Building network automation solutions

9 module online course

Start now!

The Mysteries of the “Internet” BGP Community

Cisco documentation has always claimed there were four well-known communities (the Internet community being one of them), while the RFC 1997 lists three well-known values. Unfortunately, many people blindly copy the IOS documentation without asking themselves “what the heck is the Internet community”.

Update 2020-12-27: While cleaning up this 12 year old blog post I searched for the latest Cisco IOS IP Routing: BGP Command Reference document and it still contains the same error.

It was time to revisit the mystery. I’ve tried applying the Internet community to a network originated by the BGP routing process to see what its value is:

router bgp 65000
 network 192.168.1.0 route-map SetInternet
!
route-map SetInternet
 set community internet additive

While the router obediently attached the Internet community to the IP prefix, I was no wiser … all show outputs converted the community value into its symbolic name. I had to use Wireshark and analyze the actual routing updates between BGP neighbors to figure out that the Internet community has an illegal value 0:0. Obviously it’s not a well-known community.

Digging through old materials finally gave me the answer I was looking for: sometimes you need a permit all at the end of the ip community-list (like access-lists, the community-lists have an implicit deny all at the end) and someone decided that permit internet makes more sense than the familiar permit any (yes, that’s correct … you use the keyword internet to match any community in the ip community-list).

And just for the sake of completeness, let me conclude with a slide from late 1990s explaining this phenomenon:

4 comments:

  1. Thanks for this excellent post, Ivan; and this is definitely old school :-)

    Another amazing fact is that you still keep a 10-yrs-old presentation deck on your PC ;-)

    May be 20 years later you could become a "I.T. Networking" historian.

    I think I still have my Networkers presentation CD from 1995...somewhere...
  2. I certainly fall into the trap of "if it's on Cisco's web site it must be gospel". I've made that mistake with books, too. In this case, there was no reason to suspect that there weren't 4 well-known communities, and the Internet community behaves as expected in the context of lab exercises. Such is the disadvantage of not using BGP all that often in my real-world, day-to-day existence.
  3. @William: that's the benefit of having ISO 9001 system that covers (among other things) course development. Of course the slides were not on my PC but in a document repository :)

    @Ethan: don't worry, we all make the same mistake :) I wouldn't have spotted it if I hadn't been doing the background research for the BGP course.
  4. I have stopped spreading the myth with my update here http://networkers-online.com/blog/?p=64 :)

    thanks Ivan
Add comment
Sidebar