Cisco BGP AWS Direct Configuration with Community

Below I’m going to go over a simple BGP configuration that’s used with AWS Direct. You need to get the community number from your ISP.

IMPORTANT:
When using communities on a Cisco devices, it will default to decimal format and NOT the new format XXXX:XXXX. You need to run this global command first:

ip bgp-community new-format

After entering the command above, create a prefix list to help control what routes will be advertised to AWS. I like to control my routes but if you want to send all your routes, go for it. I wouldn’t send any routes to AWS unless they need them.

ip prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY description ROUTES ADVERTISED TO AWS WITH COMMUNITY SET
ip prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY seq 5 permit 100.XX.0.0/30
ip prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY seq 10 permit 192.168.10.0/24
ip prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY seq 20 permit 192.168.20.0/24
ip prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY seq 30 permit 192.168.30.0/24

Now create a route map that will set the community you got from your ISP to the routes being advertised to AWS.

route-map BGP-POLICY-OUT permit 10 
 match ip address prefix-list BGP-ADVERTISED-PREFIXES-ADD-COMMUNITY
 set community XXXX:XXXX additive

Almost done. Now we need to configure BGP use the route-map and prefix list. The key thing to do here is to make sure you add the “send-community” command. Along with that command, you also add the “route-map” command.

router bgp 65001
 bgp router-id 
 bgp log-neighbor-changes
 network 100.XX.0.0 mask 255.255.255.252
 redistribute eigrp 1 route-map EIGRP>BGP
 neighbor {NEIGHBOR_IP} remote-as 1234
 neighbor {NEIGHBOR_IP} send-community
 neighbor {NEIGHBOR_IP} soft-reconfiguration inbound
 neighbor {NEIGHBOR_IP} route-map BGP-POLICY-OUT out

Now it’s time to verify it’s working. You should see the only routes being advertised are the ones in our prefix list.

cordero-asr1001x-aws#sh ip bgp neighbors {NEIGHBOR_IP} advertised-routes 
BGP table version is 201, local router ID is 100.65.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network          Next Hop            Metric LocPrf Weight Path
*>   100.XX.0.0  10.11.1.1             0         32768 i
*>   192.168.10.0  10.11.1.1             3072         32768 ?
*>   192.168.20.0     10.11.1.1             3072         32768 ?
*>   192.168.30.0     10.11.1.1             3072         32768 ?

Total number of prefixes 6
cordero-asr1001x-aws#

You’re done.

More Stories
Cisco ASA Failover Configuration