Hello, 

Yes we are trying to force internet traffic through the internet line, and all other traffic through the MPLS

we applied the routes to the BGP tunnles.

0.0.0.0/0 - deny

public IP-deny

any - permit

The list above is added to the MPLS BGP tunnel to not advertize a default route, not advertize public  and advertize any thing else 

--------------------------------------------------------------------------

The list below is added to the internet  BGP to advertize public IPs only and not advertize anythging else  else  

public IP-permit

0.0.0.0/0 - deny

public IP-deny

Are you applying these as incoming or outgoing filters?

Out filters on the BGP Tunnels 

That's probably not gonna work for your goal. The out filter will filter out routes that the T0 advertises to the outside world. Based on your message, you want to apply something like this to the the MPLS peers (incoming):

0.0.0.0/0 Deny
Any          Allow

This will cause the MPLS peers to not accept a default route from the remote side, this in turn will cause the T0 to not install a default route from the MPLS peers in it's routing table. You might additionally want to add some extra rules in there for other public IP's, but that will depend on your environment. 

For this usecase, you don't necessarily need any other filters I believe.

It is best practice to only allow your own public address space on an outgoing BGP filter (even though your ISP should be filtering this as well), and to deny any incoming private subnets from your ISP (again, they should not send this, but if everyone did there job properly, most of us would be out of a job). All of this assumes that you are directly peering to an ISP of course

Yes i am directly peering with the ISP.

Thanks, Ill try what you suggested and let you know how it turns out