BGP Filter V7

qudamakh · April 10, 2025, 2:47am

Hello,
I did a bgp1 to my Mikrotik and I announced my prefix Successfully,
now I need do a second BGP that I need to re-announce same prefix that i received from bgp1! to the new provider. kindly what’s the filter to do that.

Regards

StepBee · April 10, 2025, 8:11am

Hi qudamakh,

i have to assume, you already implemented routing filter to accept incoming routes from your peer “bgp1”.
You can use the same logic for your out-rule.

Assume you have 2 BGP connections configured already

Peer - BGP1

/routing/bgp/connection add name="ipv4-ebgp-bgp1" remote.address=1.0.0.1 .as=65301 local.address=1.0.0.0.2 .role=ebgp tcp-md5-key="somepassword" connect=yes listen=yes routing-table=main router-id=10.0.0.1 templates=tmpl-ipv4-ebgp as=65355 address-families=ip output.remove-private-as=yes use-bfd=yes output.affinity=alone .filter-chain=ipv4-ebgp-bgp1-out .network=bgp-networks .keep-sent-attributes=yes input.affinity=alone .filter=ipv4-ebgp-bgp1-in

Peer - BGP2

/routing/bgp/connection add name="ipv4-ebgp-bgp2" remote.address=2.0.0.1 .as=65322 local.address=2.0.0.2 .role=ebgp tcp-md5-key="somepassword2" connect=yes listen=yes routing-table=main router-id=10.0.0.1 templates=tmpl-ipv4-ebgp as=65355 address-families=ip output.remove-private-as=yes use-bfd=yes output.affinity=alone .filter-chain=ipv4-ebgp-bgp2-out .network=bgp-networks .keep-sent-attributes=yes input.affinity=alone .filter=ipv4-ebgp-bgp2-in

So for each of the connections you specified an “output.filter-chain” and an “input.filter-chain”.

Exactly these chains you have to create and fill with rules - for example the most simple rule to just accept all.
Accept all is probably not exactly what you want in production, but just to give you a start.

You would create the following routing filter chains
For Peer - BGP1

/routing/filter/rule/add chain=ipv4-ebgp-bgp1-in rule="if (afi ipv4) {accept}"
/routing/filter/rule/add chain=ipv4-ebgp-bgp1-out rule="if (afi ipv4) {accept}"

For Peer - BGP2

/routing/filter/rule/add chain=ipv4-ebgp-bgp2-in rule="if (afi ipv4) {accept}"
/routing/filter/rule/add chain=ipv4-ebgp-bgp2-out rule="if (afi ipv4) {accept}"

In this example, it’s IPv4 only. For IPv6 create separate BGP connections with separate filter-chains and the address-families and afi set to “ipv6”.

In case you want to announce local networks, which are not originating from peer “bgp1”, then make sure to put these subnets to a firewall-address list named “bgp-networks”, as mentioned in the bgp connection setting.

Please take this as a very basic example and make up your mind about proper filtering - incoming and outgoing.

Hope this helps for a start.

Cheers

mrz · April 10, 2025, 9:28am

Without knowing specifics to what is already been set, in basic example you don’t need any filters at all.

chechito · April 10, 2025, 2:19pm

have you checked using the command

> routing bgp advertisements print

just to be sure you’re not already announcing it