Get our Bestselling Ethical Hacker Course V13 for Only $12.99
For a limited time, check out some of our most popular courses for free on Udemy. View Free Courses.
BGP route selection is not just a protocol detail. For enterprise and service provider networks, it is one of the main levers for traffic engineering and network control. If you have two WAN links, two ISPs, or multiple data center exits, the question is not whether traffic will leave your network. The real question is which path it will take, and whether that choice matches cost, performance, and resilience goals.
Local preference is the attribute that gives you that control inside your autonomous system. It is one of the cleanest ways to influence BGP route selection without changing your physical topology, adding more circuits, or resorting to brittle workarounds. You can prefer one provider over another, shift traffic away from a congested link, or keep internal prefixes on a lower-latency MPLS path while leaving Internet VPN as a backup.
This article breaks down the mechanics, the policy design, and the operational details. You will see where local preference sits in the decision process, how it differs from AS path prepending and MED, how to build a simple value scheme, and how to validate that the routing table is doing what you intended. For practical context, Cisco’s BGP documentation is a useful reference for the general behavior of path selection, while Juniper and Microsoft routing guidance help show how policy is implemented in real networks.
If you manage enterprise WANs or service provider edge networks, this is the kind of control that pays off quickly. A clear local preference policy reduces guesswork, improves predictability, and makes route policy troubleshooting much easier. Vision Training Systems sees this pattern repeatedly in production networks: the teams that document and standardize their policy spend less time chasing asymmetric paths and less time explaining why traffic took the “wrong” exit.
BGP, or Border Gateway Protocol, is the routing protocol that decides how traffic moves between autonomous systems. In plain terms, it is the system that helps routers choose among multiple valid paths to the same destination prefix. That matters because the “best” route is not always the shortest one. It is the route that fits the policy you want to enforce.
BGP route selection is a decision chain, not a single rule. Vendors implement it with a sequence of attributes and tie-breakers. A common simplified order is: weight, local preference, locally originated routes, AS path length, origin type, MED, eBGP over iBGP, IGP cost to next hop, router ID, and final tie-breakers. The exact ordering can vary by platform, but the key point is stable: local preference is checked early, which makes it extremely effective for policy-based path control.
The distinction between inbound and outbound traffic matters here. Local preference primarily influences outbound traffic inside your AS. It does not make the Internet send traffic to you a certain way. That is a separate problem, often handled with AS path prepending, MED, route advertisements, and provider policy. If you want internal routers to agree on which exit to use, local preference is the right tool.
Good BGP policy does not chase the shortest path. It encodes the business decision you actually want the network to follow.
According to Cisco, BGP best-path selection is based on attributes examined in a defined order, with policy attributes such as local preference evaluated before many technical tie-breakers. That is why local preference is so useful in enterprise routing policy.
Local preference is a BGP attribute used inside an autonomous system to tell routers which exit path is preferred. Higher values win. If two routes reach the same prefix, the route with the higher local preference is typically selected as the best path, assuming earlier decision criteria do not already settle the choice.
This makes local preference especially valuable in multihomed environments. If you connect to two ISPs, you can make one the primary egress and the other the backup. If you have multiple data centers, you can steer traffic through the site with more capacity or lower latency. If you run a WAN with MPLS and Internet-based transport, you can prefer the circuit that better supports the application mix.
Local preference is different from AS path prepending, MED, and communities in both scope and control. AS path prepending is mostly an outbound advertisement trick used to influence how others view your route. MED is a hint sent to neighboring ASes, but it is often compared only among routes from the same neighbor AS. Communities are tags that can carry policy meaning, often to trigger provider-side actions. Local preference stays internal, which gives you stable control over your own routing decisions.
| Attribute | Primary Effect |
| Local preference | Controls preferred outbound path inside the AS |
| AS path prepending | Makes a route look less attractive to external networks |
| MED | Suggests preferred ingress to a neighboring AS |
| Communities | Carry policy tags for internal or provider-side processing |
Another important behavior: local preference is generally not advertised to external BGP peers. That protects your internal policy from leaking outside the AS. It also means your edge routers can use it as a consistent internal control mechanism without affecting the rest of the Internet.
In practical terms, think of local preference as the policy knob that says, “Use this exit unless there is a better business reason not to.” That simplicity is why many routing teams build their entire primary/secondary design around it.
The BGP decision process compares route attributes in order. If two routes are otherwise comparable, the one with the higher local preference wins before the router even considers AS path length or MED. That means a longer route can still be selected if it carries a higher local preference. This is not a bug. It is the point.
Consider two routes to the same prefix, 203.0.113.0/24. Route A arrives from ISP1 with a local preference of 200 and an AS path of 64500 64496 64497. Route B arrives from ISP2 with a local preference of 100 and an AS path of 64510 64480. Even though Route B has a shorter AS path, Route A wins because local preference is examined earlier. Your network is effectively saying, “This provider is the business-approved exit.”
That ability to override “shorter path” assumptions is why local preference is so valuable for traffic engineering. Network engineers often start by looking at route length, but business requirements are usually more important than path length. A preferred provider may be cheaper, more stable, or aligned to contract terms. A preferred internal tunnel may carry voice or ERP traffic more reliably. Local preference lets routing policy reflect those realities.
Default values matter too. Many networks start with a default local preference of 100, then explicitly raise or lower values to create policy tiers. That is safer than inventing a different number for every case. A clean policy might use 200 for primary, 150 for preferred alternate, and 100 for backup.
Consistency is critical because iBGP shares local preference throughout the AS. If one edge router applies a different policy than another, you can create inconsistent best-path choices and asymmetry. That is how simple policies become operational headaches.
The most common use case is a primary and backup ISP design. You receive full routes or default routes from two providers, then set a higher local preference on the preferred transit. Traffic leaves through the primary link by default, and if that path fails, the backup route becomes best automatically. This gives you predictable outbound routing without touching the physical network.
Cost-aware routing is another strong use case. If one transit circuit is significantly more expensive, you can assign it a lower local preference and reserve it for failover or overflow. That is a practical way to match routing policy to budget. It is also useful when internal private links are cheaper than Internet VPNs, or when one cloud interconnect should be used before an expensive metered path.
Data center traffic engineering often relies on local preference to steer traffic toward the egress point with the best latency or capacity. For example, a site hosting customer portals might prefer the local Internet breakout for web traffic but keep east-west application traffic on a backbone or MPLS path. The local preference policy can reinforce that design so the network behaves consistently under load.
Dual-WAN enterprise environments use the same logic. If one circuit has a tighter SLA for voice or video, that route gets the higher local preference. If a region has multiple exits, local preference can also align routing with application geography. That matters when your security team, infrastructure team, and app owners all want different outcomes from the same network.
Note
According to the Bureau of Labor Statistics, network and computer systems administrators remain a core network operations role, and the job outlook for the broader IT infrastructure stack continues to support strong demand for routing and WAN expertise. That makes clean routing policy a useful operational skill, not just a theory topic.
A good local preference policy starts with a business objective. Do you want lower cost, higher resilience, better performance, or simpler operations? If you do not define the goal first, you will end up assigning values based on habit. That is how routing policies become inconsistent over time.
The best schemes are simple. Use clear tiers such as primary, secondary, and tertiary. Avoid random values like 137, 149, and 173 unless there is a technical reason to do so. The more exotic the numbering, the harder it is for another engineer to understand what the route policy means during an outage or change window.
A practical design might look like this:
That kind of scheme is easy to explain in a change advisory meeting. It also helps when multiple teams manage different parts of the edge. If operations, security, and WAN engineering all know what the values mean, fewer route policy mistakes slip through.
Coordination matters. Local preference changes can alter failover behavior, maintenance procedures, and even application performance. Bring in change management, NOC staff, and anyone responsible for provider relationships. If a transit contract says one circuit should always be primary for a specific prefix set, encode that in policy rather than relying on memory.
Plan for exceptions too. Some destinations may need different routing rules. For example, voice gateways might prefer one exit while backup replication traffic prefers another. The cleanest way to handle this is with prefix lists, communities, or route tags that identify the traffic class. That keeps the policy maintainable instead of turning it into a pile of one-off route maps.
According to NIST, clear policy definition and consistent control implementation are core to secure and dependable network operations. Routing policy is no different. If the rule is not documented, it is not really a policy.
Local preference is usually set on inbound routes as they enter your AS. That is the moment when you decide which path you want your internal routers to prefer. Depending on the vendor, you may use route maps, policy statements, prefix lists, route policies, or policy options to match route sources and assign a value.
The workflow is usually straightforward. A router receives routes from multiple neighbors, classifies them based on neighbor identity, prefix group, or community tag, and then assigns a local preference accordingly. Preferred transit might get 200. Backup transit might stay at 100. Internal MPLS routes may receive an even higher value if they should beat Internet-based alternatives.
On Cisco platforms, route maps are commonly used with BGP neighbors. On Juniper, policy statements are the standard approach. Arista and Nokia have their own policy syntax, but the logic is the same: match the route, apply local preference, and then advertise the route into iBGP so every internal router sees the same preference.
The most common mistake is partial application. If you set local preference on one edge router but not the others, route reflection or iBGP distribution can still lead to inconsistent choices. Another common problem is forgetting that inbound policy must be reflected throughout the AS so all routers make the same best-path decision.
Pro Tip
When you roll out local preference changes, test on one edge, verify the best path in the RIB and BGP table, then expand the policy gradually. A staged rollout is much easier to unwind than a network-wide change that affects every prefix at once.
For vendor-specific syntax, use the official documentation. Cisco’s command references, Juniper’s routing policy guides, and vendor manuals from Arista or Nokia are the right sources for exact configuration syntax. The policy logic should remain vendor-neutral even if the commands do not.
Here is a simple dual-homed ISP example. Your enterprise connects to ISP-A and ISP-B. You want ISP-A to carry normal outbound traffic and ISP-B to stay as backup. You set local preference 200 on routes learned from ISP-A and 100 on routes learned from ISP-B. If ISP-A fails, ISP-B automatically becomes best for outbound BGP route selection.
A data center example is slightly more nuanced. Suppose one site has a better Internet edge and lower latency to your SaaS dependencies. You can assign routes learned from that site a higher local preference than routes learned from the backup site. That way, user sessions and application traffic leave the preferred location unless the circuit or site degrades.
Another common case is MPLS versus Internet VPN. Internal prefixes learned over MPLS might get local preference 250, while the same routes over an encrypted Internet VPN get 150. That tells the network to prefer the carrier backbone for reachability and use the Internet tunnel only if the private circuit is unavailable.
Provider communities can make this even cleaner. Some ISPs allow customer communities that trigger a particular local preference on the provider side. That means the provider can help you influence which of their exits your traffic uses. Always confirm the community behavior in the provider’s documentation before relying on it. The community value is only useful if both sides agree on what it means.
| Scenario | Policy Pattern |
| Dual ISP | 200 on preferred transit, 100 on backup |
| Data center egress | Higher value on lower-latency or higher-capacity site |
| MPLS vs. VPN | Prefer MPLS for internal prefixes, VPN as backup |
| Graded preference | 250, 200, 150, 100 tiers instead of binary primary/backup |
Graded preference is useful when you have more than two viable paths. For example, a regional edge might prefer a local ISP, then a national provider, then a temporary backup tunnel. That gives you more flexibility than a simple two-state design and can reduce failover churn during maintenance or partial outages.
Once the policy is in place, verify that the right path is actually being selected. Start with the BGP table and best-path output. On most platforms, you can inspect the route, the selected next hop, and the local preference value attached to each candidate path. If the preferred route is not winning, the issue is usually policy placement, import order, or a conflicting attribute.
Then verify that the traffic matches the control-plane decision. Use traceroute to confirm the egress path, check flow logs to see which interface is carrying the sessions, and review traffic analytics on edge devices or firewalls. It is possible to have the correct route in the table but still send traffic a different way because of policy routing, NAT placement, or asymmetric return paths.
Common troubleshooting issues include missing route maps, inconsistent policy between edge routers, and route reflection effects that hide the original intent. Another issue is forgetting to clear or refresh BGP sessions after a policy change, which can leave old best-path decisions in place until the network converges.
Failover testing is essential. If the preferred path disappears, the backup should become active quickly and predictably. That is the real test of your policy. A routing design that looks good on paper but fails during maintenance is not a good design.
Warning
Do not assume that a best-path change equals a traffic change. Verify the control plane and the data plane separately. Asymmetric routing, stale sessions, and firewall state can make the network behave differently from what the BGP table suggests.
According to the official Cisco and Juniper routing documentation, policy-based path selection must be validated at both the route and forwarding layers. That operational discipline is what keeps BGP changes safe.
Keep the local preference scheme simple. That advice sounds basic, but it is the difference between a routing policy that scales and one that becomes tribal knowledge. If your team needs a spreadsheet and a whiteboard to explain the numbers, the policy is too complicated.
Use route policies and communities wherever possible instead of hand-built one-off exceptions. A clean policy framework can handle new providers, new regions, and new application classes without starting over. Hardcoding exceptions directly into edge routers tends to create drift and makes incident response slower.
Avoid overly granular values. There is rarely a meaningful operational difference between local preference 171 and 172. What matters is the ranking, not the exact number. Too much granularity creates maintenance risk and makes audits harder. A tiered scheme is easier to explain and easier to enforce.
Do not confuse local preference with inbound traffic engineering. It controls outbound path selection inside your AS. If you want to influence how other networks reach you, you need other tools such as AS path prepending, route advertisements, provider communities, or topology-aware design.
A final mistake is forgetting that routing policy is operationally connected to security and compliance. For regulated environments, route stability can matter for logging, inspection, and segmentation. Organizations following frameworks such as NIST Cybersecurity Framework or ISO/IEC 27001 should treat routing policy as part of dependable infrastructure control, not as an isolated network tweak.
Local preference is one of the most reliable tools for controlling BGP route selection inside an autonomous system. It lets you express business intent in routing terms. You can prefer one ISP, protect application performance, shift load away from a degraded link, or keep an expensive backup circuit ready without letting it dominate normal traffic flow.
The important point is that good routing policy is not just about shortest paths. It is about aligning network behavior with cost, resilience, and service goals. That means defining a clear policy, using a simple value scheme, applying it consistently, and validating the result in both the control plane and the data plane. If you do that, local preference becomes a stable foundation for traffic engineering and network control.
Before you roll out changes, document the tiers, review exception handling, and test failover behavior. That discipline pays off when a provider has issues, a maintenance window opens, or a regional circuit becomes congested. In those moments, well-designed policy is what keeps traffic on the path you expected.
If your team needs practical, vendor-aware training on routing policy, BGP, and enterprise network operations, Vision Training Systems can help you build those skills with a focus on real-world implementation. The goal is simple: make your network predictable, supportable, and ready for change.
According to the Bureau of Labor Statistics and broader industry workforce data from organizations like CompTIA, routing and infrastructure skills remain in demand. That makes BGP policy work a valuable capability, not a niche specialty. The teams that master it gain more control over performance, cost, and resilience.
BGP local preference is a well-known path attribute used inside an autonomous system to influence outbound routing decisions. It tells your internal BGP routers which exit path should be preferred when multiple routes to the same destination are available. In practice, higher local preference values are chosen first, making it one of the most effective tools for BGP route selection and traffic engineering.
This attribute is especially useful in enterprise networks and service provider environments with multiple WAN links, dual ISPs, or redundant data center connections. By setting local preference consistently, network teams can steer traffic toward lower-cost links, higher-performance circuits, or more resilient paths. Unlike some other BGP attributes, local preference is propagated to iBGP peers, so it can shape routing behavior across the entire AS.
To prefer one ISP over another, assign a higher local preference to routes learned from the ISP you want to use as the primary exit path. Since BGP chooses the path with the highest local preference within the AS, traffic will generally leave through that provider unless another attribute overrides it later in the selection process. This is a common method for primary and backup WAN design.
A practical approach is to set a higher value on routes received from the preferred ISP and a lower value on routes from the backup ISP. For example, you might keep the default for the backup path and raise the preferred path’s local preference through route maps or policy-based routing logic applied to inbound BGP updates. This keeps outbound traffic engineering centralized and predictable while still allowing failover if the preferred link becomes unavailable.
Local preference should be used when you need to control outbound traffic inside your own autonomous system. It is the most direct and widely accepted attribute for internal path preference because it is compared early in the BGP decision process and is carried across iBGP sessions. That makes it ideal for selecting the best egress point from multiple internal routers.
MED and AS path prepending solve different problems. MED is usually used to suggest entry preference to an external neighbor, and it is commonly compared only between routes from the same neighboring AS. AS path prepending is an outbound advertisement technique used to make one path look less attractive to the outside world, which mainly affects inbound traffic. If your goal is outbound traffic engineering, local preference is typically the right tool.
Best practice is to use a simple and consistent local preference hierarchy. Many networks define a few standard values such as higher for primary links, medium for secondary links, and lower for backup or emergency paths. Keeping the policy easy to understand reduces configuration errors and helps operators troubleshoot BGP route selection more quickly.
It is also important to apply local preference through route policies rather than manual per-router changes. That way, the same routing intent is enforced across the AS and changes can be audited. You should document the meaning of each value, test failover behavior, and verify that route reflectors and iBGP peers are propagating the attribute correctly. In addition, avoid using unnecessarily large or overlapping values, since clarity matters more than the exact number.
Yes, local preference can support both resilience and performance when used as part of a broader BGP routing policy. By assigning the highest preference to the best-performing path and a lower preference to the backup path, you can keep normal traffic on the optimal circuit while still maintaining automatic failover. If the preferred route disappears, BGP can quickly move traffic to the next-best path based on the configured policy.
This makes local preference valuable for networks that want predictable behavior during outages, maintenance windows, or congestion events. You can also combine it with health checks, route filtering, and prefix policies to avoid sending traffic over unstable links. The key is to design local preference rules around business priorities such as cost, latency, and availability, rather than treating it as a one-time configuration setting.
Start learning today with our
365 Training Pass
*A valid email address and contact information is required to receive the login information to access your free 10 day access. Only one free 10 day access account per user is permitted. No credit card is required.
Discover the best Cisco ENCOR training courses to enhance your self-study success, master essential networking concepts, and confidently prepare for
Discover essential strategies to secure containerized applications by understanding Kubernetes Pod Security Policies and preventing potential security risks.
Discover the key differences between Cisco ENCOR 350-401 and CCNP Enterprise to enhance your certification strategy, improve your skills, and
Discover how to efficiently manage files in Linux using links, understanding hard and symbolic links to improve backups, deployments, and
Discover how Azure certifications enhance your ability to implement data protection and compliance strategies, ensuring security and regulatory adherence in
Discover essential practice questions to help you prepare for the Microsoft Power Platform Developer Associate exam and boost your confidence
Discover key differences between cloud and on-premises security threats and learn how to effectively manage risks in both environments for
Discover how to automate user provisioning and de-provisioning with Microsoft Entra ID using PowerShell to improve efficiency, accuracy, and security
Discover essential strategies and practice questions to prepare for the AWS Certified Machine Learning Specialty exam and boost your AI
Discover essential backup and restore best practices to build a resilient Windows Server infrastructure that ensures rapid recovery and minimal
