Manual:Routing/Routing filters

From MikroTik Wiki
< Manual:Routing
Revision as of 12:16, 17 November 2008 by Marisb (talk | contribs) (New page: <div class=manual> <p><b>Sub-menu:</b> <code>/routing filter</code></p> <br /> <p> </p> <br /> <table class="styled_table"> <tr> <th width="350">Property</th> <th >Description</t...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sub-menu: /routing filter

Property Description
action (accept | discard | jump | log | passthrough | reject | return; Default: passthrough) action to perform on route matching the rule.
accept - accept the routing information
discard - completely exclude matching prefix from further processing. For incoming filters, 'discard' means that information about this route is completely lost. For outgoing filters it's the same as 'reject'
jump - pass control to another filter list that should be specified as 'jump-target' parameter
log - log message about this match in system log and continue with the next rule in chain
passthrough - do not perform any action and continue to the next rule in chain
reject - reject the routing information for matching prefix. For incoming filters, 'reject' means that information about this route stored in memory, but the route will not become active. For outgoing filters it's the same as 'discard'
return - return to the previous chain from which a jump to the current chain took place
append-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export; Default: ) similar to 'set-bgp-communities', but does not delete any existing information about communities
bgp-as-path (string; Default: ) unanchored pattern to be searched inside AS_PATH attribute of the route. Optional ^ sign preceding parameter value restricts match to the beginning of AS_PATH attribute, while $ sign, which follows as-path value, restricts the match to the end of AS_PATH. Please note that any other regular expression syntax is not supported
bgp-as-path-length (integer-integer; Default: ) match length of AS_PATH BGP attribute, representing the number of ASes that have been traversed. Read how the AS_PATH length is calculated before using this matcher
bgp-atomic-aggregate (absent | present; Default: ) match ATOMIC_AGGREGATE BGP attribute
bgp-communities (integer:integer | internet | local-as | no-advertise | no-export; Default: ) match the COMMUNITIES BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list. But note that if communities list contains 'internet', the whole list always matched.
bgp-local-pref (integer[-integer]; Default: ) match LOCAL_PREF BGP attribute. If the LOCAL_PREF for a route is not set, value 0 is used instead
bgp-med (integer[-integer]; Default: ) match MULTI_EXIT_DISC BGP attribute. If the MULTI_EXIT_DISC for a route is not set, value 0 is used instead
bgp-origin (igp | egp | incomplete; Default: ) match ORIGIN BGP attribute. If the ORIGIN for a route is not set, value 'incomplete' is used instead
bgp-weight (signed integer[-signed integer]; Default: ) match BGP weight property. If this property for a route is not set, value 0 is used instead
chain (string; Default: "") chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created

chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created

ospf-in - predefined filter chain for routes received via OSPF;
ospf-out - predefined filter chain for external routes redistributed via OSPF;
rip-in - predefined filter chain for routes received via RIP;
rip-out - predefined filter chain for external routes redistributed via RIP;
mme-in - predefined filter chain for routes received via MME;
connected-in - predefined filter chain for all connected routes;
dynamic-in - predefined filter chain for all other dynamic routes, i.e. all dynamic routes except (1) those added by routing protocols and (2) connected routes. In this category falls routes added by some external program, for example PPP daemon.

Note that internal RIP filtering is done using prefix lists [and internal (intra-area) OSPF filtering is not supported yet]
distance (integer: 0..255[ - integer:0..255]; Default: ) match routes with specific administrative distance
invert-math (yes | no; Default: no) invert this match, i.e. apply the rule to routes that would fail to match it and vice versa
jump-target (string; Default: ) name of the target chain to jump to, if the 'action=jump' is used
match-chain (string; Default: ) the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match
pref-src (IP address range; Default: ) match routes with a specific preferred source value
prefix (IP prefix; Default: network prefix to match. If prefix-length is not set, only exact match is done. For example, then matches only the default route and nothing else
prefix-length (integer; Default: 0-32) network prefix mask length to match. If prefix-length is set, for a route to match the prefix and prefix-length of a rule, the following should hold:
  • the network prefix of the route falls within the range of the prefix of the rule, (i.e.
  • the network mask of the route is greater of equal than the network mask of the prefix;
  • the network address of the route masked out by the network mask of the prefix is equal to the network address of the prefix;)
  • the length of the network mask of the route falls within the range of the prefix-length
protocol (connect | static | rip | ospf | bgp; Default: ) match routes coming from a specific protocol (the values are self-explanatory)
route-comment (string; Default: ) match routes with a specific comment
route-tag (integer; Default: ) match routes with a specific route-tag property value
routing-mark (string; Default: ) match routes with a specific routing mark
scope (integer 0..255[-integer 0..255]; Default: ) match routes with a specific scope property value
set-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export; Default: ) set COMMUNITIES BGP attribut
set-bgp-local-pref (integer; Default: ) set LOCAL_PREF BGP attribute
set-bgp-med (integer; Default: ) set MULTI_EXIT_DISC BGP attribute
set-bgp-prepend (integer: 0..16 | default; Default: ) how many times to prepend router's own AS number to AS_PATH attribute

For incoming filters, it affects the AS_PATH attribute length, which is used in BGP route selection process.

For outgoing filters, the prepending is done when announcing route via BGP and affects only routes sent to EBGP peers (for IBGP value 1 is always used)
set-bgp-weight (signed integer; Default: ) set BGP weight property to be used in BGP route selection process. Valid only in incoming filters and for BGP routes
set-metric (integer; Default: ) Set metric