×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Community Attributes in BGP

Unanswered Question
May 9th, 2012
User Badges:

Hello,


  Is the below a valid commuity configuration?


ip community-list 100 permit ASN:100


Route map Com-list permit 10 (Applied In bound)

match community 100


Since there is no action that was specified on the match statement. If this is valid statement can you please breif me about what will be the result with the above statement.


Thank you            

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vasileios Boulo... Wed, 05/09/2012 - 14:22
User Badges:
  • Silver, 250 points or more

Hi,


The action depends on where you have applied this route-map.

For instance if you have applied this route-map to a redistibution, you will redistibute only the routes that match to the community list 100.


Hope that helps

Vasilis

Karthik Janakiraman Wed, 05/09/2012 - 14:29
User Badges:

Hello,


  Thanks for your reply. There is no redistribution applied. The BGP Neibhor statement contains route maps for in and out. The out route map has the prefix list


route map com-list  permit 10 (Applied outbound)

match ip  add prefix-list xxx

set community asn.xxx


but the in bound has only the match statement as above mentioned, and there is no redistribution for the above route map, though there are seperate route map for redistribution between routing protocols.

Giuseppe Larosa Wed, 05/09/2012 - 14:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Karthik,

only BGP advertisements that has one BGP community value as specified in community-list 100 will be accepted from neighbor


To be noted multiple Community attributes can be associated to a BGP advertisement, the filter will accept routes with multiple BGP communities if one of them matches the community-list.


The fact that no set action is configured means that no BGP attribute manipulation is performed on accepted routes, and the route-map is used as filter framework to invoke the use of the community-list as filter rule.


Hope to help

Giuseppe

Karthik Janakiraman Wed, 05/09/2012 - 15:21
User Badges:

Hello,


  In the above case of  inbound route map with just match community-list 100 what will be expected result of the statement? will there be any local preference or any other attributes set by the upstream provider? Also since there is no prefix list or access list attached to the route-map will all the in bound routes from ISP will have the community list 100 (ASN:100) Mapped?


Thanks

Giuseppe Larosa Thu, 05/10/2012 - 04:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Karthik,


the result will be that BGP routes that have a BGP community value as per community list will be accepted with no changes to the BGP attributes. Local preference is not passed by upstream provider it has meaning and scope only within a single BGP AS ( for this the name). other attributes like MED are kept unchanged.


>>

Also since there is no prefix list or access list attached to the route-map will all the in bound routes from ISP will have the community list 100 (ASN:100) Mapped?


no because it is a match statement not a set action if the route has no BGP community equal to one of those specified in ip community-list the route will be denied


if you want to set a community on received routes you need a different configuration


route-map SETCOM-INBOUND permit 10

! match commands if needed

match ....

set community   ASN:100 additive


! adding the additive keyword allows to append the ASN:100 value to existing BGP communities, without it you will first remove all BGP communities and then set only the new value


Hope to help

Giuseppe

Karthik Janakiraman Thu, 05/10/2012 - 07:00
User Badges:

Hello Giuseppe,


   Thanks for the detailed reply. So if there is an inbound route map like the one below with only match and without any set statement, then will it deny all the ip comming with community value of 100? This part is bit confusing, since i am not sure what ip packets will be denyed because of the below statement that is comming in.


ip community list 100 permit asn:100

Route-map setcom-inbound deny 10

match community-list 100


Thank you

Giuseppe Larosa Thu, 05/10/2012 - 07:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Karthik,

your understanding is almost correct but actually a route-map like that denies everything


you need a multiple blocks route-map to deny only specific routes matching the community-list


in other words


route-map setcom-inbound deny 10

match community-list 100


denies everything


route-map setcom-inbound deny 10

match community-list 100

route-map setcom-inbound permit 20


this one has an empty final block that allows all other routes.

>>

route-map setcom-inbound permit 20



For route-maps like for ACLs is important how they are terminated and where they are applied


there is no implicit permit any at the end of the route-map


Hope to help

Giuseppe

Karthik Janakiraman Thu, 05/10/2012 - 14:30
User Badges:

Hello Guiseppe,


   Thanks for the update. This helped me in clearing the confusion i was having.


Thank you

Actions

This Discussion

Related Content