Hi all,
I would like to filter prefixes not belonging to my own AS to external peers (to prevent IP-transit between them). Usually you can do this based on the AS path by matching the empty path (output filter rule). This works fine (ROS 6):
/routing filter
add action=accept bgp-as-path="^\$" chain=TEST-OUT
add action=discard chain=TEST-OUT
How can I do this in ROS 7 (7.10)? Based on the documentation I migrated the rules to:
/routing/filter/rule
add chain=TEST-OUT disabled=no rule="if (bgp-as-path ^\$) {accept}"
add chain=TEST-OUT disabled=no rule=reject
But it does not work - all prefixes are rejected. The first rule does not match (I tried several regex, e.g.: ^1234*$ or ^*$ but without success). Any idea?
Hi all,
an inverse match (rejecting all not-empty paths) seems to work:
/routing/filter/rule
add chain=TEST-OUT disabled=no rule="if (bgp-as-path ^.+\$) {reject} else {accept}"
add chain=TEST-OUT disabled=no rule=reject
Interesting enough the router’s regex testing tool privides correct results (matching
/routing/filter/test-as-path-regexp regexp="^\$" as-path=""
match
/routing/filter/test-as-path-regexp regexp="^\$" as-path="12345"
no match
It seems to be a bug in the filter rule regex matching.
Best Regards,
You should be using BGP communities + RFC9234 to prevent route leaks. Not via AS-PATH.
Nevertheless AS path filtering should work.
zentavr
November 17, 2023, 3:51am
5
Have the same issue with the regexp
zentavr
November 17, 2023, 6:43am
6
Hello @DarkNate . How this could be realised with Mikrotik?
mrz
November 17, 2023, 7:04am
7
Regexps are slow, do not use regexpfor simple things like to match as path length, for that there is parameter bgp-path-lenhttps://help.mikrotik.com/docs/display/ROS/Route+Selection+and+Filters#RouteSelectionandFilters-OnlyReadableProperties
Hello
could provide me with an example?
“if (bgp-path-len in 3-50) { reject; }”
I tried both the if… and the other method:
if (bgp-path-len < 2 ) { reject; }
but it doesnt work