BGP Influencing incoming traffic

At the enterprise network edge, when BGP is employed, it is typically an eBGP peering that takes place between the enterprise edge router(s) and the ISP router(s). In such a scenario, an enterprise will advertise specific IPv4 or IPv6 addresses for internal services that they want users on the Internet at large to be able to access.

In the event that the enterprise has two or more ISP connections, incoming traffic destined for those advertised IP addresses may enter the network via any one of those connections.

It is possible to influence incoming BGP traffic such that it enters the enterprise network via the desired link. This can be done by manipulating one or more BGP attributes in one of the following ways:

  • AS Path Prepending - by making the AS path longer for a particular entry point into our BGP AS, it is less likely that the neighboring AS will use that route to enter our network.
  • MED - the metric for a particular entry point into your AS can be advertised to let other ASes know via which entry point you prefer them to enter.
  • Leaking more specific routes
  • Community/Local pref agreement.

Keep in mind however that these attributes can only influence incoming traffic. You do not have ultimate control over how traffic enters your BGP AS. Administrators of remote BGP ASes can override all of your attempts to influence incoming traffic. Any such attempts may be perceived as hostile, or unprofessional so it is always best to talk with the ISP that manages the neighboring AS to let them know what you want to achieve.

For more information about which method to use under which circumstances, take a look at BGP - MED vs AS Prepending.

For influencing outgoing traffic, take a look at BGP Influencing outgoing traffic.