-
Notifications
You must be signed in to change notification settings - Fork 462
Extended Communities
Thomas Mangin edited this page Mar 6, 2026
·
4 revisions
RFC 4360 Extended Communities Attribute
BGP Extended Communities are 64-bit values that provide structured, typed community attributes for specialized use cases like MPLS VPNs, Traffic Engineering, FlowSpec, and EVPN. This document covers the RFC specifications and encoding of Extended Communities.
💡 For ExaBGP Usage: See Features: Communities for ExaBGP configuration and API syntax.
- Overview
- Why Extended Communities?
- Structure and Encoding
- Extended Community Types
- Route Target Extended Community
- Route Origin Extended Community
- Traffic Engineering Extended Communities
- FlowSpec Extended Communities
- EVPN Extended Communities
- Transitive vs Non-Transitive
- IPv6 Extended Communities
- See Also
- References
Extended Communities (Type Code 16) are an extension to standard BGP communities (RFC 1997) that provide:
- 64-bit values (vs 32-bit standard communities)
- Structured typing (Type + Sub-Type fields)
- Specialized use cases (VPNs, MPLS, Traffic Engineering, FlowSpec)
| Feature | Standard Communities | Extended Communities |
|---|---|---|
| Size | 32 bits | 64 bits |
| Structure | Untyped (AS:Value) | Typed (Type:Sub-Type:Value) |
| Use Cases | General tagging | VPN RT/RO, FlowSpec, EVPN, TE |
| RFC | RFC 1997 (1996) | RFC 4360 (2006) |
| Attribute Code | 8 | 16 |
Standard communities (32-bit) were insufficient for:
- MPLS VPNs: Need structured Route Target (RT) and Route Origin (RO)
- Traffic Engineering: Need to encode bandwidth, QoS, traffic rate
- FlowSpec: Need action encoding (rate-limit, redirect, traffic-action)
- EVPN: Need MAC Mobility, ESI Label, Router's MAC
Extended Communities provide:
- Type field (8 bits): Identifies community category
- Sub-Type field (8 bits): Identifies specific use within type
- Value field (48 bits): Payload data
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (8) | Sub-Type (8) | Value (48 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
High-order bit (bit 0) determines transitivity:
Type Field (8 bits):
┌─┬─────────┐
│T│ Type │
└─┴─────────┘
│ │
│ └─ Type Code (0-127)
└─ Transitivity: 0=Transitive, 1=Non-Transitive
Common Type Values:
| Type | T-bit | Category | Use Case |
|---|---|---|---|
| 0x00 | 0 | Transitive Two-Octet AS Specific | RT, RO (16-bit AS) |
| 0x01 | 0 | Transitive IPv4 Address Specific | RT, RO (IPv4 admin) |
| 0x02 | 0 | Transitive Four-Octet AS Specific | RT, RO (32-bit AS) |
| 0x03 | 0 | Transitive Opaque | Generic use |
| 0x06 | 0 | Transitive EVPN | EVPN-specific |
| 0x08 | 0 | Transitive Flow Specification | FlowSpec redirect IPv6 |
| 0x80 | 1 | Non-Transitive Flow Specification | FlowSpec actions (ExaBGP!) |
Sub-Type (8 bits) specifies the specific community within a Type:
| Type | Sub-Type | Name | RFC |
|---|---|---|---|
| 0x00/0x01/0x02 | 0x02 | Route Target | RFC 4360 |
| 0x00/0x01/0x02 | 0x03 | Route Origin | RFC 4360 |
| 0x00 | 0x05 | OSPF Domain Identifier | RFC 4577 |
| 0x01 | 0x0A | L2VPN Identifier | RFC 6074 |
| 0x06 | 0x00-0x08 | EVPN (MAC Mobility, ESI Label, etc.) | RFC 7432 |
| 0x80 | 0x06 | Traffic Rate (Flow) | RFC 5575 |
| 0x80 | 0x07 | Traffic Action (Flow) | RFC 5575 |
| 0x80 | 0x08 | Redirect (Flow) | RFC 5575 |
| 0x80 | 0x09 | Traffic Marking (Flow) | RFC 5575 |
Format (16-bit AS):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x00 | Sub-Type | AS Number (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Local Administrator (32 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example: Route Target 65001:100
Type: 0x00
Sub-Type: 0x02 (Route Target)
AS: 65001 (0xFDE9)
Value: 100 (0x00000064)
Hex: 00 02 FDE9 0000 0064
Format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x01 | Sub-Type | IPv4 Address (32 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Local Administrator (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example: Route Target 192.0.2.1:100
Type: 0x01
Sub-Type: 0x02
IPv4: 192.0.2.1 (0xC0000201)
Value: 100 (0x0064)
Hex: 01 02 C000 0201 0064
Format (32-bit AS):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x02 | Sub-Type | AS Number (32 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Local Administrator (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example: Route Target 4200000000:100
Type: 0x02
Sub-Type: 0x02
AS: 4200000000 (0xFA56EA00)
Value: 100 (0x0064)
Hex: 02 02 FA56 EA00 0064
Purpose: Control route import/export in MPLS L3VPNs and EVPN
┌─────────────────────────────────────────────────┐
│ VRF "Customer-A" │
│ Route Target Import: 65001:100 │
│ Route Target Export: 65001:100 │
└─────────────────────────────────────────────────┘
│ ^
│ (Export with RT 65001:100) │ (Import routes with RT 65001:100)
v │
┌─────────────────────────────────────────────────┐
│ BGP VPNv4 Table │
│ - Route 10.1.1.0/24 RT 65001:100 │
│ - Route 10.2.2.0/24 RT 65001:200 │
│ - Route 10.3.3.0/24 RT 65001:100 │
└─────────────────────────────────────────────────┘
│
│ (Routes 10.1.1.0/24 and 10.3.3.0/24 imported)
v
┌─────────────────────────────────────────────────┐
│ VRF "Customer-A" Routing Table │
│ - 10.1.1.0/24 │
│ - 10.3.3.0/24 │
└─────────────────────────────────────────────────┘
Sub-Type: 0x02 (Route Target)
| Format | Type | Example | Use Case |
|---|---|---|---|
AS:Value |
0x00 | 65001:100 |
16-bit AS |
IPv4:Value |
0x01 | 192.0.2.1:100 |
IPv4 admin |
AS4:Value |
0x02 | 4200000000:100 |
32-bit AS |
Purpose: Identify the origin of a VPN route (which site/VRF originated it)
Sub-Type: 0x03 (Route Origin)
Same encoding as Route Target, but semantics differ:
- Route Target: Controls import/export (policy)
- Route Origin: Identifies route source (informational)
Example:
Route Origin: 65001:1
Indicates: Route originated from site with identifier 65001:1
Purpose: Advertise link bandwidth for unequal-cost multipath (UCMP)
RFC 4360 Type/Sub-Type: 0x00/0x04
Type: 0x00 (Transitive Two-Octet AS)
Sub-Type: 0x04 (Link Bandwidth)
AS: AS number (16 bits)
BW: Bandwidth in bytes/sec (32 bits, IEEE floating point)
Use Case:
- DMZ-Link-Bandwidth for BGP multipath
- Unequal cost load balancing across multiple paths
RFC 5575: Flow Specification (FlowSpec) uses Extended Communities to encode traffic filtering actions.
Key FlowSpec Sub-Types:
| Sub-Type | Name | Purpose | ExaBGP Support |
|---|---|---|---|
| 0x06 | Traffic Rate | Rate-limit matching traffic | ✅ Yes |
| 0x07 | Traffic Action | Sample, terminate | ✅ Yes |
| 0x08 | Redirect | Redirect to VRF | ✅ Yes |
| 0x09 | Traffic Marking | DSCP remarking | ✅ Yes |
Format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x80 | Sub = 0x06 | Reserved (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Rate (32 bits, bytes/sec) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ExaBGP Usage:
# Rate-limit to 1 MB/sec (RFC 5575: bytes/sec)
rate-limit 1000000
⚠️ Vendor Differences: RFC 5575 specifies bytes/sec, but Juniper converts to bits/sec (×8). See FlowSpec: Actions Reference.
Format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x80 | Sub = 0x07 | Reserved (40 bits) |S|T|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Bits:
- S (Sample): Sample matching traffic
- T (Terminal): Stop evaluating FlowSpec rules
ExaBGP Usage:
# Sample traffic for analysis
then {
traffic-action sample;
}
Purpose: Redirect traffic to VRF
Format (Route Target):
Same as Route Target Extended Community
Type: 0x80
Sub-Type: 0x08
RT: AS:Value (Route Target)
ExaBGP Usage:
# Redirect to VRF with RT 65001:100
redirect 65001:100
RFC 7432: EVPN uses Extended Communities for MAC Mobility, ESI Label, Router's MAC, etc.
Common EVPN Sub-Types:
| Sub-Type | Name | Purpose |
|---|---|---|
| 0x00 | MAC Mobility | Track MAC address moves |
| 0x01 | ESI Label | Label for Ethernet Segment Identifier |
| 0x02 | ES-Import Route Target | Ethernet Segment import RT |
| 0x03 | EVPN Router's MAC | PE router's MAC address |
| 0x04 | EVPN Layer 2 Attributes | MTU, control flags |
| 0x05 | E-Tree | Root/Leaf indication |
| 0x06 | DF Election | Designated Forwarder election |
Example: MAC Mobility
Type: 0x06
Sub-Type: 0x00 (MAC Mobility)
Flags: Static MAC (0x01)
Sequence: Move sequence number (32 bits)
High-order bit = 0 (Type 0x00-0x7F)
Behavior:
- Preserved across AS boundaries
- Carried in UPDATE messages to all peers
- Used for VPN RT/RO, EVPN, etc.
Examples:
- Route Target (0x00/0x02)
- Route Origin (0x00/0x03)
- EVPN communities (0x06/*)
High-order bit = 1 (Type 0x80-0xFF)
Behavior:
- Should NOT be propagated across AS boundaries
- Typically stripped on eBGP export
- Used for local policies
Examples:
- FlowSpec actions (0x80/0x06, 0x80/0x07, 0x80/0x08)
- QoS marking (0x80/0x09)
Why Non-Transitive for FlowSpec?
- FlowSpec actions are router-specific (rate-limit, redirect)
- Upstream routers may interpret actions differently
- Prevents action propagation to unintended routers
RFC 5701: IPv6 Address Specific Extended Community
128-bit Extended Community (not 64-bit!):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x00 | Sub-Type | IPv6 Address (128 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 Address (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 Address (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 Address (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Local Administrator (16 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub-Types:
- 0x02: Route Target
- 0x03: Route Origin
- 0x0B: VRF Route Import
- 0x10: Cisco VPN-Identifier
- Reference: Communities - BGP communities fundamentals
- Features: Communities - ExaBGP community configuration
- Address Families: FlowSpec - FlowSpec uses Extended Communities for actions
- Address Families: EVPN - EVPN Extended Communities
- Address Families: L3VPN - Route Targets in L3VPN
- RFC 4360 - BGP Extended Communities Attribute (2006)
- RFC 5668 - 4-Octet AS Specific BGP Extended Community (2009)
- RFC 5575 - Dissemination of Flow Specification Rules (FlowSpec)
- RFC 5701 - IPv6 Address Specific BGP Extended Community (2009)
- RFC 7153 - IANA Registries for BGP Extended Communities (2014)
- RFC 7432 - BGP MPLS-Based Ethernet VPN (EVPN)
- RFC 4577 - OSPF as PE-CE Protocol
- RFC 6074 - Provisioning, Auto-Discovery, and Signaling in L2VPNs
Getting Started
Configuration
- Configuration Syntax
- Neighbor Configuration
- Directives A-Z
- Templates
- Environment Variables
- Process Configuration
API
- API Overview
- Text API Reference
- JSON API Reference
- API Commands
- Writing API Programs
- Error Handling
- Production Best Practices
Address Families
- Overview
- IPv4 Unicast
- IPv6 Unicast
- FlowSpec
- EVPN
- L3VPN
- BGP-LS
- VPLS
- SRv6 / MUP
- Multicast
- RT Constraint
Features
Use Cases
Tools
Operations
Reference
- Architecture
- Design
- Attribute Reference
- Command Reference
- BGP State Machine
- Capabilities
- Communities
- Examples Index
- Glossary
- RFC Support
Integration
Migration
Community
External