And in this section we're going to talk
about how you could give policy control
to customers so as far as customer
policy control goes your ISPs can have
two main options on how to handle policy
control for them either you don't have
delegation of policy options which means
a customer has no options they have no
choices and if they want a particular
change the ISP technical support have to
manually handle it or you could give
limited delegation of policy options to
the customer so the customer has certain
choices out of a fixed menu and for
those particular choices the ISP
technical support does not need to be
involved the only way to implement the
limited delegation is by using bgp
community the only viable way of
offering those control options to
customers so let's look at some a recap
of typical definitions of communities
this slide shows you some sample
communities that will be defined by your
by an ISP so if there is nothing then
there's no community then there's no
community set just announced everywhere
if there's a community one then prepend
one store bgp neighbors to prepare twice
to or between neighbors three prepare
three times to bgp neighbors eighty set
a local preference of eighty on the
customer prefixes 120s at a local
preference to 120 on the customer
prefixes six six six black hole this
route please do not announce it anywhere
or announce it to the next hope of now
five thousand do not announce this to
any bgp peer and then we have five mmm
and then a number n which is we're going
to look at in the next couple of slides
so the initial communities was discussed
at the start of this set of videos but
the new communities
five mm and I was covering in more
detail so what this means is the ISP in
autonomous system X documents the BGP
transits and PS that they have which are
mm and they can be 0 1 to 99 and then
the ISP indicates how many prepends they
will support n is a number so it can be
1 to 9 but realistically for prepends is
really more than enough on today's
internet because the Internet is about
5s is wide customers that can then
construct communities do the prepending
or announcement blocking that they
desire for example if a customer tags
are prefix announcement with a hundred :
5 0 3 0 what this means is s 100 should
not send this prefix to neighbour 0 3
that you see in red if the customer tags
are prefixed with 105 1 0 2 it means you
enter two times prefix announcement
prepend to Pier number 10 which have
appear that is not that in this case 0 0
would be things that you want to apply
to all peers and this is why we start
from 0 1 to 99 to list the particular
peers that they have this is an example
an ISP in s 100 has two up streams they
create a policy based on the previous
slide and they want to an allow
announcements and up to three prepends
ok so they create community lists that
match these communities as follows we
have 100 which is permit 100 : 5000 then
1 0 1 which permits 100 : 5 0 1 100 to
105 0 0 2 all the way down as you see
the list 2 1 2 3 which permits 100 : 5 0
2 3 now the 105,000 is don't announce
anywhere the 100 : 5 0 0
which means a single prepend to all then
the community lists for the communities
that begin with five zero one and then a
number the zero means don't announce
appear one the five zero one one means
one repent to Pier one five zero one two
two prepares to pier 2 etcetera
similarly five zero two zero don't
announce to Pier 2 2 1 1 prepare to PR 2
2 2 to prepare appear to eat easy to
implement this the route maps we will
look similar to the following so you'd
have a route map BGP neighbors 0 1
denied 10 remember the first statement
is things that you want to drop and you
match IP community 101 1 0 anything that
is inside those lists will be denied so
those prefixes will be dropped then the
next statement is route map BGP neighbor
0 1 permit 20 and we are matching the
communities in 1 0 1 and 1 1 1 so 1 0 1
will have the community that allows you
to prepend just once to every single
neighbor and 1 1 1 has the community
that allows you to prepend once just to
the first neighbor 0 120 will have 1 0 2
and 1 1 2 and 4 T similarly and then at
the end we have a statement root my BGP
neighbor 0 1 permit 52 allow all other
prefixes and modified so for neighbor
true it's going to be similar to
neighbor one that we saw preview on the
previous slide so denied 10 is the very
first statement and be much community
100 which is to drop to every single
neighbor as well as 120 which is to drop
all prefixes to neighbor number 2 and
then the next statement is a permit
statement and we are matching 1 0 1
which is everyone we need to prepared
once and then
to one we need to prepared once only to
pier number two all the way down to
permit 40 which matches one zero three
and one two three and prepends three
times
lastly similarly to the previous slide
you have a default permit 50 added to
the bottom because route maps have a
implicit deny all so every other prefix
will be passed through and touched
so the ruta bgp session on the isp will
look similar to this slide so you have
the address families IP before the
remote s is 200 for one of the up
streams and then 300 for the second
upstream or the second peer and you
apply these route maps on the outbound
for the inbound you have a different
policy 0 1 and 0 2 under inbound and
based on what you have agreed to offer
the different peers so as long as the
customer sets the appropriate community
the police will be applied to their
prefixes so if you're looking at a
customer rota this slide shows you what
they could probably have and then s 600
and the appearing session with 100 has a
route map upstream out on the outbound
and of course a prefix lists for the
inbound the route map has a permit 10 it
matches the prefix list that we are
interested in and sets the community 105
0 1 0 as well as 105 0 2 3 the second
one just matches the aggregate and
doesn't set any communities on it so 5 0
2 3 is going to do a three times repent
of block a towards the upstream second
neighbor and 5 0 1 0 says do not
announce this block a towards the first
bgp neighbor and then the aggregate is
going to go to everybody with no
specific policy so in this case you've
given a customer a lot of flexibility
into how they could signal to the
upstream what they want to be done with
their now
so the advantages the customers
flexibility and ISP technical support
does not need to be involved the
disadvantage is this routing policy can
upset your internal ISP load-balancing
tuning and also you need to have a
really well informed customer who knows
how to set these things correctly so
this kind of policy control is very
useful but you should only consider it
if your customers are the kind of
customers who understand BGP enough that
they know how to set these different
policies and have the actual need
to set it. In the scenario where you
handle your load balancing yourself and
do not need to offer this downstream,
then discuss from a policy control
is not as useful.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.