A study on community-triggered updates in BGP

Tue Oct 20 11:48:37 UTC 2020

Hi Jakob.

The simple configuration below allows communities to be forwarded
(send-community-ebgp), but are cleaned at egress (using route-policy and
community-set).

In the experiment, the router receives announcements with altering
community attributes only, from the internal peer. After the filter is
applied, the router sends duplicates to the external peer.

Also, In a slightly different setup, the router sends duplicates due to
changes in the next-hop only.

best regards
Thomas

---

RP/0/0/CPU0:ios(config)#show running-config
Tue Oct 20 02:56:24.230 UTC
Building configuration...
!! IOS XR Configuration 6.0.1
!! Last configuration change at Tue Oct 20 02:56:02 2020 by cisco
!
interface MgmtEth0/0/CPU0/0
 shutdown
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.12.0.2 255.255.255.252
!
interface GigabitEthernet0/0/0/1
 ipv4 address 10.20.0.1 255.255.255.252
!
community-set all
  *:*
end-set
!
route-policy nofilter
  pass
end-policy
!
route-policy egressfilter
  delete community in all
  pass
end-policy
!
router bgp 65002
 bgp router-id 10.12.0.2
 address-family ipv4 unicast
!
 neighbor 10.12.0.1
  remote-as 65001
  address-family ipv4 unicast
   send-community-ebgp
   route-policy egressfilter out
!
 neighbor 10.20.0.2
  remote-as 65002
  address-family ipv4 unicast
!
end

On 10/17/20 3:59 PM, Jakob Heitz (jheitz) via NANOG wrote:
> IOS-XR has duplicate update suppression logic for EBGP sessions,
> not for IBGP sessions.
>
> If you are using EBGP and seeing a fault in the duplicate update
> suppression logic in IOS-XR, please let me know configs and details
> of the experiment.
>
> Regards,
> Jakob.
>
> -----Original Message-----
> Date: Thu, 15 Oct 2020 18:35:58 -0700
> From: Thomas Krenc <tkrenc at nps.edu>
>
> Dear NANOG,
>
> As a team of researchers from NPS and TU Berlin, we are investigating
> the impact of BGP community attributes on the update behavior between ASes.
>
> We find that when a route is associated with multiple distinct community
> attributes it does not only lead to multiple announcement at the tagging
> AS, but also at neighboring ASes, if communities are not filtered
> properly. This behavior is wide-spread.
>
> In order to better understand our observations, we have performed a
> series of laboratory experiments using Cisco IOS, Junos OS, as well as
> the BIRD daemon.
>
> We find that - by default - all tested routers generate announcements
> with changing community attributes, even when other attributes do not
> change. In addition, when communities are filtered at egress, Cisco und
> BIRD send duplicate announcements (Juniper does not).
>
> Since our findings are limited to observations in public data as well as
> few router implementations, we would like to share our research and
> kindly ask you to have a look at:
>
> ??? https://www.cmand.org/communityexploration/
>
> There, we provide some resources documenting our research, as well as
> open questions. We greatly appreciate any feedback and insights you can
> offer. Also, please don't hesitate to contact us directly:
>
> ??? communityexploration AT cmand DOT org
>
> best regards
>
> Thomas Krenc
> Postdoctoral Researcher
> Naval Postgraduate School