Community discussions

MikroTik App
  4. RouterOS
  5. RouterOS beta

Help migrating filter rules from v6 to v7

Post Reply
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Tue Dec 11, 2012 4:56 am
Contact:
Contact jmginer

Help migrating filter rules from v6 to v7

Sun Oct 10, 2021 2:01 pm

Hello,

I'm trying to migrate my BGP filters from v6 to v7.

The problem is that I can't find how to migrate the "match-chain" rule.

These are my current rules, I receive transit from a provider and offer transit to a customer:

Code: Select all
/routing filter

# section 1 - Accept what my transit provider advertise me
add action=accept chain=MyTransitProvider-IN prefix=0.0.0.0/0
add action=accept chain=MyTransitProvider-IN prefix=::/0

# section 2 - Accept what my transit customer advertise me
add action=accept chain=MyTransitCustomer-IN match-chain=MyTransitCustomerAS set-bgp-local-pref=300 set-distance=10 comment="Accept MyTransitCustomer prefixes"
add action=discard chain=MyTransitCustomer-IN comment="No more from MyTransitCustomer"
add action=accept chain=MyTransitCustomer-OUT prefix=0.0.0.0/0 comment="Disabled to provide full routing" disabled=yes
add action=discard chain=MyTransitCustomer-OUT comment="Disabled to provide full routing" disabled=yes

# section 3 - I advertise my own prefixes and my transit customer prefixes to my transit provider
add action=accept chain=MyTransitProvider-OUT match-chain=MyOwnAS
add action=accept chain=MyTransitProvider-OUT match-chain=MyTransitCustomerAS
add action=discard chain=MyTransitProvider-OUT comment="Dont advertise more to MyTransitProvider"

# section 4 - Chains with my prefixes and my transit customer prefixes (like address list)
add action=accept prefix=1.0.0.0/8 prefix-length=0-32 chain=MyOwnAS
add action=accept prefix=2.0.0.0/8 prefix-length=0-32 chain=MyTransitCustomerAS

If someone is kind enough to help me with the migration I would appreciate it very much.

This is what I've tried, but I'm not sure if it's right? And as I say, I need help with sections 2 and 3 to use the match-chain rule.

Code: Select all
/routing/filter/rule

# section 1
add chain=MyTransitProvider-IN rule="if (dst==0.0.0.0/0 && protocol static) { accept }"
add chain=MyTransitProvider-IN rule="if (dst==::/0 && protocol static) { accept }"

# section 2
help!
# section 3
help!

# section 4
add chain=MyOwnAS rule="if (dst-len>0 && dst-len<32 && dst in 1.0.0.0/8) { accept }"
add chain=MyTransitCustomerAS rule="if (dst-len>0 && dst-len<32 && dst in 2.0.0.0/8) { accept }"

Thank you very much in advance!
Top
 
aleksis
newbie
Posts: 25
Joined: Wed Apr 30, 2014 12:13 pm

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 10:43 am

You can match chain like this:
Code: Select all
add chain=MyTransitCustomer-IN rule="if (chain MyTransitCustomerAS) { set bgp-local-pref 300; set distance 10; accept; }"
Top
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Tue Dec 11, 2012 4:56 am
Contact:
Contact jmginer

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 6:08 pm

Discard rules doesn't work?
Code: Select all
/routing filter rule add chain=DECIX-IN rule="discard"
failure: "[Word {discard}]" - unknown action name

In my opinion, the documentation out there is very poor regarding the radical change with filters in v7.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7053
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Help migrating filter rules from v6 to v7

Mon Oct 11, 2021 6:24 pm

ROS v7 doesn't have "discard" action.
Top
 
noahzhang
just joined
Posts: 1
Joined: Thu Nov 25, 2021 7:33 am

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 7:37 am

ROS v7 doesn't have "discard" action.
so,I have the same problem.How to rewrite the above the filter in v7.Thx.
Top
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:
Contact Nevon

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 9:46 pm

ROS v7 doesn't have "discard" action.
How does Mikrotik think then?
We must help BGP-community to make sure that the wrong information does not come in or out. For example. I want to make sure I do not get my own prefixes from eBGP peers.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7053
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 10:21 pm

With "reject" action.
Top
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:
Contact Nevon

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 10:27 pm

With "reject" action.
what would such a thing look like? Would like to start testing ROS7 BGP
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7053
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Help migrating filter rules from v6 to v7

Thu Nov 25, 2021 11:43 pm

I am not really sure what you are asking, what "reject" would look like if you type it?

Here you can find detailed description on how to use routing filters:
https://help.mikrotik.com/docs/pages/vi ... d=74678285

Some basic stuff to start with as well:
https://help.mikrotik.com/docs/display/ ... g+Examples
Top
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:
Contact Nevon

Re: Help migrating filter rules from v6 to v7

Fri Nov 26, 2021 8:41 am

I am not really sure what you are asking, what "reject" would look like if you type it?

Here you can find detailed description on how to use routing filters:
https://help.mikrotik.com/docs/pages/vi ... d=74678285

Some basic stuff to start with as well:
https://help.mikrotik.com/docs/display/ ... g+Examples
If I want to reject subnet "X.X.X.X/24" for one example.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7053
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Help migrating filter rules from v6 to v7

Fri Nov 26, 2021 10:06 am

Code: Select all
if (dst == x.x.x.x/24) {reject}
Top
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 206
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Help migrating filter rules from v6 to v7

Mon Dec 06, 2021 9:21 pm

Would anyone know what the syntax is to mark a route as unreachable based on a matcher.
I have used a basic bgp-communities as an example

example:
Code: Select all
add action=accept bgp-communities=no-export chain=BGP-IN set-type=unreachable
becomes
Code: Select all
if (bgp-communities equal no-export) {set xxxxxxx; accept}
gw only works with an IP
gw-interface only works with a interface

https://help.mikrotik.com/docs/pages/vi ... yOperators

I don't see an operator for type unreachable in V7...

*note in the docs "bgp-communites" is incorrectly spelt.
Top
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 206
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Help migrating filter rules from v6 to v7

Mon Dec 06, 2021 9:23 pm

Also note that I tested the route filter conversion from V6 to V7 but it doesn't work even though it is marked as completed. The filters are removed from the V7 config after an upgrade.

https://help.mikrotik.com/docs/display/ ... ol+Status
Top
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3297
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Help migrating filter rules from v6 to v7

Mon Dec 06, 2021 10:06 pm

Start a new thread.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 13 guests
  4. RouterOS
  5. RouterOS beta