Cisco and Mikrotik BGP Filter For North American Routes
If you have a router that can’t handle the full internet tables(which is getting quite large), then doing some filtering for important traffic can be a good solution. I’m in the US, and thus most of my work is done here. I’ve created a couple of filter lists for both Cisco and Mikrotik that will allow the default route, all of North America, block your own addressing, and deny everything else. This way, if it is an international route, then you will just use the default route for that. I know it’s not the most elegant thing out there, but for typical ISPs or organizations, their traffic terminates in the US, so it will work well.
To utilize them, apply them to the incoming routes on your BGP peers.
Mikrotik filter:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | /routing filter # drop any of my own routes # add action=discard chain=north-america prefix=x.x.x.x/y prefix-length=0-128 # add default route add action=accept chain=north-america prefix=0.0.0.0/0 # add north american routes add action=accept chain=north-america prefix=3.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=4.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=6.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=8.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=11.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=12.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=15.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=16.0.0.0/5 prefix-length=0-24 add action=accept chain=north-america prefix=24.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=26.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=28.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=30.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=32.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=38.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=40.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=44.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=47.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=48.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=50.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=52.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=54.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=56.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=63.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=64.0.0.0/5 prefix-length=0-24 add action=accept chain=north-america prefix=72.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=76.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=96.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=100.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=104.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=107.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=108.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=128.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=132.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=134.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=136.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=140.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=142.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=144.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=146.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=148.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=152.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=155.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=156.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=160.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=162.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=164.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=168.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=170.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=172.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=174.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=184.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=192.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=198.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=199.0.0.0/8 prefix-length=0-24 add action=accept chain=north-america prefix=204.0.0.0/6 prefix-length=0-24 add action=accept chain=north-america prefix=208.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=214.0.0.0/7 prefix-length=0-24 add action=accept chain=north-america prefix=216.0.0.0/8 prefix-length=0-24 # drop all other add action=discard chain=north-america prefix=0.0.0.0/0 prefix-length=0-128 |
Cisco filter:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | ! deny any of my addressing !ip prefix-list north-america seq 2 deny x.x.x.x/y le 24 ! allow default ip prefix-list north-america seq 9 permit 0.0.0.0/0 ! allow north america ip prefix-list north-america seq 10 permit 3.0.0.0/8 le 24 ip prefix-list north-america seq 12 permit 4.0.0.0/8 le 24 ip prefix-list north-america seq 14 permit 6.0.0.0/7 le 24 ip prefix-list north-america seq 16 permit 8.0.0.0/7 le 24 ip prefix-list north-america seq 18 permit 11.0.0.0/8 le 24 ip prefix-list north-america seq 20 permit 12.0.0.0/7 le 24 ip prefix-list north-america seq 22 permit 15.0.0.0/8 le 24 ip prefix-list north-america seq 24 permit 16.0.0.0/5 le 24 ip prefix-list north-america seq 26 permit 24.0.0.0/8 le 24 ip prefix-list north-america seq 28 permit 26.0.0.0/8 le 24 ip prefix-list north-america seq 30 permit 28.0.0.0/7 le 24 ip prefix-list north-america seq 32 permit 30.0.0.0/8 le 24 ip prefix-list north-america seq 34 permit 32.0.0.0/6 le 24 ip prefix-list north-america seq 36 permit 38.0.0.0/8 le 24 ip prefix-list north-america seq 38 permit 40.0.0.0/8 le 24 ip prefix-list north-america seq 40 permit 44.0.0.0/7 le 24 ip prefix-list north-america seq 42 permit 47.0.0.0/8 le 24 ip prefix-list north-america seq 44 permit 48.0.0.0/8 le 24 ip prefix-list north-america seq 46 permit 50.0.0.0/8 le 24 ip prefix-list north-america seq 48 permit 52.0.0.0/8 le 24 ip prefix-list north-america seq 50 permit 54.0.0.0/7 le 24 ip prefix-list north-america seq 52 permit 56.0.0.0/8 le 24 ip prefix-list north-america seq 54 permit 63.0.0.0/8 le 24 ip prefix-list north-america seq 56 permit 64.0.0.0/5 le 24 ip prefix-list north-america seq 58 permit 72.0.0.0/6 le 24 ip prefix-list north-america seq 60 permit 76.0.0.0/8 le 24 ip prefix-list north-america seq 62 permit 96.0.0.0/6 le 24 ip prefix-list north-america seq 64 permit 100.0.0.0/8 le 24 ip prefix-list north-america seq 66 permit 104.0.0.0/8 le 24 ip prefix-list north-america seq 68 permit 107.0.0.0/8 le 24 ip prefix-list north-america seq 70 permit 108.0.0.0/8 le 24 ip prefix-list north-america seq 72 permit 128.0.0.0/6 le 24 ip prefix-list north-america seq 74 permit 132.0.0.0/8 le 24 ip prefix-list north-america seq 76 permit 134.0.0.0/7 le 24 ip prefix-list north-america seq 78 permit 136.0.0.0/6 le 24 ip prefix-list north-america seq 80 permit 140.0.0.0/8 le 24 ip prefix-list north-america seq 82 permit 142.0.0.0/7 le 24 ip prefix-list north-america seq 84 permit 144.0.0.0/8 le 24 ip prefix-list north-america seq 86 permit 146.0.0.0/7 le 24 ip prefix-list north-america seq 88 permit 148.0.0.0/7 le 24 ip prefix-list north-america seq 90 permit 152.0.0.0/8 le 24 ip prefix-list north-america seq 92 permit 155.0.0.0/8 le 24 ip prefix-list north-america seq 94 permit 156.0.0.0/6 le 24 ip prefix-list north-america seq 96 permit 160.0.0.0/7 le 24 ip prefix-list north-america seq 98 permit 162.0.0.0/8 le 24 ip prefix-list north-america seq 100 permit 164.0.0.0/6 le 24 ip prefix-list north-america seq 102 permit 168.0.0.0/7 le 24 ip prefix-list north-america seq 104 permit 170.0.0.0/8 le 24 ip prefix-list north-america seq 106 permit 172.0.0.0/7 le 24 ip prefix-list north-america seq 108 permit 174.0.0.0/8 le 24 ip prefix-list north-america seq 110 permit 184.0.0.0/8 le 24 ip prefix-list north-america seq 112 permit 192.0.0.0/8 le 24 ip prefix-list north-america seq 114 permit 198.0.0.0/8 le 24 ip prefix-list north-america seq 116 permit 199.0.0.0/8 le 24 ip prefix-list north-america seq 118 permit 204.0.0.0/6 le 24 ip prefix-list north-america seq 120 permit 208.0.0.0/7 le 24 ip prefix-list north-america seq 122 permit 214.0.0.0/7 le 24 ip prefix-list north-america seq 124 permit 216.0.0.0/8 le 24 ! deny everything else ip prefix-list north-america seq 240 deny 0.0.0.0/0 le 32 |
Good luck, and happy routing!