Standard Community Lists

sidebar_position: 9

You can use community lists to filter BGP routes based on the community attribute. The community number consists of a 4-byte value in the aa:nn format. The first two bytes represent the autonomous system number, and the last two bytes represent a user-defined network number.

When you configure multiple values in the same community list statement, all community values must match to satisfy the community list filter. When you configure multiple values in separate community list statements, the first list that matches a condition is processed.

Use community lists in a match statement to filter BGP routes based on the community attribute.

no-export—Do not advertise this route to external BGP peers.
no-advertise—Do not advertise this route to any peer.
internet—Advertise this route to the Internet community. All BGP-speaking networking devices belong to this community.
local-as—Do not send this route outside the local autonomous system.
gshut—Community of routes gracefully shut down.
blackhole-Use to blackhole to drop any traffic being sent towards this prefix. for security purpose like DDoS.

Diagram

Classes

route_control (vxlan.overlay_extensions)

Name	Type	Constraint	Mandatory	Default Value
standard_community_lists	List	`[standard_community_lists]`	No

standard_community_lists (vxlan.overlay_extensions.route_control)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[A-Za-z0-9-_]{1,63}$`	Yes
entries	List	`[entries]`	Yes

entries (vxlan.overlay_extensions.route_control.standard_community_lists)

Name	Type	Constraint	Mandatory
seq_number	Integer	min: `1`, max: `4294967294`	Yes
operation	Choice	`permit`, `deny`	Yes
communities	List	Any[String[Regex: `^([0-9]{1,5}:[0-9]{1,5})$`] or Choice[`blackhole`, `graceful-shutdown`, `internet`, `local-as`, `no-advertise`, `no-export`]]	No

Example

In this example, we will create one ip community-list standard named: Standard-Community with two entries. The first entry in the sequence number: 10 will permit routes with community: 65000:100. The second entry uses the sequence number: 20 will permit routes with community: 65000:101 AND the well-known community: no-export.

This community is used in the group communityList_RCtrlGrp, which is consumed by the switch named netascode-leaf1.

ip community-list standard BGPCommunity seq 10 permit 65000:100
ip community-list standard BGPCommunity seq 20 permit 65000:101 no-export

---
vxlan:
  overlay_extensions:
    route_control:
      standard_community_lists:
        - name: Standard-Community
          entries:
            - seq_number: 10
              operation: permit
              communities:
                - 65000:100
            - seq_number: 20
              operation: permit
              communities:
                - 65000:101
                - no-export
      groups:
        - name: communityList_RCtrlGrp
          standard_community_lists:
            - name: Standard-Community
      switches:
        - name: netascode-leaf1
          groups:
            - communityList_RCtrlGrp