BGP Communities

-

 

Community Meaning
no-export (65535:65281) Don’t advertise this route to eBGP peers (stay within AS).
no-advertise (65535:65282) Don’t advertise this route to any BGP peers.
local-AS (65535:65283) Don’t advertise outside of local confederation.
internet (0:0) Advertise to everyone (default).


🧩 The Topology Recap

            +--------+
            | ISP-A  |  AS 65001
            +--------+
                |
                |  (Link 1)
            +----------+
            | You (AS 65010) |
            +----------+
                |
                |  (Link 2)
            +--------+
            | ISP-B  |  AS 65002
            +--------+

Your enterprise AS 65010 is dual-homed to two ISPs (A and B).

You want:

  • ISP-A → Primary

  • ISP-B → Backup

🧠 BGP Config Breakdown

1️⃣ BGP neighbor configuration

router bgp 65010
 neighbor 192.0.2.1 remote-as 65001   ! ISP-A
 neighbor 192.0.2.1 send-community
 neighbor 192.0.2.2 remote-as 65002   ! ISP-B
 neighbor 192.0.2.2 send-community

  • You are establishing eBGP sessions with both ISPs.

  • send-community is crucial — it ensures the community attributes you set are actually sent to each ISP.

2️⃣ Route-maps definition

route-map TO_ISPA permit 10
 set community 65001:100 additive

route-map TO_ISPB permit 10
 set community 65002:200 additive

  • TO_ISPA → tags routes with community 65001:100

    • Meaning: “Tell ISP-A this is my preferred path.”

  • TO_ISPB → tags routes with community 65002:200

    • Meaning: “Tell ISP-B this is my backup path.”

3️⃣ Applying route-maps to the correct neighbors

You must attach the correct route-map to the correct neighbor:

router bgp 65010
 neighbor 192.0.2.1 route-map TO_ISPA out
 neighbor 192.0.2.2 route-map TO_ISPB out

That line tells BGP:

When advertising routes outbound to ISP-A, apply TO_ISPA.
When advertising routes outbound to ISP-B, apply TO_ISPB.

Summary Table

ISPNeighbor IPRoute-map appliedDirectionEffect
ISP-A (Primary)192.0.2.1TO_ISPAoutboundTags routes with 65001:100 (preferred)
ISP-B (Backup)192.0.2.2TO_ISPBoutboundTags routes with 65002:200 (less preferred)

4️⃣ Why "out" direction?

Because:

  • You are sending your prefixes to the ISPs.

  • Communities are attached to outbound advertisements.

  • Each ISP reads your community and applies their inbound policy (their side).

So the logic is:

You control inbound traffic (to you) by tagging outbound advertisements (from you).

5️⃣ What the ISPs do with those tags

Each ISP has its own internal policy, for example:

  • ISP-A:

    ip community-list 100 permit 65001:100
route-map FROM_CUSTOMER permit 10
 match community 100
 set local-preference 200

    → Gives higher preference → Primary path.

  • ISP-B:

    ip community-list 200 permit 65002:200
route-map FROM_CUSTOMER permit 10
 match community 200
 set local-preference 80

    → Lower preference → Backup path.

In short:

TO_ISPA → applied to neighbor ISP-A (192.0.2.1)
TO_ISPB → applied to neighbor ISP-B (192.0.2.2)
Both are applied in the out direction, tagging routes you advertise.
The ISPs then interpret those tags to adjust their inbound preference for your routes.


Comments

Post a Comment

Popular posts from this blog

gNMI_with_grafana on containerlabs

-
Image
  root@digi-oss:/home/labadmin/mohan/2jan26_grafana# cat sr_lab.clab.yml name: sr_lab topology:   nodes:     sr1 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr1.cfg}     sr2 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr2.cfg}     # gNMIc Collector     gnmic:       kind: linux       image: ghcr.io/openconfig/gnmic:latest       binds: [gnmic-config.yml:/app/gnmic-config.yml:ro]       cmd: "--config /app/gnmic-config.yml subscribe"     # Prometheus TSDB     prometheus:       kind: linux       image: prom/prometheus:latest       binds: [prometheus.yml:/etc/prometheus/prometheus.yml:ro]       ports: ["9090:9090"]     # Grafana Visualization     grafana:       kind: linux       image: grafa...
Read more

EVPN Route type-1 & type-4 in action

-
Image
 Route Type 1: Ethernet Auto-Discovery (A-D) A Type 1 route is advertised by a PE router on a per-Ethernet Segment Identifier (ESI) basis. It is triggered by the presence of a multihomed connection.  Purpose of Type 1 routes Aliasing:  In an all-active multihoming setup, a Type 1 route informs remote PE routers that an Ethernet segment is reachable via multiple PEs. This allows for load-balancing traffic to the same customer device over multiple paths. Fast convergence (Mass MAC Withdrawal):  If a local link to a multihomed customer device fails, the PE sends a withdrawal message for the Type 1 route. Remote PEs can then withdraw all MAC addresses associated with that Ethernet segment, instead of waiting for individual MAC withdrawals, which speeds up convergence. Split-horizon filtering:   The route carries an ESI label to prevent traffic loops in all-active mode. A PE router won't forward broadcast, unknown unicast, and multicast (BUM) traffic back to its sour...
Read more

Network Automation with ROBOT Framework

-
Image
  Folder-structure Scripts testcase_with_keywordsLibrary.robot *** Settings *** Documentation    Test Case With Keyword Resource         Resources/Keywords/common.robot Resource          Resources/Keywords/vxlanInstance.robot Test Setup        Open Connection Test Teardown    Close Connection *** Test Cases *** [Documentation] Step 1: Verify VXLAN Interface Status     VXLAN Interface Status [Documentation] Step 2: Verify VXLAN VNI to VLAN Mapping     VXLAN VNI to VLAN Mapping Resources/Keywords/common.robot *** Settings *** Documentation    Common Keyword Library Library          ../../Libraries/commonLib.py Variables        ../Variables/veosLeaf01.yaml *** Variables *** ${devType}         ${virtualBox}[vmType] ${ipAddr}          ${virtualBox}[vmManagement][hostIp] ${po...
Read more