MikroTik

Hello all -

I have a client who is going to be bringing in some of their own direct IPv4 allocation. I checked with our carrier, assuming we'd need to get them an LOA from the client authorizing them to announce the client's address space and then accept those same prefixes back from our RouterOS router on our existing BGP session with the carrier (we'll be doing this with two carriers in tandem, so it does have to be BGP, not static routes). They answered that we can just announce the client's prefixes under our own ASN. Can someone provide an example of how this would be done? I have not turned up anything that I can recognize by searching the docs or this board.

Thanks!
- Ed

just add their networks under BGP Networks =)

Yep, it turns out it's just that easy. A little disturbing, though, how easy it can be to hijack someone else's address space. Yes, the upstream won't allow your advertisements through without an LOA, but still....

Ed

sometimes uplink is blocking invalid advertisements, but sometimes you're able to hijack youtube's traffic, like Pakistan did in February 2008 welcome to the world of BGP - it's NOT secure so much...

Ok, so I've got this set up... and it's not working. I've added the client's subnets to my networks and filters and I've had the upstream add them to their filters so they can accept them back. They appear to be advertising back to my carrier's side of the session:

/routing bgp advertisements print
PEER PREFIX NEXTHOP AS-PATH ORIGIN
AB-1234 XXX.XXX.XXX.0/22 XXX.XXX.XXX.XXX 174,3561,40430 incomplete
AB-1234 XXX.XXX.0.0/19 XXX.XXX.XXX.XXX 174,3561,40430 incomplete
AB-1234 XXX.XXX.XXX.0/22 3XXX.XXX.XXX.XXX 174,3561,40430 incomplete

...but I've noticed that, unlike a /24 from my own direct ARIN allocation which I'm using on this same BGP session, these have other ASN's listed in the AS-PATH, and further, these say 'incomplete' under origin, while my own allocation says 'igp' there. And the carrier is saying that they are NOT seeing these three nets on their side of the session. I've set them up in ROS just like my own /24. Please help.

Thanks,

Ed

Update to this: my carrier did a 'soft clear' of the BGP session from their side, and when it came back up, they saw the advertisements for the clients nets. But as soon as their router finished sending me the full route table, the advertisements went away on their side. All along they've shown as being sent on my side - any ideas?

Are you advertising the prefix with 'synchronize=no' under /routing bgp network?

That's correct, I am not using synchronize. The client is advertising these subnets with another provider right now, my provider appears to have the routes for those. But shouldn't my advertisement take precedence on their network?

Do you have the /24 route in your own local routing table? i.e. an active route sending the traffic somewhere locally? If not then you will not announce the route as being local and you will just see the route from the internet (which you might try to advertise back out).

Regards,

The /24 is not the net in question. I was checking the route using my upstream's looking glass and it confirmed what I was seeing in the RoS Adv list. In any case, this is on hold now as I just found out the client jumped the gun, we've back it all out. Hopefully things will go smoothly the second time around, otherwise I'll be back. Thanks to all who chimed in.

Ed

RESOLUTION: Hurricane Electric (the carrier with which we were having this issue) requires a 'valid nexthop' or they will drop the nets being announced back to them, so the solution was to chose 'force self' for the nexthop choice in the BGP session. Hope this will help someone else in the future.