9.8 BGP Route Filtering and Policy Routing  
  9.8.2 Using filters to implement routing policy  
Two distinct steps are involved in manipulating a route or a set of routes as follows:
  1. Identify the network number and subnet mask of the route to which the policies are to be applied. For BGP, this information is called the network-layer reachability information (NLRI). Recall that the NLRI consists of a prefix and prefix-length pair. Throughout this section, the NLRI is referred to simply as the prefix.
  2. Implement the policies, which can be filtering prefixes out altogether or manipulating the attributes of a prefix to influence the routing decision.

The identification process typically relies on a route map. Prefixes can be selected by their destination network number, the AS from which the prefix originated, the AS_Path, or another specific attribute value. Prefixes are identified using the match statement from the route map. After a route map matches a given prefix, the actions specified by the route map will be executed, and processing will be considered complete. In other words, when a prefix matches, it will not be passed through any remaining clauses in the route map.

What actions can the route map take after it has identified a match? The simplest actions are either to permit the route to pass through or to filter it out by denying it. Actions that are more complex adjust the attributes of a prefix to influence the routing process in some way.

Notice that the route map can match a prefix based on several criteria, such as network number or AS_Path information. Also, notice that once a route matches there are no further comparisons. The order in which the matches are configured in the route map is important. If a route map clause that permits all routes is put at the beginning of the list, it overrides all the other policies configured.