Hi,

I have several BGP peers. Some are customers. Some are upstream. I want to transit my customers, but not become an unofficial Internet exchange between my providers. I'm trying to build a single consistent filter I can use for all of my providers, for both IPv4 and IPv6. The obvious way to do this is via bgp-as-path. A simple example with only my AS would be:

/routing filter
add action=accept bgp-as-path="^myAShere\$" chain=customers disabled=no invert-match=no set-bgp-prepend-path=""
add action=discard chain=customers disabled=no invert-match=no protocol="" set-bgp-prepend-path=""

Then apply this as the out filter on my upstreams. As I read the docs, this would permit only routes where the AS path starts and ends with my AS. It seems to have no effect, however, and all routes pass to the upstream.

I've also tried this with the empty bgp-as-path, ^$, thinking that RouterOS might not recognize the local AS in the bgp-as-path.

Ideally, I'd like to filter something like this:

add action=accept bgp-as-path="^myAShere,Cust1AS\$" chain=customers disabled=no invert-match=no
add action=accept bgp-as-path="^myAShere,Cust2AS\$" chain=customers disabled=no invert-match=no
add action=discard chain=customers disabled=no invert-match=no protocol="" set-bgp-prepend-path=""

Can anyone point out what I'm missing?

(I filter my customers' addresses where they peer with us, so I'm not terribly concerned about them sending us rogue address ranges.)

AFAIK, better option to use only allowed prefix for each customer peer.

as path should be like this 40055,6329