BGP route policies overview
This guide is an overview to Cloud Router Border Gateway Protocol (BGP) route policies.
BGP route policies let you set rules to filter BGP routes or modify BGP route attributes. You can apply BGP route policies to both inbound and outbound BGP routes. You use the Common Expression Language (CEL) to define the BGP route policies to apply to your BGP routes.
You can apply BGP route policies to learned routes or advertised routes on Cloud Router for BGP sessions. BGP route policies are separate from policy-based routes, which are applied to Virtual Private Cloud networks by assigning a next-hop route that is based on a per-example source address, which isn't necessarily based upon a destination address. For more information, see Policy-based routes.
What are BGP route policies?
BGP route policies are defined as an ordered list of terms. Each term is evaluated in the order that you specify, and include both a condition and a corresponding action for when a route matches that term. A particular BGP route policy can be applied only in one direction, either inbound for learned routes, or outbound for advertised routes, but not both simultaneously. However, BGP route policies can be applied to multiple BGP peers on Cloud Router.
BGP route policies use cases
You can use BGP route policies to control which BGP routes are accepted, rejected, or modified before the BGP routes are advertised to other BGP peers or imported to the VPC routing table.
The following are example use cases for BGP route policies:
Modifying the best-preferred BGP route: You can use BGP route policies to modify the best-preferred BGP route, which is helpful for influencing the path that traffic takes through a network. For example, you can use BGP route policies to help ensure that BGP routes from a particular peer are preferred over other BGP routes by changing the value of the BGP MED attribute.
Filtering unwanted BGP routes: You can use BGP route policies to filter unwanted learned routes, or to avoid advertising particular routes to BGP peers. This is useful to prevent routing loops, that route traffic through undesirable paths. For example, you can use BGP route policies to filter prefixes within a subnet.
Meeting traffic engineering goals: You can use BGP route policies to meet specific traffic engineering goals. You can use BGP policies to distribute traffic by prepending to a route's AS-PATH in order to influence best selection. For example, for a prefix
192.168.2.0/24, Cloud Router learns the prefix from two peers but learns different AS-PATH values from each peer. Sopeer1might provide an AS-PATH value of[1010]andpeer2might provide an AS-PATH value of[2020]. With BGP route policies, you can choose to add one or more values to the front of the AS-PATH value.
How BGP route policies are applied
You apply BGP route policies to BGP configurations on a Cloud Router. Each BGP peer has zero or more route import and export policies applied to it. Import route policies apply to inbound routes, and export route policies apply to outbound routes. The following describes the general rules that Cloud Router follows when applying BGP route policies:
BGP route policies are evaluated in the order that you list.
Terms in each BGP route policy are evaluated in the order of specified priority.
Terms can modify BGP routes. A subsequent term can modify a BGP route made by a previous term.
Evaluation ends when a BGP route is accepted or dropped. BGP routes are accepted if all policies and terms are evaluated and none are dropped.
Terms aren't evaluated twice for a route in a single exercise of a BGP route policy.
Relationships between BGP route policy resources
Each Cloud Router owns BGP peers and BGP route policies. The BGP peers that belong to a particular Cloud Router reference BGP route policies by name.
You can create, modify, and delete BGP route policies as long as the parent Cloud Router exists.
Interactions with other Cloud Router features
The following sections describe how BGP route policies interact with other Cloud Router features.
- Custom advertised routes
- Export BGP route policies can drop or modify custom advertised routes before they're advertised to BGP peers.
- Prefix limits
- The limit of prefixes that Cloud Router accepts from a peer is 5000. If a peer advertises more than 5000 prefixes, Cloud Router resets the BGP session.
- Static routes
The limit of prefixes that Cloud Router accepts from a peer is 5000. If a peer advertises more than 5000 prefixes, Cloud Router resets the BGP session.
The prefix limit is applied to inbound routes before BGPs are applied, so using BGP route policies doesn't change this behavior.
- Subnets
Export BGP route policies can filter or modify Virtual Private Cloud subnets subnet routes before they're advertised to BGP peers.
- Transit routes
The following apply to routes when using BGP route policies:
Import BGP route policies can filter or modify routes learned from BGP peers.
Export BGP route policies can filter or modify routes advertised to BGP peers.
Cloud Router doesn't honor the behavior of the
NO_EXPORTandNO_ADVERTISEDBGP communities.