To send 32bit values you need to use extended communities.
You can use route-targets or site-of-origin to send extended community.
/routing filter add action=accept address-family=ip chain=TO-DOM.RU comment="Announce BGP customers 32bit AS" protocol=bgp set-route-targets=212461:200 add action=accept chain=TO-AS212461 prefix=0.0.0.0/0 prefix-length=0 add action=accept chain=FROM-AS212461 prefix=80.66.86.0/24 set-route-targets=212461:200
Understanding BGP Communities in RouterOS/MikroTik
BGP communities are an essential feature for routing policies within the Border Gateway Protocol (BGP). They allow network administrators to tag routes with specific attributes that can be used by other routers to make decisions about how these routes should be handled.
In a 32-bit BGP Community, each community is represented as four octets or two 16-bit integers. The format of this representation allows for flexible usage in different contexts such as route filtering, redistribution control, and traffic engineering.
Types of BGP Communities:
- Well-Known Communities: These have predefined meanings across all networks using BGP.
- NO_EXPORT (
ff ff ffff): Routes tagged with this community will not be advertised outside the local AS. - NO_ADVERTISE (
ff ff fffe): Routes marked with this will not be propagated at all.
- NO_EXPORT (
- Extended Communities: Used when additional information needs to be conveyed beyond what standard communities provide.
- Private Communities: Can be defined internally within an organization but must follow certain conventions like RFC-defined ranges to avoid conflicts.
Implementation in RouterOS/MikroTik
RouterOS from MikroTik supports full implementation of both standard and extended BGP communities. Here’s how you can work with them effectively:
Setting Up BGP Communities on RouterOS/MikroTik:
- Configuration via CLI:
/ip route bgp set-community <community-value>This command sets the community attribute for a particular route.
- Using Filter Rules:You can create filter rules based on incoming/outgoing communities. For example:
/ip route bgp filter add action=accept chain=input prefix-list="my-prefixes" community="NO_EXPORT"This rule ensures only specified prefixes are accepted if they carry the NO_EXPORT community.
- Manipulating Route Attributes:By modifying route attributes dynamically through scripts or scheduled tasks, more advanced configurations become possible.
Best Practices
- Document Your Configurations: Clearly document which communities correspond to which actions/policies.
- Use Private Ranges: If defining custom communities, ensure they’re unique to your environment.
- Monitor Regularly: Keep track of changes made to BGP tables and verify whether new communities affect expected behavior.
Example Scenarios
Suppose you’re managing multiple ISPs connected to one another. You might want to prevent certain internal routes from being leaked externally while still allowing some external peers access to selectively advertise their paths into your network.
For instance, consider setting up the following scenario:
- Create a private community range starting at
8000:0. - Tag internal-only routes with this value.
- Use filters to block propagation of those routes beyond your own AS boundary.
Here’s an illustration of configuring such a setup:
# Define private community range
/ip route bgp community-list add name="InternalOnly" regex="^8000:"
# Apply it to relevant routes
/ip route bgp network add address=192.168.1.0/24 community="InternalOnly"
# Configure filter to reject outgoing routes carrying InternalOnly community
/ip route bgp filter add action=reject chain=output community="InternalOnly"Conclusion
Understanding and utilizing BGP communities correctly provides significant flexibility in controlling routing behaviors within complex environments. With proper planning and careful configuration, you can achieve efficient and secure interconnection between disparate parts of large-scale networks.