Cogent BGP: how to change forwarding-nexthop for loopback?

cololine · March 25, 2012, 1:52am

Hello all -

I’ve recently set up that funky Cogent A/B BGP for some redundancy on my router, which already had BGP with my primary provider. Both the regular and loopback Cogent BGP sessions are connected, I’m getting Cogent’s full route table, they are getting my announcements, my filters are set and all appears well. But traffic on Cogent’s link is only flowing into my router - all outbound traffic is going via the other peer. I’ll leave out the hours of troubleshooting I’ve done and boil it down to this: when I check the Nexthops listing in /ip route, I see that the Cogent loopback is using my other provider’s gateway for it’s forwarding-nexthop:

address=a.a.a.a gw-state=recursive forwarding-nexthop=b.b.b.b scope=30 check-gateway=none

a.a.a.a = Cogent’s side of the loopback, and b.b.b.b = my other provider’s gateway. It seems to me that this would explain why all my outbound traffic goes to the other provider’s link instead of Cogent’s. So how did this get this way, and more importantly, how do I change it?

Thanks!
Ed

blake · March 26, 2012, 8:40am

Apply an inbound route filter to your BGP multi-hop session which changes the next-hop of received routes to that of their router on the /30. Something like this.

/routing filter
add chain=cogent-in set-nexthop=a.a.a.a

/ routing bgp peer
add name=cogent-a remote-address=a.a.a.a remote-as=174 multihop=no
add name=cogent-b remote-address=b.b.b.b remote-as=174 multihop=yes in-filter=cogent-in

cololine · March 26, 2012, 1:52pm

I did try various combinations of doing that and it did not work. Thanks for your example, but it’s not specific enough for working code: there’s an ‘in nexthop’, ‘in nexthop direct’, and an ‘out nexthop’ - which one would I set? Also, there are two sessions for cogent; one for the routes I announce to them, and one for the routes they send me. My consultant set the filters for the latter (the routes Cogent sends me) with an action of ‘discard’, but I still get all of Cogent’s routes. I’m not clear at this point exactly where/how the changes you suggest are to be made. Here’s my BGP peer and filter configs for the Cogent session; I’ve omitted the filters for the A side (COGENT-174) where I announce my nets to Cogent as those are working fine:

address-families=ip as-override=no comment="" default-originate=never disabled=no hold-time=3m \
    in-filter=COGENT-IN instance=default multihop=no name="COGENT-\t174" nexthop-choice=default \
    out-filter=COGENT-OUT passive=no remote-address=1.1.1.1 remote-as=174 remove-private-as=no \
    route-reflect=no tcp-md5-key="" ttl=default use-bfd=no

address-families=ip as-override=no comment="" default-originate=never disabled=no hold-time=3m \
    in-filter=in-cogent-lo instance=default interface=lo multihop=yes name=cogent-lo nexthop-choice=\
    default out-filter=out-cogent-lo passive=no remote-address=2.2.2.2 remote-as=174 \
    remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=2.2.2.3 \
    use-bfd=no

chain=out-cogent-lo invert-match=no action=discard 

chain=in-cogent-lo prefix=0.0.0.0 prefix-length=0 invert-match=no action=discard

cololine · March 26, 2012, 8:30pm

So it turns out that Cogent had screwed up my BGP config on their side and were not sending me the route for my loopback, causing all my outbound traffic via the other peer. This being finally discovered after Cogent had sworn to me that everything was okey-dokey on their side. My configs in RouterOS were/are correct.