eBGP routes not being advertised to iBGP peer

ozar · September 23, 2020, 2:47pm

Hi,

I am receiving a Full BGP table from our Upstream IP Transit provider on CCR2004 Router-01 fine. This Router-01 I am receiving the Full BGP table on is an iBGP peer with my other CCR2004 Router-02. The iBGP Router-02 peer is NOT receiving the Full BGP table from Router-01.

I want to be able to advertise the Full BGP table to the iBGP peer, not a default-originate summerized 0.0.0.0/0 route.

Does anyone know how I can do this on Mikrotik? I am sure I missing something simple since I am new to Mikrotik. I tried adding 0.0.0.0/0 to the BGP < Networks tab, but it doesn’t allow you to do this. I also tried adding 0.0.0.0/0 to the BGP < Aggregation tab, but it wouldn’t allow me to do this either. Obviously I am not able to manually enter the 800k prefixes into the BGP < Networks tab to achieve this.

I was hoping someone would be able to point me in the right direction, thanks.

ozar · September 23, 2020, 3:39pm

I was looking through the forums and it looks like google had not indexed this one yet http://forum.mikrotik.com/t/ebgp-routes-not-advertised-to-ibgp-peer/142442/1 .

I thought the same as @Hakujou since all of the routes were inserted in the Mikrotik route table I assumed the gateway was reachable… it turns out the gateway isn’t reachable? This is strange to me since I am able to ping 103.xxx.xxx.94 fine. I am meant to be directly connected to the 103.xxx.xxx.94 address so I am not sure why it would be recursive routing.

14  Db  dst-address=1.0.130.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 unreachable distance=20 scope=40 target-scope=10 bgp-as-path="x,38040,23969" bgp-origin=incomplete 

15  Db  dst-address=1.0.131.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 unreachable distance=20 scope=40 target-scope=10 bgp-as-path="x,4651,23969" bgp-origin=incomplete

IP Address: 103.xxx.xxx.95
Net Mask: 255.255.255.254
Gateway/BGP Peer: 103.xxx.xxx.94

I am not certain of the best way to go about fixing this. I don’t really want to add a static route that says to get to 103.xxx.xxx.94 use sfp-sfpplus3. The reason I don’t want a static route that uses the interface is this makes your ARP tables MASSIVE. Our Router-01 has the interface set to 103.xxx.xxx.95/31 and the BGP peer is 103.xxx.xxx.94.

Assuming the “gateway-status=103.xxx.xxx.94 unreachable” is the cause for routes not being advertised to the iBGP peer. Some advice on what to do would be appreciated. Also, I might add our Public /23 range isn’t being advertised to the Upstream IP Transit eBGP peer either.

StubArea51 · September 25, 2020, 1:35pm

Start with basic reachability checks…can you ping the GW using ICMP or ARP?

Are you peering on a directly connected subnet and not the loopbacks?

ozar · September 25, 2020, 3:40pm

Thank you for the response, I really appreciate it.

I am able to ICMP ping the 103.xxx.xxx.94 gateway fine. I am able to ARP ping the 103.xxx.xxx.94 gateway fine. I am NOT able to MAC Ping the 3C:8A:B0:xx:xx:xx gateway. I am NOT able to MAC ARP ping the 3C:8A:B0:xx:xx:xx gateway.

sfp-sfpplus3 is the cross-connect interface to the Upstream IP Transit. The sfp-sfpplus3 interface is configured as 103.xxx.xxx.95/31. 103.xxx.xxx.94 is the eBGP peers remote address, which is meant to be directly connected. As you can see 103.xxx.xxx.94 & 103.xxx.xxx.95 are in the same /31 subnet.

add address=103.xxx.xxx.95/31 interface=sfp-sfpplus3 network=103.xxx.xxx.94

I spent the past few hours troubleshooting this with no success sadly. I even checked with my Upstream IP Transit provider and they seem to think everything looks good on their end.

I noticed some very strange behavior that doesn’t make any sense to me. I have an alternative Internet path setup as a default route with a distance of 240.

0 A S  dst-address=0.0.0.0/0 gateway=221.xxx.xxx.201 gateway-status=221.xxx.xxx.201 reachable via  ether1 distance=240 scope=30 target-scope=10

When I configured the eBGP peer for multihop, the 103.xxx.xxx.94 gateway was recursive via the alternative Internet path 221.xxx.xxx.201.

17 ADb  dst-address=1.0.133.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 recursive via 221.xxx.xxx.201 ether1 distance=20 scope=40 target-scope=30 bgp-as-path="x,38040,23969" bgp-origin=incomplete 
        bgp-communities=19996:19996,x:3,x:104,x:1400,x:11000,x:11001 received-from=x-eBGP-peer 

18 ADb  dst-address=1.0.134.0/24 gateway=103.xxx.xxx.94 gateway-status=103.xxx.xxx.94 recursive via 221.xxx.xxx.201 ether1 distance=20 scope=40 target-scope=30 bgp-as-path="x,38040,23969" bgp-origin=incomplete 
        bgp-communities=19996:19996,x:3,x:104,24516:1400,x:11000,x:11001 received-from=x-eBGP-peer

I tried adding all static routes I could think of with no luck. I also changed BGP settings (removed filters, Nexthop Choice, Multihop, Update Source) with no luck.

Everything is working as expected (Receiving Full BGP table, Advertising my Public subnet) except the gateway-status being unreachable. It doesn’t make sense to me why the BGP routes say the gateway-status is unreachable when there is an ARP entry for 103.xxx.xxx.94 and a Directly Connected route for 103.xxx.xxx.94 via sfp-sfpplus3 in the routing table.

ozar · September 26, 2020, 12:08pm

It turns out it was something simple as you were alluding to.

Mikrotik do not support /31’s (I was under the assumption they did). It turns out I had to configure my sfp-sfpplus3 interface as a /32. This post http://forum.mikrotik.com/t/point-to-point-31-addresses/29492/1 helped me resolve the gateway not being reachable issue.

This is the configuration I put on my sfp-sfpplus3 interface:

/ip address add address=103.xxx.xxx.95/32 interface=sfp-sfpplus3 network=103.xxx.xxx.94

Thanks a lot for your help!