Communities BCP [was: RE: BGP Path Filtering]

Fri May 16 21:45:11 UTC 2003

On the subject of communities, these are some I have seen regularly implemented for controlling routes advertised to peers.  (code snippet follows)

Where xxxx is the peer ASN:
xxxx:80 Set LocalPref to 80
xxxx:90 Set LocalPref to 80
xxxx:100 Set LocalPref to 80
xxxx:110 Set LocalPref to 80

xxxx:1 Prepend xxxx 1 time in the AS Path
xxxx:2 Prepend xxxx 2 times in the AS Path
xxxx:3 Prepend xxxx 3 times in the AS Path

xxxx:no-export Well known community that requests the advertisement not leave the AS.

xxxx:666  BlackHole.  I've implemented this community for clueful downstream peers that suffered frequent DOS attacks.    They advertise a single or small block of their IPs to me and I will blackhole traffic destined for their IP.  I've considered echoing this advertisement up to my upstreams (if they support it), but have not done so.

The config bits that follow are from memory, so no guarantees of syntax accuracy.  If anyone knows how I can have an Item matched multiple times in the route-map I would appreciate a reply.  I.e. if a customer wanted to send xxxx:100 and xxxx:1, currently I would match on the xxxx:1 and the localpref change would not be applied.  Thanks in advance to whoever comes up with this gem.

Code Snippet:

(Again, this may not be 100% correct on syntax, I'm doing it from memory.)

Prefix-list customerxyz-in permit 200.200.0.0/16 le 24
Prefix-list customerxyz-bh-in permit 200.200.0.0/16 le 32

ip community-list 66 permit xxxx:666
ip community-list 10 permit xxxx:1
ip community-list 11 permit xxxx:2
ip community-list 12 permit xxxx:3
ip community-list 13 permit xxxx:80
ip community-list 14 permit xxxx:90
ip community-list 15 permit xxxx:100
ip community-list 16 permit xxxx:110

route-map customerxyz-in permit 10
 match community 66
 match ip address prefix-list customerxyz-bh-in (this uses the ...-bh-in list allowing prefix lengths up to /32)
 set community no-export additive
 set next-hop null0

route-map customerxyz-in permit 20
 match community 10
 match ip address prefix-list customerxyz-in (this uses the regular customer prefix list allowing lengths up to /24)
 set as-path prepend xxxx
... 30 and 40 similar, for community lists 11 and 12

route-map customerxyz-in permit 50
 match community 13
 match ip address prefix-list customerxyz-in
 set localpref 80
... 60,70,80, and 90 similar, for community lists 14-17

Ejay Hire
ISDN-NET Network Engineer

-----Original Message-----
From: Jay Ford [mailto:jay-ford at uiowa.edu]
Sent: Friday, May 16, 2003 2:27 PM
To: Joe Abley
Cc: deepak at ai.net; Mark Radabaugh; nanog at merit.edu
Subject: Re: Communities BCP [was: RE: BGP Path Filtering]

On Fri, 16 May 2003, Joe Abley wrote:
> Examples of characteristics I have seen in the wild are:
>
>   + I was learnt from a peer
>   + I was learnt from a transit provider
>   + I was learnt from a customer
>   + I was learnt over an exchange point
>   + I was learnt over a private peering connection
>
> These are all markers to be used in setting internal policy, so the
> choice of numbers really doesn't matter. You can add or remove
> characteristics from your list when necessary without having to
> renumber anything. You can (and probably should) strip all these
> attributes before sending routes to EBGP peers, so nobody else has to
> see them.

You can & definitely should strip those community values on announcements you
receive from EBGP peers.  Interesting things happen if you let others turn
your routing policy knobs when you think they can't reach them.

________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951