Join our Waitlist 🚀 🏠 Back to Home

🌐 BGP Community String Traffic Steering

Master MPLS Internet Offload Configuration

Welcome to BGP Community String Traffic Steering Lab! 🚀

What You'll Learn

  • BGP Community String Structure: Understand the format of network:XXXXY values
  • Traffic Steering Logic: Master how PEs make routing decisions based on local preference
  • Route Map Configuration: Configure community strings with the additive keyword
  • MPLS Network Behavior: Differentiate between default route (0.0.0.0/0) and specific route handling
  • Internet Offload Setup: Implement West Coast to East Coast traffic steering
  • Verification Techniques: Use BGP commands to verify community advertisement and route sources
  • Troubleshooting Skills: Identify and resolve common BGP community configuration issues

Lab Environment

This lab simulates a real-world MPLS network with Lumen PEs connecting multiple sites including Denver (DR), Tampa (IDC), Honolulu (HON), Portland, and St. Louis. You'll work with both the "red" network (Lumen MPLS) and learn why this configuration is currently limited to this network only.

💡 Key Learning Point

The magic of BGP community strings is in their structure: 6745:XXXXY. The first four digits (6745) identify the network, the next four digits (XXXX) identify the target PE, and the final digit (Y) sets the local preference value.

Ready to master BGP traffic steering? Let's dive in!

🏗️ Network Topology

    West Coast Sites           MPLS Network              East Coast Sites
    ┌─────────────┐           ┌──────────────┐           ┌─────────────┐
    │    HON      │           │              │           │    STL      │
    │  BR-01      │───────────│  Lumen PE    │───────────│  BR-01      │
    │ (Honolulu)  │           │   5211       │           │ (St.Louis)  │
    └─────────────┘           │              │           └─────────────┘
                              │              │
    ┌─────────────┐           │  RED NETWORK │           ┌─────────────┐
    │   Portland  │───────────│ (6745:XXXXY) │───────────│   Tampa     │
    │   BR-01     │           │              │           │    IDC      │
    └─────────────┘           │              │           │   BR-01     │
                              │              │           └─────────────┘
    ┌─────────────┐           │              │              Default
    │   Denver    │───────────│  Lumen PE    │              LocalPref
    │    DR       │           │   5170       │              = 800
    │   BR-01     │           │              │
    └─────────────┘           └──────────────┘
      Internet                     
      Offload                   Community Strings:
      LocalPref = 900          • 6745:51709 (HON → DR)
                              • 6745:52119 (Portland → DR)
                              • 6745:26487 (Denver PE)

Traffic Flow Logic

Default Traffic Flow (Without Internet Offload)

All sites route internet traffic through Tampa (IDC) with LocalPref = 800

  • Remote sites learn default route from AS 65200 (Tampa)
  • No community strings applied to influence routing
  • Tampa serves as the primary internet gateway

📋 Prerequisites

Knowledge Requirements

  • BGP Fundamentals: Understanding of iBGP, eBGP, and BGP attributes
  • Local Preference: How BGP local preference influences routing decisions
  • Route Maps: Cisco IOS route-map configuration and logic
  • MPLS Basics: Provider Edge (PE) and Customer Edge (CE) router roles
  • Autonomous System Numbers: Understanding AS path and AS origin

Network Planning Information

⚠️ Important: This configuration is currently limited to the "red" network (Lumen MPLS) only. The "orange" network (TWCS) is not enabled for this type of traffic steering.

Required Documentation

  • Lumen PE Spreadsheet: Contains circuit IDs and PE identifiers
  • IP BGP Neighbors Document: Maps circuit IDs to PE community values
  • Site AS Numbers: AS 65199 (DR), AS 65200 (IDC)

Access Requirements

1

Router Console Access

SSH or console access to:

  • DR BR-01 (Denver border router)
  • IDC BR-01 (Tampa border router)
  • Remote site CE routers (HAN, Portland, STL)
2

Documentation Access

Access to carrier-provided documentation for PE identification

💡 Key Learning Point

Always verify PE information from carrier documentation, as it can sometimes be inconsistent or incomplete. Cross-reference multiple sources when possible.

⚙️ Configuration Steps

1

Identify Target PE Information

Before configuring community strings, you must identify the correct PE values from carrier documentation.

# Example: Finding HON PE Information # From Lumen spreadsheet: # Site: HON # Circuit ID: ends with LUM (not TWCS) # PE Identifier: 5211 # Community String Format: 6745:52119 # - 6745: Network identifier (always this for Lumen) # - 5211: PE identifier for HON # - 9: Local preference (900)
⚠️ Documentation Warning: Carrier-provided spreadsheets may contain inaccurate information. Always verify PE identifiers match your actual circuit configuration.
2

Configure Tampa (IDC) Default Local Preference

Set baseline local preference for all PEs and lower Denver PE preference.

# IDC BR-01 Configuration router bgp 65200 neighbor [PE-IP] send-community neighbor [PE-IP] route-map LUMEN-OUT out # Route Map Configuration route-map LUMEN-OUT permit 10 set community 6745:800 additive route-map LUMEN-OUT permit 20 match ip address prefix-list SPECIFIC-ROUTES set community 6745:26487 additive

💡 Key Learning Point

The Denver PE (2648) gets local preference 700 to ensure DR-originated routes are preferred when community strings are applied from Denver.

3

Configure Denver (DR) Community Strings

Set up community strings to steer specific PEs to prefer Denver for default route.

# DR BR-01 Configuration router bgp 65199 neighbor [LUMEN-PE-IP] send-community neighbor [LUMEN-PE-IP] route-map LUMEN-OUT out # Route Map for Community String Assignment route-map LUMEN-OUT permit 10 match ip address prefix-list DEFAULT-ROUTE set community 6745:51709 6745:52119 additive route-map LUMEN-OUT permit 20 match ip address prefix-list LOCAL-LAN-OUT # Prefix Lists ip prefix-list DEFAULT-ROUTE seq 10 permit 0.0.0.0/0 ip prefix-list LOCAL-LAN-OUT seq 10 permit [LOCAL-NETWORKS]
⚠️ Critical: Always use the "additive" keyword when setting communities. Without it, you'll overwrite existing community values instead of adding to them.
4

Enable Community Advertisement

Ensure BGP neighbors are configured to send community attributes.

# Essential BGP Community Configuration router bgp 65199 neighbor [PE-IP] send-community # Without send-community, community strings are set but not transmitted! # This is the most common configuration mistake.
5

Community String Breakdown

Understanding Community String Format

6745 : 51709
  • 6745: Lumen network identifier (constant)
  • 5170: Target PE identifier (varies by site)
  • 9: Local preference value (900)

Multiple PE Targeting

6745 : 51709 + 6745 : 52119

This targets both HON (51709) and Portland (52119) PEs with LocalPref 900

✅ Configuration Complete! Your BGP community strings are now configured to steer internet traffic from specified sites through Denver instead of Tampa.

🔧 Troubleshooting Guide

1

Community Not Being Advertised

Symptom: Community strings configured but not appearing in BGP advertisements

Most Common Cause: Missing "send-community" command

# Diagnosis Command show ip bgp neighbor [PE-IP] advertised-routes # Look for community values in the output # If missing, check for send-community command # Solution router bgp [AS-NUMBER] neighbor [PE-IP] send-community
2

Community Values Overwritten

Symptom: Only the last community string appears, others are missing

Cause: Missing "additive" keyword in route-map set commands

# Wrong Configuration (overwrites previous communities) route-map EXAMPLE permit 10 set community 6745:51709 set community 6745:52119 # Correct Configuration (adds to existing communities) route-map EXAMPLE permit 10 set community 6745:51709 6745:52119 additive
3

Traffic Still Going to Tampa

Symptom: Remote sites still showing AS 65200 (Tampa) as origin for default route

Diagnosis Steps:

# On remote site CE router show ip bgp 0.0.0.0 # Check AS path - should show 65199 for DR routing # If showing 65200, check: # 1. Community string format # 2. PE identifier accuracy # 3. send-community configuration
4

Incorrect PE Identifier

Issue: Using wrong PE identifier from inaccurate documentation

Resolution:

  • Cross-reference Lumen spreadsheet with IP BGP Neighbors document
  • Look for circuits ending in "LUM" (not "TWCS")
  • Verify circuit ID matches actual connection
  • Contact carrier for accurate PE information if discrepancies exist
5

Specific Routes Affected

Problem: Internal routes (non-internet) being steered through DR

Expected Behavior: Only default route (0.0.0.0/0) should be affected by community strings

# Verify specific route behavior show ip bgp [specific-internal-route] # Should show AS 65200 (Tampa) for internal routes # Community strings should only apply to 0.0.0.0/0 # Check route-map configuration show route-map LUMEN-OUT

💡 Key Learning Point

Community strings should only affect the default route (0.0.0.0/0). Specific routes for internal connectivity should always prefer Tampa (IDC) to maintain proper site-to-site VPN functionality.

6

Inconsistent Carrier Documentation

Challenge: Lumen documentation may contain errors or inconsistencies

Best Practices:

  • Always verify configuration is working with show commands
  • Test routing behavior before and after changes
  • Document any discrepancies found in carrier information
  • Maintain internal documentation of working configurations

✅ Verification Procedures

1

Verify Community Advertisement

Confirm that community strings are being advertised to the PE

# On DR BR-01 show ip bgp neighbor [PE-IP] advertised-routes # Look for 0.0.0.0/0 route # Community field should show: 6745:5170:9 6745:5211:9

Expected Output Example

Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 [PE-IP] 0 0 65001 i Community: 6745:51709 6745:52119
2

Verify Route Origin on Remote Sites

Check that target sites are receiving default route from correct AS

# On HON BR-01 (should show AS 65199 - Denver) show ip bgp 0.0.0.0 # Expected: Path shows 65199 (Denver) # Network Next Hop Path # *> 0.0.0.0/0 [PE-IP] 65199 i # On STL BR-01 (should show AS 65200 - Tampa) show ip bgp 0.0.0.0 # Expected: Path shows 65200 (Tampa) # Network Next Hop Path # *> 0.0.0.0/0 [PE-IP] 65200 i
3

Verify Specific Route Behavior

Confirm internal routes still prefer Tampa for site-to-site connectivity

# On HON BR-01 - check specific internal route show ip bgp [internal-network/mask] # Should show AS 65200 (Tampa) even for sites with internet offload # Example: show ip bgp 10.100.1.0/24
✅ Correct Behavior: Default route (0.0.0.0/0) from AS 65199, specific routes from AS 65200
4

Test Traffic Steering

Verify actual traffic flow matches BGP routing decisions

# Traceroute to internet destination from affected site traceroute 8.8.8.8 # Path should show: # Site → Lumen PE → Denver DR → Internet # (Not Site → Lumen PE → Tampa IDC → Internet) # Ping test with extended output ping 8.8.8.8 repeat 5 # Verify response times consistent with Denver path
5

Configuration Backup and Documentation

# Save configuration copy running-config startup-config # Document working community strings # Site: HON # PE ID: 5170 # Community: 6745:51709 # Verified: [date] # Site: Portland # PE ID: 5211 # Community: 6745:52119 # Verified: [date]

Verification Checklist

  • ☐ Community strings appear in BGP advertisements
  • ☐ Target sites show AS 65199 for default route
  • ☐ Non-target sites show AS 65200 for default route
  • ☐ All sites show AS 65200 for specific internal routes
  • ☐ Traceroute confirms traffic path through Denver
  • ☐ Configuration saved and documented

💡 Key Learning Point

Always verify configuration with both BGP show commands and actual traffic tests. BGP convergence can take time, so allow 1-2 minutes between configuration changes and verification.

🧠 Knowledge Check

Test your understanding of BGP community string traffic steering!

1. What is the correct format for a BGP community string in this Lumen MPLS network?
2. Why must you use the "additive" keyword when setting multiple community values?
3. What happens to specific routes (non-default) in this traffic steering configuration?
4. If a remote site shows AS 65200 as the origin for the default route, what does this indicate?
5. What command is essential for community strings to be transmitted to BGP neighbors?
6. In the community string "6745:51709", what does the "9" represent?
7. Why is internet offload currently limited to the "red" network?