Tip
This is the documentation for the 21.07 version. Looking for the documentation of the latest version? Have a look here.
BGP Community Lists¶
A BGP community, as defined in RFC 1997, is a group of destinations which share common properties. Community Lists define sets of community attributes which the BGP daemon can use to match or set community values in routing updates. BGP communities determine AS membership and priority values in BGP-specific contexts such as route-maps.
The order of entries inside a Community List is important, and this order is determined by a sequence number.
BGP Well-Known Communities¶
There are several “well-known” communities available for use in Community Lists. Each of these communities have special meanings:
- internet:
A community value of
0
, indicating the Internet as a destination.- no-export:
Routes received carrying this attribute value must not be exported to routers outside of the current confederation.
- no-advertise:
Routes received carrying this attribute value must not be advertised to any other BGP peer.
- local-as:
Also known as “No Export Subconfed”. Routes received carrying this attribute value must not be advertised to any external BGP peer, even those in the same confederation.
- blackhole:
Routes received carrying this attribute should not be routed (e.g. null routed).
- graceful-shutdown:
Indicates support for RFC 8326 Graceful Shutdown, which allows BGP routers to indicate to peers that specific paths can be gracefully shut down rather than abruptly terminated when performing an intentional shutdown.
- no-peer:
Indicates that routes with this community value should not be readvertised to peers (RFC 3765).
BGP Community List Configuration¶
To create a new Community List, from config-frr-bgp
mode, use the
community-list <name> (standard|expanded) [normal|extended|large]
command, with the following parameters:
- <name>:
The name of this BGP Community List.
- (standard|expanded):
The type of Community List, either
standard
orexpanded
:- standard:
Matches based on specific values for community attributes.
- expanded:
Matches based on an ordered list using a regular expression. Due to the use of regular expression evaluation, these lists incur a performance penalty.
- [normal|extended|large]:
The type of communities contained inside this Community List, either
normal
,extended
, orlarge
.- normal:
Normal community values as described in RFC 1997.
- extended:
Extended BGP communities specified using 8-octet values as described in RFC 5668. These communities also allow for IPv4-based policies.
- large:
Large BGP communities specified using 12-octet values as described in RFC 8092 and RFC 8195.
The full community-list
command enters config-community-list
mode:
tnsr(config-frr-bgp)# community-list mycom standard normal
tnsr(config-community-list)#
config-community-list
mode contains the following commands:
- description:
- sequence <seq> (permit|deny) <community-value>:
- <seq>:
The sequence number for this rule, which controls the order in which rules are matched inside this Community List. Each rule must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use
10
,20
,30
, rather than1
,2
,3
.- (permit|deny):
The action taken when this Community List rule is matched, either
permit
ordeny
.- <community-value>:
The value of the community to match.
- Standard Community Lists:
This is a space-separated list of communities in AS:VAL format, or from the BGP Well-Known Communities list.
- Expanded Community Lists:
A string containing a regular expression to match against.
Regular expression patterns support common pattern special characters for matching, but also a special
_
character. The_
character matches common AS delimiters such as start of line, end of line, space, comma, braces, and parenthesis.
BGP Community List Example¶
This example sets up a Community List for the AS:VAL pair of AS 65002
and
community value 10
:
tnsr(config-frr-bgp)# community-list mycom standard normal
tnsr(config-community-list)# sequence 10 permit 65002:10
tnsr(config-community-list)# exit
tnsr(config-frr-bgp)#
This example sets up a Community List, used by a route map, to prevent
distribution of routes marked with the well-known community no-export
:
tnsr(config)# route dynamic bgp
tnsr(config-frr-bgp)# community-list POISON-ROUTES standard normal
tnsr(config-community-list)# sequence 10 permit no-export
tnsr(config-community-list)# exit
tnsr(config-frr-bgp)# exit
tnsr(config)# route dynamic route-map OUT
tnsr(config-route-map)# sequence 10
tnsr(config-route-map-rule)# policy deny
tnsr(config-route-map-rule)# match ip address prefix-list RFC1918
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# sequence 20
tnsr(config-route-map-rule)# policy deny
tnsr(config-route-map-rule)# match community POISON-ROUTES
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# sequence 30
tnsr(config-route-map-rule)# policy permit
tnsr(config-route-map-rule)# match ip address prefix-list MY-ROUTES
tnsr(config-route-map-rule)# exit
tnsr(config-route-map)# exit
tnsr(config)#
Note
In this example, note the use of permit
in the Community List,
which will succeed on a positive match. The route map then uses deny
when a positive match is made on the community value.
BGP Community List Status¶
To view Community Lists, use the show route dynamic bgp community-list
[<name>]
command. Add the name of a Community List to restrict the output to a
single entry.
tnsr(config)# show route dynamic bgp community-list
Name Type Size Description
----- -------- ------ -----------
POISON-ROUTES standard normal
Seq Action Community
--- ------ ---------
10 permit no-export
mycom standard normal
Seq Action Community
--- ------ ---------
10 permit 65002:10