Action communities
Применяйте на egress в сторону route-сервера для контроля, какие пиры получат ваши префиксы.
Action — устанавливать на egress
| 0:202192 | Do NOT announce to any peer. |
| 0:<peer-asn> | Do NOT announce to peer with ASN <peer-asn>. |
| 202192:<peer-asn> | Announce ONLY to peer with ASN <peer-asn> (overrides 0:202192). |
| 202192:1100 | Announce to all peers (default behaviour, equivalent to no community). |
| 202192:64600 | Set local-pref 50 on the route server (de-prefer). |
| 202192:64601 | Prepend AS202192 once toward all peers. |
| 202192:64602 | Prepend AS202192 twice toward all peers. |
| 202192:64603 | Prepend AS202192 three times toward all peers. |
Информационные communities
Тегируются на маршрутах route-серверами. Используйте на ingress для применения локальных политик (например, предпочесть маршруты из того же PoP).
Информационные — читать на ingress
| 202192:1000 | Route received from a member at Falkenstein PoP. |
| 202192:1001 | Route received from a member at Helsinki PoP. |
| 202192:1002 | Route received from a member at Zurich PoP. |
| 202192:2000 | Route is RPKI-valid. |
| 202192:2001 | Route has no covering ROA (NotFound). |
Blackholing
Blackhole communities запускают RTBH на каждом PoP. Next-hop должен быть 192.0.2.1 (IPv4) или 100::1 (IPv6). Максимальная длина префикса: /32 для v4 и /128 для v6 — префикс должен быть покрыт IRR-зарегистрированным агрегатом.
Blackhole — DDoS-mitigation
| 202192:666 | RTBH for IPv4 — null-route announced /32 at every PoP. |
| 202192:6666 | RTBH for IPv6 — null-route announced /128 at every PoP. |
| 202192:667 | Scrubbing-only — divert traffic via partner platform (DDoS service). |
Примеры
# Bird: do not announce 198.51.100.0/24 toward AS13335
filter datahub_out {
if net = 198.51.100.0/24 then bgp_community.add((0, 13335));
accept;
}
# Junos: prepend twice on egress
policy-statement DATAHUB-IX-OUT {
term prepend-twice {
from { route-filter 198.51.100.0/24 exact; }
then {
community add prepend-2x;
accept;
}
}
}
community prepend-2x members 202192:64602;