How to make a Mikrotik BGP filter?

R

rkarchava2017-03-09 13:05:26

Mikrotik

rkarchava, 2017-03-09 13:05:26

I have 2 providers with hard labor have BGP, the option that one sit down / 24 should be announced with only one provider. In the filter add action=discard chain=ASzzzzz-bgp-out prefix=XXX.XXX.177.0/24
add action=accept chain=ASzzzz-bgp-out prefix=XXX.XXX.176.0/22
but this route is still visible from another provider
what do you advise?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

O

Obsession, 2017-03-17
@Obsession

there is a peer ISP1 and ISP2, then the following

/routing bgp peer
#создаём пиров согласно настройкам от провайдера
#прописываем им чейны для фильтров
set in-filter=ISP1-in numbers=#первый провайдер
set out-filter=ISP1-out numbers=#первый провайдер
set in-filter=ISP2-in numbers=#второй провайдер
set out-filter=ISP2-out numbers=#второй провайдер
#далее идем в фильтры
/routing filter
#и создаём фильтры отдельным чейнам
add chain=ISP1-in prefix=#нужный префикс action=#что надо сделать

filters are created for each peer, you should not combine them.
let's say we have 3 providers and several conditions for private networks
(10.0.0.0/8; 192.168.0.0/16; 172.16.0.0/12 - we take only these)
1 provider we do not show private networks at all
2 providers we show only 192.168.0.0 /16
3 to the provider we show everything except 192.168.0.0/16
means filters 9
isp1 - 10.0.0.0/8 disgard
isp1 - 172.16.0.0/12 disgard
isp1 - 192.168.0.0/16 disgard
isp2 - 10.0.0.0/8 disgard
isp2 - 172.16.0.0/12 disgard
isp3 - 10.0.0.0/8 accept
isp3 - 172.16.0.0/12 accept
you can complicate the rules by making them combined, but practice has shown that it’s better not to.
Z.Y.
there will be more rules with all the bogons and it’s better to make your own set for each feast, and it’s easier to document and more pleasant to manage - each has its own rule.
Z.Z.Y
exclusively from my own experience and my own IMHO, it no longer works on the same network.