Friday, July 11, 2008

BGP - expanded community-lists

BGP expanded community-lists are more flexible than their standard counterparts because they can match on regexp instead of just a community string. Here you can see the differences:

R4(config)#ip community-list standard STANDARD permit ?
<1-4294967295> community number
aa:nn community number
internet Internet (well-known community)
local-AS Do not send outside local AS (well-known community)
no-advertise Do not advertise to any peer (well-known community)
no-export Do not export to next AS (well-known community)

R4(config)#ip community-list expanded EXPANDED permit ?
LINE An ordered list as a regular-expression


Now for a little lab. R1 and R2 are both going to EBGP peer with R4. R4 will then EBGP peer with R3. R1 and R2 will each send routes with different community strings to R4, along with routes without a community. We will use an expanded list to match certain community values. Hopefully, we can get it done with one permit statement.

R1 has 4 loopback networks:
1.0.0.0/24
1.0.1.0/24
1.0.2.0/24
1.0.3.0/24

R2 has 4 loopback networks:
2.0.0.0/24
2.0.1.0/24
2.0.2.0/24
2.0.3.0/24

R1 is sending community 100 with its first two loopbacks
R2 is sending community 200 with its first two loopbacks
The other loopbacks do not have a community attached.
Here is how we do it on R1, R2 is similar:

R1(config)#ip prefix-list LOOP1 permit 1.0.0.0/24
R1(config)#ip prefix-list LOOP1 permit 1.0.1.0/24
R1(config)#route-map setcom
R1(config-route-map)#match ip address prefix LOOP1
R1(config-route-map)#set commu 100
R1(config-route-map)#exit
R1(config)#route-map setcom perm 20
R1(config-route-map)#exit
R1(config)#router bgp 65000
R1(config-router)#neighbor 172.12.14.4 send-community
R1(config-router)#neighbor 172.12.14.4 route-map setcom out


Verify on R4 (this shows R4 is receiving all loopbacks)

R4#sho ip bgp | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0/24 172.12.14.1 0 0 65000 i
*> 1.0.1.0/24 172.12.14.1 0 0 65000 i
*> 1.0.2.0/24 172.12.14.1 0 0 65000 i
*> 1.0.3.0/24 172.12.14.1 0 0 65000 i
*> 2.0.0.0/24 172.12.24.2 0 0 65000 i
*> 2.0.1.0/24 172.12.24.2 0 0 65000 i
*> 2.0.2.0/24 172.12.24.2 0 0 65000 i
*> 2.0.3.0/24 172.12.24.2 0 0 65000 i


Here are the loopbacks with community attributes:

R4#show ip bgp community 100 | begin Net
Network Next Hop Metric LocPrf Weight Path
* 1.0.0.0/24 172.12.14.1 0 0 65000 i
* 1.0.1.0/24 172.12.14.1 0 0 65000 i
R4#show ip bgp community 200 | begin Net
Network Next Hop Metric LocPrf Weight Path
* 2.0.0.0/24 172.12.24.2 0 0 65000 i
* 2.0.1.0/24 172.12.24.2 0 0 65000 i

Here is R3:

R3#show ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0/24 172.12.34.4 0 400 65000 i
*> 1.0.1.0/24 172.12.34.4 0 400 65000 i
*> 1.0.2.0/24 172.12.34.4 0 400 65000 i
*> 1.0.3.0/24 172.12.34.4 0 400 65000 i
*> 2.0.0.0/24 172.12.34.4 0 400 65000 i
*> 2.0.1.0/24 172.12.34.4 0 400 65000 i
*> 2.0.2.0/24 172.12.34.4 0 400 65000 i
*> 2.0.3.0/24 172.12.34.4 0 400 65000 i


Now we will configure R4 to send only routes with community 100 or 200 to R3:

R4(config)#ip community-list expanded EXPANDED permit [1-2]00
R4(config)#route-map filtercom
R4(config-route-map)#match community ?
<1-99> Community-list number (standard)
<100-500> Community-list number (expanded)
WORD Community-list name
R4(config-route-map)#match community EXPANDED
R4(config-route-map)#exit
R4(config)#router bgp 400
R4(config-router)#neighbor 172.12.34.3 route-map filtercom out


Let's check on R3:

R3#show ip bgp
BGP table version is 66, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0/24 172.12.34.4 0 400 65000 i
*> 1.0.1.0/24 172.12.34.4 0 400 65000 i
*> 2.0.0.0/24 172.12.34.4 0 400 65000 i
*> 2.0.1.0/24 172.12.34.4 0 400 65000 i


In this example the regexp string [1-2]00 matched either 100 or 200 an only allowed these routes through to R3.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.