Using BGP Communities

Posted on Updated on

A BGP community is a 32-bit number that can be attached to a prefix and sent to other ASs. It is transitive (any BGP router will pass it, whether or not it understands what to do with it) and optional (it does not need to be set).
In this article I want to talk about four community value that are mostly used.

CCIE_Topology_BGP

Well-known Communities

The following well-known communities are most used in BGP autonomous systems:

  • Local-AS (local_as): means this route is local to this confederation sub-AS.
  • No-Advertise (no_advert): means this route is local to this router. It cannot be advertised (not even to iBGP peers).
  • No-Export (no_export): means this route should not be advertised outside this AS. Such routes are distributed to iBGP neighbors only. Peers in the same AS but different sub-confederations are treated as iBGP peers
  • Internet : means this route is a public route. No action is associated with this community value.

You would apply these communities to a route by using a route-map. Here is an example scenario.

Udemy-CCNP ROUTE-Ad

BGP Communities Sample Scenario

In the above topology R08 receives some routes from AS 13.

  1. Our network should have reachability to networks in AS 13
  2. Our network should not be used as a transit network to reach to AS 13
  3. AS 12 should only be reachable to sub-AS 50124 (VLAN 124)
  4. BB1’s loopback 111 should be reachable by R03 but not other routers.

no-export Community Value

For the first part of our scenario we need to add no-export community to the route. This way, every BGP router in our network (in every confederation) will receive AS 13 routes but they will not export them to AS 11 or 12.
I will need to set this community right on R08. These are the routes received in R08:

R08#sh ip bgp
BGP table version is 6, local router ID is 110.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 131.131.131.0/24 138.138.138.13           0             0 13 i
*> 132.132.132.0/24 138.138.138.13           0             0 13 i
*> 133.133.133.0/24 138.138.138.13           0             0 13 i

I write a route-map and assign it to BB3. Since every route is going to receive this community value, I do not need to filter them out, so no matching is necessary.

R08(config)#route-map NO_EXPORT_AS13_ROUTES permit 10
R08(config-route-map)#set community no-export 

This route-map should be added to BB3 neighbor definition inbound, since I receive them from BB3:

R08(config-route-map)#router bgp 50078
R08(config-router)#nei 138.138.138.13 route-map NO_EXPORT_AS13_ROUTES in

A soft reconfiguration and then I check routes:

R08(config-router)#do clear ip bgp * soft
R08(config-router)#do sh ip bgp 131.131.131.0
BGP routing table entry for 131.131.131.0/24, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
  Advertised to update-groups:
        2    3
  13
    138.138.138.13 from 138.138.138.13 (133.133.133.133)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: no-export

The community is added. I need to add send-community capability to every neighbor, otherwise they will not receive this community. Every router in my BGP network needs to have this capability. Here is the configuration command for R08:

R08(config-router)#nei 110.4.4.4 send-community  
R08(config-router)#nei 110.7.7.7 send-community 

Now I soft-reconfigure other neighbors and check routes on them. Here is the result on R04:

R04#sh ip bgp 131.131.131.0
BGP routing table entry for 131.131.131.0/24, version 8344
Paths: (2 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x880
  Advertised to update-groups:
        2
  (50078) 13
    138.138.138.13 (metric 284160) from 110.2.2.2 (110.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, confed-internal, best
      Community: no-export
  (50078) 13
    138.138.138.13 (metric 284160) from 110.8.8.8 (110.8.8.8)
      Origin IGP, metric 0, localpref 100, valid, confed-external
      Community: no-export
R04#
R04#        
R04#
R04#sh ip bgp nei 124.124.124.12 adv
Total number of prefixes 0 

You can see that non of these routes are advertised to BB2 (AS 12). Requirements in part 1 and 2 are met. Lets’s go for part 3.

local-as Community Value

R04 need to add local-as community value to the routes received from BB2. Again I assign a route-map to BB2’s neighbor definition and since all routes are subject to receive this value I need no match clause:

R04(config)#route-map LOCAL_AS_AS12_ROUTES permit 10
R04(config-route-map)#set community local-AS

And the assignment and soft-reconfiguration:

R04(config-route-map)#router bgp 50124
R04(config-router)#nei 124.124.124.12 route-map LOCAL_AS_AS12_ROUTES in
R04(config-router)#
R04(config-router)#
R04(config-router)#do clear ip bgp * soft

Now I check the routes:

R04(config-router)#do sh ip bgp 121.121.121.0
BGP routing table entry for 121.121.121.0/24, version 8350
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS)
Flag: 0x880
  Advertised to update-groups:
        3
  12
    124.124.124.12 from 124.124.124.12 (124.124.124.12)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: local-AS

On other routers:

R07#sh ip bgp 121.121.121.0
% Network not in table

Although R07 is in the same AS with R04, they are in different sub-AS and local-as attribute is in effect now. Part 3 done!

no-advertise Community Value

BB1 advertises 2 routes (111.111.111.0/24 and 112.112.112.0/24) and the forst one should be local to R03. So I need to add no-advertise attribute to this route using a route-map. A prefix-list is used to filter out the lo111 route:

R03(config)#ip prefix-list BB1_LO111 permit 111.111.111.0/24
R03(config)#route-map NO_ADVERTISE_BB1_LO111 permit 10
R03(config-route-map)#match ip address prefix BB1_LO111
R03(config-route-map)#set community no-advertise
R03(config-route-map)#route-map NO_ADVERTISE_BB1_LO111 permit 1000
R03(config-route-map)#
R03(config-route-map)#
R03(config-route-map)#router bgp 50356
R03(config-router)#nei 113.113.113.11 route-map NO_ADVERTISE_BB1_LO111 in
R03(config-router)#
R03(config-router)#do clear ip bgp * soft

I check the result on R03:

R03(config-router)#do sh ip bgp 111.111.111.0
BGP routing table entry for 111.111.111.0/24, version 16
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to any peer)
Flag: 0x880
  Not advertised to any peer
  11
    113.113.113.11 from 113.113.113.11 (112.112.112.112)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: no-advertise
R03(config-router)#
R03(config-router)#do sh ip bgp 112.112.112.0
BGP routing table entry for 112.112.112.0/24, version 14
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
        1    2
  11
    113.113.113.11 from 113.113.113.11 (112.112.112.112)
      Origin IGP, metric 0, localpref 100, valid, external, best

111.111.111.0/24 has no-advertise community but 112.112.112.0/24 does not. I can see that only one route is advertised to other routers using the following command:

R03(config-router)#do sh ip bgp nei 110.5.5.5 advertised-routes
BGP table version is 16, local router ID is 110.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 112.112.112.0/24 113.113.113.11           0             0 11 i

Total number of prefixes 1

All requirements met! Ask any question about this article in the comments section and I will be more than happy to reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s