BGP Community No Advertise

ReneMolenaar · December 29, 2016, 5:44pm

The BGP No Advertise community is one of the four well known communities. If you have no idea what BGP communities are about, I would suggest to check the introduction lesson first. That’s where you will learn about the basics of BGP communities. When you add the no-advertise community to a prefix then the receiving…

hamoodrehman87 · July 1, 2015, 11:18pm

Rene,
Great lesson to understand community. I have question if we have two loopbacks for instance 2.2.2.2/32 on R1 and I would like to advertize this and block 1.1.1.1/32. Do I need an ACL to match under route-map?

Please confirm
Hamood

ReneMolenaar · July 2, 2015, 8:08pm

Hi Hamood,

That’s right, in this example I used a really simple route-map but you could do something like this:

access-list 1 permit host 1.1.1.1

route-map NO_ADVERTISE deny 10
match ip address 1
set community no-advertise

route-map NO_ADVERTISE permit 20

The first route-map statement will deny everything that matches access-list 1, the second route-map statement is required to permit everything else.

Rene

hamoodrehman87 · July 2, 2015, 8:46pm

Thank you Rene.

Hamood

ammaralmhdawi · July 30, 2015, 3:06pm

great topic Rene. thanks

ammar.eng100 · November 5, 2015, 10:45pm

that’s great explanation. thanks Rene

salvatore.cuzzilla · April 14, 2016, 9:48pm

Ciao Rene’,

testing with your topology: if I set no-advertise with a more specific route-map, like:

ip prefix-list LOOPBACK seq 5 permit 1.0.0.1/32
!
route-map SET_NOADVERTISE deny 10
 match ip address prefix-list LOOPBACK
 set community no-advertise
!
route-map SET_NOADVERTISE permit 20

then I get the following result on R2:

R2#show ip route 1.1.1.1/32
% Network not in table

do you have any idea on why is that?

Regards,
Salvatore.

ReneMolenaar · April 17, 2016, 3:33pm

Hello Salvatore,

This should work…1.1.1.1/32 is not in your prefix-list so it should be permitted. I just checked it to be sure and it’s working for me.

Any chance you got the wrong route-map on R1?

R1#
ip prefix-list LOOPBACK permit 1.0.0.1/32
!
route-map SET_NOADVERTISE permit 10
 match ip address prefix-list LOOPBACK
 set community no-advertise
!
route-map SET_NOADVERTISE permit 20
!
router bgp 1
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 192.168.12.2 remote-as 24
 neighbor 192.168.12.2 send-community
 neighbor 192.168.12.2 route-map SET_NOADVERTISE out

R2#show ip bgp | include 1.1.1.1
 *&gt;  1.1.1.1/32       192.168.12.1             0             0 1 i

Rene

dinhthaibrilliant90 · June 23, 2016, 4:16am

Hi Rene,

I am a big fan of you. Thanks for the lessons.
Follow up the route-map on R1 allowing advertising loopback 2.2.2.2/32 but blocking loopback 1.1.1.1/32 to neigbor BGP router, I found the mistake.

ip prefix-list LOOPBACK permit 1.0.0.1/32
!
route-map SET_NOADVERTISE deny 10    -----------&gt; this should be route-map SET_NOADVERTISE PERMIT 10
 match ip address prefix-list LOOPBACK
 set community no-advertise
!
route-map SET_NOADVERTISE permit 20
!
router bgp 1
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 192.168.12.2 remote-as 24
 neighbor 192.168.12.2 send-community
 neighbor 192.168.12.2 route-map SET_NOADVERTISE out

Can you double-check again Rene?

Regards,
Thai

andrew · June 23, 2016, 6:15pm

Hi Thai,
Good catch. I believe you are correct. I will ask Rene to review/correct this.

ReneMolenaar · June 26, 2016, 3:47pm

Hi Thai,

Thanks, you are right so I just fixed it. It has to be permitted otherwise the community is not set.

Rene

elecommeng · September 16, 2016, 11:55pm

Hi Rene,
Also in your first reply to Hamood, could you please check it?. i think there is some thing wrong.

lagapidis · October 4, 2016, 4:36pm

Hello Mahmoud.

I believe that Rene’s explanation is correct, however, I can see where the misunderstanding may be. Specifically, Rene gave the following commands as an example:

access-list 1 permit host 1.1.1.1

route-map NO_ADVERTISE deny 10
match ip address 1
set community no-advertise

route-map NO_ADVERTISE permit 20

and said that

The first route-map statement will deny everything that matches access-list 1, the second route-map statement is required to permit everything else.

The access-list may say permit, however, the route map takes this access list and whatever it matches, that is, whatever corresponds to the permit statement, is denied. You can see this by the route-map NO_ADVERTISE deny 10 statement.

A second line is then added to the route map, line 20 where everything else is permitted.

So even though the access list may say perimt, the actual action that is taken by the route-map is deny.

I hope this has been helpful!

Laz

hussien.samer · November 12, 2016, 11:37am

Hello Laz,

I think Mahmoud H is right and I also check it from cisco doc :-

as cisco say :-
Do not configure a set command in a deny route-map clause because the deny clause prohibits route redistribution—there is no information to modify.

Best Regard

ReneMolenaar · November 22, 2016, 7:38pm

You guys mean this example?

access-list 1 permit host 1.1.1.1

route-map NO_ADVERTISE deny 10
match ip address 1
set community no-advertise

route-map NO_ADVERTISE permit 20

The Do not configure a set command in a deny route-map clause because the deny clause prohibits route redistribution—there is no information to modify part refers to using a route-map with route redistribution, that’s not the case here

hussien.samer · November 23, 2016, 5:00pm

I think the route map with deny statement will deny everything that permitted in access-list statement, so the outbound routes will be filtered if we use the route map with redistribution or with community or any other case, I also check it out with a lab and I see the route 1.1.1.1 in your case will not announce even to R2 !!! If I did not understand, is it possible to clarify this case more ???

ReneMolenaar · December 21, 2016, 12:36pm

Let me give an example to avoid confusion. To keep it simple and fast, I’ll use EIGRP and a distribute-list. Here’s R1:

R1#show run | begin router eigrp
router eigrp 1
 network 0.0.0.0

and R2:

R2#show run | begin router eigrp
router eigrp 1
 network 0.0.0.0

R1 has two loopback interfaces that are advertised to R2:

R2#show ip route eigrp 

      1.0.0.0/24 is subnetted, 1 subnets
D        1.1.1.0 [90/130816] via 192.168.12.1, 00:02:32, GigabitEthernet0/1
      11.0.0.0/24 is subnetted, 1 subnets
D        11.11.11.0 [90/130816] via 192.168.12.1, 00:02:32, GigabitEthernet0/1

It has learned 1.1.1.0/24 and 11.11.11.0/24. Let’s add a distribute-list:

R1(config)#router eigrp 1
R1(config-router)#distribute-list route-map NO_ADVERTISE out

Here’s a route-map:

R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255

R1(config)#route-map NO_ADVERTISE deny 10
R1(config-route-map)#match ip address 1

Here’s what we have on R2:

R2#show ip route eigrp

It’s empty…why? the first route-map statement denies what we have in our access-list. The second (invisible) route-map statement is also a deny which prevents 11.11.11.0/24 from being advertised. If we want this, we have to add a permit:

R1(config)#route-map NO_ADVERTISE permit 20

This empty permit, permits everything since there is no match command. The result:

R2#show ip route eigrp 

D        11.11.11.0 [90/130816] via 192.168.12.1, 00:00:30, GigabitEthernet0/1

Rene

EUNLITManagedService · July 26, 2018, 12:47pm

I think this should be the other way around:

“As a result, R2 will not advertise it to R3 (iBGP) or R4 (eBGP).”

Since R4 is in the same AS as R2, they would use iBGP and since R3 is in another AS it would use eBGP.

lagapidis · July 27, 2018, 11:58am

Hello Elias

Yes you are correct. It should read:

“As a result, R2 will not advertise it to R3 (eBGP) or R4 (iBGP).”

Thanks, I’ll let @ReneMolenaar know.

Laz

ReneMolenaar · August 1, 2018, 2:56pm

Thanks Elias, just fixed this typo.