In Prisma Access's default routing mode, the service connections establish BGP sessions with the
customer premises equipment (CPE) in the data centers. To ensure traffic destined for mobile users
in a specific region (e.g., North America) traverses the service connection in that same region, you
need to control the route advertisements.
Filtering out the mobile user pool prefixes from the other region on each service connection achieves
this by:
Preventing the data center in one region from learning the specific mobile user prefixes of the other
region. For example, the North American service connection would filter out the mobile user pool
prefixes allocated to European users.
Ensuring that when a data center needs to send traffic to a mobile user, it will only see and use the
route advertised by the service connection in the appropriate geographical region. This forces the
traffic to enter the Prisma Access infrastructure through the intended regional service connection.
Let's analyze why the other options are incorrect based on official documentation regarding default
routing mode:
A . Configure BGP on the customer premises equipment (CPE) to prefer the assigned community
string attribute on the mobile user prefixes in its respective Prisma Access region. While BGP
communities can be used for influencing routing decisions, in the context of default routing mode
and ensuring regional traffic flow, relying solely on the CPE to prefer community strings might not be
the most robust or direct method to guarantee traffic traverses the correct regional service
connection. The service connection itself needs to control the advertisement of prefixes.
C . Configure BGP on the customer premises equipment (CPE) to prefer the MED attribute on the
mobile user prefixes in its respective Prisma Access region. The BGP MED (Multi-Exit Discriminator)
attribute is primarily used to influence the path selection between autonomous systems (AS) or
within the same AS at different entry points. In this scenario, where service connections are
advertising prefixes, filtering at the source (service connection) is a more direct and reliable way to
ensure regional traffic flow than relying on the MED attribute on the CPE.
D . Configure each service connection to prepend the BGP ASN five times for mobile user pool
prefixes originating from the other region. BGP AS path prepending is a mechanism to make a path
less desirable. While this could influence routing, it doesn't guarantee that traffic will always take the
intended regional path. Filtering provides a more definitive control over which routes are advertised
and learned.
Therefore, configuring each service connection to filter out the mobile user pool prefixes from the
other region in the advertisements to the data center is the verified method to ensure traffic
destined for mobile users traverses the service connection in the appropriate region when using
Prisma Access in default routing mode.
