Community discussions

MikroTik App
 
benw
newbie
Topic Author
Posts: 31
Joined: Sun Oct 08, 2023 6:25 pm

BGP routes received despite NRLI filter

Wed Jan 15, 2025 10:24 am

Hello,
We recently replaced our BGP router with a CCR2116 on v7.16.1
At the moment we only have a single provider, so we only want to advertise our own prefixes.
I have create an address list with a single entry (0.0.0.0/0) which is referred to in "Input Accept NLRI" of the BGP connection.
I used to get close to a million routes, but now I still get about 3300 routes.
Anyone have any suggestions?
Thanks!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7199
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP routes received despite NRLI filter

Wed Jan 15, 2025 12:13 pm

/32 routes?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12692
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: BGP routes received despite NRLI filter

Wed Jan 15, 2025 12:51 pm

on address list 0.0.0.0/0 = everything... so...
if you want match EXACTLY 0.0.0.0/0 (accept only default route, if is transmitted....), use filter
if (dst == 0.0.0.0/0) { accept }
 
benw
newbie
Topic Author
Posts: 31
Joined: Sun Oct 08, 2023 6:25 pm

Re: BGP routes received despite NRLI filter

Wed Jan 15, 2025 4:03 pm

/32 routes?
Yes. They are all /32.
Is this a known problem? Can I do something about this?
Thanks!
 
benw
newbie
Topic Author
Posts: 31
Joined: Sun Oct 08, 2023 6:25 pm

Re: BGP routes received despite NRLI filter

Wed Jan 15, 2025 4:07 pm

on address list 0.0.0.0/0 = everything... so...
if you want match EXACTLY 0.0.0.0/0 (accept only default route, if is transmitted....), use filter
if (dst == 0.0.0.0/0) { accept }
In the input filter I have this: if (dst==0.0.0.0/0) {accept} else {reject}
So all routes are in fact marked with DFbI. So inactive, but still loaded. I was expecting them to be discarded by the NRLI filter.
 
benw
newbie
Topic Author
Posts: 31
Joined: Sun Oct 08, 2023 6:25 pm

Re: BGP routes received despite NRLI filter

Thu Jan 16, 2025 9:53 am

/32 routes?
From post nr 190117:
....For everyone facing the same issue, i did further testing and Mikrotik support just confirmed:
The exact match is actually working, but has a bug to match on /32 subnets as well.


So I suppose the passing of the /32 is a bug.
Thanks.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7199
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP routes received despite NRLI filter

Thu Jan 16, 2025 10:04 am

Address lists are designed to match host addresses in subnets, for firewall and other similar places. So yes, currently it is a side-effect when using address lists to match only subnets.