Page 1 of 1
Routing Filter
Posted: Fri Mar 16, 2007 4:19 pm
by fpascual
I´m trying to read /routing filter and can´t understand.
I must define my networks to publish in /routing bgp network, and then, what can I do in /routing filter ?.
The question is very basic, I know, but can´t understand.
Thanks a lot
Posted: Fri Mar 16, 2007 6:50 pm
by changeip
/routing bgp network is for static annoucement entries.
/routing filter is a place where you can filter incoming routes as well as outgoing routes. Just like firewall filter, the chains in /routing filter are traversed when routes are accepted / annouced. This gives you the ability to change attributes like BGP community, nexthops, etc.
Sam
Posted: Fri Mar 16, 2007 9:12 pm
by fpascual
Ok, I have the following problem:
Example:
I have ISP1, and need to:
Discard AS 26XX
Discard 200.X.5.0/24 and 200.X.31.0/24 networks
Accept 200.X.0.0/19 and 200.X.80.0/20 networks
Deny any any
And when apply this filter doesn´t work:
add chain=filter-ISP1-out bgp-as-path=26XX invert-match=no action=discard comment="" disabled=no
add chain=filter-ISP1-out prefix=200.X.5.0/24 prefix-length=24 invert-match=no action=discard comment="" disabled=no
add chain=filter-ISP1-out prefix=200.X.31.0/24 prefix-length=24 invert-match=no action=discard comment="" disabled=no
add chain=filter-ISP1-out prefix=200.X.0.0/19 prefix-length=24 invert-match=no action=accept comment="" disabled=no
add chain=filter-ISP1-out prefix=200.X.80.0/20 prefix-length=24 invert-match=no action=accept comment="" disabled=no
add chain=filter-ISP1-out prefix=0.0.0.0/0 prefix-length=0-32 invert-match=no action=discard comment="" disabled=no
The ISP1 is still getting discarded networks, what could it be the problem?
Thanks a lot
Posted: Fri Mar 16, 2007 9:21 pm
by mrz
have you set out filter for bgp peer?
Posted: Fri Mar 16, 2007 9:30 pm
by fpascual
Yes
Posted: Fri Mar 16, 2007 10:13 pm
by changeip
which version of routing-test? There was 1-2 version that routing-filter out chains weren't working.
Sam
Posted: Fri Mar 16, 2007 11:03 pm
by fpascual
2.9.30 Sam
Posted: Fri Mar 16, 2007 11:23 pm
by changeip
2.9.31
*) fixed route filters in routing-test;
I think from 2.9.28 to .30 the out filters weren't working
Sam
Posted: Fri Mar 16, 2007 11:39 pm
by fpascual
Thanks Sam !, what I must do to upgrade only routing-test package ?
Posted: Fri Mar 16, 2007 11:41 pm
by changeip
You can't upgrade only 1 module. I recommend upgrading to entire RouterOS to 2.9.38 since it's bgp seems the most stable so far.
Sam
Posted: Fri Mar 16, 2007 11:45 pm
by fpascual
Ok Sam, thanks a lot, do you consider that my filter is correctly configured ?.
What about 2.9.40 version ?, have any BGP change with respect 2.9.38 ?
Posted: Fri Mar 16, 2007 11:55 pm
by mrz
There are some known bugs in 2.9.40 you will have to wait until 2.9.41 is out
Posted: Sat Mar 17, 2007 12:30 am
by fpascual
Ok, do you recommend me to wait or put 2.9.38 ?
Posted: Sat Mar 17, 2007 12:35 am
by mrz
Put 2.9.38
Posted: Sat Mar 17, 2007 1:12 am
by fpascual
Ok, thanks !
Posted: Sat Mar 17, 2007 7:57 am
by changeip
Ok, do you recommend me to wait or put 2.9.38 ?
If outbound filters are critical then you can make that decision to upgrade. It sounds like it's been this way for a while right? Maybe another week is okay ...
Posted: Tue Mar 20, 2007 3:54 pm
by fpascual
Ok, if I put 2.9.39 if the same ?, I have this version installed in a backup router.
Thanks
Posted: Tue Mar 20, 2007 4:11 pm
by janisk
try 2.9.41 just came out, and seems to be stable
Posted: Tue Mar 20, 2007 4:42 pm
by fpascual
Ok, thanks a lot !