-Map Applications and Considerations in Redistribution and Policy-Routing

一、deny 语句的核心区别  I. The core differences of the deny statement

🔁 重分发 (Redistribute)
🔁重分发 (Redistribute)
route-map 中的 deny 语句如果匹配：
If the deny statement in the route-map matches:
→ 匹配的路由条目将不被重分发（彻底阻止注入）
→ Matching route entries will not be redistributed (completely preventing injection).

🎯 策略路由 (PBR)  🎯 Policy Routing (PBR)
route-map 中的 deny 语句如果匹配：
If the deny statement in the route-map matches:
→ 不再做策略路由，而是交由正常路由表转发（“放手”行为）
→ Instead of policy-based routing , forwarding is handled by the normal routing table (a “hands-off” behavior).

二、默认的 deny all 规则
II. The default “deny all” rule

route-map 与 access-list 一样，末尾都有隐含的 deny all
Like access-list, route-maps also implicitly end with “deny all”.
→ 未匹配任何 permit 的流量/路由，最终都会被拒绝或转入普通转发
→ Traffic/routes that do not match any permits will eventually be rejected or redirected to normal forwarding.

三、route-map 语句号的注意事项

1. 自动编号规则  1. Automatic numbering rules
编辑时如不注明 permit xx，第一句默认为 permit 10
If no permit xx is specified when editing, the first line will default to permit 10.

等效于：  Equivalent to:

2. 删除条目的陷阱（极易犯错）  2. The pitfalls of deleting entries (easily mistaken)
❌ 错误： no route-map cracker      → 删除整个 route-map
✅ 正确： no route-map cracker 20   → 仅删除第20条
‘Correct: no route-map cracker 20 → Delete only route 20′

四、match 语句的逻辑关系  IV. Logical Relationships in the MATCH Statement

◆ 同一语句下的多个 match → “与”关系（必须同时满足）
◆ Multiple `match` statements within the same clause: AND operation (both conditions must be met simultaneously)

→ 只有同时匹配地址和包大小才执行 set
→ The `set` command is executed only if both the address and packet size are matched.

◆ 不同语句之间 → “或”关系（顺序匹配，命中即退出）
◆ OR relationship between different statements (sequential matching, exits upon matching)

→ 按顺序匹配，一旦命中某条就跳出  → Match in sequence, exit once a match is found.

五、策略路由（Policy Routing）详解

【铁律：策略路由只能用在路由器的入接口上】  [Ironclad rule: Policy-based routing can only be used on the router’s ingress interfaces]

配置示例：  Configuration example:

效果说明：  Effect description:
✅ 6网段 → 转发至 172.16.1.1
☐6 network segment → Forwarded to 172.16.1.1
✅ 7网段 → 转发至 172.16.1.2
7 network segment → Forwarded to 172.16.1.2
⚠️ 8网段（无匹配） → 交给正常路由表转发（通常负载分担）
ﺍ8 network segment (no match) → Handed over to normal routing table for forwarding (usually load balancing)

策略路由的扩展应用：
• 匹配包大小：小包走低时延链路，大包走高带宽（保护语音）
• Matching packet size: Small packets use low-latency links, large packets use high-bandwidth links (to protect voice).
• 匹配协议类型：HTTP、FTP、Telnet、BT 区别对待
• Matching protocol types: HTTP, FTP, Telnet, BT will be treated differently.
• 匹配七层特征：如特定网址走高带宽链路
• Matching seven layers of features: such as specific URLs using high-bandwidth links

六、route-map 在重分发中的应用  VI. Application of route-map in redistribution

典型场景：精确控制哪些路由可以被分发进目标协议

示例1（拒绝特定网段）：

→ 效果：10.1.0.0/16 不会被重分发进 OSPF
→ Result: Version 10.1.0.0/16 will not be redistributed into OSPF.

示例2（只放行特定路由）：

→ 由于末尾隐含 deny all，仅 172.16.0.0/16 被重分发
→ Due to the implicit “deny all” at the end, only 172.16.0.0/16 was redistributed.

七、核心区别一览表  VII. Summary of Key Differences

八、生产环境避坑指南  VIII. Guidelines for Avoiding Pitfalls in the Production Environment

⚠️ 语句号管理： 删除特定条目时务必加上序号，否则整张 route-map 会被清除
• Statement number management: Always include a sequence number when deleting a specific entry; otherwise, the entire route map will be deleted.
⚠️ 隐含 deny： 未匹配 permit 的路由/流量最终都会被拒绝或走普通转发
Implicit deny: Routes/traffic that do not match the permit will ultimately be rejected or routed via normal forwarding.
⚠️ PBR 仅入向生效： 不要在出接口调用策略路由，不会生效
PBR only applies to inbound traffic: Do not call policy routing on outbound interfaces, as it will not take effect.
⚠️ ACL 默认 deny： route-map 引用的 ACL 也默认拒绝，注意双倍过滤风险
ACLs default to deny: ACLs referenced by route-maps also default to denying; be aware of the risk of double filtering.