BGP communities can be a powerful, but almost mystical thing. If you aren’t familiar with communities start here at Wikipedia. For the purpose of part one of this article we will talk about communities and how they can be utilized for traffic coming into your network. Part two of this article will talk about applying what you have classified to your peers.
So let’s jump into it. Let’s start with XYZ ISP. They have the following BGP peers:
-Peer one is Typhoon Electric. XYZ ISP buys an internet connection from Typhoon.
-Peer two is Basement3. XYZ ISP also buy an internet connection from Basement3
-Peer three is Mauler Automotive. XYZ ISP sells internet to Mauler Automotive.
-Peer four is HopOffACloud web hosting. XYZ ISP and HopOffACloud are in the data center and have determined they exchange enough traffic amongst their ASN’s to justify a dedicated connection between them.
-Peer five is the local Internet exchange (IX) in the data center.
So now that we know who our peers are, we need to assign some communities and classify who goes in what community. The Thing to keep in mind here, is communities are something you come up with. There are common numbers people use for communities, but there is no rule on what you have to number your communities as. So before we proceed we will need to also know what our own ASN is. For XYZ we will say they were assigned AS64512. For those of you who are familiar with BGP, you will see this is a private ASN. I just used this to lessen any confusion. If you are following along at home replace 65412 with your own ASN.
So we will create four communities .
64512:100 = transit
64512:200 = peers
64512:300 = customers
64512:400 = my routes
Where did we create these? For now on paper.
So let’s break down each of these and how they apply to XYZ network. If you need some help with the terminology see this previous post.
64512:100 – Transit
Transit will apply to Typhoon Electric and Basement3. These are companies you are buying internet transit from.
64512:200 – Peers
Peers apply to HopOffACloud and the IX. These are folks you are just exchanging your own and your customer’s routes with.
64512:300 – Customers
This applies to Mauler Automotive. This is a customer buying Internet from you. They transit your network to get to the Internet.
64512:200 – Local
This applies to your own prefixes. These are routes within your own network or this particular ASN.
Our next step is to take the incoming traffic and classify into one of these communities. Once we have it classified we can do stuff with it.
If we wanted to classify the Typhoon Electric traffic we would do the following in Mikrotik land:
add action=passthrough chain=TYPHOON-IN prefix=0.0.0.0/0 prefix-length=0-32 set-bgp-communities=64512:100 comment="Tag incoming prefixes with :100"
This would go at the top of your filter chain for the Typhoon Electric peer. This simply applies 64512:100 to the prefixes learned from Typhoon.
In Cisco Land our configuration would look like this:
route-map Typhoon-in permit 20
match ip address 102
set community 64512:100
The above Cisco configuration creates a route map, matches a pre-existing access list named 102, and applies community 64512:100 to prefixes learned.
For Juniper you can add the following command to an incoming peer in policy-options:
set community Typhoon-in members 64512:100
Similar to the others you are applying this community to a policy.
So what have we done so far, we have taken the received prefixes from Typhoon Electric and applied community 64512:100 to it. This simply puts a classifier on all traffic from that peer. We could modify the above example to classify traffic from our other peers based upon what community we want them tagged as.
In our next segment we will learn what we can do with these communities.