Route maps are the bane of many people studying for certification exams. I think the reason for this lies in the way route maps are designed. They’re a little bit backward when compared with more common features, like access lists. Why do I consider them backward? Let’s take a look.
An access list lists the function of each entry in the entry itself. For example, this line permits any IP packet from any source to any destination:
access-list 101 permit ip any any
The syntax is pretty straightforward and self-documenting. Access list 101 permits IP packets from anywhere to anywhere. Simple!
In contrast, a route map written to accomplish the same thing might look like this:
route-map GAD permit 10 match ip address 101
To determine what the route map is for, you have to see what access list 101 is doing, then figure out how the route map is applying it. This route map also permits any IP packet from any source to any destination, but unlike with the access list above, its purpose is not obvious.
Why add a route map to an already simple access list? First, there are instances where an access list is not directly available for use. BGP, for example, makes use of route maps, and, in many cases, does not support direct application of access lists. Second, route maps are far more flexible than access lists. They allow you to match on a whole list of things that access lists cannot:
route-map GAD permit 10R1(config-route-map)#
match ?as-path Match BGP AS path ...