BGP Community Lists

A BGP community, as defined in RFC 1997, is a group of destinations which share common properties. Community Lists define sets of community attributes which the BGP daemon can use to match or set community values in routing updates. BGP communities determine AS membership and priority values in BGP-specific contexts such as route-maps.

The order of entries inside a Community List is important, and this order is determined by a sequence number.

BGP Well-Known Communities

There are several “well-known” communities available for use in Community Lists. Each of these communities have special meanings:

internet

A community value of 0, indicating the Internet as a destination.

no-export

Routes received carrying this attribute value must not be exported to routers outside of the current confederation.

no-advertise

Routes received carrying this attribute value must not be advertised to any other BGP peer.

local-as

Also known as “No Export Subconfed”. Routes received carrying this attribute value must not be advertised to any external BGP peer, even those in the same confederation.

blackhole

Routes received carrying this attribute should not be routed (e.g. null routed).

graceful-shutdown

Indicates support for RFC 8326 Graceful Shutdown, which allows BGP routers to indicate to peers that specific paths can be gracefully shut down rather than abruptly terminated when performing an intentional shutdown.

no-peer

Indicates that routes with this community value should not be readvertised to peers (RFC 3765).

BGP Community List Configuration

To create a new Community List, from config-frr-bgp mode, use the community-list <name> (standard|expanded) [normal|extended|large] command, with the following parameters:

<name>

The name of this BGP Community List.

(standard|expanded)

The type of Community List, either standard or expanded:

standard

Matches based on specific values for community attributes.

expanded

Matches based on an ordered list using a regular expression. Due to the use of regular expression evaluation, these lists incur a performance penalty.

[normal|extended|large]

The type of communities contained inside this Community List, either normal, extended, or large.

normal

Normal community values as described in RFC 1997.

extended

Extended BGP communities specified using 8-octet values as described in RFC 5668. These communities also allow for IPv4-based policies.

large

Large BGP communities specified using 12-octet values as described in RFC 8092 and RFC 8195.

The full community-list command enters config-community-list mode:

tnsr(config-frr-bgp)# community-list mycom standard normal
tnsr(config-community-list)#

config-community-list mode contains the following commands:

description

sequence <seq> (permit|deny) <community-value>
<seq>

The sequence number for this rule, which controls the order in which rules are matched inside this Community List. Each rule must have a unique sequence number. Best practice is to leave gaps in the sequence to allow for adding rules in the future. For example, use 10, 20, 30, rather than 1, 2, 3.

(permit|deny)

The action taken when this Community List rule is matched, either permit or deny.

<community-value>

The value of the community to match.

Standard Community Lists

This is a space-separated list of communities in AS:VAL format, or from the BGP Well-Known Communities list.

Expanded Community Lists

A string containing a regular expression to match against.

Regular expression patterns support common pattern special characters for matching, but also a special _ character. The _ character matches common AS delimiters such as start of line, end of line, space, comma, braces, and parenthesis.

BGP Community List Example

This example sets up a Community List for the AS:VAL pair of AS 65002 and community value 10:

tnsr(config-frr-bgp)# community-list mycom standard normal
tnsr(config-community-list)# sequence 10 permit 65002:10
tnsr(config-community-list)# exit
tnsr(config-frr-bgp)#

This example sets up a Community List, used by a route map, to prevent distribution of routes marked with the well-known community no-export:

tnsr(config)# route dynamic bgp
tnsr(config-frr-bgp)# community-list POISON-ROUTES standard normal
tnsr(config-community-list)# sequence 10 permit no-export
tnsr(config-community-list)# exit
tnsr(config-frr-bgp)# exit
tnsr(config)# route dynamic route-map OUT deny sequence 10
tnsr(config-route-map)# match ip address prefix-list RFC1918
tnsr(config-route-map)# exit
tnsr(config)# route dynamic route-map OUT deny sequence 20
tnsr(config-route-map)# match community POISON-ROUTES
tnsr(config-route-map)# exit
tnsr(config)# route dynamic route-map OUT permit sequence 30
tnsr(config-route-map)# match ip address prefix-list MY-ROUTES
tnsr(config-route-map)# exit
tnsr(config)#

Note

In this example, note the use of permit in the Community List, which will succeed on a positive match. The route map then uses deny when a positive match is made on the community value.

BGP Community List Status

To view Community Lists, use the show route dynamic bgp community-list [<name>] command. Add the name of a Community List to restrict the output to a single entry.

tnsr(config)# show route dynamic bgp community-list

Name  Type     Size   Description
----- -------- ------ -----------
POISON-ROUTES standard normal
    Seq Action Community
    --- ------ ---------
    10  permit no-export

mycom standard normal
    Seq Action Community
    --- ------ ---------
    10  permit 65002:10