Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
27031
Views
10
Helpful
3
Comments

bgp match community" statement used in route-map

ashirkar
Level 7
Level 7

‎09-30-2014 04:44 PM - edited ‎03-01-2019 05:04 PM

Introduction:

This document explain "bgp match community" statement used in route-map.

Communities are used as flags in order to mark a set of routes in BGP which Upstream routers can then use these flags to apply specific routing polices (for example, local preference)within their network. BGP route can be mark with single or multiple community value. To perform routing policy on the basis of community value, route-map uses to match community value to perform inbound or outbound operation. BGP router receive routes with single community or multiple community value so while using "match community" command in route-map has two options.

1) Route Map: (match community word)

2) Route Map: (match community word exact-match)

 

Using "match community word" command: When the one of BGP communities value match to the one of communities value in community list, it is match.

Using "match community word exact-match": When exact-match keyword is specified, match happen only when BGP updates have completely same communities value specified in the community list.

Let's discussed this more with configuration example:

Configuration Example:

Topology consists of three routers R1, R2 and R3 configured in AS1, AS2 and AS3 respectively. All basic and BGP configuration has already done shown below in table.R1 is advertising 5 prefixes to R2 and R2 to R3 shown as below:

1.1.1.1/32 and 2.2.2.2/32 with community 11:11

3.3.3.3/32 and 4.4.4.4/32 with community 11:11 22:22

5.5.5.5/32 with community 33:33

 

 

R1:

hostname R1

!

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

!

interface Loopback1

 ip address 2.2.2.2 255.255.255.255

!

interface Loopback2

 ip address 3.3.3.3 255.255.255.255

!

interface Loopback3

 ip address 4.4.4.4 255.255.255.255

!

interface Loopback4

 ip address 5.5.5.5 255.255.255.255

end

!

interface FastEthernet0/0

 ip address 10.1.1.1 255.255.255.252

 no sh

!

router bgp 1

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 10.1.1.2 remote-as 2

 !

 address-family ipv4

  neighbor 10.1.1.2 activate

  neighbor 10.1.1.2 send-community

  neighbor 10.1.1.2 route-map TO_R2 out

  no auto-summary

  no synchronization

  network 1.1.1.1 mask 255.255.255.255

  network 2.2.2.2 mask 255.255.255.255

  network 3.3.3.3 mask 255.255.255.255

  network 4.4.4.4 mask 255.255.255.255

  network 5.5.5.5 mask 255.255.255.255

 exit-address-family

!

ip prefix-list L0&L1 seq 5 permit 1.1.1.1/32

ip prefix-list L0&L1 seq 10 permit 2.2.2.2/32

!

ip prefix-list L2&L3 seq 5 permit 3.3.3.3/32

ip prefix-list L2&L3 seq 10 permit 4.4.4.4/32

!

ip prefix-list L4 seq 5 permit 5.5.5.5/32

!

route-map TO_R2 permit 10

 match ip address prefix-list L0&L1

 set community 11:11

!

route-map TO_R2 permit 20

 match ip address prefix-list L2&L3

 set community 11:11 22:22

!

route-map TO_R2 permit 30

 match ip address prefix-list L4

 set community 33:33

!

ip bgp-community new-format

##############################################################

R2:

hostname R2

!

interface FastEthernet0/0

 ip address 10.1.1.2 255.255.255.252

 no sh

!

interface FastEthernet0/1

 ip address 10.1.1.5 255.255.255.252

 no sh

!

router bgp 2

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 10.1.1.1 remote-as 1

 neighbor 10.1.1.6 remote-as 3

 !

 address-family ipv4

  neighbor 10.1.1.1 activate

  neighbor 10.1.1.6 activate

  neighbor 10.1.1.6 send-community

  no auto-summary

  no synchronization

 exit-address-family

!

ip bgp-community new-format

!

#############################

R3:

hostname R3

!

interface FastEthernet0/0

 ip address 10.1.1.6 255.255.255.252

 no sh

!

router bgp 3

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 10.1.1.5 remote-as 2

 !

 address-family ipv4

  neighbor 10.1.1.5 activate

  no auto-summary

  no synchronization

 exit-address-family

!

ip bgp-community new-format

!

Verifying BGP neighborship on R2 and R3 is learning 5 routes with community value as mentioned above.

 

On R2:

 

R2#sh ip bgp summary | beg Nei

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

10.1.1.1        4     1     182     177        9    0    0 02:42:42        4

10.1.1.6        4     3     161     173        9    0    0 02:36:31        0

 

 

On R3:

 

R3#sh ip bgp community 11:11 exact-match | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 1.1.1.1/32       10.1.1.5                               0 2 1 i

*> 2.2.2.2/32       10.1.1.5                               0 2 1 i

 

R3#sh ip bgp community 11:11 22:22 exact-match | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 3.3.3.3/32       10.1.1.5                               0 2 1 i

*> 4.4.4.4/32       10.1.1.5                               0 2 1 i

 

R3#sh ip bgp community 33:33 exact-match | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 5.5.5.5/32       10.1.1.5                               0 2 1 i

Case1: Configure "match community word" in route-map

Here route-map will be configure on R2 to deny routes advertisement that have community value 11:11, so even if prefixes has other community value than 11:11 will be filter by R2 to R3.

 

Configuring Community-list and Route-map on R2.

 

ip community-list standard TO_R3_FILTER permit 11:11



route-map TO_R3 deny 10

match community TO_R3_FILTER

route-map TO_R3 permit 100



router bgp 2

address-family ipv4 uni

neighbor 10.1.1.6 route-map TO_R3 out

 

Verify:

 

R3#sh ip bgp | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 5.5.5.5/32       10.1.1.5                               0 2 1 i



R3#sh ip bgp community 33:33 exact-match | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 5.5.5.5/32       10.1.1.5                               0 2 1 i

 

From the above output, R3 is only receiving routes with community 33:33, other routes include 11:11 community value got filter by R2 to R3.

 

Case2: Configure "match community word exact-match" in route-map.

When exact-match keyword is specified, match happen only when BGP updates have completely same communities value specified in the community list. In our case, R2 will be matching community value 11:11 22:22 and forward to R3 other route will be filtered on R2.

 

Configuring Community-list and route-map on R2:

 

ip community-list standard TO_R3_FILTER permit 11:11 22:22



route-map TO_R3 permit 10

match community TO_R3_FILTER exact-match



router bgp 2

address-family ipv4 uni

neighbor 10.1.1.6 route-map TO_R3 out

Verify on R3:

R3#sh ip bgp | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 3.3.3.3/32       10.1.1.5                               0 2 1 i

*> 4.4.4.4/32       10.1.1.5                               0 2 1 i



R3#sh ip bgp community 11:11 22:22 exact-match | beg Net

   Network          Next Hop            Metric LocPrf Weight Path

*> 3.3.3.3/32       10.1.1.5                               0 2 1 i

*> 4.4.4.4/32       10.1.1.5                               0 2 1 i
Comments
Efren Teruel
Community Member
‎11-22-2014 06:59 AM

Excellent post as always! very clear and concise, many thanks!

mac_mac_net83
Level 1
Level 1
‎06-22-2019 07:18 PM

Thanks for the post! Currently , I am trying this but I am having trouble on filtering some routes with community values on the inbound direction. 

 

I am using named community list, and still not sure if it is the one causing issues. I will try the  standard community list and update if the issue is still there,

russell.sage
Level 1
Level 1
‎04-08-2021 02:32 AM

So I need to filter out certain routes tagged with a community value on a specific node. So I created the following config

ip community-list 3 permit 10732000

 

I then called the community list 3 in a route-map

route-map route-blocker deny 10

 match community 3

route-map route-blocker permit 20

and applied this route-map to the BGP neigh inbound. This didn't work. Route tagged with this community was still getting through.

I changed the community-list 3 to deny 10732000 no difference despite clear ip bgp * command

after researching I found a suggestion that the following would work

 

ip community-list standard route-deny permit 10732000

I modified the route-map

route-map route-blocker deny 10

 match community route-deny

and it worked. The route is no longer seen under a show ip route.

 

My question what is the difference between a numbered community list and a named community list

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents