In IOS you can easily sanitize communities on received BGP prefixes with the help of a route-map and a community-list, but how do you do such a thing on IOS XR? The tools provided seem a lot more coarse...
Let's say you are a small network, you operate AS65000 and you don't want anyone to fiddle with the BGP communities that you use internally for route-control, still you want to receive informational communities from your peers. You simply want to remove everything that is within the 65000: space. Easy, just define a community-set:
community-set SANITY-IN 65000:* end-set route-policy PEER-IN delete community in SANITY-IN # do some other stuff end-policy
Now, let's say we have some transit customers and we want to provide them with a set of control communities;
We want to allow these communities from our customers but not anything else, since that could be internal control communities that customers aren't allowed to set. On IOS, you would write a community-list, like so:
ip community-list extended CUSTOMER-SANITY-IN deny ^65000:100$ ip community-list extended CUSTOMER-SANITY-IN deny ^65000:1234$ ip community-list extended CUSTOMER-SANITY-IN deny ^65000:5555$ ip community-list extended CUSTOMER-SANITY-IN permit ^65000:.*$
And all would be well, the first three communities would slip past (remember that deny/permit is from the perspective of what communities should be deleted, not what should be passed) while the remainder matching 65000:.* would get deleted.
Since IOS XR does not have community-lists, but just community-sets where you cannot deny / permit, the above becomes a lot more difficult. Solutions?
Do a community-set with lists, listing all intermediary communities:
community-set CUSTOMER-SANITY-IN 65000:[0..99], 65000:[101..1233], 65000:[1235..5554], 65000:[5556..65535] end-set
But that doesn't really scale. How about a regexp? Sure, one could write a regexp for that but I imagine it to be rather complex. Nothing as clean as the IOS version. What would you do?