Associating Communities with Static and Aggregate Routes
This chapter provides information about associating communities with static and aggregate routes configurations.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 11.0.R3, but the CLI in this edition corresponds to SR OS Release 20.7.R2. There are no prerequisites for this configuration.
Introduction
Border gateway protocol (BGP) communities are optional, transitive attributes attached to BGP route prefixes to carry additional information about that route prefix. A number of route prefixes can have the same community attached such that it can be matched by a route policy. As a result, the presence of a community value can be used to influence and control route policies.
A BGP community is a 32-bit value that is written as two 16-bit numbers separated by a colon. The first number usually represents the autonomous system (AS) number that defines or originates the community while the second is set by the network administrator.
Knowledge of RFC 4271, BGP-4, and RFC 1997, BGP Communities Attribute, is assumed throughout this document, as well as knowledge of multi-protocol BGP (MP-BGP) and RFC 4364, BGP/MPLS IP VPNs.
Overview
Example topology shows the example topology with 7750 Server Router nodes. PE-1 to PE-4 and the Route Reflector (RR-5) are located in the same Autonomous System (AS): AS 64496. CE-6 is in a separate AS 64497 and peers using eBGP with its directly connected neighbor, PE-4.
The objectives are:
To configure static routes in a VPRN in PE-1 with various community values—including well-known communities—export them to other PEs within the same AS, and then via eBGP to CE-6. During this process, the community values for each route will be examined to ensure that the transitive nature of the attribute is maintained.
To associate a community with an aggregate route that represents a larger number of composite prefixes. The aggregate will be advertised in place of the composite prefixes.
The following configuration tasks should be completed as a prerequisite:
Full mesh IS-IS or OSPF between all of the PE routers and the RR.
iBGP between the RR and all PEs.
eBGP between PE-4 and CE-6.
Link-layer LDP between each PE.
Associating communities with static and aggregate routes
It is possible to add a single community value to a static and aggregate route without using a route policy.
The community value can be in the 4-byte format comprising of a 2-byte AS value, followed by a 2-byte decimal value, separated by a colon. It can also be the name of a well-known standard community, such as no-export, no-advertise, no-export-subconfed.
Any community added can be matched using a route policy.
The purpose of this example is to provision static and aggregate IPv4 route prefixes and associate a community with each route. These routes are then redistributed into the BGP protocol and advertised to other BGP speakers.
This is shown for IPv4 routes within a VPRN. Well-known, standard communities will also be configured to show that the correct behavior is observed.
Configuration
The first step is to configure an iBGP session between each of the PEs and the Route Reflector (RR). The address family negotiated between peers is VPN-IPv4.
The following BGP configuration is identical for all PEs:
# on all PEs:
configure
router
autonomous-system 64496
bgp
group "internal"
family vpn-ipv4
peer-as 64496
neighbor 192.0.2.5
exit
exit
The IP addresses can be derived from Example topology.
The BGP configuration for RR-5 is as follows:
# on RR-5:
configure
router
autonomous-system 64496
bgp
cluster 0.0.0.1
group ‟RR-clients"
family vpn-ipv4
peer-as 64496
neighbor 192.0.2.1
exit
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
neighbor 192.0.2.4
exit
exit
The following BGP summary on RR-5 shows that BGP sessions with each PE are established for the VPN-IPv4 address family:
*A:RR-5# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.2
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.3
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
192.0.2.4
Def. Instance 64496 3 0 00h00m11s 0/0/0 (VpnIPv4)
3 0
-------------------------------------------------------------------------------
VPRN: IPv4
CE connections for next-hops shows the Customer Edge (CE) routers connected to PE-1.
The VPRN configuration for PE-1 is as follows:
# on PE-1:
configure
service
vprn 1 name "VPRN 1" customer 1 create
route-distinguisher 64496:1
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
vrf-target target:64496:1
interface "int-PE-1-CE-7" create
address 172.16.17.1/30
sap 1/2/1:1.0 create
exit
exit
interface "loop1" create
address 192.0.2.100/32
loopback
exit
interface "int-PE-1-CE-8" create
unnumbered "loop1"
sap 1/2/2:1.0 create
exit
exit
no shutdown
For unnumbered interfaces, an IP address is borrowed from a loopback interface, see chapter "Unnumbered Interfaces in RSVP-TE and LDP" in 7450 ESS, 7750 SR, and 7950 XRS MPLS Advanced Configuration Guide for Classic CLI.
LDP is used as the label-switching protocol for next-hop resolution.
PE-4 is configured with an interface toward CE-6 that supports eBGP. The following export policy is configured:
# on PE-4:
configure
router
policy-options
begin
policy-statement "BGP-VPN-accept"
entry 10
from
protocol bgp-vpn
exit
action accept
exit
exit
exit
commit
exit
The configuration of the VPRN service on PE-4 is as follows:
# on PE-4:
configure
service
vprn 1 name "VPRN 1" customer 1 create
autonomous-system 64496
route-distinguisher 64496:1
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
vrf-target target:64496:1
interface "int-PE-4-CE-6" create
address 172.16.46.1/30
sap 1/2/1:1 create
exit
exit
bgp
group "VPRN1-external"
export "BGP-VPN-accept"
peer-as 64497
neighbor 172.16.46.2
exit
exit
exit
no shutdown
Static routes with communities
A static route has a number of next-hop options: direct connected IP address, black-hole, indirect IP address, and interface-name.
CE connections for next-hops shows a pair of CE routers connected to PE-1. The link to CE-7 is a numbered link. The link to CE-8 is an unnumbered link. The loopback interface address is used as a reference address for the unnumbered Ethernet interface.
Beyond CE-7 are several /24 subnets. Static routes to these individual subnets are created on PE-1 using a static route with a next-hop type of ‟interface address” or an ‟indirect address”. The indirect address is learned using a static route.
Beyond CE-8 is a single /24 subnet. A static route to this subnet is created with an interface-name as the next-hop.
There are a number of well-known, standard communities:
no-export: the route is not advertised to any external peer. This route should be present in the route tables of all BGP speakers in the originating AS, but not in those in neighboring ASs.
no-advertise: the route is not advertised to any peer. This route should not be present in any router as BGP-learned route.
The requirement for each subnet is:
10.100.100.0/24 must not be advertised outside of the AS. This must be associated with the standard, well-known community no-export. The community value is encoded as 65535:65281 (0xFFFFFF01), but the CLI requires the keyword no-export.
# on PE-1: configure service vprn 1 static-route-entry 10.100.100.0/24 next-hop 172.16.17.2 community no-export no shutdown exit10.100.101.0/24 must be advertised with a community of 64496:101
static-route-entry 10.100.101.0/24 next-hop 172.16.17.2 community 64496:101 no shutdown exit10.100.102.0/24 must not be advertised to any BGP peer. This must be associated with the standard, well-known community no-advertise. The community value is encoded as 65535:65282 (0xFFFFFF02), but the CLI requires the keyword no-advertise.
static-route-entry 10.100.102.0/24 next-hop 172.16.17.2 community no-advertise no shutdown exit10.100.103.0/24 must be advertised with a community of 64496:103 and a route tag of 10.
static-route-entry 10.100.103.0/24 next-hop 172.16.17.2 community 64496:103 tag 10 no shutdown exit exit10.100.104.0/24 must be advertised with a community of 64496:104. It is reachable via 192.0.2.7 which, in turn, is reachable via 172.16.17.2. This is using a static route which does not need to be advertised, therefore, it is associated with the no-advertise community.
static-route-entry 10.100.104.0/24 indirect 192.0.2.7 community 64496:104 no shutdown exit exit static-route-entry 192.0.2.7/32 next-hop 172.16.17.2 community no-advertise no shutdown exit exit10.100.105.0/24 must be advertised with a community of 64496:105. It is reachable via the unnumbered interface to CE-8.
static-route-entry 10.100.105.0/24 next-hop "int-PE-1-CE-8" community 64496:105 no shutdown exit exit
On PE-1, static routes are configured that match the static routes from CE connections for next-hops, and the preceding conditions.
The default behavior of a VPRN is to export all static and connected routes into a BGP labeled route with the appropriate route-target extended community configured in the VRF-target statement. A single community string can be added using the preceding static-route community commands. If multiple communities are required, then a VRF-export policy should be used, but this is outside the scope of this chapter.
The following BGP table on PE-1 shows which VPN-IPv4 routes have been exported correctly to RR-5:
*A:PE-1# show router bgp neighbor 192.0.2.5 advertised-routes vpn-ipv4
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.101.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.103.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.104.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:10.100.105.0/24 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:172.16.17.0/30 100 None
192.0.2.1 None n/a
No As-Path 524283
i 64496:1:192.0.2.100/32 100 None
192.0.2.1 None n/a
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 7
===============================================================================
There are only seven exported routes. The route prefixes associated with the no-advertise community are not present, as expected.
Examining the BGP table of PE-4 shows the presence of the expected routes, with the correct community values.
The prefix 10.100.100.0/24 is a member of community no-export. This is correctly advertised to PE-4, as follows:
*A:PE-4# show router bgp routes 10.100.100.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.100.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : no-export target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h16m07s
VPRN Imported : 1
---snip---
The following command shows all members of the community no-export:
*A:PE-4# show router bgp routes vpn-ipv4 community no-export
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None 10
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Because the community no-export is encoded as community 65535:65281, the same output can be retrieved as follows:
*A:PE-4# show router bgp routes vpn-ipv4 community 65535:65281
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 64496:1:10.100.100.0/24 100 None
192.0.2.1 None 10
No As-Path 524283
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The prefix 10.100.101.0/24 is a member of community 64496:101. This is correctly advertised to PE-4.
*A:PE-4# show router bgp routes 10.100.101.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.101.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:101 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h34m23s
VPRN Imported : 1
---snip---
The prefix 10.100.103.0/24 is a member of community 64496:103. This is correctly advertised to PE-4, as follows:
*A:PE-4# show router bgp routes 10.100.103.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.103.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:103 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h26m24s
VPRN Imported : 1
---snip---
The prefix 10.100.104.0/24 is a member of community 64496:104. This is correctly advertised to PE-4, as follows:
*A:PE-4# show router bgp routes 10.100.104.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.104.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:104 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h20m45s
VPRN Imported : 1
---snip---
The prefix 10.100.105.0/24 is a member of community 64496:105. This is correctly advertised to PE-4.
*A:PE-4# show router bgp routes 10.100.105.0/24 vpn-ipv4 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.100.105.0/24
Nexthop : 192.0.2.1
Route Dist. : 64496:1 VPN Label : 524283
Path Id : None
From : 192.0.2.5
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-4-PE-1
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 64496:105 target:64496:1
Cluster : 0.0.0.1
Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 01h18m11s
VPRN Imported : 1
---snip---
The following route table of VPRN 1 on PE-4 shows that these seven BGP-learned routes are present as valid routes.
*A:PE-4# show router 1 route-table protocol bgp-vpn
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.100.100.0/24 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
10.100.101.0/24 Remote BGP VPN 01h46m55s 170
192.0.2.1 (tunneled) 0
10.100.103.0/24 Remote BGP VPN 01h37m47s 170
192.0.2.1 (tunneled) 0
10.100.104.0/24 Remote BGP VPN 01h30m18s 170
192.0.2.1 (tunneled) 0
10.100.105.0/24 Remote BGP VPN 01h26m58s 170
192.0.2.1 (tunneled) 0
172.16.17.0/30 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
192.0.2.100/32 Remote BGP VPN 01h54m30s 170
192.0.2.1 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following route table on CE-6 shows six valid BGP-learned routes, as expected:
*A:CE-6# show router route-table protocol bgp
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.100.101.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.103.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.104.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
10.100.105.0/24 Remote BGP 00h04m31s 170
172.16.46.1 0
172.16.17.0/30 Remote BGP 00h04m31s 170
172.16.46.1 0
192.0.2.100/32 Remote BGP 00h04m31s 170
172.16.46.1 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The prefix 10.100.100.0/24 is not received from PE-4 because it is a member of the no-export community.
*A:CE-6# show router bgp routes 10.100.100.0/24 detail
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================
Static route 10.100.101.0/24 is received with the correct community 64496:101.
*A:CE-6# show router bgp routes community 64496:101
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.101.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.103.0/24 is received with the correct community 64496:103, as follows:
*A:CE-6# show router bgp routes community 64496:103
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.103.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.104.0/24 is received with the correct community 64496:104, as follows:
*A:CE-6# show router bgp routes community 64496:104
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.104.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Static route 10.100.105.0/24 is received with the correct community 64496:105.
*A:CE-6# show router bgp routes community 64496:105
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.100.105.0/24 None None
172.16.46.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Aggregate routes with communities
An aggregate route can be configured to represent a larger number of prefixes. For example, a set of prefixes 10.101.0.0/24 to 10.101.7.0/24 can be represented as a single aggregate prefix of 10.101.0.0/21.
This is due to the fact that the third octet in the range 0 to 7 can be represented by the 8 bits 00000000 to 00000111. The first 5 bits of this octet are common, along with the previous 2 octets, giving a prefix where the first 21 bits are common. Therefore, the aggregate can be written as 10.101.0.0/21.
In order to illustrate the configuration of an aggregate, consider following.
CE-7 connectivity shows a CE router (CE-7), in AS 64498, that advertises a series of contiguous prefixes via BGP.
10.101.0.0/24 to 10.101.7.0/24
10.102.0.0/24 to 10.102.7.0/24
Instead of advertising all these prefixes out of the VPRN towards an external CE individually, an aggregate route can be configured that summarizes each set of eight prefixes and a community can be directly associated with each aggregate route.
The configuration for a VPRN on PE-1, including the external BGP configuration is as follows:
# on PE-1:
configure
service
vprn 2 name "VPRN 2" customer 1 create
autonomous-system 64496
route-distinguisher 64496:2
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
vrf-target target:64496:2
interface "int-PE-1-CE-7_2nd" create
address 172.16.117.1/30
sap 1/2/1:2.0 create
exit
exit
bgp
group "external"
peer-as 64498
neighbor 172.16.117.2
exit
exit
no shutdown
exit
no shutdown
exit
The BGP neighbor relationship shows the following:
*A:PE-1# show router 2 bgp neighbor
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.117.2
Description : (Not Specified)
Group : external
-------------------------------------------------------------------------------
Peer AS : 64498 Peer Port : 50409
Peer Address : 172.16.117.2
Local AS : 64496 Local Port : 179
Local Address : 172.16.117.1
Peer Type : External Dynamic Peer : No
State : Established Last State : Established
Last Event : recvOpen
Last Error : Cease (Connection Collision Resolution)
Local Family : IPv4
Remote Family : IPv4
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Active Hold Time : 90 Active Keep Alive : 30
Cluster Id : None
Preference : 170 Num of Update Flaps : 0
Input Queue : 0 Output Queue : 0
Input Messages : 7 Output Messages : 7
Input Octets : 247 Output Octets : 232
Input Updates : 1 Output Updates : 1
Input RtRefresh : 0 Output RtRefresh : 0
TTL Security : Disabled Min TTL Value : n/a
Graceful Restart : Disabled Stale Routes Time : n/a
Restart Time : n/a
Long-Lived GR : Disabled
Advertise Inactive : Disabled Peer Tracking : Disabled
Auth key chain : n/a
Disable Cap Nego : Disabled Bfd Enabled : Disabled
Default Route Tgt : Disabled
Aigp Metric : Disabled Split Horizon : Disabled
Damp Peer Oscillatio*: Disabled Update Errors : 0
GR Notification : Disabled Fault Tolerance : Disabled
Rem Idle Hold Time : 00h00m00s
Next-Hop Unchanged : None
sel-lbl-ipv4-install : Disabled
Local Capability : RtRefresh MPBGP 4byte ASN
Remote Capability : RtRefresh MPBGP 4byte ASN
Routes Resolve To St*: Disabled
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
: Receive - None
Import Policy : None Specified - Default Accept
Export Policy : None Specified - Default Accept
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
The following output shows the 16 received BGP routes on PE-1:
*A:PE-1# show router 2 bgp routes
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.101.0.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.1.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.2.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.3.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.4.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.5.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.6.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.101.7.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.0.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.1.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.2.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.3.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.4.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.5.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.6.0/24 None None
172.16.117.2 None 0
64498 -
u*>i 10.102.7.0/24 None None
172.16.117.2 None 0
64498 -
-------------------------------------------------------------------------------
Routes : 16
===============================================================================
PE-4 also has a VPRN 2 instance configured, so that it will receive the imported BGP routes. The service configuration for PE-4 is as follows:
# on PE-4:
configure
service
vprn 2 name "VPRN 2" customer 1 create
autonomous-system 64496
route-distinguisher 64496:2
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
vrf-target target:64496:2
interface "int-PE-4-CE-6_2nd" create
address 172.16.146.1/30
sap 1/2/1:2 create
exit
exit
bgp
group "VPRN2-external"
peer-as 64497
neighbor 172.16.146.2
exit
exit
no shutdown
exit
no shutdown
exit
CE-6 connectivity shows the connectivity between PE-4 and CE-6. PE-4 will only forward a summarizing aggregate route toward CE-6.
PE-4 receives labeled BGP route prefixes from PE-1 via the route reflector and installs them in the FIB for router instance 2, as follows:
*A:PE-4# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.101.0.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.1.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.2.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.3.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.4.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.5.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.6.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.101.7.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.0.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.1.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.2.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.3.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.4.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.5.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.6.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
10.102.7.0/24 Remote BGP VPN 00h01m07s 170
192.0.2.1 (tunneled) 0
172.16.117.0/30 Remote BGP VPN 00h02m41s 170
192.0.2.1 (tunneled) 0
172.16.146.0/30 Local Local 00h02m42s 0
int-PE-4-CE-6_2nd 0
-------------------------------------------------------------------------------
No. of Routes: 18
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On CE-6, an additional interface is configured toward PE-4, as follows:
# on CE-6:
configure
service
ies 2 name "IES 2" customer 1 create
interface "int-CE-6-PE-4_2nd" create
address 172.16.146.2/30
sap 1/1/1:2 create
exit
exit
no shutdown
The BGP configuration of CE-6 is as follows:
# on CE-6:
configure
router
bgp
group "external-toVPRN2onPE-4"
peer-as 64496
neighbor 172.16.146.1
exit
exit
no shutdown
The BGP neighbor state for PE-4 is as follows:
*A:PE-4# show router 2 bgp neighbor 172.16.146.2
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 172.16.146.2
Description : (Not Specified)
Group : VPRN2-external
-------------------------------------------------------------------------------
Peer AS : 64497 Peer Port : 49549
Peer Address : 172.16.146.2
Local AS : 64496 Local Port : 179
Local Address : 172.16.146.1
Peer Type : External Dynamic Peer : No
State : Established Last State : Established
Last Event : recvOpen
Last Error : Cease (Connection Collision Resolution)
Local Family : IPv4
Remote Family : IPv4
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Active Hold Time : 90 Active Keep Alive : 30
Cluster Id : None
Preference : 170 Num of Update Flaps : 0
Input Queue : 0 Output Queue : 0
Input Messages : 25 Output Messages : 20
Input Octets : 750 Output Octets : 387
Input Updates : 5 Output Updates : 0
Input RtRefresh : 0 Output RtRefresh : 0
TTL Security : Disabled Min TTL Value : n/a
Graceful Restart : Disabled Stale Routes Time : n/a
Restart Time : n/a
Long-Lived GR : Disabled
Advertise Inactive : Disabled Peer Tracking : Disabled
Auth key chain : n/a
Disable Cap Nego : Disabled Bfd Enabled : Disabled
Default Route Tgt : Disabled
Aigp Metric : Disabled Split Horizon : Disabled
Damp Peer Oscillatio*: Disabled Update Errors : 0
GR Notification : Disabled Fault Tolerance : Disabled
Rem Idle Hold Time : 00h00m00s
Next-Hop Unchanged : None
sel-lbl-ipv4-install : Disabled
Local Capability : RtRefresh MPBGP 4byte ASN
Remote Capability : RtRefresh MPBGP 4byte ASN
Routes Resolve To St*: Disabled
Local AddPath Capabi*: Disabled
Remote AddPath Capab*: Send - None
: Receive - None
Import Policy : None Specified - Default Accept
Export Policy : None Specified - Default Accept
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
In order to advertise a summarizing aggregate route with an associated community string, an aggregate route is required. In this case, the 10.101.x.0/24 group of prefixes will be associated with community 64496:101. The 10.102.x.0/24 group of prefixes will be associated with the standard community no-export, so that it will not be advertised to any external peer. These aggregate routes are configured in VPRN 2 on PE-4, as follows:
# on PE-4:
configure
service
vprn 2
aggregate 10.101.0.0/21 community 64496:101
aggregate 10.102.0.0/21 community no-export
exit
The following export policy is required on PE-4 to allow the advertising of the aggregate route. No community is applied using this policy.
# on PE-4:
configure
router
policy-options
begin
policy-statement "PE-4-VPN-Agg"
entry 10
from
protocol aggregate
exit
action accept
exit
exit
commit
This is applied as an export policy within the group context of the BGP configuration of the VPRN, as follows:
# on PE-4:
configure
service
vprn 2
bgp
group "VPRN2-external"
export "PE-4-VPN-Agg"
exit
The aggregate route 10.101.0.0/21 is received at CE-6 via BGP. The community that was associated with this prefix is seen: 64496:101. The route is seen as an aggregate, with PE-4 as the aggregating router (192.0.2.4). The ‟Atomic Aggregate” attribute is present, meaning that PE-4 has not advertised any details of the AS paths of the composite routes.
*A:CE-6# show router bgp routes 10.101.0.0/21 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.101.0.0/21
Nexthop : 172.16.146.1
Path Id : None
From : 172.16.146.1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.146.1
Local Pref. : None Interface Name : int-CE-6-PE-4_2nd
Aggregator AS : 64496 Aggregator : 192.0.2.4
Atomic Aggr. : Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : 64496:101
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : External
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m07s
---snip---
The aggregate route 10.102.0.0/21 is not received at CE-6, because PE-4 does not advertise it, due to the fact that it is associated with the ‟no-export” community.
*A:CE-6# show router bgp routes 10.102.0.0/21 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
No Matching Entries Found
===============================================================================
Conclusion
Community strings can be added to static and aggregate routes. This example shows the configuration of communities with both static and aggregate routes, together with the associated show outputs which can be used to verify and troubleshoot them.