MikroTik

Community discussions
https://forum.mikrotik.com/

Fastnetmon Advertise /24 Subnet

https://forum.mikrotik.com/viewtopic.php?t=172117

Page 1 of 1

Fastnetmon Advertise /24 Subnet

Posted: Fri Jan 29, 2021 12:21 pm
by roboticpuppies
Hello. I'm testing Fastnetmon to advertise /24 subnet to scrubbing center. Here is the topology : https://prnt.sc/xsytvw
I've successfully setup BGP filter for RTBH to ISP using Fastnetmon (advertise /32). Next I applied the same routing filter (but with different bgp community) to advertise /24 subnet to scrubbing center, but it doesn't work.

Suppose my AS is 456, and the scrubbing AS is 789. BGP Community for RTBH is 666, for scrubbing is 999.

GoBGP will send prefix with community 456:999 to my edge router. Here is the In-Filter of my edge router to receive the advertisement from GoBGP :
Code: Select all
Flags: X - disabled 
 0   ;;; Community 666 - Blackhole ISP
     chain=FROM-SENSOR bgp-communities=456:666 invert-match=no 
     action=accept set-bgp-local-pref=200 set-bgp-prepend-path="" 
     set-bgp-communities=456:666 

 1   ;;; Community 999 - Scrubbing
     chain=FROM-SENSOR bgp-communities=456:999 invert-match=no 
     action=accept set-bgp-local-pref=200 set-bgp-prepend-path="" 
     set-bgp-communities=456:999 

 2   chain=FROM-SENSOR bgp-communities=456:999 invert-match=no 
     action=discard set-bgp-prepend-path=""


Then I need to forward the advertisement from GoBGP to scrubbing center. This setup works with /32 prefix. Here is the Out-Filter to advertise prefix from edge router to scrubbing center :
Code: Select all
Flags: X - disabled 
 0   chain=TO-SCRUBBING bgp-communities=456:999 invert-match=no action=passthrough 
     set-bgp-prepend-path="" 

 1   chain=TO-SCRUBBING bgp-communities=456:999 invert-match=no action=accept 
     set-bgp-prepend-path="" set-bgp-communities="" 

 2   chain=TO-SCRUBBING invert-match=no action=discard set-bgp-prepend-path=""

I can see the prefix is delivered from GoBGP, here is from routing table :
Code: Select all
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADC  dst-address=10.10.30.0/24 pref-src=10.10.30.1 gateway=ether2-GW 
        gateway-status=ether2-GW reachable distance=0 scope=10 

 1  Db  dst-address=10.10.30.0/24 gateway=10.10.30.253 
        gateway-status=10.10.30.253 reachable via  ether2-GW distance=200 
        scope=40 target-scope=30 bgp-local-pref=200 bgp-origin=igp 
        bgp-communities=55688:999 received-from=TEST-ROUTER


But I can't forward the advertisement (/24) from GoBGP to my scrubbing center. How can I get this to work so I can automatically advertise /24 to scrubbing center?
Thank you.

Re: Fastnetmon Advertise /24 Subnet

Posted: Sun Mar 28, 2021 7:14 am
by loloski
Hey,

Good day, did you manage to solve this?

Re: Fastnetmon Advertise /24 Subnet

Posted: Sun Mar 28, 2021 10:25 am
by roboticpuppies
Unfortunately I haven't solved this yet. Recently I moved to another project

Re: Fastnetmon Advertise /24 Subnet

Posted: Mon Mar 29, 2021 3:30 pm
by loloski
Oh i see that was unfortunate :), care to share if ever you succeed what would be the ball park figure of cost let say 100 mb of clean traffic going back to your GRE tunnel, i assume that's how your mitigation provider return the clean traffic to your infrastructure

Re: Fastnetmon Advertise /24 Subnet

Posted: Fri Apr 30, 2021 10:33 am
by expo
also interested to know how you will automate prefix withdrawl from your primary providers while advertising /24's to the scrubbing center, I'm using fastnetmon, can this be done without custom code via mikrotik api?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/