BGP stops connections when an IP address if /32 prefix added.

Mimiko · April 7, 2025, 10:06am

Hello.

I have a strange issue with BGP. Created peers, templates, filters and the configuration works.
As soon as I add an IP address to any interface with prefix /32, BGP connections are dropped and no connections is established. If I remove that IP address with /32 prefix, all peers come back. Can anyone find the culprit of misconfiguration?
This is configuration of bgp:

/routing bgp template
set default disabled=no routing-table=main
add as=254 disabled=no input.accept-nlri=scada-bgp-in-filter .filter=scada-in name=scada nexthop-choice=force-self output.filter-chain=scada-out .redistribute=connected,static,ospf,bgp router-id=192.168.21.254 routing-table=main

/routing bgp connection
add as=254 connect=no disabled=no input.accept-nlri=scada-bgp-in-filter .filter=scada-in listen=yes local.role=ibgp name=bps61 nexthop-choice=force-self output.filter-chain=scada-out .redistribute=connected,static,ospf,bgp remote.address=192.168.21.136/32 router-id=192.168.21.254 routing-table=main templates=scada

/routing filter rule
add chain=scada-in disabled=no rule="if (dst in 192.168.21.0/24) {reject}\r\
    \nif (dst in 172.21.21.1/32) {reject}\r\
    \nif (dst in 172.21.21.254/32) {reject}\r\
    \nif (dst in 172.21.21.0/24 && dst-len>24) {accept}"
add chain=scada-out disabled=no rule="if (dst in 192.168.1.0/24) {accept}\r\
    \nif (dst in 192.168.11.0/24) {accept}\r\
    \nif (dst in 10.10.0.0/16) {accept}\r\
    \nif (dst in 10.11.0.0/16) {accept}\r\
    \nif (dst in 10.21.0.0/16) {accept}"

/ip firewall address-list
add address=127.0.0.1 list=scada-bgp-in-filter

The router is on version 7.16.2.

Thank you for any help.

eltikpad · April 7, 2025, 2:37pm

Is this the configuration you add that causes the issue?

remote.address=192.168.21.136/32

Should that be just

remote.address=192.168.21.136

Instead?

baragoon · April 7, 2025, 2:39pm

@eltikpad Mikrotik automatically add /32 to the ipv4 sessions remote.address (the same with ipv6 and /128) in the bgp connection

eltikpad · April 7, 2025, 3:08pm

Thanks baragoon. It’s been a while since I’ve set up BGP on these.

I was just trying to understand

As soon as I add an IP address to any interface with prefix /32,

Does this mean setting an interface address to x.x.x.x/32? It is unclear to me.

baragoon · April 7, 2025, 3:39pm

same

P.S. I have a tens of Mikrotik routers running BGP, but without a clear explanation it’s hard to help.

jprietove · April 7, 2025, 5:30pm

It looks like your static /32 IP is redistributed and the peer change it’s gateway because of preferred over the network (i.e. /24)

But without more info, which IP is the one that causes trouble, other routes, etc, it’s difficult to guess

Take copy of your routing table and your peer, before you assign your /32. And look if this can be the reason.

Mimiko · April 8, 2025, 4:48am

Mikrotik automatically adds /32 to this config.

If I add any IP address with prefix /32 to any interface on mikrotik, then all connections of bgp is dropped and does not reconnect, until I delete the IP if prefix /32.

No, its not redistributed, because bgp connections a immediately dropped and no reconnection is made.

Mimiko · April 8, 2025, 6:38am

With the support of help desk, issue is resolved.

Its about Local address of bpg elected. https://help.mikrotik.com/docs/spaces/ROS/pages/328220/BGP#BGP-ConnectionMenu

The parameter equivalent to other vendors and older RouterOS “update-source” is “local.address”. In most cases, it can be left unconfigured, and let the router determine the address.

When a local address is not specified, BGP will try to guess the local address depending on the current setup:

if the peer is iBGP
if loopback available
pick the highest loopback address
if loopback is not available
pick any highest IP address on the router
if the peer is eBGP
if a remote peer’s IP is not from a directly connected network:
and multihop is not set, then throw an error
and multihop is enabled:
if loopback available
pick the highest loopback address
if loopback is not available
pick any highest IP address on the router
if a remote peer’s IP is from a directly connected network:
and multihop is not set:
pick the local routers IP address from that connected network
and multihop is set:
if loopback available
pick the highest loopback address
if loopback is not available
pick any highest IP address on the router

If left blank, incorrectly local address is selected when adding an IP with prefix /32 to any interface. So configuring Local address for peers configs resolves the problem.