Hello everyone,
I am running an eBGP session between a CCR2004 and a CHR.
RouterOS version: 7.20.5
Below is the configuration on my CCR:
/routing bgp instance
add as=0001 disabled=no name=bgp-instance-0001 router-id=1.1.1.1
/routing bgp connection
add afi=ip as=0001 input.affinity=alone input.filter=chain_from_hex \
instance=bgp-instance-0001 local.address=1.1.1.1 local.role=ebgp \
name=bgp-01 output.affinity=alone remote.address=1.1.1.2 remote.as=0000 \
routing-table=main
The CHR advertises the full routing table to me, and I want to apply inbound filtering.
My routing filter configuration is as follows:
/routing filter rule
add chain=chain_from_hex disabled=no rule="if (dst == 0.0.0.0/0) { reject; }"
add chain=chain_from_hex comment=GitHub disabled=no rule="if (bgp-as-path \"^36459\") { accept; }"
add chain=chain_from_hex disabled=no rule="reject;"
My expectation is that the router should only learn BGP routes whose AS_PATH starts with 36459. However, I am still receiving the full routing table.
I also tried setting the input filter to a simple rule:
add chain=chain_from_hex disabled=no rule="reject;"
but the router still learned the full table.
Then I tried removing the input filter entirely, and I was still able to learn the full routing table.
This behavior is very confusing to me, as it does not match my expectations.
According to the documentation, RouterOS v7 should have a default behavior of “reject all” when no filter is explicitly applied. Based on my understanding, in that case it should not be possible to learn the full routing table. Is my understanding incorrect?