Misplaced Pages

Route filtering: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 04:17, 16 December 2008 editJec (talk | contribs)Extended confirmed users1,130 editsNo edit summary← Previous edit Latest revision as of 21:39, 22 January 2019 edit undoDaviddwd (talk | contribs)Extended confirmed users13,790 edits short descTag: Visual edit 
(17 intermediate revisions by 14 users not shown)
Line 1: Line 1:
{{EngvarB|date=January 2019}}{{Short description|Process of excluding certain networking routes

}}
In the context of ], '''route filtering''' is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for ] on the global ], where it is used for a variety of reasons.
{{refimprove|date=April 2015}}
In the context of ], '''route filtering''' is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for the ] on the global ], where it is used for a variety of reasons. One way of doing route filtering with external-resources in practice is using ] in combination with ] databases.


==Types of filtering== ==Types of filtering==

There are two times when a filter can be naturally applied: when learning routes from a neighbour, and when announcing routes to a neighbour. There are two times when a filter can be naturally applied: when learning routes from a neighbour, and when announcing routes to a neighbour.


===Input filtering=== ===Input filtering===

In input filtering, a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database. In input filtering, a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database.


===Output filtering=== ===Output filtering===

In output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database. In output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database.


==Reasons to filter== ==Reasons to filter==

===Economic reasons=== ===Economic reasons===


When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit, which is undesirable unless suitable agreements are in place. Applying output filtering on these routes avoids this issue. When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit, which is undesirable unless suitable agreements are in place. Applying output filtering on these routes avoids this issue.


===Security resons=== ===Security reasons===

An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult. An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult.


Similarly, and ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking. Similarly, an ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking.


===Technical reasons=== ===Technical reasons===
In some cases, routers have insufficient amounts of main memory to hold the full ]. A simple work-around is to perform input filtering, thus limiting the local route database to a subset of the global table.<ref>{{cite web|url=https://supportforums.cisco.com/document/12202206/size-internet-global-routing-table-and-its-potential-side-effects|title=The Size of the Internet Global Routing Table and Its Potential Side Effects|last=Santos|first=Omar|date=May 12, 2014|publisher=]|accessdate=10 April 2015|quote=he Internet routing table growth could cause Ternary Content Addressable Memory (TCAM) resource exhaustion for some networking products.... Route filtering and the use of a default route can also be used to decrease the number of routes in an affected device.}}</ref> This can be done by filtering on prefix length (eliminating all routes for prefixes longer than a given value), on AS count, or on some combination of the two; security is the most important point for this.


However, this practice is not recommended, as it can cause suboptimal routing<ref>{{cite web|url=http://www.ipv4depletion.com/?p=672|title=IPv4 / IPv6 and TCAM memory|last=Lagerholm|first=Stephan|work=The IPv4 Depletion Site|accessdate=10 April 2015|quote=An option that service providers can consider is to filter smaller routes. ... What is likely to happen is providers will start filtering deaggregates where a covering prefix exists, at least for some time until this problem is resolved. This might create a suboptimal path for packets resulting in an increased latency.}}</ref> or even {{citation needed span|text=communication failures with small networks|date=February 2015}}, and frustrate the traffic-engineering efforts of one's peers.
Route filtering is also done because some routers have an insufficient amount of ] in which to store the routing tables; as the ] has grown, older routers (or any router running out of RAM) must filter routes in order to keep from running out of RAM (and crashing). This is usually done by removing of a route for any prefix more specific than a certain length (anything more specific than a /24, for example). This is not an ideal practice, as it may result in loss of connectivity if less-specific ]s are not available for dropped prefixes, and even if connectivity is maintained, may result in sub-optimal routes by frustrating the ] intentions of the announcing networks.


== See also == ==See also==
* ] * ]
* ]
* ] * ]
* ] * ]


==References==
{{reflist}}

{{DEFAULTSORT:Route Filtering}}
] ]



{{Internet-stub}} {{Internet-stub}}
{{telecom-stub}} {{Telecom-stub}}

Latest revision as of 21:39, 22 January 2019

Process of excluding certain networking routes
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Route filtering" – news · newspapers · books · scholar · JSTOR (April 2015) (Learn how and when to remove this message)

In the context of network routing, route filtering is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for the Border Gateway Protocol on the global Internet, where it is used for a variety of reasons. One way of doing route filtering with external-resources in practice is using Routing Policy Specification Language in combination with Internet Routing Registry databases.

Types of filtering

There are two times when a filter can be naturally applied: when learning routes from a neighbour, and when announcing routes to a neighbour.

Input filtering

In input filtering, a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database.

Output filtering

In output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database.

Reasons to filter

Economic reasons

When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit, which is undesirable unless suitable agreements are in place. Applying output filtering on these routes avoids this issue.

Security reasons

An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult.

Similarly, an ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking.

Technical reasons

In some cases, routers have insufficient amounts of main memory to hold the full global BGP table. A simple work-around is to perform input filtering, thus limiting the local route database to a subset of the global table. This can be done by filtering on prefix length (eliminating all routes for prefixes longer than a given value), on AS count, or on some combination of the two; security is the most important point for this.

However, this practice is not recommended, as it can cause suboptimal routing or even communication failures with small networks, and frustrate the traffic-engineering efforts of one's peers.

See also

References

  1. Santos, Omar (May 12, 2014). "The Size of the Internet Global Routing Table and Its Potential Side Effects". Cisco Systems. Retrieved 10 April 2015. he Internet routing table growth could cause Ternary Content Addressable Memory (TCAM) resource exhaustion for some networking products.... Route filtering and the use of a default route can also be used to decrease the number of routes in an affected device.
  2. Lagerholm, Stephan. "IPv4 / IPv6 and TCAM memory". The IPv4 Depletion Site. Retrieved 10 April 2015. An option that service providers can consider is to filter smaller routes. ... What is likely to happen is providers will start filtering deaggregates where a covering prefix exists, at least for some time until this problem is resolved. This might create a suboptimal path for packets resulting in an increased latency.


Stub icon

This Internet-related article is a stub. You can help Misplaced Pages by expanding it.

Stub icon

This article related to telecommunications is a stub. You can help Misplaced Pages by expanding it.

Categories: