BGP Community attributes
BGP community is a optional attribute of BGP routing protocol. It can be considered as a tag in IGP, making a set of IP addresses. The community strings often use to manipulate route, set BGP attributes for a set of ip addresses. We use access-list or prefix list to assign the community to IP addresses. Once the community attribute has been assigned, it can be changed by the route-map function in the router. By default, the community string is a decimal number. However, we can change to a new format (AA:NN) by using ip bgp-community new-format where AA is Autonomous system number and NN is a value as set by ASN.
In addition, there are 3 special community values. The command name and function are as followings.
In addition, there are 3 special community values. The command name and function are as followings.
To assign BGP community string, we use set community <number>/<special community string> in the route-map command. Or, we can use ip community-list <community string> permit/deny <ACL number> as well.
Below is the sample of how to configure BGP special community string and how it works. We will not talk about a decimal community string here since it is functioning the same as a IGP tag. In the example. R1, R2 and R3 are in AS 100 and R4 is in 200. OSPF is running between R1,R2 and R3. Here is the task list of this example.
- Establish eBGP connection between R1 and R4
- Establish iBGP connection between R1, R2 and R3 with Route-Reflector
- R3 advertise its loopback network in BGP with the community string as shown in the figure.
- Verify route received and community string on R2, R1, and R4
In this example, we expect as followings
- R2 will not have any clue about prefix 150.150.150.0/24 (R1 does not advertise to any of its peers)
- Prefix 100.100.100.0/24 will not be advertised out of the AS 100
- Prefix 200.200.200.0/24 will be advertised normally.
Configuration R3
Advertising its loopback networks in BGP with the community string as shown in the figure.
Create access-list for each loopback interface
ip access-list standard only-100
permit 100.100.0.0 0.0.255.255
ip access-list standard only-150
permit 150.150.0.0 0.0.255.255
ip access-list standard only-200
permit 200.200.0.0 0.0.255.255
Assign the access-list to the route-map and assign the community string according to the diagram.
route-map communityset permit 10
match ip address only-100
set community no-export
!
route-map communityset permit 20
match ip address only-150
set community no-advertise
!
route-map communityset permit 30
set community none
Apply policy "communityset" to bgp session.
router bgp 100
no synchronization
bgp log-neighbor-changes
network 100.100.100.0 mask 255.255.255.0
network 150.150.150.0 mask 255.255.255.0
network 200.200.200.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 route-map communityset out
no auto-summary
Note
- "neighbor send community" needs to apply to the neighbor in order to send out the community string
- Apply the route-map to neighbor
Verify the configuration
R1 community string Verification
R1#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 24
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Advertised to update-groups:
2
Local, (Received from a RR-client)
3.3.3.3 (metric 21) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-export
R1#
R1#sh ip bgp 150.150.150.0
BGP routing table entry for 150.150.150.0/24, version 25
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to any peer)
Not advertised to any peer
Local, (Received from a RR-client)
3.3.3.3 (metric 21) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-advertise
R1#
Routing table Verification
1) No 150.150.150.0/24 in R2 routing table
R2 Routing table
B 200.200.200.0/24 [200/0] via 3.3.3.3, 16:28:17
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 192.168.1.1, 16:54:32, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
100.0.0.0/24 is subnetted, 1 subnets
B 100.100.100.0 [200/0] via 3.3.3.3, 16:52:28
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 192.168.2.2, 16:53:54, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O 10.1.1.0 [110/20] via 192.168.1.1, 16:54:32, FastEthernet0/0
123.0.0.0/24 is subnetted, 1 subnets
B 123.1.1.0 [200/0] via 1.1.1.1, 16:49:44
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
R2#
2) No 100.100.100.0/24 in R4 routing table
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
B 200.200.200.0/24 [20/0] via 10.1.1.1, 16:30:36
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/0
123.0.0.0/24 is subnetted, 1 subnets
C 123.1.1.0 is directly connected, Loopback0
R4#
R1 Routing table
Gateway of last resort is not set
B 200.200.200.0/24 [200/0] via 3.3.3.3, 16:31:09
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 192.168.1.2, 16:57:33, FastEthernet0/1
100.0.0.0/24 is subnetted, 1 subnets
B 100.100.100.0 [200/0] via 3.3.3.3, 16:39:33
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/21] via 192.168.1.2, 16:55:43, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/0
123.0.0.0/24 is subnetted, 1 subnets
B 123.1.1.0 [20/0] via 10.1.1.2, 16:52:35
C 192.168.1.0/24 is directly connected, FastEthernet0/1
O 192.168.2.0/24 [110/20] via 192.168.1.2, 16:56:55, FastEthernet0/1
150.150.0.0/24 is subnetted, 1 subnets
B 150.150.150.0 [200/0] via 3.3.3.3, 16:35:24
R1#
Nice explanation . able to understand easily. thanks
ReplyDeleteI think this is wrong, R1 should not see 150 network, R2 should see
ReplyDelete