19.0.mr2 bgp community not matching

Question

I have a BGP peer that is exposing the following communities for a route: COMMAND--> show ip bgp 172.16.247.0 64521 64515 133937 10.5.255.150 from 10.5.255.150 (192.168.254.10) Origin incomplete, metric 33, localpref 100, valid, external Community: 67:53867 64512:103 Last update: Tue Oct 17 08:33:03 2023 I'm attempting to match on community 64512:103 to allow this route into the Sophos. The BGP doesn't appear to like that configuration, and denies the route from populating the table. Relevant Sophos config info: 
 router bgp 64523 neighbor 10.5.255.150 remote-as 64521 neighbor 10.5.255.150 description VELOCLOUD_ROUTER neighbor 10.5.255.150 soft-reconfiguration inbound neighbor 10.5.255.150 route-map VELOCLOUD_IN in neighbor 10.5.255.150 route-map VELOCLOUD_OUT out ! ip prefix-list DTCLAB_TEST seq 10 permit 172.16.247.0/24 ! ip community-list standard DTC25NINES_SPECIFIC_ROUTES permit 64512:103 ! route-map VELOCLOUD_IN permit 20 match community DTC25NINES_SPECIFIC_ROUTES ! route-map VELOCLOUD_IN permit 30 match ip address prefix-list DTCLAB_TEST ! route-map VELOCLOUD_IN deny 100 
 If I remove route-map permit 30, then I lose the inbound route after clearing the BGP session. I've tested the config above in a lab with Cisco CSR devices - and the configuration works as expected. Am I missing something? Am I hitting a bug? I need to use community matching to inject routes so I don't have to manage every edge device's prefix list manually.

Matthew LaComb · Answer

It appears that if I do a standard community list, the exact match has to be done. If I do an "expanded" community list, then it matches one (or a subset of a) community.