Routing Filter

fpascual · March 16, 2007, 2:19pm

I´m trying to read /routing filter and can´t understand.
I must define my networks to publish in /routing bgp network, and then, what can I do in /routing filter ?.
The question is very basic, I know, but can´t understand.

Thanks a lot

changeip · March 16, 2007, 4:50pm

/routing bgp network is for static annoucement entries.

/routing filter is a place where you can filter incoming routes as well as outgoing routes. Just like firewall filter, the chains in /routing filter are traversed when routes are accepted / annouced. This gives you the ability to change attributes like BGP community, nexthops, etc.

Sam

fpascual · March 16, 2007, 7:12pm

Ok, I have the following problem:

Example:

I have ISP1, and need to:

Discard AS 26XX
Discard 200.X.5.0/24 and 200.X.31.0/24 networks
Accept 200.X.0.0/19 and 200.X.80.0/20 networks
Deny any any

And when apply this filter doesn´t work:

add chain=filter-ISP1-out bgp-as-path=26XX invert-match=no action=discard comment=“” disabled=no
add chain=filter-ISP1-out prefix=200.X.5.0/24 prefix-length=24 invert-match=no action=discard comment=“” disabled=no
add chain=filter-ISP1-out prefix=200.X.31.0/24 prefix-length=24 invert-match=no action=discard comment=“” disabled=no
add chain=filter-ISP1-out prefix=200.X.0.0/19 prefix-length=24 invert-match=no action=accept comment=“” disabled=no
add chain=filter-ISP1-out prefix=200.X.80.0/20 prefix-length=24 invert-match=no action=accept comment=“” disabled=no
add chain=filter-ISP1-out prefix=0.0.0.0/0 prefix-length=0-32 invert-match=no action=discard comment=“” disabled=no

The ISP1 is still getting discarded networks, what could it be the problem?

Thanks a lot

mrz · March 16, 2007, 7:21pm

have you set out filter for bgp peer?

fpascual · March 16, 2007, 7:30pm

Yes

changeip · March 16, 2007, 8:13pm

which version of routing-test? There was 1-2 version that routing-filter out chains weren’t working.

Sam

fpascual · March 16, 2007, 9:03pm

2.9.30 Sam

changeip · March 16, 2007, 9:23pm

2.9.31
*) fixed route filters in routing-test;

I think from 2.9.28 to .30 the out filters weren’t working

Sam

fpascual · March 16, 2007, 9:39pm

Thanks Sam !, what I must do to upgrade only routing-test package ?

changeip · March 16, 2007, 9:41pm

You can’t upgrade only 1 module. I recommend upgrading to entire RouterOS to 2.9.38 since it’s bgp seems the most stable so far.

Sam

fpascual · March 16, 2007, 9:45pm

Ok Sam, thanks a lot, do you consider that my filter is correctly configured ?.
What about 2.9.40 version ?, have any BGP change with respect 2.9.38 ?

mrz · March 16, 2007, 9:55pm

There are some known bugs in 2.9.40 you will have to wait until 2.9.41 is out

fpascual · March 16, 2007, 10:30pm

Ok, do you recommend me to wait or put 2.9.38 ?

mrz · March 16, 2007, 10:35pm

Put 2.9.38

fpascual · March 16, 2007, 11:12pm

Ok, thanks !

changeip · March 17, 2007, 5:57am

If outbound filters are critical then you can make that decision to upgrade. It sounds like it’s been this way for a while right? Maybe another week is okay …

fpascual · March 20, 2007, 1:54pm

Ok, if I put 2.9.39 if the same ?, I have this version installed in a backup router.

Thanks

janisk · March 20, 2007, 2:11pm

try 2.9.41 just came out, and seems to be stable

fpascual · March 20, 2007, 2:42pm

Ok, thanks a lot !