Hi fellow Tik'ers,
I manged to peer successfully with our first of three ISPs. We do receive teh routes but all the routes BGP routes are inactive with the state gateway unreachable. Any obvious reasons of why this would be?
The TCP connection (BGP peering) works fine over two VLAN intefaces distinguishing between national and international traffic. The national interface's peer has a prefix count of 3359 whereas the international interface has only 1, the default route.
Any help would be appreciated!
--
Stefan
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Hi mrz,
thank you for pointing me to that wiki article. I read through it and figured that I cannot apply "Add default route with scope < target-scope of BGP routes:" as the default route is also a BGP route (which I cannot adjust).
Further, all BGP routes received have a gateway which is directly connected though one of the two VLAN interfaces with a /31 network. If I add a static route for the default gateway (pointing to my international remote VLAN peer), the route will be inactive if I define the IP address as the gateway. As soon as I make this gateway an interface, the route becomes active. Unfortunately, this cannot be done to dynamic BGP routes.
Btw. we are running RB600 with ROS 4.11 .
Thanks,
Stefan
thank you for pointing me to that wiki article. I read through it and figured that I cannot apply "Add default route with scope < target-scope of BGP routes:" as the default route is also a BGP route (which I cannot adjust).
Further, all BGP routes received have a gateway which is directly connected though one of the two VLAN interfaces with a /31 network. If I add a static route for the default gateway (pointing to my international remote VLAN peer), the route will be inactive if I define the IP address as the gateway. As soon as I make this gateway an interface, the route becomes active. Unfortunately, this cannot be done to dynamic BGP routes.
Btw. we are running RB600 with ROS 4.11 .
Thanks,
Stefan
Re: eBGP routes all inactive due to gateway unreachable
it might be helpful if you post actual routes (unchanged / original IPs) and interface information.
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Hi azg,
thanks for your reply.
Please find the config information below.
IP addresses:
BGP instance
BGP peers:
Active routes:
Configuration:
I do not have any VRF configured as does not seem to be mandatory according to any of the Wiki articles.
Please advise.
Many thanks. Stefan
thanks for your reply.
Please find the config information below.
IP addresses:
Code: Select all
>ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; untagged uplink
a.a.40.3/31 a.a.40.2 a.a.40.3 toUplink
1 a.a.40.17/28 a.a.40.16 a.a.40.31 toNetwork
2 10.10.10.2/24 10.10.10.0 10.10.10.255 toNetwork
3 a.a.16.215/31 a.a.16.214 a.a.16.215 International_VLAN
4 a.a.16.217/31 a.a.16.216 a.a.16.217 Domestic_VLANCode: Select all
>routing bgp instance print
0 name="default" as=65430 router-id=0.0.0.0 redistribute-connected=no
redistribute-static=no redistribute-rip=no redistribute-ospf=no
redistribute-other-bgp=no out-filter="" client-to-client-reflection=yes
ignore-as-path-len=no routing-table=""
Code: Select all
>routing bgp peer print
# INSTANCE REMOTE-ADDRESS REMOTE-AS
0 E default a.a.16.216 <ISP AS>
1 E default a.a.16.214 <ISP AS>
Code: Select all
>/ip route print detail where active
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
2 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.2 gateway=toNetwork gateway-status=toNetwork reachable distance=0 scope=10
16 ADC dst-address=a.a.16.214/31 pref-src=a.a.16.215 gateway=International_VLAN gateway-status=International_VLAN reachable distance=0
scope=10
17 ADC dst-address=a.a.16.216/31 pref-src=a.a.16.217 gateway=Domestic_VLAN gateway-status=Domestic_VLAN reachable distance=0 scope=10
18 ADC dst-address=a.a.40.2/31 pref-src=a.a.40.3 gateway=toUplink gateway-status=toUplink reachable distance=0 scope=10
19 ADC dst-address=a.a.40.16/28 pref-src=a.a.40.17 gateway=toNetwork gateway-status=toNetwork reachable distance=0 scope=10
Code: Select all
/routing bgp instance
set default as=65430 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no \
redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing bgp peer
add address-families=ip,ipv6 as-override=no comment="" default-originate=never disabled=yes hold-time=3m in-filter=bgp-in instance=default interface=\
Domestic_VLAN multihop=no name=DomesticPeer nexthop-choice=force-self out-filter="" passive=no remote-address=a.a.16.216 remote-as=<ISP AS> \
remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=Domestic_VLAN use-bfd=no
add address-families=ip,ipv6 as-override=no comment="" default-originate=never disabled=yes hold-time=3m in-filter="" instance=default interface=\
International_VLAN multihop=no name=InternationalPeer nexthop-choice=default out-filter="" passive=no remote-address=a.a.16.214 remote-as=<ISP AS> \
remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=International_VLAN use-bfd=noPlease advise.
Many thanks. Stefan
Re: eBGP routes all inactive due to gateway unreachable
this is full of manual edits -- sorry, you're on your own that way.
i don't understand why people are so afraid of telling their IP or AS numbers.
also -- the config does not look like being real with two upstream BGP peers being a.a.16.214 and a.a.16.216... normally the providers assign addresses to you for this purpose from their address spaces. this looks more like a school assignment to me.
before BGP make sure you understand IP addressing & in particular netmasks. and if you have real, unaltered config you can still post it.
andy
i don't understand why people are so afraid of telling their IP or AS numbers.
also -- the config does not look like being real with two upstream BGP peers being a.a.16.214 and a.a.16.216... normally the providers assign addresses to you for this purpose from their address spaces. this looks more like a school assignment to me.
before BGP make sure you understand IP addressing & in particular netmasks. and if you have real, unaltered config you can still post it.
andy
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Hi Andy,
sorry for the confusion. I thought I was just following common practise by not posting full IPs as this seems to be the case in the majority of posts. On the other hand, I am quite confident, that I can recreate the scenario with whichever IP addresses I want.
However, a.a. is meant to be 111.69. and the remote AS is 23655.
Do you want me to post the previous config with those amendments made?
The remote peer is a Juniper and it is indeed a real configuration as provided by the upstream ISP.
Thanks for your help.
Stefan
sorry for the confusion. I thought I was just following common practise by not posting full IPs as this seems to be the case in the majority of posts. On the other hand, I am quite confident, that I can recreate the scenario with whichever IP addresses I want.
However, a.a. is meant to be 111.69. and the remote AS is 23655.
Do you want me to post the previous config with those amendments made?
The remote peer is a Juniper and it is indeed a real configuration as provided by the upstream ISP.
Thanks for your help.
Stefan
Re: eBGP routes all inactive due to gateway unreachable
yes complete, unaltered config of 1:1 exactly the problem would help.
i wonder in particular for the peering networks how come there are /31 subnets.
i wonder in particular for the peering networks how come there are /31 subnets.
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
IP Addresses:
BGP instance
BGP peers
Active routes:
Configuration:
I hope, this sheds some light.
Thanks,
Stefan
Code: Select all
[stefan@toISP] > ip add pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; toSnap
111.69.40.3/31 111.69.40.2 111.69.40.3 toISP
1 111.69.40.17/28 111.69.40.16 111.69.40.31 toNetwork
2 10.10.10.2/24 10.10.10.0 10.10.10.255 toNetwork
3 111.69.16.215/31 111.69.16.214 111.69.16.215 International_VLAN1425
4 111.69.16.217/31 111.69.16.216 111.69.16.217 Domestic_VLAN1424
Code: Select all
[stefan@toISP] > rou bgp ins print
Flags: X - disabled
0 name="default" as=65430 router-id=0.0.0.0 redistribute-connected=no
redistribute-static=no redistribute-rip=no redistribute-ospf=no
redistribute-other-bgp=no out-filter="" client-to-client-reflection=yes
ignore-as-path-len=no routing-table=""
Code: Select all
[stefan@toISP] > rout bgp pe pr
Flags: X - disabled, E - established
# INSTANCE REMOTE-ADDRESS REMOTE-AS
0 E default 111.69.16.216 23655
1 E default 111.69.16.214 23655
Code: Select all
[stefan@toISP] > ip route print detail where active
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
1 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.2 gateway=toNetwork
gateway-status=toNetwork reachable distance=0 scope=10
42 ADC dst-address=111.69.16.214/31 pref-src=111.69.16.215
gateway=International_VLAN1425
gateway-status=International_VLAN1425 reachable distance=0 scope=10
43 ADC dst-address=111.69.16.216/31 pref-src=111.69.16.217
gateway=Domestic_VLAN1424 gateway-status=Domestic_VLAN1424 reachable
distance=0 scope=10
44 ADC dst-address=111.69.40.2/31 pref-src=111.69.40.3 gateway=toISP
gateway-status=toISP reachable distance=0 scope=10
45 ADC dst-address=111.69.40.16/28 pref-src=111.69.40.17 gateway=toNetwork
gateway-status=toNetwork reachable distance=0 scope=10
Code: Select all
/routing bgp instance
set default as=65430 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing bgp peer
add address-families=ip,ipv6 as-override=no comment="" default-originate=\
never disabled=no hold-time=3m in-filter=bgp-in instance=default \
interface=Domestic_VLAN1424 multihop=no name=DomesticPeer nexthop-choice=\
force-self out-filter="" passive=no remote-address=111.69.16.216 \
remote-as=23655 remove-private-as=no route-reflect=no tcp-md5-key="" ttl=\
default update-source=Domestic_VLAN1424 use-bfd=no
add address-families=ip,ipv6 as-override=no comment="" default-originate=\
never disabled=no hold-time=3m in-filter="" instance=default interface=\
International_VLAN1425 multihop=no name=InternationalPeer nexthop-choice=\
default out-filter="" passive=no remote-address=111.69.16.214 remote-as=\
23655 remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default \
update-source=International_VLAN1425 use-bfd=no
Thanks,
Stefan
Re: eBGP routes all inactive due to gateway unreachable
RouterOS does not work with /31 addresses. You have to set either point to point /32 or /30 addresses
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Hi mrz,
thanks for your reply. Can you please explain which part of RouterOS does not work with /31?
Since the peering works and I do receive all the routes through from the two peers, I assume /31 works on TCP and on general routing?
Is it just BGP related or which other functionalities suffer? Do you know, is there any plan to make RouterOS work with /31, please?
Thanks,
Stefan
thanks for your reply. Can you please explain which part of RouterOS does not work with /31?
Since the peering works and I do receive all the routes through from the two peers, I assume /31 works on TCP and on general routing?
Is it just BGP related or which other functionalities suffer? Do you know, is there any plan to make RouterOS work with /31, please?
Thanks,
Stefan
Re: eBGP routes all inactive due to gateway unreachable
Roting in general will not work properly. As yo can see, when /31 is added ip address and broadcast address are the same.
0 ;;; toSnap
111.69.40.3/31 111.69.40.2 111.69.40.3 toISP
In RouterOS address should not match broadcast or network.
In your case I'm guessing BGP installs routes with gateway 111.69.40.2, routeros is unable to resolve the gateway because 111.69.40.2 is the network address.
0 ;;; toSnap
111.69.40.3/31 111.69.40.2 111.69.40.3 toISP
In RouterOS address should not match broadcast or network.
In your case I'm guessing BGP installs routes with gateway 111.69.40.2, routeros is unable to resolve the gateway because 111.69.40.2 is the network address.
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Well, if I go static routes only, everything works sweet, as I can assign an interface as gateway. Doing BGP it populates the gateway with the peer IP (as expected). And this gateway shows as unavailable, even though the dynamic entry generated by IP address assignment show the gateway being available/being connected.
However, if this is still not related to BGP as you say, is there any plan to fix /31 functionality?
Thanks,
Stefan
However, if this is still not related to BGP as you say, is there any plan to fix /31 functionality?
Thanks,
Stefan
Re: eBGP routes all inactive due to gateway unreachable
There are no plans to add /31 functionality at least in near future.
For BGP routes you can try to set gateway as interface with routing filter.
For BGP routes you can try to set gateway as interface with routing filter.
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Hi mrz,
this routing-filter gateway assignment might be my solution. Can you provide me an example or put me in the right direction please?
I tried,
but that had no effect.
Thanks,
Stefan
this routing-filter gateway assignment might be my solution. Can you provide me an example or put me in the right direction please?
I tried
Code: Select all
add chain=bgp-in prefix=0.0.0.0/0 set-out-nexthop=111.69.16.214 set-pref-src=111.69.16.215 disabled=no
but that had no effect.
Thanks,
Stefan
Re: eBGP routes all inactive due to gateway unreachable
/routing filter
add chain=bgp-in set-in-nexthop-direct=ether1
add chain=bgp-in set-in-nexthop-direct=ether1
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Mrz,
very good, my routes through one of the two VLANs are marked active now.
Traceroute in and out of the router still does not work.
Traceroute from the router out gives a timeout on the first hop.
traceroute from the outside fails at the last hop.
Somehow, the router still does not know, where to send the packets.
The interface is now assigned properly.
Thanks,
Stefan
very good, my routes through one of the two VLANs are marked active now.
Traceroute in and out of the router still does not work.
Traceroute from the router out gives a timeout on the first hop.
traceroute from the outside fails at the last hop.
Somehow, the router still does not know, where to send the packets.
The interface is now assigned properly.
Thanks,
Stefan
-
-
FutureProof
newbie
- Posts: 36
- Joined:
- Contact:
Re: eBGP routes all inactive due to gateway unreachable
Excellent, /30 resolved it.
Thanks mrz.
Thanks mrz.
Who is online
Users browsing this forum: saahil and 58 guests