Page 1 of 1
v7 won't announce all iBGP routes to peer
Posted: Wed Feb 16, 2022 9:52 pm
by jd603
I have two border routers that both keep full BGP routing tables of their upstream connection and their neighbors upstream connection. Typically the default iBGP configuration will announce all routes in the table to its peer. This seems impossible with RouterOS v7 for some reason. eBGP is announcing the prefixes I have in bgp-networks and have a static blackhole route for so that's fine but I should not need to do that to share all routes with an iBGP peer. How is that accomplished in v7? I'm assuming there is a configuration setting i'm missing.
Re: v7 won't announce all iBGP routes to peer
Posted: Wed Feb 16, 2022 10:45 pm
by TheRealJLH
on the bgp connection for the ibgp peers do you have bgp checked for output redistribution ?
Re: v7 won't announce all iBGP routes to peer
Posted: Wed Feb 16, 2022 11:20 pm
by jd603
Yes I did try that and just tried again. Doesn't seem to do anything. I tried without any input/output filters, with input/output filters. Nothing. If I connect a v6 router it will send all routes and v7 will receive them all though.
Re: v7 won't announce all iBGP routes to peer
Posted: Wed Feb 16, 2022 11:28 pm
by jd603
1 name="peer5"
remote.address=2001:4:69::1 .port=179 .as=33333
local.address=2001:4:69::2 .port=179 .role=ibgp
connect=yes listen=yes routing-table=main router-id=204.88.94.45 templates=ibgp as=33333
address-families=ipv6
output.redistribute=bgp
input.filter=allowall
The ibgp template is same as default but without output.networks=
Above is the IPv6 peer entry but it's the same story with IPv4.
The ony thing I see that is wrong is the router-id is an IP of a bridge interface that is actually down at the moment. I will try fixing that in case. eBGP works and announces despite that though so I'm not sure rouer-id is actually tied to an IP/interface being up/down.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Feb 17, 2022 5:30 am
by TheRealJLH
does it do the same, if you change the local role to "igp rr"
with the new changes to BGP in v7 everything is explicitly defined i.e. filters are required.
try creating a outbound filter with only one rule ex: add chain=Default-Out disabled=no rule="accept;"
with that defined it should pass all routes
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Feb 17, 2022 11:37 am
by hkusulja
I also have upgraded from 6.48 to 7.1.2 (stable) and routing filter rules are migrated to new format, all looks good, however destination (cisco) now sees only one / first route.
/routing bgp connection is using role=ebgp
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Feb 17, 2022 2:31 pm
by jd603
That was it! igp-rr worked ... I could't find any documentation on that .. is there a list of roles some place?
Also, I actually did not need any output filter and redistribute bgp is not relevant either, the key is ibgp-rr as a role.
does it do the same, if you change the local role to "igp rr"
with the new changes to BGP in v7 everything is explicitly defined i.e. filters are required.
try creating a outbound filter with only one rule ex: add chain=Default-Out disabled=no rule="accept;"
with that defined it should pass all routes
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Feb 17, 2022 6:32 pm
by TheRealJLH
v7 actually follows more of the RFC standards for bgp
i believe egp and igp modes are documented there.
https://datatracker.ietf.org/doc/draft- ... ude_text=1
igp rr should be equal to checking route reflect in v6 if i am not mistaken.
also
https://help.mikrotik.com/docs/pages/vi ... eId=328220
Re: v7 won't announce all iBGP routes to peer
Posted: Fri Feb 18, 2022 8:49 pm
by jd603
Actually, this was not the correct solution. I should not need route reflection enabled. Routers by default advertise all their eBGP learned routes to their iBGP peers. This is not happening from the v7 router to the v6 router. It might be one other issue I need to fix in the config and will report back.
When I enabled ibgp-rr on the v7 router it seemed to echo back routes learned from the v6 peer and now the routing table on the v6 router has double routes for every route and both have the same external gateway. It doesn't seem to want to send the eBGP learned routes to the v6 router but like I said I have a known slight misconfig on a bridge/loopbakc interface I need to fix so I will test that over the weekend.
Re: v7 won't announce all iBGP routes to peer
Posted: Fri Feb 18, 2022 11:39 pm
by TheRealJLH
I think 'igp rr' is the correct setting to use however if you dont want clients to reflect the routes back to one another try setting the extra no client to client reflection flag
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Feb 19, 2022 3:41 pm
by jd603
Ok, it had nothing to do with my config change. Everything works right except when the v6 router learns routes from v7 as a peer, it is setting the gateway incorrectly. It is setting the route to the same external eBGP gateway as other routes being learned on the v6 router.
4 ADb dst-address=1.0.4.0/22 gateway=213.xxx.129.182 gateway-status=213.xxx.129.182 reachable via ether7 distance=20
scope=40 target-scope=10 bgp-as-path="1299,4826,38803" bgp-local-pref=160 bgp-origin=igp
bgp-communities=1299:35000 received-from=telia
5 Db dst-address=1.0.4.0/22 gateway=213.xxx.129.182 gateway-status=213.xxx.129.182 reachable via ether7 distance=200
scope=40 target-scope=30 bgp-as-path="1299,4826,38803" bgp-local-pref=160 bgp-atomic-aggregate=yes
bgp-origin=igp bgp-communities=1299:35000 received-from=peer1
Notice received-from peer1 --- that is a different router with a different upstream and interface IPs and yet, routes going out from the v7 router are getting the same gateway as routes received via Telia on the v6 router, which is useless. It doesn't appear to be happening with IPv6 iBGP peers...
5 ADb dst-address=2001:200::/32 gateway=2001:yyyy:0
:1 gateway-status=2001:yyyy:0
:1 reachable via ether7
distance=20 scope=40 target-scope=10 bgp-as-path="1299,2914,2500,2500" bgp-local-pref=160 bgp-origin=igp
bgp-communities=1299:25000 received-from=telia_v6
6 Db dst-address=2001:200::/32 gateway=2001:xxxx:69::2 gateway-status=2001:xxxx:69::2 reachable via ether17
distance=200 scope=40 target-scope=30 bgp-as-path="1299,2914,2500,2500" bgp-local-pref=160
bgp-atomic-aggregate=yes bgp-origin=igp bgp-communities=1299:25000 received-from=peer5
I tried nexthop-choice=force-self but it didn't have any effect. I'm going to keep looking for a little bit then probably roll back to v6 if I can't figure it out.
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Feb 19, 2022 3:50 pm
by jd603
https://datatracker.ietf.org/doc/html/r ... tion-5.1.3
This sounds simple enough -- but this does not seem to be what is happening.
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Feb 19, 2022 4:11 pm
by jd603
Also an iBGP mesh with all other vendors (Cisco, Juniper etc) just shares all routes without setting anything up as a route reflector. That should not be necessary to get iBGP to share routing tables. I'm not getting this.
OK I am able to get routes to announce to iBGP peers in role=ibgp mode as long as the networks are in output.network=addresslisthere AND directly connected/blackhole route exists (thats eBGP behavior and should not be like this when the role is iBGP) --- they will not announce otherwise - so unless there is an address list entry that is a catch ALL , it's not possible to configure one of the most common ISP BGP configurations in v7 with full routes ibgp mesh. I could possibly do some type of route reflector hack but it would not be correct.
Does anyone have a solution ?
I may have figured it out -- adding my ONE /32 IPv6 block to output.networks seems to have allowed iBGP to announce all my directly connected smaller networks under that /32. So in theory I could add a default route to output.networks and a static default route blackhole and it should then announce all iBGP routes. Will try that soon.
-- UPDATE -- NOPE! Not even adding ::/0 to ibgp-networks address-list and creating a static route and static blackhole route for ::/0 worked. So I have no idea what to do here.
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Feb 21, 2022 5:57 pm
by jd603
So... I guess with v7, iBGP full mesh/full route support is gone? Rolling back to v6 until it is realized / fixed or I figure out how to make it announce all iBGP routes (no, configuring route reflection is not the correct way).
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Feb 21, 2022 8:09 pm
by hkusulja
I just want to update my situation/scenario
RouterOS 6 working with bgp with cisco.
After upgreade to RouterOS 7.1.3, some routes are not sent out.
I have found out the reason and fixed it. The issue was in /ip firewall access list, that had other subnet defined. Now in RouterOS it seems it has to match the correct IP subnet range as it is in /ip address. In my case , ip firewall address list had a bigger range to take multiple my ip address and its subnets.
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Feb 21, 2022 11:24 pm
by TheRealJLH
it is possible that it simply is not fully ready for production yet. have you tried setting up a CHR lab to reproduce the issue ?
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Feb 22, 2022 2:49 am
by jd603
It's definitely not, turns out, the whole time I was trying to test v7 on my less utilized router, it was flapping ALL my announcements continuously. Some providers dampened those announcements and I made the top 50 list of most active ASs on the entire internet. HAHAHAHAHHA. BOOM! rolled back to v6 for awhile. Not mad, it's a funny story I can tell now.
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Feb 22, 2022 9:06 am
by TheRealJLH
Yep not ready for production. I for one will be waiting till all my lab testing passes with flying colors.
It's sad really that v7 had been under development for more than 8 years and still is not ready for production use, and to make matters worse they are already releasing v7 only devices.
I do wonder what model did you run the test on? was it a CHR or was it a hardware device with a Tilera cpu ?
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Feb 22, 2022 12:28 pm
by jd603
I appreciate the developers and their hard work. I suspect 7.x will be fine for simple routing situations but it should be considered BETA in regards to BGP at the least. It should come with that warning especially after seeing people come forward with show stopper bugs. This flapping one was quite bad. I believe the other end was a Juniper router, it flapped every 15-30 seconds.
Anyway, i'll check the forums every now and then to see how testing/fixes are going.
Yep not ready for production. I for one will be waiting till all my lab testing passes with flying colors.
It's sad really that v7 had been under development for more than 8 years and still is not ready for production use, and to make matters worse they are already releasing v7 only devices.
I do wonder what model did you run the test on? was it a CHR or was it a hardware device with a Tilera cpu ?
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Feb 22, 2022 9:52 pm
by andrewe02000
Why no route aggregation!
Re: v7 won't announce all iBGP routes to peer
Posted: Fri Feb 25, 2022 12:07 am
by andrewe02000
I have two border routers that both keep full BGP routing tables of their upstream connection and their neighbors upstream connection. Typically the default iBGP configuration will announce all routes in the table to its peer. This seems impossible with RouterOS v7 for some reason. eBGP is announcing the prefixes I have in bgp-networks and have a static blackhole route for so that's fine but I should not need to do that to share all routes with an iBGP peer. How is that accomplished in v7? I'm assuming there is a configuration setting i'm missing.
I am curious as to how to make it so when you have IGRP routes flap that you don't flap EGRP BGP routes. SO I get that if you have more specific routes than a larger range than a /24 you can use a blackhole route and it wont flap however you have to filter out the more specific routes from announcing on BGP unless that is desired. But in the case of having /24 networks that are not part of a larger range you cannot use blackhole routes correct as the other routes are not more specific. How would that be worked around?
Re: v7 won't announce all iBGP routes to peer
Posted: Fri Feb 25, 2022 12:27 am
by andrewe02000
I have two border routers that both keep full BGP routing tables of their upstream connection and their neighbors upstream connection. Typically the default iBGP configuration will announce all routes in the table to its peer. This seems impossible with RouterOS v7 for some reason. eBGP is announcing the prefixes I have in bgp-networks and have a static blackhole route for so that's fine but I should not need to do that to share all routes with an iBGP peer. How is that accomplished in v7? I'm assuming there is a configuration setting i'm missing.
I am curious as to how to make it so when you have IGRP routes flap that you don't flap EGRP BGP routes. SO I get that if you have more specific routes than a larger range than a /24 you can use a blackhole route and it wont flap however you have to filter out the more specific routes from announcing on BGP unless that is desired. But in the case of having /24 networks that are not part of a larger range you cannot use blackhole routes correct as the other routes are not more specific. How would that be worked around?
Would I just need to set the blackhole route distance to higher than the IGRP /24 route or set to 255?
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Feb 26, 2022 1:05 am
by jd603
Not sure I'm following completely but the blackhole routes are usually distance=254 so they aren't actually used for anything, it just puts them in the routing table to nail them up. You can do a lot with routing filters too.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Mar 10, 2022 8:09 pm
by jd603
I jokingly flagged this thread as solved but wanted to update it in case Mikrotik support wants to look for bugs in here.
There is a nasty flapping bug when BGP peering with a Juniper router (certainly could be on my specific config but I will not be using 7.x again until iBGP full mesh works) AND more importantly there does not seem to be a way at all to do full mesh iBGP with all routes.
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Apr 30, 2022 11:01 am
by TheRealJLH
Hey jd603,
Just checking in
I am curious if this issue has been resolved with any of the beta versions or any Stable-ish release of 7.2.x
Re: v7 won't announce all iBGP routes to peer
Posted: Fri May 27, 2022 12:56 am
by jd603
I have not tested yet, it will probably be a couple months before I attempt 7.x again but I will get to it. Have you tested anything?
Hey jd603,
Just checking in
I am curious if this issue has been resolved with any of the beta versions or any Stable-ish release of 7.2.x
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Nov 29, 2022 11:07 am
by jd603
Bump.
The good news is the flap bug from my first attempt at moving to v7 is gone. The bad news is, me along with several others are still having issues with this one... I have tried every config option and variant to get v7 to announce all its eBGP learned routes to its iBGP peers. Nothing works. This is a basic necessity for running BGP on a LAN with more than one router. Is there an actual example of this working correctly anywhere? Config example perhaps?
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Dec 11, 2022 1:29 pm
by captainproton
I have a similar setup. 2 Mikrotik Routers connecting to external BGP peer.
One is on v6, one on v7. Connection between the routers with iBGP to exchange eBGP Routes.
v7 is learning from the v6 router but not the other way around.
v7 is not dristibuting its eBGP Routes to its iBGP peers. I was trying around until I found this post and learned that it seems to be a bug.
How is that even possible? We are on RouterOS 7.
6.
I wanted to give v7 a try
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Dec 11, 2022 4:19 pm
by StubArea51
Bump.
The good news is the flap bug from my first attempt at moving to v7 is gone. The bad news is, me along with several others are still having issues with this one... I have tried every config option and variant to get v7 to announce all its eBGP learned routes to its iBGP peers. Nothing works. This is a basic necessity for running BGP on a LAN with more than one router. Is there an actual example of this working correctly anywhere? Config example perhaps?
Curious as to what your current peering config looks like?
Re: v7 won't announce all iBGP routes to peer
Posted: Tue Dec 13, 2022 5:44 pm
by jd603
Hey there.
Just a totally basic config:
v7 router config:
0 name="peer7"
remote.address=x.x.x.6 .port=179 .as=30xxx
local.address=x.x.x.5 .port=179 .role=ibgp
connect=yes listen=yes routing-table=main router-id=x.x.x.45 templates=ibgp as=30xxx address-families=ip
output.filter-chain=allowall
input.filter=allowall
I tried without filter, with allowall filters, doesn't seem to matter.
[jd@MikroTik] /routing/bgp/template> print
Flags: * - default; X - disabled, I - inactive
0 * name="default" routing-table=main router-id=x.x.x.45 as=30xxx
output.network=bgp-networks
1 name="ibgp" routing-table=main router-id=x.x.x.45 as=30xxx
The templates do use a loopback address - i could try changing the router-id for iBGP? only thing i haven't tried, in the past this worked and did not matter though.
This is the allowall routing filter rule i used but i tried different variations in case too:
2 chain=allowall rule="accept;"
v6 router config:
0 E name="peer1" instance=default remote-address=x.x.x.5 remote-as=30xxx tcp-md5-key="" nexthop-choice=default
multihop=no route-reflect=no hold-time=3m ttl=255 in-filter=ibgp_in_1 out-filter="" address-families=ip
update-source=x.x.x.6 default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
I initially did not have an inbound filter set, but i tried to create one to force nexthop when i enable ibgp-rr on the v7 router, it didn't seem to work (i also dont think ibgp-rr is the right setting for simply sharing all iBGP routes in the classic full mesh scenario anyway but it did seem to work when I tried it with IPv6.
Let me know what else you need. I have tried a bunch of combinations of things and closest I got was setting role ibgp-rr on the v7 router , but then all the routes sent to the v6 router have the same gateway as the other routes on the v6 router and then some type of routing loop happens and eBGP route announcements start flapping on the v7 router so I need to undo.
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Dec 18, 2022 7:19 pm
by Zibogogs
Ran in to this same issue, damn. Seems like it's just one setting that's different from v6 but I can't find it. Hahaha. The performance is phenomenal it seems from testing in production, but these quirks are a bit annoying.
V6 propagates eBGP routes through iBGP, but doesn't happen in reverse. Sad day.
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Dec 19, 2022 1:37 pm
by StubArea51
So I started working on this because I've had some clients describe the same behavior of not all iBGP routes being learned.
At first I thought it might be a bug, but now that I look closer at it in the lab, I think what may be happening is the normal BGP behavior of only announcing active routes to its peer. Here is the lab I set up. with full IPV4 tables (sort of...they are older copies of the DFZ from a VM I have and only ~500k routes)
If i'm looking at this correctly, each edge router is learning the full table from its upstream into /routing/route and then learning the best routes from its neighbor.
That said, not ruling out the possibility of a bug and working through matching up active routes vs non-active routes and the route count to see if there is any discrepancy. Also, these peerings are all ROSv7 to ROSv7. Will add a CCR1036 on 6.48.6 and see if the behavior changes
edge-01
/interface bridge
add name=lo-ipv4
add name=lo-ipv6
/interface bonding
add mode=802.3ad name=bonding1 slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-3-and-4
/interface vlan
add interface=bonding1 name=vlan901-isp1-hooli vlan-id=901
add interface=bonding1 name=vlan3000-ptmp-edge-routers vlan-id=3000
add interface=bonding1 name=vlan3100-ptp-core vlan-id=3100
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip vrf
add interfaces=ether15 name=vrf-mgmt
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
add address-families=ip as=1016 name=as1016-v4 router-id=100.127.1.1
add address-families=ipv6 as=1016 name=as1016-v6 router-id=100.127.1.1
/routing id
add id=100.127.1.1 name=rid-main select-dynamic-id=only-vrf select-from-vrf=main
/routing ospf instance
add disabled=no name=ospf-instance-v2-ipv4 router-id=rid-main routing-table=main
add disabled=no name=ospf-instance-v3-ipv6 router-id=rid-main routing-table=main version=3
/routing ospf area
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=100.126.1.1/29 interface=vlan3100-ptp-core network=100.126.1.0
add address=100.127.1.1 interface=lo-ipv4 network=100.127.1.1
add address=203.0.113.2/29 interface=vlan901-isp1-hooli network=203.0.113.0
add address=100.126.12.1/29 interface=vlan3000-ptmp-edge-routers network=100.126.12.0
/ip dhcp-client
add interface=ether15
add disabled=yes interface=ether1
/ip firewall address-list
add address=198.18.0.0/22 list=add-list-as1016-ipv4-internal
/ip service
set ssh vrf=vrf-mgmt
set winbox vrf=vrf-mgmt
/ipv6 address
add address=200:1ce:a1a:3100::1 advertise=no interface=vlan3100-ptp-core
add address=200:1ce:127::1/128 advertise=no interface=lo-ipv6
add address=3ffe:1001:1002::2 advertise=no interface=vlan901-isp1-hooli
add address=200:1ce:a1a:3000::1 advertise=no interface=vlan3000-ptmp-edge-routers
/ipv6 dhcp-client
add interface=ether1 request=address
/ipv6 firewall address-list
add address=200:1ce:127::1/128 list=add-list-as1016-ipv6-internal
/routing bgp connection
add disabled=no input.affinity=afi local.address=100.127.1.1 .role=ibgp-rr-client name=peer-ipv4-rtr-core-01 nexthop-choice=force-self \
output.default-originate=always .filter-chain=as1016-ipv4-internal-permit-default .network=add-list-as1016-ipv4-internal remote.address=\
100.127.1.3 .as=1016 templates=as1016-v4
add input.affinity=afi local.address=200:1ce:127::1 .role=ibgp-rr-client name=peer-ipv6-rtr-core-01 nexthop-choice=force-self \
output.default-originate=always .filter-chain=as1016-ipv6-internal-permit-default .network=add-list-as1016-ipv6-internal remote.address=\
200:1ce:127::3 .as=1016 templates=as1016-v6
add add-path-out=all address-families=ip as=1016 disabled=yes hold-time=30m keepalive-time=1m local.role=ebgp-peer name=isp1-hooli remote.address=\
203.0.113.1/32 .as=65101 router-id=100.127.1.1 routing-table=main templates=as1016-v4
add address-families=ip as=1016 disabled=no input.affinity=afi local.address=100.126.12.1 .role=ibgp name=peer-ipv4-rtr-edge-02 nexthop-choice=default \
output.default-originate=always remote.address=100.126.12.2/32 .as=1016 router-id=100.127.1.1 routing-table=main templates=as1016-v4
add address-families=ipv6 as=1016 disabled=no input.affinity=afi local.address=200:1ce:a1a:3000::1 .role=ibgp name=peer-ipv6-rtr-edge-02 \
nexthop-choice=default output.default-originate=always remote.address=200:1ce:a1a:3000::2/128 .as=1016 router-id=100.127.1.1 routing-table=main \
templates=as1016-v6
/routing filter community-large-list
add communities=1016:1016:4 list=bgp-community-large-1016-1016-4
add communities=1016:1016:6 list=bgp-community-large-1016-1016-6
/routing filter community-list
add communities=1016:0 list=bgp-community-1016-0
/routing filter rule
add chain=as1016-ipv4-internal-permit-default rule=\
"if (dst in 198.18.0.0/22 && dst-len > 22) { set bgp-large-communities bgp-community-large-1016-1016-4; accept; }"
add chain=as1016-ipv4-internal-permit-default rule="if (dst== 0.0.0.0/0) { accept; }"
add chain=as1016-ipv4-internal-permit-default rule="if (dst in 0.0.0.0/0) { reject;}"
add chain=as1016-ipv6-internal-permit-default rule=\
"if (dst in 200:1ce::/32 && dst-len > 32) { set bgp-large-communities bgp-community-large-1016-1016-6; accept; }"
add chain=as1016-ipv6-internal-permit-default rule="if (dst==::/0) { accept; }"
add chain=as1016-ipv6-internal-permit-default rule="if (dst in ::/0) { reject;}"
/routing ospf interface-template
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3100-ptp-core type=ptp
add area=ospf-area-0-ipv4 disabled=no interfaces=lo-ipv4
add area=ospf-area-0-ipv6 disabled=no interfaces=vlan3100-ptp-core type=ptp
add area=ospf-area-0-ipv6 disabled=no interfaces=lo-ipv6 networks=200:1ce:127::1/128 passive
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan901-isp1-hooli passive
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3000-ptmp-edge-routers
/system identity
set name=rtr-edge-01.v7.ipa.dev
/system package update
set channel=testing
/system resource irq rps
set ether1 disabled=no
/tool bandwidth-server
set authenticate=no
/tool romon
set enabled=yes
edge-02
/interface bridge
add name=lo-ipv4
add name=lo-ipv6
/interface ethernet
set [ find default-name=ether15 ] name=ether15-mgmt
set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-crs326-02
set [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2-crs326-02
/interface bonding
add mode=802.3ad name=bonding1-crs326-02 slaves=sfp-sfpplus1-crs326-02,sfp-sfpplus2-crs326-02 transmit-hash-policy=layer-3-and-4
/interface vlan
add interface=bonding1-crs326-02 name=vlan902-isp2-initech vlan-id=902
add interface=bonding1-crs326-02 name=vlan3000-ptmp-edge-routers vlan-id=3000
add interface=bonding1-crs326-02 name=vlan3200-ptp-core vlan-id=3200
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
add address-families=ip as=1016 name=as1016-v4 router-id=100.127.1.2
add address-families=ipv6 as=1016 name=as1016-v6 router-id=100.127.1.2
/routing id
add id=100.127.1.2 name=rid-main
add id=100.127.1.2 name=rid-main select-dynamic-id=only-vrf select-from-vrf=main
/routing ospf instance
add disabled=no name=ospf-instance-v2-ipv4 router-id=rid-main
add disabled=no name=ospf-instance-v3-ipv6 router-id=rid-main version=3
/routing ospf area
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=100.126.1.9/29 interface=vlan3200-ptp-core network=100.126.1.8
add address=100.127.1.2 interface=lo-ipv4 network=100.127.1.2
add address=198.51.100.2/29 interface=vlan902-isp2-initech network=198.51.100.0
add address=100.126.12.2/29 interface=vlan3000-ptmp-edge-routers network=100.126.12.0
/ip dhcp-client
add interface=ether15-mgmt
/ipv6 address
add address=200:1ce:127::2/128 advertise=no interface=lo-ipv6
add address=200:1ce:a1a:3200::2 advertise=no interface=vlan3200-ptp-core
add address=200:1ce:a1a:3000::2 advertise=no interface=vlan3000-ptmp-edge-routers
/ipv6 firewall address-list
add address=200:1ce:1001::/48 list=add-list-as1016-ipv6-services
add address=200:1ce:1002::/48 list=add-list-as1016-ipv6-services
add address=200:1ce:1003::/48 list=add-list-as1016-ipv6-services
/ipv6 nd
set [ find default=yes ] ra-lifetime=none
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/routing bgp connection
add local.address=100.127.1.2 .role=ibgp-rr-client name=peer-ipv4-rtr-core-01 output.filter-chain=as1016-ipv4-services-no-default \
.keep-sent-attributes=yes .network=add-list-as1016-ipv4-services remote.address=100.127.1.3 .as=1016 templates=as1016-v4
add address-families=ipv6 as=1016 disabled=no local.address=200:1ce:127::2 .role=ibgp-rr-client name=peer-ipv6-rtr-core-01 \
output.keep-sent-attributes=yes .network=add-list-as1016-ipv6-services remote.address=200:1ce:127::3/128 .as=1016 router-id=100.127.1.2 \
routing-table=main templates=as1016-v6
add add-path-out=all address-families=ip as=1016 disabled=no keepalive-time=1m local.role=ebgp-peer name=isp2-initech remote.address=198.51.100.1/32 \
.as=65102 router-id=100.127.1.2 routing-table=main templates=as1016-v4
add address-families=ip as=1016 disabled=no input.affinity=afi local.address=100.126.12.2 .role=ibgp name=peer-ipv4-rtr-edge-01 nexthop-choice=default \
output.default-originate=always remote.address=100.126.12.1/32 .as=1016 router-id=100.127.1.2 routing-table=main templates=as1016-v4
add address-families=ipv6 as=1016 disabled=no local.address=200:1ce:a1a:3000::2 .role=ibgp name=peer-ipv6-rtr-edge-01 output.keep-sent-attributes=yes \
.network=add-list-as1016-ipv6-services remote.address=200:1ce:a1a:3000::1/128 .as=1016 router-id=100.127.1.2 routing-table=main templates=\
as1016-v6
/routing filter community-large-list
add communities=1016:1016:4 list=bgp-community-large-1016-1016-4
add communities=1016:1016:6 list=bgp-community-large-1016-1016-6
/routing filter rule
add chain=as1016-ipv4-internal-permit-default rule=\
"if (dst in 198.18.0.0/22 && dst-len > 22) { set bgp-large-communities bgp-community-large-1016-1016-4; accept; }"
add chain=as1016-ipv4-internal-permit-default rule="if (dst== 0.0.0.0/0) { accept; }"
add chain=as1016-ipv4-internal-permit-default rule="if (dst in 0.0.0.0/0) { reject;}"
add chain=as1016-ipv6-internal-permit-default rule=\
"if (dst in 200:1ce::/32 && dst-len > 32) { set bgp-large-communities bgp-community-large-1016-1016-6; accept; }"
add chain=as1016-ipv6-internal-permit-default rule="if (dst==::/0) { accept; }"
add chain=as1016-ipv6-internal-permit-default rule="if (dst in ::/0) { reject;}"
/routing ospf interface-template
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3200-ptp-core type=ptp
add area=ospf-area-0-ipv4 disabled=no interfaces=lo-ipv4
add area=ospf-area-0-ipv6 disabled=no interfaces=lo-ipv6 networks=200:1ce:127::2/128 passive
add area=ospf-area-0-ipv6 disabled=no interfaces=vlan3200-ptp-core type=ptp
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan902-isp2-initech passive
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3000-ptmp-edge-routers
/system clock
set time-zone-name=America/New_York
/system identity
set name=rtr-edge-02.v7.ipa.dev
/system package update
set channel=testing
/system resource irq rps
set ether1 disabled=no
/tool bandwidth-server
set authenticate=no
/tool romon
set enabled=yes
/tool sniffer
set file-limit=10000KiB
core-01
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge-main vlan-filtering=yes
add name=lo-ipv4
add name=lo-ipv6
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=sfp-sfpplus1-crs326-01 speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no name=sfp-sfpplus2-crs326-01 speed=10Gbps
/interface vlan
add interface=bridge-main name=vlan3100-ptp-edge-01 vlan-id=3100
add interface=bridge-main name=vlan3200-ptp-edge-02 vlan-id=3200
/interface bonding
add mode=802.3ad name=bonding1-crs326-01 slaves=sfp-sfpplus1-crs326-01,sfp-sfpplus2-crs326-01 transmit-hash-policy=layer-3-and-4
/disk
set disk1 parent=nvme1 partition-offset=512 partition-size="512 110 190 080" slot=disk1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip vrf
add interfaces=ether13 name=vrf-mgmt
/port
set 0 name=serial0
/routing bgp template
add address-families=ip as=1016 cluster-id=100.127.1.3 name=as1016-v4-rr router-id=100.127.1.3
add address-families=ipv6 as=1016 cluster-id=100.127.1.3 name=as1016-v6-rr router-id=100.127.1.3
/routing id
add id=100.127.1.3 name=rid-main select-dynamic-id=only-vrf select-from-vrf=main
/routing ospf instance
add disabled=no name=ospf-instance-v3-ipv6 router-id=rid-main version=3
add disabled=no name=ospf-instance-v2-ipv4 router-id=rid-main
/routing ospf area
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4
/interface bridge port
add bridge=bridge-main interface=bonding1-crs326-01
/interface ethernet switch l3hw-settings
set fasttrack-hw=no icmp-reply-on-error=no
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-main tagged=bonding1-crs326-01,bridge-main vlan-ids=3100
add bridge=bridge-main tagged=bonding1-crs326-01,bridge-main vlan-ids=3200
/ip address
add address=100.126.1.2/29 interface=vlan3100-ptp-edge-01 network=100.126.1.0
add address=100.126.1.10/29 interface=vlan3200-ptp-edge-02 network=100.126.1.8
add address=100.127.1.3 interface=lo-ipv4 network=100.127.1.3
/ip dhcp-client
add interface=ether13
/ip service
set ssh vrf=vrf-mgmt
set winbox vrf=vrf-mgmt
/ipv6 address
add address=200:1ce:a1a:3100::3 advertise=no interface=vlan3100-ptp-edge-01
add address=200:1ce:127::3/128 advertise=no interface=lo-ipv6
add address=200:1ce:a1a:3200::3 advertise=no interface=vlan3200-ptp-edge-02
/routing bgp connection
add address-families=ip as=1016 cluster-id=100.127.1.3 disabled=no local.address=100.127.1.3 .role=ibgp-rr name=peer-ipv4-rtr-edge-01 remote.address=\
100.127.1.1/32 .as=1016 router-id=100.127.1.3 routing-table=main templates=as1016-v4-rr
add address-families=ip as=1016 cluster-id=100.127.1.3 disabled=no local.address=100.127.1.3 .role=ibgp-rr name=peer-ipv4-rtr-edge-02 \
output.default-originate=if-installed remote.address=100.127.1.2/32 .as=1016 router-id=100.127.1.3 routing-table=main templates=as1016-v4-rr
add address-families=ipv6 as=1016 cluster-id=100.127.1.3 disabled=no local.address=200:1ce:127::3 .role=ibgp-rr name=peer-ipv6-rtr-edge-01 \
remote.address=200:1ce:127::1/128 .as=1016 router-id=100.127.1.3 routing-table=main templates=as1016-v6-rr
add address-families=ipv6 as=1016 cluster-id=100.127.1.3 disabled=no local.address=200:1ce:127::3 .role=ibgp-rr name=peer-ipv6-rtr-edge-02 \
output.default-originate=if-installed remote.address=200:1ce:127::2/128 .as=1016 router-id=100.127.1.3 routing-table=main templates=as1016-v6-rr
/routing ospf interface-template
add area=ospf-area-0-ipv6 disabled=no interfaces=lo-ipv6 networks=200:1ce:127::3/128 passive
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3100-ptp-edge-01 type=ptp
add area=ospf-area-0-ipv4 disabled=no interfaces=vlan3200-ptp-edge-02 type=ptp
add area=ospf-area-0-ipv4 disabled=no interfaces=lo-ipv4
add area=ospf-area-0-ipv6 disabled=no interfaces=vlan3100-ptp-edge-01 type=ptp
add area=ospf-area-0-ipv6 disabled=no interfaces=vlan3200-ptp-edge-02 type=ptp
/system clock
set time-zone-name=America/New_York
/system identity
set name=rtr-core-01.v7.ipa.dev
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.google.com
/system package update
set channel=testing
/tool romon
set enabled=yes
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Dec 22, 2022 4:16 pm
by jd603
The routes are not being sent at all. So.. for example, if the routes learned from eBGP on router 1 are active on both routers and the eBGP session is lost, the inactive eBGP routes on router 2 would need to become active in the local routing table after the failed routes learned from router 1 get removed, they would then be sent to router 1 and once those are processed and loaded they will become active and pass traffic. I think that is what you are trying to say but what that does it delay the process or changing to another route. The other available routes should be propagated to all iBGP neighbors so they are ready to change to on loss of the other route(s). I'm pretty sure that is how it usually works?
I will try changing localpref of the routes on the v7 router to see if your theory is correct at least.
I also see *) bgp - do not reflect route back to sender; on 7.7rc3 - perhaps this was what was breaking so much when i enabled ibgp-rr? The thing is, why would I need to set ibgp-rr when i intend to have full mesh iBGP anyway. With other vendors I never needed to set that and I was under the impression that was for when you don't have all your iBGP directly connected in a full mesh set up.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Dec 22, 2022 4:36 pm
by mrz
BGP is advertising only active best route and does not accept advertisements if best route is receiving router. So in triangle setups like illustrated above you will never get a full copy of all the BGP feeds on all the iBGP routers.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Dec 22, 2022 4:38 pm
by StubArea51
The routes are not being sent at all. So.. for example, if the routes learned from eBGP on router 1 are active on both routers and the eBGP session is lost, the inactive eBGP routes from router 2 would need to become active in the local routing table after the failed routes get removed, they would then be sent to router 1 and once those are processed and loaded they will become active and pass traffic.
A few things here
1) You don't need route reflect at all in this scenario for border-to-border peerings. If you look in the config I'm using, the role types are ebgp for upstreams and ibgp for border to border. I am using the rr-client role towards the core since it is the RR for the ASN in this lab.
2) When i drop the upstream for edge-01 (Hooli) the routes immediately converge over the ptp link (100.126.12.0/29 - vlan3000-ptmp-edge-routers) towards edge-02 which has the only remaining upstream. This is the correct behavior
Here is a sample of routes before ISP1 drops - the next hop varies based on the BGP best path algorithm - which is expected and normal
[zuul@rtr-edge-01.v7.ipa.dev] > routing/route/print
Flags: X - disabled, F - filtered, U - unreachable, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, a - ldp-address, l - ldp-mapping, y - copy;
H - hw-offloaded; + - ecmp, B - blackhole
DST-ADDRESS GATEWAY AFI DISTANCE SCOPE TARGET-SCOPE IMMEDIATE-GW
Ab 0.0.0.0/0 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
UbH 0.0.0.0/0 10.255.44.1 ip4 200 40 30
Ab 1.0.0.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.0.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.4.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.4.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.5.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.5.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.6.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.6.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.7.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.7.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.38.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.38.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.64.0/18 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.64.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.128.0/17 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.128.0/17 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/18 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.128.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.128.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.128.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.129.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.129.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.131.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.131.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.139.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.139.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.142.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.142.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.160.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.160.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.160.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.160.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/18 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.192.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.192.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.192.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.0.208.0/22 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.0.208.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.212.0/23 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.212.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.214.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.214.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.224.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.224.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.240.0/20 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.0.240.0/20 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.1.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.1.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.8.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.8.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.32.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.32.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.64.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.64.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.114.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.114.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.115.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.115.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.116.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.116.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.117.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.117.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.118.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.118.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.119.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.119.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.120.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.120.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.121.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.121.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.122.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.122.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.123.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.123.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.124.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.124.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.125.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.125.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.126.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.126.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.127.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.127.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.1.128.0/17 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.128.0/17 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/18 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.128.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.128.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.136.0/22 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.136.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.1.141.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.141.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.1.142.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.142.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.144.0/20 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.160.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.160.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.160.0/20 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.160.0/20 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
b 1.1.181.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.181.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.184.0/22 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.184.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.190.0/23 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.190.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.192.0/18 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.192.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.192.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.192.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.192.0/20 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.208.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.216.0/22 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.216.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.222.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.222.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.224.0/19 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.224.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.232.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
Ab 1.1.240.0/21 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.240.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.248.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.248.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.249.0/24 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.249.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.254.0/23 203.0.113.1 ip4 20 40 10 203.0.113.1%vlan901-isp1-hooli
b 1.1.254.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
And here it is after (notice the gateway is only towards edge-02 now)
[zuul@rtr-edge-01.v7.ipa.dev] > routing/route/print
Flags: X - disabled, F - filtered, U - unreachable, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, a - ldp-address, l - ldp-mapping, y - copy; H - hw-offloaded; + - ecmp, B - blackhole
DST-ADDRESS GATEWAY AFI DISTANCE SCOPE TARGET-SCOPE IMMEDIATE-GW
UbH 0.0.0.0/0 10.255.44.1 ip4 200 40 30
Ab 1.0.0.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.4.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.5.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.6.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.7.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.38.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.64.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/17 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.128.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.129.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.131.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.139.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.142.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.160.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.160.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.192.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.208.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.212.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.214.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.224.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.0.240.0/20 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.1.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.8.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.32.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.64.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.114.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.115.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.116.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.117.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.118.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.119.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.120.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.121.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.122.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.123.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.124.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.125.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.126.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.127.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/17 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.128.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.136.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.141.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.142.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.160.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.160.0/20 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.181.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.184.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.190.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.192.0/18 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.192.0/19 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.216.0/22 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.222.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.240.0/21 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.248.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.249.0/24 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Ab 1.1.254.0/23 198.51.100.1 ip4 200 40 30 100.126.12.2%vlan3000-ptmp-edge-routers
Re: v7 won't announce all iBGP routes to peer
Posted: Wed Dec 28, 2022 5:39 pm
by jd603
Unfortunately, no. I just tested on IPv6 BGP, i disabled the eBGP peer on the rosv6 router and no routes were added from the v7 router. No routes are being sent to the v6 router by v7 despite a filter to allow all and a basic configuration. There is clearly some type of issue. The only other thing I can see is this router was upgraded from ros v6, maybe it is just broken because of that upgrade process and I need to do a fresh install? Is that possible and worth my time? What is the process?
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Dec 29, 2022 12:24 am
by StubArea51
Unfortunately, no. I just tested on IPv6 BGP, i disabled the eBGP peer on the rosv6 router and no routes were added from the v7 router.
I think you mentioned earlier you were doing loopback peerings. This won't work with IPv6 between ROSv6 and ROSv7 because routing recursion to resolve the next hop of the loopback doesn't work in ROSv6 (although it does with IPv4)
If you try the same config between ROSv7 peers, does it work?
I'll add IPv6 to my test topology and confirm as well.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Dec 29, 2022 12:55 am
by jd603
No I am using static interface IP addresses. I tested on IPv6 but nothing I do will send routes to the v6 router on ip4 or 6.
the v6 router shows "updates-received=0" for the ibgp peers.
Not sure when I can test with another v7 router but will let you know if I do.
Is there a working config for routeros v7 i could look at for just iBGP full mesh with one or two eBGP peers and routes sharing between? This way if I mirror that config and if it doesn't work, I suspect something broken on the upgraded v7 router and can reinstall.
Re: v7 won't announce all iBGP routes to peer
Posted: Sat Dec 31, 2022 11:35 pm
by StubArea51
Update, I tested with a ROSv6 box using a CCR1036-8G-2S+ in place of the CCR2004 for edge-01 and got the same results. This is on IPv4 as I still need to fix my IPv6 route gen for full tables - so that will be my next test. But for ROSv6 to ROSv7 peerings on iBGP v4 afi, it appears to be working properly.
Here are the results which match the v7 to v7 peerings.
This is the edge-01 config on ROSv6.48.6 long term
/interface bridge
add name=lo-ipv4
add name=lo-ipv6
/interface bonding
add mode=802.3ad name=bonding1 slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-3-and-4
/interface vlan
add interface=bonding1 name=vlan901-isp1-hooli vlan-id=901
add interface=bonding1 name=vlan3000-ptmp-edge-routers vlan-id=3000
add interface=bonding1 name=vlan3100-ptp-core vlan-id=3100
/routing bgp instance
set default as=1016 router-id=100.127.1.1
/routing ospf instance
set [ find default=yes ] router-id=100.127.1.1
/ip address
add address=100.126.1.1/29 interface=vlan3100-ptp-core network=100.126.1.0
add address=100.127.1.1 interface=lo-ipv4 network=100.127.1.1
add address=203.0.113.2/29 interface=vlan901-isp1-hooli network=203.0.113.0
add address=100.126.12.1/29 interface=vlan3000-ptmp-edge-routers network=100.126.12.0
/ip dhcp-client
add disabled=no interface=ether8
/ipv6 address
add address=200:1ce:a1a:3100::1 advertise=no interface=vlan3100-ptp-core
add address=200:1ce:127::1/128 advertise=no interface=lo-ipv6
add address=3ffe:1001:1002::2 advertise=no interface=vlan901-isp1-hooli
add address=200:1ce:a1a:3000::1 advertise=no interface=vlan3000-ptmp-edge-routers
/routing bgp network
add network=198.18.0.0/22
/routing bgp peer
add default-originate=always name=peer-ipv4-rtr-core-01 out-filter=as1016-ipv4-internal-permit-default remote-address=100.127.1.3 remote-as=1016
add default-originate=always name=peer-ipv4-rtr-edge-02 remote-address=100.126.12.2 remote-as=1016
add default-originate=always name=isp1-hooli out-filter=as1016-ipv4-internal-permit-default remote-address=203.0.113.1 remote-as=65101
/routing filter
add action=accept chain=as1016-ipv4-internal-permit-default prefix=198.18.0.0/22 prefix-length=23-32 set-bgp-communities=1016:4
add action=accept chain=as1016-ipv4-internal-permit-default prefix=0.0.0.0/0 set-bgp-communities=""
add action=discard chain=as1016-ipv4-internal-permit-default set-bgp-communities=""
/routing ospf interface
add interface=vlan901-isp1-hooli network-type=broadcast passive=yes
add interface=vlan3000-ptmp-edge-routers network-type=point-to-point
add interface=vlan3100-ptp-core network-type=point-to-point
/routing ospf network
add area=backbone network=100.126.1.0/29
add area=backbone network=100.126.12.0/29
add area=backbone network=100.127.1.1/32
add area=backbone network=203.0.113.0/29
/system clock
set time-zone-name=America/Chicago
/system identity
set name=rtr-edge-01.rosv6.ipa.dev
/tool romon
set enabled=yes
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 12:13 am
by jd603
The problem with your design is it isn't using the standard ibgp full mesh, it's using ibgp-rr route reflector - this should not be required with my design and it isn't on any other vendors router that I know of. Once 7.7 is out of RC i will retry configuring as ibgp-rr even though it's not normal for a two router ibgp config.
Can you disable ibgp-rr and just use ibgp and get the same result of ALL ebgp routes being shared to ibgp neighbors?
Happy new year!
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 4:56 pm
by StubArea51
Happy New Year to you as well
The problem with your design is it isn't using the standard ibgp full mesh
This is intentional because I modeled it after a prod ISP peering edge and while you would use full mesh between full table routers, the peerings to the core would use route-reflection and filter out the full tables. The core router isn't reflecting any routes in this lab other than the BGP default. The full tables are exchanged via an iBGP mesh without route reflection.
Can you disable ibgp-rr and just use ibgp and get the same result of ALL ebgp routes being shared to ibgp neighbors?
So I did that and now all peers across all three routers are just in the 'ibgp" role without route reflection
The core router learned both tables as expected. Here is the output:
[zuul@rtr-core-01.v7.ipa.dev] > routing/stats/origin/print where name="bgp-IP-100.127.1.1" or name="bgp-IP-100.127.1.2"
Flags: Y - synthetic; Z - terminal; X - stopping; A - abandoned; H - hold; U - attrs-updated; M - attrs-merge
14 name="bgp-IP-100.127.1.1" instance-id=1686044931 publisher-idx=14 route-type="8" pid=bgp-remote-3
route-count=0,422501,0,0,0,0,0,0,0,0,0,0,0,0 total-route-count=422501
15 name="bgp-IP-100.127.1.2" instance-id=1686044931 publisher-idx=15 route-type="8" pid=bgp-remote-2
route-count=0,348845,0,0,0,0,0,0,0,0,0,0,0,0 total-route-count=348845
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 9:02 pm
by jd603
Very odd. I guess I can try a re-install. I'll mess with it some more and report back.
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 9:19 pm
by jd603
Wait hold up - your core router is v7 - the issue i have is v7 sending ibgp routes (ebgp learned and non ibgp-rr configured) to v6 ... v6 sends all routes to v7 fine.
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 9:59 pm
by StubArea51
Wait hold up - your core router is v7 - the issue i have is v7 sending ibgp routes (ebgp learned and non ibgp-rr configured) to v6 ... v6 sends all routes to v7 fine.
If you look at the setup this is happening on edge-02 which is ROSv7. It's sending eBGP learned routes from the Initech upstream via iBGP to edge-01 which is ROSv6. No RR configured
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 01, 2023 10:59 pm
by jd603
What routes are being sent to the v6 router? the current real internet routing table or one you generated? The only main config difference I see is you are using output.network with a firewall address list. When I add IP blocks to that they do get announced to their iBGP peer, or at least I was able to get at least some announced. If that isn't it I need to do a fresh install , possibly something is broken underneath i can't resolve without a reinstall.
I can't just add ::/0 to the address-list to get it to announce all the eBGP routes though...
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Jan 02, 2023 10:53 am
by StubArea51
What routes are being sent to the v6 router? the current real internet routing table or one you generated?
It's an MRT dump from RIPE into a CHR that acts as the upstream peer. MRT files are snapshots of the DFZ at a point in time so they have all of the unique AS paths, communities, prepends, etc that a "live" routing table would have. But BGP has no way to distinguish between the two - it's just learning routes from a peer and applying the best path algorithm.
I'll work on testing IPv6 as soon as i'm able to but as far as IPv4, route propagation looks correct whether it's a ROSv6 or ROSv7 peer both for learned routes and advertised routes.
Re: v7 won't announce all iBGP routes to peer
Posted: Mon Jan 02, 2023 6:48 pm
by jd603
OK. I'll do a re-install and config from scratch and will report back.
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 08, 2023 2:48 am
by jd603
Did a fresh CD install of 7.7rc4, chose to clear config on install, built the new config from scratch, very basic everything, v7 is still not sending ibgp routes to my v6 router. So.. show me your exact config, a basic config that does this without setting ibgp-rr. I can provide my full config as well if you'd like.
This time, even setting local.role to ibgp-rr doesn't send any routes either.
I tried with no output.filter and one with allowal filter with rule="accept;" , no difference. I'm actually thinking my config may be wrong some place but no idea where and i don't usually have this much trouble with routers. Only when I do output.network=addresslist-xyz does it send routes
Re: v7 won't announce all iBGP routes to peer
Posted: Sun Jan 08, 2023 7:15 pm
by jd603
Ok.. this could be a start to solving the mystery. the routes being learned from the eBGP peer are showing as "filtered" under /routing route .. they certainly should not be... even when withdrawing all other routes, they still show as filtered. So I will check my incoming filters first and then try to figure out why if that isn't it.
Yup... so it was how the v6->v7 script converted to v7 ... I used this same filter on the new install. It was setting bgp-local-pref and doing everything as before but it wasn't accepting those routes. Actually, it was sort of accepting them, but just not putting them into the fib and showing them as filtered. Some routers would drop these routes entirely so i was confused why i could see the routes, it showed all the routes as receiving from eBGP but it was just adding them and marking them as filtered. I like that method actually.
So finally figured this out, it was kind of dumb it took this long. haha I should have just cleared any filters to test. I did bail early and waited a long time to revisit after a flap bug that appears to also have been fixed now. So v7 starting to look better, i'm going to attempt some full production routers with it.
Re: v7 won't announce all iBGP routes to peer
Posted: Wed Jan 11, 2023 3:52 am
by Cha0s
Kind of expected if you think about it.
On v6 you have a nice intuitive GUI for implementing routing filters. And it's CLI counterpart is one to one matched to the GUI.
On v7 you have a monstrosity of "UI" (or lack thereof) that demands manually writing code to implement routing filters.
Stupid programmer decisions then trickle down to stupid user mistakes. Inevitably.
Re: v7 won't announce all iBGP routes to peer
Posted: Thu Jan 12, 2023 6:43 pm
by jd603
Well I prefer CLI, barely touch GUIs for configuration of anything. I'm sure they will follow up with proper GUI. Sure, v7 still needs some things like BFD and probably some more testing/bug fixes but it's cheap and it seems to be coming along nicely. Performance is much better.
Re: v7 won't announce all iBGP routes to peer
Posted: Fri Jan 13, 2023 2:43 pm
by Cha0s
CLI is different than having to write code to configure essential functionality for BGP.
Current model is not CLI.
I'm sure they will follow up with GUI, in a decade or so (about how long it took to get the glorious v7), when they'll decide yet again that their current implementation is sh*t and they will re-invent the wheel once more.
For some of us that have been using RouterOS for 20 years, we've seen this movie too many times before...