Hi All,
I’m trying to establish a network using a combination of Mikrotik routers, and Linux boxes running FRR. I appreciate this isn’t an FRR help channel, but I imagine others might have similar problems. Ill post this on the FRR github repo issues log if I can figure out where exactly the problem is. I think I’m having problems on the Mikrotik side as I can get two FRR instances talking with relative ease.
I’m not a network engineer. Just in case anyone wants to lower the level a little.
The goal is to get BGP routed over a GRE tunnel, but for now, just getting a session up and a route from either side would probably unblock me.
I can telnet both sides, tcp port 179.
Mikrotik BGP Config
[admin@MikroTik] /routing/bgp/connection> /routing bgp connection print
Flags: D - dynamic, X - disabled, I - inactive
0 name="bgp1"
remote.address=139.162.246.218/32 .as=65515 .ttl=255
local.address=86.23.210.63 .port=179 .ttl=255 .role=ebgp
connect=yes listen=yes routing-table=main router-id=139.162.246.218 as=65514 multihop=yes
output.network=bgp-networks
[admin@MikroTik] /routing/bgp/session> /ip firewall address-list print
Columns: LIST, ADDRESS, CREATION-TIME
# LIST ADDRESS CREATION-TIME
0 bgp-networks 10.0.3.0/24 may/17/2022 05:30:14
# Ive removed some routes here for clarity.
[admin@MikroTik] > /ip/route print
Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, d, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 86.23.208.1 1
DAc 10.0.3.0/24 bridge1 0
[admin@MikroTik] /routing/bgp/session> print
Flags: E - established
What else do you guys need?
FRR Config
log file /tmp/frr.log debugging
log record-priority
debug bgp neighbor-events
router bgp 65515
bgp log-neighbor-changes
no bgp ebgp-requires-policy
bgp router-id 139.162.246.218
neighbor upstream peer-group
neighbor upstream remote-as 65514
neighbor upstream capability dynamic
neighbor 86.23.210.63 peer-group upstream
neighbor 86.23.210.63 description ACME ISP
address-family ipv4 unicast
network 10.0.4.0/24
exit-address-family
!
line vty
!
# ip add output
Tue May 17 05:21:21 AM UTC 2022 root@ns2:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether f2:3c:92:cc:94:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.181/17 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet 139.162.246.218/32 brd 139.162.246.218 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.4.1/32 scope global eth0
valid_lft forever preferred_lft forever
TCPDump on Linuxbox port 179
05:32:42.091774 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.37633: Flags [S.], seq 975085469, ack 1338676991, win 65160, options [mss 1460,sackOK,TS val 2852836148 ecr 4258547897,nop,wscale 7], length 0
05:32:42.109065 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.37633 > 218-246-162-139.node.flipkick.media.bgp: Flags [R], seq 1338676991, win 0, length 0
05:32:43.977805 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.38779 > 218-246-162-139.node.flipkick.media.bgp: Flags [S], seq 3485297570, win 64240, options [mss 1460,sackOK,TS val 4258565107 ecr 0,nop,wscale 5], length 0
05:32:43.977834 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.38779: Flags [S.], seq 825730618, ack 3485297571, win 65160, options [mss 1460,sackOK,TS val 2852838034 ecr 4258557907,nop,wscale 7], length 0
05:32:46.785052 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517 > 218-246-162-139.node.flipkick.media.bgp: Flags [S], seq 1160985003, win 64240, options [mss 1460,sackOK,TS val 4258567917 ecr 0,nop,wscale 5], length 0
05:32:46.785115 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517: Flags [S.], seq 1860749174, ack 1160985004, win 65160, options [mss 1460,sackOK,TS val 2852840841 ecr 4258567917,nop,wscale 7], length 0
05:32:47.787783 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517: Flags [S.], seq 1860749174, ack 1160985004, win 65160, options [mss 1460,sackOK,TS val 2852841844 ecr 4258567917,nop,wscale 7], length 0
05:32:47.817592 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517 > 218-246-162-139.node.flipkick.media.bgp: Flags [S], seq 1160985003, win 64240, options [mss 1460,sackOK,TS val 4258568947 ecr 0,nop,wscale 5], length 0
05:32:47.817618 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517: Flags [S.], seq 1860749174, ack 1160985004, win 65160, options [mss 1460,sackOK,TS val 2852841874 ecr 4258567917,nop,wscale 7], length 0
05:32:47.979801 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.38779: Flags [S.], seq 825730618, ack 3485297571, win 65160, options [mss 1460,sackOK,TS val 2852842036 ecr 4258557907,nop,wscale 7], length 0
05:32:47.997015 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.38779 > 218-246-162-139.node.flipkick.media.bgp: Flags [R], seq 3485297571, win 0, length 0
05:32:49.835795 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517: Flags [S.], seq 1860749174, ack 1160985004, win 65160, options [mss 1460,sackOK,TS val 2852843892 ecr 4258567917,nop,wscale 7], length 0
05:32:49.895031 IP pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517 > 218-246-162-139.node.flipkick.media.bgp: Flags [S], seq 1160985003, win 64240, options [mss 1460,sackOK,TS val 4258571027 ecr 0,nop,wscale 5], length 0
05:32:49.895060 IP 218-246-162-139.node.flipkick.media.bgp > pres-26-b2-v4wan-161529-cust574.vm29.cable.virginm.net.39517: Flags [S.], seq 1860749174, ack 1160985004, win 65160, options [mss 1460,sackOK,TS val 2852843951 ecr 4258567917,nop,wscale 7], length 0
heres some output from thr FRR side showing the Mikrotik neighbor, but not being up 
ns2.node.flipkick.media# show bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 139.162.246.218, local AS number 65515 vrf-id 0
BGP table version 0
RIB entries 1, using 184 bytes of memory
Peers 1, using 723 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
86.23.210.63 4 65514 0 0 0 0 0 never Active 0 ACME ISP
Total number of neighbors 1
ns2.node.flipkick.media# show ip bgp
BGP table version is 0, local router ID is 139.162.246.218, vrf id 0
Default local pref 100, local AS 65515
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
10.0.4.0/24 0.0.0.0 0 32768 i
Displayed 1 routes and 1 total paths
I’m using real IPs here so fee free to hack away. If you break in, let me know how you did it 
Any help on making this work would be very much appreciated. The goal is simply to get the session up and get something from both sides, to each other in a full mesh type arrangement.
Cheers,
Tom