The misteries of the “Internet” BGP community

The post by Ethan Banks reminded me of a “mystery” I was trying to solve years ago when developing my first BGP course. The Cisco documentation has always claimed there were four well-known communities (the Internet community being one of them), while the RFC 1997 lists three well-known values. Unfortunately, most people blindly copy the IOS documentation (including the authors of the latest revision of the Cisco’s BGP course) without asking themselves “what the heck is the Internet community”.

I don’t remember when exactly I’ve created the BGP community chapter of that BGP course, but I was able to fetch a very old BGP course description from the Internet Archives … and by that time, the course was in its fifth or sixth revision. It must have been 10 years ago.

It was time to revisit the mystery. I’ve tried applying the Internet community to a network originated by the BGP routing process to see what its value is:
router bgp 65000
 network 192.168.1.0 route-map SetInternet
!
route-map SetInternet
 set community internet additive

While the router obediently attached the Internet community to the IP prefix, I was no wiser … all show outputs converted the community value into its symbolic name. I had to use Wireshark and analyze the actual routing updates between BGP neighbors to figure out that the Internet community has an illegal value 0:0. Obviously it’s not a well-known community.

If you're looking for more in-depth BGP knowledge, try our Configuring BGP on Cisco Routers e-learning solution. If you just need to enhance your hands-on skill, the BGP Remote Lab Bundle is the perfect choice.

Digging through old materials finally gave me the answer I was looking for: sometimes you need a permit all at the end of the ip community-list (like access-lists, the community-lists have an implicit deny all at the end) and someone decided that permit internet makes more sense than the familiar permit any (yes, that’s correct … you use the keyword internet to match any community in the ip community-list).

And just for the sake of completeness, let me conclude with a ten year old slide explaining this phenomenon:

Cisco partners and employees can access the BGP Communities remote lab free-of-charge on the Partner Education Connection.

4 comments:

  1. Thanks for this excellent post, Ivan; and this is definitely old school :-)

    Another amazing fact is that you still keep a 10-yrs-old presentation deck on your PC ;-)

    May be 20 years later you could become a "I.T. Networking" historian.

    I think I still have my Networkers presentation CD from 1995...somewhere...

    ReplyDelete
  2. I certainly fall into the trap of "if it's on Cisco's web site it must be gospel". I've made that mistake with books, too. In this case, there was no reason to suspect that there weren't 4 well-known communities, and the Internet community behaves as expected in the context of lab exercises. Such is the disadvantage of not using BGP all that often in my real-world, day-to-day existence.

    ReplyDelete
  3. @William: that's the benefit of having ISO 9001 system that covers (among other things) course development. Of course the slides were not on my PC but in a document repository :)

    @Ethan: don't worry, we all make the same mistake :) I wouldn't have spotted it if I hadn't been doing the background research for the BGP course.

    ReplyDelete
  4. I have stopped spreading the myth with my update here http://networkers-online.com/blog/?p=64 :)

    thanks Ivan

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.