A reader of my blog experienced problems setting no-export BGP community. Here’s a quick how-to guide (if you’re new to BGP, you might want to read BGP Communities and BGP and route maps posts first).
The no-export BGP community is defined in RFC 1997: “All routes received carrying a [BGP] communities attribute containing this value MUST NOT be advertised outside a BGP confederation boundary” (i.e. outside our own AS, or across regular EBGP sessions).
If you want to use the no-export community to ensure some of your prefixes are never announced to routers outside of your AS, then the router originating the prefix should set the community with a network route-map or redistribute route-map BGP router configuration command. This design is commonly used in large ISP networks that propagate provider aggregatable customer prefixes in BGP.
If you want to use the no-export community to prevent the upstream AS (your ISP) from propagating a BGP prefix to the rest of the Internet (example: advertising two /25s for traffic engineering purposes), then you MUST NOT set the community with the network or redistribute command – the default filters applied to every EBGP session would never allow such a prefix to be propagated to EBGP peers.
In this case you MUST attach the no-export community to the BGP prefixes you’re advertising with a neighbor route-map command (or neighbor default-originate route-map command – see the comment by Jose Jara) because the route map attached to a BGP neighbor gets executed (and the no-export community attached to BGP prefixes) after the default filters have already been applied.