Mikrotik bgp filter. Guide to establish a GRE Tunnel and BGP peering session on MikroTik RouterOS

BGP BLACKHOLE Community

DDoS attacks continue to be a wide-spread problem on the internet. Their size has grown over the past few years to where BGP Blackholing to reduce collateral damage has become widespread.

As more and more networks built support for BGP Blackholing – each with their own BGP community – it became clear that there was a need for a standardized “well known” community for BGP Blackholing. From this need was born RFC 7999: BLACKHOLE Community. This reserves 65535:666 as the well known, BLACKHOLE. This should reduce the complexities for downstream networks implementing blackholing with their upstreams, as well as reducing confusion in documentation through the use of a single BGP community.

I operate two ASNs which operate primarily on MikroTik routers for BGP. This article is about implementing BGP BLACKHOLE on one of those networks.

Implementing BGP BLACKHOLE in an Autonomous System running MikroTik RouterOS

Implementing BLACKHOLE in an autonomous system using MikroTik BGP was fairly simple:

  • Originate a /32 route with 65535:666 BGP Community attached, and allow it to be exported into the rest of the system. This is handled through FastNetMon and fastnetmon_MikroTik.php. It could also be handled by using ExaBGP, or GoBGP, which are both also supported by FastNetMon.
  • Build route policy around received routes which have the 65535:666 BGP Community attached. This sets type of route as blackhole instead of unicast causing the traffic to get dropped.
  • Export /32 routes with provider BGP Blackhole communities attached ( 6969:666 is Hurricane Electric’s for example).

MikroTik BGP Routing Policy

Implementing BGP blackholing when /32 routes contain the BLACKHOLE community is easy. By matching the BGP BLACKHOLE community, prefix-length=32. and protocol BGP, and then using set-type=blackhole the route type is changed to blackhole, and traffic to the IP address is dropped automatically.

The second part of the BGP routing policy includes letting select /32 routes out to upstreams, this is accomplished by allowing prefix-length=32 when combined with the BLACKHOLE community. Of course there is a default deny at the end of the UPSTREAM-OUT policy.

mikrotik, filter, guide, establish, tunnel, peering

/routing filter add action=accept bgp-communities=65535:666 chain=internal-in prefix-length=32 protocol=bgp set-type=blackhole append-bgp-communities=6939:666 add action=accept chain=UPSTREAM-OUT comment=advertise x.x.61.0/24 prefix=x.x.61.0/24 protocol=bgp add action=accept chain=UPSTREAM-OUT comment=advertise x.x.62.0/24 prefix=x.x.62.0/24 protocol=bgp add action=accept bgp-communities=65535:666 chain=UPSTREAM-OUT comment=advertise x.x.61.0/24 Blackholes prefix=x.x.61.0/24 prefix-length=32 protocol=bgp add action=accept bgp-communities=65535:666 chain=UPSTREAM-OUT comment=advertise x.x.62.0/24 Blackholes prefix=x.x.62.0/24 prefix-length=32 protocol=bgp add action=discard chain=UPSTREAM-OUT comment=discard everything else protocol=bgp

RouterOS API

I have been inserting routes into the system using the fastnetmon_MikroTik.php plugin for FastNetMon. Due to operating a 32-bit ASN, I am unable to make my own locally significant BGP communities ( 39xxxx:666 isn’t valid, the first part needs to be a 16-bit number which makes the maximum 65535), so having a well known number that I could use without risking collision was quite handy. I quickly added a change to add the BGP community 65535:666 to routes blackholed, and made a pull request with FastNetMon.

Drawbacks

MikroTik’s routing updates are slow under RouterOS 6.x (but rumored to be faster under 7.x when that comes out), particularly when routes are withdrawn. This can cause the API calls to remove routes to timeout on a router with LOTS of routes (full BGP routes). I found it helpful to inject routes on routers with a defaultlocal routes only where the add or remove could be completed much more quickly.

Guide to establish a GRE Tunnel and BGP peering session on MikroTik RouterOS

Before following these examples below, ensure that the prefix(s) that are going to be used for the peering is not the same prefix that will be announced over the GRE BGP. The GRE public IP should not be in the same range as the prefix you intend to announced.

Pyschz.net networks will provide you with the needed information to connect to your GRE account.

In the example we’ll configure the connection with the following parameters:

Psychz GRE end-point(public IP that belongs to psychz.net). 1.1.1.1

Local GRE end-point(Your public IP being used for the GRE). 10.10.10.100

Local ASN(your ASN). 65530

Psychz ASN. 40676

Internal Tunnel IP address (This would be the /30 psychz.net assigned for the GRE). 192.168.155.0/24

( NOTE. Do not use this /24 as your local gre peering information, this is an example to be used as reference only! )

Psychz Peering IP(psychz.net GRE Private address). 192.168.155.2

Local Peering IP(your GRE private address). 192.168.155.1

Network to be broadcasted(The prefix(s) you are going to announced). 100.100.100.0/24

( NOTE. The IP information on this article varies per provider. This is a reference only, so do not start adding the exact IP address to your router )

Creation of the GRE tunnel

1.1 Console

We use the following command:

1.2 WinBox

Interface. Gre Tunnel. Add (Blue cross button). Add the parameters

GRE tunnel IP address assignment

2.1. – Console

We use the following command:

( NOTE. The 192.168.155.1/24 is your GRE internal ip; what psychz.net gives will be similar to this, 10.20.20.2/30, psychz.net being 10.20.20.1/30 )

2.2 WinBox

IP. Addresses. Add. Add the parameters

BGP local ASN configuration

RouterOS can have many parallel instances of BGP, for normal use we just need to edit the “default” instance

3.1. – Console

We use the following command:

3.2. – WinBox

Routing. BGP. Instances. Double Click on “default”. Add the parameters

Adding networks to be broadcasted via BGP

Regular BGP rules for broadcasting apply here, unless the “synchronize” mark is tickled (append synchronize=no if done via console to the network command), there must be a valid and active route in the routing-table for the prefix to be broadcasted.

4.1 Console

We use the following command:

4.2. – WinBox

Routing. BGP. Networks. Add. Add the parameters

Creating a peering session

For this we’ll define the local name of the peer (this is just a reference, can be anything), remote-as, remote-address and the update-source (we’ll set it to be the IP of the GRE interface we just created)

5.1. Console

We use the following command:

/routing bgp peer add name=”psychz-01” remote-address=192.168.155.2 remote-as=40676 update-source=”psychz-gre-01”

5.2. WinBox

Routing. BGP. Peers. Add. General TAB. Add the Parameters (Name, Remote-IP and Remote-AS)

(NOTE: The instance: default, may not always be default, so ensure to used whatever name used in step 3.2. – WinBox, it has to match. Otherwise the BGP session will not establish.)

Routing. BGP. Peers. Add. Advanced TAB. Add the Parameters (Update-Source)

Adding Inbound and Outbound Filters (optional, but recommended)

Filters need to be defined at “routing. filters” and tied to peering via the In Filter and Out Filter options when creating or editing the peer. However this requires to know first the RouterOS sintax for these, more information can be found here: http://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters

Hosting Services

Life Is Routing

Welcome to our personal blog. Generally, I’ll discuss networking related problems, solutions in this blog. And also adding many network related MCQ question and answer. I hope It will help to all.

Friday, July 8, 2016

Mikrotik | BGP Configuration

What is BGP?: The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol based on distance-vector algorithm. It is used to exchange routing information across the Internet and is the only protocol that is designed to deal with a network of the Internet’s size and the only protocol that can deal well with having multiple connections to unrelated routing domains.

BGP is designed to allow for sophisticated administrative routing policies to be implemented. BGP does not exchange information about network topology but rather reachability information. As such, BGP is better suited to inter-AS environments and special cases like informational feeds. If you just need to enable dynamic routing in your network, consider OSPF instead.

Step 1: Connect your Mikrotik router with your pc with a utp cable. Collect winbox software (or download it from www.mikrotik.com).

Step 3: Add the secondary link IP address with subnet mask and select the port.

Step 4: Add the local block IP address with subnet mask and select the port.

Step 5: Add the public block IP address with subnet mask and select the port.

Step 7: Add the BGP filter rules for primary link and follow the below screenshot

Step 8: Add the BGP filter rules for primary link and follow the below screenshot

Step 9: Add the BGP filter rules for primary link and follow the below screenshot

Step 10: Add the BGP filter rules for primary link and follow the below screenshot

mikrotik, filter, guide, establish, tunnel, peering

Step 11: Add the BGP filter rules for primary link and follow the below screenshot

Step 12: Add the BGP filter rules for primary link and follow the below screenshot

Step 13: Add the BGP filter rules for primary link and follow the below screenshot

Step 14: Add the BGP filter rules for primary link and follow the below screenshot

Step 15: Add the BGP filter rules for secondary link and follow the below screenshot

Step 16: Add the BGP filter rules for secondary link and follow the below screenshot

Step 17: Add the BGP filter rules for secondary link and follow the below screenshot

Step 18: Add the BGP filter rules for secondary link and follow the below screenshot

Step 19: Add the BGP filter rules for secondary link and follow the below screenshot

Step 20: Add the BGP filter rules for secondary link and follow the below screenshot

Step 21: Add the BGP filter rules for secondary link and follow the below screenshot

Step 22: Add the BGP filter rules for secondary link and follow the below screenshot

Step 23: Add the BGP filter rules for secondary link and follow the below screenshot

Step 24: Add the BGP instance (AS and Router ID)

Steps 25: Add the public IP with network address.

mikrotik, filter, guide, establish, tunnel, peering

Step 26: Add the BGP peers for primary link.

Step 27: Add the BGP peers for secondary link.

Step 28: Add NAT rule for private subnet.

Step 29: Add NAT rule for private subnet.

Life with IP Network

Networking and Server related problems, discussion and solutions. Generally it will help ISP engineers in their regular facing problems.

Saturday, July 4, 2015

Mikrotik Router BGP Configuration

Today we will learn how to configure BGP routing protocol to ensure auto failover of multiple links from your ISP. Let me describe the scenario first. Platform: Mikrotik Router Primary Link IP: 172.17.176.4/27 Secondary Link IP: 172.17.160.6/27 Usable Subnet: 172.17.161.0/30 My ASN: 65503 Remote [ISP] ASN: 203 Here is the connectivity diagram:

So, Let’s start the configuration. At first we will assign the primary IP address in ether1, Secondary IP address in ether2 and my usable subnet IP address ether3 interfaces.

Secondary IP address assign:

In this case my ISP should send the default route to my router and all other routes should be discarded. Let’s see how to create those filters.

A BGP attribute named local preference can be used to mark the primary link. Usually BGP uses the default value local preference = 100 if we don’t mention any value for this attribute. The rule is Higher local preference will get higher priority. So we set the value to 200 to make a link as Primary link in our configuration.

To discard all other incoming routes do the following.

We have already finished the configuration of incoming filters. Now we should mention the outgoing filters as well. My ISP should receive the given IP subnet [172.17.161.0/30] from me.

We need to create outgoing filters for Primary and Secondary links as well.

Now start with BGP. Follow the steps below to configure it.

Configuration

/routing bgp instance add as=47453 client-to-client-reflection=no name=itservice router-ID=93.155.130.1

/routing bgp instance add as=47453 client-to-client-reflection=no name=itservice router-ID=93.155.130.1

/routing bgp network add network=93.155.169.0/24 synchronize=no add network=93.155.130.0/24 synchronize=no add network=93.155.162.0/24 synchronize=no add network=93.155.131.0/24 synchronize=no

/routing bgp network add network=93.155.169.0/24 synchronize=no add network=93.155.130.0/24 synchronize=no add network=93.155.162.0/24 synchronize=no add network=93.155.131.0/24 synchronize=no

/routing bgp peer instance=itservice name=mtel-int add in-filter=mtel-int-in out-filter=mtel-int-out remote-address=213.226.26.113 remote-as=12716 instance=itservice name=mtel-bg add in-filter=mtel-bg-in out-filter=mtel-bg-out remote-address=213.226.26.117 remote-as=12716 instance=itservice name=gcn add in-filter=gcn-in out-filter=gcn-out remote-address=212.70.158.89 remote-as=12615 instance=itservice name=thezone add in-filter=thezone-in out-filter=thezone-out remote-address=93.155.130.66 remote-as=34368

/routing bgp peer instance=itservice name=mtel-int add in-filter=mtel-int-in out-filter=mtel-int-out remote-address=213.226.26.113 remote-as=12716 instance=itservice name=mtel-bg add in-filter=mtel-bg-in out-filter=mtel-bg-out remote-address=213.226.26.117 remote-as=12716 instance=itservice name=gcn add in-filter=gcn-in out-filter=gcn-out remote-address=212.70.158.89 remote-as=12615 instance=itservice name=thezone add in-filter=thezone-in out-filter=thezone-out remote-address=93.155.130.66 remote-as=34368

Advanced routing filters for manipulation traffic

ISP1 MTEL BG PEERING chain=mtel-bg-out without parameter = High priority chain=mtel-bg-in set-distance=10 = High priority

ISP1 MTEL INTERNATIONAL chain=mtel-int-out without parameter = High priority chain=mtel-int-in set-bgp-local-pref=200 = High priority

ISP2 GCN chain=gcn-out set-bgp-prepend=5 = Medium priority chain=gcn-in without parameter = Medium priority

ISP3 TheZone chain=thezone-out set-bgp-prepend=10 = Low priority chain=thezone-in set-bgp-local-pref=80 = Low priority

/routing filter add action=accept chain=mtel-bg-out prefix=93.155.130.0/24 add action=accept chain=mtel-bg-out prefix=93.155.131.0/24 add action=accept chain=mtel-bg-out prefix=93.155.162.0/24 add action=accept chain=mtel-bg-out prefix=93.155.169.0/24 add action=discard chain=mtel-bg-out add action=discard chain=mtel-bg-in prefix=93.155.130.0/24 add action=discard chain=mtel-bg-in prefix=93.155.131.0/24 add action=discard chain=mtel-bg-in prefix=93.155.162.0/24 add action=discard chain=mtel-bg-in prefix=93.155.169.0/24 add action=discard chain=mtel-bg-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=mtel-bg-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=mtel-bg-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=mtel-bg-in prefix=0.0.0.0/0 add action=accept chain=mtel-bg-in set-distance=10 add action=accept chain=mtel-int-out prefix=93.155.130.0/24 add action=accept chain=mtel-int-out prefix=93.155.131.0/24 add action=accept chain=mtel-int-out prefix=93.155.162.0/24 add action=accept chain=mtel-int-out prefix=93.155.169.0/24 add action=discard chain=mtel-int-out add action=discard chain=mtel-int-in prefix=93.155.130.0/24 add action=discard chain=mtel-int-in prefix=93.155.131.0/24 add action=discard chain=mtel-int-in prefix=93.155.162.0/24 add action=discard chain=mtel-int-in prefix=93.155.169.0/24 add action=discard chain=mtel-int-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=mtel-int-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=mtel-int-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=mtel-int-in prefix=0.0.0.0/0 add action=accept chain=mtel-int-in set-bgp-local-pref=200 add action=accept chain=gcn-out prefix=93.155.130.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.131.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.162.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.169.0/24 set-bgp-prepend=5 add action=discard chain=gcn-out add action=discard chain=gcn-in prefix=93.155.130.0/24 add action=discard chain=gcn-in prefix=93.155.131.0/24 add action=discard chain=gcn-in prefix=93.155.162.0/24 add action=discard chain=gcn-in prefix=93.155.169.0/24 add action=discard chain=gcn-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=gcn-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=gcn-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=gcn-in prefix=0.0.0.0/0 add action=accept chain=gcn-in add action=accept chain=thezone-out prefix=93.155.130.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.131.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.162.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.169.0/24 set-bgp-prepend=10 add action=discard chain=thezone-out add action=discard chain=thezone-in prefix=93.155.130.0/24 add action=discard chain=thezone-in prefix=93.155.131.0/24 add action=discard chain=thezone-in prefix=93.155.162.0/24 add action=discard chain=thezone-in prefix=93.155.169.0/24 add action=discard chain=thezone-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=thezone-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=thezone-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=thezone-in prefix=0.0.0.0/0 add action=accept chain=thezone-in set-bgp-local-pref=80

/routing filter add action=accept chain=mtel-bg-out prefix=93.155.130.0/24 add action=accept chain=mtel-bg-out prefix=93.155.131.0/24 add action=accept chain=mtel-bg-out prefix=93.155.162.0/24 add action=accept chain=mtel-bg-out prefix=93.155.169.0/24 add action=discard chain=mtel-bg-out add action=discard chain=mtel-bg-in prefix=93.155.130.0/24 add action=discard chain=mtel-bg-in prefix=93.155.131.0/24 add action=discard chain=mtel-bg-in prefix=93.155.162.0/24 add action=discard chain=mtel-bg-in prefix=93.155.169.0/24 add action=discard chain=mtel-bg-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=mtel-bg-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=mtel-bg-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=mtel-bg-in prefix=0.0.0.0/0 add action=accept chain=mtel-bg-in set-distance=10 add action=accept chain=mtel-int-out prefix=93.155.130.0/24 add action=accept chain=mtel-int-out prefix=93.155.131.0/24 add action=accept chain=mtel-int-out prefix=93.155.162.0/24 add action=accept chain=mtel-int-out prefix=93.155.169.0/24 add action=discard chain=mtel-int-out add action=discard chain=mtel-int-in prefix=93.155.130.0/24 add action=discard chain=mtel-int-in prefix=93.155.131.0/24 add action=discard chain=mtel-int-in prefix=93.155.162.0/24 add action=discard chain=mtel-int-in prefix=93.155.169.0/24 add action=discard chain=mtel-int-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=mtel-int-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=mtel-int-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=mtel-int-in prefix=0.0.0.0/0 add action=accept chain=mtel-int-in set-bgp-local-pref=200 add action=accept chain=gcn-out prefix=93.155.130.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.131.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.162.0/24 set-bgp-prepend=5 add action=accept chain=gcn-out prefix=93.155.169.0/24 set-bgp-prepend=5 add action=discard chain=gcn-out add action=discard chain=gcn-in prefix=93.155.130.0/24 add action=discard chain=gcn-in prefix=93.155.131.0/24 add action=discard chain=gcn-in prefix=93.155.162.0/24 add action=discard chain=gcn-in prefix=93.155.169.0/24 add action=discard chain=gcn-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=gcn-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=gcn-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=gcn-in prefix=0.0.0.0/0 add action=accept chain=gcn-in add action=accept chain=thezone-out prefix=93.155.130.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.131.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.162.0/24 set-bgp-prepend=10 add action=accept chain=thezone-out prefix=93.155.169.0/24 set-bgp-prepend=10 add action=discard chain=thezone-out add action=discard chain=thezone-in prefix=93.155.130.0/24 add action=discard chain=thezone-in prefix=93.155.131.0/24 add action=discard chain=thezone-in prefix=93.155.162.0/24 add action=discard chain=thezone-in prefix=93.155.169.0/24 add action=discard chain=thezone-in prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=thezone-in prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=thezone-in prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=thezone-in prefix=0.0.0.0/0 add action=accept chain=thezone-in set-bgp-local-pref=80

mikrotik, filter, guide, establish, tunnel, peering

Monitoring

[admin@R1] routing bgp peer print Flags: X. disabled, E. established # INSTANCE REMOTE-ADDRESS REMOTE-AS 0 E itservice 213.226.26.113 12716 1 E itservice 213.226.26.117 12716 2 E itservice 212.70.158.89 12615 3 E itservice 93.155.130.66 34368

[admin@R1] routing bgp peer print Flags: X. disabled, E. established # INSTANCE REMOTE-ADDRESS REMOTE-AS 0 E itservice 213.226.26.113 12716 1 E itservice 213.226.26.117 12716 2 E itservice 212.70.158.89 12615 3 E itservice 93.155.130.66 34368

[admin@R1] routing bgp peer print status Flags: X. disabled, E. established 0 E name=mtel-int instance=itservice remote-address=213.226.26.113 remote-as=12716 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=mtel-int-in out-filter=mtel-int-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=213.226.7.253 local-address=213.226.26.114 uptime=1w1d22h6m52s prefix-count=610947 updates-sent=11 updates-received=3637678 withdrawn-sent=0 withdrawn-received=163485 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 1 E name=mtel-bg instance=itservice remote-address=213.226.26.117 remote-as=12716 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=mtel-bg-in out-filter=mtel-bg-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=213.226.7.252 local-address=213.226.26.118 uptime=1w1d22h6m52s prefix-count=11674 updates-sent=11 updates-received=51850 withdrawn-sent=0 withdrawn-received=16632 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 2 E name=gcn instance=itservice remote-address=212.70.158.89 remote-as=12615 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=gcn-in out-filter=gcn-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=78.108.240.2 local-address=212.70.158.90 uptime=2w6d9h19m58s prefix-count=627143 updates-sent=24 updates-received=8606895 withdrawn-sent=0 withdrawn-received=919241 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 3 E name=thezone instance=itservice remote-address=93.155.130.66 remote-as=34368 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=thezone-in out-filter=thezone-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=85.217.193.30 local-address=93.155.130.65 uptime=2w6d9h19m6s prefix-count=609947 updates-sent=388275 updates-received=52 withdrawn-sent=388275 withdrawn-received=0 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

[admin@R1] routing bgp peer print status Flags: X. disabled, E. established 0 E name=mtel-int instance=itservice remote-address=213.226.26.113 remote-as=12716 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=mtel-int-in out-filter=mtel-int-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=213.226.7.253 local-address=213.226.26.114 uptime=1w1d22h6m52s prefix-count=610947 updates-sent=11 updates-received=3637678 withdrawn-sent=0 withdrawn-received=163485 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 1 E name=mtel-bg instance=itservice remote-address=213.226.26.117 remote-as=12716 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=mtel-bg-in out-filter=mtel-bg-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=213.226.7.252 local-address=213.226.26.118 uptime=1w1d22h6m52s prefix-count=11674 updates-sent=11 updates-received=51850 withdrawn-sent=0 withdrawn-received=16632 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 2 E name=gcn instance=itservice remote-address=212.70.158.89 remote-as=12615 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=gcn-in out-filter=gcn-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=78.108.240.2 local-address=212.70.158.90 uptime=2w6d9h19m58s prefix-count=627143 updates-sent=24 updates-received=8606895 withdrawn-sent=0 withdrawn-received=919241 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established 3 E name=thezone instance=itservice remote-address=93.155.130.66 remote-as=34368 tcp-md5-key= nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=default in-filter=thezone-in out-filter=thezone-out address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-ID=85.217.193.30 local-address=93.155.130.65 uptime=2w6d9h19m6s prefix-count=609947 updates-sent=388275 updates-received=52 withdrawn-sent=388275 withdrawn-received=0 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

[admin@R1] routing bgp advertisements print PEER PREFIX NEXTHOP A ORIGIN LOCAL-PREF mtel-int 93.155.169.0/24 213.226.26.114 igp mtel-int 93.155.130.0/24 213.226.26.114 igp mtel-int 93.155.162.0/24 213.226.26.114 igp mtel-int 93.155.131.0/24 213.226.26.114 igp mtel-bg 93.155.169.0/24 213.226.26.118 igp mtel-bg 93.155.130.0/24 213.226.26.118 igp mtel-bg 93.155.162.0/24 213.226.26.118 igp mtel-bg 93.155.131.0/24 213.226.26.118 igp gcn 93.155.169.0/24 212.70.158.90 igp gcn 93.155.130.0/24 212.70.158.90 igp gcn 93.155.162.0/24 212.70.158.90 igp gcn 93.155.131.0/24 212.70.158.90 igp thezone 93.155.169.0/24 93.155.130.66 igp thezone 93.155.130.0/24 93.155.130.66 igp thezone 93.155.162.0/24 93.155.130.66 igp thezone 93.155.131.0/24 93.155.130.66 igp

[admin@R1] routing bgp advertisements print PEER PREFIX NEXTHOP A ORIGIN LOCAL-PREF mtel-int 93.155.169.0/24 213.226.26.114 igp mtel-int 93.155.130.0/24 213.226.26.114 igp mtel-int 93.155.162.0/24 213.226.26.114 igp mtel-int 93.155.131.0/24 213.226.26.114 igp mtel-bg 93.155.169.0/24 213.226.26.118 igp mtel-bg 93.155.130.0/24 213.226.26.118 igp mtel-bg 93.155.162.0/24 213.226.26.118 igp mtel-bg 93.155.131.0/24 213.226.26.118 igp gcn 93.155.169.0/24 212.70.158.90 igp gcn 93.155.130.0/24 212.70.158.90 igp gcn 93.155.162.0/24 212.70.158.90 igp gcn 93.155.131.0/24 212.70.158.90 igp thezone 93.155.169.0/24 93.155.130.66 igp thezone 93.155.130.0/24 93.155.130.66 igp thezone 93.155.162.0/24 93.155.130.66 igp thezone 93.155.131.0/24 93.155.130.66 igp

[admin@R1] ip route print count-only 1858965

[admin@R1] ip route print count-only 1858965

Search route

[admin@R1] /ip route print where dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20 1 Db 194.145.63.0/24 213.226.26.117 20 2 Db 194.145.63.0/24 213.226.26.113 20 3 Db 194.145.63.0/24 93.155.130.66 20

[admin@R1] /ip route print where dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20 1 Db 194.145.63.0/24 213.226.26.117 20 2 Db 194.145.63.0/24 213.226.26.113 20 3 Db 194.145.63.0/24 93.155.130.66 20

[admin@R1] ip route print where dst-address in 194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20 1 Db 194.145.63.0/24 213.226.26.117 20 2 Db 194.145.63.0/24 213.226.26.113 20 3 Db 194.145.63.0/24 93.155.130.66 20

[admin@R1] ip route print where dst-address in 194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20 1 Db 194.145.63.0/24 213.226.26.117 20 2 Db 194.145.63.0/24 213.226.26.113 20 3 Db 194.145.63.0/24 93.155.130.66 20

[admin@R1] ip route print where received-from=gcn dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20

[admin@R1] ip route print where received-from=gcn dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 194.145.63.0/24 212.70.158.89 20

[admin@R1] ip route print detail where dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit 0 ADb dst-address=194.145.63.0/24 gateway=212.70.158.89 gateway-status=212.70.158.89 reachable via vlan149 distance=20 scope=40 target-scope=10 bgp-as-path=12615,8262,8860 bgp-local-pref=100 bgp-origin=igp received-from=gcn 1 Db dst-address=194.145.63.0/24 gateway=213.226.26.117 gateway-status=213.226.26.117 reachable via vlan1701 distance=20 scope=40 target-scope=10 bgp-as-path=12716,8860 bgp-local-pref=200 bgp-origin=igp received-from=mtel-bg 2 Db dst-address=194.145.63.0/24 gateway=213.226.26.113 gateway-status=213.226.26.113 reachable via vlan1702 distance=20 scope=40 target-scope=10 bgp-as-path=12716,8447,8262,8860 bgp-local-pref=200 bgp-origin=igp received-from=mtel-int

[admin@R1] ip route print detail where dst-address=194.145.63.0/24 Flags: X. disabled, A. active, D. dynamic, C. connect, S. static, r. rip, b. bgp, o. ospf, m. mme, B. blackhole, U. unreachable, P. prohibit 0 ADb dst-address=194.145.63.0/24 gateway=212.70.158.89 gateway-status=212.70.158.89 reachable via vlan149 distance=20 scope=40 target-scope=10 bgp-as-path=12615,8262,8860 bgp-local-pref=100 bgp-origin=igp received-from=gcn 1 Db dst-address=194.145.63.0/24 gateway=213.226.26.117 gateway-status=213.226.26.117 reachable via vlan1701 distance=20 scope=40 target-scope=10 bgp-as-path=12716,8860 bgp-local-pref=200 bgp-origin=igp received-from=mtel-bg 2 Db dst-address=194.145.63.0/24 gateway=213.226.26.113 gateway-status=213.226.26.113 reachable via vlan1702 distance=20 scope=40 target-scope=10 bgp-as-path=12716,8447,8262,8860 bgp-local-pref=200 bgp-origin=igp received-from=mtel-int

s:

| Denial of responsibility | Contacts |RSS