Associating Communities with Static and Aggregate Routes

This chapter provides information about associating communities with static and aggregate routes configurations.

Topics in this chapter include:

Applicability

This chapter was initially written for SR OS Release 11.0.R3, but the CLI in this edition corresponds to SR OS Release 20.7.R2. There are no prerequisites for this configuration.

Introduction

Border gateway protocol (BGP) communities are optional, transitive attributes attached to BGP route prefixes to carry additional information about that route prefix. A number of route prefixes can have the same community attached such that it can be matched by a route policy. As a result, the presence of a community value can be used to influence and control route policies.

A BGP community is a 32-bit value that is written as two 16-bit numbers separated by a colon. The first number usually represents the autonomous system (AS) number that defines or originates the community while the second is set by the network administrator.

Knowledge of RFC 4271, BGP-4, and RFC 1997, BGP Communities Attribute, is assumed throughout this document, as well as knowledge of multi-protocol BGP (MP-BGP) and RFC 4364, BGP/MPLS IP VPNs.

Overview

Example topology shows the example topology with 7750 Server Router nodes. PE-1 to PE-4 and the Route Reflector (RR-5) are located in the same Autonomous System (AS): AS 64496. CE-6 is in a separate AS 64497 and peers using eBGP with its directly connected neighbor, PE-4.

Figure 1. Example topology

The objectives are:

  • To configure static routes in a VPRN in PE-1 with various community values—including well-known communities—export them to other PEs within the same AS, and then via eBGP to CE-6. During this process, the community values for each route will be examined to ensure that the transitive nature of the attribute is maintained.

  • To associate a community with an aggregate route that represents a larger number of composite prefixes. The aggregate will be advertised in place of the composite prefixes.

The following configuration tasks should be completed as a prerequisite:

  • Full mesh IS-IS or OSPF between all of the PE routers and the RR.

  • iBGP between the RR and all PEs.

  • eBGP between PE-4 and CE-6.

  • Link-layer LDP between each PE.

Associating communities with static and aggregate routes

It is possible to add a single community value to a static and aggregate route without using a route policy.

The community value can be in the 4-byte format comprising of a 2-byte AS value, followed by a 2-byte decimal value, separated by a colon. It can also be the name of a well-known standard community, such as no-export, no-advertise, no-export-subconfed.

Any community added can be matched using a route policy.

The purpose of this example is to provision static and aggregate IPv4 route prefixes and associate a community with each route. These routes are then redistributed into the BGP protocol and advertised to other BGP speakers.

This is shown for IPv4 routes within a VPRN. Well-known, standard communities will also be configured to show that the correct behavior is observed.

Configuration

The first step is to configure an iBGP session between each of the PEs and the Route Reflector (RR). The address family negotiated between peers is VPN-IPv4.

The following BGP configuration is identical for all PEs:

# on all PEs:
configure
    router
        autonomous-system 64496
        bgp
            group "internal"
                family vpn-ipv4
                peer-as 64496
                neighbor 192.0.2.5
                exit
            exit

The IP addresses can be derived from Example topology.

The BGP configuration for RR-5 is as follows:

# on RR-5:
configure
    router
        autonomous-system 64496
        bgp
            cluster 0.0.0.1
            group ‟RR-clients"
                family vpn-ipv4
                peer-as 64496
                neighbor 192.0.2.1
                exit
                neighbor 192.0.2.2
                exit
                neighbor 192.0.2.3
                exit
                neighbor 192.0.2.4
                exit
            exit

The following BGP summary on RR-5 shows that BGP sessions with each PE are established for the VPN-IPv4 address family:

*A:RR-5# show router bgp summary all 

===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId          AS PktRcvd InQ  Up/Down   State|Rcv/Act/Sent (Addr Family)
                      PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Instance  64496        3    0 00h00m11s 0/0/0 (VpnIPv4)
                            3    0           
192.0.2.2
Def. Instance  64496        3    0 00h00m11s 0/0/0 (VpnIPv4)
                            3    0           
192.0.2.3
Def. Instance  64496        3    0 00h00m11s 0/0/0 (VpnIPv4)
                            3    0           
192.0.2.4
Def. Instance  64496        3    0 00h00m11s 0/0/0 (VpnIPv4)
                            3    0           

-------------------------------------------------------------------------------

VPRN: IPv4

CE connections for next-hops shows the Customer Edge (CE) routers connected to PE-1.

Figure 2. CE connections for next-hops

The VPRN configuration for PE-1 is as follows:

# on PE-1:
configure
    service
        vprn 1 name "VPRN 1" customer 1 create
            route-distinguisher 64496:1
            auto-bind-tunnel
                resolution-filter
                    ldp
                exit
                resolution filter
            exit
            vrf-target target:64496:1
            interface "int-PE-1-CE-7" create
                address 172.16.17.1/30
                sap 1/2/1:1.0 create
                exit
            exit
            interface "loop1" create
                address 192.0.2.100/32
                loopback
            exit
            interface "int-PE-1-CE-8" create
                unnumbered "loop1"
                sap 1/2/2:1.0 create
            exit
        exit
        no shutdown

For unnumbered interfaces, an IP address is borrowed from a loopback interface, see chapter "Unnumbered Interfaces in RSVP-TE and LDP" in 7450 ESS, 7750 SR, and 7950 XRS MPLS Advanced Configuration Guide for Classic CLI.

LDP is used as the label-switching protocol for next-hop resolution.

PE-4 is configured with an interface toward CE-6 that supports eBGP. The following export policy is configured:

# on PE-4:
configure
    router
        policy-options
            begin
            policy-statement "BGP-VPN-accept"
                entry 10
                    from
                        protocol bgp-vpn
                    exit
                    action accept
                    exit
                exit
            exit
            commit
        exit

The configuration of the VPRN service on PE-4 is as follows:

# on PE-4:
configure
    service
        vprn 1 name "VPRN 1" customer 1 create
            autonomous-system 64496
            route-distinguisher 64496:1
            auto-bind-tunnel
                resolution-filter
                    ldp
                exit
                resolution filter
            exit
            vrf-target target:64496:1
            interface "int-PE-4-CE-6" create
                address 172.16.46.1/30
                sap 1/2/1:1 create
                exit
            exit
            bgp
                group "VPRN1-external"
                    export "BGP-VPN-accept"
                    peer-as 64497
                    neighbor 172.16.46.2
                    exit
                exit
            exit
            no shutdown

Static routes with communities

A static route has a number of next-hop options: direct connected IP address, black-hole, indirect IP address, and interface-name.

CE connections for next-hops shows a pair of CE routers connected to PE-1. The link to CE-7 is a numbered link. The link to CE-8 is an unnumbered link. The loopback interface address is used as a reference address for the unnumbered Ethernet interface.

Beyond CE-7 are several /24 subnets. Static routes to these individual subnets are created on PE-1 using a static route with a next-hop type of ‟interface address” or an ‟indirect address”. The indirect address is learned using a static route.

Beyond CE-8 is a single /24 subnet. A static route to this subnet is created with an interface-name as the next-hop.

There are a number of well-known, standard communities:

  • no-export: the route is not advertised to any external peer. This route should be present in the route tables of all BGP speakers in the originating AS, but not in those in neighboring ASs.

  • no-advertise: the route is not advertised to any peer. This route should not be present in any router as BGP-learned route.

The requirement for each subnet is:

  • 10.100.100.0/24 must not be advertised outside of the AS. This must be associated with the standard, well-known community no-export. The community value is encoded as 65535:65281 (0xFFFFFF01), but the CLI requires the keyword no-export.

    # on PE-1:
    configure
        service
            vprn 1
                static-route-entry 10.100.100.0/24
                    next-hop 172.16.17.2
                        community no-export
                        no shutdown
                    exit
    
  • 10.100.101.0/24 must be advertised with a community of 64496:101

                static-route-entry 10.100.101.0/24 
                    next-hop 172.16.17.2 
                        community 64496:101 
                        no shutdown
                    exit
    
  • 10.100.102.0/24 must not be advertised to any BGP peer. This must be associated with the standard, well-known community no-advertise. The community value is encoded as 65535:65282 (0xFFFFFF02), but the CLI requires the keyword no-advertise.

                static-route-entry 10.100.102.0/24 
                    next-hop 172.16.17.2 
                        community no-advertise
                        no shutdown
                    exit
    
  • 10.100.103.0/24 must be advertised with a community of 64496:103 and a route tag of 10.

                static-route-entry 10.100.103.0/24 
                    next-hop 172.16.17.2 
                        community 64496:103
                        tag 10
                        no shutdown
                    exit
                exit
    
  • 10.100.104.0/24 must be advertised with a community of 64496:104. It is reachable via 192.0.2.7 which, in turn, is reachable via 172.16.17.2. This is using a static route which does not need to be advertised, therefore, it is associated with the no-advertise community.

                static-route-entry 10.100.104.0/24 
                        indirect 192.0.2.7
                        community 64496:104 
                        no shutdown
                    exit
                exit
                static-route-entry 192.0.2.7/32
                    next-hop 172.16.17.2 
                        community no-advertise
                        no shutdown
                    exit
                exit
    
  • 10.100.105.0/24 must be advertised with a community of 64496:105. It is reachable via the unnumbered interface to CE-8.

                static-route-entry 10.100.105.0/24 
                    next-hop "int-PE-1-CE-8"
                        community 64496:105 
                        no shutdown
                    exit
                exit
    

On PE-1, static routes are configured that match the static routes from CE connections for next-hops, and the preceding conditions.

The default behavior of a VPRN is to export all static and connected routes into a BGP labeled route with the appropriate route-target extended community configured in the VRF-target statement. A single community string can be added using the preceding static-route community commands. If multiple communities are required, then a VRF-export policy should be used, but this is outside the scope of this chapter.

The following BGP table on PE-1 shows which VPN-IPv4 routes have been exported correctly to RR-5:

*A:PE-1# show router bgp neighbor 192.0.2.5 advertised-routes vpn-ipv4 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
i     64496:1:10.100.100.0/24                            100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:10.100.101.0/24                            100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:10.100.103.0/24                            100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:10.100.104.0/24                            100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:10.100.105.0/24                            100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:172.16.17.0/30                             100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
i     64496:1:192.0.2.100/32                             100         None
      192.0.2.1                                          None        n/a
      No As-Path                                                     524283
-------------------------------------------------------------------------------
Routes : 7
===============================================================================

There are only seven exported routes. The route prefixes associated with the no-advertise community are not present, as expected.

Examining the BGP table of PE-4 shows the presence of the expected routes, with the correct community values.

The prefix 10.100.100.0/24 is a member of community no-export. This is correctly advertised to PE-4, as follows:

*A:PE-4# show router bgp routes 10.100.100.0/24 vpn-ipv4 detail 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes

Network        : 10.100.100.0/24
Nexthop        : 192.0.2.1
Route Dist.    : 64496:1                VPN Label      : 524283
Path Id        : None                   
From           : 192.0.2.5
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-4-PE-1
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : no-export target:64496:1
Cluster        : 0.0.0.1
Originator Id  : 192.0.2.1              Peer Router Id : 192.0.2.5
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0                      
Neighbor-AS    : n/a
Orig Validation: N/A                    
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default 
Last Modified  : 01h16m07s              
VPRN Imported  :  1
---snip---

The following command shows all members of the community no-export:

*A:PE-4# show router bgp routes vpn-ipv4 community no-export 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  64496:1:10.100.100.0/24                            100         None
      192.0.2.1                                          None        10
      No As-Path                                                     524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Because the community no-export is encoded as community 65535:65281, the same output can be retrieved as follows:

*A:PE-4# show router bgp routes vpn-ipv4 community 65535:65281 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  64496:1:10.100.100.0/24                            100         None
      192.0.2.1                                          None        10
      No As-Path                                                     524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

The prefix 10.100.101.0/24 is a member of community 64496:101. This is correctly advertised to PE-4.

*A:PE-4# show router bgp routes 10.100.101.0/24 vpn-ipv4 detail 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes

Network        : 10.100.101.0/24
Nexthop        : 192.0.2.1
Route Dist.    : 64496:1                VPN Label      : 524283
Path Id        : None                   
From           : 192.0.2.5
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-4-PE-1
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : 64496:101 target:64496:1
Cluster        : 0.0.0.1
Originator Id  : 192.0.2.1              Peer Router Id : 192.0.2.5
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0                      
Neighbor-AS    : n/a
Orig Validation: N/A                    
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default                
Last Modified  : 01h34m23s              
VPRN Imported  :  1
---snip---

The prefix 10.100.103.0/24 is a member of community 64496:103. This is correctly advertised to PE-4, as follows:

*A:PE-4# show router bgp routes 10.100.103.0/24 vpn-ipv4 detail 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes

Network        : 10.100.103.0/24
Nexthop        : 192.0.2.1
Route Dist.    : 64496:1                VPN Label      : 524283
Path Id        : None                   
From           : 192.0.2.5
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-4-PE-1
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : 64496:103 target:64496:1
Cluster        : 0.0.0.1
Originator Id  : 192.0.2.1              Peer Router Id : 192.0.2.5
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0                      
Neighbor-AS    : n/a
Orig Validation: N/A                    
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default                
Last Modified  : 01h26m24s              
VPRN Imported  :  1
---snip---

The prefix 10.100.104.0/24 is a member of community 64496:104. This is correctly advertised to PE-4, as follows:

*A:PE-4# show router bgp routes 10.100.104.0/24 vpn-ipv4 detail 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes

Network        : 10.100.104.0/24
Nexthop        : 192.0.2.1
Route Dist.    : 64496:1                VPN Label      : 524283
Path Id        : None                   
From           : 192.0.2.5
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-4-PE-1
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : 64496:104 target:64496:1
Cluster        : 0.0.0.1
Originator Id  : 192.0.2.1              Peer Router Id : 192.0.2.5
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0                      
Neighbor-AS    : n/a
Orig Validation: N/A                    
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default                
Last Modified  : 01h20m45s              
VPRN Imported  :  1
---snip---

The prefix 10.100.105.0/24 is a member of community 64496:105. This is correctly advertised to PE-4.

*A:PE-4# show router bgp routes 10.100.105.0/24 vpn-ipv4 detail 
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes

Network        : 10.100.105.0/24
Nexthop        : 192.0.2.1
Route Dist.    : 64496:1                VPN Label      : 524283
Path Id        : None                   
From           : 192.0.2.5
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-4-PE-1
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : 64496:105 target:64496:1
Cluster        : 0.0.0.1
Originator Id  : 192.0.2.1              Peer Router Id : 192.0.2.5
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0                      
Neighbor-AS    : n/a
Orig Validation: N/A                    
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default                
Last Modified  : 01h18m11s              
VPRN Imported  :  1
---snip---

The following route table of VPRN 1 on PE-4 shows that these seven BGP-learned routes are present as valid routes.

*A:PE-4# show router 1 route-table protocol bgp-vpn 

===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.100.100.0/24                               Remote  BGP VPN   01h54m30s  170
       192.0.2.1 (tunneled)                                         0
10.100.101.0/24                               Remote  BGP VPN   01h46m55s  170
       192.0.2.1 (tunneled)                                         0
10.100.103.0/24                               Remote  BGP VPN   01h37m47s  170
       192.0.2.1 (tunneled)                                         0
10.100.104.0/24                               Remote  BGP VPN   01h30m18s  170
       192.0.2.1 (tunneled)                                         0
10.100.105.0/24                               Remote  BGP VPN   01h26m58s  170
       192.0.2.1 (tunneled)                                         0
172.16.17.0/30                                Remote  BGP VPN   01h54m30s  170
       192.0.2.1 (tunneled)                                         0
192.0.2.100/32                                Remote  BGP VPN   01h54m30s  170
       192.0.2.1 (tunneled)                                         0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The following route table on CE-6 shows six valid BGP-learned routes, as expected:

*A:CE-6# show router route-table protocol bgp 

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.100.101.0/24                               Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
10.100.103.0/24                               Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
10.100.104.0/24                               Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
10.100.105.0/24                               Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
172.16.17.0/30                                Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
192.0.2.100/32                                Remote  BGP       00h04m31s  170
       172.16.46.1                                                  0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The prefix 10.100.100.0/24 is not received from PE-4 because it is a member of the no-export community.

*A:CE-6# show router bgp routes 10.100.100.0/24 detail 

===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================

Static route 10.100.101.0/24 is received with the correct community 64496:101.

*A:CE-6# show router bgp routes community 64496:101 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  10.100.101.0/24                                    None        None
      172.16.46.1                                        None        0
      64496                                                          -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Static route 10.100.103.0/24 is received with the correct community 64496:103, as follows:

*A:CE-6# show router bgp routes community 64496:103 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  10.100.103.0/24                                    None        None
      172.16.46.1                                        None        0
      64496                                                          -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Static route 10.100.104.0/24 is received with the correct community 64496:104, as follows:

*A:CE-6# show router bgp routes community 64496:104 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  10.100.104.0/24                                    None        None
      172.16.46.1                                        None        0
      64496                                                          -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Static route 10.100.105.0/24 is received with the correct community 64496:105.

*A:CE-6# show router bgp routes community 64496:105 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  10.100.105.0/24                                    None        None
      172.16.46.1                                        None        0
      64496                                                          -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Aggregate routes with communities

An aggregate route can be configured to represent a larger number of prefixes. For example, a set of prefixes 10.101.0.0/24 to 10.101.7.0/24 can be represented as a single aggregate prefix of 10.101.0.0/21.

This is due to the fact that the third octet in the range 0 to 7 can be represented by the 8 bits 00000000 to 00000111. The first 5 bits of this octet are common, along with the previous 2 octets, giving a prefix where the first 21 bits are common. Therefore, the aggregate can be written as 10.101.0.0/21.

In order to illustrate the configuration of an aggregate, consider following.

CE-7 connectivity shows a CE router (CE-7), in AS 64498, that advertises a series of contiguous prefixes via BGP.

  • 10.101.0.0/24 to 10.101.7.0/24

  • 10.102.0.0/24 to 10.102.7.0/24

Figure 3. CE-7 connectivity

Instead of advertising all these prefixes out of the VPRN towards an external CE individually, an aggregate route can be configured that summarizes each set of eight prefixes and a community can be directly associated with each aggregate route.

The configuration for a VPRN on PE-1, including the external BGP configuration is as follows:

# on PE-1:
configure
    service 
        vprn 2 name "VPRN 2" customer 1 create
            autonomous-system 64496
            route-distinguisher 64496:2
            auto-bind-tunnel
                resolution-filter
                    ldp
                exit
                resolution filter
            exit
            vrf-target target:64496:2
            interface "int-PE-1-CE-7_2nd" create
                address 172.16.117.1/30
                sap 1/2/1:2.0 create
                exit
            exit
            bgp
                group "external"
                    peer-as 64498
                    neighbor 172.16.117.2
                    exit
                exit
                no shutdown
            exit
            no shutdown
        exit

The BGP neighbor relationship shows the following:

*A:PE-1# show router 2 bgp neighbor 

===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer                 : 172.16.117.2
Description          : (Not Specified)
Group                : external
-------------------------------------------------------------------------------
Peer AS              : 64498            Peer Port            : 50409
Peer Address         : 172.16.117.2
Local AS             : 64496            Local Port           : 179  
Local Address        : 172.16.117.1
Peer Type            : External         Dynamic Peer         : No
State                : Established      Last State           : Established
Last Event           : recvOpen
Last Error           : Cease (Connection Collision Resolution)
Local Family         : IPv4
Remote Family        : IPv4
Hold Time            : 90               Keep Alive           : 30   
Min Hold Time        : 0                
Active Hold Time     : 90               Active Keep Alive    : 30   
Cluster Id           : None             
Preference           : 170              Num of Update Flaps  : 0    
Input Queue          : 0                Output Queue         : 0    
Input Messages       : 7                Output Messages      : 7    
Input Octets         : 247              Output Octets        : 232
Input Updates        : 1                Output Updates       : 1    
Input RtRefresh      : 0                Output RtRefresh     : 0    
TTL Security         : Disabled         Min TTL Value        : n/a
Graceful Restart     : Disabled         Stale Routes Time    : n/a
Restart Time         : n/a              
Long-Lived GR        : Disabled         
Advertise Inactive   : Disabled         Peer Tracking        : Disabled
Auth key chain       : n/a
Disable Cap Nego     : Disabled         Bfd Enabled          : Disabled
Default Route Tgt    : Disabled         
Aigp Metric          : Disabled         Split Horizon        : Disabled
Damp Peer Oscillatio*: Disabled         Update Errors        : 0    
GR Notification      : Disabled         Fault Tolerance      : Disabled
Rem Idle Hold Time   : 00h00m00s        
Next-Hop Unchanged   : None             
sel-lbl-ipv4-install : Disabled         
Local Capability     : RtRefresh MPBGP 4byte ASN 
Remote Capability    : RtRefresh MPBGP 4byte ASN 
Routes Resolve To St*: Disabled         
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
                     : Receive - None
Import Policy        : None Specified - Default Accept
Export Policy        : None Specified - Default Accept
---snip---

-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.

The following output shows the 16 received BGP routes on PE-1:

*A:PE-1# show router 2 bgp routes 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64496       Local AS:64496      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  10.101.0.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.1.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.2.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.3.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.4.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.5.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.6.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.101.7.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.0.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.1.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.2.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.3.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.4.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.5.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.6.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
u*>i  10.102.7.0/24                                      None        None
      172.16.117.2                                       None        0
      64498                                                          -
-------------------------------------------------------------------------------
Routes : 16
===============================================================================

PE-4 also has a VPRN 2 instance configured, so that it will receive the imported BGP routes. The service configuration for PE-4 is as follows:

# on PE-4:
configure 
    service
        vprn 2 name "VPRN 2" customer 1 create
            autonomous-system 64496
            route-distinguisher 64496:2
            auto-bind-tunnel
                resolution-filter
                    ldp
                exit
                resolution filter
            exit
            vrf-target target:64496:2
            interface "int-PE-4-CE-6_2nd" create
                address 172.16.146.1/30
                sap 1/2/1:2 create
                exit
            exit
            bgp
                group "VPRN2-external"
                    peer-as 64497
                    neighbor 172.16.146.2
                    exit
                exit
                no shutdown
            exit
            no shutdown
        exit

CE-6 connectivity shows the connectivity between PE-4 and CE-6. PE-4 will only forward a summarizing aggregate route toward CE-6.

Figure 4. CE-6 connectivity

PE-4 receives labeled BGP route prefixes from PE-1 via the route reflector and installs them in the FIB for router instance 2, as follows:

*A:PE-4# show router 2 route-table 

===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.101.0.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.1.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.2.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.3.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.4.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.5.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.6.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.101.7.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.0.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.1.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.2.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.3.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.4.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.5.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.6.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
10.102.7.0/24                                 Remote  BGP VPN   00h01m07s  170
       192.0.2.1 (tunneled)                                         0
172.16.117.0/30                               Remote  BGP VPN   00h02m41s  170
       192.0.2.1 (tunneled)                                         0
172.16.146.0/30                               Local   Local     00h02m42s  0
       int-PE-4-CE-6_2nd                                            0
-------------------------------------------------------------------------------
No. of Routes: 18
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

On CE-6, an additional interface is configured toward PE-4, as follows:

# on CE-6:
configure 
    service
        ies 2 name "IES 2" customer 1 create
            interface "int-CE-6-PE-4_2nd" create
                address 172.16.146.2/30
                sap 1/1/1:2 create
                exit
            exit
            no shutdown

The BGP configuration of CE-6 is as follows:

# on CE-6:
configure
    router
        bgp
            group "external-toVPRN2onPE-4"
                peer-as 64496
                neighbor 172.16.146.1 
                exit
            exit
            no shutdown

The BGP neighbor state for PE-4 is as follows:

*A:PE-4# show router 2 bgp neighbor 172.16.146.2 

===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer                 : 172.16.146.2
Description          : (Not Specified)
Group                : VPRN2-external
-------------------------------------------------------------------------------
Peer AS              : 64497            Peer Port            : 49549
Peer Address         : 172.16.146.2
Local AS             : 64496            Local Port           : 179  
Local Address        : 172.16.146.1
Peer Type            : External         Dynamic Peer         : No
State                : Established      Last State           : Established
Last Event           : recvOpen
Last Error           : Cease (Connection Collision Resolution)
Local Family         : IPv4
Remote Family        : IPv4
Hold Time            : 90               Keep Alive           : 30   
Min Hold Time        : 0                
Active Hold Time     : 90               Active Keep Alive    : 30   
Cluster Id           : None             
Preference           : 170              Num of Update Flaps  : 0    
Input Queue          : 0                Output Queue         : 0    
Input Messages       : 25               Output Messages      : 20   
Input Octets         : 750              Output Octets        : 387
Input Updates        : 5                Output Updates       : 0    
Input RtRefresh      : 0                Output RtRefresh     : 0    
TTL Security         : Disabled         Min TTL Value        : n/a
Graceful Restart     : Disabled         Stale Routes Time    : n/a
Restart Time         : n/a              
Long-Lived GR        : Disabled         
Advertise Inactive   : Disabled         Peer Tracking        : Disabled
Auth key chain       : n/a
Disable Cap Nego     : Disabled         Bfd Enabled          : Disabled
Default Route Tgt    : Disabled         
Aigp Metric          : Disabled         Split Horizon        : Disabled
Damp Peer Oscillatio*: Disabled         Update Errors        : 0    
GR Notification      : Disabled         Fault Tolerance      : Disabled
Rem Idle Hold Time   : 00h00m00s        
Next-Hop Unchanged   : None             
sel-lbl-ipv4-install : Disabled         
Local Capability     : RtRefresh MPBGP 4byte ASN 
Remote Capability    : RtRefresh MPBGP 4byte ASN 
Routes Resolve To St*: Disabled         
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
                     : Receive - None
Import Policy        : None Specified - Default Accept
Export Policy        : None Specified - Default Accept
---snip---

-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.

In order to advertise a summarizing aggregate route with an associated community string, an aggregate route is required. In this case, the 10.101.x.0/24 group of prefixes will be associated with community 64496:101. The 10.102.x.0/24 group of prefixes will be associated with the standard community no-export, so that it will not be advertised to any external peer. These aggregate routes are configured in VPRN 2 on PE-4, as follows:

# on PE-4:
configure
    service
        vprn 2
            aggregate 10.101.0.0/21 community 64496:101
            aggregate 10.102.0.0/21 community no-export
        exit

The following export policy is required on PE-4 to allow the advertising of the aggregate route. No community is applied using this policy.

# on PE-4:
configure
    router
        policy-options
            begin
            policy-statement "PE-4-VPN-Agg"
                entry 10
                    from
                        protocol aggregate
                    exit
                    action accept
                    exit
                exit
            commit

This is applied as an export policy within the group context of the BGP configuration of the VPRN, as follows:

# on PE-4:
configure
    service
        vprn 2
            bgp
                group "VPRN2-external"
                    export "PE-4-VPN-Agg"
                exit

The aggregate route 10.101.0.0/21 is received at CE-6 via BGP. The community that was associated with this prefix is seen: 64496:101. The route is seen as an aggregate, with PE-4 as the aggregating router (192.0.2.4). The ‟Atomic Aggregate” attribute is present, meaning that PE-4 has not advertised any details of the AS paths of the composite routes.

*A:CE-6# show router bgp routes 10.101.0.0/21 hunt 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : 10.101.0.0/21
Nexthop        : 172.16.146.1
Path Id        : None                   
From           : 172.16.146.1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.16.146.1
Local Pref.    : None                   Interface Name : int-CE-6-PE-4_2nd
Aggregator AS  : 64496                  Aggregator     : 192.0.2.4
Atomic Aggr.   : Atomic                 MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : 64496:101
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.4
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  
Route Source   : External
AS-Path        : 64496 
Route Tag      : 0                      
Neighbor-AS    : 64496
Orig Validation: NotFound               
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default                
Last Modified  : 00h02m07s              
---snip---

The aggregate route 10.102.0.0/21 is not received at CE-6, because PE-4 does not advertise it, due to the fact that it is associated with the ‟no-export” community.

*A:CE-6# show router bgp routes 10.102.0.0/21 hunt 
===============================================================================
 BGP Router ID:192.0.2.6        AS:64497       Local AS:64497      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================

Conclusion

Community strings can be added to static and aggregate routes. This example shows the configuration of communities with both static and aggregate routes, together with the associated show outputs which can be used to verify and troubleshoot them.