Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

BGP: filter prefixes based on AS path

Post Reply
 
mikro2009
just joined
Topic Author
Posts: 11
Joined: Fri Jan 25, 2019 11:12 am

BGP: filter prefixes based on AS path

Wed Jun 21, 2023 3:59 pm

Hi all,

I would like to filter prefixes not belonging to my own AS to external peers (to prevent IP-transit between them). Usually you can do this based on the AS path by matching the empty path (output filter rule). This works fine (ROS 6):
Code: Select all
/routing filter
add action=accept bgp-as-path="^\$" chain=TEST-OUT
add action=discard chain=TEST-OUT
How can I do this in ROS 7 (7.10)? Based on the documentation I migrated the rules to:
Code: Select all
/routing/filter/rule
add chain=TEST-OUT disabled=no rule="if (bgp-as-path ^\$) {accept}"
add chain=TEST-OUT disabled=no rule=reject
But it does not work - all prefixes are rejected. The first rule does not match (I tried several regex, e.g.: ^1234*\$ or ^*\$ but without success). Any idea?
Best Regard,
Heino
Top
 
mikro2009
just joined
Topic Author
Posts: 11
Joined: Fri Jan 25, 2019 11:12 am

Re: BGP: filter prefixes based on AS path

Fri Jun 23, 2023 12:45 pm

Hi all,

an inverse match (rejecting all not-empty paths) seems to work:
Code: Select all
/routing/filter/rule
add chain=TEST-OUT disabled=no rule="if (bgp-as-path ^.+\$) {reject} else {accept}"
add chain=TEST-OUT disabled=no rule=reject
Interesting enough the router's regex testing tool privides correct results (matching
the empty path):
Code: Select all
/routing/filter/test-as-path-regexp regexp="^\$" as-path=""
  match
/routing/filter/test-as-path-regexp regexp="^\$" as-path="12345"
  no match
It seems to be a bug in the filter rule regex matching.

Best Regards,
Top
 
DarkNate
Forum Guru
Forum Guru
Posts: 1034
Joined: Fri Jun 26, 2020 4:37 pm

Re: BGP: filter prefixes based on AS path

Sun Jun 25, 2023 1:46 pm

You should be using BGP communities + RFC9234 to prevent route leaks. Not via AS-PATH.
Top
 
mikro2009
just joined
Topic Author
Posts: 11
Joined: Fri Jan 25, 2019 11:12 am

Re: BGP: filter prefixes based on AS path

Mon Jun 26, 2023 9:25 am

You should be using BGP communities + RFC9234 to prevent route leaks. Not via AS-PATH.
Nevertheless AS path filtering should work.
Top
 
zentavr
newbie
Posts: 49
Joined: Tue Nov 05, 2013 2:11 pm

Re: BGP: filter prefixes based on AS path

Fri Nov 17, 2023 5:51 am

Have the same issue with the regexp
Top
 
zentavr
newbie
Posts: 49
Joined: Tue Nov 05, 2013 2:11 pm

Re: BGP: filter prefixes based on AS path

Fri Nov 17, 2023 8:43 am

You should be using BGP communities + RFC9234 to prevent route leaks. Not via AS-PATH.
Hello @DarkNate. How this could be realised with Mikrotik?
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7060
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: BGP: filter prefixes based on AS path

Fri Nov 17, 2023 9:04 am

Regexps are slow, do not use regexpfor simple things like to match as path length, for that there is parameter bgp-path-len
https://help.mikrotik.com/docs/display/ ... Properties
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 2 guests
  4. RouterOS
  5. Forwarding Protocols