Hmm, we just are discussing this issue in the private mail -:). The internet is ripen for this idea, isn't it? Can I add you to this discussion (am not sure if it was ready for the nanog at whole yet)? You are quite right, but my concept of this was another a little. First of all, any ISP can realise only those communities which do not restrict their own policies and make the routing more stable. Second, why don't you mentioned the AS-PREPEND methods are widely used only because there is not well known community _SET-LOW-LOCALPREF_ known buy the over-world ISP's. I think, it should be started from the simple things which can be realised. First of all, there is a global demand for the BACK-UP well-known community. This days ISP often use different ASxxx:70 etc communities to distinguish back-up and primary links, or (for example) RUSSIA-ONLY+BACK-UP/INTERNATIONAL link usages. It works fine, except existing trigger effect - if you back-up announce have not glocal decreasing localpreference over the world, and there is a few transit AS-es between your primary and secondary links, there exist the trigger effect - after the back-up link became primary, the right connectivity can not turn back after the primary link will be restored. I can explain this in details, if you want. This is the first demand, and moreover, it's safe to realise such option over the world-wide ISP because it don't restrict existing policies but prevent you from the numerous AS-PREPEND's (did someone attempted to calculate the number os this prepends in the existing network?). This is, WORST-PATHS (or BACK-UP-PATHS) global community should be the first step, and should be _HIGHLY RECOMMENDED FOR REALISATION_. The second proposals could be ones you proposed below, with one only change - it's better to have _set up WORST-PATHS community_ instead of _add 10 AS-PREPENDS_ in most cases. May be (this can restrict existing policies and I am not sure) there is demand for the REGIONAL-BASED communities (WORST-PATHS-FOR-{AMERICA/EUROPE/AZIA/etc}, but it seems for me the crazy idea. This communities should be _RECOMMENDED IF DO NOT RESTRICT EXISTING POLICIES_. In addition, there is demand to make internal-used communities more safe than this days (if ISP use it's internal communities and the customer-defined communities, it have a chance to pass customer's communities into his network or to drop out all customer-defined communities including the global ones). Then, please point me any cases when you does need NO-EXPORT or NO-ADVERTISE communities (if you are not the primary ISP)? Usially, you need - no export to the uplinks, or back-up to the uplinks - no export to the peers, or back-up to the peers (last restrict the policies, btw) - no export to the expansive inter-continent links, or back-up to those links.
n=7 If you announce to AS <arg>, prepend your own AS six times. ^^^^^^^^^^^^ Just what I was talking about - wrong method used because we had not another one... -:) See the fist step above...
n=15 This contains the old well-known communities. Perhaps this could also double as "set local preference to <arg>?" Approx what I meant, but remember - ISP can't allow transit or peering neighbour to inject pathes withouth strict control, and can't allow you ANY localpref. But usially they can allow you (and anyone) to use decreasing-communities (instead of writing 10 - 20 prepends_.
Alex Bligh noted that main stream IOS has insufficient means of manipulating communities. The bleeding edge versions have had methods for removing only some communities while preserving others for a good time now. I do agree though that routing policies can often be much more complicated than what is implementable with route-maps no matter how modern. Yes, and it's very pleasant to have in ISP some SELECTION-CLASS allowing you to define community-localpref interaction withouth writing it in every route-map explicitly.
But its' more CISCO concern.
-- Aleksi Suhonen
Here is a sample shell script that does simple automagic. If anyone would use it, it would need to be modified to implement one's own routing policy too. It is included only as an example and proof of concept. I have not tested that what it produces actually works.
#!/bin/sh # Usage: this-program my-as their-as their-ip comm-list session-type # comm-list: index of first available "ip community-list" # session-type: (T)ransit (P)eer (C)ustomer
my_as=$1 their_as=$2 their_ip=$3 comm_deny=$4 comm_pre1=`echo 1+$4|bc` comm_pre2=`echo 2+$4|bc` comm_pre3=`echo 3+$4|bc` comm_pre4=`echo 4+$4|bc` comm_pre5=`echo 5+$4|bc` comm_pre6=`echo 6+$4|bc` comm_loas=`echo 7+$4|bc` comm_noad=`echo 8+$4|bc` comm_noex=`echo 9+$4|bc`
# these can be reused for all sessions comm_local_pref_80=1 comm_local_pref_90=2 comm_local_pref_110=3 comm_remove=4 # set these to your values transit_route_tag=${my_as}:666 peer_route_tag=${my_as}:555 customer_route_tag=${my_as}:777 route_map_name_prefix=axu-${their_as}
case $5 in T*) announce_community=$customer_route_tag denounce_community="$transit_route_tag $peer_route_tag" tag_community=$transit_route_tag default_preference=90 their_class=0 ;; P*) announce_community=$customer_route_tag denounce_community="$transit_route_tag $peer_route_tag" tag_community=$peer_route_tag default_preference=100 their_class=65535 ;; *) announce_community="$transit_route_tag $peer_route_tag $customer_route_t ag" denounce_community="" tag_community=$customer_route_tag default_preference=101 their_class=65534 ;; esac
denounce_community="$denounce_community 65520:${their_as} 65520:${their_class}"
cat <<EOF ! reused community-lists ip community-list $comm_local_pref_80 deny 65535:100 ip community-list $comm_local_pref_80 permit 65535:80 ip community-list $comm_local_pref_90 deny 65535:100 ip community-list $comm_local_pref_90 permit 65535:90 ip community-list $comm_local_pref_110 deny 65535:100 ip community-list $comm_local_pref_110 permit 65535:110 ip community-list $comm_remove permit 65535:80 65535:90 65535:100 65535:110 ip community-list $comm_remove permit $transit_route_tag $peer_route_tag ip community-list $comm_remove permit $customer_route_tag
! new community-lists ip community-list $comm_deny permit $denounce_community ip community-list $comm_pre1 permit 65522:${their_as} ip community-list $comm_pre1 permit 65522:${their_class} ip community-list $comm_pre2 permit 65523:${their_as} ip community-list $comm_pre2 permit 65523:${their_class} ip community-list $comm_pre3 permit 65524:${their_as} ip community-list $comm_pre3 permit 65524:${their_class} ip community-list $comm_pre4 permit 65525:${their_as} ip community-list $comm_pre4 permit 65525:${their_class} ip community-list $comm_pre5 permit 65526:${their_as} ip community-list $comm_pre5 permit 65526:${their_class} ip community-list $comm_pre6 permit 65527:${their_as} ip community-list $comm_pre6 permit 65527:${their_class} ip community-list $comm_loas permit 65528:${their_as} ip community-list $comm_loas permit 65528:${their_class} ip community-list $comm_noad permit 65529:${their_as} ip community-list $comm_noad permit 65529:${their_class} ip community-list $comm_noex permit 65530:${their_as} ip community-list $comm_noex permit 65530:${their_class}
route-map ${route_map_name_prefix}-in permit 10 match community $comm_local_pref_80 set local-preference 80 set comm-list $comm_remove delete set community $tag_community additive ! route-map ${route_map_name_prefix}-in permit 20 match community $comm_local_pref_90 set local-preference 90 set comm-list $comm_remove delete set community $tag_community additive ! route-map ${route_map_name_prefix}-in permit 30 match community $comm_local_pref_110 set local-preference 110 set comm-list $comm_remove delete set community $tag_community additive ! route-map ${route_map_name_prefix}-in permit 40 set local-preference $default_preference set comm-list $comm_remove delete set community $tag_community additive ! route-map ${route_map_name_prefix}-out deny 10 match community $comm_deny ! route-map ${route_map_name_prefix}-out permit 20 match community $comm_pre1 set as-path prepend ${my_as} ! route-map ${route_map_name_prefix}-out permit 30 match community $comm_pre2 set as-path prepend ${my_as} ${my_as} ! route-map ${route_map_name_prefix}-out permit 40 match community $comm_pre3 set as-path prepend ${my_as} ${my_as} ${my_as} ! route-map ${route_map_name_prefix}-out permit 50 match community $comm_pre4 set as-path prepend ${my_as} ${my_as} ${my_as} ${my_as} ! route-map ${route_map_name_prefix}-out permit 60 match community $comm_pre5 set as-path prepend ${my_as} ${my_as} ${my_as} ${my_as} ${my_as} ! route-map ${route_map_name_prefix}-out permit 70 match community $comm_pre6 set as-path prepend ${my_as} ${my_as} ${my_as} ${my_as} ${my_as} ${my_as} ! route-map ${route_map_name_prefix}-out permit 80 match community $comm_loas set comm-list $comm_loas delete set community local-AS additive ! route-map ${route_map_name_prefix}-out permit 90 match community $comm_noad set comm-list $comm_noad delete set community no-advertise additive ! route-map ${route_map_name_prefix}-out permit 100 match community $comm_noex set comm-list $comm_noex delete set community no-export additive ! route-map ${route_map_name_prefix}-out permit 110
router bgp ${my_as} neighbor ${their_ip} remote-as ${their_as} neighbor ${their_ip} next-hop-self neighbor ${their_ip} send-community neighbor ${their_ip} remove-private-AS neighbor ${their_ip} route-map ${route_map_name_prefix}-in in neighbor ${their_ip} route-map ${route_map_name_prefix}-out out EOF
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)