Community discussions

MikroTik App
 
User avatar
Maggiore81
Trainer
Trainer
Topic Author
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

ROS7 and routing filters

Thu Aug 11, 2022 8:13 am

Hello
My blocking issue are the new routing filters in ROS7.
I would like to upgrade our pop to ROS7 on CCR2004 but I am not able to do that.
I have tried to upgrade a running pop using v6 to v7 and I have a lot of issues on routing filters.

I have read all the examples but I am not able to reach the goal to have them running.

I know that the default action is discard, I have read the guides.

A simple filter on the v6, I made explicit accept any to avoid issues in upgrading to ros7.
/routing filter
add action=discard chain=bgp-out prefix=192.168.0.0/16 prefix-length=0-32
add action=accept chain=bgp-out

The filter has been upgraded but...
When I upgrade, the router doesnt announce anything.
If I disable the filter competely, it announces everything...


Any suggestions? or WORKING examples?

deny a specific subnet
permit all

or permit only default route
deny all
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS7 and routing filters

Thu Aug 11, 2022 8:46 am

Very similar examples already exist in the documentation.
Your example would be:
/routing filter rule add chain=xxx rule="if (dst in 192.168.0.0/16) {reject} else {accept}"
 
User avatar
Maggiore81
Trainer
Trainer
Topic Author
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: ROS7 and routing filters

Thu Aug 11, 2022 10:12 am

Hello, thank you mrz for your support. It works.
Please point me where it is because I may have overlooked it.

Another question: I have some peers configured, some are not establishing connection, how can I debug them?
I have enabled bgp logging but I cant see any messages related to a peer not running up.
the same conf in v6 works, in v7 the ipv6 peer doesnt come up and I dont have any indications why dont come up.
thank you
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: ROS7 and routing filters

Thu Aug 11, 2022 10:18 am

Not too many of them or just a few there :) https://help.mikrotik.com/docs/display/ ... h+examples
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS7 and routing filters

Thu Aug 11, 2022 10:27 am

Typical problems why BGP session is not established:
* missing correct local address
* enabled BFD on one of the sides.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: ROS7 and routing filters

Thu Aug 11, 2022 10:40 am

Especially turning on the BFD which does not work in ROS 7 - work in progress :)
 
User avatar
Maggiore81
Trainer
Trainer
Topic Author
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: ROS7 and routing filters

Thu Aug 11, 2022 11:27 am

Typical problems why BGP session is not established:
* missing correct local address
* enabled BFD on one of the sides.
The issue was the local address in v6 unspecified.
But where can I check it on the logs?
I enabled the bgp logs debugging but it doesnt write that something is not OK.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS7 and routing filters

Thu Aug 11, 2022 11:47 am

if address is not correct, then it is a socket error, most likely there were logs entries saying something about not able to open socket.
 
User avatar
Maggiore81
Trainer
Trainer
Topic Author
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: ROS7 and routing filters

Fri Aug 12, 2022 9:58 am

if address is not correct, then it is a socket error, most likely there were logs entries saying something about not able to open socket.
no messages at all!
That is why I asked.
I have also enabled bgp logging, but no entries about a not starting ipv6 connection.
After I put the ipv6 local address to set the bgp connections, it worked immediately.

Who is online

Users browsing this forum: No registered users and 13 guests