BGP Filter Issue Between MikroTik v7 and Cisco Routers

anegative · August 14, 2024, 5:11pm

Hello everyone,

I’m experiencing a problem with BGP configuration between MikroTik v7 and Cisco routers. The configuration seems to be correct, and BGP sessions are established, but the BGP filters are not functioning as expected.

Here’s a breakdown of the situation:

Scenario 1: MikroTik v7 to Cisco Router (any model) - BGP sessions establish successfully, but BGP filters don’t apply as intended.
Scenario 2: MikroTik v7 to MikroTik - Everything works fine, including BGP filters.
Scenario 3: MikroTik v6 to Cisco Router - BGP filters work correctly.
It seems like the issue is specifically with BGP filtering between MikroTik v7 and Cisco. I’ve tried various methods, but nothing seems to resolve the problem.

Has anyone else faced this issue? Any advice or solutions would be greatly appreciated.

Thanks in advance!

Shehab

clambert · August 15, 2024, 1:37am

It would be great if you could share, at least, the BGP and filters configuration.

chechito · August 15, 2024, 2:20am

and specific version of routeros v6 and v7 you are using

sirbryan · August 15, 2024, 3:51pm

Does /routing/bgp/advertisements/print on the ROS7 → Cisco match what you see on ROS → ROS?

anegative · August 27, 2024, 7:39am

add chain=DC-SDWAN-OUT disabled=no rule=“if (dst == 10.122.12.0/24 && dst-len in 24-30 && protocol bgp) { accept; }”
add chain=DC-SDWAN-OUT disabled=no rule=“if (dst == 10.122.13.0/24 && dst-len in 24-30 && protocol bgp) { accept; }”
add chain=DC-SDWAN-OUT disabled=no rule=“if (dst == 10.122.131.0/24 && dst-len in 24-30 && protocol bgp) { accept; }”
add chain=DC-SDWAN-OUT disabled=yes rule=“if (dst == 10.154.43.0/24 && dst-len in 24-30 && protocol bgp) { accept; }”
add chain=DC-SDWAN-OUT disabled=no rule=“if (dst == 10.154.40.0/21 && dst-len in 21-32 && protocol bgp) { accept; }”
add chain=DC-SDWAN-OUT disabled=no rule=“reject;”
add chain=SDWAN-IN disabled=no rule=“if (dst == 10.154.1.40/29 && protocol bgp) { accept; }”
add chain=SDWAN-IN disabled=no rule=“reject;”

add address-families=ip,vpnv4 as=2XXX6 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=yes input.filter=SDWAN-IN listen=yes local.role=ebgp name=
DC-SDWAN-Secondary output.filter-chain=DC-SDWAN-OUT .redistribute=connected,static,vpn,dhcp remote.address=10.122.12.54 .as=65515 .port=179 router-id=
XXX.XXX.XXX.98 routing-table=main templates=default

anegative · August 27, 2024, 7:49am

working fine with v6 all version, I have tried 7.10.1, 7.11.2, 7.14.3. all same. bgp advertised route not received in peered cisco.

mrz · August 27, 2024, 7:49am

First of all filters are local to the router, they cannot work differently depending on what vendor is the remote peer.

Second, in your config snipet you are not even using chains where you have added the rules. So if there are no rules in DC-SDWAN-OUT chain everything is rejected by default.

anegative · August 27, 2024, 7:55am

Sorry for typo. I have corrected the reply. I can understand that filter cannot work differently depending on what vendor is the remote peer. But If I connect a mikrotik replcing cisco, remote Mikrotik is receiving all the route I have advertised. But whenever I connect Cisco, no receive route showing.

anegative · August 27, 2024, 8:01am

prefixes I have advertised are showing on my Route table but not received in cisco.

sirbryan · August 29, 2024, 4:24pm

What does your “default” template look like? Does the Cisco VPLS NLRI need to be set (this isn’t for VPLS, is it)?