BGP Community No Export

Lesson Contents

The well known BGP community no export tells BGP neighbors to advertise a prefix only to iBGP neighbors. If you are not sure what BGP communities are and how they work then I advise you to read my introduction to BGP communities first before you continue. Having said that, let’s take a look at a configuration example. Here’s the topology we will use:

Above we see R1 with network 1.1.1.1/32 on a loopback interface. It will advertise this prefix with the no export community set. As a result, R2 will install it in its BGP table and advertises it to R4 (iBGP). It will not be advertised to R3 since this is a eBGP session.

Configuration

Basic BGP Configuration

Here’s the BGP configuration in case you want to try this example yourself:

R1#show running-config | section bgp
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 192.168.12.2 remote-as 24
 no auto-summary

R2#show running-config | section bgp
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 neighbor 192.168.24.4 remote-as 24
 neighbor 192.168.24.4 next-hop-self
 no auto-summary

R3#show running-config | section bgp
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 24
 no auto-summary

R4#show running-config | section bgp
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.24.2 remote-as 24
 no auto-summary

By default BGP does not send any communities. All routers will learn about 1.1.1.1/32:

R2#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32       192.168.12.1             0             0 1 i

R3#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32       192.168.23.2                           0 24 1 i

R4#show ip bgp | include 1.1.1.1
* i1.1.1.1/32       192.168.12.1             0    100      0 1 i

BGP Community No-Export Configuration

Let’s configure our BGP community. First we have to tell R1 to send communities:

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 send-community

Now we can create a route-map that sets the BGP community to no-export and we attach it to our neighbor R2:

Forum Replies

Mahmoud,
You are exactly right! This is the output of R2 with respect to the BGP advertised route of 1.1.1.1

 Origin IGP, metric 0, localpref 100, valid, external, best
      Community: no-export

If R2 isn’t configured to send communities to R4, this would be R4’s output of 1.1.1.1
Origin IGP, metric 0, localpref 100, valid, internal, best

Notice the community is missing. Because of this, R4 doesn’t know that it isn’t supposed to advertise this to another AS, so any other AS connected via R4 would also learn of 1.1.1.1/32

Hi Rene,

In BGP community no export example.You said that it prevent route from being advertise to the ebgp peer and only advertise to IBGP neighbors. so why it is advertising to AS24 as it is also an ebgp peer for AS1. Router is in AS 1 and R2 ,R4 is in AS 24.Kindly explain.

Hi,

ıf we connect another router R5(in AS 24 also) to R4, then can’t R4 advertise the 1.1.1.1 to R5? R5 is a iBGP neighbor so Why? Can R2 advertise to only it’s iBGP neighbors and can’t the other iBGP routers advertise to another iBGP neighbors?

regards

Hello Murat

If you have R5 in AS24 then yes, R2 will be able to advertise 1.1.1.1 to R5 as well. The No Export community only restricts routers from sharing particular routes with other eBGP neighbors. iBGP neighbors are not affected and they can freely share these routes between themselves.

... Continue reading in our forum

Hi Rene,

How can I send a /32 prefix to a blackhole, on a router that also has received both /22 and /23. For example: R1 announces to R2 some /22 and /23, that suppose to be announced to R3. But R1, under an attack, for example, wants to blackhole (on R2) a specific /32 and also no-export it to external AS.

Thanks!

11 more replies! Ask a question or join the discussion by visiting our Community Forum