BGP Communities Properties
The community property of BGP is an optional transitive property, and routers that do not support this attribute pass the community value to the downstream BGP neighbor intact (provided the delivery community property is configured).
The community attribute of BGP simplifies the matching of routers in the network to the same routing entries, and if all routers in a large network need to match the same route entry, if the ACL or prefix list is used to match, the workload is larger, Therefore, the Community attribute value can be set on a router for the corresponding route entry, and the route entry can be matched indirectly by matching the community property value on other routers, thus simplifying the matching of the routing entries.
Category of the Community property:
Can be divided into private community property values and well-known community property values.
The private community property value is usually represented by a number of 4 bytes (can be a 32-bit number, or two 16-bit digits, such as 100:1)
In Cisco routers, the default is 32-bit numbers, and if you are converting to two 16-bit numbers, you need to convert by command ((config) #ip bgp-community new-format), Both the display format in the BGP table and the display format in the configuration file are converted.
The IP bgp-community new-format command is valid only for this router and is not valid for the neighbor router.
The most well known community attribute values are:
No-advertise: Do not advertise to any BGP neighbors (most stringent).
No-export: Do not advertise to any EBGP neighbor, if there is a BGP federation, will be passed between EBGP neighbors within the federation.
Local-as: Passed only within as, if there is a BGP federation,
Internet: represents all routes and can match all routing entries by matching Internet properties
When the router accepts a route entry with a well-known community attribute value, it must make the appropriate action (different depending on the value of the community property)
It can also be divided into standard community property values and extended community property values.
Extended community attribute values are generally not involved in MPLS VPN networks.
Note:
A route prefix can carry multiple community values, and can carry both private community values and well-known community values.
The community value can be overwritten, appended, and removed on any BGP router.
The community property value of BGP is not automatically passed to the neighbor and must be passed for a specific neighbor configuration.
(config-router) #neighbor 192.168.12.2 send-community # #为特定的邻居发送路由时传递community property.
Configuration:
L Add Community attribute value for route entry
1. use ACL or prefix list to match the route entry that needs to add Community attribute value, try to use prefix list match.
(config) #ip prefix-list 1 Permit 1.1.1.1/32
2, define a route-map, match to the corresponding route entry, and append or overwrite the Community attribute value.
(config) #route-map 1 Permit 10
(config-route-map) # match IP address prefix-list 1 # route entry for #匹配需要添加community property
(CONFIG-ROUTE-MAP) # Set Community 126:1 # #为匹配到的路由条目打上一个私有的community Property value
(CONFIG-ROUTE-MAP) # Set Community No-advertise # #为匹配到的路由前缀打上一个众所周知的community属性值
(CONFIG-ROUTE-MAP) # Set Community 126:1 no-advertise # #为匹配到的路由前缀打上一个私有的和一个众所周知的community值.
3. In BGP, define the Communti attribute value when sending or receiving routes.
(config-router) #neighbor 192.168.12.2 route-map 1 out # #为BGP邻居配置策略, the policy of Route-map 1 is applied when the BGP route is sent, that is, the corresponding route prefix is hit community Value.
(config-router) # neighbor 192.168.12.2 Send-community # #为邻居发送BGP路由时, carrying Community attribute value
4. View the BGP route with community attribute worth
R2#show BGP entries for IP BGP Community # #查看带有community Property values
BGP table version is 8, local router ID is 192.168.23.2
Status Codes:s suppressed, D damped, H history, * valid, > Best, I-internal,
R Rib-failure, S Stale
Origin codes:i-IGP, E-EGP,? -Incomplete
Network Next Hop Metric locprf Weight Path
*>I1.1.1.1/32 192.168.12.1 0 0 I # #说明当前的路由前缀携带了community Value
5. View the communtiy value in the BGP routing entry
R2#show IP BGP 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 8
Paths: (1 available, best #1, table default-ip-routing-table)
Advertised to Update-groups:
2
Local
192.168.12.1 from 192.168.12.1 (192.168.26.2)
Origin IGP, Metric 0, Localpref, valid, internal, best
Community:126:1 # #路由条目中携带的community value.
R2#show IP BGP 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 8
Paths: (1 available, best #1, table default-ip-routing-table, not advertised to any peer)
flag:0x880
Not advertised to any peer
100
192.168.12.1 from 192.168.12.1 (1.1.1.3)
Origin IGP, Metric 0, Localpref, valid, external, best
Community:100:1 1000:1 No-advertise # #当前路由前缀中携带了3个community Property values
L Append community value to other BGP routers
1. match the route entry to append community value by ACL, prefix list, or commun-list list
(config) #ip prefix-list 1 Permit 1.1.1.1/32 # #通过前缀匹配路由条目
(config) #ip community-list 1 Permit 126:1 # #通过community-list matches the routing entry because 1.1.1.1/32 's route entry already carries a 126:1 community value, So you can match the route entry indirectly by matching the Communit value.
2, define ROUTE-MAP and append community value.
(config) #route-map 1 Permit # #创建一个route-map
(config-route-map) #match IP address prefix-list 1 # #通过ip prefix matching route entry
(CONFIG-ROUTE-MAP) #match Community 1 # #也可以通过community-list to match the routing entry.
(CONFIG-ROUTE-MAP) # Set Community 100:1 Additive # #追加上一个community value, where the keyword additive is appended meaning, if there is no such keyword, The community value in the routing entry will be overwritten.
Note: In Route-map, a prefix list or community-list can be used to match a routing entry, and if both the prefix list and the community-list are configured, the matching is satisfied in the two list, that is, the two condition is the and relationship.
3. Associate the defined route-map with the corresponding neighbor.
Slightly........................
L Delete the community value on the BGP router
1. match the corresponding route entry by IP prefix list, ACL, or community-list value.
(config) #ip community-list 1 Permit 100:1 # #定义一个community-list to match those routing entries in BGP routing entries that carry community values of 100:1.
2. Define a community-list value that defines the community value to be deleted.
(config) #ip community-list 2 Permit 100:1
3. define Route-map
(config) #route-map 1 Permit 10
(CONFIG-ROUTE-MAP) #match Community 1
(Config-route-map) #set comm-list 2 Delete #定义要删除的community值
4, for the corresponding neighbor Association Route-map
L Use the community value to match the corresponding route and complete the corresponding policy.
The most important use of the Community property value is to simplify the matching of routing entries.
1. Use Community-list to match the corresponding routing entry.
(config) #ip community-list 1 Permit 100:1 # #匹配community The route containing 100:1 in the property value
4. define Route-map
(config) #route-map 1 # #创建一个route-map
(CONFIG-ROUTE-MAP) #match Community 1 # #通过定义好的community-list 1 matches to the corresponding route entry.
(config-route-map) #set weight # #将匹配到的路由条目的weight changed to 2000
5, for the corresponding neighbor Association Route-map
(config-router) #neighbor 192.168.34.3 route-map 1 in # #从邻居192.168.34.3 apply Route-map when receiving routes
6. View Results
R4#show IP BGP 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 25
Paths: (1 available, best #1, table default-ip-routing-table)
Not advertised to any peer
300 126
192.168.34.3 from 192.168.34.3 (192.168.37.3)
Origin IGP, Localpref, weight, valid, external, best
Community:126:1
L Considerations when matching routing entries by community-list:
(config) #ip community-list 1 Permit 100:1 NOT-ADV
The matching community attribute value contains at least 100:1 and NOT-ADV routes, which is the relationship of two conditions and (and).
(config) #ip community-list 1 PERIMT 100:1
(config) #ip community-list 1 Permit Not-adv
The matching community property value contains 100:1 or a route containing not-adv, and two conditions are or (or) of the relationship.
When more than one community attribute value is carried in a route entry, by default only one of the community values matched to the corresponding route is matched, but the result is not accurate enough to match the corresponding route in Route-map When you specify Community-list in the, you can add the Exact-match keyword, which is a strict match.
To clarify the above, for a simple example, two BGP routes were received on the router: 1.1.1.1/32 and 1.1.1.2/32, where 1.1.1.1/32 carried a community value of 100:1, while 1.1.1.2/ 32 carries two community values, respectively: 100:1, 200:2. The requirement now is that only 100:1 of the routes on the router are allowed to enter the BGP table.
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 200:2
IP community-list 1 Permit 100:1
Route-map 1
Match Community 1
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, both 1.1.1.1/32 and 1.1.1.2/32 can enter the BGP table because there is no strict match at the time of the match.
Case One
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list 1 Permit 100:1
Route-map 1
Match Community 1
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, both 1.1.1.1/32 and 1.1.1.2/32 can enter the BGP table because there is no strict match at the time of the match.
Case Two
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list 1 Permit 100:1
Route-map 1
Match Community 1 Exact-match
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, only 1.1.1.1/32 routes can go into the BGP table because of strict matching.
Case Three
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list 1 Permit 100:1 100:2
Route-map 1
Match Community 1
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, only 1.1.1.2/32 routes can enter the BGP table, because multiple values in the same community-list are and relationships that need to be matched to match.
Case Four
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list 1 Permit 100:1
IP community-list 1 Permit 100:2
Route-map 1
Match Community 1
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, both 1.1.1.1/32 and 1.1.1.2/32 routes can be entered into the BGP table
Case Five
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list Standard Comm Permit 100:1
IP community-list Standard Comm Permit 100:2
Route-map 1
Match Community Comm Exact-match
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, 1.1.1.1/32 can enter the BGP table because the 1.1.1.2/32 route cannot be strictly matched.
Case Six
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list 1 Permit 100:1
IP community-list 2 Permit 100:2
Route-map 1 Permit 10
Match Community 1 2
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With the above configuration, both 1.1.1.1/32 and 1.1.1.2/32 routes can be entered into the BGP table
Case Seven
1.1.1.1/32 community:100:1
1.1.1.2/32 community:100:1 100:2
IP community-list Standard Comm Permit 100:1
IP community-list Standard COMM2 permit 100:2
Route-map 1 Permit 10
Match Community Comm COMM2 Exact-match
(config-router) #neighbor 192.168.1.1 Route-map 1 in
With that configuration, only 1.1.1.1/32 routes can enter the BGP table
BGP Community Properties