[sdnog] filtering traffic on BGP

[Nishal Goburdhan]

On 1 Mar 2016, at 10:56, Manhal Mohammed wrote:

> hello SDNOGGERS :)
>        i would like you to clear  some confusing for me  on BGP 
> filtering traffic , what i know that if you want to filter a traffic 
> that is coming from peer you have to set the filter for that  
> neighbour as (in bound) and vice versa. :/
> but some one told me that if i want to filter traffic i have to 
> consider the opposite side (the neighbour's router perspective)if it 
> is a received traffics (for my router)  i have to apply "outbound" for 
> the neighbour inside the BGPand if it is advertised prefixes i have to 
> apply "inbound" for the neighbour
> on my router :


hi manhal,
like most things, the answer is:  it depends on what you are trying to 
do.  :-)

traffic flows in response to BGP advertisements;  ie.  you advertise 
your prefix to your neighbour, and, in return, they send you traffic for 
it.  thus, if you want to filer traffic just by using bgp, you can do 
this in multiple ways.

you can try to:
* not advertise your prefix to them;  if you don’t advertise your 
prefix, then, they won’t send you traffic.  this is handy if, say, you 
have multiple network prefixes, and only need to make sure that they can 
not send traffic to one prefix, but can happily communicate with the 
other prefixes.  in that case, you’d just suppress the bgp 
announcement for the prefix you don’t want them to talk to.

* filter what you receive so that their prefixes don’t make it to your 
routing table;  what your routing table doesn’t know about, it won’t 
route to, and if you can’t route to them, well, you can’t send them 
traffic, which is largely the same as filtering.   this is handy if you 
don’t want *any* of you network prefixes to speak to their network via 
a certain path

… and then there are other tricks that involve a combination of these, 
but before i try to explain those, how about you tell us what you are 
trying to do, so that we can give you more detailed assistance.

—n.