BGP Confederation on Mikrotik V7

RouterOS RouterOS beta
1

Hello,

Could someone give some guidance regarding the configuration of BGP Confederation, in the new version of routerOs?

I took a CCR and updated it to version 7, but it remade the settings but when viewing via winbox, it changed something that made the session establish.

It seems to be an issue with the local.role option.

I even looked at the draft, but found it a little confused.

Could someone pass on any tips?

The settings made are:

/routing bgp connection
    add address-families=ip as=4560/65000 connect=yes disabled=no input.filter=ULTRA_CCR1072_IN \
     listen=yes local.role=ibgp name=ULTRA_CCR1072 \
     nexthop-choice=force-self output.filter-chain=ULTRA_CCR1072_OUT \
    .network=bgp-networks remote.address=172.30.29.1/32 .as=4560/65001 routing-table=main \
    templates=default

Here are some images with the error messages in the log.

Thank you in advance for your attention

Best Regards
João Pedro
Captura de tela 2021-12-09 161406.png
Captura de tela 2021-12-09 161423.png

2

I have the same problem, did you get a solution?

3

Had the same problem. I seem to have solved it. The confedration AS is 78910. Sub AS 65534 is for R08. Sub AS 65535 is for R09

R08
add as=78910/65534 disabled=no local.address=10.1.89.8 .role=ebgp name="R08 - R09" remote.address=10.1.89.9/32 .as=65535/78910 router-id=172.16.0.8 routing-table=main


R09
add as=78910/65535 disabled=no local.address=10.1.89.9 .role=ebgp name="R09 - R08" remote.address=10.1.89.8/32 .as=65534/78910 router-id=172.16.0.9 routing-table=main

The remote.as is just the other way around.

4

Hi,

Something doesn’t work properly in my opinion.

CHR1:

/routing bgp template
set default address-families=ip as=65001 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.1 routing-table=main

/routing bgp connection
add address-families=ip as=65001/1111 disabled=no local.role=ebgp name=bgp-CHR2 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.0.2/32 .as=65002 router-id=192.168.1.1 routing-table=main templates=default
add address-families=ip as=1111 as-override=no disabled=no local.role=ebgp name=bgp-CHR3 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.2.1/32 .as=65003 remove-private-as=no router-id=192.168.1.1 routing-table=main templates=default

CHR2:

/routing bgp template
set default address-families=ip as=65002 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.2 routing-table=main

/routing bgp connection
add address-families=ip as=65002/1111 disabled=no local.role=ebgp name=bgp-CHR1 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.0.1/32 .as=65001 router-id=192.168.1.2 routing-table=main templates=default

CHR3:

/routing bgp template
set default address-families=ip as=65003 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.3 routing-table=main

/routing bgp connection
add address-families=ip as=65003 disabled=no local.role=ebgp name=bgp-CHR1 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.2.2/32 .as=1111 remove-private-as=no router-id=192.168.1.3 routing-table=main templates=default

CHR1 and CHR2 are in confederation. CHR3 is “outside” router.

Routing table on CHR1

Routing table on CHR3

Problem is in AS-PATH for transited routes. On CHR3 router they should be visible as routes originated from 1111 not 65002.

Do you see any misconfiguration?

Thank you for any help :slight_smile:

5

Currently, there are known problems with the BGP confederation configuration. It is not possible to set it up to work as intended, the problem will be solved in upcoming versions.

6

is this issue now fixed ?

7

any update about bgp confederation?

8

In modern network deployments, we avoid two things:

  1. Fully-meshed iBGP/Route reflector bullshit.
  2. BGP confederation bullshit.

We should use is-is/OSPF or underlay of learning loopbacks between adjacent neighbours. Then use iBGP for adjacent neighbours using loopbacks on each side.

Now for anything else use eBGP with private ASN for upstream/downstream relationships.

https://www.rfc-editor.org/rfc/rfc7938.html

I’ve successfully deployed this method in both ISP and DC environments. No complaints from clients.

9

If the thread was whether or not to use Confederations, this would be a valid discussion but there will always be a corner case where different protocols are useful and without context, you can’t say if if it’s the right solution or not. It’s better to keep debate about protocol usage out of the threads relating to feature support and whether it’s working or not. It clutters the conversation.

10

Well stated Sir, and to add even MT recognized there are issues with their implementation and are actively seeking to fix it…so its worth it from their perspective as well.

11

@404network …. What happened to you ??? Did they ban your remarkable friend “Anav” again for being a PITA? I can’t believe Anav is in the penalty box … tell me it ain’t so!

12

Sad but true mozerd. Undergoing therapy and counselling at the moment.

13

My grieving pal @Anav, bless his poor soul!

14

Do you still have confederation problems with v7.8 or newer? If yes, contact support.

15

if i do remember well on v6 multihop must to be able to make it work, unlike v7.

16

Like I said, if you have a non-working confederation setup with the latest v7 version, contact support.

17

Ticket logged SUP-113377. Please see if you can assist.

18

Still not working in ROS 7.9

19

how u mean?
export your config, or do what @mrz suggested

20

will you solve the problem? if so please share the result