Community discussions

MikroTik App
 
LunaticRv
just joined
Topic Author
Posts: 23
Joined: Mon Dec 31, 2018 8:50 am

BGP - Routing Filters Seems Not Working

Tue Jan 26, 2021 9:51 pm

I have a peer (allowed for /22) between my main ISP but as soon as I start peering connection, it auto gets disconnected.

My ISP tells me that I'm exceeding number of routes I'm allowed to send.

Their side log;
number of routes learned has exceeded configured maximum (1050)
moved from higher state ESTABLISHED to lower state IDLE due to event MAXPREFIX_EXCEEDED"
But the case is, I'm only allowing /24 on my out filter for peer. I tried several methods to achieve send only prefix I desire but it seems I couldn't.

My filter rules;
add action=discard chain=IN-IXP-IPv4 comment=BGP_Ingress-Filters prefix=199.2.2.0/24
add action=discard chain=IN-IXP-IPv4 prefix=0.0.0.0/0
add action=jump chain=IN-IXP-IPv4 jump-target=IN-RFC-6890-IPv4
add action=discard chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8
add action=discard chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8
add action=discard chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10
add action=discard chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8
add action=discard chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16
add action=discard chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12
add action=discard chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24
add action=discard chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24
add action=discard chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16
add action=discard chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15
add action=discard chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24
add action=discard chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24
add action=discard chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4
add action=discard chain=IN-RFC-6890-IPv4 prefix=255.255.255.255

add action=discard chain=OUT-IPv4 comment=BGP_Egress-Filters invert-match=yes prefix=1XX.XXX.XX.0/24

Also I tried with the following rules;
/routing filter
add action=accept chain=FSIT_in
add action=accept chain=FSIT_out prefix=1**.***.**.0/24 prefix-length=24-32
add action=discard chain=FSIT_out
Also this;
/routing filter
add action=accept chain=FSIT_in
add  action=accept chain=FSIT_Out prefix=1.**.***.**.0/24
add action=discard chain=FSIT_Out
Is there anything else I need to take care of, or my filter rules are incorrect?

Thanks in advance!

Who is online

Users browsing this forum: No registered users and 11 guests