Document Managed by Network Architecture
Abstract
This document describes the use of BGP communities, local-preference and prefix-list filters in Cisco IOS as a means of identifying and controlling routing announcements learned from and sent to the BGP peers on the Rutgers Regional Network (RRN). It is the combination of these techniques that form the basis of the BGP policies configured on RRN. These techniques provide sufficient policy granularity and are used internally within RRN. These attributes are not sent to or accepted from any EBGP peer routers (although design enhancements may allow for this in the future).
BGP Communities, Local-Preference and Route-maps
Using inbound route-maps defined for each EBGP neighbor, the RRN routers tag incoming BGP updates with the community strings as shown in second column from left in Tables 1,2 and 3.
Additionally, route prefixes are ranked, using the BGP local-preference attribute, in the following order (from highest to lowest). Local preference is used to influence path selection from the Rutgers perspective.
| Path Selection | Local Preference |
| Directly connected institutions | 400 |
| MAGPI / Internet2 | 300 |
| NJEdge.net | 200 |
| Commodity Internet | 100 |
In this design, local-preference value is set so that a direct-connect source for a prefix is given the highest local preference value and is therefore the most preferred path for reaching the prefix. The BGP community label allows outbound route-maps to be created to selectively control how BGP announcements are advertised by Rutgers back out to the EBGP peers (See Example Configuration 1). For example, NJEdge.net is sent updates about Rutgers (tagged by community 46:10) and Internet2 (tagged by community 46:30) prefixes. Likewise, BGP announcements to Sprintlink contain Rutgers-only prefixes (46:10). In this implementation of BGP communities, the community tags are only sent and processed by the Rutgers IBGP routers. The BGP community attribute gives Rutgers the flexibility to act as a transit service provider for subscribing institutions while ensuring that only Rutgers Internet traffic is sent over Rutgers Internet link(s).
Table 1 - BGP Community tags configured on er01-alex-ext router
| Er01-alex BGP Peers: |
Inbound prefixes are tagged: | Set Local Preference to: | Name of inbound route-map | Tags allowed Outbound to this peer: | Name of outbound route-map | Standard Community-List Name |
| MAGPI / Internet2 |
46:30 | 300 | tag-i2-in | 46:10 46:20 46:41 46:42 46:43 46:44 |
i2-out | ru nje umd sh si njit |
| Seton Hall | 46:42 | 400 | tag-setonhall-in | 46:10 46:30 |
runet-i2-out | rui2 |
| Stevens Institute | 46:43 | 400 | tag-stevens-in | 46:10 46:30 |
runet-i2-out | rui2 |
| NJEdge | 46:20 | 200 | tag-njedge-in | 46:10 46:30 |
runet-i2-out | rui2 |
| Verizon Internet | Internet | 100 | tag-verizon-in | 46:10 | runet-i2-out | ru |
Table 2 - BGP Community tags configured on er01-hill-ext router
| Er01-hill BGP Peers: |
Inbound prefixes are tagged: | Set Local Preference to: | Name of inbound route-map | Tags allowed Outbound to this peer: | Name of outbound route-map | Standard Community-List Name |
| Rutgers | 46:10 | 100 - default | ruroutes | all | n/a | ru |
| UMDNJ | 46:41 | 400 | tag-umd-in | 46:10 46:30 |
runet-i2-out | ru i2 |
| Sprintlink | Internet | 150 | tag-internet-in | 46:10 | runet-out | ru |
Table 3 - BGP Community tags configured on er01-hilh-ext router
| NJIT | 46:44 | 400 | tag-njit-in | 46:10 46:30 |
runet-i2-out | ru i2 |
IP Community Lists
The outbound route-maps rely on the named ip community-list command for creating a community-list reference for each community tag. By writing route-maps that simply match on a community-list name or series of community-list names, a network operator can control the route announcements. The standard ip community-list command functions like an ip access-list. The following community-list entries are declared in the router configurations.
ip community-list standard ru198 permit 46:9
ip community-list standard ru permit 46:10
ip community-list standard nje permit 46:20
ip community-list standard i2 permit 46:30
ip community-list standard umd permit 46:41
ip community-list standard sh permit 46:42
ip community-list standard si permit 46:43
ip community-list standard njit permit 46:44
As an aid the reader below is a simple example showing how to set the BGP community, local-preference value and the route-map controls for MAGPI.
Example Configuration 1
neighbor 216.27.98.41 route-map tag-i2-in in
neighbor 216.27.98.41 route-map i2-out out
!
route-map tag-i2-in permit 10
set local-preference 300
set community 46:30
!
route-map i2-out permit 10
match community ru nje umd sh si njit
BGP Prefix-list Filters
Inbound BGP prefix-list filters are configured for each EBGP neighbor to help control the BGP routing announcements heard by the RRN routers. Named prefix-list filters are configured for each neighbor as shown below. The prefix-list sequence number (seq no.) allows for the selective insertion and removal of entries to a named prefix-list filter.
Prefix-list filters for Internet Service Providers:
ip prefix-list isp-prefix-in seq 10 deny 0.0.0.0/0
ip prefix-list isp-prefix-in seq 15 deny 10.0.0.0/8 le 32
ip prefix-list isp-prefix-in seq 20 deny 127.0.0.0/8 le 32
ip prefix-list isp-prefix-in seq 25 deny 172.16.0.0/12 le 32
ip prefix-list isp-prefix-in seq 30 deny 192.168.0.0/16 le 32
ip prefix-list isp-prefix-in seq 35 deny 1.0.0.0/8 le 32
ip prefix-list isp-prefix-in seq 40 deny 2.0.0.0/8 le 32
ip prefix-list isp-prefix-in seq 45 deny 169.254.0.0/16 le 32
ip prefix-list isp-prefix-in seq 50 deny 192.0.2.0/24 le 32
ip prefix-list isp-prefix-in seq 55 deny 128.6.0.0/16 le 32
ip prefix-list isp-prefix-in seq 60 deny 165.230.0.0/16 le 32
ip prefix-list isp-prefix-in seq 65 deny 192.12.88.0/24 le 32
ip prefix-list isp-prefix-in seq 70 deny 192.76.178.0/24 le 32
ip prefix-list isp-prefix-in seq 75 deny 198.151.130.0/24 le 32
ip prefix-list isp-prefix-in seq 80 deny 204.52.215.0/24 le 32
ip prefix-list isp-prefix-in seq 85 deny 240.0.0.0/4 le 32
ip prefix-list isp-prefix-in seq 90 permit 0.0.0.0/0 ge 8
Prefix-list filters for NJEdge (updated as institutions are added):
ip prefix-list njedge-prefix-in seq 10 permit 128.235.0.0/16 le 24
ip prefix-list njedge-prefix-in seq 20 permit 130.68.0.0/16 le 24
ip prefix-list njedge-prefix-in seq 30 permit 130.156.0.0/16 le 24
ip prefix-list njedge-prefix-in seq 32 permit 130.219.0.0/16
ip prefix-list njedge-prefix-in seq 40 permit 131.125.0.0/16
ip prefix-list njedge-prefix-in seq 50 permit 132.238.0.0/16
ip prefix-list njedge-prefix-in seq 52 permit 134.210.0.0/16
ip prefix-list njedge-prefix-in seq 60 permit 149.150.0.0/16
ip prefix-list njedge-prefix-in seq 70 permit 149.151.0.0/16
ip prefix-list njedge-prefix-in seq 80 permit 150.250.0.0/16
ip prefix-list njedge-prefix-in seq 90 permit 155.246.0.0/16
ip prefix-list njedge-prefix-in seq 100 permit 159.91.0.0/16
ip prefix-list njedge-prefix-in seq 110 permit 192.107.108.0/24
ip prefix-list njedge-prefix-in seq 120 permit 192.108.16.0/24
ip prefix-list njedge-prefix-in seq 130 permit 192.135.209.0/24
ip prefix-list njedge-prefix-in seq 140 permit 192.150.150.0/24
ip prefix-list njedge-prefix-in seq 150 permit 198.138.207.0/24
ip prefix-list njedge-prefix-in seq 160 permit 198.138.208.0/23
ip prefix-list njedge-prefix-in seq 170 permit 198.138.210.0/24
ip prefix-list njedge-prefix-in seq 180 permit 204.143.61.0/24
ip prefix-list njedge-prefix-in seq 190 permit 204.143.62.0/23
ip prefix-list njedge-prefix-in seq 200 permit 204.143.64.0/22
ip prefix-list njedge-prefix-in seq 210 permit 204.143.68.0/24
ip prefix-list njedge-prefix-in seq 212 permit 209.242.176.0/20
ip prefix-list njedge-prefix-in seq 220 permit 224.0.0.0/3 le 32
Prefix-list filters for directly-connect institutions:
ip prefix-list njit-prefix-in seq 10 permit 128.235.0.0/16 le 24
ip prefix-list setonhall-prefix-in seq 10 permit 149.150.0.0/16
ip prefix-list stevens-prefix-in seq 10 permit 155.246.0.0/16
ip prefix-list umd-prefix-in seq 10 permit 130.219.0.0/16
