Table of Contents

BGP Ingress and Egress Filters Usage by API

Miralem Cebic Updated by Miralem Cebic

BGP Ingress and Egress Filters Usage by API

In the context of the DE-CIX Cloud ROUTER APIs, BGP ingress and egress filters are powerful tools that allow customers to control the flow of routing information. These filters can be configured to process, modify, or block route advertisements either inbound (ingress) or outbound (egress). This capability is essential for managing route visibility, optimizing traffic, and enforcing routing policies.

Key Concepts of Ingress and Egress Filters

  1. Ingress Filters:
  • Applied to routes received from external peers or network services (e.g., AWS, Azure, Google Cloud).
  • Allow customers to define which prefixes should be accepted, rejected, or modified before they are added to the routing table of the Cloud ROUTER.
  • Use cases:
    • Block unauthorized or undesirable prefixes.
    • Modify attributes like local preference for specific prefixes to influence traffic paths.
  1. Egress Filters:
  • Applied to routes advertised to external peers or network services.
  • Allow customers to control which prefixes are sent and how they are presented (e.g., adding AS path prepending).
  • Use cases:
    • Prevent the advertisement of specific prefixes.
    • Manipulate attributes to influence how external peers route traffic back.

API Configuration Overview

Filters are configured using Policies and Prefix Lists:

Step 1: Prefix Lists

Define the list of prefixes to match during filtering.

Example:

{

"name": "rfc1918",

"managing_account": "1461",

"consuming_account": "1461",

"match_list": [

{ "prefix": "10.0.0.0/8", "max_length": 32 },

{ "prefix": "192.168.0.0/16", "max_length": 32 }

]

}

Step 2: Policies

Combine filtering actions with prefix matching.

Example:

{

"name": "example-policy",

"managing_account": "1461",

"consuming_account": "1461",

"entries": [

{

"sequence_number": 10,

"match_prefix_list": "rfc1918",

"action": {

"local_preference": 120,

"as_path_prepend": null,

"filter": "accept"

}

},

{

"sequence_number": 20,

"action": {

"local_preference": null,

"as_path_prepend": 2,

"filter": "reject"

}

}

]

}

How Filters Are Applied

Ingress Filters:

Attach a policy to an inbound direction on a network service, controlling how received routes are processed.

Example:

{

"attach_policy": {

"direction": "ingress",

"policy_id": "example-policy"

}

}

Egress Filters:

Attach a policy to an outbound direction, managing the routes advertised to peers.

Example:

{

"attach_policy": {

"direction": "egress",

"policy_id": "example-policy"

}

}

Use Cases

Route Optimization:

  • Ensure that only desired routes are accepted or advertised.
  • Modify route preferences to balance traffic across multiple connections.

Traffic Engineering:

  • Use AS Path Prepending to make specific paths less preferable to external peers.

Security and Compliance:

  • Block malicious or incorrect prefixes to protect the network.
  • Ensure only authorized prefixes are advertised to comply with routing policies.

Key Benefits

  • Flexibility: Define fine-grained control over routing behavior.
  • Scalability: Manage routing preferences across multiple connections seamlessly.
  • Security: Prevent unauthorized or harmful route propagation.
  • Ease of Use: Configure filters using intuitive API endpoints.

Conclusion

BGP ingress and egress filters, configured through Prefix Lists and Policies, are indispensable for managing routing effectively in the DE-CIX Cloud ROUTER. By leveraging these tools, customers can achieve greater control over their networks, optimize traffic flow, and enhance security. The API makes it simple to implement these configurations, ensuring smooth and reliable operation of routing policies.

How did we do?

Monitor and Visibility of Learned Routes and Advertised Routes by API

Contact