And in this section we're going to talk about how you could give policy control to customers so as far as customer policy control goes your ISPs can have two main options on how to handle policy control for them either you don't have delegation of policy options which means a customer has no options they have no choices and if they want a particular change the ISP technical support have to manually handle it or you could give limited delegation of policy options to the customer so the customer has certain choices out of a fixed menu and for those particular choices the ISP technical support does not need to be involved the only way to implement the limited delegation is by using bgp community the only viable way of offering those control options to customers so let's look at some a recap of typical definitions of communities this slide shows you some sample communities that will be defined by your by an ISP so if there is nothing then there's no community then there's no community set just announced everywhere if there's a community one then prepend one store bgp neighbors to prepare twice to or between neighbors three prepare three times to bgp neighbors eighty set a local preference of eighty on the customer prefixes 120s at a local preference to 120 on the customer prefixes six six six black hole this route please do not announce it anywhere or announce it to the next hope of now five thousand do not announce this to any bgp peer and then we have five mmm and then a number n which is we're going to look at in the next couple of slides so the initial communities was discussed at the start of this set of videos but the new communities five mm and I was covering in more detail so what this means is the ISP in autonomous system X documents the BGP transits and PS that they have which are mm and they can be 0 1 to 99 and then the ISP indicates how many prepends they will support n is a number so it can be 1 to 9 but realistically for prepends is really more than enough on today's internet because the Internet is about 5s is wide customers that can then construct communities do the prepending or announcement blocking that they desire for example if a customer tags are prefix announcement with a hundred : 5 0 3 0 what this means is s 100 should not send this prefix to neighbour 0 3 that you see in red if the customer tags are prefixed with 105 1 0 2 it means you enter two times prefix announcement prepend to Pier number 10 which have appear that is not that in this case 0 0 would be things that you want to apply to all peers and this is why we start from 0 1 to 99 to list the particular peers that they have this is an example an ISP in s 100 has two up streams they create a policy based on the previous slide and they want to an allow announcements and up to three prepends ok so they create community lists that match these communities as follows we have 100 which is permit 100 : 5000 then 1 0 1 which permits 100 : 5 0 1 100 to 105 0 0 2 all the way down as you see the list 2 1 2 3 which permits 100 : 5 0 2 3 now the 105,000 is don't announce anywhere the 100 : 5 0 0 which means a single prepend to all then the community lists for the communities that begin with five zero one and then a number the zero means don't announce appear one the five zero one one means one repent to Pier one five zero one two two prepares to pier 2 etcetera similarly five zero two zero don't announce to Pier 2 2 1 1 prepare to PR 2 2 2 to prepare appear to eat easy to implement this the route maps we will look similar to the following so you'd have a route map BGP neighbors 0 1 denied 10 remember the first statement is things that you want to drop and you match IP community 101 1 0 anything that is inside those lists will be denied so those prefixes will be dropped then the next statement is route map BGP neighbor 0 1 permit 20 and we are matching the communities in 1 0 1 and 1 1 1 so 1 0 1 will have the community that allows you to prepend just once to every single neighbor and 1 1 1 has the community that allows you to prepend once just to the first neighbor 0 120 will have 1 0 2 and 1 1 2 and 4 T similarly and then at the end we have a statement root my BGP neighbor 0 1 permit 52 allow all other prefixes and modified so for neighbor true it's going to be similar to neighbor one that we saw preview on the previous slide so denied 10 is the very first statement and be much community 100 which is to drop to every single neighbor as well as 120 which is to drop all prefixes to neighbor number 2 and then the next statement is a permit statement and we are matching 1 0 1 which is everyone we need to prepared once and then to one we need to prepared once only to pier number two all the way down to permit 40 which matches one zero three and one two three and prepends three times lastly similarly to the previous slide you have a default permit 50 added to the bottom because route maps have a implicit deny all so every other prefix will be passed through and touched so the ruta bgp session on the isp will look similar to this slide so you have the address families IP before the remote s is 200 for one of the up streams and then 300 for the second upstream or the second peer and you apply these route maps on the outbound for the inbound you have a different policy 0 1 and 0 2 under inbound and based on what you have agreed to offer the different peers so as long as the customer sets the appropriate community the police will be applied to their prefixes so if you're looking at a customer rota this slide shows you what they could probably have and then s 600 and the appearing session with 100 has a route map upstream out on the outbound and of course a prefix lists for the inbound the route map has a permit 10 it matches the prefix list that we are interested in and sets the community 105 0 1 0 as well as 105 0 2 3 the second one just matches the aggregate and doesn't set any communities on it so 5 0 2 3 is going to do a three times repent of block a towards the upstream second neighbor and 5 0 1 0 says do not announce this block a towards the first bgp neighbor and then the aggregate is going to go to everybody with no specific policy so in this case you've given a customer a lot of flexibility into how they could signal to the upstream what they want to be done with their now so the advantages the customers flexibility and ISP technical support does not need to be involved the disadvantage is this routing policy can upset your internal ISP load-balancing tuning and also you need to have a really well informed customer who knows how to set these things correctly so this kind of policy control is very useful but you should only consider it if your customers are the kind of customers who understand BGP enough that they know how to set these different policies and have the actual need to set it. In the scenario where you handle your load balancing yourself and do not need to offer this downstream, then discuss from a policy control is not as useful.

Related Documents

Exercises

© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon. 

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.