Routing BGP MikroTik ROS 7 | [artikel masih on process]

tutorial 1 (simple) : https://www.youtube.com/watch?v=Bmq_ZqRlAls

Konfig standar untuk membuat koneksi BGP ROS 7 :

tutorial 2 (simple + konfig tambahan dikit) : https://www.youtube.com/watch?v=O5QvsmsZr90

• pada menu Routing → BGP → Connections → New, ada opsi Connect. Fungsinya :
  • Connect → router AKTIF menelpon peer

Tutorial 3 (dari Youtube MikroTik Indonesia – Citraweb) : https://www.youtube.com/watch?v=MKxSHcvqcjc&t=915s

• pada menu Routing → BGP → Connections → New, ada opsi Connect dan Listen. Fungsinya :
  • Connect → router AKTIF menelpon peer
  • Listen → router MENUNGGU ditelpon peer

tutorial 4 : https://www.youtube.com/watch?v=LAZPQMnatW0

• ada peng’aktif’an = blackhole
  yg berfungsi untuk mengadvertise IP Local/IP Public router BGP jika belum ada di daftar “IP Route”. Jika di “IP ROute ” sudah muncul daftar IP yg akan di advertise maka “blackhole” tidak diperlukan.
• tambahkan juga distance = 250
  unt IP yg akan di broadcast ke luar (contoh IP : 103.4.5.0/24)

tutorial 5 :
https://www.youtube.com/watch?v=4rkIn1psE9s

• routing filter yg diterapkan :
  • /routing filter rule add chain=AS64888-C01-IPv4-IN disabled=no rule=\ “if (dst == 0.0.0.0/0) { accept; }”
  • add chain=AS64888-C01-IPv4-IN disabled=no rule=”reject;”
  • add chain=AS64888-C01-IPv4-OUT disabled=no rule=\ “if (dst in 100.100.100.0/22 && dst-len in 22-24) { accept; }”
  • add chain=AS64888-C01-IPv4-OUT disabled=no rule=”reject;”

🔹 ISP-IN (IPv4)

• contoh AS Number yg diperbolehkan masuk : 1234 (ASN ISP1) & 5678 (ASNumber ISP2)
• Contoh urutan ideal di ISP-IN (chatgpt) :
  • Accept AS-path sah
  • Reject own prefix
  • Reject RFC1918 / reserved
  • Reject prefix length > /24
  • Reject default route (0.0.0.0/0)
  • Reject all (fail-safe)

/routing/filter/rule
add chain=ISP-IN rule=”if (bgp-as-path ~ \”^1234_\”) { accept }” comment=”accept AS Number ISP1″
add chain=ISP-IN rule=”if (bgp-as-path ~ \”^5678_\”) { accept }” comment=” accept AS Number ISP2″
add chain=ISP-IN rule=”if (dst in 103.4.5.0/24 && dst-len >= 24 && dst-len <= 32) { reject }” comment=”Discard our own prefixes”
add chain=ISP-IN rule=”if (dst in 10.0.0.0/8) { reject }” comment=”RFC1918 IP_private_A”
add chain=ISP-IN rule=”if (dst in 172.16.0.0/12) { reject }” comment=”RFC1918 IP_private_B”
add chain=ISP-IN rule=”if (dst in 192.168.0.0/16) { reject }” comment=”RFC1918 IP_private_C“
add chain=ISP-IN rule=”if (dst in 127.0.0.0/8) { reject }” comment=”Loopback”
add chain=ISP-IN rule=”if (dst in 169.254.0.0/16) { reject }” comment=”Link-local”
add chain=ISP-IN rule=”if (dst in 224.0.0.0/4) { reject }” comment=”Multicast”
add chain=ISP-IN rule=”if (dst in 240.0.0.0/4) { reject }” comment=”Reserved for research”
add chain=ISP-IN rule=”if (dst-len > 24) { reject }” comment=”Reject prefix longer than /24″
add chain=ISP-IN rule=”if (dst = 0.0.0.0/0) { reject }” comment=”Reject default route”
add chain=ISP-IN rule=”reject”

🔹 ISP-OUT (IPv4)

• contoh IP Public yg akan dibroadcat/di iklankan keluar BGP = 103.4.5.0/24

/routing/filter/rule
add chain=ISP-OUT rule=”if (dst = 103.4.5.0/24) { accept }” comment=”Allow only our /24 prefix”
add chain=ISP-OUT rule=”reject” comment=”Block all other outbound prefixes”

Instance

/routing bgp instance
add as=1234 disabled=no name=Klien_AS_1234 router-id=119.8.7.58

Template

/routing bgp template
add afi=ip as=1234 disabled=no input.filter=ISP-IN name=\
    TEMPLATE_ke_ISP_IPV4 output.filter-chain=ISP-OUT routing-table=main

connection

/routing bgp connection
add afi=ip as=1234 connect=yes disabled=no input.filter=ISP-IN instance=\
    Klien_AS_1234 listen=no local.address=119.8.7.58 .role=ebgp name=\
    ISP_peer output.filter-chain=ISP-OUT .redistribute=static \
    remote.address=119.8.7.57/32 .as=5678 routing-table=main templates=\
    TEMPLATE_ke_ISP_IPV4