Last updated: 01-03-2018 11:49
The network is configured for both IPv4 and IPv6 so enable IPv6 which is disabled by default.
system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-mipsbe 6.38.7
1 system 6.38.7
2 X ipv6 6.38.7
3 wireless 6.38.7
4 hotspot 6.38.7
5 dhcp 6.38.7
6 mpls 6.38.7
7 routing 6.38.7
8 ppp 6.38.7
9 security 6.38.7
10 advanced-tools 6.38.7
system package enable 2
system reset-configuration no-defaults=yes
Add a system identity.
system identity set name=ISP1
Add IP Addresses to the interfaces.
interface bridge add name=loopback0 ip address add address=200.1.1.1/32 interface=loopback0 ip address add address=199.1.1.1/24 interface=ether2 ipv6 address add address=2a99:1:1::1/48 interface=ether2 ip address add address=199.5.5.11/24 interface=ether5 ipv6 address add address=2a99:5:5::11/48 interface=ether5 ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 200.1.1.1/32 200.1.1.1 loopback0 1 199.9.9.11/24 199.9.9.0 ether1 2 199.5.5.11/24 199.5.5.0 ether5 ipv6 address print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::20c:42ff:fec2:117c/64 ether2 no 1 DL fe80::20c:42ff:fec2:117e/64 ether4 no 2 DL fe80::20c:42ff:fec2:117f/64 ether5 no 3 IG 2a99:9:9::11/48 ether1 yes 4 G 2a99:5:5::11/48 ether5 yes
routing bgp instance add name=ASN5111 as=5111 router-id=200.1.1.1 routing bgp network add network=199.1.1.0/24 routing bgp network add network=2a99:1:1::/48
Ingress filters are used to filter advertisements into the network. Best practice for ingress filters for all peers are:
Chain IN-ISP3-IPv4 is an input filter and it discards receiving ones own prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv4 that discards IPv4 Special-Purpose Address Registry Entries stated at RFC 6890.
routing filter add chain=IN-ISP3-IPv4 prefix=199.1.1.0/24 action=discard routing filter add chain=IN-ISP3-IPv4 prefix=0.0.0.0/0 action=discard routing filter add chain=IN-ISP3-IPv4 action=jump jump-target=IN-RFC-6890-IPv4 routing filter add chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4 action=discard routing filter add chain=IN-RFC-6890-IPv4 prefix=255.255.255.255/32 action=discard
Chain IN-ISP3-IPv6 is an input filter and it discards receiving ones own IPv6 prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv6 that discards IPv6 Special-Purpose Address Registry Entries stated at RFC 6890.
routing filter add chain=IN-ISP3-IPv6 prefix=2a99:1:1::/48 action=discard routing filter add chain=IN-ISP3-IPv6 prefix=::/0 action=discard routing filter add chain=IN-ISP3-IPv6 action=jump jump-target=IN-RFC-6890-IPv6 routing filter add chain=IN-RFC-6890-IPv6 prefix=::1/128 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=::/128 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=64:ff9b::/96 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=::ffff:0:0/96 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=100::/64 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/23 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/32 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:2::/48 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:db8::/32 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:10::/28 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=2002::/16 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=fc00::/7 action=discard routing filter add chain=IN-RFC-6890-IPv6 prefix=fe80::/10 action=discard
Egress filters are used to filter advertisements from the network, limiting it to only advertise the specific local networks. Note the invert-match=yes statement, this instructs the filter to discard all but the prefix specified.
routing filter add chain=OUT-IPv4 prefix=199.1.1.0/24 invert-match=yes action=discard routing filter add chain=OUT-IPv6 prefix=2a99:1:1::/48 invert-match=yes action=discard
Create the peer link to the other BGP peer at IXP3 for IPv4 and IPv6. Note that IPv4 family is the default and for IPv6 the family must be specified.
routing bgp peer add name=isp3 instance=ASN5111 remote-as=5333 remote-address=199.5.5.33 in-filter=IN-ISP3-IPv4 out-filter=OUT-IPv4 routing bgp peer add name=isp3 instance=ASN5111 remote-as=5333 remote-address=2a99:5:5::33 address-families=ipv6 in-filter=IN-ISP3-IPv6 out-filter=OUT-IPv6
Confirm that the routes have been learnt from ISP3.
routing bgp peer print Flags: X - disabled, E - established # INSTANCE REMOTE-ADDRESS REMOTE-AS 0 E ASN5111 199.5.5.33 5333 1 E ASN5111 2a99:5:5::33 5333 ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADC 199.1.1.0/24 199.1.1.1 ether2 0 1 ADb 199.3.3.0/24 199.5.5.33 20 2 ADC 199.5.5.0/24 199.5.5.11 ether5 0 3 ADC 200.1.1.1/32 200.1.1.1 loopback0 0
Configure ISP1 to peer at the Internet eXchange Point (IXP).
Add IP Addresses to the interface facing the IXP.
ip address add address=199.9.9.11/24 interface=ether1 ipv6 address add address=2a99:9:9::11/48 interface=ether1 ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 200.1.1.1/32 200.1.1.1 loopback0 1 199.5.5.11/24 199.5.5.0 ether5 2 199.1.1.1/24 199.1.1.0 ether2 3 199.9.9.11/24 199.9.9.0 ether1 ipv6 address print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::20c:42ff:fec2:117c/64 ether2 no 1 DL fe80::20c:42ff:fec2:117e/64 ether4 no 2 DL fe80::20c:42ff:fec2:117f/64 ether5 no 3 G 2a99:5:5::11/48 ether5 yes 4 DL fe80::20c:42ff:fec2:117d/64 ether3 no 5 G 2a99:1:1::1/48 ether2 yes 6 DL fe80::20c:42ff:fec2:117b/64 ether1 no 7 G 2a99:9:9::11/48 ether1 yes
Chains IN-IXP-IPv4 and IN-IXP-IPv6 are input filters that discards receiving ones own prefix or a default route as full routing is taking place. These filter jump to further chains IN-RFC-6890-IPv4 and IN-RFC-6890-IPv6 respectfully that discards IPv4 and IPv6 Special-Purpose Address Registry Entries stated at RFC 6890.
routing filter add chain=IN-IXP-IPv4 prefix=199.1.1.0/24 action=discard routing filter add chain=IN-IXP-IPv4 prefix=0.0.0.0/0 action=discard routing filter add chain=IN-IXP-IPv4 action=jump jump-target=IN-RFC-6890-IPv4 routing filter add chain=IN-IXP-IPv6 prefix=2a99:1:1::/48 action=discard routing filter add chain=IN-IXP-IPv6 prefix=::/0 action=discard routing filter add chain=IN-IXP-IPv6 action=jump jump-target=IN-RFC-6890-IPv6
Create the peer link to the IXP for IPv4 and IPv6. Note that IPv4 family is the default and for IPv6 the family must be specified.
routing bgp peer add name=ixp instance=ASN5111 remote-as=5999 remote-address=199.9.9.1 in-filter=IN-IXP-IPv4 out-filter=OUT-IPv4 routing bgp peer add name=ixp instance=ASN5111 remote-as=5999 remote-address=2a99:9:9::1 address-families=ipv6 in-filter=IN-IXP-IPv6 out-filter=OUT-IPv6
Confirm that the routes have been learnt from IXP.
routing bgp peer print Flags: X - disabled, E - established # INSTANCE REMOTE-ADDRESS REMOTE-AS 0 E ASN5111 199.5.5.33 5333 1 E ASN5111 2a99:5:5::33 5333 2 E ASN5111 199.9.9.1 5999 3 E ASN5111 2a99:9:9::1 5999 ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADC 199.1.1.0/24 199.1.1.1 ether2 0 1 ADb 199.2.2.0/24 199.9.9.22 20 2 ADb 199.3.3.0/24 199.5.5.33 20 3 ADC 199.5.5.0/24 199.5.5.11 ether5 0 4 ADC 199.9.9.0/24 199.9.9.11 ether1 0 5 ADC 200.1.1.1/32 200.1.1.1 loopback0 0