Community discussions

 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Filters for +500 prefixes

Thu Oct 03, 2019 7:05 pm

Hello,

we need to advertise +500 prefixes to 4 BGP providers.

That means that we need to create 2000 filters?

There is any option to create a address-list? then we will be able to reduce to only 4 filters.

Thanks!
 
ibm
Member
Member
Posts: 301
Joined: Mon May 12, 2014 5:16 pm

Re: Filters for +500 prefixes

Thu Oct 03, 2019 9:10 pm

You can use a chain in common for all the upstreams, i.e. ACCEPT-OWN-PREFIXES and then in the 4 separate upstreams chains do a jump.
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Re: Filters for +500 prefixes

Thu Oct 03, 2019 9:17 pm

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
 
savage
Forum Guru
Forum Guru
Posts: 1206
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Filters for +500 prefixes

Fri Oct 04, 2019 11:12 am

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
/routing filter ?

what's your problem?
Regards,
Chris
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Re: Filters for +500 prefixes

Fri Oct 04, 2019 12:49 pm

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
/routing filter ?

what's your problem?
No option for prefix-list filters
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Filters for +500 prefixes

Fri Oct 04, 2019 1:46 pm

Similar feature is currently in development.
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Re: Filters for +500 prefixes

Fri Oct 04, 2019 1:57 pm

Similar feature is currently in development.

Thanks, something like this is what I expect:

/routing filter add action=accept chain=Upstream-OUT prefix-list=MyPrefix

/routing filter prefix-list
add prefix=1.1.1.0/24 list=MyPrefix
add prefix=2.2.2.0/24 list=MyPrefix
add prefix=3.3.3.0/24 list=MyPrefix
add prefix=4.4.4.0/24 list=MyPrefix
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Filters for +500 prefixes

Mon Oct 07, 2019 7:37 pm

The option to do this is there, you just have to build more than one filter.

First build the prefixes common to multiple peers
/routing filter
add action=accept chain=as-65000-prefixes prefix=203.0.113.0/29 prefix-length=29-32
add action=accept chain=as-65000-prefixes prefix=203.0.113.8/29 prefix-length=29-32
add action=accept chain=as-65000-prefixes prefix=203.0.113.16/29 prefix-length=29-32
add action=accept chain=as-65000-prefixes prefix=203.0.113.24/29 prefix-length=29-32
add action=accept chain=as-65000-prefixes prefix=203.0.113.32/29 prefix-length=29-32

Then build the filter for the peering which references the other filter
/routing filter
add action=accept chain=peering-to-r2-out match-chain=as-65000-prefixes
add action=discard chain=peering-to-r2-out

And finally apply it to the peer in the direction that you want
/routing bgp peer
add name=R2 out-filter=peering-to-r2-out remote-address=100.126.0.2 remote-as=65001

The routes will then be filtered and you can reuse the filter/prefixes on another peer
[admin@R1] > routing bgp advertisements print
PEER     PREFIX               NEXTHOP          AS-PATH                                                              ORIGIN     LOCAL-PREF
R2       203.0.113.32/29      100.126.0.1                                                                           incomplete
R2       203.0.113.24/29      100.126.0.1                                                                           incomplete
R2       203.0.113.16/29      100.126.0.1                                                                           incomplete
R2       203.0.113.8/29       100.126.0.1                                                                           incomplete
R2       203.0.113.0/29       100.126.0.1                                                                           incomplete
[admin@R1] >
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Re: Filters for +500 prefixes

Thu Oct 10, 2019 6:09 pm

The option to do this is there, you just have to build more than one filter.
Thanks a lot, I do it and is working very fine.

But, perhaps if instead of adding prefixes as a new filter, they were added in a separate table, it would be more efficient at the CPU consumption level.

The same as the firewall, it is not the same to create 1 rule and 5000 address-list, than to create 5000 rules. In the second case the CPU consumption is much higher.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Filters for +500 prefixes

Fri Oct 11, 2019 5:39 pm

It definitely would be nice to reference a prefix list directly and MikroTik has stated they are working on it.

However, from a CPU standpoint, Cisco and Juniper do the same thing mostly

Cisco has a route-map that references a prefix list for BGP peers - which requires two different constructs
Juniper has import/export which reference policy-options and that can reference a prefix list - also two different constructs.

If you want your BGP policies to be modular, you need more than one object for efficiency.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: No registered users and 10 guests