Versions Compared

Old Version 10

changes.mady.by.user Māris B.

Saved on

compared with

New Version 11

changes.mady.by.user Māris B.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageros
/routing /bgp /template set default as=65533

...

Code Block
languageros
/routing /bgp /template 
add name=myAsTemplate as=65500 output.filter=myAsFilter
set default template=myAsTemplate

...

Code Block
languageros
/routing /bgp /connection
add remote.address=10.155.101.0/24 listen=yes template=default local.role=ibgp

...

Very basic example of BGP input filter to accept prefixesfrom prefixes from 192.168.0.0/16 subnet , without modifying any attributes. For other prefixes substract 1 from received local pref value and set IGP metric to value from OSPF ext :. Additionally we will accept only specific  prefixes from address list to reduce memory usage

Code Block
languagetext
/routing bgp /ip/firewall/address-list
add list=bgp_list dst-address=192.168.1.0/24
add list=bgp_list dst-address=192.168.0.0/24
add list=bgp_list dst-address=172.16.0.0/24

/routing/bgp/template
set default input.filter=bgp_in .accept-nlri=bgp_list

/routing /filter /rule
add chain=bgp_in match-prfx-value=dst<subsumes>192.168.0.0/16 action=accept
add chain=bgp_in set-num-value=bgp-local-pref<sub>1 
add chain=bgp_in set-num-prop=bgp-igp-metric<assign>ospf-ext-metric action=accept

...

Note

Default action of routing filter chain is "drop"


Routing Filters

One filter rule in ROSv7 compared to ROSv6 can have only one set of "match" and one set of "set", which menas that if you want to match by more than one parameter you will have to add more than one rule, for example match static default route and apply action accept:

Code Block
languagetext
/routing/filter/rule
add chain=ospf_in match-prfx-value=dst<equal>0.0.0.0/0 
add chain=ospf_in match-protocol=static action=accept

Filter rules now can be used to match or set communities,  large communities and extended communities from community list:

Code Block
languagetext
/routing/filter/large-community-set
add set=myLargeComSet community=200001:200001:10 


/routing/filter/rule
add chain=bgp_in set-bgp-communities-large=modify<append>myLargeComSet action=accept

RPKI

RouterOS implements RTR client. You connect to the server which will send route validity information. This informaton then can be used to validate routes in route filters against group with "rpki-validate" and further in filters "match-rpki" can be used to match exact state.

...

Code Block
languagetext
/routing /bgp /rpki
add group=myRpkiGroup address=192.168.1.1 port=8282 refresh-interval=20

/routing /filter /rule
add chain=bgp_in rpki-verify=myRpkiGroup 
add chain=bgp_in match-rpki=invalid action=reject
add action=accept

...