The well known BGP community no export tells BGP neighbors to advertise a prefix only to iBGP neighbors. If you are not sure what BGP communities are and how they work then I advise you to read my introduction to BGP communities first before you continue. Having said that, let’s take a look at a configuration example. Here’s the topology we will use:
Above we see R1 with network 1.1.1.1/32 on a loopback interface. It will advertise this prefix with the no export community set. As a result, R2 will install it in its BGP table and advertises it to R4 (iBGP). It will not be advertised to R3 since this is a eBGP session.
Configuration
Basic BGP Configuration
Here’s the BGP configuration in case you want to try this example yourself:
R1#show running-config | section bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 24
no auto-summaryR2#show running-config | section bgp
router bgp 24
no synchronization
bgp log-neighbor-changes
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 3
neighbor 192.168.24.4 remote-as 24
neighbor 192.168.24.4 next-hop-self
no auto-summaryR3#show running-config | section bgp
router bgp 3
no synchronization
bgp log-neighbor-changes
neighbor 192.168.23.2 remote-as 24
no auto-summaryR4#show running-config | section bgp
router bgp 24
no synchronization
bgp log-neighbor-changes
neighbor 192.168.24.2 remote-as 24
no auto-summaryBy default BGP does not send any communities. All routers will learn about 1.1.1.1/32:
R2#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32 192.168.12.1 0 0 1 iR3#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32 192.168.23.2 0 24 1 iR4#show ip bgp | include 1.1.1.1
* i1.1.1.1/32 192.168.12.1 0 100 0 1 iBGP Community No-Export Configuration
Let’s configure our BGP community. First we have to tell R1 to send communities:
R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 send-communityNow we can create a route-map that sets the BGP community to no-export and we attach it to our neighbor R2:
Mahmoud,
You are exactly right! This is the output of R2 with respect to the BGP advertised route of 1.1.1.1
If R2 isn’t configured to send communities to R4, this would be R4’s output of 1.1.1.1
Origin IGP, metric 0, localpref 100, valid, internal, bestNotice the community is missing. Because of this, R4 doesn’t know that it isn’t supposed to advertise this to another AS, so any other AS connected via R4 would also learn of 1.1.1.1/32
Hi Rene,
In BGP community no export example.You said that it prevent route from being advertise to the ebgp peer and only advertise to IBGP neighbors. so why it is advertising to AS24 as it is also an ebgp peer for AS1. Router is in AS 1 and R2 ,R4 is in AS 24.Kindly explain.
Hi,
ıf we connect another router R5(in AS 24 also) to R4, then can’t R4 advertise the 1.1.1.1 to R5? R5 is a iBGP neighbor so Why? Can R2 advertise to only it’s iBGP neighbors and can’t the other iBGP routers advertise to another iBGP neighbors?
regards
Hello Murat
If you have R5 in AS24 then yes, R2 will be able to advertise 1.1.1.1 to R5 as well. The No Export community only restricts routers from sharing particular routes with other eBGP neighbors. iBGP neighbors are not affected and they can freely share these routes between themselves.
... Continue reading in our forumHi Rene,
How can I send a /32 prefix to a blackhole, on a router that also has received both /22 and /23. For example: R1 announces to R2 some /22 and /23, that suppose to be announced to R3. But R1, under an attack, for example, wants to blackhole (on R2) a specific /32 and also no-export it to external AS.
Thanks!