Community discussions

MikroTik App
  4. RouterOS
  5. General

BGP Configuration with CCR2004 and Vyos VM assistance  [SOLVED]

Post Reply
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

BGP Configuration with CCR2004 and Vyos VM assistance

Wed Mar 24, 2021 7:34 am

I'm building out a virtual environment, which is connected to my CRS317/CCR2004 (see attached diagram). Currently I have a static route set on my EdgeRouter12 which covers the whole private 172.16.0.0/12 address space and forwards it to the CCR2004. However, now I'm adding a Vyos router VM at 172.26.13.101 that needs to route to these nested networks: 172.27.0.0/16, 172.28.0.0/16, 172.29.0.0/16, and 172.30.0.0/16. I'm brand new to routing. The nested labs will be using NSX-T, which will use BGP to communicate to Vyos "lab" side interfaces. So I'd prefer to keep using BGP from the Vyos to the CCR2004, not OSPF.

However, I have zero experience configuring BGP with Mikrotik or Vyos. I'm hoping someone can help point me in the right direction for at least the Mikrotik side here.

The Vyos VM is on VLAN 2611, and has an IP of 172.26.13.101.

Question: Should I move the Vyos VM on its own dedicated "public" side VLAN/Portgroup or can it stay on the general purpose 172.26.11.0/24 network, where other IPs will also be in use?

Taking from the MT BGP wiki it looks like I'd do something like this on the CCR2004:

/routing bgp instance
set default as=65020
/routing bgp peer
add name=Vyos remote-address=172.26.13.101 remote-as=65010

Now I got lost in the Wiki about network advertisements, route redistribution and routing filters. Ideas? I'd like dynamic routing, so that when I build up or tear down the virtual networks 'behind' the Vyos router, that the CCR2004 knows about them and adjusts accordingly.

This seems a bit complicated to me, so ANY help to point me in the right direction would be greatly appreciated!

LAN Diagram:
https://imgur.com/a/sdBNtkQ

Here is the running CCR2004 config:
Code: Select all
# Global settings 

/ip route add dst-address=0.0.0.0/0 gateway=10.13.2.1 
/ip dns 
set servers=10.13.2.200,10.13.2.201 
/system identity 
set name=CCR2004 
/system ntp client 
set enabled=yes primary-ntp=216.239.35.8 secondary-ntp=216.239.35.4 

# Set Jumbo frames 

/interface ethernet 
set sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12 l2mtu=9578
set sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12 mtu=9000

# Setup Bridge 

/interface bridge 
add name=bridge vlan-filtering=no mtu=9000
/interface bridge port 
# upstream port will be untagged (access) port of VLAN ID 42 
add bridge=bridge pvid=42 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1
# The rest of SFP+ ports are bridged together, all tagged 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus3 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus4 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus5 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus6 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus7 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus8 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus9 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus10 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus11 disabled=yes 
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=sfp-sfpplus12 

/interface bridge vlan 
# sfp-sfpplus1 gets added as untagged automatically due to pvid setting above
add bridge=bridge tagged=bridge vlan-ids=42  
add bridge=bridge tagged=bridge,sfp-sfpplus12 vlan-ids=2611 
add bridge=bridge tagged=bridge,sfp-sfpplus12 vlan-ids=2612 
add bridge=bridge tagged=bridge,sfp-sfpplus12 vlan-ids=2613 

/interface vlan 
add name=WAN interface=bridge vlan-id=42 
add name=2611-MGT interface=bridge vlan-id=2611 mtu=9000
add name=2612-vMotion interface=bridge vlan-id=2612 mtu=9000
add name=2613-VM interface=bridge vlan-id=2613 mtu=9000

/ip address 
add address=10.13.2.10/24 interface=WAN 
add interface=2611-MGT address=172.26.11.1/24 
add interface=2612-vMotion address=172.26.12.1/24 
add interface=2613-VM address=172.26.13.1/24 

#DHCP Relay to Infoblox for select VLANs
/ip dhcp-relay add name=2611-MGT-Relay interface=2611-MGT dhcp-server=10.13.2.12 local-address=172.26.11.1 disabled=no
/ip dhcp-relay add name=2613-VM-Relay interface=2613-VM dhcp-server=10.13.2.12 local-address=172.26.13.1 disabled=no

/interface bridge set bridge vlan-filtering=yes
Top
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

Re: BGP Configuration with CCR2004 and Vyos VM assistance

Wed Mar 24, 2021 5:53 pm

So I tried to configure both the CCR2004 and Vyos router for BGP. However, the two are not peering. I can ping each device from the other, but a BGP session is never established. Any ideas on how to troubleshoot?

CCR2004:
/routing bgp peer print status
Flags: X - disabled, E - established
0 name="Vyos01" instance=default remote-address=172.26.13.101 remote-as=65010 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip
default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no state=opensent

Vyos:
show ip bgp summary

IPv4 Unicast Summary:
BGP router identifier 172.27.12.1, local AS number 65010 vrf-id 0
BGP table version 5
RIB entries 5, using 960 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
10.13.2.10 4 65020 0 0 0 0 0 never Active 0

Total number of neighbors 1
Top
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

Re: BGP Configuration with CCR2004 and Vyos VM assistance  [SOLVED]

Thu Mar 25, 2021 3:16 pm

In case anyone stumbles on this in the future with a similar issue, I'll post my solution. I finally got the problem solved, by using peering addresses on the same subnet. My original configuration had them on different subnets (but fully routed to each other).
Top
Post Reply
  4. RouterOS
  5. General