BGP - best route

jakubwlo · August 7, 2007, 10:37am

Hi,

I have two route on Mikrotik 2.9.45 :

0  Db  dst-address=62.29.128.0/17 gateway=217.x.x.x pref-src=194.x.x.x interface=e1_GTS gateway-state=reachable 
        distance=20 scope=255 target-scope=10 bgp-as-path="8246,8938" bgp-weight=100 bgp-local-pref=100 bgp-origin=igp 

 1 ADb  dst-address=62.29.128.0/17 gateway=194.x.x.x pref-src=194.x.x.x interface=e6_Serwery gateway-state=reachable 
        distance=20 scope=255 target-scope=10 bgp-as-path="12968,8664,8938" bgp-weight=30 bgp-local-pref=30 
        bgp-origin=igp

Why second route is active? First route has highest bgp-weight, highest bgp-local-pref , shortest AS-PATH and route is still inactive. What I do wrong ?

Regards
Jakub

changeip · August 7, 2007, 7:21pm

are you using 2 bgp instances, one for each peer ? If so that is the problem, if not, then something else : )

jakubwlo · August 8, 2007, 8:13am

Thx, you have right. I had 2 bgp instances, when I change to one bgp instance is works .

jakubwlo · August 8, 2007, 11:05am

However, it does not work. When I change to one instances on one router is ok, but I change on second router, router receives wrong routes( gateway is from other route). This is my scheme:

| Router 1 | ------------------------------- AS2 GATEWAY ISP1

|
|
AS1
|
|

| Router 2 | ------------------------------- AS3 GATEWAY ISP2

I have two instances bgp for each router. One to remote AS and two to my AS on second router.

Have you other idea?

changeip · August 8, 2007, 3:29pm

Do you have any routing filters setup ? You probably need to make in and out filters for each peer so that they are not sending each other routes that shouldn’t be there. Without filters all hell will break loose : )

BrianHiggins · October 31, 2007, 9:00pm

we are getting ready to move from a single bgp router to 2 routers, same as above, anyone have some filter examples?

changeip · October 31, 2007, 9:28pm

2 border routers and one core router ? are you going to run bgp/igp between them to give each other the others routes ?

BrianHiggins · October 31, 2007, 11:15pm

yes, the future plan is 2 boarder routers, and 1 core router. for now we just brought up the 2nd fiber provider earlier today on our one active boarder router.

I’m actually running into an issue right now trying to correctly shape the traffic so that it primarily routes only over provider A, and almost never provider B. my outbound traffic was easy enough to control, but I’ve tried creating a route filter to prepend as paths to the provider that I do not want to route across, but even with setting a rather high as prepend number, it does not seem to affect inbound traffic routing:

/routing filter
add chain=ASPrePend invert-match=no action=passthrough set-bgp-prepend=8 \
    comment="" disabled=no

/ routing bgp peer 
add name="Peer" instance=default remote-address=1.2.3.4 remote-as=111111\
    tcp-md5-key="abc123" nexthop-choice=default multihop=no route-reflect=no \
    hold-time=1m30s ttl=1 out-filter=ASPrePend \
    comment="" disabled=no

changeip · November 1, 2007, 5:27am

prepend 8 is a little steep… they might be ignoring it. Try 3, 4, or 5 maybe ? BGP isnt perfect and you will have no way to stop traffic from completely coming in the secondary pipe as long as your announcing it. we are in the same boat - expensive and cheap bandwidth : )

BrianHiggins · November 1, 2007, 6:42pm

i think they were dampening me last night when testing… I’ve got what I think is a good working filter now, but I have to wait to try it because they are again dampening me and ignoreing my updates… I’ll post back this evening with what I find.

BrianHiggins · November 2, 2007, 5:56am

I’ve tried this rule, but it doesn’t seem to be working… I want to keep as much bandwidth routing across the cheap provder, and minimize the traffic on the expensive connection.

it seems that it’s applying this rule to all incoming routes, including the ones on the cheap provider.

/ routing filter 
add chain=ASPrePend bgp-as-path-length=!1 invert-match=no action=accept \
    set-bgp-prepend=1 comment="" disabled=no 

/ routing bgp peer 
add name="expensive" instance=default remote-address=1.2.3.4 remote-as=12345 \
    tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no \
    hold-time=0s ttl=1 in-filter="" out-filter=ASPrePend comment="" \
    disabled=no 
add name="cheap" instance=default remote-address=4.3.2.1 \
    remote-as=54321 tcp-md5-key="" nexthop-choice=default multihop=no \
    route-reflect=no hold-time=3m ttl=1 in-filter="" out-filter="" comment="" \
    disabled=no

changeip · November 2, 2007, 3:34pm

use this one:

/ routing filter
add chain=ASPrePend invert-match=no action=accept
set-bgp-prepend=4 comment=“” disabled=no

Also, I’m not sure if you posted all the filters, but if not, I would highly suggest you providing some additional routing filters for inbound and outbound, for security and stablity reasons. Here are some examples:

add chain=level3-in prefix=0.0.0.0 prefix-length=0-23
invert-match=no
action=accept comment=“” disabled=no
add chain=level3-in invert-match=no action=discard comment=“”
disabled=no
add chain=level3-out prefix=x.16.1.0/24 prefix-length=24
invert-match=no action=accept comment=“”
set-bgp-prepend=4 disabled=no
add chain=level3-out prefix=x.16.5.0/24 prefix-length=24
invert-match=no action=accept comment=“” disabled=no
add chain=level3-out prefix=x.16.10.0/24 prefix-length=24
invert-match=no action=accept comment=“” disabled=no
add chain=level3-out prefix=x.16.15.0/24 prefix-length=24
invert-match=no action=accept comment=“” disabled=no
add chain=level3-out invert-match=no action=discard comment=“”
disabled=no

You want to filter outbound annoucements so you are sending a clean list to your upstream. Only allow the prefixes you are allowed to annouce, otherwise you’ll be sending them rfc1918 addresses most likely, as well as any ppp/loopback/wireless ranges. just a suggestion.

Sam

BrianHiggins · November 2, 2007, 4:54pm

I don’t want to stop all traffic flowing across my “expensive” provider, I want to keep some traffic flowing across them.. (1, I pay for 2mbps if I use it or not, and 2, I know the owner of the data center personally and I want to keep some traffic on his network out of friendship.)

What I would like to do is prepend 2 AS paths to any prefix more then 2 AS paths away from me, but only for paths routing across my “expensive” provider. and no prepending on any routes across my “cheap” provider…

I’m all of my routes that I’m advertizing via BGP are staticly defined, I have no dynamic routes going to that part of the network, so I don’t need to worry about and of the rfc1918 address spaces getting advertized, or routed (not to mention I already have a firewall rule in the router behind my BGP blocking all private IPs.)

BrianHiggins · November 4, 2007, 6:42pm

Here is what I want to accomplish, but as of yet have not been able to.

Using just 1 router, with 2 upstream peers, both receiving full routes.

for all routes originating from ProviderA - prepend 2 AS paths to any route with a AS path length longer the 2

for all routes originating from ProviderB - prepend 1 AS path to any route that contains the AS number 666666

can anyone help me come up with the correct configuration / filter rules?

BGP - best route

| Router 1 | ------------------------------- AS2 GATEWAY ISP1

| | AS1 | |

| Router 2 | ------------------------------- AS3 GATEWAY ISP2

|
|
AS1
|
|