Unique BGP Regular Communities
Richard A Steenbergen
ras at e-gerbil.net
Fri Aug 11 04:44:13 UTC 2006
On Fri, Aug 11, 2006 at 04:03:57AM +0000, John Smith wrote:
>
> Hi,
>
> When the providers choose communities do they follow the syntax
> AS_NUM:X, where X is some number to ensure uniqueness of their
> particular community? The reason i ask this is because if operators are
> doing this then they need not worry that the community being used by
> them would not be used by anybody anywhere in the world.
>
> I am wondering if it can _ever_ happen that i get to recieve a BGP
> UPDATE carrying a community number that i use inside my AS?
>
> Is this possible? And if Yes, then what scenario?
Communities can be used in any damned way you feel like, they're just
numbers that people add to routes to convey extra information, and they
can be squashed or added, and propagated or not proagated between
networks, as any particular network sees fit.
Some people are partial to only using their own ASN in the first half (and
thus arbitrary codes in the second half), but personally I'm not. For
example, if I was AS1234 and I wanted my customers to be able to tell me
to preend once to my peer AS5678, I would rather they be able to send
5678:1 rather than have to know to look up my communities reference
webpage and find an arbitrary mapping like 1234:65123 for the behavior
they want.
Why? Two reasons. First, there is a logical difference between communities
you accept (to "do" some specific action), and communities you advertise
(to inform others about the routes in some way). It probably isn't
terribly neighborly of you to send routes to AS5678 using 5678:xxxx
because you felt like it (though if they have any common sense whatsoever
they're filtering their own reserved community space on the routes they
receive from you), but it may make perfect sense for you to pass on some
information about the route (such as geographic area you learned it from,
the type of relationship (customer, peer, transit), etc) using 1234:xxxx
space. I'm a fan of making this information available to everyone on the
Internet who wants it (since you never know, it may come in handy to some
network you've never heard of 7 hops away from you), and if they don't
they're welcome to filter it. For routes you are receiving, it is
generally harmless to step on other peoples 5678:xxxx space, take whatever
action you're going to take, and then delete those communities at export
time.
Second, I'm still waiting for a widely available policy "language" which
lets you do useful things, such as reference variables which change at run
time depending upon the session they're applied again. Picture a policy
language where you can say "match $remoteasn:1" to do a specific prepend
to a specific neighbor, without needing to write a specific policy for
that neighbor beforehand. Once vendors get their acts together and
implement this (so far the only one I know of to do it is Cisco under IOS
XR), using powerful and complex policies to manage your network will be
much, much easier.
But the short answer to your cryptic question is "yes anyone can send you
anything at any time, and if you don't want them to do so, filter
appropriately on your border".
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the NANOG
mailing list