Community discussions

MikroTik App
 
sander123
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Wed Oct 28, 2020 11:58 pm

BGP Filter bgp-as-path reject

Sat Oct 23, 2021 5:54 am

Hello,

Please help with the BGP filters in v7.

I want to reject 2 as numbers on a internet exchange.
I have the following but it isn't working

if (bgp-as-path 11111|22222) {reject} else {set bgp-local-pref 120; accept;}

For example AS 11111 and 22222 blocking and accept all else routes.
 
User avatar
netravnen
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sun Dec 31, 2017 2:48 am

Re: BGP Filter bgp-as-path reject

Sun Oct 24, 2021 2:17 pm

if (bgp-as-path 11111|22222) {reject} else {set bgp-local-pref 120; accept;}

From https://help.mikrotik.com/docs/pages/vi ... d=74678285

bgp-as-path
    {regexp}

If the regexp follows normal syntax should the path not be written as "^(11111|22222) .*"?

if (bgp-as-path "^(11111|22222) .*") {reject} else {set bgp-local-pref 120; accept;}

Alternatively, could bgp-input-remote-as be another matching function you could use?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Filter bgp-as-path reject

Thu Nov 04, 2021 3:23 pm

Did anyone find a working example of a bgp-as-path filter?
The writing of documentation was clearly interrupted halfway and it is not complete now.
There is a special paragraph that says:
There are two common ways how to operate with AS Path data:

    convert whole AS path to string and let regexp operate on the string (ROS v6 or Cisco style)
    let regexp operate on each entry in the AS path as a number (ROS v7, Juniper style)

The latter method is much faster and less resource-intensive than the string matching approach.
That is clear. We have to use a new method to look in AS path entries. I think that is reasonable, but nowhere it is specified how the match statements should look.
I need filter rules that match a certain AS at:
- the begin of the AS path (this can probably be replaced with bgp-input-remote-as now)
- the originating AS (this would be matched using " 1234$" in the v6 syntax but now we supposedly can match "the last item of the AS list" with a literal number. but how?)
- some AS occurring anywhere in the path.

It should not be difficult to add examples for these cases to the documentation, and then the full capabilities can be documented later.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Filter bgp-as-path reject

Thu Nov 04, 2021 4:14 pm

Documentation is work in progress.

In RC5 there might be problems with regex matcher. In RC6 it will work like this:
* "^1234" match AS paths starting with 1234 ASN
* "1234$" match originating ASN
* "1234" match 1234 ASN appearence anywhere in the path
* ".1234." match 1234 ASN anywhere except beginning and the end.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Filter bgp-as-path reject

Thu Nov 04, 2021 5:04 pm

Can you PLEASE post an example showing the syntax of a filter rule that does matching with bgp-as-path?
Is the above mentioned claim that v7 matches on separate entries of the path instead of on an ASCII string representing the entire path (already) true?
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

Re: BGP Filter bgp-as-path reject

Fri Sep 29, 2023 1:36 am

This does not work for me - but why?
if ( bgp-as-path "^65022" ) {
	accept;
}
This results, that the BGP-Announcements from AS65022 are not forwarded.
If i specifiy the IP-Network from that ASN, it will work.

So the RegEX is not working for me.
Screenshot 2023-09-29 003549.jpg
These Routes are not exported to my peers.
You do not have the required permissions to view the files attached to this post.
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

Re: BGP Filter bgp-as-path reject

Fri Sep 29, 2023 1:42 am

Okay, i have found the solution.... When exporting the routes, and you are filtering as-path for "beginns with", you have to add your own ASN in first position. So you do not check against the received protocol, it will check against what will sent out to the bgp-peer. That is strange to have to check for my own ASN.
if ( bgp-as-path "^65012 65022" ) {
	accept;
}
Where 65012 is my own ASN.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Filter bgp-as-path reject

Fri Sep 29, 2023 12:03 pm

As I wrote above (at a time when all of this simply did not work due to bugs, that have been fixed now) there is a "bgp-input-remote-as" you can use for that.

Who is online

Users browsing this forum: No registered users and 15 guests