Skip to content
Jun 14 / Greg

Cisco and Mikrotik BGP Filter For North American Routes

If you have a router that can’t handle the full internet tables(which is getting quite large), then doing some filtering for important traffic can be a good solution. I’m in the US, and thus most of my work is done here. I’ve created a couple of filter lists for both Cisco and Mikrotik that will allow the default route, all of North America, block your own addressing, and deny everything else. This way, if it is an international route, then you will just use the default route for that. I know it’s not the most elegant thing out there, but for typical ISPs or organizations, their traffic terminates in the US, so it will work well.

To utilize them, apply them to the incoming routes on your BGP peers.

Mikrotik filter:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
/routing filter
# drop any of my own routes
# add action=discard chain=north-america prefix=x.x.x.x/y prefix-length=0-128
# add default route
add action=accept chain=north-america prefix=0.0.0.0/0
# add north american routes
add action=accept chain=north-america prefix=3.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=4.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=6.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=8.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=11.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=12.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=15.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=16.0.0.0/5 prefix-length=0-24
add action=accept chain=north-america prefix=24.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=26.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=28.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=30.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=32.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=38.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=40.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=44.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=47.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=48.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=50.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=52.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=54.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=56.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=63.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=64.0.0.0/5 prefix-length=0-24
add action=accept chain=north-america prefix=72.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=76.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=96.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=100.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=104.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=107.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=108.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=128.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=132.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=134.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=136.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=140.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=142.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=144.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=146.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=148.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=152.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=155.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=156.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=160.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=162.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=164.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=168.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=170.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=172.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=174.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=184.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=192.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=198.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=199.0.0.0/8 prefix-length=0-24
add action=accept chain=north-america prefix=204.0.0.0/6 prefix-length=0-24
add action=accept chain=north-america prefix=208.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=214.0.0.0/7 prefix-length=0-24
add action=accept chain=north-america prefix=216.0.0.0/8 prefix-length=0-24
# drop all other
add action=discard chain=north-america prefix=0.0.0.0/0 prefix-length=0-128

Cisco filter:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
! deny any of my addressing
!ip prefix-list north-america seq 2 deny x.x.x.x/y le 24
! allow default
ip prefix-list north-america seq 9 permit 0.0.0.0/0
! allow north america
ip prefix-list north-america seq 10 permit 3.0.0.0/8 le 24
ip prefix-list north-america seq 12 permit 4.0.0.0/8 le 24
ip prefix-list north-america seq 14 permit 6.0.0.0/7 le 24
ip prefix-list north-america seq 16 permit 8.0.0.0/7 le 24
ip prefix-list north-america seq 18 permit 11.0.0.0/8 le 24
ip prefix-list north-america seq 20 permit 12.0.0.0/7 le 24
ip prefix-list north-america seq 22 permit 15.0.0.0/8 le 24
ip prefix-list north-america seq 24 permit 16.0.0.0/5 le 24
ip prefix-list north-america seq 26 permit 24.0.0.0/8 le 24
ip prefix-list north-america seq 28 permit 26.0.0.0/8 le 24
ip prefix-list north-america seq 30 permit 28.0.0.0/7 le 24
ip prefix-list north-america seq 32 permit 30.0.0.0/8 le 24
ip prefix-list north-america seq 34 permit 32.0.0.0/6 le 24
ip prefix-list north-america seq 36 permit 38.0.0.0/8 le 24
ip prefix-list north-america seq 38 permit 40.0.0.0/8 le 24
ip prefix-list north-america seq 40 permit 44.0.0.0/7 le 24
ip prefix-list north-america seq 42 permit 47.0.0.0/8 le 24
ip prefix-list north-america seq 44 permit 48.0.0.0/8 le 24
ip prefix-list north-america seq 46 permit 50.0.0.0/8 le 24
ip prefix-list north-america seq 48 permit 52.0.0.0/8 le 24
ip prefix-list north-america seq 50 permit 54.0.0.0/7 le 24
ip prefix-list north-america seq 52 permit 56.0.0.0/8 le 24
ip prefix-list north-america seq 54 permit 63.0.0.0/8 le 24
ip prefix-list north-america seq 56 permit 64.0.0.0/5 le 24
ip prefix-list north-america seq 58 permit 72.0.0.0/6 le 24
ip prefix-list north-america seq 60 permit 76.0.0.0/8 le 24
ip prefix-list north-america seq 62 permit 96.0.0.0/6 le 24
ip prefix-list north-america seq 64 permit 100.0.0.0/8 le 24
ip prefix-list north-america seq 66 permit 104.0.0.0/8 le 24
ip prefix-list north-america seq 68 permit 107.0.0.0/8 le 24
ip prefix-list north-america seq 70 permit 108.0.0.0/8 le 24
ip prefix-list north-america seq 72 permit 128.0.0.0/6 le 24
ip prefix-list north-america seq 74 permit 132.0.0.0/8 le 24
ip prefix-list north-america seq 76 permit 134.0.0.0/7 le 24
ip prefix-list north-america seq 78 permit 136.0.0.0/6 le 24
ip prefix-list north-america seq 80 permit 140.0.0.0/8 le 24
ip prefix-list north-america seq 82 permit 142.0.0.0/7 le 24
ip prefix-list north-america seq 84 permit 144.0.0.0/8 le 24
ip prefix-list north-america seq 86 permit 146.0.0.0/7 le 24
ip prefix-list north-america seq 88 permit 148.0.0.0/7 le 24
ip prefix-list north-america seq 90 permit 152.0.0.0/8 le 24
ip prefix-list north-america seq 92 permit 155.0.0.0/8 le 24
ip prefix-list north-america seq 94 permit 156.0.0.0/6 le 24
ip prefix-list north-america seq 96 permit 160.0.0.0/7 le 24
ip prefix-list north-america seq 98 permit 162.0.0.0/8 le 24
ip prefix-list north-america seq 100 permit 164.0.0.0/6 le 24
ip prefix-list north-america seq 102 permit 168.0.0.0/7 le 24
ip prefix-list north-america seq 104 permit 170.0.0.0/8 le 24
ip prefix-list north-america seq 106 permit 172.0.0.0/7 le 24
ip prefix-list north-america seq 108 permit 174.0.0.0/8 le 24
ip prefix-list north-america seq 110 permit 184.0.0.0/8 le 24
ip prefix-list north-america seq 112 permit 192.0.0.0/8 le 24
ip prefix-list north-america seq 114 permit 198.0.0.0/8 le 24
ip prefix-list north-america seq 116 permit 199.0.0.0/8 le 24
ip prefix-list north-america seq 118 permit 204.0.0.0/6 le 24
ip prefix-list north-america seq 120 permit 208.0.0.0/7 le 24
ip prefix-list north-america seq 122 permit 214.0.0.0/7 le 24
ip prefix-list north-america seq 124 permit 216.0.0.0/8 le 24
! deny everything else
ip prefix-list north-america seq 240 deny 0.0.0.0/0 le 32

Good luck, and happy routing!

Jun 11 / thebrotherswisp

TheBrothersWISP 48 – Vendor Licensing, Small Dual Band Devices, 2.5Gb Metrolinq, VoIP



This go around we have Greg, Mike, Andrew Cox, and David Attias from PennyTone do the thing where we talk about the stuff.

This cast we talk about:
High density wifi with Mikrotik?
ATT buys Vyatta from Brocade
Dual band Mikrotik Groove through FCC
MUM Videos
Cambium change in support policy.
Ignitenet Metrolinq 2.5Ghz gear!
Build a nation wide carrier for $1M – NANOG 70
Mimosa Picture Contest
VoIP with David Attias from PennyTone
PBX – Bicom and FreePBX
Phones Yealink
Smartphone client – zoiper

Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

May 27 / thebrotherswisp

TheBrothersWISP 47 – MUM 2017 Panel – Routing vs Bridge, PPPoE vs DHCP, Starting Advice



Greg Sowell, Justin Miller, Tomas Kirnak, Alex Hart, JJ Boyd, and Justin Wilson field AMA Mikrotik questions from the crowd at the 2017 Denver MUM. Bask in brilliance and rapier wit.

This cast we talk about:
What would you have done differently starting a WISP
Routing vs Bridging
DHCP vs PPPoE
MPLS/VPLS complexity vs just using a tunnel
Meta router usage
And more

Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

May 14 / thebrotherswisp

TheBrothersWISP 46 – Tiering Standard, HFT, Mikrotik RFC Flagship Router



The few, the faithful, Tomas, Mike, and Greg beat you over the head with opinion and speculation(everyone’s favorite).

This cast we talk about:
Tier system for classifying ISPs
High Frequency Trading
/8 transfers of IPv4
**Reminder, climb smart/safe and go home alive**
WISPAPALOOZA 2017 registration now open
Cambium Networks cnPilot R190W
RFC New Mikrotik Flagship Router
Mikrotik hAP mini sub $20
RB1100AHx4 $350MSRP
PowerBox Pro $99
MUM Speculation…unicorn hoof beats?

Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Apr 30 / thebrotherswisp

TheBrothersWISP 45 – Upcoming Denver MUM, AU Data Collection, FIOS Gig



This cast we had Greg, Tomas, Tom, Mike, and Miller talking shop. Tom’s rants were even kept just below 10 minutes 😛

This cast we talk about:
OpenBSD6.1 Released
Routing panel at Denver MUM – may25th and 26th
Unimus 0.3.3
GPS sync NTP server
RB953GS-5HNT-US has hit the FCC
Ubiquiti U-installer
Riverbed picks up Xirrus
NetXMS adds or improves specialized support for IgniteNet, Etc.
IOT: SigFox and US IOT
Australia mandatory metadata collection
New Chrome considers StartSSL root certs as untrusted
Turkey Blocks wikipedia sacks another 4000 officials
FIOS Gig

Click the link below to view the article!

Apr 28 / Greg

TheBrothersWISP Panel At Denver MUM 2017

We will be doing a panel surrounding routing with Mikrotik. It’s an open forum so if you don’t give us questions, then it’s going to get pretty boring, pretty fast. If you have questions, and won’t be able to attend, or are to shy to ask out loud, send them to us on facebook.com/thebrotherswisp or at contactus (at) thebrotherswisp.com.

See you guys there!

Apr 28 / thebrotherswisp

TBW Goes To MUM – Denver 2017

We will be doing a panel surrounding routing with Mikrotik. It’s an open forum so if you don’t give us questions, then it’s going to get pretty boring, pretty fast. If you have questions, and won’t be able to attend, or are to shy to ask out loud, send them to us on facebook.com/thebrotherswisp or at contactus (at) thebrotherswisp.com.

See you guys there!