An ISP may request a customer to advertise eBGP prefixes (routes) with a specific community value. This community value is then used by the ISP to further apply specific policies to these prefixes.
(192.168.100.1) FW1 (20.1.1.2)--------(20.1.1.1) FW2
AS 1111 AS 2222
Conditions:
- FW1 and FW2 are eBGP peers
- FW1 is advertising its directly connected network, 192.168.100.0/24
- FW1 must advertise its directly connected network with Community value of "99"
The following configuration on FW1 will allow this:
-
Configure eBGP
set vrouter trust-vr
set protocol bgp 1111
set enable
set neighbor 20.1.1.1 remote-as 2222
set neighbor 20.1.1.1 enable
exit
-
Configure BGP on interface
set interface untrust protocol bgp
-
Create access list
set vrouter trust-vr
set access-list 1
set access-list 1 permit ip 0.0.0.0/0 1
exit
-
Create community-list
set vrouter trust-vr
set protocol bgp 1111
set neighbor 20.1.1.1 send-community
set community-list 1 permit 1111 99
exit
exit
-
Create route-map
set vrouter trust-vr
set route-map name "routemap1" permit 1
set match ip 1
set community 1
exit
-
Apply route-map
set vrouter trust-vr
set protocol bgp 1111
set neighbor 20.1.1.1 route-map "routemap1" out
exit
exit
-
Redistribute connected routes to BGP
set vrouter trust-vr
set protocol bgp
set redistribute route-map "routemap1" protocol connected
exit
exit
Here is the output from the eBGP peer (FW2). Notice the community of 1111:99:
FW_2> get vrouter trust-vr protocol bgp rib 192.168.100.0/24
Prefix: 192.168.100.0/24
Nexthop: 20.1.1.2, Weight: 100, Local Pref: 100, MED: 0, Flags: 0x486 0x88, Orig: INCOMPLETE
AS segment type: AS_SEQ, AS path:1111
Community: 1111:99
2020-09-16: Article reviewed for accuracy. Minor changes made. Updated security products