The Border Gateway Protocol (BGP) uses community attributes as a powerful tool for route tagging and policy enforcement. Community lists in FortiGate act as filters, which enable BGP routes to be controlled based on specific community strings.

BGP communities are optional transitive attributes, typically represented in the AS: Value format:

• Route Aggregation: Allowing specific routes to be summarized and tagged with a specific community.
• Local Preference Adjustments: Setting a preferred path for outgoing traffic.
• Route Filtering: To advertise or suppress specific routes.

Types of Community Lists:

• Standard: Matches exact community values. These are precise values often used for straightforward filtering.

• Expanded: Matches based on regular expression patterns, providing flexibility to match varied communities. This is especially useful when working with larger BGP tables or varied community inputs.

Defining a community list:

config router community-list
    edit <name>
        set type {standard | expanded}
            config rule
                edit <id>
                    set action {deny | permit}
                    set regexp <string>
                    set match <string>
                next
            end
        next
    end

In GUI:

Actions:

• Deny: Blocks routes matching the community list.
• Permit: Allows routes matching the community list.

Community lists gain real value when applied within route maps, which dictate actions based on matches:

config router route-map
    edit <name>
        config rule
            edit <id>
                set match-community <string>
            next
        end
    next
end

Here, <string> refers to the community list's name. Based on matches, further actions like modifying attributes, filtering, or setting preferences can be implemented.

Best Practices:

Regular Audit: Ensure community lists and associated policies are audited regularly to reflect network changes.

Use Descriptive Names: Community list names should be descriptive, aiding in quick troubleshooting and understanding.

Safe Testing: Always test configurations in controlled environments before production deployment.

Documentation: Keep an updated document of all community lists, their purposes, and associated route-map actions.

Community lists in FortiGate provide precise control over BGP route propagation, aggregation, and policy implementations.

By understanding and configuring them aptly, network administrators can ensure optimal route handling in their BGP environments.

BGP Communities as part of an ADVPN deployment:

For redundant ADVPN deployments, communities are commonly used in conjunction with route-tags for granular outgoing path selection. A FortiOS 'route-tag' is different from the BGP 'community attribute', but they have a one-to-one relationship in many network designs, and the terms are sometimes used interchangeably.

In such designs, a route-map-in is used to translate a BGP community into a route-tag usable by SD-WAN. For an example, see  'How to use BGP and SD-WAN for advertising routes and path selection in FortiGate' and 'Admin Guide: Using BGP tags with SD-WAN rules'.