BGP route filtering is a method of selectively identifying and selecting routes that are advertised from BGP neighbours. By filtering routes, traffic flows can be manipulated.
A common scenario of route filtering is from ISPs to customers. An ISP will implement route filtering to ensure only the customers prefixes are allowed over the BGP link to help prevent the customer from accidentality becoming a transit AS.
There are four well known methods of route filtering inbound or outbound. A distribute list and a prefix list can not be used at the same time.
Distribute Lists
Filtering via a distribution list involves a standard or extended access control list. It uses the access control list to filter network prefixes; if none of the access control entries in the access control list match, it is an implicit deny.
Prefix Lists
A prefix list will specify a list of acceptable or deniable subnets from a top to bottom list. There is an implicit deny if the prefix is not listed in the prefix list.
AS Path Access Control List Filtering
There are a list of regular expression statements that will either permit or deny based on the current AS path values. There is an implicit deny for any prefix that is not permitted explicitly.
Route Maps
Route maps provide a wide range of conditional statements with a variety of attributes. Actions can be a simple permit or deny, or can include the modification of an attribute. There is an implicit deny with any prefix not permitted.
Leave a Reply