BGP Large Communities
Overview
BGP routing policies control route distribution and behavior across networks. Communities, optional transitive BGP attributes associate operational metadata with routes, like origin location or specific routing actions. However, standard and extended BGP community attributes fall short in environments using 4-byte Autonomous System Numbers (ASNs).
To solve this issue, BGP introduced the Large Community (LC) attribute. It consists of an unordered set of one or more twelve-octet values, including: A 4-byte Global Administrator field (typically the ASN) and two 4-byte operator-defined fields.
These attributes enable operators to encode information pertinent to their routing policies and operational needs. Operators must not transmit duplicate values, and receiving BGP speakers must silently discard any redundant entries.
Feature Characteristics
OcNOS enhanced support for BGP Large Communities by:
• Allowing route-maps to match and manipulate multiple large-community values.
• Supporting configuration adjustments for additive operations (appending values) and deleting specific values.
• Introducing ip large-community-list to organize and reuse large-community match criteria.
Note: For details on upgrading and downgrading versions, refer to the OcNOS Migration Guide.
Benefits
Scalable Policy Management: Named community-lists simplify reuse and maintenance across multiple route-maps.
Enhanced Flexibility: Additive and deletion capabilities allow policy controls without impacting other community values.
Future-Proofing: Prepares networks for advanced policy frameworks as multi-ASN and operator-specific routing needs evolve.
Configuration
This section illustrates the use of BGP Large Communities for scalable and consistent route policy enforcement in a service provider or multi-tenant environment. It highlights how route tagging at the source (Router A), centralized policy processing at a Route Reflector (Router B), and controlled propagation to downstream routers (Router C) enable flexible traffic engineering, service differentiation, or route filtering, without the need for policy replication on every node.
Topology
The figure below consists of three BGP routers in a route-reflector setup. Router B acts as the Route Reflector (RR), while routers A and C are its RR clients. There are no direct iBGP sessions between A and C; all BGP routing information exchange flows through the RR.
Each client establishes iBGP sessions with B for the following address families:
• IPv4 Unicast
• IPv6 Unicast
• VPNv4 Unicast
In this setup, Router A originates prefixes with large communities. Router B uses a policy engine to match, strip, and overwrite these communities using a route-map. It then advertises the modified routes to Router C. Router C applies a large-community filter to accept only those routes that match the expected community values. This demonstrates policy-based route control using BGP Large Communities in an RR-based MPLS network.
BGP Large Community-Based Routing Policy Flow
Prerequisites
Note: Before configuration, meet all prerequisites.
1. Routing Configurations On Routers A, B, and C
• Set a loopback-based stable router ID for BGP, OSPF, and LDP.
• Define VRFs and import or export route targets.
• Configure LDP
Router A
router-id 2.2.2.2
!
ip vrf A
rd 4200000000:2
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
router ldp
transport-address ipv4 2.2.2.2
!
Router B
router-id 5.5.5.5
!
ip vrf A
rd 4200000000:5
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
router ldp
transport-address ipv4 5.5.5.5
!
Router C
router-id 4.4.4.4
!
ip vrf A
rd 4200000001:4
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
router ldp
transport-address ipv4 4.4.4.4
!
2. Interface Setup Configurations on Routers A, B, and C
• Configure the loopback interface for IPv4 or IPv6.
• Configure key interfaces connecting to core, CE, and PE neighbors. Ensure proper VRF bindings and IP assignments.
Router A
interface eth8
ip vrf forwarding A
ip address 20.2.0.2/24
!
interface eth7
ip address 10.17.0.2/24
!
interface eth6
ip vrf forwarding B
ip address 10.19.0.2/24
!
interface eth5
ip address 10.14.0.2/24
!
interface eth4
ip address 10.11.0.2/24
ipv6 address ::10.11.0.2/120
ipv6 address 2255::2522/120
ipv6 router ospf area 0.0.0.0 instance-id 0
!
interface eth3
ip vrf forwarding A
ip address 10.3.0.2/24
!
interface eth2
ip address 10.7.0.2/24
ipv6 address ::10.7.0.2/120
ipv6 address 2244::2422/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth1
ip vrf forwarding A
ip address 10.1.0.2/24
ipv6 address ::10.1.0.2/120
ipv6 address 1122::1222/120
!
interface eth0
ip address 10.16.42.207/24
!
interface lo
ip address 127.0.0.1/8
ip address 2.2.2.2/32 secondary
ipv6 address ::1/128
ipv6 address 2222::2222/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
Router B
interface eth6
ip address 10.10.0.5/24
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth5
!
interface eth4
ip address 10.11.0.5/24
ipv6 address ::10.11.0.0/24
ipv6 address 2525::2555/120
ipv6 router ospf area 0.0.0.0 instance-id 0
!
interface eth3
ip vrf forwarding A
ip address 20.5.0.5/24
!
interface eth2
!
interface eth1
!
interface eth0
ip address 10.16.42.210/24
!
interface lo
ip address 127.0.0.1/8
ip address 5.5.5.5/32 secondary
ipv6 address ::1/128
ipv6 address 5555::5555/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
Router C
interface eth6
ip address 10.10.0.4/24
ipv6 address ::10.10.0.4/120
ipv6 address 4545::4544/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth5
ip address 10.5.0.4/24
label-switching
enable-ldp ipv4
!
interface eth4
ip address 10.9.0.4/24
label-switching
enable-ldp ipv4
!
interface eth3
ip address 10.8.0.4/24
label-switching
enable-ldp ipv4
!
interface eth2
ip address 10.7.0.4/24
ipv6 address ::10.7.0.4/120
ipv6 address 2244::2444/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth1
ip vrf forwarding A
ip address 20.4.0.4/24
!
interface eth0
ip address 10.16.42.209/24
!
interface lo
ip address 127.0.0.1/8
ip address 4.4.4.4/32 secondary
ipv6 address ::1/128
ipv6 address 4444::4444/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
3. Configure OSPF on Routers A, B, and C
Router A
router ospf 1
network 2.2.2.2/32 area 0.0.0.0
network 10.7.0.0/24 area 0.0.0.0
network 10.11.0.0/24 area 0.0.0.0
network 10.14.0.0/24 area 0.0.0.0
network 10.17.0.0/24 area 0.0.0.0
network 10.19.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
Router B
router ospf 1
network 5.5.5.5/32 area 0.0.0.0
network 10.10.0.0/24 area 0.0.0.0
network 10.11.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
Router C
router ospf 1
network 4.4.4.4/32 area 0.0.0.0
network 10.5.0.0/24 area 0.0.0.0
network 10.7.0.0/24 area 0.0.0.0
network 10.8.0.0/24 area 0.0.0.0
network 10.9.0.0/24 area 0.0.0.0
network 10.10.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
4. Configure Static Routes on Routers A and C: Ensure fallback reachability.
Router A
ip route 150.150.150.150/32 10.14.0.150
!
ipv6 route 1234::4500/120 2244::2423
!
Router C
!
ip route vrf A 60.10.10.0/24 20.4.0.60
!
Router A - Large Community Configuration
Tag outbound BGP routes with two large community values (1:2:3 and 4:5:6) to influence downstream routing behavior.
• Define the Route Map to Set Communities: Router A adds large community values 1:2:3 and 4:5:6 to outbound routes.
OcNOS(config)#route-map set-lc-tag-out permit 10
OcNOS(config-route-map)#set large-community 1:2:3 4:5:6
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Apply the Route Map in BGP: To all relevant address-families (IPv4, VPNv4, IPv6), apply the route map outbound to peer B (5.5.5.5 and 5555::5555)
router bgp 4200000000
neighbor 5.5.5.5 remote-as 4200000000
neighbor 5.5.5.5 update-source lo
neighbor 5555::5555 remote-as 4200000000
neighbor 5555::5555 update-source lo
!
address-family ipv4 unicast
redistribute static
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 route-map set-lc-tag-out out
exit-address-family
!
address-family vpnv4 unicast
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 route-map set-lc-tag-out out
exit-address-family
!
address-family ipv6 unicast
redistribute static
neighbor 5555::5555 activate
neighbor 5555::5555 route-map set-lc-tag-out out
exit-address-family
!
exit
!
Router B - Large Community Match and Rewrite Configuration
Match received BGP routes containing large community 1:2:3 and 4:5:6, strip them, and apply new values 40:50:60 and 10:20:30.
• Define a Large Community List:
OcNOS(config)#ip large-community-list 1 permit 1:2:3 4:5:6
OcNOS(config)#commit
• Create a Route Map with Match and Rewrite: Router B detects and removes original communities, then re-tags the route with updated communities.
OcNOS(config)#route-map set-lc-tag-out permit 10
OcNOS(config-route-map)#match large-community 1
OcNOS(config-route-map)#set large-comm-list 1 delete
OcNOS(config-route-map)#set large-community 40:50:60 10:20:30 additive
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Apply the Route Map in BGP: Apply it outbound only on peer C (4.4.4.4 and 4444::4444).
router bgp 4200000000
neighbor 2.2.2.2 remote-as 4200000000
neighbor 2.2.2.2 update-source lo
neighbor 4.4.4.4 remote-as 4200000000
neighbor 4.4.4.4 update-source lo
neighbor 2222::2222 remote-as 4200000000
neighbor 2222::2222 update-source lo
neighbor 4444::4444 remote-as 4200000000
neighbor 4444::4444 update-source lo
!
address-family ipv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 route-map set-lc-tag-out out
exit-address-family
!
address-family vpnv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 route-map set-lc-tag-out out
exit-address-family
!
address-family ipv6 unicast
neighbor 2222::2222 activate
neighbor 2222::2222 route-reflector-client
neighbor 4444::4444 activate
neighbor 4444::4444 route-reflector-client
neighbor 4444::4444 route-map set-lc-tag-out out
exit-address-family
!
exit
!
Router C - Passive Role in Large Community Policy
Participate in BGP flow and MPLS forwarding. No large community changes or filters. Acts as a transit or receiving node.
• No ip large-community-list or route-map configuration.
• Standard BGP peerings with B (5.5.5.5 and 5555::5555).
• Router C accepts routes tagged with modified large community from B and may forward based on policy.
router bgp 4200000000
neighbor 5.5.5.5 remote-as 4200000000
neighbor 5.5.5.5 update-source lo
neighbor 5555::5555 remote-as 4200000000
neighbor 5555::5555 update-source lo
!
address-family ipv4 unicast
neighbor 5.5.5.5 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 5.5.5.5 activate
exit-address-family
!
address-family ipv6 unicast
neighbor 5555::5555 activate
exit-address-family
!
address-family ipv4 vrf A
exit-address-family
!
exit
!
ip route vrf A 60.10.10.0/24 20.4.0.60
!
Validation
Verify that the routes are being advertised correctly to Router B and are carrying the intended community tags (in this case, Large Communities 1:2:3 and 4:5:6).
The show ip bgp command confirms that the IPv4 unicast route (e.g. 150.150.150.150/32) exists in the local BGP table. The BGP session to B (neighbor 5.5.5.5) is active and routes are sent.
Router A#show ip bgp
BGP table version is 1, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal,
l - labeled, S Stale, x-EVPN
Origin codes: i - IGP, e - EGP, ? - incomplete
Description : Ext-Color - Extended community color
Network Next Hop Metric LocPrf Weight Path Ext-Color
*> 150.150.150.150/32
10.14.0.150 0 100 32768 ? -
Total number of prefixes 1
Router B#show ip bgp
BGP table version is 3, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal,
l - labeled, S Stale, x-EVPN
Origin codes: i - IGP, e - EGP, ? - incomplete
Description : Ext-Color - Extended community color
Network Next Hop Metric LocPrf Weight Path Ext-Color
*>i 150.150.150.150/32
10.14.0.150 0 100 0 ? -
Total number of prefixes 1
The show ip bgp 150.150.150.150 command confirms that the route is locally originated and advertised to B. It is useful for verifying if the prefix is a candidate for applying the Large Community policy.
Router A#show ip bgp 150.150.150.150
BGP routing table entry for 150.150.150.150/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
5.5.5.5
Local
Path Selection reason: Nothing left to compare
Nexthop:10.14.0.150 from 0.0.0.0 (Router ID:2.2.2.2)
Origin incomplete,metric 0, localpref 100, weight 32768 valid, sourced, best, source-safi: 1
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Last update: Tue Jun 3 12:18:26 2025, 00:41:49 ago
Router B#show ip bgp 150.150.150.150
BGP routing table entry for 150.150.150.150/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
4.4.4.4
Local, (Received from a RR-client)
Path Selection reason: Nothing left to compare
Nexthop:10.14.0.150 (IGP metric 2) from 2.2.2.2 (Remote Id:2.2.2.2) Peer nexthop: 2.2.2.2
Origin incomplete, metric 0, localpref 100 valid, internal, best, source-safi: 1
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 1:2:3 4:5:6
Last update: Tue Jun 3 12:55:57 2025, 00:01:18 ago
Router C#show ip bgp 150.150.150.150
BGP routing table entry for 150.150.150.150/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
Local
Path Selection reason: Nothing left to compare
Nexthop:10.14.0.150 (IGP metric 3) from 5.5.5.5 (Originator Id:2.2.2.2) (Remote Id:5.5.5.5) Peer nexthop: 5.5.5.5
Origin incomplete, metric 0, localpref 100 valid, internal, best, source-safi: 1
Originator: 2.2.2.2, Cluster list: 5.5.5.5
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 10:20:30 40:50:60
Last update: Tue Jun 3 12:55:57 2025, 00:01:35 ago
The command show ip bgp vpnv4 vrf A confirms that the routes are originated and tagged with route targets, and the redistribution from VRF A to BGP VPNv4 is occurring.
Router A#show ip bgp vpnv4 vrf A
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4200000000:2 (Default for VRF A)
*> l 190.10.10.0/24 10.1.0.1 0 100 0 4200000002 ? -
Announced routes count = 1
Accepted routes count = 0
Router B#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: -94967296:2
*>i 190.10.10.0/24 2.2.2.2 0 100 0 4200000002 ? -
Announced routes count = 0
Accepted routes count = 1
Route Distinguisher: -94967296:5 (Default for VRF A)
*>i 190.10.10.0/24 2.2.2.2 0 100 0 4200000002 ? -
Announced routes count = 0
Accepted routes count = 1
The command show ip bgp vpnv4 vrf A 190.10.10.0 confirms that Router A is advertising VPNv4 routes (e.g. 190.10.10.0/24) to Router B and VRF-specific community values like RTs.
Router A#show ip bgp vpnv4 vrf A 190.10.10.0
Route Distinguisher: 4200000000:2 (Default for VRF A) Routing Entry for prefix: 190.10.10.0/24
Advertised to non peer-group peers:
5.5.5.5
AS path:{4200000002}
Path Selection reason: Nothing left to compare
Nexthop:10.1.0.1 (IGP metric 0) from 10.1.0.1 (Remote Id:10.16.42.206) Peer nexthop: 10.1.0.1
Origin incomplete, metric 0, localpref 100, Out-label 0, In-label 24320, refcnt: 1
valid, external, best, source-safi: 1
Extended Community: RT:1:1 2:2 3:3 4:4 5:5 6:6 7:7 8:8 9:9
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Last update: Mon Jun 2 07:53:33 2025, 1d05h06m ago
Router B#show ip bgp vpnv4 all 190.10.10.0
Route Distinguisher: -94967296:2 Routing Entry for prefix: 190.10.10.0/24
Advertised to non peer-group peers:
4.4.4.4
AS path:{4200000002}, (Received from a RR-client)
Path Selection reason: Nothing left to compare
Nexthop:2.2.2.2 (IGP metric 2) from 2.2.2.2 (Remote Id:2.2.2.2) Peer nexthop: 2.2.2.2
Origin incomplete, metric 0, localpref 100, Out-label 24320 valid, internal, best, source-safi: 128
Extended Community: RT:1:1 2:2 3:3 4:4 5:5 6:6 7:7 8:8 9:9
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 1:2:3 4:5:6
Last update: Tue Jun 3 12:55:54 2025, 00:02:02 ago
Route Distinguisher: -94967296:5 (Default for VRF A) Routing Entry for prefix: 190.10.10.0/24
Not advertised to any peer
AS path:{4200000002}, (Received from a RR-client)
Path Selection reason: Nothing left to compare
Nexthop:2.2.2.2 (IGP metric 2) from 2.2.2.2 (Remote Id:2.2.2.2) Peer nexthop: 2.2.2.2
Origin incomplete, metric 0, localpref 100, Out-label 24320 valid, internal, best, source-safi: 128
Duplicated: (source VRF-ID: 0, source VRF: DEFAULT, VRF-External, imported)
Extended Community: RT:1:1 2:2 3:3 4:4 5:5 6:6 7:7 8:8 9:9
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 1:2:3 4:5:6
Last update: Tue Jun 3 12:55:54 2025, 00:02:02 ago
Router C#show ip bgp vpnv4 vrf A 190.10.10.0
Route Distinguisher: -94967295:4 (Default for VRF A) Routing Entry for prefix: 190.10.10.0/24
Not advertised to any peer
AS path:{4200000002}
Path Selection reason: Nothing left to compare
Nexthop:2.2.2.2 (IGP metric 3) from 5.5.5.5 (Originator Id:2.2.2.2) (Remote Id:5.5.5.5) Peer nexthop: 5.5.5.5
Origin incomplete, metric 0, localpref 100, Out-label 24320 valid, internal, best, source-safi: 128
Duplicated: (source VRF-ID: 0, source VRF: DEFAULT, VRF-External, imported)
Extended Community: RT:1:1 2:2 3:3 4:4 5:5 6:6 7:7 8:8 9:9
Originator: 2.2.2.2, Cluster list: 5.5.5.5
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 10:20:30 40:50:60
Last update: Tue Jun 3 12:55:57 2025, 00:02:19 ago
The command show bgp ipv6 confirms that IPv6 prefixes (e.g., 1234::4500/120) are present, valid, and advertised to B. It verifies that the IPv6 session to 5555::5555 is working and that the route-map is applied.
Router A#show bgp ipv6
BGP table version is 1, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal,
l - labeled, S Stale, x-EVPN
Origin codes: i - IGP, e - EGP, ? - incomplete
Description : Ext-Color - Extended community color
Network Next Hop Metric LocPrf Weight Path
*> 1234::4500/120 2244::2423 0 100 32768 ? -
Total number of prefixes 1
Router B#show bgp ipv6
BGP table version is 3, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal,
l - labeled, S Stale, x-EVPN
Origin codes: i - IGP, e - EGP, ? - incomplete
Description : Ext-Color - Extended community color
Network Next Hop Metric LocPrf Weight Path
*>i 1234::4500/120 2244::2423 0 100 0 ? -
Total number of prefixes 1
Router A#show bgp ipv6 1234::4500
BGP routing table entry for 1234::4500/120
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
5555::5555
Local
Path Selection reason: Nothing left to compare
Nexthop:2244::2423 from :: (Router ID:2.2.2.2)
Origin incomplete,metric 0, localpref 100, weight 32768 valid, sourced, best, source-safi: 1
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Last update: Tue Jun 3 12:06:27 2025, 00:54:26 ago
Router B#show bgp ipv6 1234::4500
BGP routing table entry for 1234::4500/120
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
4444::4444
Local, (Received from a RR-client)
Path Selection reason: Nothing left to compare
Nexthop:2244::2423 (IGP metric 2) from 2222::2222 (Remote Id:2.2.2.2) Peer nexthop: 2222::2222
Origin incomplete, metric 0, localpref 100 valid, internal, best, source-safi: 1
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 1:2:3 4:5:6
Last update: Tue Jun 3 12:55:58 2025, 00:02:39 ago
Router C#show bgp ipv6 1234::4500
BGP routing table entry for 1234::4500/120
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
Local
Path Selection reason: Nothing left to compare
Nexthop:2244::2423 (IGP metric 0) from 5555::5555 (Originator Id:2.2.2.2) (Remote Id:5.5.5.5) Peer nexthop: 5555::5555
Origin incomplete, metric 0, localpref 100 valid, internal, best, source-safi: 1
Originator: 2.2.2.2, Cluster list: 5.5.5.5
rx path_id: -1 tx path_id: -1
Add-Path Announcement: Not advertised to any peer
Large Community: 10:20:30 40:50:60
Last update: Tue Jun 3 12:56:01 2025, 00:02:45 ago
Router A Running Configuration
Router A#show running-config
!
! Software version: XP-6.6.1 06/02/2025 07:37:20
!
! Last configuration change at 12:19:38 UTC Tue Jun 03 2025 by root
!
feature netconf-ssh
feature netconf-tls
!
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
bgp extended-asn-cap
!
qos enable
!
hostname Router A
errdisable cause stp-bpdu-guard
feature telnet
feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp
ntp enable
!
router-id 2.2.2.2
!
ip vrf A
rd 4200000000:2
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
router ldp
transport-address ipv4 2.2.2.2
!
route-map set-lc-tag-out permit 10
set large-community 1:2:3 4:5:6
!
interface eth8
ip vrf forwarding A
ip address 20.2.0.2/24
!
interface eth7
ip address 10.17.0.2/24
!
interface eth6
ip vrf forwarding B
ip address 10.19.0.2/24
!
interface eth5
ip address 10.14.0.2/24
!
interface eth4
ip address 10.11.0.2/24
ipv6 address ::10.11.0.2/120
ipv6 address 2255::2522/120
ipv6 router ospf area 0.0.0.0 instance-id 0
!
interface eth3
ip vrf forwarding A
ip address 10.3.0.2/24
!
interface eth2
ip address 10.7.0.2/24
ipv6 address ::10.7.0.2/120
ipv6 address 2244::2422/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth1
ip vrf forwarding A
ip address 10.1.0.2/24
ipv6 address ::10.1.0.2/120
ipv6 address 1122::1222/120
!
interface eth0
ip address 10.16.42.207/24
!
interface lo
ip address 127.0.0.1/8
ip address 2.2.2.2/32 secondary
ipv6 address ::1/128
ipv6 address 2222::2222/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
router ospf 1
network 2.2.2.2/32 area 0.0.0.0
network 10.7.0.0/24 area 0.0.0.0
network 10.11.0.0/24 area 0.0.0.0
network 10.14.0.0/24 area 0.0.0.0
network 10.17.0.0/24 area 0.0.0.0
network 10.19.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
bgp nexthop-trigger enable
bgp nexthop-trigger delay 1
!
router bgp 4200000000
neighbor 5.5.5.5 remote-as 4200000000
neighbor 5.5.5.5 update-source lo
neighbor 5555::5555 remote-as 4200000000
neighbor 5555::5555 update-source lo
!
address-family ipv4 unicast
redistribute static
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 route-map set-lc-tag-out out
exit-address-family
!
address-family vpnv4 unicast
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 route-map set-lc-tag-out out
exit-address-family
!
address-family ipv6 unicast
redistribute static
neighbor 5555::5555 activate
neighbor 5555::5555 route-map set-lc-tag-out out
exit-address-family
!
address-family ipv4 vrf A
neighbor 10.1.0.1 remote-as 4200000002
neighbor 10.1.0.1 activate
exit-address-family
!
exit
!
ip route 150.150.150.150/32 10.14.0.150
!
ipv6 route 1234::4500/120 2244::2423
!
line vty 0
exec-timeout 0 0
!
!
end
Router B Running Configuration
Router B#show running-config
!
! Software version: DEMO_VM-OcNOS-SP-MPLS-x86-6.6.1.113-Alpha 05/26/2025 20:27:01
!
! Last configuration change at 12:56:46 UTC Tue Jun 03 2025 by root
!
feature netconf-ssh
feature netconf-tls
!
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
bgp extended-asn-cap
!
qos enable
!
hostname Router B
errdisable cause stp-bpdu-guard
feature telnet
feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp
ntp enable
!
router-id 5.5.5.5
!
ip vrf A
rd 4200000000:5
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
ip vrf management
!
router ldp
transport-address ipv4 5.5.5.5
!
route-map set-lc-tag-out permit 10
match large-community 1
set large-comm-list 1 delete
set large-community 40:50:60 10:20:30 additive
!
interface eth8
!
interface eth7
!
interface eth6
ip address 10.10.0.5/24
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth5
!
interface eth4
ip address 10.11.0.5/24
ipv6 address ::10.11.0.0/24
ipv6 address 2525::2555/120
ipv6 router ospf area 0.0.0.0 instance-id 0
!
interface eth3
ip vrf forwarding A
ip address 20.5.0.5/24
!
interface eth2
!
interface eth1
!
interface eth0
ip address 10.16.42.210/24
!
interface lo
ip address 127.0.0.1/8
ip address 5.5.5.5/32 secondary
ipv6 address ::1/128
ipv6 address 5555::5555/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
router ospf 1
network 5.5.5.5/32 area 0.0.0.0
network 10.10.0.0/24 area 0.0.0.0
network 10.11.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
router bgp 4200000000
neighbor 2.2.2.2 remote-as 4200000000
neighbor 2.2.2.2 update-source lo
neighbor 4.4.4.4 remote-as 4200000000
neighbor 4.4.4.4 update-source lo
neighbor 2222::2222 remote-as 4200000000
neighbor 2222::2222 update-source lo
neighbor 4444::4444 remote-as 4200000000
neighbor 4444::4444 update-source lo
!
address-family ipv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 route-map set-lc-tag-out out
exit-address-family
!
address-family vpnv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 route-map set-lc-tag-out out
exit-address-family
!
address-family ipv6 unicast
neighbor 2222::2222 activate
neighbor 2222::2222 route-reflector-client
neighbor 4444::4444 activate
neighbor 4444::4444 route-reflector-client
neighbor 4444::4444 route-map set-lc-tag-out out
exit-address-family
!
exit
!
ip large-community-list 1 permit 1:2:3 4:5:6
!
!
end
Router C Running Configuration
Router C#show running-config
!
! Software version: DEMO_VM-OcNOS-SP-MPLS-x86-6.6.1.120-Alpha 06/01/2025 20:26:21
!
! Last configuration change at 12:21:29 UTC Tue Jun 03 2025 by root
!
feature netconf-ssh
feature netconf-tls
!
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
bgp extended-asn-cap
!
qos enable
!
hostname Router C
errdisable cause stp-bpdu-guard
feature telnet
feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp
ntp enable
!
router-id 4.4.4.4
!
ip vrf A
rd 4200000001:4
route-target both 1:1
route-target both 2:2
route-target both 3:3
route-target both 4:4
route-target both 5:5
route-target both 6:6
route-target both 7:7
route-target both 8:8
route-target both 9:9
!
ip vrf management
!
router ldp
transport-address ipv4 4.4.4.4
!
interface eth8
!
interface eth7
!
interface eth6
ip address 10.10.0.4/24
ipv6 address ::10.10.0.4/120
ipv6 address 4545::4544/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth5
ip address 10.5.0.4/24
label-switching
enable-ldp ipv4
!
interface eth4
ip address 10.9.0.4/24
label-switching
enable-ldp ipv4
!
interface eth3
ip address 10.8.0.4/24
label-switching
enable-ldp ipv4
!
interface eth2
ip address 10.7.0.4/24
ipv6 address ::10.7.0.4/120
ipv6 address 2244::2444/120
label-switching
ipv6 router ospf area 0.0.0.0 instance-id 0
enable-ldp ipv4
!
interface eth1
ip vrf forwarding A
ip address 20.4.0.4/24
!
interface eth0
ip address 10.16.42.209/24
!
interface lo
ip address 127.0.0.1/8
ip address 4.4.4.4/32 secondary
ipv6 address ::1/128
ipv6 address 4444::4444/128
ipv6 router ospf area 0.0.0.0 instance-id 0
!
exit
!
router ospf 1
network 4.4.4.4/32 area 0.0.0.0
network 10.5.0.0/24 area 0.0.0.0
network 10.7.0.0/24 area 0.0.0.0
network 10.8.0.0/24 area 0.0.0.0
network 10.9.0.0/24 area 0.0.0.0
network 10.10.0.0/24 area 0.0.0.0
!
router ipv6 ospf
!
bgp nexthop-trigger enable
!
router bgp 4200000000
neighbor 5.5.5.5 remote-as 4200000000
neighbor 5.5.5.5 update-source lo
neighbor 5555::5555 remote-as 4200000000
neighbor 5555::5555 update-source lo
!
address-family ipv4 unicast
neighbor 5.5.5.5 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 5.5.5.5 activate
exit-address-family
!
address-family ipv6 unicast
neighbor 5555::5555 activate
exit-address-family
!
address-family ipv4 vrf A
exit-address-family
!
exit
!
ip route vrf A 60.10.10.0/24 20.4.0.60
!
line console 0
exec-timeout 0 0
line vty 0
exec-timeout 0 0
!
!
end
Implementation Examples
Use Case: A transit provider assigns unique BGP Large Community values to each customer. These values are utilized in route maps to influence outbound policy decisions, such as local preference or AS-path modification.
Define large-community values associated with Customer A:
ip large-community-list standard cust_A permit 65001:100:1
ip large-community-list standard cust_A permit 65001:100:2
Apply policy using a route-map:
route-map export-cust_A permit 10
match large-community cust_A
set local-preference 150
This configuration applies a higher local preference to prefixes received from Customer A. By using a named large-community list, the setup remains scalable-community values can be updated in one place without editing the route map directly. This approach also simplifies policy management across multiple route maps or peers.
BGP Large Communities Commands
The following are the newly added and existing commands updates as part of the BGP LC enhancements.
ip large-community-list
Use this command to define a set of BGP Large Community values for use in policy configuration (e.g., route-maps). It functions similarly to standard or extended community-lists and allows reuse of defined large-community patterns.
Use no parameter of this command to remove the configured large community values.
Command Syntax
ip large-community-list {<1-99> | standard WORD | <100-500> | expanded WORD} {permit | deny} (.AA:NN:MM)
no ip large-community-list {<1-99> | standard WORD | <100-500> | expanded WORD} {permit | deny} (.AA:NN:MM)
Parameters
<1-99> | Specifies a standard large-community-list using a numerical ID. Standard lists match exact values. |
standard WORD | Specifies a named standard list that matches exact large-community values. |
<100-500> | Specifies an expanded large-community-list using a numerical ID. Expanded lists support regex-style pattern matching. |
expanded WORD | Specifies a named expanded list that uses pattern matching for flexible matching criteria. |
permit | Permits the specified large-community value(s) to match in a policy. |
deny | Denies the specified large-community value(s) from matching. |
.AA:NN:MM | A 12-byte large community in the format ASN:Value1:Value2. E.g., 65001:100:1. Large Communities use the format Global Administrator:LocalData1:LocalData2, where each field is a 32-bit integer. |
Default
None
Command Mode
Configure mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
The following example demonstrates how to configure different types of BGP Large Community lists in OcNOS and verify them using the show command.
• Creates a standard large-community-list with numeric ID 1 and permits the community 4:5:6.
OcNOS#configure terminal
OcNOS(config)#ip large-community-list 1 permit 4:5:6
OcNOS(config)#commit
• Creates an expanded large-community-list with numeric ID 150 and denies the community 1000:2000:3000.
OcNOS(config)#ip large-community-list 150 deny 1000:2000:3000
OcNOS(config)#commit
• Defines a named expanded list called EXPTEST and permits the community 5500:3000:2000.
OcNOS(config)#ip large-community-list expanded EXPTEST permit 5500:3000:2000
OcNOS(config)#commit
• Defines a named standard list called STDTEST and permits the community 50:50:50.
OcNOS(config)#ip large-community-list standard STDTEST permit 50:50:50
OcNOS(config)#commit
• Verify the configured lists using show ip large-community-list command.
OcNOS#show ip large-community-list
Large community standard list 1
permit 4:5:6
Large community (expanded) list 150
deny 1000:2000:3000
Named large community expanded list EXPTEST
permit 5500:3000:2000
Named large community standard list STDTEST
permit 50:50:50
match large-community
Use this command to match BGP routes based on Large Community values. This allows selective policy actions (e.g., setting local preference, AS path, AIGP) for routes carrying specific BGP Large Community attributes.
Use no parameter of this command to remove the configured Large Community values.
Note: Only one match large-community is allowed per route-map sequence. A new match replaces any previous configuration in the same sequence.
Command Syntax
match large-community {<1-99> | <100-500> | WORD} (exact-match|)
no match large-community {<1-99> | <100-500> | WORD} (exact-match|)
Parameters
<1-99> | Specifies a standard large-community list number. Standard lists match exact values. |
<100-500> | Specifies an expanded large-community list number. Expanded lists support regex-style pattern matching. |
WORD | Specifies a named standard or expanded large-community list. |
exact-match | (Optional) Matches routes only if the communities match exactly, with no additional entries. |
Default
None
Command Mode
Route-map mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
The following example shows how to reference large-community in route-maps for policy enforcement.
• Matches routes containing any large-community permitted by standard list 1.
OcNOS#configure terminal
OcNOS(config)#route-map rmap-set-lc1
OcNOS(config-route-map)#match large-community 1
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Matches routes based on pattern rules defined in expanded list 100.
OcNOS(config)#route-map rmap-set-lc2
OcNOS(config-route-map)#match large-community 100
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Matches routes using named expanded list EXPTEST.
OcNOS(config)#route-map rmap-set-lc
OcNOS(config-route-map)#match large-community EXPTEST
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Matches routes that have only the exact large-community entries defined in STDTEST.
OcNOS(config)#route-map rmap-set-lc3
OcNOS(config-route-map)#match large-community STDTEST exact-match
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Verify the configured lists using show command.
OcNOS#show route-map
route-map rmap-set-lc, permit, sequence 10
Match clauses:
large-community: EXPTEST
Set clauses:
route-map rmap-set-lc1, permit, sequence 10
Match clauses:
large-community: 1
Set clauses:
route-map rmap-set-lc2, permit, sequence 10
Match clauses:
large-community: 100
Set clauses:
route-map rmap-set-lc3, permit, sequence 10
Match clauses:
large-community: STDTEST exact-match
Set clauses:
OcNOS#show running-config route-map
!
route-map rmap-set-lc permit 10
match large-community EXPTEST
!
route-map rmap-set-lc1 permit 10
match large-community 1
!
route-map rmap-set-lc2 permit 10
match large-community 100
!
route-map rmap-set-lc3 permit 10
match large-community STDTEST exact-match
!
set large-comm-list delete
Use this command within a route-map mode to delete the large-community-list values from matched routes (if present).
Use no parameter of this command to add the specified large-community values to matched routes.
Note: Only one set large-comm-list configuration is allowed per route-map sequence. A new one will overwrite the previous configuration.
Command Syntax
set large-comm-list {<1–99> | <100–500> | WORD} (delete)
no set large-comm-list {<1–99> | <100–500> | WORD} (delete)
Parameters
<1-99> | Specifies a standard large-community-list using a numerical ID. Standard lists match exact values. |
<100-500> | Specifies an expanded large-community-list using a numerical ID. Expanded lists support regex-style pattern matching. |
WORD | Specifies a named standard or expanded large-community. |
delete | Removes the matching large-community values from matched routes. |
Default
None
Command Mode
Route-map mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
The following example shows how to remove (delete) selected communities from matched routes using the set large-comm-list command.
• Deletes communities defined in list 100 from matched routes (rmap2).
OcNOS(config)#route-map rmap2
OcNOS(config-route-map)#match large-community 100
OcNOS(config-route-map)#set large-comm-list 100 delete
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Deletes communities defined in list 10 from matched routes (rmap).
OcNOS(config)#route-map rmap
OcNOS(config-route-map)#match large-community EXPTEST
OcNOS(config-route-map)#set large-comm-list 10 delete
OcNOS(config-route-map)#commit
OcNOS(config-route-map)#exit
• Verify the configured lists using the show command.
• The command set large-comm-list 100 delete appears only for rmap and rmap2, indicating community deletion is configured only for those route-maps.
• When a route-map is configured with the set large-comm-list <list> delete command, the show route-map output will reflect this under the Set clauses field, verifying that the deletion of large-community values is active.
OcNOS#show route-map
route-map rmap, permit, sequence 10
Match clauses:
large-community: EXPTEST
Set clauses:
large-comm-list 10 delete
route-map rmap1, permit, sequence 10
Match clauses:
large-community: 1
Set clauses:
route-map rmap2, permit, sequence 10
Match clauses:
large-community: 100
Set clauses:
large-comm-list 100 delete
route-map rmap3, permit, sequence 10
Match clauses:
large-community: STDTEST exact-match
Set clauses:
OcNOS(config-route-map)#show running-config route-map
!
route-map rmap permit 10
match large-community EXPTEST
set large-comm-list 10 delete
!
route-map rmap1 permit 10
match large-community 1
!
route-map rmap2 permit 10
match large-community 100
set large-comm-list 100 delete
!
route-map rmap3 permit 10
match large-community STDTEST exact-match
!
show ip large-community-list
Use this command to display the configured BGP IPv4 Large Community Lists. This includes both standard and expanded lists, named or numbered. The command helps verify large-community filters applied in route-maps for matching or modifying BGP route attributes.
Command Syntax
show ip large-community-list (<1-500> | WORD)
Parameters
<1-500> | Specifies numeric ID of a standard or expanded large-community-list. |
WORD | Specifies the name of a standard or expanded large-community-list. |
Default
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
• Displays all configured large community lists for both numbered and named, standard and expanded.
OcNOS#show ip large-community-list
Large community standard list 1
permit 4:5:6
Large community (expanded) list 150
deny 1000:2000:3000
Named large community expanded list EXPTEST
permit 5500:3000:2000
Named large community standard list STDTEST
permit 50:50:50
• Displays only the expanded list with the number 150. In the example below, it contains a single rule that denies large community 1000:2000:3000.
OcNOS#show ip large-community-list 150
Large community (expanded) list 150
deny 1000:2000:3000
• Displays the named expanded list EXPTEST. In the example below, it permits the large community 5500:3000:2000.
OcNOS#show ip large-community-list EXPTEST
Named large community expanded list EXPTEST
permit 5500:3000:2000
Below are the revised commands. For more command details, refer to the Route-Map Commands section.
set large-community
• The existing syntax now includes the new additive parameter that allows users to append large community values to a route.
• Users can configure multiple large communities in a route map. The character limit for each community has increased from 32 to 255 characters.
For more details, refer to the set large-community command in the Route-Map Commands section in the OcNOS Layer 3 Guide.
Troubleshooting
Symptom | Possible Cause | Solution |
|---|---|---|
Route-map fails to match communities | The ip large-community-list is missing or mis-configured. | Check the configuration using show ip large-community-list and correct any errors. |
Downgrade operation fails | The configuration includes unsupported LC features. | Revert to the previous version and remove all LC configurations before retrying the downgrade. |
Routes behave unexpectedly | Duplicate LC values are being sent | Avoid transmitting redundant LC values; OcNOS automatically removes duplicates on receipt. |
Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:
Key Terms/Acronym | Description |
Autonomous System Number (ASN) | A 2- or 4-byte unique identifier assigned to a network under a single administrative domain. |
Large Community (LC) | A BGP attribute (RFC 8092) used to tag routes with metadata for policy decisions. Format: ASN:Value1:Value2. |
Global Administrator (GA) | The first 4-byte field in a BGP Large Community, typically set to the ASN of the originator. |
Route Reflector (RR) | A BGP router that reflects routes between RR clients to reduce iBGP session count in large networks. |
RR Client | A BGP peer that receives and sends updates via the route reflector. |
Internal BGP (iBGP) | BGP sessions between routers within the same AS. |
Address Family Identifier (AFI) or Subsequent Address Family Identifier (SAFI) | Specifies the type of routes being carried (e.g., IPv4, VPNv4, IPv6). |
Route Distinguisher (RD) | A unique identifier prepended to a prefix in MPLS VPNs to distinguish overlapping routes. |
Route Target (RT) | An extended BGP community used to control the import or export of routes into or from a VRF. |
BGP Attributes | Metadata in BGP updates that influence route selection or propagation (e.g., LC, RT, MED, Local Pref). |
additive | A route-map action keyword that appends new LC values without removing existing ones. |
sdelete | A route-map action keyword used to remove specific LC values from a route. |