BGP Route Filtering Mikrotik Lab

BGP Route Filtering Mikrotik Lab


Routing Filter is a main tool to control and modifying route information, whether you will discard or accept the routeing information. Not only that you can do a lot of action like change distance, set community, even you will used for BGP attribute path selection (weight, prepend, local preff, etc). Now we will try to configure prefix filtering.
In Filter
We are going to filter prefix 10.10.10.10/32 which advertised from Internet Router. We are will discarded the prefix from R2. See before and after config :

Before :
[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  1.1.1.1/32                         23.23.23.1               20
 1 ADC  2.2.2.2/32         2.2.2.2         lo1                       0
 2 ADb  8.8.4.4/32                         23.23.23.1               20
 3 ADb  8.8.8.8/32                         23.23.23.1               20
 4 ADb  10.10.10.10/32                     23.23.23.1               2
 5 ADC  23.23.23.0/30      23.23.23.2      ether1                    0

Filtering config :
[admin@R2] > routing filter add chain=trafic-in prefix=10.10.10.10/32 action=discard
[admin@R2] > routing bgp peer set 0 in-filter=trafic-in

After :
[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  1.1.1.1/32                         23.23.23.1               20
 1 ADC  2.2.2.2/32         2.2.2.2         lo1                       0
 2 ADb  8.8.4.4/32                         23.23.23.1               20
 3 ADb  8.8.8.8/32                         23.23.23.1               20
 4 ADC  23.23.23.0/30      23.23.23.2      ether1                    0
See after filter is applied on R3 prefix 10.10.10.10/32 is gone!

Out Filter
We are going to filter prefix 1.1.1.1/32 from R1 which has advertised to public. And we are going to discard the prefix now!

See the routing table below before discarding the prefix will shown on another router for example we are going to see R2’s routing table!
[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  1.1.1.1/32                         23.23.23.1               20
 1 ADC  2.2.2.2/32         2.2.2.2         lo1                       0
 2 ADb  8.8.4.4/32                         23.23.23.1               20
 3 ADb  8.8.8.8/32                         23.23.23.1               20
 4 ADC  23.23.23.0/30      23.23.23.2      ether1                    0

[admin@R1] > routing filter add chain=trafic-out prefix=1.1.1.1/32 action=discard
[admin@R1] > routing bgp peer set 0 out-filter=trafic-out

After applying out filter the prefix 1.1.1.1/32 is gone!
[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 1 ADC  2.2.2.2/32         2.2.2.2         lo1                       0
 2 ADb  8.8.4.4/32                         23.23.23.1               20
 3 ADb  8.8.8.8/32                         23.23.23.1               20
 4 ADC  23.23.23.0/30      23.23.23.2      ether1                    0

Tulis komentar anda... Conversion Conversion Emoticon Emoticon

Thanks for your comment
Subscribe to: Post Comments ( Atom )