Solved: BGP Communities coming from differnt ISP's not working

Shebin · ‎04-08-2020

Hello , i'm new here sorry for any mistakes

I labed up a scenario where i set up two independent ISP's between Branch and Remote-Branch

and after router advertisment from Branch to Remote-Branch i tried to manipulate Branch routes entering at Remote-Branch by using BGP Communities ,i configured 100:60 in ISP1 and matched 60.60.0.0/16 ge 25 , then i configured ISP2 with 200:50 and matched 50.50.0.0/16 ge 25 (i implemented these rout-maps in outbound direction for both ISP's respectively).....................Now in Remote_branch i matched the 100:60 and set weight as 100 ,and matched 200:50 and set weight as 200(for both neighbors rout-map is set in inbound direction)...but after configurtion i'm not able to see nay changes in routes..can anyone help,Thanks

Cristian Matei · ‎04-08-2020

Hi,

We speak about standard communities, so here's what needs to happen:

1. at your egress point, ensure you use a route-map to match on routes and set communities, attach the route-map to either the network statement (which influences all your BGP neighbors), or to the neighbour statement, as an outbound filter.

2. ensure to also tell the router to send the community, by default it does not, using command "neighbor x.x.x.x send-community standard.

3. The ISP has to NOT delete this community and preserve not hop-by-hop by using the same "neighbor x.x.x.x send-community both if running VPNv4/VPNv6" or "neighbor x.x.x.x send-community standard if running IPv4/IPv6 .

4. At the remote destination, for the ingress route-map to take effect (match on community and set weight), you need to receive the prefixes with the communities attached. If you met the above requirements, you'll be receiving the routes with the attached communities.

Regards,

Cristian Matei.

View solution in original post

Cristian Matei · ‎04-08-2020

Hi,

We speak about standard communities, so here's what needs to happen:

1. at your egress point, ensure you use a route-map to match on routes and set communities, attach the route-map to either the network statement (which influences all your BGP neighbors), or to the neighbour statement, as an outbound filter.

2. ensure to also tell the router to send the community, by default it does not, using command "neighbor x.x.x.x send-community standard.

3. The ISP has to NOT delete this community and preserve not hop-by-hop by using the same "neighbor x.x.x.x send-community both if running VPNv4/VPNv6" or "neighbor x.x.x.x send-community standard if running IPv4/IPv6 .

4. At the remote destination, for the ingress route-map to take effect (match on community and set weight), you need to receive the prefixes with the communities attached. If you met the above requirements, you'll be receiving the routes with the attached communities.

Regards,

Cristian Matei.

Shebin · ‎04-09-2020

Ya it worked (I SET the community at Branch & manipulated on Remote site) , but my question is why I cannot do the same from ISP's , I did the exact same configuration I just shifted the ISP configuration to Branch and its working, Any Idea ?

Thanks for the Help..God Bless..!

Cristian Matei · ‎04-14-2020

Hi,

What do you mean by "i cannot do the same from ISP's"?. Can you share a topology and better explain for which prefixes, min which direction, what doesn't work?

Regards,

Cristian Matei.

Shebin · ‎04-21-2020

Sorry for the late Reply

both scenario are working now , it was a configuration error from my side

Topology :

Goal: Manipulating Routes to use ISP-1 for 60.60.X.X and ISP-2 for 50.50.X.X on Remote-Branch to reach Branch site

Scenario 1 : Tagging communities for <routes 50.50.X.X and 60.60.X.X) in Branch , Setting communities in Remote-Branch

Scenario 2: Tagging communities for <routes 50.50.X.X(in ISP 2) and 60.60.X.X(in ISP-1)> originated from

Branch, Setting communiities on Remote-Branch

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scenario 1 Configuration

Branch#
sh run | sec route-map

neighbor 10.20.30.2 route-map LOOPBACK_COMMUNITY out
neighbor 20.30.40.2 route-map LOOPBACK_COMMUNITY out
route-map LOOPBACK_COMMUNITY permit 10
match ip address prefix-list fifty
set community 65530:50
route-map LOOPBACK_COMMUNITY permit 20
match ip address prefix-list sixty
set community 65530:60
route-map LOOPBACK_COMMUNITY permit 30
Branch#sh run | sec ip prefix-list
ip prefix-list fifty seq 1 permit 50.50.0.0/16 ge 24
ip prefix-list sixty seq 1 permit 60.60.0.0/16 ge 24

Remote-Brnach#
sh run | sec route-map

neighbor 192.168.241.5 route-map ISP_1_COMMUNITY in -------->ip of ISP-1
neighbor 192.168.253.9 route-map ISP_2_COMMUNITY in -------->ip of ISP-2
route-map ISP_1_COMMUNITY permit 10
match community L_6
set weight 666
route-map ISP_1_COMMUNITY permit 20

route-map ISP_2_COMMUNITY permit 10
match community L_5
set weight 555
route-map ISP_1_COMMUNITY permit 20

Remote-Brnach
#sh run | sec ip community
ip community-list standard L_6 permit 65530:60
ip community-list standard L_5 permit 65530:50

Output of Scenario 1 :

=================================================================================

Scenario 2 Configuration

ISP-1#sh run | sec ip prefix
ip prefix-list SIXTY: 1 entries
seq 1 permit 60.60.0.0/16 ge 24

ISP-1#sh run | sec route-map

route-map SIXTY permit 10
match ip address prefix-list SIXTY
set community 100:60
route-map SIXTY permit 20

ISP-1#
sh run | sec bgp

router bgp 100
bgp log-neighbor-changes
neighbor 192.168.241.2 remote-as 65530
neighbor 192.168.241.6 remote-as 600
!
address-family ipv4
neighbor 192.168.241.2 activate
neighbor 192.168.241.2 send-community both
neighbor 192.168.241.6 activate
neighbor 192.168.241.6 send-community both
neighbor 192.168.241.6 soft-reconfiguration inbound
neighbor 192.168.241.6 route-map SIXTY out
no auto-summary
no synchronization
network 192.168.241.0 mask 255.255.255.252
network 192.168.241.4 mask 255.255.255.252
exit-address-family
ip bgp-community new-format

ISP-2#
sh run | sec ip prefi
ip prefix-list FIFTY seq 1 permit 50.50.0.0/16 ge 25

ISP-2#
sh run | sec route-map
route-map FIFTY permit 10
match ip address prefix-list FIFTY
set community 200:50
route-map FIFTY permit 20

ISP-2#
sh run | sec bgp

router bgp 200
bgp log-neighbor-changes
neighbor 192.168.253.5 remote-as 200
neighbor 192.168.253.10 remote-as 600
!
address-family ipv4
neighbor 192.168.253.5 activate
neighbor 192.168.253.5 send-community both
neighbor 192.168.253.10 activate
neighbor 192.168.253.10 send-community both
neighbor 192.168.253.10 soft-reconfiguration inbound
neighbor 192.168.253.10 route-map FIFTY out
no auto-summary
no synchronization
network 192.168.253.4 mask 255.255.255.252
network 192.168.253.8 mask 255.255.255.252
exit-address-family
ip bgp-community new-format

Remote-Brnach#

sh run | sec ip community
ip community-list standard L_6 permit 65530:60
ip community-list standard L_5 permit 65530:50
ip community-list standard ISP1_6 permit 100:60
ip community-list standard ISP2_5 permit 200:50

Remote-Brnach#

sh run | sec route-map

route-map ISP_1_COMMUNITY permit 10
match community ISP1_6
set weight 6006
route-map ISP_1_COMMUNITY permit 20

route-map ISP_2_COMMUNITY permit 10
match community ISP2_5
set weight 5005
route-map ISP_2_COMMUNITY permit 20

Remote-Brnach#

router bgp 600
bgp log-neighbor-changes
neighbor 192.168.241.5 remote-as 100 ----->ISP-1 ip
neighbor 192.168.253.9 remote-as 200 ----->ISP-2 ip
!
address-family ipv4
redistribute connected
neighbor 192.168.241.5 activate
neighbor 192.168.241.5 send-community both
neighbor 192.168.241.5 soft-reconfiguration inbound
neighbor 192.168.241.5 route-map ISP_1_COMMUNITY in
neighbor 192.168.253.9 activate
neighbor 192.168.253.9 send-community both
neighbor 192.168.253.9 route-map ISP_2_COMMUNITY in
no auto-summary
no synchronization
exit-address-family
ip bgp-community new-format

Output of Scenario 2: