Action communities
Apply these on egress to your route-server session to control which peers receive your prefixes.
Action — set on your egress
| 0:202192 | Do NOT announce to any peer. |
| 0:<peer-asn> | Do NOT announce to peer with ASN <peer-asn>. |
| 202192:<peer-asn> | Announce ONLY to peer with ASN <peer-asn> (overrides 0:202192). |
| 202192:1100 | Announce to all peers (default behaviour, equivalent to no community). |
| 202192:64600 | Set local-pref 50 on the route server (de-prefer). |
| 202192:64601 | Prepend AS202192 once toward all peers. |
| 202192:64602 | Prepend AS202192 twice toward all peers. |
| 202192:64603 | Prepend AS202192 three times toward all peers. |
Informational communities
Tagged on routes by the route servers. Use these on ingress to apply your own local policies (e.g. prefer routes received in the same PoP).
Informational — read on ingress
| 202192:1000 | Route received from a member at Falkenstein PoP. |
| 202192:1001 | Route received from a member at Helsinki PoP. |
| 202192:1002 | Route received from a member at Zurich PoP. |
| 202192:2000 | Route is RPKI-valid. |
| 202192:2001 | Route has no covering ROA (NotFound). |
Blackholing
Blackhole communities trigger RTBH at every PoP. The next-hop must be set to 192.0.2.1 (IPv4) or 100::1 (IPv6). Maximum prefix length: /32 for v4 and /128 for v6 — the prefix must be covered by your IRR-registered aggregate.
Blackhole — DDoS mitigation
| 202192:666 | RTBH for IPv4 — null-route announced /32 at every PoP. |
| 202192:6666 | RTBH for IPv6 — null-route announced /128 at every PoP. |
| 202192:667 | Scrubbing-only — divert traffic via partner platform (DDoS service). |
Examples
# Bird: do not announce 198.51.100.0/24 toward AS13335
filter datahub_out {
if net = 198.51.100.0/24 then bgp_community.add((0, 13335));
accept;
}
# Junos: prepend twice on egress
policy-statement DATAHUB-IX-OUT {
term prepend-twice {
from { route-filter 198.51.100.0/24 exact; }
then {
community add prepend-2x;
accept;
}
}
}
community prepend-2x members 202192:64602;