BGP announce, please explain

RouterOS Forwarding Protocols
1

Hello!

I’m new to ROS. Cisco/Linux/FreeBSD before. Please help me understand my mistake with ROS. The standard trick for other OSes is:

  1. We route a whole network (A.A.0.0/20 for example) to blackhole. The reason - to drop incoming traffic for segments we do not route this time.
    ip route A.A.0.0 255.255.240.0 Null0 in Cisco words

  2. The we announce network via bgp
    router bgp XXX
    network A.A.0.0/20 route-map rm-A.A.0.0/20

  3. We use this prefix in our outbound filters

I tried same trick with ROS and failed. I did:
/ip route add dst-address=A.A.0.0/20 type=blackhole

I used
/routing bgp network add A.A.0.0/20 synchronize=no

I used global bgp out filter to set bgp communities:
/routing filter
remove [find chain=rm-bgp-localas]
add chain=rm-bgp-localas protocol=bgp action=accept prefix=A.A.0.0/20 set-bgp-local-pref=900 set-bgp-communities=30910:900
add chain=rm-bgp-localas protocol=“connect,static” action=accept set-bgp-local-pref=900 set-bgp-communities=local-as,30910:900

And … I can’t see prefix A.A.0.0/20 in advertisiments :frowning: I thinking this is because there are two prefixes, static and bgp. static is with local-as attribute and it is preferred over bgp when choosing for advertise?

Regards,
Boris

So, what is wrong in my undestanding of ROS?

2

HI!
I’m almost in your situation - not enough experience with ROS as bgp/ospf router, and with its some kind of unusual (for me) configuration commands/filters I do not know when some thing is a bug and when it is a feature :slight_smile:
I suspect I have the same problem, and just to be sure I do not need to open another topic - would you check if this network isn’t in fact advertised? In my case, the network is not listed as advertised, but in fact IS advertised, and is received, accepted and installed by the bgp peers.

3

I think the Advertisement tab is not completely bug-free at the moment, as you point out indeed some networks
are advertised even though they do not appear there. (but do appear as BGP network and pass through the filters)

4

Hi, Borisk - one quick detail I noticed in your post is that you have set synchronize=no on your /20 network - you should go change that to yes. (Winbox defaults to having the checkbox unchecked, but if you issue the network add command from the command line, synchronize actually defaults to “yes” as it should)
With synch=no, the router will originate the prefix regardless of whether it exists in the routing table - i.e. the blackhole route is not necessary. I actually hit a bug once regarding the global BGP filter and synchronize changing from no to yes. The bug caused the router to think it withdrew a route but forgot to actually send the NLRI withdrawing the prefix…
In general, I’d recommend against using redistribution to originate routes into BGP. Add network statements for each prefix you’re looking to add to your table.

5

Hi ZeroByte,

As you can see here, that is a good idea but not sufficient:

[admin@PE1CHL] > /routing bgp advertisements print 
PEER     PREFIX               NEXTHOP          AS-PATH    ORIGIN     LOCAL-PREF
gw-44... 44.137.40.74/32      44.137.61.2                 igp       
in       172.22.32.240/29     172.22.32.11                igp               100
[admin@PE1CHL] > /routing bgp network print        
Flags: X - disabled 
 #   NETWORK              SYNCHRONIZE
 0   44.137.41.96/28      yes        
 1   44.137.40.74/32      no         
 2   172.22.32.240/29     yes        
[admin@PE1CHL] >

That 44.137.41.96/28 network (assigned to a local bridge) is advertised perfectly but never shown in the list.
I have not been able to figure out why.

6

That would be

/ip route add dst-address=A.A.0.0/20 type=blackhole

as you already tried. This is correct.

That would be

/routing bgp network add A.A.0.0/20 synchronize=no

as you also tried. Also correct.

I believe the problem lies here.

First off, you have this filter (rm-bgp-localas) defined as the ‘Out filter’ for your bgp peers, correct?

What you need to do is accept the A.A.0.0/20 prefix and set the bgp properties you need.
Then (I presume) you discard everything else.
That way you only announce the A.A.0.0/20 prefix to your peers.

The proper filters would be

/routing filter add chain=rm-bgp-localas prefix=255.255.0.0/20 prefix-length=20 action=accept set-bgp-local-pref=900 set-bgp-communities=30910:900
/routing filter add chain=rm-bgp-localas action=discard
7

Thanks to all!

I understand my mistake. As my task was to set local-as attribute for any route except two, so I found 2 solutions:

  1. Very nice, but we can set bgp attributes on static routes with /ip route command without need of any type of filter
  2. There is a nice passthroug action, so the rm-bgp-localas now looks like:
    /routing filter
    remove [find chain=rm-bgp-localas]
    add chain=rm-bgp-localas protocol=“connect,static” action=passthrough set-bgp-local-pref=900 set-bgp-communities=local-as,30910:900
    add chain=rm-bgp-localas protocol=static action=passthrough prefix=A.A.16.0/20 set-bgp-local-pref=900 set-bgp-communities=“30910:900,30910:1119,30910:1120,30910:1130”
    add chain=rm-bgp-localas protocol=static action=passthrough prefix=B.B.0.0/20 set-bgp-local-pref=900 set-bgp-communities=“30910:900,30910:1119,30910:1120,30910:1130”

Regards,
Boris