Associating Communities with Static and Aggregate Routes
This chapter provides information about associating communities with static and aggregate routes configurations.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 11.0.R3, but the MD-CLI in this edition corresponds to SR OS Release 20.7.R2. There are no prerequisites for this configuration.
Introduction
Border gateway protocol (BGP) communities are optional, transitive attributes attached to BGP route prefixes to carry more information about that route prefix. Multiple route prefixes can have the same community attached such that it can be matched by a route policy. As a result, the presence of a community value can be used to influence and control route policies.
A BGP community is a 32-bit value that is written as two 16-bit numbers separated by a colon. The first number usually represents the autonomous system (AS) number that defines or originates the community while the second is set by the network administrator.
Knowledge of RFC 4271 (BGP-4) and RFC 1997 (BGP Communities Attribute) is assumed throughout this document, as well as knowledge of multi-protocol BGP (MP-BGP) and RFC 4364 (BGP/MPLS IP VPNs).
Overview
Example topology shows the example topology with 7750 Server Router nodes. PE-1 to PE-4 and the Route Reflector (RR-5) are located in the same Autonomous System (AS): AS 64496. CE-6 is in a separate AS 64497 and peers using eBGP with its directly connected neighbor, PE-4.
The objectives are:
-
To configure static routes in a VPRN in PE-1 with various community values—including well-known communities—export them to other PEs within the same AS, and then via eBGP to CE-6. During this process, the community values for each route will be examined to ensure that the transitive nature of the attribute is maintained.
-
To associate a community with an aggregate route that represents a larger number of composite prefixes. The aggregate will be advertised in place of the composite prefixes.
The following configuration tasks should be completed as a prerequisite:
-
Full mesh IS-IS or OSPF between all of the PE routers and the RR.
-
iBGP between the RR and all PEs.
-
eBGP between PE-4 and CE-6.
-
Link-layer LDP between all PEs.
Associating communities with static and aggregate routes
It is possible to add a single community value to a static and aggregate route without using a route policy.
The community value can be in the 4-byte format comprising of a 2-byte AS value, followed by a 2-byte decimal value, separated by a colon. It can also be the name of a well-known standard community, such as: no-export, no-advertise, no-export-subconfed.
Any community added can be matched using a route policy.
The purpose of this example is to provision static and aggregate IPv4 route prefixes and associate a community with each route. These routes are then redistributed into the BGP protocol and advertised to other BGP speakers.
This is shown for IPv4 routes within a VPRN. Well-known, standard communities will also be configured to show that the correct behavior is observed.
Configuration
The first step is to configure an iBGP session between each of the PEs and the Route Reflector (RR). The address family negotiated between peers is VPN-IPv4.
The following BGP configuration is identical for all PEs:
# on all PEs:
configure {
router "Base" {
autonomous-system 64496
bgp {
group "internal" {
peer-as 64496
family {
vpn-ipv4 true
}
}
neighbor "192.0.2.5" {
group "internal"
}
The IP addresses can be derived from Example topology.
The BGP configuration for RR-5 is as follows:
# on RR-5:
configure {
router "Base" {
autonomous-system 64496
bgp {
cluster {
cluster-id 0.0.0.1
}
group "RR-clients" {
peer-as 64496
family {
vpn-ipv4 true
}
}
neighbor "192.0.2.1" {
group "RR-clients"
}
neighbor "192.0.2.2" {
group "RR-clients"
}
neighbor "192.0.2.3" {
group "RR-clients"
}
neighbor "192.0.2.4" {
group "RR-clients"
}
The following BGP summary on RR-5 shows that BGP sessions with each PE are established for the VPN-IPv4 address family:
[]
A:admin@RR-5# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.2
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.3
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.4
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
-------------------------------------------------------------------------------
VPRN: IPv4
CE connections for next-hops shows the Customer Edge (CE) routers connected to PE-1.
The VPRN configuration for PE-1 is as follows:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
admin-state enable
service-id 1
customer "1"
route-distinguisher "64496:1"
vrf-target {
community "target:64496:1"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
interface "int-PE-1-CE-7" {
ipv4 {
primary {
address 172.16.17.1
prefix-length 30
}
}
sap 1/2/1:1.0 {
}
}
interface "int-PE-1-CE-8" {
ipv4 {
unnumbered {
ip-int-name "loop1"
}
}
sap 1/2/2:1.0 {
}
}
interface "loop1" {
loopback true
ipv4 {
primary {
address 192.0.2.100
prefix-length 32
}
}
}
For unnumbered interfaces, an IP address is borrowed from a loopback interface, see ‟Unnumbered Interfaces in RSVP-TE and LDP” in the MPLS volume of the 7450 ESS, 7750 SR, and 7950 XRS Advanced Configuration Guide — Part I.
LDP is used as the label-switching protocol for next-hop resolution.
PE-4 is configured with an interface toward CE-6 that supports eBGP. The following export policy is configured:
# on PE-4:
configure {
policy-options {
community "1:1" {
member "1:1" { }
}
policy-statement "BGP-VPN-accept" {
entry 10 {
from {
protocol {
name [bgp-vpn]
}
}
action {
action-type accept
community {
add ["1:1"]
}
}
}
}
The configuration of the VPRN service ‟VPRN 1” on PE-4 is as follows:
# on PE-4:
configure {
service {
vprn "VPRN 1" {
admin-state enable
service-id 1
customer "1"
autonomous-system 64496
route-distinguisher "64496:1"
vrf-target {
community "target:64496:1"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
bgp {
group "VPRN1-external" {
peer-as 64497
export {
policy ["BGP-VPN-accept"]
}
import {
policy ["1:1"]
}
}
neighbor "172.16.46.2" {
group "VPRN1-external"
}
}
interface "int-PE-4-CE-6" {
ipv4 {
primary {
address 172.16.46.1
prefix-length 30
}
}
sap 1/2/1:1 {
}
}
Static routes with communities
A static route has multiple next-hop options: direct connected IP address, black-hole, indirect IP address, and interface-name.
CE connections for next-hops shows a pair of CE routers connected to PE-1. The link to CE-7 is a numbered link. The link to CE-8 is an unnumbered link. The loopback interface address is used as a reference address for the unnumbered Ethernet interface.
Beyond CE-7 are several /24 subnets. Static routes to these individual subnets are created on PE-1 using a static route with a next-hop type of ‟interface address” or an ‟indirect address”. The indirect address is learned using a static route.
Beyond CE-8 is a single /24 subnet. A static route to this subnet is created with an interface-name as the next-hop.
There are several well-known, standard communities:
-
no-export: the route is not advertised to any external peer. This route should be present in the route tables of all BGP speakers in the originating AS, but not in those in neighboring ASs.
-
no-advertise: the route is not advertised to any peer. This route should not be present in any router as BGP-learned route.
The requirement for each subnet is:
-
10.100.100.0/24 must not be advertised outside of the AS. This must be associated with the standard, well-known community no-export. The community value is encoded as 65535:65281 (0xFFFFFF01), but the CLI requires the keyword no-export.
# on PE-1: configure { service { vprn "VPRN 1" { static-routes { route 10.100.100.0/24 route-type unicast { next-hop "172.16.17.2" { admin-state enable community "no-export" } } -
10.100.101.0/24 must be advertised with a community of 64496:101
route 10.100.101.0/24 route-type unicast { next-hop "172.16.17.2" { admin-state enable community "64496:101" } } -
10.100.102.0/24 must not be advertised to any BGP peer. This must be associated with the standard, well-known community no-advertise. The community value is encoded as 65535:65282 (0xFFFFFF02), but the CLI requires the keyword no-advertise.
route 10.100.102.0/24 route-type unicast { next-hop "172.16.17.2" { admin-state enable community "no-advertise" } } -
10.100.103.0/24 must be advertised with a community of 64496:103 and a route tag of 10.
route 10.100.103.0/24 route-type unicast { next-hop "172.16.17.2" { admin-state enable tag 10 community "64496:103" } } -
10.100.104.0/24 must be advertised with a community of 64496:104. It is reachable via 192.0.2.7 which, in turn, is reachable via 172.16.17.2. This is using a static route which does not need to be advertised, therefore, it is associated with the no-advertise community.
route 10.100.104.0/24 route-type unicast { indirect 192.0.2.7 { admin-state enable community "64496:104" } } route 192.0.2.7/32 route-type unicast { next-hop "172.16.17.2" { admin-state enable community "no-advertise" } } -
10.100.105.0/24 must be advertised with a community of 64496:105. It is reachable via the unnumbered interface to CE-8.
route 10.100.105.0/24 route-type unicast { interface "int-PE-1-CE-8" { admin-state enable community "64496:105" } }
On PE-1, static routes are configured that match the static routes from CE connections for next-hops, and the preceding conditions.
The default behavior of a VPRN is to export all static and connected routes into a BGP labeled route with the appropriate route-target extended community configured in the VRF-target statement. A single community string can be added using the preceding static-route community commands. If multiple communities are required, then a VRF-export policy should be used, but this is outside the scope of this chapter.
The following BGP table on PE-1 shows which VPN-IPv4 routes have been exported correctly to RR-5:
[]
A:admin@PE-1# show router bgp neighbor 192.0.2.5 advertised-routes vpn-ipv4
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.101.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.103.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.104.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.105.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:172.16.17.0/30 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:192.0.2.100/32 100 None
192.0.2.1 None n/a
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 7
===============================================================================
There are only seven exported routes. The route prefixes associated with the no-advertise community are not present, as expected.
Examining the BGP table of PE-4 shows the presence of the expected routes, with the correct community values.
The prefix 10.100.100.0/24 is a member of community no-export. This is correctly advertised to PE-4, as follows:
[]
A:admin@PE-4# show router bgp routes 10.100.100.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.100.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : no-export target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h16m07s
VPRN Imported : 1
---snip---
The following command shows all members of the community no-export:
[]
A:admin@PE-4# show router bgp routes vpn-ipv4 community no-export
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None 10
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Because the community no-export is encoded as community 65535:65281, the same output can be retrieved as follows:
[]
A:admin@PE-4# show router bgp routes vpn-ipv4 community 65535:65281
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None 10
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The prefix 10.100.101.0/24 is a member of community 64496:101. This is correctly advertised to PE-4.
[]
A:admin@PE-4# show router bgp routes 10.100.101.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.101.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:101 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h34m23s
VPRN Imported : 1
---snip---
The prefix 10.100.103.0/24 is a member of community 64496:103. This is correctly advertised to PE-4, as follows:
[]
A:admin@PE-4# show router bgp routes 10.100.103.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.103.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:103 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h26m24s
VPRN Imported : 1
---snip---
The prefix 10.100.104.0/24 is a member of community 64496:104. This is correctly advertised to PE-4, as follows:
[]
A:admin@PE-4# show router bgp routes 10.100.104.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.104.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:104 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h20m45s
VPRN Imported : 1
---snip---
The prefix 10.100.105.0/24 is a member of community 64496:105. This is correctly advertised to PE-4.
[]
A:admin@PE-4# show router bgp routes 10.100.105.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.105.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:105 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h18m11s
VPRN Imported : 1
---snip---
The following route table of VPRN 1 on PE-4 shows that these seven BGP-learned routes are present as valid routes.
[]
A:admin@PE-4# show router 1 route-table protocol bgp-vpn
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.100.100.0/24 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
10.100.101.0/24 Remote BGP VPN 01h46m55s 170
192.0.2.1 (tunneled) 0
10.100.103.0/24 Remote BGP VPN 01h37m47s 170
192.0.2.1 (tunneled) 0
10.100.104.0/24 Remote BGP VPN 01h30m18s 170
192.0.2.1 (tunneled) 0
10.100.105.0/24 Remote BGP VPN 01h26m58s 170
192.0.2.1 (tunneled) 0
172.16.17.0/30 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
192.0.2.100/32 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following route table on CE-6 shows six valid BGP-learned routes, as expected:
[]
A:admin@CE-6# show router route-table protocol bgp
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.100.101.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.103.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.104.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.105.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
172.16.17.0/30 Remote BGP 00h04m31s 170
172.16.46.1 0
192.0.2.100/32 Remote BGP 00h04m31s 170
172.16.46.1 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The prefix 10.100.100.0/24 is not received from PE-4 because it is a member of the no-export community.
[]
A:admin@CE-6# show router bgp routes 10.100.100.0/24 detail
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================
Static route 10.100.101.0/24 is received on CE-6 with the correct community 64496:101, as follows:
[]
A:admin@CE-6# show router bgp routes community 64496:101
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.101.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.103.0/24 is received on CE-6 with the correct community 64496:103, as follows:
[]
A:admin@CE-6# show router bgp routes community 64496:103
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.103.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.104.0/24 is received on CE-6 with the correct community 64496:104, as follows:
[]
A:admin@CE-6# show router bgp routes community 64496:104
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.104.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.105.0/24 is received on CE-6 with the correct community 64496:105.
[]
A:admin@CE-6# show router bgp routes community 64496:105
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.105.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Aggregate routes with communities
An aggregate route can be configured to represent a larger number of prefixes. For example, a set of prefixes 10.101.0.0/24 to 10.101.7.0/24 can be represented as a single aggregate prefix of 10.101.0.0/21.
This is because the third octet in the range 0 to 7 can be represented by the 8 bits 00000000 to 00000111. The first 5 bits of this octet are common, along with the previous 2 octets, giving a prefix where the first 21 bits are common. Therefore, the aggregate can be written as 10.101.0.0/21.
To illustrate the configuration of an aggregate, consider following.
CE-7 connectivity shows a CE router (CE-7), in AS 64498, that advertises a series of contiguous prefixes via BGP.
-
10.101.0.0/24 to 10.101.7.0/24
-
10.102.0.0/24 to 10.102.7.0/24
Instead of advertising all these prefixes out of the VPRN toward an external CE individually, an aggregate route can be configured that summarizes each set of eight prefixes and a community can be directly associated with each aggregate route.
The configuration for VPRN service ‟VPRN 2” on PE-1, including the external BGP configuration is as follows:
# on PE-1:
configure {
policy-options {
community "1:2" {
member "1:2" { }
}
policy-statement "1:2" {
entry 10 {
from {
community {
name "1:2"
}
}
action {
action-type accept
}
}
}
}
service {
vprn "VPRN 2" {
admin-state enable
service-id 2
customer "1"
autonomous-system 64496
route-distinguisher "64496:2"
vrf-target {
community "target:64496:2"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
bgp {
group "external" {
peer-as 64498
import {
policy ["1:2"]
}
export {
policy ["1:2"]
}
}
neighbor "172.16.117.2" {
group "external"
}
}
interface "int-PE-1-CE-7_2nd" {
ipv4 {
primary {
address 172.16.117.1
prefix-length 30
}
}
sap 1/2/1:2.0 {
}
}
The BGP neighbor relationship on PE-1 shows the following:
[]
A:admin@PE-1# show router 2 bgp neighbor
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.117.2
Description : (Not Specified)
Group : external
-------------------------------------------------------------------------------
Peer AS : 64498 Peer Port : 179
Peer Address : 172.16.117.2
Local AS : 64496 Local Port : 50195
Local Address : 172.16.117.1
Peer Type : External Dynamic Peer : No
State : Established Last State : Active
Last Event : recvOpen
Last Error : Unrecognized Error
Local Family : IPv4
Remote Family : IPv4
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Active Hold Time : 90 Active Keep Alive : 30
Cluster Id : None
Preference : 170 Num of Update Flaps : 0
Input Queue : 0 Output Queue : 0
Input Messages : 7 Output Messages : 7
Input Octets : 247 Output Octets : 232
Input Updates : 1 Output Updates : 1
Input RtRefresh : 0 Output RtRefresh : 0
TTL Security : Disabled Min TTL Value : n/a
Graceful Restart : Disabled Stale Routes Time : n/a
Restart Time : n/a
Long-Lived GR : Disabled
Advertise Inactive : Disabled Peer Tracking : Disabled
Auth key chain : n/a
Disable Cap Nego : Disabled Bfd Enabled : Disabled
Default Route Tgt : Disabled
Aigp Metric : Disabled Split Horizon : Disabled
Damp Peer Oscillatio*: Disabled Update Errors : 0
GR Notification : Disabled Fault Tolerance : Disabled
Rem Idle Hold Time : 00h00m00s
Next-Hop Unchanged : None
sel-lbl-ipv4-install : Disabled
Local Capability : RtRefresh MPBGP 4byte ASN
Remote Capability : RtRefresh MPBGP 4byte ASN
Routes Resolve To St*: Disabled
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
: Receive - None
Import Policy : 1:2
: Default Reject
Export Policy : 1:2
: Default Reject
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
The following output shows the 16 received BGP routes on PE-1:
[]
A:admin@PE-1# show router 2 bgp routes
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.101.0.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.1.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.2.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.3.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.4.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.5.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.6.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.7.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.0.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.1.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.2.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.3.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.4.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.5.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.6.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.7.0/24 None None
172.16.117.2 None 0
64498 -
-------------------------------------------------------------------------------
Routes : 16
===============================================================================
PE-4 also has a VPRN 2 instance configured, so that it will receive the imported BGP routes. The service configuration for ‟VPRN 2” on PE-4 is as follows:
# on PE-4:
configure {
service {
vprn "VPRN 2" {
admin-state enable
service-id 2
customer "1"
autonomous-system 64496
route-distinguisher "64496:2"
vrf-target {
community "target:64496:2"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
bgp {
group "VPRN2-external" {
peer-as 64497
import {
policy ["1:2"]
}
export {
policy ["1:2"]
}
}
neighbor "172.16.146.2" {
group "VPRN2-external"
}
}
interface "int-PE-4-CE-6_2nd" {
ipv4 {
primary {
address 172.16.146.1
prefix-length 30
}
}
sap 1/2/1:2 {
}
}
CE-6 connectivity shows the connectivity between PE-4 and CE-6. PE-4 will only forward a summarizing aggregate route toward CE-6.
PE-4 receives labeled BGP route prefixes from PE-1 via the route reflector and installs them in the FIB for router instance 2, as follows:
[]
A:admin@PE-4# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.101.0.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.1.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.2.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.3.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.4.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.5.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.6.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.7.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.0.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.1.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.2.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.3.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.4.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.5.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.6.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.7.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
172.16.117.0/30 Remote BGP VPN 00h02m41s 170
192.0.2.1 (tunneled) 0
172.16.146.0/30 Local Local 00h02m42s 0
int-PE-4-CE-6_2nd 0
-------------------------------------------------------------------------------
No. of Routes: 18
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On CE-6, an additional interface is configured toward PE-4, as follows:
# on CE-6:
configure {
service {
ies "IES 2" {
admin-state enable
service-id 2
customer "1"
interface "int-CE-6-PE-4_2nd" {
sap 1/1/1:2 {
}
ipv4 {
primary {
address 172.16.146.2
prefix-length 30
}
}
}
The BGP configuration of CE-6 is as follows:
# on CE-6:
configure {
router "Base" {
bgp {
group "external-toVPRN2onPE-4" {
peer-as 64496
import {
policy ["1:2"]
}
export {
policy ["1:2"]
}
}
neighbor "172.16.146.1" {
group "external-toVPRN2onPE-4"
}
}
The BGP neighbor state for PE-4 is as follows:
[]
A:admin@PE-4# show router 2 bgp neighbor 172.16.146.2
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.146.2
Description : (Not Specified)
Group : VPRN2-external
-------------------------------------------------------------------------------
Peer AS : 64497 Peer Port : 179
Peer Address : 172.16.146.2
Local AS : 64496 Local Port : 50683
Local Address : 172.16.146.1
Peer Type : External Dynamic Peer : No
State : Established Last State : Active
Last Event : recvOpen
Last Error : Unrecognized Error
Local Family : IPv4
Remote Family : IPv4
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Active Hold Time : 90 Active Keep Alive : 30
Cluster Id : None
Preference : 170 Num of Update Flaps : 0
Input Queue : 0 Output Queue : 0
Input Messages : 25 Output Messages : 20
Input Octets : 750 Output Octets : 387
Input Updates : 5 Output Updates : 0
Input RtRefresh : 0 Output RtRefresh : 0
TTL Security : Disabled Min TTL Value : n/a
Graceful Restart : Disabled Stale Routes Time : n/a
Restart Time : n/a
Long-Lived GR : Disabled
Advertise Inactive : Disabled Peer Tracking : Disabled
Auth key chain : n/a
Disable Cap Nego : Disabled Bfd Enabled : Disabled
Default Route Tgt : Disabled
Aigp Metric : Disabled Split Horizon : Disabled
Damp Peer Oscillatio*: Disabled Update Errors : 0
GR Notification : Disabled Fault Tolerance : Disabled
Rem Idle Hold Time : 00h00m00s
Next-Hop Unchanged : None
sel-lbl-ipv4-install : Disabled
Local Capability : RtRefresh MPBGP 4byte ASN
Remote Capability : RtRefresh MPBGP 4byte ASN
Routes Resolve To St*: Disabled
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
: Receive - None
Import Policy : 1:2
: Default Reject
Export Policy : 1:2
: Default Reject
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
To advertise a summarizing aggregate route with an associated community string, an aggregate route is required. In this case, the 10.101.x.0/24 group of prefixes will be associated with community 64496:101. The 10.102.x.0/24 group of prefixes will be associated with the standard community no-export, so that it will not be advertised to any external peer. These aggregate routes are configured in VPRN 2 on PE-4, as follows:
# on PE-4:
configure {
service {
vprn "VPRN 2" {
aggregates {
aggregate 10.101.0.0/21 {
community ["64496:101"]
}
aggregate 10.102.0.0/21 {
community ["no-export"]
}
}
}
The following export policy is required on PE-4 to allow the advertising of the aggregate route. No community is applied using this policy.
# on PE-4:
configure {
policy-options {
policy-statement "PE-4-VPN-Agg" {
entry 10 {
from {
protocol {
name [aggregate]
}
}
action {
action-type accept
community {
add ["1:2"]
}
}
}
}
This is applied as an export policy within the group context of the BGP configuration of the VPRN, as follows:
# on PE-4:
configure {
service {
vprn "VPRN 2" {
bgp {
group "VPRN2-external" {
export {
policy ["PE-4-VPN-Agg"]
}
}
}
The aggregate route 10.101.0.0/21 is received at CE-6 via BGP. The community that was associated with this prefix is seen: 64496:101. The route is seen as an aggregate, with PE-4 as the aggregating router (192.0.2.4). The ‟Atomic Aggregate” attribute is present, meaning that PE-4 has not advertised any details of the AS Paths of the composite routes.
[]
A:admin@CE-6# show router bgp routes 10.101.0.0/21 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.101.0.0/21
Nexthop : 172.16.146.1
Path Id : None
From : 172.16.146.1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.146.1
Local Pref. : None Interface Name : int-CE-6-PE-4_2nd
Aggregator AS : 64496 Aggregator : 192.0.2.4
Atomic Aggr. : Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : 64496:101
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : External
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m07s
---snip---
The aggregate route 10.102.0.0/21 is not received at CE-6, because PE-4 does not advertise it, due to the fact that it is associated with the ‟no-export” community.
[]
A:admin@CE-6# show router bgp routes 10.102.0.0/21 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================
Conclusion
Community strings can be added to static and aggregate routes. This example shows the configuration of communities with both static and aggregate routes, together with the associated show outputs which can be used to verify and troubleshoot them.