BGP Filters on Private Peering
Can we expand BGP filtering into Private peering? That will enable us filtering unnecessary traffic and also filter incoming onPrem networks into Azure VNET. Furthermore , that will provide summarisation of on Prem routes into VNETs thus less UDRs if you wanted to route all traffic via NVA
Dane Jackson commented
Also this for Virtual WAN. Scenario where Virtual WAN instance is connected to multiple ExpressRoute circuits which themselves are attached to a single WAN with a shared routing domain will result in route advertisement loops. Azure support confirmed ExpressRoute BGP peers do not drop received route advertisements with AS path already containing AS 12076. The only currently clear way to manage this is through carrier side route filtering which is often done manually by the carrier, requiring a MACD order which can take a lot of time and often comes with a service fee.
Ibrahim Mohamed commented
I totally Agree on the importance of extending BGP incoming traffic filtering to private peering.
I added a request to have global (basic) BGP filtering capabilities. It should not matter if it is BGP over ExpressRoute or BGP over IPSec VPN terminated on VNG or Virtual WAN. A BGP router should have at least basic filtering capabilities ( e.g. prefix based )
Timo DM commented
Voting as well
Benjamin Mitchell commented
Alan Harrylal commented
I have to agree with the request for BGP filtering being extended to the Private Peering and at the VNET/Subnet level. It is a MUST when working with BGP so that routes that are unnecessary for the ExpressRoute Circuit are not learned from BGP route injection into Azure. Same at the VNET/Subnet level.
Igor Romanovsky commented
My very big customers also need BGP filtering per vnet/subnet level, not only per ER circuit or connection. Please share your view on the roadmap for this feature.
Rick Zotz commented
I second the need for this capability. Not all network providers provide an easy self-service method for controlling route advertisements into Azure, and may require customers to submit change requests. We prefer to handle summarization and filtering ourselves.
Mikael Gottfridson commented
Is there any progress in this topic with adding BGP filtering on Private Peering
Paresh Mundade (MSFT) commented
Thank you for your feedback. We will include this in our planning and roadmap and see how feasible this is.