Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

[SOLVED] BGP : force gateway

Post Reply
 
src386
newbie
Topic Author
Posts: 27
Joined: Tue Dec 08, 2015 1:18 pm

[SOLVED] BGP : force gateway

Thu Dec 10, 2015 12:31 pm

Hi everyone,
I have two routers, R1 and R2 connected by two dedicated links :
Code: Select all
+------+ ether1       ether1 +------+ ether3
|      +---------------------+      +---------+Network1
|      |        link1        |      |
|  R1  |                     |  R2  |
|      | ether2       ether2 |      | ether4
|      +---------------------+      +---------+Network2
+------+        link2        +------+
Each link has a dedicated /30 network.

I want R2 to advertise Network1 and Network2 to R1, but :
- Traffic to Network1 has to go through link1
- Traffic to Network2 has to go through link2

I can use BGP to advertise network, but it will advertise all networks on all interfaces.
I would like BGP to be able to advertise Network1 only on ether1, or specifying ether1 has gateway, but I don't know how to do this.

Is it possible to bind a BGP instance to a single interface ? Is it possible to customize BGP advertisements (force gateway/route) ?

Thanks
Last edited by src386 on Fri Dec 11, 2015 10:16 am, edited 1 time in total.
Top
 
src386
newbie
Topic Author
Posts: 27
Joined: Tue Dec 08, 2015 1:18 pm

Re: BGP : force gateway

Thu Dec 10, 2015 6:46 pm

Ok, the answer is here : http://wiki.mikrotik.com/wiki/Manual:BG ... ng_Filters
On R2, just add filters on the R1-link1 peer to discard anything except Network1. On R1-link2 discard anything except Network2. That was simple :)
Top
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1742
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:
Contact StubArea51

Re: BGP : force gateway

Thu Dec 10, 2015 7:19 pm

You can also select only the BGP networks you want to advertise using the network statement instead of using redistribution.

Then you can set BGP local preference for a route if you need to select a specific egress point in your AS.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: BGP : force gateway

Thu Dec 10, 2015 8:05 pm

Redistribution is a bad habit to get into when you're just learning routing protocols.
It definitely has its place, but the protocols handle redistributed routes differently than natively originated routes.
(true for OSPF, BGP, EIGRP, and I'm sure IS-IS and RIP)

I recommend that you originiate the routes by adding networks to Routing > BGP > Network
(e.g. /routing bgp network add network=192.168.1.0/24)

Then you could put a filter on R2 where it will do an AS-PREPEND for Network1 when sending to the peer address for Link2, and an AS-PREPEND for Network2 when sending to the peer address of Link1.

This is better because AS-PREPEND is the typical way to engineer inbound traffic. (you could also use MEDs since this is the case of multiple connections between two ASNs.) Furthermore, if Link1 fails, the traffic for network1 can use Link2 as a backup path, and vice-versa.
Top
 
src386
newbie
Topic Author
Posts: 27
Joined: Tue Dec 08, 2015 1:18 pm

Re: BGP : force gateway

Thu Dec 10, 2015 10:35 pm

Then you can set BGP local preference for a route if you need to select a specific egress point in your AS.
Any documentation for this ?
Thanks.
Top
 
src386
newbie
Topic Author
Posts: 27
Joined: Tue Dec 08, 2015 1:18 pm

Re: BGP : force gateway

Thu Dec 10, 2015 10:38 pm

Redistribution is a bad habit to get into when you're just learning routing protocols.
It definitely has its place, but the protocols handle redistributed routes differently than natively originated routes.
(true for OSPF, BGP, EIGRP, and I'm sure IS-IS and RIP)

I recommend that you originiate the routes by adding networks to Routing > BGP > Network
(e.g. /routing bgp network add network=192.168.1.0/24)

Then you could put a filter on R2 where it will do an AS-PREPEND for Network1 when sending to the peer address for Link2, and an AS-PREPEND for Network2 when sending to the peer address of Link1.

This is better because AS-PREPEND is the typical way to engineer inbound traffic. (you could also use MEDs since this is the case of multiple connections between two ASNs.) Furthermore, if Link1 fails, the traffic for network1 can use Link2 as a backup path, and vice-versa.
Thanks.
Any manpage for routing filters ? In the wiki , there are (usefull) examples, but I could not find a reference documentation.
Anyway we have failover so we use iBGP to redistribute BGP learned routes. But for eBGP why not using routing bgp network, I will think about it.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: BGP : force gateway

Thu Dec 10, 2015 11:18 pm

Any manpage for routing filters ? In the wiki , there are (usefull) examples, but I could not find a reference documentation.
Anyway we have failover so we use iBGP to redistribute BGP learned routes. But for eBGP why not using routing bgp network, I will think about it.
Make a filter chain for each eBGP peer (e.g. link1-out and link2-out)
Set the out-filter for each peer as appropriate. Here is a basic way to do the chains:
Code: Select all
/routing filter
add action=accept chain=link1-out prefix=192.168.2.0/24 set-bgp-prepend=2
add action=accept chain=link1-out
add action=accept chain=link2-out prefix=192.168.1.0/24 set-bgp-prepend=2
add action=accept chain=link2-out
These filters allow all prefixes to be advertised, but will prepend the AS-PATH when 192.168.2.0/24 is being sent to link1, and when 192.168.1.0/24 is being sent to link2. (of course, your actual addresses go here). If you need to block any advertisements, you would put rules before the default allow-all rules.

If these BGP sessions have anything to do with the public global BGP table, then you're almost certainly going to want to make "block" become the default action, and only allow your actual network prefixes.
Top
 
src386
newbie
Topic Author
Posts: 27
Joined: Tue Dec 08, 2015 1:18 pm

Re: BGP : force gateway

Fri Dec 11, 2015 10:14 am

Any manpage for routing filters ? In the wiki , there are (usefull) examples, but I could not find a reference documentation.
Anyway we have failover so we use iBGP to redistribute BGP learned routes. But for eBGP why not using routing bgp network, I will think about it.
Make a filter chain for each eBGP peer (e.g. link1-out and link2-out)
Set the out-filter for each peer as appropriate. Here is a basic way to do the chains:
Code: Select all
/routing filter
add action=accept chain=link1-out prefix=192.168.2.0/24 set-bgp-prepend=2
add action=accept chain=link1-out
add action=accept chain=link2-out prefix=192.168.1.0/24 set-bgp-prepend=2
add action=accept chain=link2-out
These filters allow all prefixes to be advertised, but will prepend the AS-PATH when 192.168.2.0/24 is being sent to link1, and when 192.168.1.0/24 is being sent to link2. (of course, your actual addresses go here). If you need to block any advertisements, you would put rules before the default allow-all rules.

If these BGP sessions have anything to do with the public global BGP table, then you're almost certainly going to want to make "block" become the default action, and only allow your actual network prefixes.
Thanks, I understand.
These rules allow link2 to act as a failover for link 1 ?
In my case link1 and link2 are for traffic type separation (ISP requirements...).
The failover part is okay we have other routers with the same topology.

This topic is solved.
Top
Post Reply
  4. RouterOS
  5. Forwarding Protocols