I have a site with static routes (no BGP) to multiple transit providers where we want to optimize the path to some specific AS’es by creating static routes for their prefixes via specific providers.
To automatically manage this, we were looking at tools like using peval from http://irrtoolset.isc.org/ to list the prefixes announced by the AS’es to dynamically script the creation of routes.
Say that we for instance would always like to route all Netflix traffic via one of the providers, peval would then give us this output…

peval as2906

({208.75.76.0/22, 208.75.76.0/24, 208.75.77.0/24, 208.75.78.0/24, 208.75.79.0/24, 198.45.48.0/20, 198.38.96.0/19, 198.38.120.0/24, 198.38.121.0/24, 198.38.116.0/24, 198.38.117.0/24, 198.38.118.0/24, 198.38.119.0/24, 192.173.64.0/18, 185.9.188.0/22, 185.2.220.0/22, 185.2.220.0/24, 185.2.221.0/24, 108.175.32.0/20, 108.175.47.0/24, 69.53.224.0/19, 66.197.128.0/17, 64.120.128.0/17, 45.57.0.0/17, 37.77.184.0/21, 37.77.188.0/23, 37.77.184.0/23, 37.77.186.0/23, 23.246.0.0/18, 23.246.28.0/24, 23.246.29.0/24, 23.246.20.0/24, 23.246.15.0/24})
… which we then could build a script from.

Or we could maybe use the RtConfig tool in the same package and modify it for RouterOS..

But before we try to do this ourselves - has someone else already done something like this for RouterOS ?

Note to self..

echo "@rtconfig printPrefixes \"/ip route add dst-address=%p/%l gateway=link4 comment=-IRR-AS2906\n\" filter AS2906" | rtconfig

/ip route add dst-address=23.246.0.0/18 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=23.246.15.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=23.246.20.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=23.246.28.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=23.246.29.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=37.77.184.0/21 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=37.77.184.0/23 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=37.77.186.0/23 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=37.77.188.0/23 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=45.57.0.0/17 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=64.120.128.0/17 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=66.197.128.0/17 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=69.53.224.0/19 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=108.175.32.0/20 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=108.175.47.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=185.2.220.0/22 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=185.2.220.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=185.2.221.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=185.9.188.0/22 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=192.173.64.0/18 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.96.0/19 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.116.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.117.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.118.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.119.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.120.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.38.121.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=198.45.48.0/20 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=208.75.76.0/22 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=208.75.76.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=208.75.77.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=208.75.78.0/24 gateway=link4 comment=-IRR-AS2906
/ip route add dst-address=208.75.79.0/24 gateway=link4 comment=-IRR-AS2906


Would be nice to have this feature in RouterOS.

Any reason you’re not using BGP?

This would be a prime example of how to use LOCAL_PREF in your border router. If you want to favor ISP2 over ISP1 for Netflix (asn = 2906), then in your in-filter from ISP2, have a rule which matches as-paths which end with 2906 and make the action=accept and set-bgp-local-pref=110

If you have multiple border routers (one per ISP, for instance) and your routers share information via iBGP, then your whole network is going to use isp2 to reach Netflix.

Also remember that this only affects your outbound routing (the same limitation applies to the IRRToolSet).
You can enhance your inbound routing with BGP but without it, you must get your ISPs to do the work for you, and certainly they’re not going to be as responsive and flexible as you’d need.

You can manipulate inbound traffic with BGP communities and with AS_PATH prepends. If you want netflix streams to arrive at your network via ISP2, then you need to make sure that their network sees your announcements from ISP2 more favorably than they see your announcements from other ISPs.

I agree it would be easy with BGP, but these upstreams are corporate PPPoE links with no support for BGP provided by the ISP. We need some other way to identify the ASN and set up routing.

Good reason.

And obviously, Netflix would come back on the same interface in your case since obviously you’re using NAT.

Another way to skin this cat might be to implement normal load balancing behavior with masquerade table, and then in the portion where the PCC/Nth/new outbound connection routing decision is being made, insert a rule that checks the destination IP against an address-list, and if there’s a match, mark the connection that way.

Your routing table would stay lean and mean this way, and it should be pretty simple to make two address lists:
force-isp1 and force-isp2, and use IRR’s output to generate a list of “/ip firewall address add list=force-isp1 address=x.x.x.x/x comment=netflix” type of commands.