Route filtering

Last updated

In the context of network routing, route filtering is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for the Border Gateway Protocol on the global Internet, where it is used for a variety of reasons. One way of doing route filtering with external-resources in practice is using Routing Policy Specification Language in combination with Internet Routing Registry databases.

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. The protocol is classified as a path vector protocol. The Border Gateway Protocol makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator and is involved in making core routing decisions.

Internet Global system of connected computer networks

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing.

The Routing Policy Specification Language (RPSL) is a language commonly used by Internet Service Providers to describe their routing policies.

Contents

Types of filtering

There are two times when a filter can be naturally applied: when learning routes from a neighbour, and when announcing routes to a neighbour.

Input filtering

In input filtering, a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database.

Output filtering

In output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database.

Reasons to filter

Economic reasons

When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit, which is undesirable unless suitable agreements are in place. Applying output filtering on these routes avoids this issue.

Security reasons

An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult.

Similarly, an ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking.

Technical reasons

In some cases, routers have insufficient amounts of main memory to hold the full global BGP table. A simple work-around is to perform input filtering, thus limiting the local route database to a subset of the global table. [1] This can be done by filtering on prefix length (eliminating all routes for prefixes longer than a given value), on AS count, or on some combination of the two; security is the most important point for this.

However, this practice is not recommended, as it can cause suboptimal routing [2] or even communication failures with small networks[ citation needed ], and frustrate the traffic-engineering efforts of one's peers.

See also

In the context of Internet routing, the default-free zone (DFZ) refers to the collection of all Internet autonomous systems (AS) that do not require a default route to route a packet to any destination. Conceptually, DFZ routers have a "complete" Border Gateway Protocol table, sometimes referred to as the Internet routing table, global routing table or global BGP table. However, internet routing changing rapidly and the widespread use of route filtering ensures that no router has a complete view of all routes. Any routing table created would look different from the perspective of different routers, even if a stable view could be achieved.

An Internet Routing Registry (IRR) is a database of Internet route objects for determining, and sharing route and related information used for configuring routers, with a view to avoiding problematic issues between Internet service providers.

Routing Assets Database (RADb), also expanded as Routing Arbiter Database, run by Merit Network, is a lookup database designed to make fundamental information about networks available. The RADb is a public registry of routing information for networks in the Internet. It was developed in the early 1990s as part of the National Science Foundation (NSF)-funded Routing Arbiter Project. The acronym is frequently seen written in all caps (RADB) but its official usage is the following mixed case (RADb).

Related Research Articles

An Internet Protocol address is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, who subsequently ratified it as an Internet Standard on 14 July 2017.

Router (computing) device that forwards data packets between computer networks, creating an overlay internetwork

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. Data sent through the internet, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

Classless Inter-Domain Routing is a method for allocating IP addresses and IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses.

Multihoming is the practice of connecting a host or a computer network to more than one network. This can be done in order to increase reliability or performance.

In the Internet addressing architecture, a private network is a network that uses private IP address space. Both, the IPv4 and the IPv6 specifications define private addressing ranges. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Private IP address spaces were originally defined in an effort to delay IPv4 address exhaustion.

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6), a system that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.

A route distinguisher is an address qualifier used only within a single internet service provider's Multiprotocol Label Switching (MPLS) network. It is used to distinguish the distinct virtual private network (VPN) routes of separate customers who connect to the provider.

BGP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP).

Réseaux IP Européens Network Coordination Centre Regional Internet Registry for Europe, the Middle East and parts of Central Asia

The Réseaux IP Européens Network Coordination Centre is the Regional Internet Registry (RIR) for Europe, West Asia, and the former USSR. It is headquartered in Amsterdam, with a branch office in Dubai.

A provider-independent address space (PI) is a block of IP addresses assigned by a regional Internet registry (RIR) directly to an end-user organization. The user must contract with an Internet service provider to obtain routing of the address block within the Internet.

IPv4 address exhaustion is the depletion of the pool of unallocated IPv4 addresses. Because there are fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s, when the Internet started to experience dramatic growth. This depletion is one of the reasons for the development and deployment of its successor protocol, IPv6. Currently IPv4 and IPv6 coexist in the Internet.

A forwarding information base (FIB), also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper output network interface to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from Ethernet hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.

Deployment of Internet Protocol Version 6 (IPv6), the next generation of the Internet Protocol, has been in progress since the mid-2000s.

IPv6 address label to identify a network interface of a computer or other network node

An Internet Protocol Version 6 address is a numerical label that is used to identify a network interface of a computer or a network node participating in an IPv6 computer network.

IPv6 rapid deployment transition mechanism derived from 6to4

6rd is a mechanism to facilitate IPv6 rapid deployment across IPv4 infrastructures of Internet service providers (ISPs).

Carrier-grade NAT

Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network.

In order to ensure proper working of carrier-grade NAT (CGN), and, by doing so, alleviating the demand for the last remaining IPv4 addresses, a /10 size IPv4 address block was assigned by Internet Assigned Numbers Authority (IANA) to be used as shared address space.

References

  1. Santos, Omar (May 12, 2014). "The Size of the Internet Global Routing Table and Its Potential Side Effects". Cisco Systems . Retrieved 10 April 2015. [T]he Internet routing table growth could cause Ternary Content Addressable Memory (TCAM) resource exhaustion for some networking products.... Route filtering and the use of a default route can also be used to decrease the number of routes in an affected device.
  2. Lagerholm, Stephan. "IPv4 / IPv6 and TCAM memory". The IPv4 Depletion Site. Retrieved 10 April 2015. An option that service providers can consider is to filter smaller routes. ... What is likely to happen is providers will start filtering deaggregates where a covering prefix exists, at least for some time until this problem is resolved. This might create a suboptimal path for packets resulting in an increased latency.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.