09-30-2014 04:44 PM - edited 03-01-2019 05:04 PM
This document explain "bgp match community" statement used in route-map.
Communities are used as flags in order to mark a set of routes in BGP which Upstream routers can then use these flags to apply specific routing polices (for example, local preference)within their network. BGP route can be mark with single or multiple community value. To perform routing policy on the basis of community value, route-map uses to match community value to perform inbound or outbound operation. BGP router receive routes with single community or multiple community value so while using "match community" command in route-map has two options.
1) Route Map: (match community word)
2) Route Map: (match community word exact-match)
Using "match community word" command: When the one of BGP communities value match to the one of communities value in community list, it is match.
Using "match community word exact-match": When exact-match keyword is specified, match happen only when BGP updates have completely same communities value specified in the community list.
Let's discussed this more with configuration example:
Topology consists of three routers R1, R2 and R3 configured in AS1, AS2 and AS3 respectively. All basic and BGP configuration has already done shown below in table.R1 is advertising 5 prefixes to R2 and R2 to R3 shown as below:
1.1.1.1/32 and 2.2.2.2/32 with community 11:11
3.3.3.3/32 and 4.4.4.4/32 with community 11:11 22:22
5.5.5.5/32 with community 33:33
R1:
hostname R1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
ip address 3.3.3.3 255.255.255.255
!
interface Loopback3
ip address 4.4.4.4 255.255.255.255
!
interface Loopback4
ip address 5.5.5.5 255.255.255.255
end
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.252
no sh
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 2
!
address-family ipv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
neighbor 10.1.1.2 route-map TO_R2 out
no auto-summary
no synchronization
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
network 3.3.3.3 mask 255.255.255.255
network 4.4.4.4 mask 255.255.255.255
network 5.5.5.5 mask 255.255.255.255
exit-address-family
!
ip prefix-list L0&L1 seq 5 permit 1.1.1.1/32
ip prefix-list L0&L1 seq 10 permit 2.2.2.2/32
!
ip prefix-list L2&L3 seq 5 permit 3.3.3.3/32
ip prefix-list L2&L3 seq 10 permit 4.4.4.4/32
!
ip prefix-list L4 seq 5 permit 5.5.5.5/32
!
route-map TO_R2 permit 10
match ip address prefix-list L0&L1
set community 11:11
!
route-map TO_R2 permit 20
match ip address prefix-list L2&L3
set community 11:11 22:22
!
route-map TO_R2 permit 30
match ip address prefix-list L4
set community 33:33
!
ip bgp-community new-format
##############################################################
R2:
hostname R2
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.252
no sh
!
interface FastEthernet0/1
ip address 10.1.1.5 255.255.255.252
no sh
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.6 remote-as 3
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community
no auto-summary
no synchronization
exit-address-family
!
ip bgp-community new-format
!
#############################
R3:
hostname R3
!
interface FastEthernet0/0
ip address 10.1.1.6 255.255.255.252
no sh
!
router bgp 3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.1.5 remote-as 2
!
address-family ipv4
neighbor 10.1.1.5 activate
no auto-summary
no synchronization
exit-address-family
!
ip bgp-community new-format
!
Verifying BGP neighborship on R2 and R3 is learning 5 routes with community value as mentioned above.
On R2:
R2#sh ip bgp summary | beg Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 1 182 177 9 0 0 02:42:42 4
10.1.1.6 4 3 161 173 9 0 0 02:36:31 0
On R3:
R3#sh ip bgp community 11:11 exact-match | beg Net Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 10.1.1.5 0 2 1 i *> 2.2.2.2/32 10.1.1.5 0 2 1 i
R3#sh ip bgp community 11:11 22:22 exact-match | beg Net Network Next Hop Metric LocPrf Weight Path *> 3.3.3.3/32 10.1.1.5 0 2 1 i *> 4.4.4.4/32 10.1.1.5 0 2 1 i
R3#sh ip bgp community 33:33 exact-match | beg Net Network Next Hop Metric LocPrf Weight Path *> 5.5.5.5/32 10.1.1.5 0 2 1 i
Case1: Configure "match community word" in route-map
Here route-map will be configure on R2 to deny routes advertisement that have community value 11:11, so even if prefixes has other community value than 11:11 will be filter by R2 to R3.
Configuring Community-list and Route-map on R2.
ip community-list standard TO_R3_FILTER permit 11:11 route-map TO_R3 deny 10 match community TO_R3_FILTER route-map TO_R3 permit 100 router bgp 2 address-family ipv4 uni neighbor 10.1.1.6 route-map TO_R3 out
Verify:
R3#sh ip bgp | beg Net Network Next Hop Metric LocPrf Weight Path *> 5.5.5.5/32 10.1.1.5 0 2 1 i R3#sh ip bgp community 33:33 exact-match | beg Net Network Next Hop Metric LocPrf Weight Path *> 5.5.5.5/32 10.1.1.5 0 2 1 i
From the above output, R3 is only receiving routes with community 33:33, other routes include 11:11 community value got filter by R2 to R3.
Case2: Configure "match community word exact-match" in route-map.
When exact-match keyword is specified, match happen only when BGP updates have completely same communities value specified in the community list. In our case, R2 will be matching community value 11:11 22:22 and forward to R3 other route will be filtered on R2.
Configuring Community-list and route-map on R2:
ip community-list standard TO_R3_FILTER permit 11:11 22:22 route-map TO_R3 permit 10 match community TO_R3_FILTER exact-match router bgp 2 address-family ipv4 uni neighbor 10.1.1.6 route-map TO_R3 out
Verify on R3:
R3#sh ip bgp | beg Net Network Next Hop Metric LocPrf Weight Path *> 3.3.3.3/32 10.1.1.5 0 2 1 i *> 4.4.4.4/32 10.1.1.5 0 2 1 i R3#sh ip bgp community 11:11 22:22 exact-match | beg Net Network Next Hop Metric LocPrf Weight Path *> 3.3.3.3/32 10.1.1.5 0 2 1 i *> 4.4.4.4/32 10.1.1.5 0 2 1 i
Excellent post as always! very clear and concise, many thanks!
Thanks for the post! Currently , I am trying this but I am having trouble on filtering some routes with community values on the inbound direction.
I am using named community list, and still not sure if it is the one causing issues. I will try the standard community list and update if the issue is still there,
So I need to filter out certain routes tagged with a community value on a specific node. So I created the following config
ip community-list 3 permit 10732000
I then called the community list 3 in a route-map
route-map route-blocker deny 10
match community 3
route-map route-blocker permit 20
and applied this route-map to the BGP neigh inbound. This didn't work. Route tagged with this community was still getting through.
I changed the community-list 3 to deny 10732000 no difference despite clear ip bgp * command
after researching I found a suggestion that the following would work
ip community-list standard route-deny permit 10732000
I modified the route-map
route-map route-blocker deny 10
match community route-deny
and it worked. The route is no longer seen under a show ip route.
My question what is the difference between a numbered community list and a named community list
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: