11-02-2010 07:30 AM - edited 03-04-2019 10:20 AM
Hello everybody,
I have a simple question. I want to block all communities from a customer and permit only what I need.
How to achive the result? Please help me, I have spent a lot of time on this task. Thank you in advance.
router bgp 5555
...
neighbor 2.2.2.2 route-map CUST-in in
...
!
route-map CUST-in permit 10
set comm-list FILTER delete
set community 5555:1111
!
ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777
ip community-list expanded CUST-ACCEPT permit .*:.*
!
result: I am still receiving 5555:666[0-9][0-9] or 5555:777[0-9][0-9] instead of strict 5555:666 and 5555:777.
sh ip bgp 200.200.200.0
...
Community: 5555:1111 5555:666 5555:6661 5555:777 5555:7773 5555:43882
!
Solved! Go to Solution.
11-04-2010 06:43 AM
Hello Dmitry,
I see you would like to avoid to match on BGP communities with an additional digit:
>> ip community-list expanded CUST-ACCEPT deny 5555:666
I would suggest to modify the statement in:
ip community-list expanded CUST-ACCEPT deny 5555:666_
the additional '_' should allow to specify that no additional digit should result in a match
Hope to help
Giuseppe
11-02-2010 08:08 AM
Hello Kozorezdi,
you should match on the community-list instead of using the community-list to decide if it is good to delete the communities in received advertisement
so your route-map should look like
route-map CUST-in permit 10
match community CUST-ACCEPT
set community 5555:1111
you need a match statement to fillter
Hope to help
Giuseppe
11-02-2010 09:51 AM
Hi,
Well i am using this like...say my peer have as number 9730 then i am using below config
route-map BGP-OTIP-SIN-IN permit 95
set comm-list 154 delete
set community 1234:7000 additive
Community (expanded) access list 154
permit _9730:.+_
means any community tagges with 9730:any occurance will be deleted and then I add what I want
Hope this is helpful
Regards
Mahesh
11-02-2010 10:35 AM
Thank you Mahesh.
In you case, if you need just remove the communities from the customer, you can just use set community 1234:7000 (without additive). Have I missed someting?
I need more strict rule. Customer will sent communities for my network (my AS5555) and I don't need any other communities. I need to receive only:
ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777
I will deny everything else by:
ip community-list expanded CUST-ACCEPT permit .*:.*
but the customer can send and I will receive 5555:6665 or 5555:77742 and I need to fix it.
--
Have a nice day,
Dmitry
11-02-2010 10:23 AM
Thank you Giuseppe. It is not what I need. I have wrote not the whole command, it should be: set community 5555:1111 additive.
Another words, I need to receive some communities from my customer and remove all other (and add my communities as well).
ip community-list expanded CUST-ACCEPT deny 5555:6[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:4[1-4][0-9][0-9][0-3]
ip community-list expanded CUST-ACCEPT deny 5555:666
ip community-list expanded CUST-ACCEPT deny 5555:777
ip community-list expanded CUST-ACCEPT permit .*:.*
I will permit something like: 5555:62340 or 5555:41002, I will deny 5555:22340 or 5555:91002 - it is working.
I will permit 5555:666, but I will permit 5555:6669 - and I don't like it. I need exactly 5555:666
Hope now, my question asked correctly.
--
Thank you in advance,
Dmitry
11-04-2010 06:43 AM
Hello Dmitry,
I see you would like to avoid to match on BGP communities with an additional digit:
>> ip community-list expanded CUST-ACCEPT deny 5555:666
I would suggest to modify the statement in:
ip community-list expanded CUST-ACCEPT deny 5555:666_
the additional '_' should allow to specify that no additional digit should result in a match
Hope to help
Giuseppe
11-05-2010 09:07 AM
Good everning Giuseppe,
Thank you very much! I don't know why I haven't checked it before , but it is exactly what I need.
Thanks a lot!
Dmitry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide