BGP Confederation - Not Accepting Routes

RouterOS Forwarding Protocols
1

Hi,

I have a BGP Confederation setup and working between two Juniper routers and want to add a Mikrotik to the mix.

I have the Mikrotik talking to one of the Juniper’s, and can see from the Juniper console that it has advertised a full table to the mikrotik (420k routes), however on the Mikrotik its only showing a prefix count of 10 with 420k withdrawn routes in the status pane for the peer.

My routeros config is as follows;

/routing bgp instance
set default as=65502 client-to-client-reflection=yes confederation=785
confederation-peers=65500-65502 disabled=no ignore-as-path-len=no name=
default out-filter=“” redistribute-connected=no redistribute-ospf=no
redistribute-other-bgp=no redistribute-rip=no redistribute-static=no
router-id=0.0.0.0 routing-table=“”

/routing bgp peer
add address-families=ip as-override=no default-originate=never disabled=no
hold-time=3m in-filter=“” instance=default multihop=no name=QS220-J2320-01
nexthop-choice=default out-filter=“” passive=no remote-address=
192.168.154.37 remote-as=65500 remove-private-as=no route-reflect=no
tcp-md5-key=“” ttl=default use-bfd=no



Can someone please point me in the right direction.


Cheers

Liam

2

Hi Liam,

I am interested in how you get on with this. I was seeing what sounds similar. BGP session would come up and start receiving routes then remote device withdraws all sent routes and stops sending more.

In my situation the routers are 600km away so I could not safely troubleshoot :frowning:

3

enable bgp debug logs, there will be a lot of log entries, but you will see why routes are withdrawn.

4

Thanks,

I’m getting the following error,

Nexthop 202.xxx.xxx.1 is not on network shared with remote peer.

However this IP address (nexthop 202.xxx.xxx.1) is one of the BGP peers of the router in the federation that we are peering with.

The Mikrotik is AS 65502 and its Juniper neighbour we are peering with is 65500 in the BGP federation.

202.xxx.xxx.1 is one of bgp external peers / neighbours of Juniper AS 65500 that provides international transit and is a normal ebgp peer.


I have attached a screenshot of the console log.


Cheers

Liam
BGP Log Screenshot.png

5

Please post address list on your router.

6

Try enabling multihop for this peer and see if this resolves the issue.

Regards,

7

Turning on multihop does make this error go away, and the full table is accepted, however this means that while all the routes (420k of the intl table) are installed into the local routing table, by default they are all unreachable as there is no route to the various nexthops without manually adding a default route or individual static routes, (messy).

I have two other Juniper’s in the federation and I have not had to enable multihop or anything special on either of them, I also swapped the Mikrotik out for a Quagga instance on Debian 6, and it worked fine out of the box with the other Junipers in the federation.

I this a bug with Mikrotik’s implementation of BGP Federations?

Can someone please elaborate on this issue further for me.



Cheers

Liam
Mikrotik Route List.png

8

Do you mean the IP address list of the local interfaces?

[admin@QS220-BGP1] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 192.168.75.3/24 192.168.75.0 ether1
1 X 103.xxx.xxx.42/30 103.xxx.xxx.40 VLAN0234
2 103.xxx.xxx.129/25 103.xxx.xxx.128 SFP3-Switch
3 103.xxx.xxx.38/30 103.xxx.xxx.36 VLAN0233

9

It is not a bug. If peers remote address is not directly reachable then multihop must be enabled. probably juniper or quagga enables it by default.
Routes are inactive because nexthop can’t be resolved directly you need to change nexthop in routing filters or, set up recursive lookup, see example in this article
http://wiki.mikrotik.com/wiki/Using_scope_and_target-scope_attributes