Short story: BGP advertisement works only after creating new address-list. Just adding a member to existing address-list doesn't help, removing an address-list doesn't help too, must create new!!!
Long story: Had to change a router, so decided to test v7. Simple BGP setup. Seems to work ... until reboot. After reboot - no way to advertise own networks. Default route - OK, foreign networks - OK. Own networks - NO. Doesn't matter what I do with BGP configuration - no way. It was my first touch to v7, so I decided I'm missing something. After hours of staring at a simple BGP session here are the results:
R1 - AS65502, 100.70.67.178, RouterOS 7.1.1, network 192.0.2.0/24
R2 - AS65501, 100.70.67.42, RouterOS 6.49.2
R1 config
---
Code: Select all
[etg@rtr1] > system/reset-configuration no-defaults=yes skip-backup=yes keep-users=yes
...
[etg@rtr1] > export
# jan/02/1970 00:16:27 by RouterOS 7.1.1
#
#
# model = RB4011iGS+
#
/interface vlan
add interface=ether6 name=vlan_routing vlan-id=3567
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default as=65502
/ip address
add address=100.70.67.178/24 interface=vlan_routing network=100.70.67.0
/ip firewall address-list
add address=192.0.2.0/24 list=bgp_nets
/ip route
add blackhole distance=255 dst-address=192.0.2.0/24
/routing bgp connection
add connect=yes disabled=no listen=yes local.role=ebgp-customer name=tik output.default-originate=never .network=bgp_nets remote.address=100.70.67.42 .as=65501 templates=default
/system identity
set name=rtr1
[etg@rtr1] > routing/bgp/session/print
Flags: E - established
0 E remote.address=100.70.67.42 .as=65501 .id=100.70.67.42 .refused-cap-opt=no .capabilities=mp,rr,as4 .messages=8 .bytes=180 .eor=""
local.role=ebgp-customer .address=100.70.67.178 .as=65502 .id=100.70.67.178 .capabilities=mp,rr,gr,as4 .messages=8 .bytes=181 .eor=""
output.procid=20 .network=bgp_nets
input.procid=20 ebgp
hold-time=3m keepalive-time=1m uptime=6m32s420ms
---
Code: Select all
[admin@tik] > routing bgp export
# dec/31/2021 00:07:45 by RouterOS 6.49.2
#
#
# model = 450G
#
/routing bgp instance
set default as=65501 router-id=100.70.67.42
/routing bgp network
add network=192.168.192.0/24
/routing bgp peer
add name=rtr1 remote-address=100.70.67.178 remote-as=65502
[admin@tik] > routing bgp peer print status
Flags: X - disabled, E - established
0 E name="rtr1" instance=default remote-address=100.70.67.178 remote-as=65502 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no
as-override=no passive=no use-bfd=no remote-id=100.70.67.178 local-address=100.70.67.42 uptime=4m19s prefix-count=1 updates-sent=1 updates-received=1 withdrawn-sent=0 withdrawn-received=0 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m
refresh-capability=yes as4-capability=yes state=established
[admin@tik] > ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 Db 192.0.2.0/24 100.70.67.178 20
after R1 reboot - no advertisement anymore
---------------
R1
---
Code: Select all
[etg@rtr1] > export
# jan/02/1970 00:28:01 by RouterOS 7.1.1
#
#
# model = RB4011iGS+
#
/interface vlan
add interface=ether6 name=vlan_routing vlan-id=3567
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default as=65502
/ip address
add address=100.70.67.178/24 interface=vlan_routing network=100.70.67.0
/ip firewall address-list
add address=192.0.2.0/24 list=bgp_nets
/ip route
add blackhole distance=255 dst-address=192.0.2.0/24
/routing bgp connection
add connect=yes disabled=no listen=yes local.role=ebgp-customer name=tik output.default-originate=never .network=bgp_nets remote.address=100.70.67.42 .as=65501 templates=default
/system identity
set name=rtr1
[etg@rtr1] > routing/bgp/session/print
Flags: E - established
0 E remote.address=100.70.67.42 .as=65501 .id=100.70.67.42 .refused-cap-opt=no .capabilities=mp,rr,as4 .messages=3 .bytes=85 .eor=""
local.role=ebgp-customer .address=100.70.67.178 .as=65502 .id=100.70.67.178 .capabilities=mp,rr,gr,as4 .messages=2 .bytes=38 .eor=""
output.procid=20 .network=bgp_nets
input.procid=20 ebgp
hold-time=3m keepalive-time=1m uptime=1m50s800ms
R2
---
Code: Select all
[admin@tik] > routing bgp peer print status
Flags: X - disabled, E - established
0 E name="rtr1" instance=default remote-address=100.70.67.178 remote-as=65502 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no
as-override=no passive=no use-bfd=no remote-id=100.70.67.178 local-address=100.70.67.42 uptime=7s prefix-count=0 updates-sent=1 updates-received=0 withdrawn-sent=0 withdrawn-received=0 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m
refresh-capability=yes as4-capability=yes state=established
[admin@tik] > ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
[admin@tik] >
Solution
--------
R1
---
Code: Select all
[etg@rtr1] > ip/firewall/address-list/print
Columns: LIST, ADDRESS, CREATION-TIME
# LIST ADDRESS CREATION-TIME
0 bgp_nets 192.0.2.0/24 jan/02/1970 00:13:06
[etg@rtr1] > ip/firewall/address-list/add list=somelist
and now on R2
---
Code: Select all
[admin@tik] > routing bgp peer print status
Flags: X - disabled, E - established
0 E name="rtr1" instance=default remote-address=100.70.67.178 remote-as=65502 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no
as-override=no passive=no use-bfd=no remote-id=100.70.67.178 local-address=100.70.67.42 uptime=4m11s prefix-count=1 updates-sent=1 updates-received=1 withdrawn-sent=0 withdrawn-received=0 remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m
refresh-capability=yes as4-capability=yes state=established
[admin@tik] > ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 Db 192.0.2.0/24 100.70.67.178 20
Just adding a member to existing address-list doesn't help, removing an address-list doesn't help too, must create new one.
The problem is the same if R2 is pc router running quagga.
Аs a matter of fact, among 20 or 30 reboots, there was a single case when advertisement worked, but only one. Since with my router it happens always, but there in the forum is no such topic, am I the only one facing this problem?
P.S. Upgrade to RouterOS 7.2rc1 doesn't help. (Even worse - OSPF stopped too. All neighbors seen, LSDB seems to be OK, but none of the routes installed, after downgrade OSPF recovered. Something changed in OSPF?)
P.P.S. Adding an address-list via script doesn't work, doesn't matter if it is executed automatically at startup or manually on CLI/WebFig