Step 1:
/ip/firewall/address-list/
add list=XXX-ISP address=x.x.x.0/24
add list=XXX-ISP address=x.x.x.0/24
Step 2:
/ip/route
add dst-address=x.x.x.0/24 blackhole
add dst-address=x.x.x.0/24 blackhole
Step 3:
/routing filter rule
add chain=IIG-IN disabled=no rule=“if (dst ==0.0.0.0/0) { accept; }”
add chain=IIG-IN disabled=no rule=“reject;”
add chain=IIG-OUT disabled=no rule=“if (dst ==x.x.x.0/24) { accept; }”
add chain=IIG-OUT disabled=no rule=“if (dst ==x.x.x.x/24) { accept; }”
add chain=IIG-OUT disabled=no rule=“if (dst in x.x.x.x/23 && dst-len in 23-24) { set bgp-path-prepend 2; accept; }”
add chain=IIG-OUT disabled=no rule=“if (dst-len in 0-32) { reject; }”
Step 3 V6:
/routing filter rule
add chain=IIG-IN-V6 disabled=no rule=“if (dst == ::/0) { accept; }”
add chain=IIG-IN-V6 disabled=no rule=“reject;”
add chain=IIG-Local-1-V6-OUT disabled=no rule=“if (dst == xxx:xxx:xxx::/48) { accept; }”
add chain=IIG-Local-1-V6-OUT disabled=yes rule=“if (dst == xxx:xxx:xxx::/48) { set bgp-path-prepend 2; accept; }”
add chain=IIG-Local-1-V6-OUT disabled=no rule=“reject;”
Step 4:
/routing bgp connection
add as=XXX connect=yes disabled=no listen=yes local.role=ebgp name=XXX-IIG-PEER output.filter-chain=IIG-OUT .network=XXX-ISP .no-client-to-client-reflection=yes remote.address=10.56.79.249/32 .as=58717 router-id=10.56.79.250 routing-table=main templates=default
Step 5:
/routing/bgp/advertisements print
/routing/bgp/connection/print
/routing/bgp/session/print
/ip route print detail where 210.4.64.0/24 in dst-address
/routing/bgp/session/refresh address-family=ip numbers=CCL-BDIX-IPV4-1
/ip route print detail where 103.11.138.0 in dst-address received-from =CCl
[nazmul@TO-Core] > ipv6/firewall/address-list/export
/ipv6 firewall address-list
add address=2001:df2:66c0::/48 list=SCL-IPv6-OUT
[nazmul@TO-Core] > ipv6/route/export
/ipv6 route
add blackhole disabled=no dst-address=2001:df2:66c0::/48 gateway=“” routing-table=main
add disabled=no dst-address=::/0 gateway=2405:1500:30:1::5 routing-table=main
[nazmul@TO-Core] > routing/bgp/connection/export
/routing bgp connection
ddress-families=ipv6 as=151318 disabled=no local.role=ebgp name=SCL-IIG-IPv6 output.filter-chain=SCL-IPv6-OUT .network=SCL-IPv6-OUT remote.address=\
2405:1500:30:1::5/128 .as=58717 routing-table=main templates=Talora-AS
[nazmul@TO-Core] >
/routing filter rule
add chain=SCL-IPv6-OUT disabled=no rule=“if (dst==2001:DF2:66C0::/48) {accept;}”
/routing filter community-list
add communities=58717:36759 disabled=no list=CCL
/routing filter rule
add chain=SCL-CCL-IN disabled=no rule=“if (bgp-communities equal-list CCL) { set bgp-local-pref 80; accept; }”
add chain=SCL-CCL-IN disabled=no rule=“if (dst in 0.0.0.0 && dst-len == 0) { reject; }”
add chain=SCL-CCL-IN disabled=no rule=“if (dst in 192.168.0.0/16 && dst-len in 16-32) {reject;}”
add chain=SCL-CCL-IN disabled=no rule=“if (dst in 0.0.0.0/0 && dst-len in 0-64) { reject; }”
add chain=SCL-CCL-IN disabled=yes rule=“if (dst-len>30 ) { reject;}”
add chain=SCL-CCL-IN disabled=no rule=“if (dst in 116.193.216.176/28 && dst-len>28) { reject;}”
add chain=SCL-CCL-IN disabled=no rule=“if ( not bgp-network) {reject; }”
add chain=SCL-CCL-IN disabled=no rule=“if (dst == 103.138.144.0/24) { set bgp-communities 58717:36759; set bgp-local-pref 95; accept; }”
add chain=SCL-CCL-OUT disabled=no rule=“accept;”
add chain=SCL-CCL-OUT disabled=no rule=“if (dst-len in 30-32) { reject; }”
add chain=HM-COMM disabled=no rule=“if (dst in 1.1.1.0/23 && dst-len in 23-24) { accept; }\r\
\n”
add chain=HM-COMM disabled=no rule=“if (dst ==2.2.2.0/24) { accept; }”
add chain=HM-COMM disabled=no rule=“if (dst-len in 0-32) { reject; }”
add chain=HM-COMM disabled=no rule=“reject;”
/routing filter rule
add chain=“IIG Blackhole” disabled=no rule=“if (dst in 0.0.0.0/0 && dst-len == 32) { accept; }”
add chain=“IIG Blackhole” disabled=no rule=“reject;”
add chain=Summit-IIG-IN disabled=no rule=“if (dst == 0.0.0.0/0) { accept; }”
add chain=Summit-IIG-IN disabled=no rule=“reject;”
add chain=Summit-IIG-OUT disabled=no rule=“if (dst == 103.138.144.0/23 && bgp-as-path-slow-legacy \”139008\“) { set bgp-path-prepend 4; accept; }”
/routing filter rule
add chain=SComm-IIG-OUT disabled=no rule=“if (dst == 103.138.144.0/24) { set bgp-path-prepend 2; accept; }”
add chain=SComm-IIG-OUT disabled=no rule=“if (dst == 103.138.145.0/24) { set bgp-path-prepend 2; accept; }”
add chain=SComm-IIG-OUT disabled=no rule=“reject;”
add chain=Summit-IIG-IN-V6 disabled=no rule=“if (dst == ::/0) { accept; }”
add chain=Summit-IIG-IN-V6 disabled=no rule=“reject;”
add chain=Summit-IIG-OUT-V6 disabled=no rule=“reject;”
add chain=IIG-Local-1-V6-OUT disabled=yes rule=“if (dst == 2406:2c0:1101::/48) { accept; }”
add chain=IIG-Local-1-V6-OUT disabled=no rule=“if (dst == ::/0 && distance == 20) { accept; }”
add chain=IIG-Local-1-V6-OUT disabled=no rule=“reject;”
add chain=NO-Route disabled=no rule=“reject;”
add chain=Prefix_not_send disabled=no rule=“if (dst == 10.10.10.0/24) { reject; }”
add chain=SCOMM-OUT disabled=no rule=“if (dst == 103.138.144.0/23) { set bgp-path-prepend 4; accept; }”
add chain=SCOMM-OUT disabled=no rule=“if (dst in 103.138.144.0/23 && dst-len in 23-24) { set bgp-path-prepend 3; accept; }”
[Neef@Core IIG] >
/routing filter community-list
add communities=15121:200 disabled=no list=Summit_GGC
add communities=15121:300 disabled=no list=Summit_FNA
add communities=15121:400 disabled=no list=Summit_BDIX
add communities=15121:100 disabled=no list=Summit_INT
add communities=15121:500 disabled=no list=Summit_CDN
/routing filter rule
add chain=Summit_INT disabled=no rule=“if ( dst==0.0.0.0/0){set bgp-communities Summit_INT ;accept ;}”
add chain=Summit_OUT disabled=no rule=“if ( dst==103.133.246.0/23) { set bgp-path-prepend 2; accept; }”
add chain=Summit_OUT disabled=no rule=“if ( dst==103.133.246.0/24) { set bgp-path-prepend 2; accept; }”
add chain=Summit_OUT disabled=no rule=“if ( dst==103.133.247.0/24) { set bgp-path-prepend 2; accept; }”
add chain=Summit_CDN_INT disabled=no rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-local-pref 1000;set bgp-communities Summit_CDN ; accept;}”
add chain=Summit_CDN_OUT disabled=no rule=“if ( dst==103.133.246.0/23) { accept; }”
add chain=Summit_CDN_OUT disabled=no rule=“if ( dst==103.133.246.0/24) { accept; }”
add chain=Summit_CDN_OUT disabled=no rule=“if ( dst==103.133.247.0/24) { accept; }”
add chain=Summit_GGC disabled=no rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-communities Summit_GGC ;accept }”
add chain=Summit_FNA disabled=no rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-communities Summit_FNA ;accept }”
add chain=Summit_BDIX disabled=no rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-communities Summit_BDIX;accept }”
add chain=DIS_GGC_OUT rule=“if ( bgp-communities equal-list Summit_GGC ){accept ;}”
add chain=DIS_INT_OUT disabled=no rule=“if ( bgp-communities equal-list Summit_INT ){accept ;}”
add chain=DIS_FNA_OUT rule=“if ( bgp-communities equal-list Summit_FNA){accept ;}”
add chain=DIS_BDIX_OUT rule=“if ( bgp-communities equal-list Summit_BDIX){accept ;}”
add chain=Client_INT_OUT disabled=no rule=“if ( dst==0.0.0.0/0){accept ;}”
add chain=Client_CDN_OUT disabled=no rule=“if ( bgp-communities equal-list Summit_CDN ){accept ;}”
add chain=
FTP_BDIX disabled=yes rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-communities Summit_BDIX;accept }”
add chain=Summit_CDN_INT disabled=yes rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-local-pref 1000; accept;}”
add chain=Summit_CDN_INT disabled=yes rule=“if ( dst-len >=0||dst-len ⇐32){set bgp-communities Summit_INT ;accept }”
add chain=Summit_BDIX disabled=yes rule=“if ( dst in 0.0.0.0/0){reject ;}”
add chain=Summit_BDIX disabled=yes rule=“if ( dst in 0.0.0.0/8 && dst-len in 8-32){reject ;}”