BGP Community Support Option
- Last UpdatedJan 21, 2025
- 2 minute read
Imperva supports the use of BGP communities, which enable enhanced flexibility with BGP announcements between an edge router and the Imperva network. Configuring BGP communities is done during the onboarding process.
Overview
The common use case of BGP communities is the Prepend community. Prepend enables on-demand customers to minimize exposure time when onboarding Imperva during a DDoS attack. This is done by maintaining a low priority second route via Imperva at all times. The Imperva route to your network is stored in each edge router in the world, just as all other routes to your network are stored. Once an attack starts and routes via your ISP are no longer active, traffic will be routed through Imperva.
Example
The following is an example of the above use case. The BGP Prepend community is used to add the same ASN number multiple times.
If your ASN is 1, then your ISP will likely advertise the following prefix:
1.2.3.0/24 ASN:1
In order to be considered a secondary route, Imperva will advertise the same address with multiple repetitions. For example, Imperva might advertise the following to the world using the Prepend option (two ASN hop repetitions are shown):
1.2.3.0/24 ASN:1 ASN:1
This route (advertised by Imperva) appears to have multiple hops between two Autonomous Systems (even though both of them have the same ASN). This will trigger edge routers to prefer the route announced by your ISP.
When an attack commences, your ISP will stop announcing a route to your network and traffic is then immediately routed through the Imperva network.
Supported BGP Communities
You can mark routes with the following communities when advertising IP ranges through Imperva:
AS Prepending Communities (Preferred method)
Use the following communities to inform Imperva that it should prepend your AS:
| Community | Description |
|---|---|
| 19551:511 | Prepend customer’s AS 1x |
| 19551:512 | Prepend customer’s AS 2x |
| 19551:513 | Prepend customer’s AS 3x |
No Advertise Communities
Use the following communities to inform Imperva that it should not advertise your IP range:
| Community | Description |
|---|---|
| no-export | Imperva will not advertise the IP range |
Local Preference Communities
Use the following communities to inform Imperva that it should use local preference with your AS:
| Community | Description |
|---|---|
| 19551:170 | Set local preference to 170 |
| 19551:120 | Set local preference to 120 |
| 19551:110 | Set local preference to 110 |