About BGP Communities

This document provides an overview of BGP communities in Aviatrix and how to configure BGP communities to apply routing policies to route traffic to and from your on-premises or remote offices to the Aviatrix fabric.

Supported Gateways

BGP communities is supported on all Aviatrix gateways that support BGP connections.

What is a BGP Community?

A BGP community is a tag attached to BGP routes that share common characteristics. These tags are propagated between BGP peers during route advertisement. BGP communities are a powerful mechanism that allows network administrators to implement routing policies without modifying the actual route attributes.

BGP communities provide the following benefits:

  • Scalable solution for managing routing policies across large networks

  • Provides granular route control while maintaining configuration simplicity

  • Enables consistent policy application throughout multi-homed BGP environments

Primary Use Cases

BGP communities are primarily used to influence routing decisions, such as route filtering and traffic engineering.

Route Filtering

Route filtering enables control over route advertisement and acceptance between BGP peers:

  • Network administrators can select routes to advertise based on the BGP community tag.

  • BGP peers can filter incoming routes by examining the attached BGP community tag.

  • Route filtering reduces unnecessary route table updates by explicitly defining which routes should be propagated.

Traffic Engineering

Traffic engineering enables traffic flow management across networks:

  • Network administrators can identify specific routes to apply specific policies using BGP community tags.

  • BGP community tags enable implementation of policies such as AS-Path Prepend.

  • Traffic engineering creates predictable traffic flows by consistently applying policies to tagged routes.

Use Case Example

The network diagram example below represents a multi-region cloud deployment. The SDWAN devices receive BGP community tags and use these tags to influence routing decisions. For instance, if the link between SDWAN POP1 and Edge Site1 fails, then traffic is routed from SDWAN POP1 to Edge Site2 based on the BGP community received from Edge site2 and preference set on SDWAN POP1 customer router, and if the link between SDWAN POP2 and Edge Site2 fails, then traffic is routed from SDWAN POP2 to Edge Site3 based on the BGP community received from Edge site3 and preference set on SDWAN POP2 customer router.

400

Types of BGP Communities

Aviatrix supports both standardized (well-known) communities and user defined community implementation.

No-Advertise BGP Community

No-Advertise BGP community is one of the well-known BGP communities. When attached to a route from an external BGP peer, the Aviatrix gateway will not advertise the route to any other BGP peer, including Aviatrix gateways and external BGP peers.

Some common use cases of No-Advertise BGP community are:

Limited Route Distribution

  • Restricting route propagation to specific segments of the network

  • Preventing certain routes from being advertised beyond a specific point

Network Segmentation

  • Creating routing boundaries within an autonomous system

  • Isolating portions of the network for security or design purposes

Preventing Transit Traffic

  • Ensuring specific destinations are only accessible via direct connections

  • Avoiding unwanted transit traffic through network segments

No-Export BGP Community

No-Export BGP community is one of the well-known BGP communities. When attached to a route from an external BGP peer, the Aviatrix gateway will not advertise the route to any external BGP peers and advertise only to other Aviatrix gateway peers.

Some common use cases of No-Export BGP community are:

AS Boundary Control

  • Preventing internal routes from leaking to external networks

  • Implementing local routes that should not propagate globally

Backup Path Management

  • Creating backup routes that should not be re-advertised to the internet

  • Controlling route propagation in multi-homed environments

Route Filtering at Scale

  • Simplifying route filtering policies across multiple border routers

  • Ensuring consistent external routing policies

Security Considerations

  • Limiting the visibility of specific network segments

  • Preventing inadvertent route leaks to external networks

Numeric BGP Community

Numeric BGP community is a user defined community implementation. Numeric BGP community tags are numeric values specified as two 16-bit numbers (0-65535):(0-65535). Numeric BGP tags created by network administrators to categorize and influence BGP routes according to specific organizational needs.

Some common use cases for Numeric BGP community are:

Geographic Route Tagging

  • Enabling location-based routing policies

Customer Classification

  • Identifying routes by customer type or service level

Route Preference Control

  • Marking routes for specific local-preference settings

  • Implementing complex traffic engineering without AS-Path manipulation

Advanced Route Filtering

  • Creating granular route acceptance policies

  • Establishing selective route redistribution boundaries

BGP Communities Configuration

Aviatrix has three levels of BGP communities configuration: global, gateway, and connection.

Global BGP Communities Setting

Global BGP Communities is a universal setting. This setting is Off, by default.

When Global BGP Communities is On, Aviatrix gateways accept and send communities from and to external BGP peers and its attachments, unless the override BGP communities is set at the gateway-level.

Gateway-Level BGP Communities Setting

By default, a gateway will handle BGP communities according to the global BGP communities setting. Sometimes, you might want individual gateways to behave differently from the global setting, such as when testing before turning the feature on. In that case, you can override the global setting on individual gateways.

Using a gateway’s BGP communities settings, you can choose whether the gateway follows the global BGP setting or ignores it.

In this example, when both the gateway’s override settings are unchecked, the gateway will follow the global BGP setting.

bgp communities gw setting3

In this example, when the gateway’s Override BGP Communities Advertisement is checked, the gateway will ignore the global BGP communities setting and not advertise BGP communities to its BGP peers.

bgp communities gw setting1

In this example, when the gateway’s Override BGP Communities Advertisement is checked and turned On, the gateway will ignore the global BGP communities setting and advertise BGP communities to its BGP peers.

bgp communities gw setting2

Connection-Level BGP Communities Setting

Connection-level BGP communities allows you to set BGP communities for a specific external BGP peer.

With connection-level BGP communities, you can choose to:

  • Block BGP communities. The gateway will not advertise BGP communities to the external BGP peer.

  • Advertise BGP communities additively. The gateway will advertise all BGP communities that were received from peers. If any additional communities are specified, they will be added to all advertisements over this connection.

  • Advertise BGP communities as a replacement. The gateway will advertise only the additional BGP communities specified for the BGP connection and ignore the BGP communities tagged on a route to the external BGP peer.

You can enable connection-level BGP communities when you create a BGP over IPsec, BGP over GRE, or BGP over LAN external connection in Aviatrix.

Connection-level BGP communities are only advertised when the gateway advertise to BGP communities to peers setting is enabled either from the global BGP communities setting or overridden at the gateway-level.

In this example, when Global BGP Communities setting is enabled with gateway override options unchecked, then connection-level BGP communities are advertised.

bgp communities conn setting3

In this example, when Global BGP communities is disabled and gateway Advertise BGP Communities to Peers override is checked and On, then connection-level BGP communities are advertised.

bgp communities conn setting4

Enable BGP Communities Globally

To enable global BGP communities:

  1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Settings tab.

  2. Click Global BGP Communities Support toggle to On.

  3. Click Save to save your changes.

You can override this setting for a specific gateway and choose not to accept or advertise communities to BGP peers.

Enable BGP Communities on a Specific Gateway

If you prefer to override the global setting for an individual gateway, follow these steps:

  1. In Aviatrix, go to the gateway’s Settings page.

    1. For Transit or Spoke gateway, go to Cloud Fabric > Gateways, then select the gateway’s tab.

    2. For Edge Gateway, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. In the table, locate and select the gateway.

  3. In the gateway’s page, click the Settings tab.

  4. Expand the Border Gateway Protocol (BGP) section.

  5. On the BGP Communities Support card:

    1. To choose whether the gateway accepts BGP communities from its BGP peers.

      1. Check Override BGP Communities Acceptance

      2. Click Accept BGP Communities from Peers toggle to On or Off.

    2. To choose whether the gateway advertises BGP communities to its BGP peers.

      1. Check Override BGP Communities Advertisement

      2. Click Advertise BGP Communities from Peers toggle to On or Off.

  6. Click Save to save your changes.

Enable BGP Communities for a Connection

Connection-level BGP communities are advertised only when the gateway advertise to BGP communities to peers setting is enabled either from the global BGP communities setting or at the gateway-level (see Connection-Level BGP Communities Setting).

To configure BGP Communities for a new BGP connection, see Setting Up External Device Connection.

To configure BGP communities for an existing BGP connection:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. From the list of BGP connections, select the connection for which you want to configure BGP communities.

    For quick access, you can use the Filter or Search option from the toolbar to find by name or matching condition.

  3. In the connection’s Settings tab, expand the Border Gateway Protocol section.

  4. Locate Advertise BGP Communities to Peer card.

  5. From the Advertised BGP Communities dropdown, select one of the following:

    • Same as Gateway: This is the default setting for the connection. The gateway advertises the BGP communities that were received or tagged on the route.

    • Block Advertisement: The gateway will not to advertise BGP Communities received from any BGP peer or attachment.

    • Add Additional Communities: The gateway will advertise the additional BGP communities specified to the external BGP peer in addition to the BGP communities that were received or tagged on the route. You can choose to enter a numeric BGP community tag or select from the dropdown menu.

      Aviatrix supports:

      • Numeric You can specify numeric BGP community tags specified as two 16-bit numbers (0-65535):(0-65535).

      • No-Advertise When a No-Advertise BGP community is attached to a route from an external BGP peer, the Aviatrix gateway will not advertise the route to any gateway attachments or external BGP peers.

        Aviatrix gateways only support eBGP to external BGP peers.

      • No-Export When a No-Export BGP community is attached to a route from an external BGP peer, the Aviatrix gateway will not advertise the route to any external BGP peers and advertise only to gateway attachments.

        bgp communities conn setting2

    • Specific Communities: The gateway will advertise to the external BGP peer only these BGP communities specified and ignore the BGP communities that are already tagged on the route.

      bgp communities conn setting1

  6. Click Save.

Reset BGP Community Overrides

You can reset all gateways to inherit the global BGP community setting. This will remove (uncheck) all gateway-level BGP communities overrides, ensuring all gateways follow the global setting. Resetting the override will cause all gateways to stop or start handling communities, according to the global setting. This is especially useful if you need to make sure that communities are disabled across your entire fabric.

Resetting gateway-level BGP communities overrides does not reset the connection-level BGP communities. However, if gateway advertise BGP communities is not enabled either from global BGP communities setting or at the gateway-level, then connection-level BGP communties are not advertised.

  1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Settings tab.

  2. Locate Global BGP Communities Support card.

  3. Click Reset Gateway Overrides.

    This will remove (uncheck) all gateway-level BGP communities overrides, ensuring all gateways follow the global setting.

  4. Click Reset to confirm.

Viewing BGP Communities Status for a BGP Connection

When you configure BGP communities for Aviatrix gateway, you can view the BGP communities' status and the list of BGP communities received (communities tagged on the route) and additional BGP communities configured for the BGP connection.

To view BGP Communities status:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. From the list of BGP connections, select the connection for which you want to view BGP communities status.

    For quick access, you can use the Filter or Search option from the toolbar to find by name or matching condition.

  3. Click the Details tab.

  4. In the BGP table:

    1. Locate Advertise BGP Communities to Peer to view the status. Status is:

      • Enabled when Advertise BGP Communities to Peer is turned On.

      • Disabled when Advertise BGP Communities to Peer is turned Off or blocked.

    2. Locate Received Communities to view the list of BGP communities received (tagged on the route).

    3. Locate Advertise Communities to view the list of additional BGP communities configured for the BGP connection.