By rssfeeds-admin 
no_export attribute is a well-known discretionary BGP community defined in RFC 1997. When applied to a route, it tells the receiving BGP speaker not to export that route to any eBGP peers—i.e., peers in a different AS.
Put simply:
A route tagged with
no_exportcan be shared within an AS (including confederation sub-ASes), but must not be advertised to other autonomous systems.
This makes it an ideal tool for route scoping and controlling how far a prefix is propagated.
Why Use no_export?
Here are some common scenarios where the no_export attribute is valuable:
1. Peering-Specific Routes
If you’re peering with multiple networks at an Internet Exchange (IX), you might want to advertise a route only to direct peers, not to the broader Internet or upstream providers. no_export keeps that route localized to your immediate neighbors.
2. Traffic Engineering
You might use no_export to influence traffic flow by advertising more specific prefixes to a subset of peers without affecting global routing. This allows for granular control while avoiding pollution of the global routing table.
3. Blackholing / DDoS Mitigation
In some coordinated DDoS mitigation systems, routes to blackhole IPs may be advertised with no_export to ensure the blackholing remains local to an ISP or consortium and doesn’t leak globally.
How Does It Work?
When a BGP speaker receives a route with the no_export community it will:
- Accept the route and install it in the local RIB
- Advertise it to other iBGP peers (and within a BGP confederation)
- NOT advertise it to any eBGP peers
Note: Enforcement of
no_exportdepends on BGP speakers honoring the attribute, which most modern routers do. Still, it’s good practice to verify behavior on your specific platform.
Example Configurations
Cisco IOS Example:
route-map TAG-NO-EXPORT permit 10
set community no-export
router bgp 65001
neighbor 192.0.2.1 route-map TAG-NO-EXPORT out
Juniper Example:
set policy-options policy-statement NO-EXPORT then community add no-export
set protocols bgp group PEERS export NO-EXPORT
MikroTik (RouterOS):
/routing filter
add chain=out-peers set-bgp-communities=no-export
/routing bgp peer
set [find where remote-address=192.0.2.1] out-filter=out-peers
no_export vs. no_advertise vs. local-AS
Here’s a quick comparison of similar BGP community attributes:
| Attribute | Behavior |
|---|---|
no_export |
Don’t send the route to eBGP peers outside the AS |
no_advertise |
Don’t advertise the route to any peer (iBGP or eBGP) |
local-AS |
Don’t advertise the route outside the local sub-AS in a confederation |
Understanding the difference is critical when building policies to control route propagation.
Best Practices
- Use
no_exportto contain traffic engineering changes to your local AS or peering environment. - Combine
no_exportwith route-maps, filters, or policies for precision control. - Monitor and test: ensure your upstreams and peers respect the attribute if relying on it operationally.
- Document the use of communities clearly—especially in multi-provider or IX environments.
- Looking Glasses can help you troubleshoot and see route propagation
The no_export community is a subtle yet powerful tool in the BGP toolbox. It allows network operators to limit route propagation without resorting to full policy rewrite or prefix filtering. When used properly, it helps maintain clean, scalable, and efficient routing policies—especially in complex interconnection scenarios like IXPs or multi-homed environments.
If you’re not already leveraging no_export in your BGP toolkit, it might be time to revisit your route-maps and see where it can help you tighten up control.
Need help reviewing or optimizing your BGP policies? Drop me a message—I love talking routing.
The post BGP: What is the no_export Community? appeared first on j2sw Blog.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.