Static routes with bgp communities in ROS7 - how?
Hi folks, This one has me a little stumped. I'm working on upgrading one of our systems from ROS6 to ROS7. This system has a controller that talks via API to a number of Mikrotiks around the place, and maintains a number of static routes (can be anywhere from 50 to 1000 depending on time and day). These static routes all have communities set, depending on the function of the route. i.e. a local service suspension route might be 12345:765 which means it is advertised via ospf for blackholing. A mitigation route might be 12345:666 or 12345:667 to be sent via bgp to our border routers for blackholing, or even advertised on to our upstream providers for blackholing or scrubbing. We have routing filters on ROS6 that decide which routes get redistributed to which protocols and which peers based on communities. A basic config for two blackhole routes might look like the following: /ip route add bgp-communities=12345:765 distance=1 dst-address=221.121.69.69/32 type=blackhole add bgp-communities= 12345:666 distance=1 dst-address=221.121.69.70/32 type=blackhole /routing filter add action=accept bgp-communities= 12345:765 chain=ospf-out comment=Suspension prefix=0.0.0.0/0 prefix-length=32 set-distance=100 add action=discard chain=ospf-out add action=accept bgp-communities= 12345:765 chain=bgp-out comment=Suspension prefix=0.0.0.0/0 prefix-length=32 add action=accept bgp-communities=12345:666 chain=bgp-out comment=Mitigation prefix=0.0.0.0/0 prefix-length=32 add action=accept bgp-communities=12345:667 chain=bgp-out comment=LocalBlackhole prefix=0.0.0.0/0 prefix-length=32 Trying to do this in ROS7, there just isn't a bgp-communities attribute on route that I can set. Is there an 'easy' way to do this same thing on ROS7? Or am I going to also need to add routing rules for each IP on the ospf-out and bgp-out chains as needed to say they can or cannot go out? Thanks for any help, Damien -- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Hi Damien, You could use filter rules like the below to achieve what you're after: if (bgp-large-communities equal 200001:200001:10) { <add actions here> }" Regards, Christopher Hawker Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Public <public-bounces@talk.mikrotik.com.au> on behalf of Damien Gardner Jnr <rendrag@rendrag.net> Sent: Friday, January 13, 2023 1:53:51 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Static routes with bgp communities in ROS7 - how? Hi folks, This one has me a little stumped. I'm working on upgrading one of our systems from ROS6 to ROS7. This system has a controller that talks via API to a number of Mikrotiks around the place, and maintains a number of static routes (can be anywhere from 50 to 1000 depending on time and day). These static routes all have communities set, depending on the function of the route. i.e. a local service suspension route might be 12345:765 which means it is advertised via ospf for blackholing. A mitigation route might be 12345:666 or 12345:667 to be sent via bgp to our border routers for blackholing, or even advertised on to our upstream providers for blackholing or scrubbing. We have routing filters on ROS6 that decide which routes get redistributed to which protocols and which peers based on communities. A basic config for two blackhole routes might look like the following: /ip route add bgp-communities=12345:765 distance=1 dst-address=221.121.69.69/32 type=blackhole add bgp-communities= 12345:666 distance=1 dst-address=221.121.69.70/32 type=blackhole /routing filter add action=accept bgp-communities= 12345:765 chain=ospf-out comment=Suspension prefix=0.0.0.0/0 prefix-length=32 set-distance=100 add action=discard chain=ospf-out add action=accept bgp-communities= 12345:765 chain=bgp-out comment=Suspension prefix=0.0.0.0/0 prefix-length=32 add action=accept bgp-communities=12345:666 chain=bgp-out comment=Mitigation prefix=0.0.0.0/0 prefix-length=32 add action=accept bgp-communities=12345:667 chain=bgp-out comment=LocalBlackhole prefix=0.0.0.0/0 prefix-length=32 Trying to do this in ROS7, there just isn't a bgp-communities attribute on route that I can set. Is there an 'easy' way to do this same thing on ROS7? Or am I going to also need to add routing rules for each IP on the ospf-out and bgp-out chains as needed to say they can or cannot go out? Thanks for any help, Damien -- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (2)
-
Christopher Hawker
-
Damien Gardner Jnr