Mikrotik getting started with BGP in v7, quickly.

Mikrotik’s documentation got you turned around again? Well here is a short quick and dirty config guide and some quick tips.

Forget most of what you remember from v6, and the cheats you had there. Mikrotik has changed a lot of stuff and there’s not nearly as many nice little tricks available to us anymore.

If you can, the simplest option is to take your known working config in RouterOS v6 and do a straight upgrade to v7. There still might be problems, but it’s simpler then trying to learn all of the new features of v7 BGP. Unfortunately, I have seen multiple configs that won’t transition, not sure why, but either the route filters won’t come through or the entire BGP and route filters will not be transitioned. That said, if you don’t have a known working config or you enjoy the struggle here’s what I have to offer.

To create a new BGP connection, most everything can be done with a single command:

/routing/bgp/connection/add name=v7BGP-EX local.role=ebgp local.address=a.a.a.a remote.address=b.b.b.b address-families=ip listen=yes connect=yes as=cccc remote.as=dddd tcp-md5-key=eeee router-id=f.f.f.f output.filter-chain=out input.filter=in output.network=bgp-networks

a.a.a.a = the local IP on the interface of the router you will use for communicating to the BGP Peer.

b.b.b.b = the IP of the BGP Peer you are connecting to.

cccc = The ASN you will be using for your router.

dddd = The ASN of the BGP Peer you are connecting to.

eeee = the encryption key for the BGP session. Please use something secure, there is literally no reason not to.

f.f.f.f = the ID for your router to use. (I like to use a loopback IP or just the IP that you used for a.a.a.a)

From there you need to add in your route filters. These example filters are more complicated then they need to be, but they should give you a decent starting point for building your own.

/routing filter rule

add chain=in disabled=no rule=”if (afi ipv4 && dst in && dst-len == 0-32) {accept}”

add chain=out disabled=no rule=”if (afi ipv4 && dst in && dst-len == 24) {accept}”

Note, please get an understanding of https://help.mikrotik.com/docs/pages/viewpage.action?pageId=74678285 to build proper route filters. I will probably have a simple route filter page here I will link to as well. Or you could pay me to build you some route filters. The in filter is very redundant and really does nothing, but I just want to give a general idea of basic rules you can build.

Then add in the prefixes you want to advertise. NOTE, the prefixes must exist in the route table as complete routes (incomplete doesn’t count anymore) and there is no way to force it… Sorry.

/ip/firewall/address-list/add name=bgp-networks address=

You also need the route in your route table, either by having the route on an interface:

/ip/address/add address= interface=xxxx

xxxx being the interface you want the address on.

Or you can aggregate addresses by creating a blackhole route:

/ip/route/add dst-address= blackhole

Using these settings from a defaulted router running ROS v7.1 I can get a BGP session up and running, pulling routes and sending to another router every time.

BGP Making Things Work