Community discussions

MikroTik App
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Tue Dec 11, 2012 4:56 am
Contact:

Help migrating filter rules from v6 to v7

Sun Oct 10, 2021 2:01 pm

Hello,

I'm trying to migrate my BGP filters from v6 to v7.

The problem is that I can't find how to migrate the "match-chain" rule.

These are my current rules, I receive transit from a provider and offer transit to a customer:

/routing filter

# section 1 - Accept what my transit provider advertise me
add action=accept chain=MyTransitProvider-IN prefix=0.0.0.0/0
add action=accept chain=MyTransitProvider-IN prefix=::/0

# section 2 - Accept what my transit customer advertise me
add action=accept chain=MyTransitCustomer-IN match-chain=MyTransitCustomerAS set-bgp-local-pref=300 set-distance=10 comment="Accept MyTransitCustomer prefixes"
add action=discard chain=MyTransitCustomer-IN comment="No more from MyTransitCustomer"
add action=accept chain=MyTransitCustomer-OUT prefix=0.0.0.0/0 comment="Disabled to provide full routing" disabled=yes
add action=discard chain=MyTransitCustomer-OUT comment="Disabled to provide full routing" disabled=yes

# section 3 - I advertise my own prefixes and my transit customer prefixes to my transit provider
add action=accept chain=MyTransitProvider-OUT match-chain=MyOwnAS
add action=accept chain=MyTransitProvider-OUT match-chain=MyTransitCustomerAS
add action=discard chain=MyTransitProvider-OUT comment="Dont advertise more to MyTransitProvider"

# section 4 - Chains with my prefixes and my transit customer prefixes (like address list)
add action=accept prefix=1.0.0.0/8 prefix-length=0-32 chain=MyOwnAS
add action=accept prefix=2.0.0.0/8 prefix-length=0-32 chain=MyTransitCustomerAS

If someone is kind enough to help me with the migration I would appreciate it very much.

This is what I've tried, but I'm not sure if it's right? And as I say, I need help with sections 2 and 3 to use the match-chain rule.

/routing/filter/rule

# section 1
add chain=MyTransitProvider-IN rule="if (dst==0.0.0.0/0 && protocol static) { accept }"
add chain=MyTransitProvider-IN rule="if (dst==::/0 && protocol static) { accept }"

# section 2
help!
# section 3
help!

# section 4
add chain=MyOwnAS rule="if (dst-len>0 && dst-len<32 && dst in 1.0.0.0/8) { accept }"
add chain=MyTransitCustomerAS rule="if (dst-len>0 && dst-len<32 && dst in 2.0.0.0/8) { accept }"

Thank you very much in advance!
 
aleksis
just joined
Posts: 9
Joined: Wed Apr 30, 2014 12:13 pm

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 10:43 am

You can match chain like this:
add chain=MyTransitCustomer-IN rule="if (chain MyTransitCustomerAS) { set bgp-local-pref 300; set distance 10; accept; }"
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Tue Dec 11, 2012 4:56 am
Contact:

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 6:08 pm

Discard rules doesn't work?
/routing filter rule add chain=DECIX-IN rule="discard"
failure: "[Word {discard}]" - unknown action name

In my opinion, the documentation out there is very poor regarding the radical change with filters in v7.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6389
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 6:24 pm

ROS v7 doesn't have "discard" action.
 
noahzhang
just joined
Posts: 1
Joined: Thu Nov 25, 2021 7:33 am

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 7:37 am

ROS v7 doesn't have "discard" action.
so,I have the same problem.How to rewrite the above the filter in v7.Thx.
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 9:46 pm

ROS v7 doesn't have "discard" action.
How does Mikrotik think then?
We must help BGP-community to make sure that the wrong information does not come in or out. For example. I want to make sure I do not get my own prefixes from eBGP peers.
----------------------------------------------------------------------------
PEMA Kommunikationer AB
Vårgårda - Sweden
AS207448
----------------------------------------------------------------------------
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6389
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 10:21 pm

With "reject" action.
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 10:27 pm

With "reject" action.
what would such a thing look like? Would like to start testing ROS7 BGP
----------------------------------------------------------------------------
PEMA Kommunikationer AB
Vårgårda - Sweden
AS207448
----------------------------------------------------------------------------
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6389
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 11:43 pm

I am not really sure what you are asking, what "reject" would look like if you type it?

Here you can find detailed description on how to use routing filters:
https://help.mikrotik.com/docs/pages/vi ... d=74678285

Some basic stuff to start with as well:
https://help.mikrotik.com/docs/display/ ... g+Examples
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:

Re: Help migrating filter rules from v6 to v7

Fri Nov 26, 2021 8:41 am

I am not really sure what you are asking, what "reject" would look like if you type it?

Here you can find detailed description on how to use routing filters:
https://help.mikrotik.com/docs/pages/vi ... d=74678285

Some basic stuff to start with as well:
https://help.mikrotik.com/docs/display/ ... g+Examples
If I want to reject subnet "X.X.X.X/24" for one example.
----------------------------------------------------------------------------
PEMA Kommunikationer AB
Vårgårda - Sweden
AS207448
----------------------------------------------------------------------------
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6389
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Help migrating filter rules from v6 to v7

Fri Nov 26, 2021 10:06 am

if (dst == x.x.x.x/24) {reject}

Who is online

Users browsing this forum: No registered users and 11 guests