[nsp] Extended community-lists & filtering of customer communities

From: Alex Bligh (amb@gxn.net)
Date: Fri Aug 21 1998 - 18:44:04 EDT

Next message: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Previous message: Alex Bligh: "Re: [nsp] bgp deterministic-med"
Next in thread: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Reply: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Any chance someone could sanity check this for me, there being no
docs available.

I wish to allow my customers to send me communities within my
community space (let's say for AS4444), but to avoid collateral
damage by their leaking other communities they might send me in that
I act on, whilst in general still passing throughout my AS anything
else they may set on them (for instance their communities of perhaps
those of my upstreams/peers if I chose to propagate them on egress).

I want a route-map which as its first stage rejects all routes
with any communities that begin with 4444: other than 4444:1000-4444:1999,
and also rejects any with communities that begin 0: (i.e. I want
to let my customers send me *some* communities in my range, but
not all, and not 0: communities, but otherwise allow them to pass
through).

Bearing in mind there may be more than one community attribute present,
I think the correct way to do this is (and testing *seems* to work)
as follows. Would someone who has used these things in anger care
to check my logic?

! match (for filtering) communities beginning 0:
ip community-list 109 permit _0:.*_
! match (for filtering) any 4444:s other than those starting 4444:1
ip community-list 109 permit _4444:[2-90].*_
! match (for filtering) any 4444:1 followed by 0, 1, 2, or 4 or more digits
ip community-list 109 permit _4444:1(_|[0-9]_|[0-9][0-9]_|
[0-9][0-9][0-9][0-9]+_)
! (line above broken for readability only)
! leaving an implicit deny for 4444:1 followed by 4 digits

! route-map for customer routes in
!
! first strip routes with bogus communities
!
route-map receive-routes-from-customer deny 5
  match community 109
!
! check the AS-Path (networks checked via
! distribute list applied to peering)
!
! If they're OK, tag the routes internally how we
! want them, leaving their communities on but adding the ones we
! require
!
route-map receive-routes-from customer permit 10
  match as-path 123
  set community 4444:2000 4444:2002 4444:3000 additive
!

-- 
Alex Bligh
GX Networks (formerly Xara Networks)

Next message: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Previous message: Alex Bligh: "Re: [nsp] bgp deterministic-med"
Next in thread: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Reply: Wayne Bouchard: "Re: [nsp] Extended community-lists & filtering of customer communities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT