Understanding How to Define BGP Communities and Extended Communities
To use a BGP community or extended community as a routing policy match condition, you define the community as described in the following sections:
Defining BGP Communities for Use in Routing Policy Match Conditions
To create a named BGP community and define the community members, include the community statement:
[edit policy-options] community name { invert-match; members [ community-ids ]; }
name identifies the community. It can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in quotation marks (“ ”).
community-ids identifies one or more members of the community. Each community ID consists of two components, which you specify in the following format:
as-number:community-value;
as-number—AS number of the community member. It can be a value from 0 through 65,535. You can use the following notation in specifying the AS number:
String of digits.
Asterisk (*)—A wildcard character that matches all AS numbers. (In the definition of the community attribute, the asterisk also functions as described in Table 1.)
Period (.)—A wildcard character that matches any single digit in an AS number.
Group of AS numbers—A single AS number or a group of AS numbers enclosed in parentheses. Grouping the numbers in this way allows you to perform a common operation on the group as a whole and to give the group precedence. The grouped numbers can themselves include regular expression operators. For more information about regular expressions, see Using UNIX Regular Expressions in Community Names.
community-value—Identifier of the community member. It can be a number from 0 through 65,535. You can use the following notation in specifying the community ID:
String of digits.
Asterisk (*)—A wildcard character that matches all community values. (In the definition of the community attribute, the asterisk also functions as described in Table 1.)
Period (.)—A wildcard character that matches any single digit in a community value number.
Group of community value numbers—A single community value number or a group of community value numbers enclosed in parentheses. Grouping the regular expression in this way allows you to perform a common operation on the group as a whole and to give the group precedence. The grouped path can itself include regular expression operators.
You can also include one of the following well-known community names (defined in RFC 1997,
BGP Communities Attribute) in the community-ids
option for the members statement. This will tag the routes you
specify in [policy-options policy-statement] with the configured
name or community value. In a separate configuration, you also need to create a
filter for the imported routes in your BGP import policy.
no-advertise—Routes in this community name must not be advertised to other BGP peers.
no-export—Routes in this community must not be advertised outside a BGP confederation boundary. A stand alone autonomous system that is not part of a confederation should be considered a confederation itself.
no-export-subconfed—Routes in this community must not be advertised to external BGP peers, including peers in other members’ ASs inside a BGP confederation.
You can include the following IPv6 unicast address community names (defined in RFC 5701, BGP Communities Attribute) to accommodate IPv6 unicast address specific extended community:
[edit policy-options]
policy-statement send-direct {
term 1 {
then {
community add community-name;
community add community-name;
community add community-name;
accept;
}
}
}
community community-name members [ ipv6-target:<IPv6 unicast address>:operator-defined local values ipv6-target:<IPv6 unicast address>:operator-defined local values ];
community community-name members [ ipv6-origin:<IPv6 unicast address>:operator-defined local values ipv6-origin:<IPv6 unicast address>:operator-defined local values ];
community community-name members [ ipv6-extended:type-and-subtype value:<IPv6 unicast address>:operator-defined local values ipv6-extended:type-and-subtype value:<IPv6 unicast address>:operator-defined local values ];ipv6-target identifies the VPN IPv6 target unicast address used in a policy match. ipv6-origin identifies the source of the IPv6 unicast address in a policy match. ipv6-extended identifies the extended format of the IPv6 unicast address in a policy match.
Using UNIX Regular Expressions in Community Names
When specifying the members of a named BGP community (in the members [ community-ids ] statement), you
can use UNIX-style regular expressions to specify the AS number and the member identifier. A regular expression consists of two components, which you
specify in the following format:
term operator;
term identifies the string to match.
operator specifies how the term must match. Table 1 lists the regular expression operators supported
in community IDs. You place an operator immediately after term with no intervening space, except for the pipe ( | )
and dash (–) operators, which you place between two terms, and parentheses, with which you enclose terms. Table 2 shows
examples of how to define community-ids using community regular expressions. The operator is optional.
Community regular expressions are identical to the UNIX regular expressions. Both implement the extended (or modern) regular expressions as defined in POSIX 1003.2.
Community regular expressions evaluate the string specified in term on a character-by-character basis. For example,
if you specify 1234:5678 as term, the regular expressions see nine discrete characters, including the colon (:),
instead of two sets of numbers (1234 and 5678) separated by a colon.
In Junos OS Release 9.1 and later, you can specify 4-byte AS numbers as defined in RFC 4893, BGP Support for Four-octet AS Number Space, as well as the 2-byte AS numbers that are supported in earlier releases of the Junos OS.
Operator |
Match Definition |
|---|---|
|
At least |
|
Exactly |
|
|
|
Zero or more repetitions of |
|
One or more repetitions of |
|
Zero or one repetition of |
|
One of the two terms on either side of the pipe. |
|
Between a starting and ending range, inclusive. |
|
Character at the beginning of a community attribute regular expression. |
|
Character at the end of a community attribute regular expression. |
|
Set of characters. One character from the set can match. To specify the start and end of a range, use a hyphen ( |
|
Group of terms that are enclosed in parentheses. If enclosed in quotation marks with no intervening space (" |
|
Characters (such as space, tab, question mark, and bracket) that are enclosed within quotation marks in a community attribute regular expression indicate special characters. |
Community Attribute to Match |
Regular Expression |
Sample Matches |
|---|---|---|
AS number is 56 or 78. Community value is any number. |
^((56) | (78)):(.*)$ |
56:1000 78:64500 |
AS number is 56. Community value is any number that starts with 2. |
^56:(2.*)$ |
56:2 56:222 56:234 |
AS number is any number. Community value is any number that ends with 5, 7, or 9. |
^(.*):(.*[579])$ |
1234:5 78:2357 34:64509 |
AS number is 56 or 78. Community value is any number that starts with 2 and ends with 2 through 8. |
^((56) | (78)):(2.*[2–8])$ |
56:22 56:21197 78:2678 |
Defining BGP Extended Communities for Use in Routing Policy Match Conditions
To create a named BGP community and define the community members, include the
community statement:
[edit policy-options] community name { members [ community-ids ]; }
name identifies the community. It can contain
letters, numbers, and hyphens (-) and can be up to 255 characters long. To include
spaces in the name, enclose the entire name in quotation marks (“ ”).
community-ids identifies one or more members of
the community. Each community ID consists of three components, which you specify in
the following format:
type:administrator:assigned-number
type is the type of extended community and can be
either the 16-bit numerical identifier of a specific BGP extended community or one
of these types:
-
bandwidth—Sets up the bandwidth extended community. Specifying link bandwidth allows you to distribute traffic unequally among different BGP paths.Note:The link bandwidth attribute does not work concurrently with per-prefix load balancing.
-
domain-id—Identifies the OSPF domain from which the route originated. -
origin—Identifies where the route originated. -
rt-import—Identifies the route to install in the routing table.Note:You must identify the route by an IP address, not an AS number.
-
src-as—Identifies the AS from which the route originated. You must specify an AS number, not an IP address.Note:You must identify the AS by an AS number, not an IP address.
-
target—Identifies the destination to which the route is going.Note:For an import policy for a VPN routing and forwarding (VRF) instance, you must include at least one route target. Additionally, you cannot use wildcard characters or regular expressions in the route target for a VRF import policy. Each value you configure for a route target for a VRF import policy must be a single value.
administrator is the administrator. It is either
an AS number or an IP version 4 (IPv4) address prefix, depending on the type of
extended community.
assigned-number identifies the local
provider.
In Junos OS Release 9.1 and later, you can specify 4-byte AS numbers as defined in
RFC 4893, BGP Support for Four-octet AS Number Space, as well as the
2-byte AS numbers that are supported in earlier releases of the Junos OS. In
plain-number format, you can configure a value in the range from 1
through 4,294,967,295. To configure a target or
origin extended community that includes a 4-byte AS number in
the plain-number format, append the letter “L” to the end of number. For example, a
target community with the 4-byte AS number 334,324 and an assigned number of 132 is
represented as target:334324L:132.
4-byte ASes can be specified only as a part of extended communities and hence
the letter ‘L’ is not allowed in a base BGP regular expression community. For
example, to allow matches against an extended community, use extended community
expressions like origin:334324L:* and
target:334324L:* instead of 334324L:*
In Junos OS Release 9.2 and later, you can also use AS-dot notation when defining a
4-byte AS number for the target and origin
extended communities. Specify two integers joined by a period: 16-bit
high-order value in decimal.16-bit low-order value in
decimal. For example, the 4-byte AS number represented in plain-number
format as 65546 is represented in AS-dot notation as 1.10.
Examples: Defining BGP Extended Communities
Configure a target community with an administrative field of
10458 and an assigned number of 20:
[edit policy-options] community test-a members [ target:10458:20 ];
Configure a target community with an administrative field of 10.1.1.1 and an assigned number of 20:
[edit policy-options] community test-a members [ target:10.1.1.1:20 ];
Configure an origin community with an administrative field of 10.1.1.1 and an assigned number of 20:
[edit policy-options] community test-a members [ origin:10.1.1.1:20 ];
Configure a target community with a 4-byte AS number in the administrative field of 100000 and an assigned number of 130:
[edit policy-options] community test-b members [ target:100000L:130 ];