BGP community is an extra information that the advertised routes can be tagged with, allowing the router on the other end or a BGP peer to better classify/ handle routes sharing common property.
The community value is a 32-bit field that is divided into two sub-fields. The first two bytes encode the AS number of the network that originated the community and the last two bytes carry a unique number assigned by the AS. Communities add power to BGP, changing it from a routing protocol to a tool for signaling and policy enforcement.
This feature is not supported for IPv6.
Use Cases
BGP community is useful when there are common requirements for a range of IP addresses or a network.
It provides a better understanding of the network topology and routing policy requirements.
It makes scalability, operation, and troubleshooting of a network easier. For more information on the BGP community, see An Application of the BGP Community Attribute.
NSX Advanced Load Balancer supports the new ip_community
option in the BGP configuration. You can tag a virtual IP address (VIP) or a backend server IP address advertised from an NSX Advanced Load Balancer Service Engine with appropriate communities. Tagging allows BGP peers to handle BGP routes with discretion.
Configuration
Login to the NSX Advanced Load Balancer Controller command line interface (CLI) and follow the steps to configure the BGP community for all routes advertised to a BGP peer:
[admin:controller]: > configure vrfcontext global Updating an existing object. Currently, the object is: +----------------+-------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------+-------------------------------------------------+ [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> cancel Exit the current submode without saving community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet. do Execute a show command hold_time Hold time for Peers ibgp BGP peer type ip_communities (submode) keepalive_interval Keepalive interval for Peers local_as Local Autonomous System ID new (Editor Mode) Create new object in editor mode no Remove field peers (submode) save Save and exit the current submode send_community Send community attribute to all peers. show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile> [admin:controller]: vrfcontext:bgp_profile> community internet [admin:controller]: vrfcontext:bgp_profile> community 10:10 [admin:controller]: vrfcontext:bgp_profile> community 65000:20 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +---------------------------+-----------------------------------------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | keepalive_interval. | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 10:10 | | community[3] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +---------------------------+-----------------------------------------------------------------------+
You can delete one of the configured communities using the following CLI:
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no community 10:10 Removed community 10:10 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
Configuring a BGP community specific to routes belonging to an IP range
The below example shows how to tag any routes with a specific community that will be applied to only a specific IP range. This IP-specific community overrides the default community in bgp_profile
that applies to all routes.
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> ip_communities New object being created [admin:controller]: vrfcontext:bgp_profile:ip_communities> cancel Exit the current submode without saving community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet. do Execute a show command ip_begin Beginning of IP address range. ip_end End of IP address range. Optional if ip_begin is the only ip address in specified ip range. no Remove field save Save and exit the current submode show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.163.100 [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_end 10.70.163.200 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 200:200 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 100:100 [admin:controller]: vrfcontext:bgp_profile:ip_communities> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
Follow the steps mentioned to configure a BGP community for a single IP address, for instance, a VIP address, that is advertised to a BGP peer. While configuring a community for the single IP address, ip_end
is optional. However, you can configure both ip_begin
and ip_end
to the same IP address without any issue.
[admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> ip_communities New object being created [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.164.150 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 150:150 [admin:controller]: vrfcontext:bgp_profile:ip_communities> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | | | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
You can stop tagging the BGP advertised routes with the community using the following CLI command. This command stops tagging routes with the community while preserving the configuration.
You can enable tagging at a later time, if required.
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no send_community +--------------------------+----------------+ | Field | Value | +--------------------------+----------------+ | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | +--------------------------+----------------+ [admin:controller]: vrfcontext:bgp_profile> save
You can delete the configured ip_communities
using the following CLI command:
| send_community | False | | community[1] | local-AS | | community[2] | no-export | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------+
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no ip_communities index 1 Removed ip_communities with index 1 +--------------------------+----------------+ | Field | Value | +--------------------------+----------------+ | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | +--------------------------+----------------+
You can enable the community tags for the BGP-advertised routes using the following CLI command:
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> send_community Overwriting the previously entered value for send_community [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save s+----------------------------+------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | peer_ip | 10.70.163.23 | | subnet | 10.70.163.0/24 | | md5_secret | sensitive | | bfd | True | | advertise_vip | True | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | keepalive_interval | 60 | | hold_time | 180 | | ebgp_multihop | 0 | | peers[2] | | | remote_as | 1 | | peer_ip | 10.70.164.21 | | subnet | 10.70.164.0/24 | | md5_secret | sensitive | | bfd | True | | advertise_vip | True | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | keepalive_interval | 60 | | hold_time | 180 | | ebgp_multihop | 0 | | keepalive_interval | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
You can tag routes advertised to a BGP peer with a standard community. NSX Advanced Load Balancer supports tagging of the routes in BGP sub mode only. NSX Advanced Load Balancer does not support tagging of the communities on a per route basis.
[admin:controller]: > configure vrfcontext global Updating an existing object. Currently, the object is: +----------------+-------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------+ | uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e | | name | global | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------+-------------------------------------------------+ [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> cancel Exit the current submode without saving community List of community attributes. Valid values are "internet", "local-AS", "no-advertise", "no-export". Community can also be specified in : format where AS,Val are in the range [1,65535]. do Execute a show command hold_time Hold time for Peers ibgp BGP peer type keepalive_interval Keepalive interval for Peers local_as Local Autonomous System ID new (Editor Mode) Create new object in editor mode no Remove field peers (submode) save Save and exit the current submode send_community Send community attribute to all peers(True by default) show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile> community internet [admin:controller]: vrfcontext:bgp_profile> community 10:10 [admin:controller]: vrfcontext:bgp_profile> community 65000:20 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +---------------------------+-----------------------------------------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------------------------------------+ | uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | keepalive_interval. | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 10:10 | | community[3] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +---------------------------+-----------------------------------------------------------------------+