Hey all, I'm currently trying to get BGP working on v7. I am almost there, we are getting a full table from our upstream peer and are sending them our prefix (which they confirm they are receiving). The final thing we need to work out is filtering. We have a single /24 v4 prefix being announced and receiving a full table. If there's anyone out there that has some working examples for import and export filters it'd be greatly appreciated. Thanks, Christopher H.
Hi Chris, Hope these help, they're untidy and need refining but this just lives on a secondary link that I'll get back to soon. 0 ;;; Transit Inbound chain=transit_in rule="if ( dst in 0.0.0.0/0 && afi ipv4 ) { jump bogons }" 1 chain=transit_in rule="if ( dst-len>= 0 ) { jump reject-own }" 2 chain=transit_in rule="if ( bgp-as-path "{asn1} {asn2} {asn3}$" ) { set distance 10; accept }" 3 X ;;; Enable Apple chain=transit_in rule="if ( bgp-as-path 714$ ) { set distance 10; accept }" 4 X ;;; Enable Telstra chain=transit_in rule="if ( bgp-as-path 1221$ ) { set distance 10; accept }" 5 X ;;; Enable Optus chain=transit_in rule="if ( bgp-as-path 4804$ ) { set distance 10; accept}" 6 chain=transit_in rule="if ( dst==0.0.0.0/0 && afi ipv4 ) { set distance 50; accept }" 7 chain=transit_in rule="if ( dst == ::/0 ) { set distance 50; accept }" 8 chain=transit_out rule="if ( dst == {own_ipv4_range}/24 || dst == {own_ipv6_range}/48 ) { set bgp-communities {community_list};\r\nset bgp-ext-communities {ext_community_list};\r\nset bgp-large-communities {large_community_list}; accept }" 9 X chain=transit_out rule="if ( dst == {own_ipv4_range}/24 ) { set bgp-path-prepend 3; \r\nset bgp-communities {xxxx}:{xxxx}; accept }" 20 ;;; List of bogons to add to filters, returns back chain=bogons rule="if (dst in 10.0.0.0/8 && dst-len>=8) { reject }\r\n\r\n" 21 chain=bogons rule="if (dst in 192.168.0.0/16 && dst-len>=16) { reject }\r\n" 22 chain=bogons rule="if (dst in 127.0.0.0/8 && dst-len>=8) { reject }\r\n" 23 chain=bogons rule="if (dst in 169.254.0.0/16 && dst-len>=16) { reject }\r\n" 24 chain=bogons rule="if (dst in 172.16.0.0/12 && dst-len>=12) { reject }\r\n" 25 chain=bogons rule="if (dst in 224.0.0.0/4 && dst-len>=4) { reject }\r\n" 26 chain=bogons rule="if (dst in 240.0.0.0/4 && dst-len>=4) { reject }\r\n" 27 chain=bogons rule="if (dst-len >= 0) { return }" 28 ;;; Default filter to reject own prefixes chain=reject-own rule="if ( dst in {own_ipv4_range}/24 && afi ipv4 ) { reject }" 29 chain=reject-own rule="if ( dst in {own_ipv6_range}/48 && afi ipv6 ) { reject }" 30 chain=reject-own rule="if ( dst-len >= 0) { return }" -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Christopher Hawker Sent: Wednesday, 7 December 2022 7:02 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Help with BGP on v7 (not a joke) Hey all, I'm currently trying to get BGP working on v7. I am almost there, we are getting a full table from our upstream peer and are sending them our prefix (which they confirm they are receiving). The final thing we need to work out is filtering. We have a single /24 v4 prefix being announced and receiving a full table. If there's anyone out there that has some working examples for import and export filters it'd be greatly appreciated. Thanks, Christopher H. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (2)
-
Christopher Hawker
-
Two Fat Monkeys - Dirk Bermingham