The Mysteries of the “Internet” BGP Community

Cisco documentation has always claimed there were four well-known communities (the Internet community being one of them), while the RFC 1997 lists three well-known values. Unfortunately, many people blindly copy the IOS documentation without asking themselves “what the heck is the Internet community”.

Update 2020-12-27: While cleaning up this 12 year old blog post I searched for the latest Cisco IOS IP Routing: BGP Command Reference document and it still contains the same error.

It was time to revisit the mystery. I’ve tried applying the Internet community to a network originated by the BGP routing process to see what its value is:

router bgp 65000
 network route-map SetInternet
route-map SetInternet
 set community internet additive

While the router obediently attached the Internet community to the IP prefix, I was no wiser … all show outputs converted the community value into its symbolic name. I had to use Wireshark and analyze the actual routing updates between BGP neighbors to figure out that the Internet community has an illegal value 0:0. Obviously it’s not a well-known community.

Digging through old materials finally gave me the answer I was looking for: sometimes you need a permit all at the end of the ip community-list (like access-lists, the community-lists have an implicit deny all at the end) and someone decided that permit internet makes more sense than the familiar permit any (yes, that’s correct … you use the keyword internet to match any community in the ip community-list).

And just for the sake of completeness, let me conclude with a slide from late 1990s explaining this phenomenon:


  1. Thanks for this excellent post, Ivan; and this is definitely old school :-)

    Another amazing fact is that you still keep a 10-yrs-old presentation deck on your PC ;-)

    May be 20 years later you could become a "I.T. Networking" historian.

    I think I still have my Networkers presentation CD from 1995...somewhere...
  2. I certainly fall into the trap of "if it's on Cisco's web site it must be gospel". I've made that mistake with books, too. In this case, there was no reason to suspect that there weren't 4 well-known communities, and the Internet community behaves as expected in the context of lab exercises. Such is the disadvantage of not using BGP all that often in my real-world, day-to-day existence.
  3. @William: that's the benefit of having ISO 9001 system that covers (among other things) course development. Of course the slides were not on my PC but in a document repository :)

    @Ethan: don't worry, we all make the same mistake :) I wouldn't have spotted it if I hadn't been doing the background research for the BGP course.
  4. I have stopped spreading the myth with my update here :)

    thanks Ivan
  5. RFC 1997 actually states its the default community. Which makes sense since by default routes will be advertised as normal.

    "" Community A community is a group of destinations which share some common property.

      Each autonomous system administrator may define which communities
      a destination belongs to.  By default, all destinations belong to
      the general Internet community.""
    1. Thanks for the pointer! I agree what you quoted defines the concept of communities, and of course the global routing table belongs to the Internet community. However, the RFC never defines the value for that community (because it cannot have a fixed value).

      Using internet instead of all or any in access lists and value 0 for internet when setting community attributes is at least a bit counterintuitive.

    2. I agree the RFC leaves a lot to be desired in making this clear. I think its important to note that this isn't just Cisco's interpretation of the RFC, but Junos documentation as well.

Add comment