BGP Community List Explained - Standard and Extended

« 2022 Oct 5 »

Table of Contents

Jump to section:

• What is a BGP community list?
• How to configure a standard community list?
• How to configure an extended community list?
• Download section

What is a BGP community list? ‹
How to configure a standard community list? ‹
How to configure an extended community list? ‹
Download section ‹

What is a BGP community list?

A community list has permit and deny statements, which is similar to a prefix-list or access-list. However, instead of filtering IP prefixes, a community list permits or denies BGP community values.

More specifically, a standard community list identifies standard community attribute values. There are however extended community lists as well, these identify extended BGP community values such as a Route Target (RT) or Route Distinguisher (RD). The RFC 1997 mentions several actions that are possible with BGP communities.

A BGP speaker may use this attribute to control which routing information it accepts, prefers or distributes to other neighbors.

RFC 1997, BGP Communities Attribute

How to configure a standard community list?

In the following example, R1 attaches the BGP community value 65001:100 to prefixes advertised to R2. A standard community list is configured on R2 to match on the community value 65001:100. The command ip community-list standard CM-LIST permit 65001:100 configures the standard community list on R2.

Next, using a route-map R2 rewrites the received community value to 65002:100 and attaches it to the prefixes advertised to R3. R3 receives the prefixes from R2 with the community value 65002:100.

Configuration:

R1#show run | sec router
router bgp 65001
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 192.168.1.0
 network 192.168.2.0
 neighbor 10.1.0.2 remote-as 65002
 neighbor 10.1.0.2 send-community
 neighbor 10.1.0.2 route-map RM-COMMUNITY out

R1#show run | sec ^route-map
route-map RM-COMMUNITY permit 10
 set community 65001:100

R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R2 **
 ip address 10.1.0.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R1#show run int Lo10 | sec int
interface Loopback10
 ip address 192.168.1.1 255.255.255.0

R1#show run int Lo20 | sec int
interface Loopback20
 ip address 192.168.2.1 255.255.255.0

R1#show run | sec ^ip bgp
ip bgp-community new-format

R2#show run | sec router
router bgp 65002
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 10.1.0.1 remote-as 65001
 neighbor 10.2.0.2 remote-as 65003
 neighbor 10.2.0.2 send-community
 neighbor 10.2.0.2 route-map RM-REWRITE out

R2#show run | sec ip community
ip community-list standard CM-LIST permit 65001:100

R2#show run | sec ^route-map
route-map RM-REWRITE permit 10
 match community CM-LIST
 set community 65002:100

R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R1 **
 ip address 10.1.0.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to R3 **
 ip address 10.2.0.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R2#show run | sec ^ip bgp
ip bgp-community new-format

R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R2 **
 ip address 10.2.0.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R3#show run | sec router
router bgp 65003
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 neighbor 10.2.0.1 remote-as 65002
 
R3#show run | sec ^ip bgp
ip bgp-community new-format

R2#show ip bgp community 65001:100 | beg Network
     Network          Next Hop            Metric LocPrf Weight Path
 *>   192.168.1.0      10.1.0.1                 0             0 65001 i           « Prefixes that have the community 65001:100 assigned
 *>   192.168.2.0      10.1.0.1                 0             0 65001 i




R2#show ip bgp community-list CM-LIST | beg Network
     Network          Next Hop            Metric LocPrf Weight Path
 *>   192.168.1.0      10.1.0.1                 0             0 65001 i           « Prefixes matched by the community-list
 *>   192.168.2.0      10.1.0.1                 0             0 65001 i



R2#show ip bgp 192.168.1.0
BGP routing table entry for 192.168.1.0/24, version 4
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
     3         
  Refresh Epoch 3
  65001
    10.1.0.1 from 10.1.0.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 65001:100                     « R2 receives community 65001:100 from R1
      rx pathid: 0, tx pathid: 0x0
	  


R3#show ip bgp 192.168.1.0
BGP routing table entry for 192.168.1.0/24, version 6
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Refresh Epoch 1
  65002 65001
    10.2.0.1 from 10.2.0.1 (2.2.2.2)
      Origin IGP, localpref 100, valid, external, best
      Community: 65002:100                    « R2 receives community 65002:100 from R2, after rewrite
      rx pathid: 0, tx pathid: 0x0

How to configure an extended community list?

In the following example the PE routers R3 and R4 advertise the Site 100 prefix 192.168.1.0/24 to the Route Reflector R1. PE R3 adds the Route Target (RT) value 65001:300, and PE R4 adds the RT value 65001:400. As a result, PE R2 receives the same Site 100 IPv4 prefix with two different RT values attached. Note, since different Route Distinguisher (RD) is also attached by R3 and R4, the single Site 100 IPv4 prefix becomes two different BGP VPNv4 prefixes within AS 65001.

In order to make PE R2 prefer PE R3 as the next-hop router to reach Site 100, a BGP extended community list is configured. Accordingly, on PE R2 the command ip extcommunity-list standard EXTCOM-LIST permit rt 65001:300 configures an extended community list which filters BGP VPNv4 prefixes that have the RT value 65001:300.

Once the extended community list on PE R2 filters the prefix with RT 65001:300, a higher BGP local preference value is assigned. Thus, the prefix with RT 65001:300 (from PE R3) is more preferred than the prefix with RT 65001:400 (from PE R4).

Configuration:

R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to R4 **
 ip address 10.3.0.1 255.255.255.252
 duplex auto
 speed auto

R1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
 description ** to R3 **
 ip address 10.2.0.1 255.255.255.252
 duplex auto
 speed auto
 
R1#show run int Gi0/2 | sec int
interface GigabitEthernet0/2
 description ** to R2 **
 ip address 10.1.0.1 255.255.255.252
 duplex auto
 speed auto

R1#show run | sec router
router bgp 65001
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 10.1.0.2 remote-as 65001
 neighbor 10.2.0.2 remote-as 65001
 neighbor 10.3.0.2 remote-as 65001
 !
 address-family vpnv4
  neighbor 10.1.0.2 activate
  neighbor 10.1.0.2 send-community extended
  neighbor 10.1.0.2 route-reflector-client
  neighbor 10.2.0.2 activate
  neighbor 10.2.0.2 send-community extended
  neighbor 10.2.0.2 route-reflector-client
  neighbor 10.3.0.2 activate
  neighbor 10.3.0.2 send-community extended
  neighbor 10.3.0.2 route-reflector-client
 exit-address-family

R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to RR R1 **
 ip address 10.1.0.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 
R2#show run | sec vrf def 
vrf definition VRF-R2
 rd 65001:200
 !
 address-family ipv4
  route-target import 65001:300
  route-target import 65001:400
 exit-address-family
 
R2#show run | sec router
router bgp 65001
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 10.1.0.1 remote-as 65001
 !
 address-family vpnv4
  neighbor 10.1.0.1 activate
  neighbor 10.1.0.1 send-community extended
  neighbor 10.1.0.1 route-map RM-LOCPREF in
 exit-address-family

R2#show run | sec ^route-map
route-map RM-LOCPREF permit 10
 match extcommunity EXTCOM-LIST
 set local-preference 200
route-map RM-LOCPREF permit 20

R2#show run | sec ^ip ext
ip extcommunity-list standard EXTCOM-LIST permit rt 65001:300

R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to RR R1 **
 ip address 10.2.0.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R3#show run int Lo10 | sec int
interface Loopback10
 vrf forwarding VRF-R3
 ip address 192.168.1.1 255.255.255.0

R3#show run | sec vrf def
vrf definition VRF-R3
 rd 65001:300
 !
 address-family ipv4
  route-target export 65001:300
 exit-address-family

R3#show run | sec router
router bgp 65001
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 neighbor 10.2.0.1 remote-as 65001
 neighbor 10.2.0.1 next-hop-self
 !
 address-family vpnv4
  neighbor 10.2.0.1 activate
  neighbor 10.2.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VRF-R3
  redistribute connected
 exit-address-family

R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
 description ** to RR R1 **
 ip address 10.3.0.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45

R4#show run int Lo10 | sec int
interface Loopback10
 vrf forwarding VRF-R4
 ip address 192.168.1.1 255.255.255.0

R4#show run | sec vrf def
vrf definition VRF-R4
 rd 65001:400
 !
 address-family ipv4
  route-target export 65001:400
 exit-address-family

R4#show run | sec router    
router bgp 65001
 bgp router-id 4.4.4.4
 bgp log-neighbor-changes
 neighbor 10.3.0.1 remote-as 65001
 neighbor 10.3.0.1 next-hop-self
 !
 address-family vpnv4
  neighbor 10.3.0.1 activate
  neighbor 10.3.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VRF-R4
  redistribute connected
 exit-address-family

R2#show ip bgp vpnv4 all | beg Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:200 (default for vrf VRF-R2)
 * i  192.168.1.0      10.3.0.2                 0    100      0 ?
 * i                   10.2.0.2                 0    200      0 ?         « Local preference 200 assigned to prefix received from PE R3
Route Distinguisher: 65001:300
 * i  192.168.1.0      10.2.0.2                 0    200      0 ?
Route Distinguisher: 65001:400
 * i  192.168.1.0      10.3.0.2                 0    100      0 ?
 
 
R2#show ip bgp vpnv4 all 192.168.1.0  
BGP routing table entry for 65001:200:192.168.1.0/24, version 0
Paths: (2 available, no best path)
  Not advertised to any peer
  Refresh Epoch 2
  Local, imported safety path from 65001:400:192.168.1.0/24 (global)      « VPNv4 prefix from R4
    10.3.0.2 (inaccessible) (via default) from 10.1.0.1 (1.1.1.1)
      Origin incomplete, metric 0, localpref 100, valid, internal         « Local preference 100 assigned
      Extended Community: RT:65001:400                                    « Extended community 65001:400 received
      Originator: 4.4.4.4, Cluster list: 1.1.1.1
      mpls labels in/out nolabel/16
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local, imported safety path from 65001:300:192.168.1.0/24 (global)      « VPNv4 prefix from R3
    10.2.0.2 (inaccessible) (via default) from 10.1.0.1 (1.1.1.1)
      Origin incomplete, metric 0, localpref 200, valid, internal         « Local preference 200 assigned
      Extended Community: RT:65001:300                                    « Extended community 65001:300 received
      Originator: 3.3.3.3, Cluster list: 1.1.1.1
      mpls labels in/out nolabel/16
      rx pathid: 0, tx pathid: 0
	  
[output omitted for brevity]

Note that before the extended community list is configured and the local preference value 200 is assigned, R2 uses the same default local preference value 100 for both VPNv4 prefixes. This is shown in the following output.

R2#show ip bgp vpnv4 all | beg Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:200 (default for vrf VRF-R2)
 * i  192.168.1.0      10.3.0.2                 0    100      0 ?     
 * i                   10.2.0.2                 0    100      0 ?
Route Distinguisher: 65001:300
 * i  192.168.1.0      10.2.0.2                 0    100      0 ?
Route Distinguisher: 65001:400
 * i  192.168.1.0      10.3.0.2                 0    100      0 ?

The above example demonstrates how the extended community list filters BGP VPNv4 prefixes based on the Route Target value. This is one of the mechanisms used in Layer-3 MPLS VPN Service Provider networks to prefer a specific egress PE router to reach a destination prefix. For more context, the destination VPNv4 prefixes may be dual default routes announced by different PEs.