Mikrotik vs. Cisco BGP - Problems with peering

sspencerwire · February 27, 2013, 6:38pm

Greetings,

I’m not sure where to start, exactly, so let me tell you first that I’ve been working on this problem for about two weeks off and on. I’ve done plenty of searches, and tests.

I have a new connection to the Internet in my network, and we have elected to use a Mikrotik router for the connection. We have two other Cisco routers (7206) with BGP enabled and connected to two other carriers. I’ve added the Mikrotik router IP as a neighbor in the Cisco’s and added the Cisco’s as a neighbor in the Mikrotik. The BGP session with the carrier on the Mikrotik comes up and establishes without issue and there appears to be traversal between the other two routers in getting traffic to and from the Mikrotik. Some traffic that is, not all. I’ve got two connections to my network on both of the Cisco’s and on the new Mikrotik as well. Only one of those connections is used for BGP, but the other is used as a gateway for our infrastructure devices (it kind of depends on the network use as to which IP is in use.

Example:

x.x.192.1 ← BGP connection
x.x.200.1 ← other network and gateway address for devices

When I enable the BGP on the new Mikrotik, traffic begins to pass, the upstream sees our advertised subnets and has confirmed that everything looks swell. The network that we use for our gateway’s (above) however, stops responding to everything. I can’t really tell if the other networks stop responding or not, as my gateway is a firewall that is on the x.x.200.x network above. Now, if I disable the interface with the x.x.200.1 IP on it, and turn the BGP session back on, everything seems to work, except that ICMP stops for traffic that chooses the new Mikrotik path back.

Recently, I tried using an unused IP block from our ARIN assignment and putting a server on that network and connecting that up to my network switch, then advertising that /24 on all 3 routers and testing. Everything worked.

I should also point out that I have static routes in place that need to go to the firewall IP for our internal network and some other static routes in place that need to go to the IP for our wireless network firewall. Both of those IP’s are on the x.x.200.x network and those routes do not work with the x.x.200.1 ethernet shut off.

Any ideas are welcome at this point.

Thanks,
Steven G. Spencer

samsung172 · February 28, 2013, 12:16am

what happening in this setup if you add a routing filter, telling to drop all routes to other bgp? Is the problem still exsisting if the BGP connect? And if this work no issue just by a BGP connection. Try to loosen up the filter, and receive the routing table from the other side. Don’t send your. What about now? Still working? If yes. and last… Send your table to the other side. what happening now?

Also remember that a connection in state connected, is not up running. the bgp, should be established, and count on the timer.

Also check. do you recive a route to the same subnet from bgp peer? And does it have a lower cost?

sspencerwire · February 28, 2013, 9:35pm

Oddly, after a ton of struggle, the issue with the x.x.200.x network has corrected itself with a null route on my end. I’ve still got an issue with icmp and ssh, but at least the entire network does not crash when that Ethernet port and the BGP are enabled. I’m suspecting a faulty filter rule on the standard IP firewall that may be blocking my return traffic on the new connection. Thanks for the reply!