Solved: BGP AS Path Filtering vs Prefix Based Route Filtering

nwekechampion · ‎06-27-2023

Hi Guys,

Can someone please provide a use case of when to use

AS-PAth filtering vs Prefix

based filtering in BGP?

I have use case for

AS-Path

as below (not sure if I am on the money):

AS-Path prepending



Avoid Transit AS

AS-set Aggregation for loop prevention

As-Set Aggregation Suppression

Regards

Champ

M02@rt37 · ‎06-27-2023

Hello @nwekechampion,

AS-Path filtering

involves manipulating the

AS-Path attribute

of BGP routes. It allows you to control the path selection and routing decisions based on the

AS-Path

information. Here's a specific use case for

AS-Path filtering:

--Traffic Engineering: You can use

AS-Path prepending

with

AS-Path filtering

to influence the inbound routing decisions of other ASes. By adding your AS number multiple times to the

AS-Path attribute

of your advertised routes, you can make your paths appear less desirable and encourage traffic to take alternative paths. This technique is commonly used for load balancing and traffic engineering purposes.

For example, if you have multiple links to a neighboring AS, you can prepend your AS number multiple times to the

AS-Path attribute

of routes advertised through a specific link. This makes the path through that link less attractive, thus diverting traffic towards other links.

Prefix-Based Filtering: Prefix-based filtering,

also known as route filtering or route

prefix

filtering, involves filtering BGP routes based on their

prefix

information (network IP addresses). Here's a specific use case for

prefix-based filtering

--Blackholing or 'Null Routing': In some scenarios, you may want to discard or drop traffic destined for a specific

IP prefix.

This could be due to security reasons or to mitigate DDoS attacks. By using

prefix-based filtering

, you can configure your BGP router to discard any incoming traffic that matches the specified

IP prefix.

This effectively null routes the traffic, preventing it from reaching the intended destination.

For example, if you want to drop all incoming traffic destined for a specific IP range, you can apply a

prefix-based filter

to your BGP router, specifying the network

prefix

you want to block. Any traffic matching that

prefix

will be discarded, protecting your network from potential threats.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

David Ruess · ‎06-27-2023

There are several reasons to use either. The use different criteria. One is

prefix

based and one is

AS path

based - here is an example of each:

AS-Path Filtering

- filters all routes from the AS being denied - I dont want any routes from this specific AS

Lets say you have a router (R1) connected to 2 eBGP Autonomous Systems

G0/0 - connected to AS 100

G0/1 - connected to AS 200

Well when the router R1 learned routes from the ISP in AS 100 it will turn around and advertise those routes out to ISP at AS 200 - that means the outside internet now sees it can reach other internet routes through your router. Not good. So if you use out bound AS filtering that says only advertise my local AS router routes out to AS 200 then you wont be used as a transit router.

Prefix
based filtering

- filters on the the

prefixes

defined in the filter list -I dont want the 10.10.10.0/24

prefix

sent to me so Ill block it with a

prefix filter

If I am learning a

prefix

from 2 sources maybe I only want to use a specific way out

Just depends on what the requirement is

-David

MHM Cisco World · ‎06-27-2023

...

MHM Cisco World · ‎06-27-2023

...

M02@rt37 · ‎06-27-2023