Filtering routes

Route filtering lets you manage the advertisement of network routes based on criteria that you can specify. This functionality is necessary for optimal performance and security of the network, and for preventing routing loops.

You can use route filtering to allow or prohibit the advertising of specific routes between CPE devices and third-party network devices, as well as between individual autonomous systems. For route filtering, Kaspersky SD-WAN uses access control lists (ACLs), prefix lists, and route maps.

Access control lists

An access control list is a set of rules for filtering routing information on a CPE device based on IP addresses and prefixes of the networks to which the routes belong.

Rules in an access control list can allow or deny the advertising of routes that belong to a specific network. Each rule is numbered. The CPE compares the information about the network to which the route belongs to the conditions of the rules in the access control list that is being used, starting with the rule with the lowest number.

Prefix lists

A prefix list is an extended version of an access control list. The distinction of the prefix list is that it can contain rules that filter routes based on IP addresses and ranges of network prefixes (rather than individual prefixes).

Route maps

While the access control list and prefix list are always applied to advertised routes, a route map is applied to routes only when specified conditions are met, and it can change the attributes of routes.

If none of the rules in the access control list, prefix list, or route map can be applied to a route, that route is discarded.