Hi all,
Please HELP ME ! Help !!!

I try to configure a VRF on interface of my Mikrotik. On this router, i use iBGP between 3 router Mikrotik with no problem (i use MPLS VPLS too with no problem). But, when i try to define default routing on my VRF, failed !! Nothing packet...?....i try to ping 8.8.8 with no success.... but if i try to ping 10.254.10.1, success ??... i have static route on my Gateway 10.254.10.2 for network 172.19.6.x....
Please HELP !!!

PC--------vrf-client-------------routeur Mikrotik-------------------------Gateway internet-------internet
172.19.6.20/24 172.19.6.1 10.254.10.1 10.254.10.2/24
loopback
10.254.1.1/32

Here my config :
[admin@Core01] > export compact

nov/25/2015 10:20:07 by RouterOS 6.33

software id = E80R-X6XF

/interface bridge
add name=Client-A
add mtu=1526 name=Client-B
add name=LoopBack
add admin-mac=E4:8D:8C:34:86:B9 auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether3 ] name=Trunk-versCisco3750
set [ find default-name=ether10 ] name=VRF-client3
set [ find default-name=ether4 ] name=VersCore02
set [ find default-name=ether6 ] name=VersCore03
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether5 ] name=ether5-slave-local
set [ find default-name=ether7 ] name=ether7-slave-local
set [ find default-name=ether8 ] master-port=VersCore03 name=ether8-slave-local
set [ find default-name=ether9 ] name=ether9-outside
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-3486C2
wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=Client-A l2mtu=1496 name=vlan505 vlan-id=505
add interface=Client-A l2mtu=1496 name=vlan506 vlan-id=506
/interface ethernet switch port
set 3 vlan-header=add-if-missing vlan-mode=secure
set 5 default-vlan-id=506 vlan-header=always-strip vlan-mode=secure
set 11 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/ipv6 pool
add name=pool-ipv6 prefix=fde4:8dba:82e1::/64 prefix-length=64
/routing bgp instance
set default router-id=10.254.1.1
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 router-id=
10.254.1.1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=Client-A interface=Trunk-versCisco3750
add bridge=Client-A interface=ether5-slave-local
/interface ethernet switch vlan
add independent-learning=no ports=
ether5-slave-local,Trunk-versCisco3750,switch1-cpu switch=switch1 vlan-id=
506
add independent-learning=no ports=Trunk-versCisco3750,switch1-cpu switch=
switch1 vlan-id=820
add independent-learning=no ports=Trunk-versCisco3750,switch1-cpu switch=
switch1 vlan-id=821
add independent-learning=no ports=Trunk-versCisco3750,switch1-cpu switch=
switch1 vlan-id=822
/interface vpls bgp-vpls
add bridge=Client-A bridge-horizon=1 export-route-targets=1:1
import-route-targets=1:1 name=bgp-vpls1 route-distinguisher=1:1 site-id=2
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=
bridge-local network=192.168.88.0
add address=10.254.0.1/24 interface=ether7-slave-local network=10.254.0.0
add address=10.254.1.1 interface=LoopBack network=10.254.1.1
add address=172.16.15.254/24 interface=vlan506 network=172.16.15.0
add address=10.2.3.1/24 interface=VersCore03 network=10.2.3.0
add address=172.16.16.254/24 interface=vlan505 network=172.16.16.0
add address=10.2.2.1/24 interface=VersCore02 network=10.2.2.0
add address=10.254.10.1/24 interface=ether9-outside network=10.254.10.0
add address=172.19.1.1/24 interface=vlan820 network=172.19.1.0
add address=172.19.2.1/24 interface=vlan821 network=172.19.2.0
add address=172.19.3.1/24 interface=vlan822 network=172.19.3.0
add address=172.19.6.1/24 interface=VRF-client3 network=172.19.6.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no
interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=10.254.10.2
in-interface=VRF-client3 log=yes new-routing-mark=Reseau-VRF-client3
/ip firewall nat
add action=masquerade chain=srcnat log=yes out-interface=ether9-outside
/ip route
add distance=1 gateway=10.254.10.2@main routing-mark=Reseau-VRF-client3
add bgp-communities="" bgp-local-pref=100 bgp-origin=igp distance=1 gateway=
10.254.10.2
/ip route vrf
add export-route-targets=6.6.6.6:666 import-route-targets=6.6.6.6:666
interfaces=VRF-client3 route-distinguisher=6.6.6.6:666 routing-mark=
Reseau-VRF-client3
/lcd
set default-screen=interfaces read-only-mode=yes time-interval=hour
touch-screen=disabled
/lcd interface pages
set 0 interfaces="sfp1,ether1-gateway,ether2-master-local,Trunk-versCisco3750,Ve
rsCore02,ether5-slave-local,VersCore03,ether7-slave-local,ether8-slave-local
,ether9-outside,VRF-client3"
/mpls ldp
set enabled=yes lsr-id=10.254.1.1 transport-address=10.254.1.1
/mpls ldp interface
add interface=VersCore02
add interface=VersCore03
/routing bgp instance vrf
add redistribute-connected=yes routing-mark=Reseau-VRF-client3
/routing bgp network
add network=172.16.16.0/24 synchronize=no
add network=10.254.0.0/24 synchronize=no
add network=172.16.15.0/24 synchronize=no
add network=10.254.10.0/24 synchronize=no
add network=172.19.1.0/24 synchronize=no
add network=172.19.2.0/24 synchronize=no
add network=172.19.3.0/24 synchronize=no
add network=172.19.6.0/24 synchronize=no
/routing bgp peer
add address-families=ip,l2vpn,vpnv4 default-originate=if-installed name=
BGP-versCore02 remote-address=10.254.1.2 remote-as=65530 ttl=default
update-source=LoopBack
add address-families=ip,l2vpn,vpnv4 default-originate=if-installed name=
BGP-versCore03 remote-address=10.254.1.3 remote-as=65530 ttl=default
update-source=LoopBack
/routing ospf interface
add disabled=yes interface=VersCore02 network-type=broadcast
add disabled=yes interface=VersCore03 network-type=broadcast
add network-type=broadcast
/routing ospf network
add area=backbone network=10.2.2.0/24
add area=backbone network=10.2.3.0/24
add area=backbone network=10.254.1.1/32
add area=backbone disabled=yes network=10.254.10.0/24
/routing ospf-v3 interface
add area=backbone interface=VersCore02
add area=backbone interface=VersCore03
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=Core01
/system logging
add topics=mpls,!debug
add topics=ospf,debug
add topics=bgp,debug
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=Trunk-versCisco3750
add interface=VersCore02
add interface=ether5-slave-local
add interface=VersCore03
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-outside
add interface=VRF-client3
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=Trunk-versCisco3750
add interface=VersCore02
add interface=ether5-slave-local
add interface=VersCore03
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-outside
add interface=VRF-client3
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool romon port
set [ find default=yes ] cost=100 forbid=no interface=all secrets=""
add cost=100 disabled=yes forbid=no interface=all secrets=""

The short answer is to originate default GW on all the neighbors in whichever router is the default GW for the VRF.

Be careful though… here’s a longer answer:

Mikrotik’s BGP implementation doesn’t repeat default routes learned from eBGP to its iBGP neighbors (or at least it doesn’t in my GNS3 lab on ROSv6.28). On each peer, you must configure “default-originate=if-installed” if you want iBGP to pass default routes through your AS. Unfortunately, this is NOT the same thing as just passing the BGP table along, because if other routing protocols get involved, things can get dicey.

Case study of how Mikrotik’s core routing is broken

I set up this network topology in GNS3 for a Mikrotik/Cisco side-by-side comparison:
netmap.png
configs.zip
For the Mikrotik routers RB-1, RB-2, and RB-3, I configured the iBGP neighbors with default-originate if-installed. (I also configured this for the EBGP between R5 and RB-3)

OSPF is configured in the two ASNs as well, but I did not configure the Mikrotiks or Ciscos to originate default GW statements into OSPF for the first part of the test.

R1 has a test address of 9.9.9.9 which is not advertised in any BGP, so it can only be reached via default gateway.

When only BGP is involved, everything works like a champ.

/ip route print where dst-address=0.0.0.0/0

RB1
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.100.1.1               20

RB2
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.100.1.1              200

RB3
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.100.1.1              200
 1  Db  0.0.0.0/0                          10.30.3.1                20

In cisco: show ip route / show ip bgp:  (filtered to just the default GW)

---- R3
B*   0.0.0.0/0 [20/0] via 10.100.2.1, 02:08:29
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.100.2.1               0             0 100 i

---- R4
B*   0.0.0.0/0 [200/0] via 10.100.2.1, 00:03:01
   Network          Next Hop            Metric LocPrf Weight Path
*>i0.0.0.0          10.100.2.1               0    100      0 100 i

---- R5
B*   0.0.0.0/0 [200/0] via 10.100.2.1, 00:03:01
   Network          Next Hop            Metric LocPrf Weight Path
*  0.0.0.0          10.30.3.2                              0 200 100 i
*>i                 10.100.2.1               0    100      0 100 i

When I configured default GW in OSPF, things got dicey.

I configured OSPF on RB1 and RB3 to distribute-default=if-installed-as-type-2 metric-default=110.
I configured OSPF on R3 and R5 to “default-information originate” - which defaults to type 2 / distance 110.

After making these changes, the topology remained the same in the Mikrotik network, but Cisco’s behavior was different. The OSPF default route from R3 replaced the BGP default GW on R4 and R5. (this is expected because OSPF has a shorter admin distance {110} than iBGP {200}). Mikrotik’s behavior should be like this, but it’s not - the iBGP routes remain in place on RB-2 and RB-3!

Now whenever there is a topology change, things start going haywire.

I broke ebgp on R1/RB-1, and here are the routing tables for default GW:
RB2’s loop address has become the originator for default GW in AS200!
This is wrong!

========= RB-1
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.200.0.2              200

========= RB-2
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADo  0.0.0.0/0                          10.200.2.2              110

========= RB-3
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.200.0.2              200

========= R3
B*   0.0.0.0/0 [20/0] via 10.100.2.1, 02:21:23
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.100.2.1               0             0 100 i

========= R4
O*E2 0.0.0.0/0 [110/1] via 10.30.2.2, 00:03:09, FastEthernet0/1
               [110/1] via 10.30.1.1, 00:10:47, FastEthernet0/0
   Network          Next Hop            Metric LocPrf Weight Path
r i0.0.0.0          10.30.3.2               21    100      0 200 i
r>i                 10.100.2.1               0    100      0 100 i
(note the r for each iBGP prefix - it means 'rib failure' - i.e. a better route is stopping BGP from installing this into the routing table - in this case, the OSPF route)

========= R5
B*   0.0.0.0/0 [20/21] via 10.30.3.2, 00:04:00
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.30.3.2               21             0 200 i
* i                 10.100.2.1               0    100      0 100 i

There is now a routing loop between RB-2 and RB-3 for the default GW, because RB2 is injecting an iBGP default GW based on the OSPF advertisement from RB-3, but RB-3 is injecting the OSPF default GW based on the iBGP default GW from RB-2.

The correct orientation would be RB3 injecting default GW into ospf, based on an eBGP route from R5, with RB1 and RB2 having inactive iBGP default GWs and active OSPF default GWs leading to RB3.

When I restore EBGP between R1/RB-1, things don’t go back to the way they were.

===== RB-1
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.200.0.2              200 (WTF????)
 1  Db  0.0.0.0/0                          10.100.1.1               20

===== RB-2
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADo  0.0.0.0/0                          10.200.2.2              110

===== RB-3
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          10.200.0.2              200

This is still a routing loop. Only bouncing the OSPF distribute-default will fix this.

There may be some more Mikrotik-specific tweaks that could fix the behavior, but given that it’s the default to pass along default route prefixes in iBGP for Cisco, you don’t have to redistribute with Cisco. Redistribution should only happen at the edges of a routing cloud or else you can get strangeness like this.

Don’t get me wrong, I love Mikrotik, but some of these quirks keep me recommending the big vendors for this type of network role.