Looking to optimize your multicloud network? Route filtering could be your next move.

Efficiency is a top priority for enterprises – and their multicloud network should be no exception. As multicloud adoption continues to rise—with a predicted 94% of organizations having a multicloud network by 2024—now is the time to look at how you can make the most of your setup. Enter route filtering, a multicloud feature for those wanting a streamlined experience migrating and storing data between their clouds.

How does it work?

Simply put, route filtering works with your virtual cloud routing setup to fine-tune your network route paths by identifying routes advertised or received from neighboring routers, then permitting or denying traffic (i.e., allowing the path or terminating the route). A typical sequence of operations would be to create a named prefix filter list that contains one or more IPv4 or IPv6 network addresses (prefixes) and an action: permit or deny. 

Then, on a per-peer basis, this and other prefix filters would be applied to the incoming or outgoing data path between the virtual cloud router and that peer. It’s a handy tool to simplify your network routes and avoid overloading or latency across multiple clouds by directly specifying which routes you’d like to be discoverable for which cloud, and disregarding the rest.

For example, Amazon Web Services (AWS) permits up to 100 Border Gateway Protocol (BGP) global routes (including private virtual private clouds in other cloud providers) to be advertised toward their cloud, with anything exceeding this meaning your connection could get shut down. To mitigate this, you can use route filtering to eliminate any unnecessary paths and stay below these thresholds to allow data migration to flow uninterrupted.

Cloud providers like AWS, Microsoft Azure, and Google Cloud Platform make it very easy for customers to connect to them over the Internet, but when using private cloud connectivity methods such as those offered by Megaport, customers can manage their own routing tables and routing policies to ensure traffic flows the way they desire to and from each peer router.

Read how geodata specialist Fugro Roames took control of their data with MCR.

The benefits for your multicloud

With route filtering, you can take your multicloud network to the next level with these key benefits:

• More granular control - tailor your multicloud network routes by filtering individual routes or prefixes, allowing for a totally customizable multicloud experience. 
• Better network performance - maximize your network’s efficiency by avoiding repeated or unnecessary routes, instead utilizing the most effective route for a smoother, faster network through reduced latency.
• Bolstered security - by ensuring that only the desired routes are allowed over the peering link, route filtering prevents you from accidentally becoming a transit autonomous system (AS) on the internet, reducing your risk of hijacking and other cyber attacks and better protecting your multicloud.

In 2022, multicloud has become the norm – and there are a handful of ways to use it. Weigh up your options with our comparison.

Route filtering as a Megaport Cloud Router feature

Megaport Cloud Router’s (MCR’s) route filtering feature allows you to take ultimate control of your multicloud experience. With MCR, you can easily control routes to advertise between your cloud suite, simplify hub-and-spoke network designs (such as routing between peers A and B, and A and C, without advertising routes to peer B or C), and easily connect specific on-premises infrastructure to private clouds. This means you can permit offices on one subnet to talk to clouds without advertising the existence of secondary office subnets, thus improving your network’s redundancy and reducing latency and security breach risks.

With Megaport’s route filtering feature for MCR, you can set two types of route filters to permit or deny route advertisements to BGP neighbors. The first type is the BGP peer filter, which allows you to designate which BGP neighbors are permitted or denied route exchange. The second type is the BGP prefix filter, which allows you to set permit or deny filters to ranges of IP addresses using route prefixes.

The first method is ideal for bulk filtering between pairs of peers. For example, if your company has connections to AWS, GCP, and Azure, you may want to announce all of your route prefixes to AWS, deny GCP announcements to Azure, and deny Azure announcements to AWS. See the below diagram that demonstrates how three BCP neighbors (or various cloud connections for our example) can interact through route filtering.

Alternatively, the second method permits, on a per-peer basis, more granular control over the exchange of routes between your MCR and a peer router. With this BGP prefix filter, you can create:

• Inbound prefix filtering using a whitelist - routes not matching the whitelist are denied at the earliest possible point, and will not be used by the MCR at all.
• Inbound prefix filtering using a blacklist - routes matching the blacklist are filtered. All other prefixes are allowed to enter the routing table of the MCR.
• Outbound prefix filtering using a whitelist - routes matching the prefix list are advertised to the BGP neighbor and all other routes are filtered.
• Outbound prefix filtering using a blacklist. 

Multicloud connectivity solutions, all in one place – find the one best for you here.

With the precise customization it offers, route filtering with Megaport Cloud Router is a great way to efficiently and securely peer across your business’ multicloud infrastructure. Whether it’s bulk filtering among whole cloud services providers or customizing your multicloud network with specific instructions, route filtering gives you ultimate control over your virtual clouds, making your network easier to manage now and grow into the future.