Community discussions

MikroTik App
 
roboticpuppies
just joined
Topic Author
Posts: 4
Joined: Fri Dec 20, 2019 5:43 am

Fastnetmon Advertise /24 Subnet

Fri Jan 29, 2021 12:21 pm

Hello. I'm testing Fastnetmon to advertise /24 subnet to scrubbing center. Here is the topology : https://prnt.sc/xsytvw
I've successfully setup BGP filter for RTBH to ISP using Fastnetmon (advertise /32). Next I applied the same routing filter (but with different bgp community) to advertise /24 subnet to scrubbing center, but it doesn't work.

Suppose my AS is 456, and the scrubbing AS is 789. BGP Community for RTBH is 666, for scrubbing is 999.

GoBGP will send prefix with community 456:999 to my edge router. Here is the In-Filter of my edge router to receive the advertisement from GoBGP :
Flags: X - disabled 
 0   ;;; Community 666 - Blackhole ISP
     chain=FROM-SENSOR bgp-communities=456:666 invert-match=no 
     action=accept set-bgp-local-pref=200 set-bgp-prepend-path="" 
     set-bgp-communities=456:666 

 1   ;;; Community 999 - Scrubbing
     chain=FROM-SENSOR bgp-communities=456:999 invert-match=no 
     action=accept set-bgp-local-pref=200 set-bgp-prepend-path="" 
     set-bgp-communities=456:999 

 2   chain=FROM-SENSOR bgp-communities=456:999 invert-match=no 
     action=discard set-bgp-prepend-path=""


Then I need to forward the advertisement from GoBGP to scrubbing center. This setup works with /32 prefix. Here is the Out-Filter to advertise prefix from edge router to scrubbing center :
Flags: X - disabled 
 0   chain=TO-SCRUBBING bgp-communities=456:999 invert-match=no action=passthrough 
     set-bgp-prepend-path="" 

 1   chain=TO-SCRUBBING bgp-communities=456:999 invert-match=no action=accept 
     set-bgp-prepend-path="" set-bgp-communities="" 

 2   chain=TO-SCRUBBING invert-match=no action=discard set-bgp-prepend-path=""

I can see the prefix is delivered from GoBGP, here is from routing table :
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADC  dst-address=10.10.30.0/24 pref-src=10.10.30.1 gateway=ether2-GW 
        gateway-status=ether2-GW reachable distance=0 scope=10 

 1  Db  dst-address=10.10.30.0/24 gateway=10.10.30.253 
        gateway-status=10.10.30.253 reachable via  ether2-GW distance=200 
        scope=40 target-scope=30 bgp-local-pref=200 bgp-origin=igp 
        bgp-communities=55688:999 received-from=TEST-ROUTER


But I can't forward the advertisement (/24) from GoBGP to my scrubbing center. How can I get this to work so I can automatically advertise /24 to scrubbing center?
Thank you.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: Fastnetmon Advertise /24 Subnet

Sun Mar 28, 2021 7:14 am

Hey,

Good day, did you manage to solve this?
 
roboticpuppies
just joined
Topic Author
Posts: 4
Joined: Fri Dec 20, 2019 5:43 am

Re: Fastnetmon Advertise /24 Subnet

Sun Mar 28, 2021 10:25 am

Unfortunately I haven't solved this yet. Recently I moved to another project
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: Fastnetmon Advertise /24 Subnet

Mon Mar 29, 2021 3:30 pm

Oh i see that was unfortunate :), care to share if ever you succeed what would be the ball park figure of cost let say 100 mb of clean traffic going back to your GRE tunnel, i assume that's how your mitigation provider return the clean traffic to your infrastructure
 
expo
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Jan 27, 2009 7:57 am

Re: Fastnetmon Advertise /24 Subnet

Fri Apr 30, 2021 10:33 am

also interested to know how you will automate prefix withdrawl from your primary providers while advertising /24's to the scrubbing center, I'm using fastnetmon, can this be done without custom code via mikrotik api?

Who is online

Users browsing this forum: No registered users and 13 guests