Community discussions

MikroTik App
 
User avatar
armandfumal
Member Candidate
Member Candidate
Topic Author
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

BGP Filter help

Sun Jul 15, 2012 1:29 pm

Hi all,

I'm not good with filter, here is my case.

My network 213.177.64.0/19

between RB1100AH2 and Cisco 7206VXR I woudl like to redistribute connected route. It is working but I can't make a good filter from Mikrotik to control what it is send to the 7206.

today I have these working lines to announce only these 3 prefixes. It working ok but when I have a new route I have to add it to filter also.

add action=accept chain=BGP-filterOut prefix=213.177.72.96/29
add action=accept chain=BGP-filterOut prefix=213.177.65.0/24
add action=accept chain=BGP-filterOut prefix=213.177.66.224/27
add action=discard chain=BGP-filterOut


Is it a way to have filter rule that accept directly new connected route in my net 213.177.64.0/19 without adapting BGP filter ? I have try rule with 213.177.64.0/19 but no way.

thanks for your help.
 
cupis
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Apr 10, 2011 1:25 am

Re: BGP Filter help

Sun Jul 15, 2012 3:51 pm

My network 213.177.64.0/19

between RB1100AH2 and Cisco 7206VXR I woudl like to redistribute connected route. It is working but I can't make a good filter from Mikrotik to control what it is send to the 7206.

today I have these working lines to announce only these 3 prefixes. It working ok but when I have a new route I have to add it to filter also.

add action=accept chain=BGP-filterOut prefix=213.177.72.96/29
add action=accept chain=BGP-filterOut prefix=213.177.65.0/24
add action=accept chain=BGP-filterOut prefix=213.177.66.224/27
add action=discard chain=BGP-filterOut


Is it a way to have filter rule that accept directly new connected route in my net 213.177.64.0/19 without adapting BGP filter ? I have try rule with 213.177.64.0/19 but no way.
Try something like:
add action=accept chain=BGP-filterOut prefix=213.177.64.0/19 prefix-length=19-32
That should then just automatically allow any shorter prefixes within your /19.

Regards,
 
User avatar
armandfumal
Member Candidate
Member Candidate
Topic Author
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: BGP Filter help

Sun Jul 15, 2012 9:27 pm

Thanks.

With this rules, it announce the three Prefixes but also the whole 213.177.64.0/19 that I don't want...

I want only the 3 prefixes...

thanks
 
cupis
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Apr 10, 2011 1:25 am

Re: BGP Filter help

Sun Jul 15, 2012 10:06 pm

With this rules, it announce the three Prefixes but also the whole 213.177.64.0/19 that I don't want...

I want only the 3 prefixes...
But you also want it to automatically pick up any new routes without you having to update the filter?

You could set prefix-length to 20-32 maybe? Otherwise can you be more specific with what you want to achieve, please?

Regards,
 
User avatar
armandfumal
Member Candidate
Member Candidate
Topic Author
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: BGP Filter help

Mon Jul 16, 2012 12:43 am

I just want to redistribute the connected prefixe under my /19 without adap the filter. Today it is working just with my filter but with rules with /19 all prefixe are announced but also a prefixe with my whole /19 that i don t want. Need only the 3 connected prefixe....

Thanks
 
User avatar
armandfumal
Member Candidate
Member Candidate
Topic Author
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: BGP Filter help

Mon Jul 16, 2012 1:52 am

Ok with prefix-length set to 20-32, it is working how I would like.

add action=accept chain=BGP-filterOut prefix=213.177.64.0/19 prefix-length=20-32
add action=discard chain=BGP-filterOut

result:
sh ip bgp neighbors 213.177.66.194 received-routes
BGP table version is 21750285, local router ID is 213.177.64.210
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i213.177.65.0 213.177.66.194 100 0 ?
* i213.177.66.224/27
213.177.66.194 100 0 ?
* i213.177.72.96/29 213.177.66.194 100 0 ?

Total number of prefixes 3



now I would like to understand the usage of prefix-length, could you explain ?

thanks
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: BGP Filter help

Mon Jul 16, 2012 9:16 am

The fiilter will pass any network prefix with "perfix-length" mask originating in "prefix" network.
In your case, any 213.177.64.0/20, 213.177.64.0/21, ..., 213.177.64.0/32 which originate in 213.177.64.0/19, but not 213.177.64.0/19 (since the mask is not 20 to 32).
 
MikroTikIQ
Trainer
Trainer
Posts: 44
Joined: Sat Jun 16, 2012 1:42 pm

Re: BGP Filter help

Sun Jul 22, 2012 12:44 am

Hi..

could please try this..


/routing filter
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=\
213.177.72.96/29 prefix-length=29 set-bgp-prepend-path=""
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=\
213.177.65.0/24 prefix-length=24 set-bgp-prepend-path=""
add action=accept chain=BGP-filterOut disabled=no invert-match=no prefix=\
213.177.66.224/27 prefix-length=27 set-bgp-prepend-path=""
add action=discard chain=BGP-filterOut disabled=no invert-match=no \
set-bgp-prepend-path=""



Also..

I would to ask you..
1- did you add any entry in the network filed.?
2- what did you set in the instances ? as redistributed rule?

I advice to remove network from network entry if you add

and enable redistributed static route ...

Also you need to add static route in your routing table ... with specified perfix like:

1- ip route add dst-address=213.177.72.96/29 gateway=xxx
2- ip route add dst-address=213.177.65.0/24 gateway=xxx
3- ip route add dst-address=213.177.66.224/27 gateway=xxx

This way should be work..

Also dont miss to select in your peer the correct our put filter...!!!

Please let me know if all is okay .

Ali Sami
Mikrotik Authorized trainer

Who is online

Users browsing this forum: No registered users and 12 guests