Routing Filter Wizard

Routing Filter Wizard

The Routing Filter Wizard is a configuration tool introduced in RouterOS v7.20 that simplifies the creation of routing filter rules. Writing routing filters using the script-like syntax can be complex and error-prone, especially for administrators transitioning from RouterOS v6. The filter wizard provides a more intuitive interface that generates filter rules with ROSv6-like syntax, making it easier to create and manage routing filters for BGP, OSPF, RIP, and other routing protocols.

The wizard operates from the /routing/filter/filter-wizard command path and allows administrators to specify matching criteria and actions without needing to write the underlying filter syntax manually. This approach reduces configuration errors and accelerates the filter creation process for common routing scenarios.

Filter Wizard Overview

Purpose and Benefits

The routing filter wizard addresses several challenges that administrators face when configuring route filtering in RouterOS. The traditional filter syntax in RouterOS v7 uses a script-like language that, while powerful, has a steeper learning curve compared to the older v6 syntax. The wizard bridges this gap by accepting intuitive parameters and automatically generating the appropriate filter rules.

Key benefits of using the filter wizard include reduced configuration complexity, decreased likelihood of syntax errors, faster deployment of common filter patterns, and easier migration from RouterOS v6 configurations. The wizard also includes validation that prevents common mistakes such as creating chain loops.

Command Location

Sub-menu: /routing/filter/filter-wizard

# Access the filter wizard
/routing/filter/filter-wizard

When you press Tab after entering the filter-wizard command, you will see all available parameters organized by category:

[admin@router] /routing/filter> filter-wizard <tab>
action              dst                  ospf-type         scope-target      set-gw-check                use-te-nexthop
afi                 dst-len              protocol          set-bgp-...       set-scope
bgp-...             gateway              rpki              set-blackhole     set-suppress-hw-offload
blackhole           jump-target-chain    routing-table     set-comment       set-use-te-nexthop
chain               match-chain          rpki-verify       set-distance

Filter Wizard Parameters

Action Parameters

The action parameter defines what happens when a route matches the filter criteria. The wizard supports the standard routing filter actions that control how routes are processed.

Parameter	Type	Description	Default
action	accept | reject	Action to perform on matching routes	Required
chain	text	Name of the filter chain to add the rule to	Required

The accept action allows matched routes to proceed through the routing table, while the reject action discards matched routes and prevents them from being installed or advertised.

Matching Parameters

Matching parameters define the criteria that routes must meet to be affected by the filter. The wizard supports various matching options that correspond to route properties and protocol-specific attributes.

Parameter	Type	Description
afi	ipv4 | ipv6 | l2vpn | l2vpn-cisco | vpnv4 | vpnv6	Address Family Indicator
bgp-as-path	regexp	BGP AS-Path match pattern
bgp-communities	community	BGP communities to match
dst	IP prefix	Destination prefix to match
dst-len	integer	Destination prefix length range
gateway	IP address	Gateway/next-hop address
match-chain	chain name	Reference another chain for matching
ospf-metric	integer	OSPF metric value
ospf-type	ext1 | ext2 | inter | intra | nssa1 | nssa2	OSPF route type
protocol	bgp | connected | dhcp | fantasy | modem | ospf | rip | static | vpn	Protocol type
rpki	invalid | unknown | valid | unverified	RPKI validation status
routing-table	name	Routing table name
scope	integer	Route scope value
scope-target	integer	Target scope value

Setting Parameters

Setting parameters modify route attributes when a route matches the filter. These parameters allow administrators to adjust routing properties such as distance, metrics, communities, and other attributes.

Parameter	Type	Description
set-blackhole	yes | no	Set route as blackhole
set-bgp-communities	communities	Set BGP communities
set-bgp-ext-communities	ext-communities	Set BGP extended communities
set-bgp-large-communities	large-communities	Set BGP large communities
set-bgp-local-pref	integer	Set BGP local preference
set-bgp-med	integer	Set BGP MED attribute
set-bgp-origin	igp | egp | incomplete	Set BGP origin
set-bgp-weight	integer	Set BGP weight
set-comment	text	Add comment to route
set-distance	integer	Set route distance
set-gateway	IP address	Set next-hop gateway
set-gw-check	none | arp | icmp | bfd | bfd-mh	Gateway reachability check
set-ospf-ext-metric	integer	Set OSPF external metric
set-ospf-ext-tag	integer	Set OSPF external tag
set-routing-table	name	Set target routing table
set-routing-mark	text	Set routing mark
set-scope	integer	Set route scope
set-scope-target	integer	Set target scope
set-suppress-hw-offload	yes | no	Suppress hardware offloading
set-use-te-nexthop	yes | no	Use traffic engineering next-hop
suppress-hw-offload	yes | no	Suppress HW offload (flag)

Practical Configuration Examples

Basic BGP Filter Configuration

The following examples demonstrate common BGP filtering scenarios using the filter wizard. These configurations show how to accept, reject, and modify routes based on prefix, AS-Path, and BGP attributes.

# Accept VPNv4 routes and set extended community for route targeting
/routing/filter/filter-wizard action=accept chain=vpn-in afi=vpnv4 set-bgp-ext-communities=rt:2:2

# Result: Filter rule 'if (afi vpnv4) { set bgp-ext-communities rt:2:2; accept; }' added

The wizard confirms the generated filter rule, showing the underlying syntax that would need to be written manually without the wizard. This transparency helps administrators learn the filter syntax while benefiting from the wizard’s simplified configuration process.

# Filter BGP routes based on AS-Path matching
/routing/filter/filter-wizard action=reject chain=bgp-in bgp-as-path=456

# Reject routes with AS 456 in the AS-Path

When rejecting routes, the wizard generates rules that prevent specific prefixes from being installed in the routing table. This is useful for filtering out routes from untrusted AS numbers or implementing routing policy.

OSPF Route Filtering

OSPF route filtering controls which routes are imported into or exported from the OSPF routing domain. The filter wizard simplifies this process by providing protocol-specific parameters.

# Accept OSPF routes with specific metric
/routing/filter/filter-wizard action=accept chain=ospf-in ospf-metric=100

# Filter OSPF external routes
/routing/filter/filter-wizard action=accept chain=ospf-in ospf-type=ext1

# Filter OSPF inter-area routes
/routing/filter/filter-wizard action=accept chain=ospf-in ospf-type=inter

Setting Route Attributes

The filter wizard can modify route attributes as part of the filtering process. This capability allows administrators to implement complex routing policies without writing complex filter scripts.

# Set distance for matched routes
/routing/filter/filter-wizard action=accept chain=custom-in set-distance=50 prefix=10.0.0.0/8

# Set local preference for BGP routes
/routing/filter/filter-wizard action=accept chain=bgp-in set-bgp-local-pref=200

# Set blackhole route for traffic discard
/routing/filter/filter-wizard action=accept chain=block-private set-blackhole=yes prefix=192.168.0.0/12

Combining Multiple Parameters

The filter wizard allows multiple matching and setting parameters to be combined in a single command, enabling complex filter rules to be created with a single operation.

# Match IPv4 BGP routes from specific prefix and set multiple attributes
/routing/filter/filter-wizard action=accept chain=bgp-in afi=ipv4 dst=10.0.0.0/8 set-distance=100 set-bgp-local-pref=150

# Match and filter based on multiple criteria
/routing/filter/filter-wizard action=reject chain=bgp-reject afi=ipv4 bgp-as-path=65000 set-bgp-communities=65001:100

Understanding Generated Rules

Rule Syntax Translation

The filter wizard translates the simplified parameters into the underlying filter rule syntax. Understanding this translation helps administrators learn the full filter syntax while using the wizard for convenience.

# Wizard command:
/routing/filter/filter-wizard action=accept chain=my-chain afi=ipv4 set-bgp-local-pref=100

# Generates:
# Filter rule 'if (afi ipv4) { set bgp-local-pref 100; accept; }' added

The generated rule uses the script-like syntax introduced in RouterOS v7, which provides flexibility but requires understanding of the filter language. The wizard serves as a bridge between simple parameter specification and the powerful underlying syntax.

Viewing Generated Rules

After creating filter rules with the wizard, you can view them using the standard routing filter rule commands:

# View all filter rules
/routing/filter/rule print

# View rules in a specific chain
/routing/filter/rule print where chain=my-chain

# View filter rules with details
/routing/filter/rule print detail

Each rule added by the wizard includes a comment “added by filter-wizard” to help identify automatically generated rules:

[admin@router] /routing/filter/rule> print
Flags: X - disabled, I - inactive
 0   ;;; added by filter-wizard
     chain=my-chain rule="if (afi ipv4) { set bgp-local-pref 100; accept; }"

Error Handling and Validation

Chain Loop Detection

The filter wizard includes validation that prevents common configuration errors, including chain loops that could cause the routing filter to enter an infinite recursion.

# Attempting to create a chain loop will fail with an error:
/routing/filter/filter-wizard action=accept chain=vpn-in afi=vpnv4 match-chain=vpn-in

# Result: Error adding 'if (chain vpn-in && afi vpnv4) { accept; }'match with 'vpn-in' creates chain loop (6)

When a chain loop is detected, the wizard refuses to create the rule and displays an error message. The error is also logged to the system log with the “route,error” topic for troubleshooting.

Parameter Validation

The wizard validates parameters before creating rules, ensuring that invalid values are caught early in the configuration process:

# Invalid prefix will generate an error
/routing/filter/filter-wizard action=accept chain=test dst=invalid-prefix

# Error: invalid value for property

Error Logging

Errors from the filter wizard are logged to the system log with the “route,error” topics, allowing administrators to monitor filter configuration issues:

# View filter-related errors in the log
/log print topic=route,error

Integration with Routing Protocols

Applying Filters to BGP

After creating filter rules with the wizard, they must be associated with BGP peers or instances to take effect. The filters control which routes are accepted from peers and which routes are advertised to peers.

# Apply input filter to BGP peer
/routing/bgp/peer set peer1 in-filter=my-bgp-in

# Apply output filter to BGP peer
/routing/bgp/peer set peer1 out-filter=my-bgp-out

# View BGP peer configuration
/routing/bgp/peer print

Applying Filters to OSPF

OSPF filters control route redistribution between OSPF and other routing protocols or the local routing table.

# Apply filter to OSPF instance for imported routes
/routing/ospf instance set default in-filter-chain=my-ospf-in

# Apply filter to OSPF instance for exported routes
/routing/ospf instance set default out-filter-chain=my-ospf-out

Applying Filters to RIP

RIP filters manage which routes are imported into or exported from the RIP routing domain.

# Apply input filter to RIP
/routing rip instance set default in-filter=my-rip-in

# Apply output filter to RIP
/routing rip instance set default out-filter=my-rip-out

Best Practices

Filter Rule Ordering

Filter rules are evaluated in order, with the first matching rule determining the action. When using the wizard, remember that rules are added at the end of the specified chain. For proper filter operation, ensure that more specific filters are evaluated before general ones.

# Review current filter order
/routing/filter/rule print

# Insert a specific filter before general filters
/routing/filter/rule add chain=my-chain rule="if (dst in 10.0.0.0/8) { accept; }" place-before=0

Testing Filters

Before deploying filters in production, test them in a lab environment or during a maintenance window. Use the routing monitor commands to verify filter behavior:

# Monitor routes as they are processed by filters
/routing filter rule monitor

# Check which routes are being filtered
/ip route print where bgp-in-filter=my-chain

Documentation and Comments

While the wizard adds automatic comments to filter rules, document the purpose of each filter chain and rule in your network documentation. This practice helps with troubleshooting and future modifications.

Troubleshooting

Common Issues

Routes not being filtered as expected: Verify that the filter chain is properly attached to the routing protocol peer or instance. Check that filter rule order is correct, with specific rules appearing before general rules.

Filter wizard errors: Ensure that all required parameters are provided. Check for chain loop conditions when using the match-chain parameter. Review system logs for detailed error messages.

Performance impact: Large numbers of filter rules can impact routing convergence time. Monitor router performance when deploying complex filter configurations.

Diagnostic Commands

# View filter rules in detail
/routing/filter/rule print detail

# Monitor filter processing
/routing filter monitor

# Check which filters are applied to BGP peers
/routing/bgp/peer print

# View routing table to verify filter results
/ip route print where protocol=bgp

Related Documentation

• Route - Routing table management and route properties
• OSPF - Open Shortest Path First configuration
• RIP - Routing Information Protocol
• Route Selection and Filters - Advanced filter syntax and configuration
• BGP - Border Gateway Protocol configuration