BGP routes carry more than just prefix and next-hop. Communities are tags attached to routes, signaling intent to other networks. “This route is for backup only.” “Prepend this route 3 times to peers.” “Don’t announce this outside the region.”
Without communities, you’d need separate sessions, manual filters, or constant coordination. With communities, you tag once, everyone who understands acts accordingly.
Communities are the language networks speak to each other.
Community Types
Standard Communities
32-bit value, formatted as ASN:value:
65000:100 - AS 65000, value 10065000:1000 - AS 65000, value 1000Well-Known Communities
Predefined, universal meaning:
| Community | Value | Meaning |
|---|---|---|
| no-export | 65535:65281 | Don’t export outside AS |
| no-advertise | 65535:65282 | Don’t advertise to any peer |
| local-as | 65535:65283 | Don’t export outside local confederation |
| no-peer | 65535:65284 | Don’t advertise to EBGP peers |
Extended Communities
64-bit, more structure:
rt:65000:100 - Route Targetsoo:65000:100 - Site of OriginLarge Communities
96-bit for 4-byte ASNs:
4200000000:1:100 - Global Admin : Local Data 1 : Local Data 2Matching Communities
Define Community List
configure
# Match single communityset policy community-list BACKUP rule 10 regex "65000:100"
# Match any from setset policy community-list CUSTOMER rule 10 regex "65000:1[0-9][0-9]"
# Match well-knownset policy community-list NO-EXPORT rule 10 regex "no-export"
commitUse in Route Map
configure
# Match routes with communityset policy route-map FILTER-IN rule 10 match community community-list BACKUPset policy route-map FILTER-IN rule 10 action permitset policy route-map FILTER-IN rule 10 set local-preference 50
commitSetting Communities
Add Community to Route
configure
# Set community when advertisingset policy route-map SET-COMMUNITY rule 10 action permitset policy route-map SET-COMMUNITY rule 10 set community "65000:100"
# Add community (keep existing)set policy route-map ADD-COMMUNITY rule 10 action permitset policy route-map ADD-COMMUNITY rule 10 set community "65000:200 additive"
# Set multiple communitiesset policy route-map MULTI-COMMUNITY rule 10 action permitset policy route-map MULTI-COMMUNITY rule 10 set community "65000:100 65000:200"
commitApply to Neighbor
# Apply route-map to neighborset protocols bgp neighbor 10.0.0.2 address-family ipv4-unicast route-map export SET-COMMUNITYCommon Use Cases
Use Case 1: Traffic Engineering
Tell upstream how to prefer your routes:
# Community convention with ISP:# 65000:90 = set local-pref 90 (less preferred)# 65000:100 = set local-pref 100 (normal)# 65000:110 = set local-pref 110 (more preferred)
configure
# Mark backup link routes as less preferredset policy route-map TO-ISP-BACKUP rule 10 action permitset policy route-map TO-ISP-BACKUP rule 10 set community "65000:90"
set protocols bgp neighbor 10.0.0.2 address-family ipv4-unicast route-map export TO-ISP-BACKUP
commitUse Case 2: Prepending Control
Ask upstream to prepend your routes:
# Community convention:# 65000:3001 = prepend 1x to all peers# 65000:3002 = prepend 2x to all peers# 65000:3003 = prepend 3x to all peers
configure
# Request 2x prepend on backup routesset policy route-map PREPEND-REQUEST rule 10 action permitset policy route-map PREPEND-REQUEST rule 10 set community "65000:3002"
commitUse Case 3: Regional Filtering
Announce only within region:
# Community convention:# 65000:1000 = US region# 65000:2000 = EU region# 65000:3000 = APAC region
configure
# Mark route as US-onlyset policy route-map US-ONLY rule 10 action permitset policy route-map US-ONLY rule 10 set community "65000:1000 no-export"
commitUse Case 4: Customer vs Peer vs Transit
Tag routes by source:
# Internal convention:# 65000:100 = customer route# 65000:200 = peer route# 65000:300 = transit route
configure
# Tag customer routesset policy route-map FROM-CUSTOMER rule 10 action permitset policy route-map FROM-CUSTOMER rule 10 set community "65000:100"
# Use for policy decisionsset policy route-map TO-PEER rule 10 match community community-list CUSTOMERset policy route-map TO-PEER rule 10 action permit# Only advertise customer routes to peers
set policy route-map TO-PEER rule 20 action deny# Deny transit routes to peers (no transit)
commitUse Case 5: Blackhole
Signal upstream to blackhole traffic:
# Standard blackhole community (check with provider)# Many ISPs use: ISP_ASN:666
configure
# Mark route for blackholingset policy route-map BLACKHOLE rule 10 action permitset policy route-map BLACKHOLE rule 10 match ip address prefix-list ATTACK-PREFIXset policy route-map BLACKHOLE rule 10 set community "65000:666"
commitExtended Communities
Route Targets (for VRF/VPN)
configure
# Import routes with specific RTset protocols bgp address-family ipv4-vpnset vrf name CUSTOMER-A rd 65000:1set vrf name CUSTOMER-A route-target import 65000:1set vrf name CUSTOMER-A route-target export 65000:1
commitSite of Origin
# Prevent routing loops in multi-homed sites# Routes from site won't be sent back to same site
set policy route-map SET-SOO rule 10 action permitset policy route-map SET-SOO rule 10 set extcommunity soo "65000:100"Large Communities
For networks with 4-byte ASNs or needing more structure:
configure
# Define large community listset policy large-community-list CUSTOMER rule 10 regex "4200000000:1:.*"
# Set large communityset policy route-map SET-LARGE rule 10 action permitset policy route-map SET-LARGE rule 10 set large-community "4200000000:1:100"
# Match large communityset policy route-map MATCH-LARGE rule 10 match large-community large-community-list CUSTOMER
commitViewing Communities
Show Communities on Routes
# Show BGP routes with communitiesshow bgp ipv4 unicast community
# Show specific prefix with communitiesshow bgp ipv4 unicast 203.0.113.0/24
# Output includes:# Community: 65000:100 65000:200
# Filter by communityshow bgp ipv4 unicast community 65000:100Show Community Lists
# Show defined community listsshow policy community-listStripping Communities
Remove Specific Communities
configure
# Delete specific communityset policy route-map STRIP-INTERNAL rule 10 action permitset policy route-map STRIP-INTERNAL rule 10 set community delete community-list INTERNAL
commitRemove All Communities
configure
# Remove all communities (nuclear option)set policy route-map STRIP-ALL rule 10 action permitset policy route-map STRIP-ALL rule 10 set community none
commitCommunity Design Principles
1. Document Your Scheme
# Community Scheme for AS65000
## Route Type (65000:1xx)- 65000:100 = Customer route- 65000:110 = Peer route- 65000:120 = Transit route
## Traffic Engineering (65000:2xx)- 65000:200 = Normal preference- 65000:210 = Higher preference- 65000:220 = Lower preference
## Regional (65000:3xx)- 65000:300 = All regions- 65000:310 = US only- 65000:320 = EU only
## Action Requests (65000:4xx)- 65000:410 = Prepend 1x- 65000:420 = Prepend 2x- 65000:430 = Prepend 3x- 65000:499 = Blackhole2. Use Consistent Patterns
# Good: Predictable scheme# 65000:1xxx = route type# 65000:2xxx = preference# 65000:3xxx = regional# 65000:4xxx = actions
# Bad: Random assignment# 65000:42 = customer# 65000:7 = blackhole# 65000:1234 = US3. Don’t Trust External Communities
# Strip customer communities on ingressset policy route-map FROM-CUSTOMER rule 1 action permitset policy route-map FROM-CUSTOMER rule 1 set community delete community-list ALL-INTERNALset policy route-map FROM-CUSTOMER rule 1 set community "65000:100 additive"
# Then apply customer tagThe Lesson
Communities are the language networks speak to each other.
Without communities:
- Manual coordination for traffic engineering
- Separate sessions for different policies
- No way to signal intent across ASes
With communities:
- Tag routes with meaning
- Upstream acts on tags automatically
- Complex policies become simple
Design your community scheme before you need it. Document it. Use consistent numbering. Make it extensible.
Communities scale your network’s communication without scaling your operational overhead.