Route Public IP block

notarouter · July 26, 2024, 8:48pm

Hello all,

Im new to Mikrotik and have a CCR that im working with. I have registered an ARIN ipv4 block and have BGP set up with my provider ISP. I however cannot get my public subnet to route out. I used to just use NAT but wanted to move to public ipv4 and 6.

# jul/26/2024 14:46:29 by RouterOS 7.6
# software id = WA5R-XH23
#
# model = CCR2216-1G-12XS-2XQ
# serial number = 
/interface bridge
add name=Out
add disabled=yes name=PONBridge
add name=bridge1-sfp11/12
/interface ethernet
set [ find default-name=sfp28-1 ] advertise=10000M-full full-duplex=no name=\
    Zayo_01-sfp28-1 rx-flow-control=auto speed=10Gbps tx-flow-control=auto
set [ find default-name=sfp28-12 ] advertise="10M-half,100M-half,100M-full,1000M\
    -half,1000M-full,10000M-full,2500M-full,5000M-full" loop-protect=off \
    rx-flow-control=auto speed=10Gbps tx-flow-control=auto
/interface vlan
add disabled=yes interface=sfp28-12 name=vlan1-default vlan-id=1
add disabled=yes interface=sfp28-11 name=vlan100-MANLAN vlan-id=100
add disabled=yes interface=PONBridge name=vlan200-PONs vlan-id=200
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=172.16.0.33-172.16.0.254
add name=dhcp_pool2 ranges=172.16.1.33-172.16.1.254
add name=publicIPv4 ranges=23.169.216.128-23.169.216.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether1 lease-time=1d6h name=dhcp1 \
    server-address=172.16.0.1
add address-pool=dhcp_pool2 interface=bridge1-sfp11/12 lease-time=1d name=\
    dhcp2-sfp12
add address-pool=publicIPv4 interface=sfp28-2 lease-time=4w2d10m name=dhcp2 \
    server-address=23.169.216.1
/port
set 0 name=serial0
/routing ospf instance
add disabled=no name=ospf-instance-1 routing-table=main version=3
/interface bridge port
add bridge=bridge1-sfp11/12 interface=sfp28-12
add bridge=bridge1-sfp11/12 interface=sfp28-11
/interface bridge vlan
add bridge=PONBridge comment="Unifi OLT4 Vlan" disabled=yes tagged=vlan200-PONs \
    untagged=vlan100-MANLAN vlan-ids=100,200
/interface list member
add interface=Zayo_01-sfp28-1 list=WAN
add interface=sfp28-11 list=LAN
add interface=ether1 list=LAN
add interface=sfp28-12 list=LAN
add interface=bridge1-sfp11/12 list=LAN
add interface=sfp28-2 list=LAN
/ip address
add address=64.124.161.146/30 comment="Zayo Peering Network" interface=\
    Zayo_01-sfp28-1 network=64.124.161.144
add address=172.16.0.1/24 interface=ether1 network=172.16.0.0
add address=172.16.1.1/24 interface=bridge1-sfp11/12 network=172.16.1.0
add address=23.169.216.0/24 comment="SF Arin IPv4" interface=sfp28-2 network=\
    23.169.216.0
add address=23.169.216.1 interface=sfp28-2 network=23.169.216.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=23.169.216.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=23.169.216.1 \
    netmask=24
add address=172.16.0.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=172.16.0.1 \
    netmask=24
add address=172.16.1.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=172.16.1.1
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Zayo_01-sfp28-1 src-address=\
    172.16.0.0/24
add action=masquerade chain=srcnat out-interface=Zayo_01-sfp28-1 src-address=\
    172.16.1.0/24
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    64.124.161.145 pref-src="" routing-table=main scope=30 suppress-hw-offload=\
    no target-scope=10
/ipv6 address
add address=2001:438:fffe::46ce/128 advertise=no interface=Zayo_01-sfp28-1
/ipv6 firewall nat
add action=accept chain=srcnat out-interface=Zayo_01-sfp28-1
/routing bgp connection
add as=394495 disabled=no local.address=64.124.161.146 .role=ebgp-peer name=\
    bgp1-Zayo remote.address=64.124.161.145/32 .as=6461 routing-table=main
add as=394495 disabled=no local.address=2001:438:fffe::46ce .role=ebgp-peer \
    name=BGP_Zayo_IPV6 remote.address=2001:438:fffe::46cd/128 .as=6461 \
    routing-table=main
/routing rule
add action=lookup disabled=no dst-address=::/0 interface=Zayo_01-sfp28-1 table=\
    main
/system clock
set time-zone-name=America/Denver
/system identity
set name=SFMTK-18:77:4B
/system routerboard settings
set enter-setup-on=delete-key

notarouter · July 30, 2024, 9:43pm

After some searching I found the following, the address lists while added needed what bgp session to specify to use. I found the answer below. Thank you @jmay

“Ok, I pieced together enough information to figure out that with v7 you have to create an address list for your bgp routes and create a blackhole route for anything less than a /24 and the advertises get sent out properly. What’s the advantage to all this?”

http://forum.mikrotik.com/t/bgp-aggregate-address-alternative-in-mikrotik/160945/1