Add Multiple Community Attribute to BGP routes

Add Multiple Community Attribute to BGP routes

30973
Created On 04/01/19 08:35 AM - Last Modified 12/20/23 04:36 AM


Objective


How to add multiple community attributes to BGP routes.

 

Environment


All PANOS Versions.

Procedure


Multiple community/extended community attributes can be added only to routes that are being redistributed into BGP from other routing Protocols.

Note : Only one Community/Extended Community Attribute can be added to the exported routes on BGP if the route was learnt from BGP. 

Topology Diagram :

User-added image



Requirement :

The requirement is to redistribute the connected route for subnet 10.76.76.0/24 into BGP with multiple community attributes. 
300:130 and 400:140 are the two community attributes that have to be added to these routes before exporting to the Peer firewall.

Configuration :

1. Configure a redistribution profile to export the connected route for  10.76.76.0/24 subnet. Make sure Redistribute is set to "Redist".
Virtual Routers > "VR Name" >  Redistribution Profile > Add

User-added image

2. Configure the Redist Rules under BGP to use this Redistribution Profile.
Virtual Routers > "VR Name" > BGP > Redist Rules > Add
Select the Redistribution Profile that was created on the dropdown for "Name" section.
Then Add the two community strings as per the requirement by clicking on Add under "Set Community".

User-added image

3. Create an Export rule to export this route to the BGP peer. 
Select the Peer under "Use By" section.
Configure the subnet 10.76.76.0/24 in "Address Prefix" under Match condition. 
Note : One more Community Attribute can be added, if needed, under "Action" Section.

User-added image

User-added image

User-added image

4. Commit the configuration

Verification :

The GUI will show if the route is exported by BGP to the Peer.
You can check it under "More Runtime Statistics" under the Network > Virtual Routers > "VR Name" > BGP > RIB Out

User-added image

To verify if the Community attributes are added properly, use the below command on the CLI on the firewall.  
admin@CSX-PAL-01> show routing protocol bgp rib-out-detail 
VIRTUAL ROUTER: default (id 1)
==========
----------
  Prefix:                        10.76.76.0/24
  Nexthop:                       10.75.75.78
  Peer:                          Peer1 (id 3)
  Advertise status:              advertised
  Aggregation status:            no aggregate
  Originator ID:                 0.0.0.0
  AS Path:                       61113
  Origin:                        N/A
  MED:                           0
  Local Preference:              0
  Atomic aggregate:              no
  Aggregator AS:                 0
  Aggregator ID:                 0.0.0.0
  Community:                     300:130 400:140   <<<< Added Community Attributes.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000PLLD&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail