BGP Filter help

RouterOS Forwarding Protocols
1

Hi all,

I’m not good with filter, here is my case.

My network 213.177.64.0/19

between RB1100AH2 and Cisco 7206VXR I woudl like to redistribute connected route. It is working but I can’t make a good filter from Mikrotik to control what it is send to the 7206.

today I have these working lines to announce only these 3 prefixes. It working ok but when I have a new route I have to add it to filter also.

add action=accept chain=BGP-filterOut prefix=213.177.72.96/29
add action=accept chain=BGP-filterOut prefix=213.177.65.0/24
add action=accept chain=BGP-filterOut prefix=213.177.66.224/27
add action=discard chain=BGP-filterOut

Is it a way to have filter rule that accept directly new connected route in my net 213.177.64.0/19 without adapting BGP filter ? I have try rule with 213.177.64.0/19 but no way.

thanks for your help.

2

Try something like:

add action=accept chain=BGP-filterOut prefix=213.177.64.0/19 prefix-length=19-32

That should then just automatically allow any shorter prefixes within your /19.

Regards,

3

Thanks.

With this rules, it announce the three Prefixes but also the whole 213.177.64.0/19 that I don’t want…

I want only the 3 prefixes…

thanks

4

But you also want it to automatically pick up any new routes without you having to update the filter?

You could set prefix-length to 20-32 maybe? Otherwise can you be more specific with what you want to achieve, please?

Regards,

5

I just want to redistribute the connected prefixe under my /19 without adap the filter. Today it is working just with my filter but with rules with /19 all prefixe are announced but also a prefixe with my whole /19 that i don t want. Need only the 3 connected prefixe…

Thanks

6

Ok with prefix-length set to 20-32, it is working how I would like.

add action=accept chain=BGP-filterOut prefix=213.177.64.0/19 prefix-length=20-32
add action=discard chain=BGP-filterOut

result:
sh ip bgp neighbors 213.177.66.194 received-routes
BGP table version is 21750285, local router ID is 213.177.64.210
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

  • i213.177.65.0 213.177.66.194 100 0 ?
  • i213.177.66.224/27
    213.177.66.194 100 0 ?
  • i213.177.72.96/29 213.177.66.194 100 0 ?

Total number of prefixes 3


now I would like to understand the usage of prefix-length, could you explain ?

thanks

7

The fiilter will pass any network prefix with “perfix-length” mask originating in “prefix” network.
In your case, any 213.177.64.0/20, 213.177.64.0/21, …, 213.177.64.0/32 which originate in 213.177.64.0/19, but not 213.177.64.0/19 (since the mask is not 20 to 32).

8

Hi..

could please try this..


/routing filter
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=
213.177.72.96/29 prefix-length=29 set-bgp-prepend-path=“”
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=
213.177.65.0/24 prefix-length=24 set-bgp-prepend-path=“”
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=
213.177.66.224/27 prefix-length=27 set-bgp-prepend-path=“”
add action=discard chain=BGP-filterOut disabled=no invert-match=no
set-bgp-prepend-path=“”



Also..

I would to ask you..
1- did you add any entry in the network filed.?
2- what did you set in the instances ? as redistributed rule?

I advice to remove network from network entry if you add

and enable redistributed static route …

Also you need to add static route in your routing table … with specified perfix like:

1- ip route add dst-address=213.177.72.96/29 gateway=xxx
2- ip route add dst-address=213.177.65.0/24 gateway=xxx
3- ip route add dst-address=213.177.66.224/27 gateway=xxx

This way should be work..

Also dont miss to select in your peer the correct our put filter…!!!

Please let me know if all is okay .

Ali Sami
Mikrotik Authorized trainer