In the future, using the website cloudhosting.lv, you agree to the rules of using Cookies. Read more. I agree
BGP на Mikrotik
Enable IPv6 on your router
The first thing we will do is enable IPv6 on our Mikrotik router.
system package enable ipv6 system reboot y
This will restart the device, and when it comes back, it will have a new menu named IPv6.
We will also set a longer ARP timeout to be a good citizen; 4 hours is usually a reasonable time to avoid sending updates every 5 minutes..
/ip settings set arp-timeout=04:00:00
Specify the IPv4 and IPv6 addresses for your interfaces for IP transit, Perú IX (PIT Peru sac) (pitperu.net), and your internal network.
Assumptions for example::
"Configure the IPv4 and IPv6 addresses provided by LACNIC on the feedback interface.
The first thing to do is to create a feedback interface and assign it the IPv4 and IPv6 addresses provided by LACNIC. Another option is to assign the IP to another interface or statically route it to another router.
/interface bridge add name=loopback #change la 100.100.100.1/22 for the first IPv4 of the range assigned by LACNIC # /ip address add address=100.100.100.1/22 interface=loopback #cambiar la 2803:cd10::/32 por la primera IPv6 del rango asignado por LACNIC# /ipv6 address add address=2803:cd10::/32 advertise=no interface=loopback
Next, we are going to define the IPv4 and IPv6 addresses of the IP transit provider if they are not yet defined on the device
#cambiar la 198.51.100.2/30 por la IPv4 otorgada por tu Proveedor de IP transit# /ip address add address=198.51.100.2/30 interface=IP_TRANSIT #cambiar la 2803:dd99:1111::2/126 por la IPv6 otorgada por tu Proveedor de IP transit# /ipv6 address add address=2803:dd99:1111::2/126 advertise=no interface=IP_TRANSIT
Finally, we are going to configure the IP addresses provided byPerú IX (PIT Peru sac).
#cambiar la 45.183.47.254/24 por la IPv4 asignada por Perú IX (PIT Peru sac)# /ip address add address=45.183.47.254/24 interface=PIT_PERU_sac #cambiar la 2803:cd60:6411:5::ff/64 por la IPv6 asignada por Perú IX (PIT Peru sac)# /ipv6 address add address=2803:cd60:6411:5::ff/64 advertise=no interface=PIT_PERU_sac
Enter the ASN of your organization (ASN provided by LACNIC)
In our example, let's assume that LACNIC has assigned us ASN 123456. We will use our first publicly available IPv4 address for the router-id." # Change the name to your preference, the AS number to the one assigned by LACNIC, and use the IP of the loopback or another for the router-id # /routing bgp instance add name=AS123456 as=123456 router-id=your_first_public_IPv4_address.
# change the name to the name you like, the ace to your ASN number granted by LACNIC and in route-id you can use the IP of the loopback or another # /routing bgp instance add name=AS123456 as=123456 router-id=100.100.100.1
Create routing filters for OUT and IN chains.
Before starting BGP sessions, it is VERY IMPORTANT to create security filters for both input and output..
Important: In filters, the order of factors matters; the first index of each chain is always processed first.
Output Filters IPv4 (OUT)
#change the 100.100.100.0/22 with your prefix assigned by LACNIC # /routing filter add action=accept chain=IP_TRANSIT_IPv4_OUT prefix=100.100.100.0/22 prefix-length=22 add action=discard chain=IP_TRANSIT_IPv4_OUT #change the 100.100.100.0/22 with your prefix assigned by LACNIC. It is important that we are going to send more specific prefixes to IX, in this case / 24s # /routing filter add action=accept chain=PIT_PERU_sac_IPv4_OUT prefix=100.100.100.0/22 prefix-length=22-24 add action=discard chain=PIT_PERU_sac_IPv4_OUT
Output filters IPv6 (OUT)
# change 2803: cd10 :: / 32 with your IPv6 prefix assigned by LACNIC # /routing filter add action=accept chain=IP_TRANSIT_IPv6_OUT prefix=2803:cd10::/32 prefix-length=32 add action=discard chain=IP_TRANSIT_IPv6_OUT #change 2803: cd10 :: / 32 with your IPv6 prefix assigned by LACNIC. It is important that we will send more specific prefixes to IX, in this case / 48s # /routing filter add action=accept chain=PIT_PERU_sac_IPv6_OUT prefix=2803:cd10::/32 prefix-length=32-48 add action=discard chain=PIT_PERU_sac_IPv6_OUT
Why are we advertising the IP transit provider's /22 (less specific prefix) and Perú IX (PIT Peru sac) with a more specific /24? This question appears to address the decision-making process behind advertising a ?
This is important to ensure that the path through Perú IX (PIT Peru sac) is preferred over the IP transit, thus avoiding traffic that could be served through Perú IX (PIT Peru sac) instead being serviced through IP transit.
IPv4 Inbound (IN) Filters
Here, we need to make a decision: whether to ask the IP transit provider to send us only the default route, or if we request the DFZ (full BGP table without the default route, also known as Full Internet Routing Table). Full BGP)
# we will only use this first line if we are accepting default route # /routing filter add action=accept chain=IP_TRANSIT_IPv4_IN prefix=0.0.0.0/0 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=45.183.47.0/24 prefix-length=24-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=100.64.0.0/10 prefix-length=10-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=127.0.0.0/8 prefix-length=8-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=169.254.0.0/16 prefix-length=16-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=192.0.8.0/24 prefix-length=24-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=192.88.99.0/24 prefix-length=24-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=198.18.0.0/15 prefix-length=15-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=198.51.0.0/24 prefix-length=24-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=203.0.113.0/24 prefix-length=24-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=224.0.0.0/4 prefix-length=4-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=240.0.0.0/4 prefix-length=4-32 add action=discard chain=IP_TRANSIT_IPv4_IN prefix=0.0.0.0/0 prefix-length=25-32 add action=accept chain=IP_TRANSIT_IPv4_IN In the filters of the Perú IX (PIT Peru sac) chain we will also apply filters, although the Route Servers apply filters it is important to always apply filters anyway # /routing filter add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=0.0.0.0/0 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=45.183.47.0/24 prefix-length=24-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=100.64.0.0/10 prefix-length=10-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=127.0.0.0/8 prefix-length=8-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=169.254.0.0/16 prefix-length=16-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=192.0.8.0/24 prefix-length=24-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=192.88.99.0/24 prefix-length=24-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=198.18.0.0/15 prefix-length=15-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=198.51.0.0/24 prefix-length=24-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=203.0.113.0/24 prefix-length=24-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=224.0.0.0/4 prefix-length=4-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=240.0.0.0/4 prefix-length=4-32 add action=discard chain=PIT_PERU_sac_IPv4_IN prefix=0.0.0.0/0 prefix-length=25-32 add action=accept chain=PIT_PERU_sac_IPv4_IN
Inbound Filters(IN) IPv6
Here, we should accept all prefixes sent to us by Perú IX (PIT Peru sac), except those recommended for filtering based on best practices.
# the first line will only be used if we accept the default path # /routing filter add action=accept chain=IP_TRANSIT_IPv6_IN prefix=::/0 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=100::/64 prefix-length=64-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=2001:2::/48 prefix-length=48-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=2001:10::/28 prefix-length=28-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=2001:db8::/32 prefix-length=32-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=2002::/16 prefix-length=16-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=3ffe::/16 prefix-length=16-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=fc00::/7 prefix-length=7-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=fe80::/10 prefix-length=10-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=fec0::/10 prefix-length=10-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=ff00::/8 prefix-length=8-128 add action=discard chain=IP_TRANSIT_IPv6_IN prefix=::/0 prefix-length=65-128 add action=accept chain=IP_TRANSIT_IPv6_IN #In the filters of the Perú IX (PIT Peru sac) chain we will also apply filters, although the Route Servers apply filters it is important to always apply filters anyway # /routing filter add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=::/0 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=100::/64 prefix-length=64-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=2001:2::/48 prefix-length=48-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=2001:10::/28 prefix-length=28-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=2001:db8::/32 prefix-length=32-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=2002::/16 prefix-length=16-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=3ffe::/16 prefix-length=16-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=fc00::/7 prefix-length=7-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=fe80::/10 prefix-length=10-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=fec0::/10 prefix-length=10-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=ff00::/8 prefix-length=8-128 add action=discard chain=PIT_PERU_sac_IPv6_IN prefix=::/0 prefix-length=65-128 add action=accept chain=PIT_PERU_sac_IPv6_IN
Create a peer BGP node with your IP transit provider.
#Change the instance for the one that corresponds in your case, the same in the remote-address and remote-as # /routing bgp peer add name=IP_TRANSIT_IPv4 instance=AS123456 remote-address=198.51.100.1 remote-as=1200 in-filter=IP_TRANSIT_IPv4_IN out-filter=IP_TRANSIT_IPv4_OUT remove-private-as=yes #Change the instance for the one that corresponds in your case, the same in the remote-address and remote-as # /routing bgp peer add name=IP_TRANSIT_IPv6 instance=AS123456 remote-address=2803:dd99:1111::1 remote-as=1200 in-filter=IP_TRANSIT_IPv6_IN out-filter=IP_TRANSIT_IPv6_OUT remove-private-as=yes address-families=ipv6
Create peer BGP nodes using routing servers. Perú IX (PIT Peru sac) (pitperu.net)
In this example, we are going to configure both IPv4 and IPv6 routing servers at Perú IX (PIT Peru sac), namely RS1 and RS2. In our example, a BGP password has been assigned to us. «peeringinperu».”
/routing bgp peer add name=PIT_PERU_sac_RS1_IPv4 instance=AS123456 remote-address=45.183.47.1 remote-as=64115 tcp-md5-key=peeringinperu max-prefix-limit=12000 max-prefix-restart-time=360 in-filter=PIT_PERU_sac_IPv4_IN out-filter=PIT_PERU_sac_IPv4_OUT remove-private-as=yes /routing bgp peer add name=PIT_PERU_sac_RS2_IPv4 instance=AS123456 remote-address=45.183.47.2 remote-as=64115 tcp-md5-key=peeringinperu max-prefix-limit=12000 max-prefix-restart-time=360 in-filter=PIT_PERU_sac_IPv4_IN out-filter=PIT_PERU_sac_IPv4_OUT remove-private-as=yes /routing bgp peer add name=PIT_PERU_sac_RS1_IPv6 instance=AS123456 remote-address=2803:cd60:6411:5::1 remote-as=64115 tcp-md5-key=peeringinperu max-prefix-limit=12000 max-prefix-restart-time=360 in-filter=PIT_PERU_sac_IPv6_IN out-filter=PIT_PERU_sac_IPv6_OUT remove-private-as=yes address-families=ipv6 /routing bgp peer add name=PIT_PERU_sac_RS2_IPv6 instance=AS123456 remote-address=2803:cd60:6411:5::2 remote-as=64115 tcp-md5-key=peeringinperu max-prefix-limit=12000 max-prefix-restart-time=360 in-filter=PIT_PERU_sac_IPv6_IN out-filter=PIT_PERU_sac_IPv6_OUT remove-private-as=yes address-families=ipv6
Определите префиксы, которые вы собираетесь анонсировать
Здесь нам нужно будет изменить префиксы для префиксов, назначенных LACNIC, и мы объявим это как / 22, так и / 24. В IPv6 мы будем анонсировать его пока только как / 32.
/routing bgp network add network=100.100.100.0/22 synchronize=no /routing bgp network add network=100.100.100.0/24 synchronize=no /routing bgp network add network=100.100.101.0/24 synchronize=no /routing bgp network add network=100.100.102.0/24 synchronize=no /routing bgp network add network=100.100.103.0/24 synchronize=no /routing bgp network add network=2803:cd10::/32 synchronize=no
Verify the functionality.
Check the status of BGP Peers. If they are operational, the status should indicate "Established." If it shows "Connect" or "Idle," it means there is a misconfiguration either on your side or on the provider's side.
/routing bgp peer print
This sentence expresses the hope that the provided guide will make it easy and safe for you to explore the wonderful world of BGP. If you have any more questions or if there's anything else I can assist you with, feel free to let me know!
Limitations BGP в Mikrotik RouterOS
In connection with a large number of questions, I share with you a list of limitations that exist in RouterOS, at least in its version. 6.x.x с BGP.