MikroTik

Posted: **Fri Feb 21, 2014 8:09 pm**

I am using an RB1100AH, v5.21

I have 3 networks:

1. Internal, some .22s
2. ISP1, full BGP feed
3. New ISP2, full BGP feed

How do I prevent re-announcing the feed I get from one ISP to another? I read and re-read the wiki BGP, and the filter manual, but I need a starting point,

Could someone share a sample config, please?

--
Sanjeev

Posted: **Sat Feb 22, 2014 1:23 am**

Greetings,
Here's an example. Provided your ASN is 64585, your network is 198.18.0.0/15, and your ISP's ASN is 65534.
Below is a (modified) copy of what I use for inbound/outbound IPv4 configuration for public upstreams. I should also note that I also don't re-distribute anything (static or other routing protocols).

ISP1-V4-in does some basic inbound filtering to get rid of most of the accidental private and invalid address announcements.
ISP1-V4-out is a simple outbound filter that lets your network go out (198.18.0.0/15 in this example), but discards everything else.

I'd suggest using two separate sets of filters for each ISP, even if they're identical right now. This makes it easier to add things like communities or prepending for a single upstream connection without affecting the other.

Hope this helps.
~Matthew

/routing bgp instance
set default as=64585 client-to-client-reflection=no disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=198.19.255.1 routing-table=""

/routing bgp network
add disabled=no network=198.18.0.0/15 synchronize=no

/routing filter
add action=discard chain=ISP1-V4-in comment=SELF prefix=198.18.0.0/15
add action=discard chain=ISP1-V4-in prefix=!0.0.0.0 prefix-length=25-32
add action=discard chain=ISP1-V4-in comment="BOGON - Self Identification" prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-V4-in comment="BOGON - RFC1918" prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-V4-in comment="BOGON - Loopback" prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-V4-in comment="BOGON - IANA Reserved" prefix=128.0.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-V4-in comment="BOGON - RFC1918" prefix=172.16.0.0/12 prefix-length=12-32
add action=discard chain=ISP1-V4-in comment="BOGON - Link Local" prefix=169.254.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-V4-in comment="BOGON - IANA Reserved" prefix=191.255.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-V4-in comment="BOGON - IANA Reserved" prefix=192.0.0.0/24 prefix-length=24-32
add action=discard chain=ISP1-V4-in comment="BOGON - Test-Net" prefix=192.0.2.0/24 prefix-length=24-32
add action=discard chain=ISP1-V4-in comment="BOGON - Multicast" prefix=224.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP1-V4-in comment="BOGON - RFC1918" prefix=192.168.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-V4-in comment="BOGON - Special Use Networks" prefix=223.255.255.0/24 prefix-length=24-32
add action=discard chain=ISP1-V4-in comment="BOGON - Class E Reserved" prefix=240.0.0.0/4 prefix-length=4-32
add action=accept chain=ISP1-V4-in prefix=!0.0.0.0 prefix-length=8-24 set-bgp-local-pref=80

add action=accept chain=ISP1-V4-out prefix=198.18.0.0/15 prefix-length=15
add action=discard chain=ISP1-V4-out invert-match=yes prefix=0.0.0.0

/routing bgp peer
add in-filter=ISP1-V4-in name=ISP1-V4 nexthop-choice=force-self out-filter=ISP1-V4-out remote-address=192.168.0.1 remote-as=65534 remove-private-as=yes ttl=1 update-source=192.168.0.2

Posted: **Sun Feb 23, 2014 6:41 pm**

Matthew,

Thank you, this is very helpful.

--
Sanjeev

MikroTik

Two BGP sessions, do not wish to re-announce

Two BGP sessions, do not wish to re-announce

Re: Two BGP sessions, do not wish to re-announce

Re: Two BGP sessions, do not wish to re-announce