BGP - Discontiguous Autonomous Systems

BGP - preventing transit traffic

MPLS - Using the BGP Allow-AS in feature


When implementing [BGP](/bgp) it is possible to use AS_Path Filtering to permit or deny prefixes from certain [autonomous systems (ASes)](/bgp-autonomous-system-as).  This can be particularly useful in real-world scenarios where you need to control routes from specific autonomous systems, **regardless of the actual prefixes involved.** This can be important for optimizing network performance, controlling traffic flow and enhancing security. Some specific situations in which you would prefer AS Path Filtering over filtering specific prefixes using prefix lists and [Route-map](/route-map)s are listed below:

1. When you want to selectively determine a transit provider. If you are an ISP and you have multiple upstream providers and you want to ensure that traffic from certain ASes is always routed through a specific upstream provider, (for cost or performance optimization) you can use AS path filtering to accept only routes from particular ASes.
2. Suppose there is an AS that is known to originate malicious traffic like DDoS attacks, it would be helpful to filter out any traffic coming from that AS.
3. Regional Traffic Management can be achieved more appropriately. Let’s say your organization has offices in multiple countries and you want to manage how traffic is routed to these offices. AS path filtering could be used to ensure that traffic to the European office, for example, is routed via an AS in Europe, rather than routing it across the globe.

So, while prefix lists and route maps give you control at the individual route level, AS path filters give you a higher level of control over the BGP decision-making process. Here “higher level” is referring to the level of abstraction in routing decisions. Where prefix filtering delivers more granular lower-level filtering, AS Path filtering delivers routing decisions based on the larger scale structure of the Internet.

Links:

https://forum.networklessons.com/t/bgp-as-path-filter-example/1136/56?u=lagapides

https://networklessons.com/bgp/bgp-as-path-filter-example

BGP - AS_Path filtering use cases

ASA - multiple VPNs between the same endpoints

ASA - number of crypto maps per interface

ASA - object group protocol vs service

ASA - split-tunnel-policy command

ASA - using FQDN in an ACL

ASA CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed error

ASA Contexts operate as separate virtual devices

ASA DDoS protection

ASA DMZ

ASA ECMP static routing

ASA Manual NAT and Auto NAT

ASA NAT control

ASA NAT port forwarding multiple ports to same IP

ASA NAT with DHCP assigned IP address on the  outside interface

ASA NAT with multiple inside subnets

ASA Site-to-Site IKEv1 IPSec VPN recv errors

ASA Static one to one NAT on a range of addresses

ASA Troubleshoot HTTP and ASDM access

ASA VPN with overlapping IP address spaces

ASA active-standby failover preemption

ASA and Firepower reimaging

ASA crypto map and tunnel group preshared keys

ASA group policies

ASA implicit rule

ASA limit CLI and ASDM access to specific users

ASA packet processing algorithm

ASA prerequisites for high availability

ASA redirect IP SLA messages to log buffer

ASA redundant interface

ASA security levels

ASA syslog logging in multiple context mode

ASA to Firepower migration

ASA troubleshooting IPSec

ASA tunnel-group

ASA understanding version numbers

ASA what triggers an active-standby failover

ASA won't respond to pings from different subnet

Anycast

Automation - Ansible connection plugins

BFD - Control Plane Independent (CPI) bit

BFD - intervals and timers

BFD - slow-timers

BFD - with multiple routing protocols

BFD echo mode and operation details

BFD how an administrative change differs from a failure

BFD one-arm echo

BGP - 4-byte ASN Backward Compatibility

BGP - AFI and SAFI

BGP - AS_SET and AS_CONFED_SET are deprecated

BGP - Accumulated IGP metric

BGP - Atomic Aggregate Attribute

BGP - Autonomous System (AS)

BGP - Autonomous System Number

BGP - BGP Algorithm within confederations

BGP - ECMP for specific prefixes

BGP - End-of-RIB marker

BGP - Equal Cost Multipath AS_Path Attribute

BGP - FSM - Active state

BGP - Finite State Machine (FSM)

BGP - Flowspec

BGP - Graceful Restart Mechanism

BGP - Handling Multiple Communities on a Single Route

BGP - IGP-BGP redistribution best practices

BGP - Labeled Unicast

BGP - Large BGP communities

BGP - Leaking more specific routes

BGP - Loop Prevention

BGP - MED vs AS Prepending

BGP - Multipath Attribute Prerequisites

BGP - Network Layer Reachability Information (NLRI)

BGP - Next Hop Address Tracking vs Route Dampening

BGP - Outbound Route Filtering

BGP - RRs vs confederations

BGP - Synchronization Rule

BGP - TCP Peering Session Process

BGP - The BGP Table

BGP - Why is MED non-transitive

BGP - aggregate-address command in action

BGP - aggregate-address default route

BGP - aggregate-address with a single subnet

BGP - auto-summary best practices

BGP - auto-summary feature

BGP - definition of External BGP (eBGP)

BGP - definition of Internal BGP (iBGP)

BGP - eBGP loop prevention mechanism same AS number

BGP - eBGP next hop optimization

BGP - eBGP peerings

BGP - eBGP third party next hop

BGP - iBGP full-mesh peering

BGP - iBGP split horizon rule

BGP - multicast routing

BGP - multihop vs disable-connected-check

BGP - multipath in a DMVPN environment

BGP - multiprotocol BGP

BGP - network command with subnet mask

BGP - network vs redistribute commands

BGP - next-hop-self vs update source

BGP - AS_Path filtering use cases

Links to this page: