hi all,

so last night i tried to make the new MikNoc7500 active as a border router.

I installed all 3 of our 'peers' in the BGP table, and they all connected and received updated ect.
I had our IP range listed in the 'networks'
i had our AS number in 'instances'

i was able to ping (for example 8.8.8.8 from the router no problems,
however, my back end 7500 was unable to ping beyond our peers next hop. (as in our providers IP)

the 'Core' Router has a static route to the Border router,
RIP is enabled on the Core router as we use it internally on our network, but it is not enabled on the Border, this is how we had the old Cisco's setup.

I know I'm forgetting something here, But basically tried to copy across what we had on our old cisco to the Mik but it would seem something is missing.

i know many people have setup border routers before with mikrotik, so has anyone got some pointers / step by step guides for this. The wiki got me as far as i am now.



ty.

There are three primary reasons traffic wouldn't pass through a router: it's blocking the traffic via a firewall rule, traffic is getting there but its routing table is discarding the packets due to the routing table, or traffic never gets there because of the downstream routing tables.

If you were able to pass traffic to the directly connected ISP network the firewall is presumably not the problem. That leaves the other two options. The border router itself can ping out to Google, so as long as it's just destination based routing its routing table is fine. That leaves the routing tables on the other routers.

Now, that's assuming you were announcing your networks right. If your core router was using a public IP address as a source IP and timed out at the ISP border that could also indicate the ISP doesn't have a route back to your public IP space because you botched the advertisement of your networks. The border router would pick the closest IP address to the destination as a source when pinging, and that's the ISP IP on your WAN interface. You can test against that by setting a manual source address on your border router when pinging. If that fails you probably screwed up advertising your networks. You can also consult looking glass servers on the Internet to look at how they see your prefixes in their global BGP tables.

Mind you, that's all wild guessing. Generally and vaguely describing a network isn't a very effective way to get help, you should consider posting a lot more information and troubleshooting output. Right now the best case is that a bunch of people post random ideas and you answer "nope" one by one until someone gets lucky. Post all the info you have available. For example, did you try to traceroute to 8.8.8.8 from the core router? What did that result in? That test would likely tell you immediately what the last successful hop is. Likewise with sourced pings.

A general hint if you don't have any detailed information to share yet: The best idea when operating in a maintenance window to implement a change like you tried to is to use a decent terminal emulator such as PuTTY, to set the scrollback ridiculously high (over 20,000 lines), and to have it log to a file. That way when you have to back out because something didn't work you have all your troubleshooting information right there. It's also something good to attach to your change management software or trouble ticketing software ticket. That way you can always look it back up. Even for smaller operations these are good best practices to follow. At the very least it makes getting quick help a lot easier.

Yeah, it was more a quick post

now I'm rather sure it is the communication or something between the 2 routers.
one thing i did notice, when i monitored the traffic on the Ethernet, is i could see one of our servers trying to ping 8.8.8.8 but traffic was only 'one way' it was as if it was firewalled.

by the time we got around to this router it was 5am, so problem solving skills where down to a minimum, We did a massive server room upgrade, UPS's, new switches ect. we didn't plan on doing the BGP router that night but thought we would give it a try. We are planning on it tonight.

all fixed, knew it was something stupid.

had an IP address in with the wrong network. *derrrrr*

Now to work out BGP/AS preferences on mik to try send traffic though specific links.