BGP Community Lists¶
A BGP community, as defined in RFC 1997, is a group of destinations which share common properties. Community Lists define sets of community attributes which the BGP daemon can use to match or set community values in routing updates. BGP communities determine AS membership and priority values in BGP-specific contexts such as route-maps.
The order of entries inside a Community List is important, and this order is determined by a sequence number.
BGP Well-Known Communities¶
There are several “well-known” communities available for use in Community Lists. Each of these communities have special meanings:
A community value of
0, indicating the Internet as a destination.
Routes received carrying this attribute value must not be exported to routers outside of the current confederation.
Routes received carrying this attribute value must not be advertised to any other BGP peer.
Also known as “No Export Subconfed”. Routes received carrying this attribute value must not be advertised to any external BGP peer, even those in the same confederation.
Routes received carrying this attribute should not be routed (e.g. null routed).
Indicates support for RFC 8326 Graceful Shutdown, which allows BGP routers to indicate to peers that specific paths can be gracefully shut down rather than abruptly terminated when performing an intentional shutdown.
Indicates that routes with this community value should not be readvertised to peers (RFC 3765).
BGP Community List Configuration¶
To create a new Community List, from
config-frr-bgp mode, use the
community-list <name> (standard|expanded) [normal|extended|large]
command, with the following parameters:
The name of this BGP Community List.
The type of Community List, either
Matches based on specific values for community attributes.
Matches based on an ordered list using a regular expression. Due to the use of regular expression evaluation, these lists incur a performance penalty.
The type of communities contained inside this Community List, either
Normal community values as described in RFC 1997.
Extended BGP communities specified using 8-octet values as described in RFC 5668. These communities also allow for IPv4-based policies.
community-list command enters
tnsr(config-frr-bgp)# community-list mycom standard normal tnsr(config-community-list)#
config-community-list mode contains the following commands:
- sequence <seq> (permit|deny) <community-value>
The sequence number for this rule, which controls the order in which rules are matched inside this Community List. Each rule must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use
30, rather than
The action taken when this Community List rule is matched, either
The value of the community to match.
- Standard Community Lists
This is a space-separated list of communities in AS:VAL format, or from the BGP Well-Known Communities list.
- Expanded Community Lists
A string containing a regular expression to match against.
Regular expression patterns support common pattern special characters for matching, but also a special
_character matches common AS delimiters such as start of line, end of line, space, comma, braces, and parenthesis.
BGP Community List Example¶
This example sets up a Community List for the AS:VAL pair of AS
tnsr(config-frr-bgp)# community-list mycom standard normal tnsr(config-community-list)# sequence 10 permit 65002:10 tnsr(config-community-list)# exit tnsr(config-frr-bgp)#
This example sets up a Community List, used by a route map, to prevent
distribution of routes marked with the well-known community
tnsr(config)# route dynamic bgp tnsr(config-frr-bgp)# community-list POISON-ROUTES standard normal tnsr(config-community-list)# sequence 10 permit no-export tnsr(config-community-list)# exit tnsr(config-frr-bgp)# exit tnsr(config)# route dynamic route-map OUT deny sequence 10 tnsr(config-route-map)# match ip address prefix-list RFC1918 tnsr(config-route-map)# exit tnsr(config)# route dynamic route-map OUT deny sequence 20 tnsr(config-route-map)# match community POISON-ROUTES tnsr(config-route-map)# exit tnsr(config)# route dynamic route-map OUT permit sequence 30 tnsr(config-route-map)# match ip address prefix-list MY-ROUTES tnsr(config-route-map)# exit tnsr(config)#
In this example, note the use of
permit in the Community List,
which will succeed on a positive match. The route map then uses
when a positive match is made on the community value.
BGP Community List Status¶
To view Community Lists, use the
show route dynamic bgp community-list
[<name>] command. Add the name of a Community List to restrict the output to a
tnsr(config)# show route dynamic bgp community-list Name Type Size Description ----- -------- ------ ----------- POISON-ROUTES standard normal Seq Action Community --- ------ --------- 10 permit no-export mycom standard normal Seq Action Community --- ------ --------- 10 permit 65002:10