I would like someone to help me, I really need to do a filter to announce my ipv6 block to the operator, and block the millions of routes received by her.
Simply ask the operator to provide you only default route, and nothing more.
AND HOW DO I MAKE HIM SEE MY ROUTES, WHY HE CLAIMS I'M NOT ADVERTISEMENT ANY ROUTE
Here is an IPv6 filtering example for advertised prefixes from a blog post I wrote:
https://stubarea51.net/2021/08/24/mikrotik-routerosv7-first-look-feedback-on-routing-filters/
/routing filter rule
add chain=dead.beef.101 rule="if (dst==200:dead:beef:101::/64) {accept}"
add chain=dead.beef.102 rule="if (dst==200:dead:beef:102::/64) {accept}"
add chain=dead.beef.agg rule="if (dst in 200:dead:beef::/48) {accept}"
add chain=bgp-out-v6 rule="if (chain dead.beef.101) {set bgp-local-pref 300; accept}"
add chain=bgp-out-v6 rule="if (chain dead.beef.102) {accept}"
add chain=bgp-out-v6 rule="if (chain dead.beef.agg && dst-len<128) {set bgp-local-pref 150; accept}"
Hardware and RouterOS used is not specified.
SORRY BUT IN THIS VERSION I’M BAD STILL, COULD MODIFY JA RULE FOR MY BLOCK ALREADY. FOLLOW THE BLOCK BELOW,
2804:284c::/32
HOW WOULD THE RULE BE?
You still haven’t specified which RouterOS you are using.
I'm currently using RouterOS 7.2.1 and I'm thinking of upgrading to the latest one, 7.3.1
make sure you have an active route with type = blackhole for the subnet or prefix you want to announce otherwise it won’t work because no synchronize is no longer available on ROS v7
and also connection->filter section output.network = bgp-networks should match and have entry on your ipv6 address list
/ipv6 firewall address-list
add address=2804:284c::/32 list=bgp-networks
/routing filter rule
add chain=bgp-out-v6 rule="if (dst in 2804:284c::/32 && dst-len >= 32 && protocol bgp) { accept }"
just my 0.2$
Create loopback interface (ej. bridge with no actual interfaces attached to it ) then set the advertised prefix /address to that interface. Considering you already got the BGP session established and the output prefix correctly set on bgp out filter. I had the same issue and got it solved this way.
Cheers!
Same issue, unfortunately I can’t find much documentation about ipv6 bgp on routeros 7+
@itrack, describe your problem and show your configuration.
In order for you to set this up you need 3 things:
-
Routing Filters
-
Address List
-
Existing routes
#1. Routing Filters - IPv6 filters (OUT advertises our IPv6 prefix, IN accepts default route only)
/routing filter rule add chain=bgp-ipt-out disabled=no rule="if (dst == 2804:284c::/32) { accept }”
/routing filter rule add chain=bgp-ipt-in disabled=no rule="if (dst == ::/0) { accept }”
#dst == ::/0 # exactly default only
#dst in ::/0 # literally everything (do not do this unless you need it)
#2. Address List
/ipv6 firewall address-list
add address=2804:284c::/32 list=acl-ipt-out
#3. Existing routes
/ipv6 route add blackhole dst-address=2804:284c::/32
Once this is done you can print to confirm your v6 advertisement after you applied the in/out filters and the output network.
/routing bgp advertisements print where peer="IPv6-peer-name-1" #Check session name
If this still doesn’t solve your advertisement issue you can just post the output of your Filter, IPv6 Address list, IPv6 Routes and BGP peer.
Have a great day 