Manual:Routing/Routing filters

From MikroTik Wiki
Jump to navigation Jump to search

Applies to RouterOS: v3, v4 +


Properties

Sub-menu: /routing filter


Note: Values from "set-..." properties are set no matter what action is specified in "action" property.




Property Description
action (accept | discard | jump | log | passthrough | reject | return; Default: passthrough) action to perform on route matching the rule.
  • accept - accept the routing information
  • discard - completely exclude matching prefix from further processing. For incoming filters, 'discard' means that information about this route is completely lost.
  • jump - pass control to another filter list that should be specified as 'jump-target' parameter
  • log - log message about this match in system log and continue with the next rule in chain
  • passthrough - continue to the next rule in chain
  • reject - reject the routing information for matching prefix. For incoming filters, 'reject' means that information about this route stored in memory, but the route will not become active. For outgoing filters it's the same as 'discard'
  • return - return to the previous chain from which a jump to the current chain took place
address-family (ip|ipv6|l2vpn|l2vpn-cisco|vpnv4;) match by BGP address family
append-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) similar to 'set-bgp-communities', but does not delete any existing information about communities
append-route-targets (AsIP|AsNum;) Append value to route target EXTENDED_COMMUNITIES path attribute
bgp-as-path (string;) unanchored pattern to be searched inside AS_PATH attribute of the route. POSIX regular expressions are supported.
bgp-as-path-length (integer-integer;) match length of AS_PATH BGP attribute, representing the number of ASes that have been traversed. Read how the AS_PATH length is calculated before using this matcher
bgp-atomic-aggregate (absent | present;) match ATOMIC_AGGREGATE BGP attribute
bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) match the COMMUNITIES BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list.
bgp-local-pref (integer[-integer];) match LOCAL_PREF BGP attribute. If the LOCAL_PREF for a route is not set, value 0 is used instead
bgp-med (integer[-integer];) match MULTI_EXIT_DISC BGP attribute. If the MULTI_EXIT_DISC for a route is not set, value 0 is used instead
bgp-origin (igp | egp | incomplete;) match ORIGIN BGP attribute. If the ORIGIN for a route is not set, value 'incomplete' is used instead
bgp-weight (signed integer[-signed integer];) match BGP weight property. If this property for a route is not set, value 0 is used instead
chain (string;) chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created
  • ospf-in - predefined filter chain for routes received via OSPF;
  • ospf-out - predefined filter chain for external routes redistributed via OSPF;
  • rip-in - predefined filter chain for routes received via RIP;
  • rip-out - predefined filter chain for external routes redistributed via RIP;
  • mme-in - predefined filter chain for routes received via MME;
  • connected-in - predefined filter chain for all connected routes;
  • dynamic-in - predefined filter chain for all other dynamic routes, i.e. all dynamic routes except (1) those added by routing protocols and (2) connected routes. In this category falls routes added by some external program, for example PPP daemon.


Note that internal RIP filtering is done using prefix lists [and internal (intra-area) OSPF filtering is not supported yet]
distance (integer: 0..255[ - integer:0..255];) match routes with specific administrative distance
invert-math (yes | no; Default: no) invert this match, i.e. apply the rule to routes that would fail to match it and vice versa
jump-target (string;) name of the target chain to jump to, if the 'action=jump' is used
locally-originated-bgp (yes|no;)
match-chain (string;) the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match
ospf-type (string;) OSPF route type matcher
pref-src (IP address range;) match routes with a specific preferred source value
prefix (IP prefix; Default: 0.0.0.0/0) network prefix to match. If prefix-length is not set, only exact match is done. For example, 0.0.0.0/0 then matches only the default route and nothing else. If network mask is not set, /32 is assumed
prefix-length (integer | range; Default: ) network prefix mask length to match. If prefix-length is set, for a route to match the prefix and prefix-length of a rule, the following should hold:
  • the network prefix of the route falls within the range of the prefix of the rule, (i.e.
  • the network mask of the route is greater than or equal to the network mask of the prefix;
  • the network address of the route masked out by the network mask of the prefix is equal to the network address of the prefix;)
  • the length of the network mask of the route falls within the range of the prefix-length
protocol (connect | static | rip | ospf | bgp;) match routes coming from a specific protocol (the values are self-explanatory)
route-comment (string;) match routes with a specific comment
route-tag (integer;) match routes with a specific route-tag property value
route-target ([integer|IP]:integer;) Match value against route target EXTENDED_COMMUNITIES path attribute
routing-mark (string;) match routes with a specific routing mark
scope (integer 0..255[-integer 0..255];) match routes with a specific scope property value
set-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) set COMMUNITIES BGP attribut
set-bgp-local-pref (integer;) set LOCAL_PREF BGP attribute
set-bgp-med (integer;) set MULTI_EXIT_DISC BGP attribute
set-bgp-prepend (integer: 0..16 | default;) how many times to prepend router's own AS number to AS_PATH attribute

For incoming filters, it affects the AS_PATH attribute length, which is used in BGP route selection process. For outgoing filters, the prepending is done when announcing route via BGP and affects only routes sent to EBGP peers (for IBGP value 1 is always used)

If value is set to 0 then peer's own AS is removed from AS_PATH
set-bgp-prepend-path (AS list;) add specified list of AS numbers to AS_PATH attribute

If both set-bgp-prepend and set-bgp-prepend-path are used then set-bgp-prepend will have highest priority.

set-bgp-weight (signed integer;) set BGP weight property to be used in BGP route selection process. Valid only in incoming filters and for BGP routes
set-check-gateway (arp | none | ping;) set which protocol to use for gateway reachability, if any. Valid only in incoming filters
set-disabled (yes | no;) if set, the route will not become active. Valid only in incoming filters
set-distance (integer: 0..255;) set the administrative distance of the route. If set to value 255, the route will not become active. Valid only in incoming filters
set-in-nexthop (IP address;) set gateway value to the specific IP address[es]. Valid only in incoming filters
set-in-nexthop-direct (interface name;) set gateway value to the specific interface. Valid only in incoming filters
set-in-nexthop-ipv6 (IPv6 address;) set gateway value to the specific IPv6 address[es]. Valid only in incoming filters
set-in-nexthop-linklocal (IPv6 link-local address % interface name;) set gateway value to the specific IPv6 link-local address[es] on specific interfaces. The syntax separates address and interface by '%'. Valid only in incoming filters
set-out-nexthop (IP address;) set gateway to be announced to the specific IP address[es]. Valid only in outgoing filters
set-out-nexthop-ipv6 (IPv6 address;) set gateway to be announced to the specific IPv6 address[es]. Valid only in outgoing filters
set-out-nexthop-linklocal (IPv6 link-local address;) set gateway value to be announced using BGP link-local nexthop feature. Valid only in outgoing filters and for BGP routes
set-pref-src (IP address;) set the preferred source address for packets leaving via this route. Valid only in incoming filters
set-route-comment (string;) set comment text. Valid only in incoming filters
set-route-tag (integer;) set OSPF or RIP route tag property value. For RIP only values 0..65535 are valid
set-route-targets (AsNum|AsIP;) Set route target EXTENDED_COMMUNITIES path attribute
set-routing-mark (string;) set routing mark for the route. Valid only in incoming filters
set-scope (integer: 0..255;) set scope property, used in recursive nexthop resolving. Valid only in incoming filters
set-target-scope (integer: 0..255;) set target-scope property, used in recursive nexthop resolving. Valid only in incoming filters
set-type (blackhole | prohibit | unicast | unreachable;) set route type. Valid only in incoming filters
  • unicast - standard route
  • blackhole - silently discard packets
  • prohibit - reply to sender with ICMP Communication Administratively Prohibited messages
  • unreachable - reply to sender with ICMP Network Unreachable messages
set-use-te-nexthop (yes|no;)
site-of-origin (string;) Match BGP Site of Origin extended community. Available starting from v4.3
set-site-of-origin (string;) Set BGP Site of Origin extended community. Available starting from v4.3
target-scope (integer 0..255[-integer 0..255];) match routes with a specific 'target-scope' value

Examples


[ Top | Back to Content ]

Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:Routing/Routing_filters&oldid=32977"