MikroTik

airbanduk

Resurrecting this as I have a perfect use case for /31 support, that can't be fixed with a /32 kludge - BGP. While /31 with MT side being the odd number does work for point to point connectivity, if you try and set up a BGP session between the two you will not be able to receive prefixes. Why? Becau...

airbanduk

1. The RFC explicit saids this: "Usually, a cluster of clients will have a single RR. In that case, the cluster will be identified by the BGP Identifier of the RR. However, this represents a single point of failure so to make it possible to have multiple RRs in the same cluster, all RRs in the same...

airbanduk

I've started to see some strange behaviour on one of my networks that I can't seem to get my head around. With OSPF fully converged, I have a stable, loop free network with full reachability configured in a resilient ring topology. When a link goes down, we then see some strange things happen. Some ...

airbanduk

You could try AS path prepending to ISP1. That should make more of your prefixes prefer to reach you over ISP2 as you will appear closer in terms of AS hops. Unless you connect to the same ISP on both links, setting communities is only of limited value, unless you can get both ISPs to agree to using...

airbanduk

OSPF is an IGP, BGP is an EGP, they have different use cases. By default, eBGP > OSPF > iBGP in terms of administrative distance, but BGP communities are not attributes that directly affect the best path algorithm. Communities are used simply to tag a prefix that another peer can check to see if it ...

airbanduk

Indeed, however I think it's less of a 'how to' and more of an example of how cluster IDs work. The point being it's not simply a matter of setting the same cluster ID on all route reflectors in the cluster every time you turn on reflection. You need to way up whether it's something you need and not...

airbanduk

Can you please explain what you mean by forward to another address? Do you mean NAT (changing one address for another) or do you mean using a different gateway or forwarding path? For the former you're in the right place, but you need to select a match condition and an action. The match will be what...

airbanduk

Can you please point out the part in the RFC that says you must use the same ID on all members of the same cluster? I was going to draw a diagram of a scenario that would cause blackholing, but I found one on this website http://network-101.blogspot.co.uk/2011/06/bgp-cluster-id-loop-prevention.html ...

airbanduk

Can you post the rule as you have it now? Did you remove the source port?

airbanduk

OK, ignore my post about the cable modem setup, it's red herring but I just wanted to be sure.

Have you tried the NAT rule I posted?

airbanduk

You seem to have the same router-id on all neighbours, is this router connected to only one other by four interfaces? You also have a network type of broadcast, yet there have been no DR/BDR elections. Check the config on the neighbour router - is it even set to send non-mutually connected prefixes ...

airbanduk

Hold up, your Mikrotik router is behind a cable modem that is giving out 192.168.100.0/24 addresses, so your ether1 interface is in this range? Have you set up port forwarding on your cable modem? If not, that's where you need to start. Whichever device gets the public IP is where you need to do the...

airbanduk

You haven't specified a port to match against.

chain=dstnat dst-port=81 action=dst-nat to-addresses=192.168.1.10 to-ports=81 
protocol=tcp in-interface=ether1

You don't need the second src-nat rule as masquerade will take care of it

airbanduk

You need to set an action of dst-nat. You also don't need to specify source port, as this will be randomly chosen when the connection is established. Try this:

chain = dstnat
protocol=6(tcp)
dst.port 88
action = dst-nat
to-addresses = 10.10.10.191
to-ports = 88

airbanduk

BGP communities allow you to change the route processing by tagging prefixes that get flooded throughout your BGP network. What you want to use them for is up to you, but I use them for setting local pref and MED values. For example, I set a particular community for a customer route depending on whi...

airbanduk

You need to configure both Route-reflector in the same cluster ID. This is not a requirement, and can actually black hole traffic if not thought carefully. If not all clients are fully-meshed to both route reflectors, or you have multiple link failures, the route reflectors may not forward routing ...

airbanduk

hello, my routes learned by RR appear unreachable in the peers, why is that? Most likely your border routers' Internet attachement circuits' IP ranges are not being advertised into your OSPF. ... On your border routers, be sure to add network=x.x.x.x/30 for each ISP-facing interface, and set them a...

airbanduk

I've never done this on Mikrotik, but you could have the two ISPs in separate VRFs and the local routes and backbone peers in the main table.By using route target imports, you can leak the global table into the VRFs but keep the ISP learned prefixes separate from each other. No more routing marks. Y...

airbanduk

BGP is done via policy, rather than single metric calculation. You will have both an inbound and outbound policy. Your outbound policy affects how you receive traffic from peers; your inbound policy affects how you reach external peers. Also note you only really have control over your inbound policy...

airbanduk

I think you've finally cracked it, but reading your previous post I just wanted to make sure you were clear on why it started working. When you add the network statement network=0.0.0.0/0, it doesn't simply enable the multicast group. What you are telling the router to do is to find all interfaces t...

airbanduk

I would say it's not 'normal' to have a DHCP client add itself to a dynamic routing protocol. Though as you know which subnet the router will be connecting to (even if the address is by DHCP) then you can add a manual entry to the RIP config for that subnet. When the router gets its address from DHC...

airbanduk

What IP addresses are assigned to each port? If all traffic ends up going to the same gateway 10.194.12.1, why do you have two different ports to the same subnet? You can't separate these out in the routing table as they belong to the same subnet. You could do this by using a VRF and splitting them ...

airbanduk

Routers send RIP updates with a next hop of 0.0.0.0 to tell the neighbour to use the source address of the update packet as the next hop. The only time it is not set to 0.0.0.0 is when the advertising router knows of a closer router to the destination on the same subnet.

airbanduk

Thanks again. You've pretty much confirmed everything I had got to when I wrote the first post. I'm not going to comment on the points you made on your penultimate post as I think you now understand where I was coming from, so I'll just confirm what it is I was trying to achieve. Inside each NSSA is...

airbanduk

How are you assigning IPs to clients - DHCP, PPPoE? Do they all connect to this one router or are they distributed?

How you go about configuring your pools depends on what the rest of your network looks like and how it fits together. There's no one way to do this, so it's hard to advise.

airbanduk

If you want to make the decisions on which sites routes out which gateway, you will probably have more luck with static routing and use floating defaults and tracking. You can set your preferred primary gateway as normal but add the check-gateway=ping to make sure it is up. Then add a second default...

airbanduk

How are you advertising your routes to the Internet? Are you using BGP or is your ISP advertising them for you?

You might also want to split the large pool into much smaller pools for easier management.

airbanduk

Is the problem you're having that the default route isn't being sent to all routers? Set a static route on M03 /ip route add dst-address=0.0.0.0/0 gateway=172.31.109.210 The set RIP to send a default either always or if-installed /routing rip set distribute-default=always Check M01 and M02 now have ...

airbanduk

Thanks ZeroByte I designed this using Cisco routers and discovered that the summary-address command only filters more specific prefixes if it matches a type 7 LSA - all type 5 LSAs pass into the backbone even if they match the summary-address prefix. So it only works with NSSAs. However, when I trie...

airbanduk

Hi I'm having trouble setting the right filter to remove E2 prefixes from being advertised to the backbone. I have multiple ASBRs within an area all injecting a static /24 prefix into OSPF as E2. The ABR for the area is injecting a static summary for all these E2 prefixes as E1 to the backbone. How ...

airbanduk

Those errors are exactly what I see on CCR1009/1016 in the access network when the wireless links cause the neighbours to drop. On one side the neighbour comes up in 'Full' state, but the other cycles through the OSPF FSM in the way you've shown. I have to reboot the one that thinks it's Full to bri...

airbanduk

OK, some more testing and I think I know what the problem is. It seems the summary LSAs only get generated by the ABR if there is another OSPF neighbour in that area. This is kind of a problem, because if I want to make each backbone router an ABR to use the summarisation feature, I can only do it o...

airbanduk

Have you tried a later firmware release? When was the last update and configuration change made? I've been using 6.35 on the 1072 and they've been really stable. The only time I've seen OSPF play up without a config change is on wireless links if the signal degrades, seems the remote router needs a ...

airbanduk

I am struggling with OSPFv3 areas also, I just can't seem to get the summary to advertise to the backbone. /ipv6 add print G 2a07:6a80:c40f::1/48 LOOPBACK-PPPoE /routing ospf-v3 area print 0 * backbone 0.0.0.0 default 1 area12 0.0.0.12 default area range print 0 area12 2a07:6a80:c400::/44 calculated...

airbanduk

The CCR1072 is best utilized for large volumes of IP transit

72 cores and 16GB RAM, just screams BGP router rather than packet forwarder. Shame it doesn't live up to that.

I'll look in to BIRD as well, I was thinking of creating a looking glass anyway.

airbanduk

I may just go back to the original design, which had the core routers do all the main BGP processing. I figured by offloading the BGP compute, the core could get back to doing its primary job of high speed packet switching. Shame really because they've been really stable, but if they can't function ...

airbanduk

Thanks for the thoughts. Does a single prefix being withdrawn require a full recompute of BGP then? I know that the CCR1072 is slow on a full table - the mistake I made with a filter ended up pushing all prefixes from our ASR1k to the CCR, and even after I fixed it in less than a minute, it still sp...

airbanduk

I'm currently looking at a new design that will see chassis based routers take over our current dual-CCR1072 core. I want to put these to good use as they've been rock solid since deployment, and I was thinking of using them as dedicated route servers. I've read a few threads on here already and the...

airbanduk

Do you have any filters applied? If yes, check what is being advertised to router B from A against the filter. Are the prefixes from router A locally generated or are they learned from some other router? If they are learned from another iBGP router they wont be forwarded unless they are reflected. T...

airbanduk

/routing filter print chain=bgp-ext-in bgp-communities=65000:65120 invert-match=no action=accept set-bgp-local-pref=120 set-bgp-prepend-path="" /ip route print detail where bgp-local-pref=120 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,...

airbanduk

Actually on MikroTik it doesn't need to be in the routing table at all to be originated No, but it still needs to be originated somewhere. If it hasn't been explicitly configured, BGP won't advertise them. I'm just trying to find out from the OP how those /24 blocks are being generated, as all he's...

airbanduk

That is certainly the behavior of some routing platforms like Cisco, but MikroTik can advertise a prefix without it existing in the routing table. But it must surely exist in the BGP table in order for it to be advertised, and if it's in the BGP table, isn't it going to be in the routing table (may...

airbanduk

I've noticed in testing that the way local preference attribute is sent to peers depends on whether the prefix was learned through iBGP or eBGP. If the prefix is learned thorugh eBGP, the local pref is sent unaltered to iBGP peers as you would expect. However, if the prefix is learned from an iBGP p...

airbanduk

BGP communities are 32-bits long in total, so if you have a 32-bit ASN you can't use the standard ASN:xxx community values.

Best bet until large BGP communities become useful is to use a private ASN for the first 16 bits, such as 65530:100 etc.

airbanduk

Do all four /24 from that block exist in your local route table as /24?

BGP won't advertise a prefix unless it has an exact match present in the routing table.

Search found 45 matches