topic Re: BGP Route imports, Route filter vs Route maps? in Firewall and Security Management

BGP Route imports, Route filter vs Route maps?

Albin_Petersson — Fri, 03 Oct 2025 06:31:57 GMT

Helloes.

Could I get som enlightenment on the differences between these two?

We set up peering with one AS about 2 years ago, and then we used route filtering to handle route imports. I don't really remember why we chose filtering and I don't have that much knowledge about BGP.

This week we set up peering with a different AS, but I felt that it was easier to use route maps.

That led me to 3 questions.

It says in the documentation that you cannot use both at the same, time because route maps will "win".

1. Can you add a route map for an AS that have route filtering and then remove the filtering, keeping the imported routes? (converting filtering to routemap)

2. Will that restat the routed daemon, or reset the BGP session?

3. They both do the same thing from what I can tell? Which is the better one to use?

Re: BGP Route imports, Route filter vs Route maps?

emmap — Fri, 03 Oct 2025 06:51:22 GMT

If your routemaps accomplish the same as the filters, then you can apply the routemap and then remove the filters and it shouldn't break anything. I don't believe it would break the peering, but restarting the BGP session would be good to do in your maintenance window to make sure the routemap config is applied and is working properly.

As for which one is better to use, it's mostly around what will work for what you want to do and what you're comfortable with. Routemaps offer more options and granularity so it's not unusual for them to be the only choice available, which often leads to them being peoples' default way of going about things. It's also generally a good idea to keep things consistent rather than doing filtering/redist for some peers and routemaps for others. That way lies confusion.. hence another good reason to just always do routemaps.

Re: BGP Route imports, Route filter vs Route maps?

the_rock — Fri, 03 Oct 2025 11:15:04 GMT

hey @Albin_Petersson

Just remember that routemaps would ALWAYS take precedence, something to keep in mind.

Best,

Andy

Re: BGP Route imports, Route filter vs Route maps?

the_rock — Fri, 03 Oct 2025 12:53:03 GMT

Here are answers to your Qs.

Andy

***************************************

1. Can you add a route-map for an AS that has route filtering, then remove filtering, keeping the imported routes?
Yes.
You can attach a route-map to the neighbor, then remove the old filter (prefix-list, distribute-list, etc.). The route-map can replicate the filtering logic by just having match ip prefix-list <name> and permit.
→ This is effectively “converting” filtering to route-maps. Nothing bad happens, as long as your route-map enforces the same policy.

2. Will that restart the routed daemon, or reset the BGP session?
It depends on your platform (Cisco, Juniper, Fortigate, Check Point, etc.), but generally:

Changing a route-map or prefix-list does not reset the BGP session.
The routes will just be re-evaluated against the new policy (soft reconfiguration).
If your platform doesn’t support automatic re-eval, you might need a manual clear ip bgp <neighbor> soft in/out. But still, this is not a hard reset — the TCP session stays up, only routes are reprocessed.

So no daemon restart, and not usually a full BGP session flap.

3. They both do the same thing? Which is better?

Filtering (prefix-lists/distribute-lists) = simple, binary, quick. Use it if all you need is “import/export only these prefixes.”
Route-maps = flexible, industry standard, future-proof. Use them if you need to filter and/or manipulate attributes (local-pref, prepend, communities, etc.).

In practice, most operators standardize on routemaps, even for simple filters, because:

They consolidate filtering + attribute control in one place.
They’re more readable if your policy gets complex later.
They give you consistency across neighbors.

The only “advantage” of plain filters is simplicity — one line instead of a route-map stanza.