Route Filters

Route Filter Policies

  • Route filter policies give you granular control over the advertisement (egress) and reception (ingress) of specific IP prefixes using Border Gateway Protocol (BGP).

  • The filters can mitigate the impact of potential BGP routing anomalies or malicious activities, safeguarding the integrity and availability of the Cloud Router and its associated connections.

  • Policies and rules are configured to selectively permit or deny the propagation of routes based on their IP address prefixes, enabling users to enforce precise routing policies tailored to their specific needs.

  • The route filters are applied to the virtual connections associated with your Cloud Router. A policy must be defined as either an IPv4 or IPv6 policy when it is created. However, a route filter can be applied to a virtual connection as ingress or egress.

  • Filters are managed through the Equinix Fabric portal or APIs, allowing you to create and customize policies as needed. Updates to existing policies are applied automatically, and typically go into effect in less than a minute.

Before You Begin

Complete these steps before continuing to the procedures below:

  1. Sign into the Equinix Customer Portal and navigate to Fabric.

  2. If your Fabric account has been transitioned to Equinix Identity and Access Management (IAM) platform, use the Context Switcher drop-down list to access your project and its assets.

    For more information, see Identity and Access Management.

    IAM roles required for this function:

    • Fabric Cloud Router Manager

    • Fabric Manager

  1. In the Fabric portal, select Cloud Router Policy Manager from the Cloud Routers menu.

  2. In the Route Filter Policies section, click Create a Route Filter Policy.

  3. Enter the Route Filter Policy Name and select IPv4 or IPv6 for the Address Family.

  4. Click Create Route Filter Policy.

    The policy is created, and the Route Filter Policies inventory list is displayed.

Next, add rules to the new policy as described below.

  1. In the Fabric portal, select Cloud Router Policy Manager from the Cloud Routers menu.

  2. To edit an existing route filter policy (adding or removing prefixes):

    1. Click the name of the desired policy to select it.

    2. Click the drop-down arrow next to Actions and select Edit Route Filter Policy.

      • To add a new prefix to the policy, provide an IP Address and CIDR, then select a Subnet Mask Range of either Exact / Or Longer and select Add to Prefix List.

        Tip: A route filter policy can contain up to 32 prefixes.

      • To remove an existing prefix from the policy, click the trash icon on the right of the prefix.

    Note: The action of adding or removing prefixes from a Route Filter Policy is processed immediately and updates are applied and saved automatically, including changes made to a Route Filter Policy that is already applied to a connection.

  3. Click Close to return to the Route Filter Policy details.

  1. From the Connections menu in the Fabric portal, select Connections Inventory.

  2. Select a connection name.

  3. On the connection details page, select Routing Details.

  4. In the Route Filter Policy section:

    1. Select an IP type: IPv4, IPv6, or both.

    2. Select the direction: Ingress and/or Egress.

  5. To attach a Route Filter Policy:

    1. Select Edit.

    2. From the drop-down list, choose the Route Filter Policy to be attached.

    3. Click Save.

    The Router Filter Policy Status changes to ATTACHING, then to ATTACHED.

    Note: To check for status updates, click the refresh icon at the top of the Route Filter Policy list.

  6. To detach a Route Filter Policy:

    1. Select Edit.

    2. Select Detach Policy.

    3. Click Save.

    The Route Filter Policy Status changes to DETACHING, then displays two dashes (--).

    Note: To check for status updates, click the refresh icon at the top of the Route Filter Policy screen.

  1. In the Fabric portal, select Cloud Router Policy Manager from the Cloud Routers menu.

  2. Identify the Route Filter Policy to be deleted, and click the ellipsis (...).

  3. Select Delete Route Filter Policy.

Note: Before you delete a Route Filter Policy, the Peer Attached status for the policy must display No. If the policy is still attached to a connection, you must detach the policy before it can be deleted. For more details about detaching a route from a connection, see the procedure above.