How do you delete communities in RPL on IOS XR

In IOS you can easily sanitize communities on received BGP prefixes with the help of a route-map and a community-list, but how do you do such a thing on IOS XR? The tools provided seem a lot more coarse...

Let's say you are a small network, you operate AS65000 and you don't want anyone to fiddle with the BGP communities that you use internally for route-control, still you want to receive informational communities from your peers. You simply want to remove everything that is within the 65000: space. Easy, just define a community-set:

community-set SANITY-IN
  65000:*
end-set

route-policy PEER-IN
  delete community in SANITY-IN
  # do some other stuff
end-policy

Now, let's say we have some transit customers and we want to provide them with a set of control communities;

  • 65000:100
  • 65000:1234
  • 65000:5555

We want to allow these communities from our customers but not anything else, since that could be internal control communities that customers aren't allowed to set. On IOS, you would write a community-list, like so:

ip community-list extended CUSTOMER-SANITY-IN deny ^65000:100$
ip community-list extended CUSTOMER-SANITY-IN deny ^65000:1234$
ip community-list extended CUSTOMER-SANITY-IN deny ^65000:5555$
ip community-list extended CUSTOMER-SANITY-IN permit ^65000:.*$

And all would be well, the first three communities would slip past (remember that deny/permit is from the perspective of what communities should be deleted, not what should be passed) while the remainder matching 65000:.* would get deleted.

Since IOS XR does not have community-lists, but just community-sets where you cannot deny / permit, the above becomes a lot more difficult. Solutions?

Do a community-set with lists, listing all intermediary communities:

community-set CUSTOMER-SANITY-IN
  65000:[0..99],
  65000:[101..1233],
  65000:[1235..5554],
  65000:[5556..65535]
end-set

But that doesn't really scale. How about a regexp? Sure, one could write a regexp for that but I imagine it to be rather complex. Nothing as clean as the IOS version. What would you do?

Comments