Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How do I send the community string in BGP route updates?

0

0

Article ID: KB13645 KB Last Updated: 31 Mar 2009Version: 1.0
Summary:
Many Internet Service Providers (ISPs) make extensive use of BGP communities for routing policy decision making. The following KB article illustrates how to configure the Juniper Firewall to send the community string in a routing update.
Symptoms:

Solution:
Topology
Firewall (172.19.51.37) ---------(172.19.51.71) ISP

The ISP has requested certain routes be advertised with a specific community string.


Configuration on the Firewall:
  1. Enter the appropriate Virtual Router:
  2. ssg20-> set vr trust
    ssg20(trust-vr)->
  3. Set up the access list to match the routes which you are looking to send with the community string.  in this case the route is 172.19.0.0/16.
  4. ssg20(trust-vr)-> set access-list 2 permit ip 172.19.0.0/16 5           ***This access list "2" will be referenced later on
  5. Enter the BGP instance and configure the community list:
  6. ssg20(trust-vr)-> set proto bgp
    **Note that there are 2 ways to specify the community list

    (i) By entering the community value directly:
    ssg20(trust-vr/bgp)-> set community-list 50 permit 2770732131
    OR (ii) Specifying the AS number and the final two octets in community value
    ssg20(trust-vr/bgp)-> set community-list 50 permit as 42278 1123

  7. Set up the route-map to match the IP in the acess-list and to set the community string for the routes matched by the IP access list:
  8. ssg20(trust-vr)-> set route-map name "test" permit 10
    ssg20(trust-vr/test-10)-> set match ip 2                             ***Matches the access list number 2 which was specified earlier
    ssg20(trust-vr/test-10)-> set community 50                           ***sets the community string
    ssg20(trust-vr)->

  9. Configure the route-map to enable the routes to be correctly advertised to the appropriate neighbour (ISP):
    ssg20(trust-vr)-> set proto bgp
    ssg20(trust-vr/bgp)-> set neighbor 172.19.51.71 remote-as 64600
    ssg20(trust-vr/bgp)->set neighbor 172.19.51.71 enable
    ssg20(trust-vr/bgp)->set neighbor 172.19.51.71 send-community         ***Send community enables the community string to be sent
    ssg20(trust-vr/bgp)->set neighbor 172.19.51.71 route-map "test" out   ***Route-map should be advertised "OUT" to the neighbour
  10. Enable BGP on the interface in question:
  11. set interface ethernet0/0 protocol bgp
  12. How do you verify that it was configured correctly? The BGP comm-rib table will show you the community tied to the route:
  13. ssg20-> set vr trust
    ssg20(trust-vr)-> set proto bgp
    ssg20(trust-vr/bgp)-> get comm-rib
    Prefix: 172.19.0.0/16
    Nexthop: 172.19.50.1, Weight: 32768, Local Pref: 100, MED: 0, Flag: 8, Orig: INCOMPLETE
    Community: 42278:1123     
                                    ***Note the community string
  14. How do I check if the BGP update has been sent?

  15. (I) In order to send the full routing table for the trust-vr through updates from the local BGP peer to the neighboring peer, use the "soft-out" command:
    ssg20-> clear vr trust protocol bgp neighbour 172.19.51.71 soft-out
    (ii) Running the "debug bgp update" command will show the updates being sent and the debugs should look as follows:
    ## 2009-03-20 08:23:00 : [bgp/update]: start: initial send eBGP update 172.19.0.0/16
    ## 2009-03-20 08:23:00 : [bgp/update]: nhop: 172.19.50.1, bgprt->i_nhop: 0.0.0.0
    ## 2009-03-20 08:23:00 : [bgp/update]: Build Tx PA: med: 0, local pref: 100, nhop: 172.19.50.1
    ## 2009-03-20 08:23:00 : [bgp/update]: add feasible prefix 172.19.0.0/16 to peer 172.19.51.71 Tx-q
    ## 2009-03-20 08:23:00 : [bgp/update]: done : initial send eBGP 172.19.0.0/16 OK
    Note that you will not be able to tell the community list being sent from this debug.

  16. The community list can also be verified and checked from a packet capture and by looking into the UPDATE message.
  17. A screenshot of it is as follows:

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search