RFC 9234 implementation status: Roles, but no OTC!?

RouterOS General
1

The help page on BGP refers to the draft-ietf-idr-bgp-open-policy for details on the local.role attribute. This draft later became RFC 9234, which not only defines the roles (and their compatibility matrix and its checking on connection establishment), but also (and more importantly) the Only-To-Customer attribute that could prevent route leaks.

Now while RFC 9234 isn’t listed in the “Standards and Technologies” section of that help page, one might assume that Mikrotik implements this standard (or rather its draft). However, according to my tests, this is not the case! RouterOS does neither set, check nor even display the OTC attribute. This is a bit disappointing, and frankly dangerous! From the current state of documentation, one might reasonably assume RFC 9234 support and not configure additional filtering, leaking routes freely.

Please, Mikrotik, implement proper OTC support in RouterOS!

(I came to investigate this in an attempt to speed up our route filtering process)

1 Like
2

MikroTik RFC9234 is only partial implementation, not full implementation. Check with support.

Meanwhile, Cisco and Juniper don’t support it anywhere.

3

RouterOS v7 support also… RFC2324… Is not written, so is supported…

One might assume that who use the device do not assume anything, but check first…
If is not written, why must be supported?

4

Captura desde 2025-09-23 21-55-08
Captura desde 2025-09-23 21-55-081681×190 19.6 KB

We already see RFC 9234 in v7.21

5 
4.1.  BGP Role Capability

   The BGP Role Capability is defined as follows:

   Code:  9

   Length:  1 (octet)

   Value:  integer corresponding to the speaker's BGP Role (see Table 1)

                 +=======+==============================+
                 | Value | Role name (for the local AS) |
                 +=======+==============================+
                 |   0   | Provider                     |
                 +-------+------------------------------+
                 |   1   | RS                           |
                 +-------+------------------------------+
                 |   2   | RS-Client                    |
                 +-------+------------------------------+
                 |   3   | Customer                     |
                 +-------+------------------------------+
                 |   4   | Peer (i.e., Lateral Peer)    |
                 +-------+------------------------------+
                 | 5-255 | Unassigned                   |
                 +-------+------------------------------+

                   Table 1: Predefined BGP Role Values

Roles are quite differently defined in ROS, as what is stated in the RFC though… Roles also not documented by RoS.

[x@x] /routing/bgp/connection> set 0 local.role=
ebgp ebgp-customer ebgp-peer ebgp-provider ebgp-rs ebgp-rs-client ibgp ibgp-rr

Don’t mean to be that person, but seems to be like another half arsed, undocumented implementation.