What BGP Actually Does

BGP is a path selection system. It does not know what fast means. It does not know what cheap means. It picks a path based on attributes and policy. If you do not write the policy, BGP will still pick a path. That path might be the one that ruins your weekend.

Start With a Baseline

Before you try to control anything, you need visibility. Know what you advertise, what you receive, and what wins. If you do not have a baseline, every change becomes guesswork.

Outbound Control

Outbound control is easier because you control your own decision process. The clean mental model is: set preference inside your AS and let the best path win.

Local Preference is Your Main Lever

Local Preference is usually the right tool for outbound steering. Higher wins. Apply it at the edge based on prefix sets and intent.

Goal
  Prefer ISP A for most traffic
  Prefer ISP B for a small set of prefixes
Method
  Set higher local preference for those prefixes on ISP B
Result
  Deterministic outbound choice inside your network

Inbound Control

Inbound control is harder because the decision happens in someone elseโ€™s network. The three practical tools are communities, AS path prepending, and more specific announcements.

Communities That Actually Work

Provider communities are the closest thing to real inbound control. You can request local pref changes inside the provider, or control which regions learn your routes.

AS Path Prepending Without Self Sabotage

Prepending can work, but it is a blunt instrument. Use it only when communities are not available.

More Specifics

Announcing a more specific prefix can steer inbound traffic fast. It can also increase your blast radius if you do it casually.

If your only inbound strategy is prepending, you do not have a strategy. You have hope.

Filters That Prevent Disaster

Most BGP incidents are not clever attacks. They are fat fingers. The fix is boring hygiene: prefix filters, max prefix limits, and route origin validation where possible.

  • Prefix lists: only accept what you expect
  • Max prefix: fail closed when a peer leaks routes
  • Reject bogons: do not carry garbage

A Simple Playbook

When you need to change routing, do it like an engineer, not like a gambler.

  • Write the intent in one sentence
  • Predict the winning path before you touch anything
  • Change one lever at a time
  • Measure from users and from routers
  • Keep rollback ready and fast

Conclusion

BGP is not scary. Uncontrolled BGP is scary. Use Local Preference for outbound. Use communities for inbound. Filter aggressively.