Community discussions

MikroTik App
 
cololine
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed May 27, 2009 1:11 am

Cogent BGP: how to change forwarding-nexthop for loopback?

Sun Mar 25, 2012 4:52 am

Hello all -

I've recently set up that funky Cogent A/B BGP for some redundancy on my router, which already had BGP with my primary provider. Both the regular and loopback Cogent BGP sessions are connected, I'm getting Cogent's full route table, they are getting my announcements, my filters are set and all appears well. But traffic on Cogent's link is only flowing into my router - all outbound traffic is going via the other peer. I'll leave out the hours of troubleshooting I've done and boil it down to this: when I check the Nexthops listing in /ip route, I see that the Cogent loopback is using my other provider's gateway for it's forwarding-nexthop:
address=a.a.a.a gw-state=recursive forwarding-nexthop=b.b.b.b scope=30 check-gateway=none 
a.a.a.a = Cogent's side of the loopback, and b.b.b.b = my other provider's gateway. It seems to me that this would explain why all my outbound traffic goes to the other provider's link instead of Cogent's. So how did this get this way, and more importantly, how do I change it?

Thanks!
Ed
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: Cogent BGP: how to change forwarding-nexthop for loopbac

Mon Mar 26, 2012 11:40 am

Apply an inbound route filter to your BGP multi-hop session which changes the next-hop of received routes to that of their router on the /30. Something like this.
/routing filter
add chain=cogent-in set-nexthop=a.a.a.a

/ routing bgp peer
add name=cogent-a remote-address=a.a.a.a remote-as=174 multihop=no
add name=cogent-b remote-address=b.b.b.b remote-as=174 multihop=yes in-filter=cogent-in
 
cololine
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed May 27, 2009 1:11 am

Re: Cogent BGP: how to change forwarding-nexthop for loopbac

Mon Mar 26, 2012 4:52 pm

I did try various combinations of doing that and it did not work. Thanks for your example, but it's not specific enough for working code: there's an 'in nexthop', 'in nexthop direct', and an 'out nexthop' - which one would I set? Also, there are two sessions for cogent; one for the routes I announce to them, and one for the routes they send me. My consultant set the filters for the latter (the routes Cogent sends me) with an action of 'discard', but I still get all of Cogent's routes. I'm not clear at this point *exactly* where/how the changes you suggest are to be made. Here's my BGP peer and filter configs for the Cogent session; I've omitted the filters for the A side (COGENT-174) where I announce my nets to Cogent as those are working fine:
address-families=ip as-override=no comment="" default-originate=never disabled=no hold-time=3m \
    in-filter=COGENT-IN instance=default multihop=no name="COGENT-\t174" nexthop-choice=default \
    out-filter=COGENT-OUT passive=no remote-address=1.1.1.1 remote-as=174 remove-private-as=no \
    route-reflect=no tcp-md5-key="" ttl=default use-bfd=no

address-families=ip as-override=no comment="" default-originate=never disabled=no hold-time=3m \
    in-filter=in-cogent-lo instance=default interface=lo multihop=yes name=cogent-lo nexthop-choice=\
    default out-filter=out-cogent-lo passive=no remote-address=2.2.2.2 remote-as=174 \
    remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=2.2.2.3 \
    use-bfd=no

chain=out-cogent-lo invert-match=no action=discard 

chain=in-cogent-lo prefix=0.0.0.0 prefix-length=0 invert-match=no action=discard
 
cololine
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed May 27, 2009 1:11 am

RESOLVED Cogent BGP: how to change forwarding-nexthop...

Mon Mar 26, 2012 11:30 pm

So it turns out that Cogent had screwed up my BGP config on their side and were not sending me the route for my loopback, causing all my outbound traffic via the other peer. This being finally discovered after Cogent had sworn to me that everything was okey-dokey on their side. My configs in RouterOS were/are correct.

Who is online

Users browsing this forum: No registered users and 16 guests