eBGP routes not being advertised to iBGP peer

ozar · Wed Sep 23, 2020 5:47 pm

Hi,

I am receiving a Full BGP table from our Upstream IP Transit provider on CCR2004 Router-01 fine. This Router-01 I am receiving the Full BGP table on is an iBGP peer with my other CCR2004 Router-02. The iBGP Router-02 peer is NOT receiving the Full BGP table from Router-01.

I want to be able to advertise the Full BGP table to the iBGP peer, not a default-originate summerized 0.0.0.0/0 route.

Does anyone know how I can do this on Mikrotik? I am sure I missing something simple since I am new to Mikrotik. I tried adding 0.0.0.0/0 to the BGP < Networks tab, but it doesn't allow you to do this. I also tried adding 0.0.0.0/0 to the BGP < Aggregation tab, but it wouldn't allow me to do this either. Obviously I am not able to manually enter the 800k prefixes into the BGP < Networks tab to achieve this.

I was hoping someone would be able to point me in the right direction, thanks.

ozar · Wed Sep 23, 2020 6:39 pm

I was looking through the forums and it looks like google had not indexed this one yet viewtopic.php?f=14&t=165370 .

I thought the same as @Hakujou since all of the routes were inserted in the Mikrotik route table I assumed the gateway was reachable... it turns out the gateway isn't reachable? This is strange to me since I am able to ping 103.xxx.xxx.94 fine. I am meant to be directly connected to the 103.xxx.xxx.94 address so I am not sure why it would be recursive routing.

14  Db  dst-address=1.0.130.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 unreachable distance=20 scope=40 target-scope=10 bgp-as-path="x,38040,23969" bgp-origin=incomplete 

15  Db  dst-address=1.0.131.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 unreachable distance=20 scope=40 target-scope=10 bgp-as-path="x,4651,23969" bgp-origin=incomplete

IP Address: 103.xxx.xxx.95
Net Mask: 255.255.255.254
Gateway/BGP Peer: 103.xxx.xxx.94

I am not certain of the best way to go about fixing this. I don't really want to add a static route that says to get to 103.xxx.xxx.94 use sfp-sfpplus3. The reason I don't want a static route that uses the interface is this makes your ARP tables MASSIVE. Our Router-01 has the interface set to 103.xxx.xxx.95/31 and the BGP peer is 103.xxx.xxx.94.

Assuming the "gateway-status=103.xxx.xxx.94 unreachable" is the cause for routes not being advertised to the iBGP peer. Some advice on what to do would be appreciated. Also, I might add our Public /23 range isn't being advertised to the Upstream IP Transit eBGP peer either.

StubArea51 · Fri Sep 25, 2020 4:35 pm

Start with basic reachability checks...can you ping the GW using ICMP or ARP?

Are you peering on a directly connected subnet and not the loopbacks?

ozar · Fri Sep 25, 2020 6:40 pm

Thank you for the response, I really appreciate it.

I am able to ICMP ping the 103.xxx.xxx.94 gateway fine. I am able to ARP ping the 103.xxx.xxx.94 gateway fine. I am NOT able to MAC Ping the 3C:8A:B0:xx:xx:xx gateway. I am NOT able to MAC ARP ping the 3C:8A:B0:xx:xx:xx gateway.

sfp-sfpplus3 is the cross-connect interface to the Upstream IP Transit. The sfp-sfpplus3 interface is configured as 103.xxx.xxx.95/31. 103.xxx.xxx.94 is the eBGP peers remote address, which is meant to be directly connected. As you can see 103.xxx.xxx.94 & 103.xxx.xxx.95 are in the same /31 subnet.

add address=103.xxx.xxx.95/31 interface=sfp-sfpplus3 network=103.xxx.xxx.94

I spent the past few hours troubleshooting this with no success sadly. I even checked with my Upstream IP Transit provider and they seem to think everything looks good on their end.

I noticed some very strange behavior that doesn't make any sense to me. I have an alternative Internet path setup as a default route with a distance of 240.

0 A S  dst-address=0.0.0.0/0 gateway=221.xxx.xxx.201 gateway-status=221.xxx.xxx.201 reachable via  ether1 distance=240 scope=30 target-scope=10

When I configured the eBGP peer for multihop, the 103.xxx.xxx.94 gateway was recursive via the alternative Internet path 221.xxx.xxx.201.

17 ADb  dst-address=1.0.133.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 recursive via 221.xxx.xxx.201 ether1 distance=20 scope=40 target-scope=30 bgp-as-path="x,38040,23969" bgp-origin=incomplete 
        bgp-communities=19996:19996,x:3,x:104,x:1400,x:11000,x:11001 received-from=x-eBGP-peer 

18 ADb  dst-address=1.0.134.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 recursive via 221.xxx.xxx.201 ether1 distance=20 scope=40 target-scope=30 bgp-as-path="x,38040,23969" bgp-origin=incomplete 
        bgp-communities=19996:19996,x:3,x:104,24516:1400,x:11000,x:11001 received-from=x-eBGP-peer

I tried adding all static routes I could think of with no luck. I also changed BGP settings (removed filters, Nexthop Choice, Multihop, Update Source) with no luck.

Everything is working as expected (Receiving Full BGP table, Advertising my Public subnet) except the gateway-status being unreachable. It doesn't make sense to me why the BGP routes say the gateway-status is unreachable when there is an ARP entry for 103.xxx.xxx.94 and a Directly Connected route for 103.xxx.xxx.94 via sfp-sfpplus3 in the routing table.

:(

ozar · Sat Sep 26, 2020 3:08 pm

It turns out it was something simple as you were alluding to.

Mikrotik do not support /31's (I was under the assumption they did). It turns out I had to configure my sfp-sfpplus3 interface as a /32. This post viewtopic.php?t=32935 helped me resolve the gateway not being reachable issue.

This is the configuration I put on my sfp-sfpplus3 interface:

/ip address add address=103.xxx.xxx.95/32 interface=sfp-sfpplus3 network=103.xxx.xxx.94

Thanks a lot for your help!

eBGP routes not being advertised to iBGP peer [SOLVED]

eBGP routes not being advertised to iBGP peer

Re: eBGP routes not being advertised to iBGP peer

Re: eBGP routes not being advertised to iBGP peer

Re: eBGP routes not being advertised to iBGP peer

Re: eBGP routes not being advertised to iBGP peer [SOLVED]

Who is online