BGP - AS_Path filtering use cases
When implementing BGP it is possible to use AS_Path Filtering to permit or deny prefixes from certain autonomous systems (ASes). This can be particularly useful in real-world scenarios where you need to control routes from specific autonomous systems, regardless of the actual prefixes involved. This can be important for optimizing network performance, controlling traffic flow and enhancing security. Some specific situations in which you would prefer AS Path Filtering over filtering specific prefixes using prefix lists and Route-maps are listed below:
- When you want to selectively determine a transit provider. If you are an ISP and you have multiple upstream providers and you want to ensure that traffic from certain ASes is always routed through a specific upstream provider, (for cost or performance optimization) you can use AS path filtering to accept only routes from particular ASes.
- Suppose there is an AS that is known to originate malicious traffic like DDoS attacks, it would be helpful to filter out any traffic coming from that AS.
- Regional Traffic Management can be achieved more appropriately. Let’s say your organization has offices in multiple countries and you want to manage how traffic is routed to these offices. AS path filtering could be used to ensure that traffic to the European office, for example, is routed via an AS in Europe, rather than routing it across the globe.
So, while prefix lists and route maps give you control at the individual route level, AS path filters give you a higher level of control over the BGP decision-making process. Here “higher level” is referring to the level of abstraction in routing decisions. Where prefix filtering delivers more granular lower-level filtering, AS Path filtering delivers routing decisions based on the larger scale structure of the Internet.
Links:
https://forum.networklessons.com/t/bgp-as-path-filter-example/1136/56?u=lagapides