Default Routing Policies

 

If an incoming or outgoing route or packet arrives and there is no explicitly configured policy related to the route or to the interface upon which the packet arrives, the action specified by the default policy is taken. A default policy is a rule or a set of rules that determine whether the route is placed in or advertised from the routing table, or whether the packet is accepted into or transmitted from the router interface.

You must be familiar with the default routing policies to know when you need to modify them to suit your needs. Table 1 summarizes the default routing policies for each routing protocol that imports and exports routes. The actions in the default routing policies are taken if you have not explicitly configured a routing policy. This table also shows direct and explicitly configured routes, which for the purposes of this table are considered a pseudoprotocol. Explicitly configured routes include aggregate, generated, and static routes.

Table 1: Default Import and Export Policies for Protocols

Importing or Exporting Protocol

Default Import Policy

Default Export Policy

BGP

Accept all received BGP IPv4 routes learned from configured neighbors and import into the inet.0 routing table. Accept all received BGP IPv6 routes learned from configured neighbors and import into the inet6.0 routing table.

Readvertise all active BGP routes to all BGP speakers, while following protocol-specific rules that prohibit one IBGP speaker from readvertising routes learned from another IBGP speaker, unless it is functioning as a route reflector.

DVMRP

Accept all DVMRP routes and import into the inet.1 routing table.

Accept and export active DVMRP routes.

IS-IS

Accept all IS-IS routes and import into the inet.0 and inet6.0 routing tables. More information is available here: import (Protocols IS-IS)

Reject everything. (The protocol uses flooding to announce local routes and any learned routes.)

LDP

Accept all LDP routes and import into the inet.3 routing table.

Reject everything.

MPLS

Accept all MPLS routes and import into the inet.3 routing table.

Accept and export active MPLS routes.

OSPF

Accept all OSPF routes and import into the inet.0 routing table. (You cannot override or change this default policy.)

Reject everything. (The protocol uses flooding to announce local routes and any learned routes.)

PIM dense mode

Accept all PIM dense mode routes and import into the inet.1 routing table.

Accept active PIM dense mode routes.

PIM sparse mode

Accept all PIM sparse mode routes and import into the inet.1 routing table.

Accept and export active PIM sparse mode routes.

Pseudoprotocol:

  • Direct routes

  • Explicitly configured routes:

    • Aggregate routes

    • Generated routes

    • Static routes

Accept all direct and explicitly configured routes and import into the inet.0 routing table.

The pseudoprotocol cannot export any routes from the routing table because it is not a routing protocol.

Routing protocols can export these or any routes from the routing table.

RIP

Accept all RIP routes learned from configured neighbors and import into the inet.0 routing table.

Reject everything. To export RIP routes, you must configure an export policy for RIP.

RIPng

Accept all RIPng routes learned from configured neighbors and import into the inet6.0 routing table.

Reject everything. To export RIPng routes, you must configure an export policy for RIPng.

Test policy

Accept all routes. For additional information about test policy, see Example: Testing a Routing Policy with Complex Regular Expressions.

OSPF and IS-IS Import Policies

For OSPF, import policies apply to external routes only. An external route is a route that is outside the OSPF autonomous system (AS). For internal routes (routes learned from OSPF), you cannot change the default import policy for OSPF. As link-state protocols, IS-IS and OSPF exchange routes between systems within an autonomous system (AS). All routers and systems within an AS must share the same link-state database, which includes routes to reachable prefixes and the metrics associated with the prefixes. If an import policy is configured and applied to IS-IS or OSPF, some routes might not be learned or advertised or the metrics for learned routes might be altered, which would make a consistent link-state database impossible.

The default export policy for IS-IS and OSPF protocols is to reject everything. These protocols do not actually export their internally learned routes (the directly connected routes on interfaces that are running the protocol). Both IS-IS and OSPF protocols use a procedure called flooding to announce local routes and any routes learned by the protocol. The flooding procedure is internal to the protocol, and is unaffected by the policy framework. Exporting can be used only to announce information from other protocols, and the default is not to do so.

Automatic Export

For Layer 3 VPNs, the automatic export feature can be configured to overcome the limitation of local prefix leaking and automatically export routes between local VPN routing and forwarding (VRF) routing instances.

In Layer 3 VPNs, multiple CE routers can belong to a single VRF routing instance on a PE router. A PE router can have multiple VRF routing instances. In some cases, shared services might require routes to be written to multiple VRF routing tables, both at the local and remote PE router. This requires the PE router to share route information among each configured VRF routing instance. This exchange of route information is accomplished with custom vrf-export and vrf-import policies that utilize BGP extended community attributes to create hub-and-spoke topologies. This exchange of routing information, such as route prefixes, is known as prefix leaking.

The automatic export feature leaks prefixes between VRF routing instances that are locally configured on a given PE router. The automatic export feature is enabled by using the auto-export statement.

Automatic export is always applied on the local PE router, because it takes care of only local prefix leaking by evaluating the export policy of each VRF and determining which route targets can be leaked locally. The standard VRF import and export policies still affect only the remote PE prefix leaking.

If the vrf-export policy examined by the automatic export does not have an explicit then accept action, the automatic export essentially ignores the policy and, therefore, does not leak the route targets specified within it.