05-09-2012 02:10 PM - edited 03-04-2019 04:18 PM
Hello,
Is the below a valid commuity configuration?
ip community-list 100 permit ASN:100
Route map Com-list permit 10 (Applied In bound)
match community 100
Since there is no action that was specified on the match statement. If this is valid statement can you please breif me about what will be the result with the above statement.
Thank you
05-09-2012 02:22 PM
Hi,
The action depends on where you have applied this route-map.
For instance if you have applied this route-map to a redistibution, you will redistibute only the routes that match to the community list 100.
Hope that helps
Vasilis
05-09-2012 02:29 PM
Hello,
Thanks for your reply. There is no redistribution applied. The BGP Neibhor statement contains route maps for in and out. The out route map has the prefix list
route map com-list permit 10 (Applied outbound)
match ip add prefix-list xxx
set community asn.xxx
but the in bound has only the match statement as above mentioned, and there is no redistribution for the above route map, though there are seperate route map for redistribution between routing protocols.
05-09-2012 02:45 PM
Hello Karthik,
only BGP advertisements that has one BGP community value as specified in community-list 100 will be accepted from neighbor
To be noted multiple Community attributes can be associated to a BGP advertisement, the filter will accept routes with multiple BGP communities if one of them matches the community-list.
The fact that no set action is configured means that no BGP attribute manipulation is performed on accepted routes, and the route-map is used as filter framework to invoke the use of the community-list as filter rule.
Hope to help
Giuseppe
05-09-2012 03:21 PM
Hello,
In the above case of inbound route map with just match community-list 100 what will be expected result of the statement? will there be any local preference or any other attributes set by the upstream provider? Also since there is no prefix list or access list attached to the route-map will all the in bound routes from ISP will have the community list 100 (ASN:100) Mapped?
Thanks
05-10-2012 04:09 AM
Hello Karthik,
the result will be that BGP routes that have a BGP community value as per community list will be accepted with no changes to the BGP attributes. Local preference is not passed by upstream provider it has meaning and scope only within a single BGP AS ( for this the name). other attributes like MED are kept unchanged.
>>
Also since there is no prefix list or access list attached to the route-map will all the in bound routes from ISP will have the community list 100 (ASN:100) Mapped?
no because it is a match statement not a set action if the route has no BGP community equal to one of those specified in ip community-list the route will be denied
if you want to set a community on received routes you need a different configuration
route-map SETCOM-INBOUND permit 10
! match commands if needed
match ....
set community ASN:100 additive
! adding the additive keyword allows to append the ASN:100 value to existing BGP communities, without it you will first remove all BGP communities and then set only the new value
Hope to help
Giuseppe
05-10-2012 07:00 AM
Hello Giuseppe,
Thanks for the detailed reply. So if there is an inbound route map like the one below with only match and without any set statement, then will it deny all the ip comming with community value of 100? This part is bit confusing, since i am not sure what ip packets will be denyed because of the below statement that is comming in.
ip community list 100 permit asn:100
Route-map setcom-inbound deny 10
match community-list 100
Thank you
05-10-2012 07:21 AM
Hello Karthik,
your understanding is almost correct but actually a route-map like that denies everything
you need a multiple blocks route-map to deny only specific routes matching the community-list
in other words
route-map setcom-inbound deny 10
match community-list 100
denies everything
route-map setcom-inbound deny 10
match community-list 100
route-map setcom-inbound permit 20
this one has an empty final block that allows all other routes.
>>
route-map setcom-inbound permit 20
For route-maps like for ACLs is important how they are terminated and where they are applied
there is no implicit permit any at the end of the route-map
Hope to help
Giuseppe
05-10-2012 02:30 PM
Hello Guiseppe,
Thanks for the update. This helped me in clearing the confusion i was having.
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide