Community discussions

MikroTik App
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

BGP Community based filtering not working

Fri Apr 08, 2022 10:57 pm

We have connectivity to IX, they have community

0:peer AS - Prefix is announced from peer AS

I want to filter all prefixes announced by FB and Google. I try the following.
Filter
chain=RS_IN_Filter bgp-communities=0:15169,0:32934 invert-match=no action=discard

BGP Peer
name="rs_ipv4-1" instance=default remote-address=x.x.x.x remote-as=49*** tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter=RS_IN_Filter out-filter=Out_Filter address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
This filter is not working. Still the traffic is going through the specific IX.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Community based filtering not working

Fri Apr 08, 2022 11:27 pm

See this page for documentation: https://wiki.mikrotik.com/wiki/Manual:R ... ng_filters
The bgp-communities line says: match the COMMUNITIES BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list.
So you cannot put both of them in the same filter entry as it will be an AND operation.
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Sat Apr 09, 2022 8:47 am

chain=RS_IN_Filter bgp-communities=0:15169 invert-match=no action=discard
chain=RS_IN_Filter bgp-communities=0:32934 invert-match=no action=discard
This will discard both AS and the below line will set BGP Weight into 3 for the peer.
chain=RS_IN_Filter  invert-match=no action=accept set-bgp-weight=3
Is it correct?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Community based filtering not working

Sat Apr 09, 2022 12:29 pm

Yes that should work better.
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Sun May 01, 2022 11:11 am

No, unfortunately not working. It's filtering routes from Google only. FB still not filtering.
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Sat Jun 04, 2022 8:07 pm

Any help from experts?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: BGP Community based filtering not working

Sat Jun 04, 2022 8:17 pm

If you change the order of the rules matching on bgp-communities, does it change anything (i.e. filtering routes from FB and not filtering those from Google)? If not, can you check (using sniffing and Wireshark) that the COMMUNITIES attribute indeed arrives for the FB routes?
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Sat Jun 04, 2022 8:44 pm

Yes, changing order of the rule will change what it is filtering. For example, only first rule will work.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: BGP Community based filtering not working

Sat Jun 04, 2022 10:28 pm

What is the CPU architecture and RouterOS release you use? On my lab CHRs running 6.48.6, I am adding bgp-community 0:12345 using an out-filter on one peer. On the other peer, the first in-filter rule discards on bgp-community=0:54321, the second rule discards on bgp-community=0:12345, and the second rule works (which is expected). If I swap their order, the one matching on 0:12345 works as well, so their mutual order doesn't matter in my case. The only difference as compared to your scenario are the particular numbers after the colon and, likely, that I test that on igp peers.

What works weird in my case is that if I disable the second rule, the routes it filters out do not reappear in the routing table until I disable and re-enable the peer at the other router.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Community based filtering not working

Sun Jun 05, 2022 11:00 am

Routing filters do not work on already installed routes, they work on BGP input, which means that you have to request route refresh after you change the in filter rules. See "refresh", "resend" commands.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Community based filtering not working

Sun Jun 05, 2022 12:27 pm

Routing filters do not work on already installed routes, they work on BGP input, which means that you have to request route refresh after you change the in filter rules. See "refresh", "resend" commands.
Yeah, and then you face the problem that these commands do not work correctly in RouterOS v7. So it is often required to disconnect/reconnect the peer.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Community based filtering not working

Sun Jun 05, 2022 1:35 pm

There are no reported or known problems that these commands do not work in ROSv7.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Community based filtering not working

Sun Jun 05, 2022 1:47 pm

There is at least a problem when using these commands between v6 and v7, I do not know if the fault is on v6 or v7 side.
When v6 side uses refresh, the v7 side logs this:
route,bgp,warning RECV RouteRefresh with invalid subtype: 0
and does nothing.
v6 side needs to disconnect/reconnect to force v7 side to do a refresh.

And before you say "it hasn't been reported": I reported it Dec 21, 2021 in the v7.1 release topic: viewtopic.php?p=897255#p897255
It was reported even before that in a separate topic by mhugo: viewtopic.php?p=889618
Last edited by pe1chl on Sun Jun 05, 2022 9:31 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: BGP Community based filtering not working

Sun Jun 05, 2022 2:22 pm

For the record, in my case, it's not an ROS v6 vs. ROS v7 interworking issue. I simply did not assume that the refresh would be needed at all, given that for action=reject, no refresh is needed to make the route list change after enabling or disabling of the routing filter rules, and even more important, that enabling the action=discard rule has an immediate effect, which does not seem compatible with the idea of only handling the route as it is being received from the peer. So my assumption was that the routes received from each peer were stored permanently, and the filter was just controlling which ones of them make it further to redistribution and kernel routing table, so an update of the filter re-processes the stored list without asking the peer to send the route list again.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: BGP Community based filtering not working

Mon Jun 06, 2022 9:26 am

tha same rules that anishpsla is using, on my lab doesnt work as well
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: BGP Community based filtering not working

Mon Jun 06, 2022 9:31 am

tha same rules that anishpsla is using, on my lab doesnt work as well
igp or egp? How exactly they "don't work", same like with @anishpla, i.e. only the first one works and the second one doesn't? Can you show your routing filter chains at both the source (which assigns the community marks) and a the recipient (which filters by them)?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: BGP Community based filtering not working

Mon Jun 06, 2022 11:02 am

but however v7 bgp only for playing in lab, never in production (for now)
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Wed Jun 22, 2022 6:34 pm

tha same rules that anishpsla is using, on my lab doesnt work as well
igp or egp? How exactly they "don't work", same like with @anishpla, i.e. only the first one works and the second one doesn't? Can you show your routing filter chains at both the source (which assigns the community marks) and a the recipient (which filters by them)?
0   ;;; Discard FB
     chain=RS_IN_Filter protocol=bgp bgp-communities=0:32934 invert-match=no action=discard set-bgp-prepend-path="" 
1   ;;; Discard Google
     chain=RS_IN_Filter protocol=bgp bgp-communities=0:15169 invert-match=no action=discard set-bgp-prepend-path="" 
 2   ;;; Accept all other
     chain=RS_IN_Filter protocol=bgp bgp-communities="" invert-match=no action=accept set-bgp-weight=3 set-bgp-prepend-path=""

Community

0:peer AS => Prefix is announced from peer AS
 
anishpsla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Mon Aug 25, 2014 9:16 am

Re: BGP Community based filtering not working

Sat Jun 25, 2022 9:46 am

Any expert here ..

Who is online

Users browsing this forum: ccrsxx, Google [Bot], johnson73, Qalderu, rplant and 87 guests