Hey,
I am trying to gather our transit customer routes dynamically into a prefix list or similar so i can apply inbound filters on peering to automatically prevent routing traffic back to them over peering. Currently we add bgp community to the learned routes to manipulate outgoing traffic OK but how do people filter inbound?
Thanks in advance!
Hi,
Accept all inbound routes accept your IP space and bogons.
Then create a out filter to just so only your space gets advertised and the rest gets dropped.
99.9% of the time your peers will have their own filters in place to only accept your IP space, but you could never be too careful.
It should solve your issue if I understood correctly
Thanks for the reply! That works fine most of the time In this case I am learning these prefixes via peering as asxxxx as they are peered direct, but they are a customer of our customer so I’m learning them asbbbbb asxxxx etc. So basically all traffic I route to them is back via peering which is fine obviously technically but just makes stuff messy. If it was one prefix here or there I just manually filter inbound from peering but this is quite a number of changing prefixes. Cheers!
This looks pretty legit. You dont have to worry about it - that is how BGP works. Best as-path will be chosen.
This feature unfortunately does not exist, would be great if it did though. Have you logged a feature request?
NB: The more people individually ask, the more likely Mikrotik will listen…
Have a look at the following, appears that it may do what you’re looking for:
http://forum.mikrotik.com/t/automating-address-list-maintenance-manrs-compliance/115375/1
That Manrs looks great thanks for that should do what im after. It would be a good feature - will add to the request page. Thanks for the response!
Apologies, I read your initial post again and realised that you’re actually wanting to filter out customer prefixes from peers, internet exchanges and upstreams. An issue we once had was a down stream customer advertising a /20 via us and more specific /24 prefixes only on an exchange we also peer on. Traffic would flow in from our upstream and then route to the client via the exchange, instead of the customer’s rate limited port.
Wrote a script which updates route filters, will try post it tomorrow. Load shedding in SA so can’t use my workstation right now…
Herewith the thread with the discussion around what I believe you to be after:
http://forum.mikrotik.com/t/route-filters/107780/7
The referenced script automatically builds prefix filters for customers that we provide IP transit for, to avoid us picking up more specific prefixes via trusted peers or route reflectors.
This way we simply need to maintain prefix filters on routers customer sessions connect on and then reference everything else using BGP communities which we attach to the accepted prefixes.
Other routers generate customer prefix filters automatically and jump to this chain as part of their filters, for example:
add action=jump chain=common-in-peer \
jump-target=customer-prefix-filter