Noticed:
/routing filter
add action=accept chain=mt-out disabled=no invert-match=no prefix=x.x.x.0/21
add action=discard chain=mt-out disabled=no invert-match=no
If you try advertise x.x.x.0/22 it will get droped even though its inside the x.x.x.0/21 subnet. Not real desireable at all.
Also noticed of you you do a prepend on your incoming filter your routing table takes a lot longer to load.
add prefix-length=21-24 or something similiar. You are only allowing that exact prefix with that statement. You need to tell it what cidr sizes you will allow within that.
Regarding the second part, what device are you loading the tables on and how many, are they full tables etc?
Dual Core Atom. Receiving full routes.
prefix-length (integer; Default: 0-32)
network prefix mask length to match. If prefix-length is set, for a route to match the prefix and prefix-length of a rule, the following should hold: the network prefix of the route falls within the range of the prefix of the rule, (i.e. the network mask of the route is greater than or equal to the network mask of the prefix;
the network address of the route masked out by the network mask of the prefix is equal to the network address of the prefix;)the length of the network mask of the route falls within the range of the prefix-length
Isn’t this saying the default it 0-32 which should allow any length?
manual is out of date. . . probably with the ipv6 additions.
On routing filters.
Can I specify an “Out Filter” on the BGP instance, accept my subnets etc there and drop all else. Then add any in/out filters to any peers I need to specify pre-pending etc?