BGP Filters

Hi Forum,

Setting up some new BGP filters, was wondering on the best course of action.

We have a few downstream customers that we re-advertise to various upstream providers. To keep the filters clean I add their routes to their own chain for filtering. When enabling their routes on outbound filter to our upstream providers is it best to use jump and return, or match chain?

For instance consider the following chains:

DOWNSTREAM1
1.1.1.0/24 action=accept
1.1.2.0/24 action=accept

DOWNSTREAM2
1.2.1.0/24 action=accept
1.2.2.0/24 action=accept

So when creating an out filter for UPSTREAM1 should I go:

UPSTREAM1-OUT
JUMP to DOWNSTREAM1
JUMP to DOWNSTREAM2

Or should I simply go on the chain match:

UPSTREAM1-OUT
MATCH DOWNSTREAM1 action=accept
MATCH DOWNSTREAM2 action=accept

Is there a performance difference to either?

Thanks

I haven’t experimented with jump filters when using BGP, but I have created some fairly large match filters for large carriers and enterprises with no major performance hit on CCR series routers.

I have small bgp filters, but I utilise jump’s mainly for common stuff. filtering out prefixs that i shouldn’t be getter. instead of duplicating it between each of the chains I have one common one.

I use a different chain for each bgp peer