Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1367
Views
5
Helpful
4
Replies

Redistribution using BGP Extended Communities

michael.whittle
Level 1
Level 1

‎06-28-2006 02:31 AM - edited ‎03-03-2019 01:09 PM

Hi all,

I need someone to help me with a redistribution problem with extended BGP communities.

I mailed out in the forums a while back and didn't get a single reply which is rare. I'm sure someone must have done what I'm trying to do. Any help would be greatly appreciated.

I have an MPLS VPN with an EBGP peer between the PE and CE. The CE is running OSPF as it's IGP. The VRF contains VPN routes as well as management routes. I don't want the management routes to be redistributed into the IGP. I don't want to use an ACL to specify individual networks. The management routes are tagged with their own extended communities.

What I've done is configure the EBGP peer to send extended communities through to the CPE. I've then got a route-map tied to the OSPF redistribution process and I'm trying to block the management extended communities and permit everything else. Some routes may have more than have extended community but if it has it at all I don't want the route redistributed. I've tried this a number of ways but it either denies all routes or permits everything.

Example:

Management Extended Community: 64512:1

All these don't work:

---

router ospf 1

redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT

!

ip extcommunity-list standard MANAGEMENT permit rt 64512:1

route-map BLOCK-MANAGEMENT deny 10

match extcommunity MANAGEMENT

!

---

router ospf 1

redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT

!

ip extcommunity-list standard MANAGEMENT permit rt 64512:1

route-map BLOCK-MANAGEMENT deny 10

match extcommunity MANAGEMENT

!

route-map BLOCK-MANAGEMENT permit 20

---

router ospf 1

redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT

!

ip extcommunity-list standard MANAGEMENT deny rt 64512:1

route-map BLOCK-MANAGEMENT permit 10

match extcommunity MANAGEMENT

!

route-map BLOCK-MANAGEMENT deny 20

---

Would something like this work?

ip extcommunity-list expanded MANAGEMENT deny _64512:1_

ip extcommunity-list expanded MANAGEMENT permit .*

Could that deny any route that has 64512:1 in it and permit everything else?

I think the problem I'm having is that the routes have more than one extended community and I think the standard extcommunity-list is looking at the entire list rather than the individual entries. Could someone confirm that?

Any help would be greatly appreciated.

Thanks,

Mike

Labels:
0 Helpful
4 Replies 4

ariela
Level 4
Level 4

‎06-28-2006 04:20 AM

Hi,

I haven't used ip extcommunity-list, but try this:

!

ip extcommunity-list 1 permit rt 64512:1

!

!

route-map BLOCK-MANAGEMENT deny 10

match extcommunity 1

!

route-map BLOCK-MANAGEMENT permit 20

!

Hope this helps

Regards

Andrea

0 Helpful

michael.whittle
Level 1
Level 1
In response to ariela

‎06-28-2006 06:07 AM

Hi Andrea,

I tried that a while back but it's expecting a named extended community list. Thanks for replying through.

router(config)#route-map BLOCK-MANAGEMENT deny 10

router(config-route-map)#mat

router(config-route-map)#match ex

router(config-route-map)#match extcommunity ?

WORD ext community-list name

Regards,

Mike

0 Helpful

mheusinger
Level 10
Level 10

‎06-28-2006 04:45 AM

Hi Mike,

some comments on your configs:

1) did you enable community propagation between PE and CE? The default BGP behaviour is to strip off communities when sending updates. Can you check on the CE, whether the community is present (show ip bgp a.b.c.d)?

2) use stadard communities, your CE might not be able to handle route targets:

PE:

router bgp 65000

address-family ipv4 vrf Customer

neighbor 10.1.1.1 remote-as 65001

neighbor 10.1.1.1 send-community

neighbor 10.1.1.1 route-map NMScomm out

exit-address-family

ip extcommunity-list standard MANAGEMENT permit rt 64512:1

route-map NMScomm permit 10

match extcommunity MANAGEMENT

set community 65000:161

CE:

router ospf 1

redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT

ip community-list standard StdNMS permit 64512:1

route-map BLOCK-MANAGEMENT deny 10

match community StdNMS

!

route-map BLOCK-MANAGEMENT permit 20

This way you will search for a standard community and therefore not interfere with RTs. Off course you need to adjust IP addresses, AS, names and the like to your environment. Tell me, whether it worked out for you.

Hope this helps! Please rate all posts.

Regards, Martin

michael.whittle
Level 1
Level 1
In response to mheusinger

‎06-28-2006 07:11 AM

Hi Martin,

Thanks for your help. A normal community can't take an RT. It only allows a AA:NN value. I've managed to sort it out another way. I've changed it from extended to standard communities and my route-map tags the outbound management routes with "no-advertise". I was surprised to see that's all I needed to do. BGP isn't advertising the management routes into OSPF with no additional configuration.

Regards,

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card