This article explains how to use community lists in BGP to achieve logical ‘AND’ or ‘OR’ operations when matching prefixes with multiple BGP communities. This can help filter or manipulate routes based on specific combinations of community attributes.
Scope
FortiGate v6.2 or above.
Solution
Consider a situation where FortiGate is receiving the following BGP prefixes (1.1.1.1/32, 2.2.2.2/32, 3.3.3.3/32) with each containing community attributes.
To match the community attribute of 100:100 OR 200:200, use the community list format as shown below:
config router community-list edit "OR" config rule edit 1 set action permit set match "100:100" next edit 2 set action permit set match "200:200" next end next end
To match the community attribute of 100:100 AND 200:200, use the community list format as shown below:
config router community-list edit "AND" config rule edit 1 set action permit set match "100:100 200:200" next end next end
Additionally, it is possible to check the BGP prefixes that match the community list using the command ‘get router info bgp network community-list ‘:
