MikroTik

Hi ALL,

We are planning to migrate our Vyatta BGP router to RouterOS CCR1036-8G-2S+EM.

Existing Router Setting:
Router: AS number: Peering:
Vyatta Router1: AS :1001(IP:1.1.1.0/21) ISP1
Vyatta Router2: AS :1001(IP:1.1.1.0/21) ISP2,ISP3
Vyatta Router3: AS :1002(IP:2.2.2.0 /21) ISP4
Vyatta Router4: AS :1003(IP:3.3.3.0 /19) /(Hold AS number only)


Question:
1.Can we use one router(RouterOS CCR1036-8G-2S+EM) instead of the 4 x Vyatta router?
2.We want a bandwidth control via different ISP.(For example: IP:x.x.x.x/24,via ISP1 10M,via ISP2 10M,via ISP3 100M.)Is it support it?
3. We have 4 x ISP peering. How to control the inbound traffic from different ISP?

Tungho

Question:
1.Can we use one router(RouterOS CCR1036-8G-2S+EM) instead of the 4 x Vyatta router?

Yep - 1 bgp session to each peer.

2.We want a bandwidth control via different ISP.(For example: IP:x.x.x.x/24,via ISP1 10M,via ISP2 10M,via ISP3 100M.)Is it support it?

Different ways to do this but check Queues menu.


3. We have 4 x ISP peering. How to control the inbound traffic from different ISP?

Routing fileter and queues

Question:
1.Can we use one router(RouterOS CCR1036-8G-2S+EM) instead of the 4 x Vyatta router?

Yep - 1 bgp session to each peer.

Not quite right, they will need an instance per AS they are advertising, then a session per peer, but still possible.

3. We have 4 x ISP peering. How to control the inbound traffic from different ISP?

Routing fileter and queues

Queues can't really control this.

If you are advertising specific AS and IP blocks via different peers, then they will take the ISP that you are advertising to.
If you are advertising all blocks to all ISP's, You could use routing filters to "Path Stuff" or "Path Prepend" so it looks like a longer AS path for certain routes, so they are likely to take other inbound routes.

You could also simply not advertise ranges on certain peers at all, and change your advertisments on failure. Bit more down time this way.

Ultimately, some providers may ignore path length for local peering, or strict overrides for other business reasons. If you are advertising a block of IP's out multiple providers, you have little control about what path it takes to get to you when talking about the networks in between.

Hi ALL,

Thanks for your information.
Is it better to separate the ISP peering in different router or ALL oversea ISP peering into one router?
I'm concern the bandwidth control and control the incoming traffic,becasue of the vyatta can't do that now.

TungHo

I replaced 2 Vyatta Routers with Mikrotik ones, the setup is the basis for this blog post: http://robert.penz.name/779/howto-setup ... k-routers/

the best is to have one router With all bgp - if you thing about ease of setup etc. its also possible to find howtos here.

If you run multihomed bgp on different routers, you will ned some extra config, to get internal bgp to work - but still possible. I have done both scenarios.

Question:
1.Can we use one router(RouterOS CCR1036-8G-2S+EM) instead of the 4 x Vyatta router?

Yep - 1 bgp session to each peer.

Not quite right, they will need an instance per AS they are advertising, then a session per peer, but still possible.

3. We have 4 x ISP peering. How to control the inbound traffic from different ISP?

Routing fileter and queues

Queues can't really control this.

If you are advertising specific AS and IP blocks via different peers, then they will take the ISP that you are advertising to.
If you are advertising all blocks to all ISP's, You could use routing filters to "Path Stuff" or "Path Prepend" so it looks like a longer AS path for certain routes, so they are likely to take other inbound routes.

You could also simply not advertise ranges on certain peers at all, and change your advertisments on failure. Bit more down time this way.

Ultimately, some providers may ignore path length for local peering, or strict overrides for other business reasons. If you are advertising a block of IP's out multiple providers, you have little control about what path it takes to get to you when talking about the networks in between.

How to setup the 3 x AS number in one BGP router?
Any advice?

How to setup the 3 x AS number in one BGP router?
Any advice?

A few comments :-

1. You can have multiple PEERS on one single ROUTER using BGP, as long as your hardware can support it.
We have 20 to 30 peers (peering fabric connection) all on one MT Router.

2. Bringing up additional BGP Peers after the first one, is done exactly the same way as the first BGP Peer.

3. When Running BGP, you want to run Prefix List (ACL Filters), so that you can use the 'BGP Routing Protocol" Controls to manage inbound and outbound traffic.
Inbound is managed with AS Prepends, and BGP Communities
Outbound is managed with Weight and Local Pref.

4. Depending on how much traffic you are running, and what is that hardware on your vyatta box, you might want to reconsider running full BGP Tables with multiple peers on a CCR..... (With the current software ROS, CCR is limited to a single core for the BGP process, as such table updates can take a very long time).

5. If you want to breakout your Single Edge Router (doing BGP) into TWO Edge Routers (split the load.), it is possible, but the config will get a bit more complicated. (Robert above listed a great example of Two Edge Routers for a Failover Configuration)

Why do you want to use more than one AS number to the router? - Its possible using different instances and/or confederation. One example from one of my bgp routers:

ros code

/routing bgp instance
set default as=376 confederation=xx018 confederation-peers=1-1000 out-filter=bgp-out redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes router-id=172.31.1.76
add as=1001 client-to-client-reflection=no name=DC redistribute-connected=yes redistribute-ospf=yes redistribute-static=yes router-id=172.17.76.10
add as=xx018 name=vrf.internet redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes router-id=xx.135.56.61 routing-table=vrf.internet
/routing bgp instance vrf
add redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes routing-mark=vrf.internet
/routing bgp peer
add disabled=yes in-filter=Dc-in instance=DC multihop=yes name=DC out-filter=bgp-out remote-address=172.17.76.9 remote-as=1000 ttl=default
add address-families=l2vpn-cisco,vpnv4 default-originate=if-installed multihop=yes name="MPLS Vestby" remote-address=172.31.0.24 remote-as=24 tcp-md5-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ttl=default update-source=loopback
add address-families=l2vpn-cisco,vpnv4 default-originate=always disabled=yes multihop=yes name="BGP Forskningsparken" remote-address=172.31.0.76 remote-as=76 tcp-md5-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ttl=default update-source=loopback
add address-families=l2vpn-cisco,vpnv4 default-originate=if-installed multihop=yes name="MPLS Server Rom" remote-address=172.31.2.76 remote-as=676 tcp-md5-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ttl=default update-source=loopback
add default-originate=if-installed instance=vrf.internet multihop=yes name=BGP remote-address=xx.135.56.62 remote-as=xx018 route-reflect=yes ttl=default update-source=xx.135.56.61
add address-families=l2vpn-cisco,vpnv4 default-originate=if-installed multihop=yes name=Sagahuset remote-address=172.31.0.5 remote-as=5 tcp-md5-key=xxxxxxxxxxxxxxxxx ttl=default update-source=loopback
add address-families=l2vpn-cisco,vpnv4 default-originate=if-installed multihop=yes name="VPLS Term-Rom" remote-address=172.31.3.76 remote-as=976 tcp-md5-key=xxxxxxxxxxxxxxxxx ttl=default update-source=loopback

Exactly as above - each new instance of BGP is like another new BGP process, you get to assign it a new AS have its own Router ID etc.

Go into /routing bgp instance to add (in CLI or winbox), then as you are creating a peer you can define which instance it is a part of. Means you could have many AS's on the same router.

Can make some commercial sense if you are terminating/managing multiple networks from the same edge/core that you'd need multiple AS's advertised. I tend to path prepend though over a single session, via use of routing filters myself.

In a ibgp with confederation - as in my example - i can see a use for multiple AS's for internal local peers. - Otherwise, you just need one AS. To have two AS set in same router, just update the routes in the AS-set in ripe or whatever used to gain IP's to have all IP block set to same AS. If beeng global route for another ISP/AS-set - it should have its own router behind yours.

ibgp and confederation have no big practical use, unless running multiple vrf inside MPLS and use BGP to update MPLS tags. ) like my example)

Hi samsung172 ,

thanks for your useful information.
Our company had two AS number and 2 x IP range, so I'm asking how to setup the 2 x AS number in same router.
Is it possible to announce 2 x IP range to upstream ISP without configure the second AS number in router?

TungHo

Yes, you can advertise two network ranges without configuring two ASes.

If you really need second AS on your router, then add new BGP instance for it.

Hi All,

We must use 1 CCR1036 to mangle 3 x AS number, 3 x ISP peering and 1 x local IX,because of if use 3 x CCR1036 to mangle different AS number, the Qos can't mangle the local IX.(Use dst interface to control the bandwidth).
I'm trying to use samsung172 provided code to config it, but seems not working.
anyone can help it?


TungHo

Hi ALL,

I can setup the second AS number in one BGP router.
Based on our environment, we can’t combine the IP prefix into one AS number, because we are different company and different AS number.
If we announce the IP prefix to upstream ISP, but those IP prefix in different AS number, is it possible?


TungHo