NOTE: All the IP addresses below are examples, and are not my actual public IP addresses.
I have a Mikrotik located on my ISP’s premises. I also have a /24 block and ASN, which is announced just fine.
[admin@MikroTik] > /routing/bgp/advertisements/print
0 peer=bgp1 dst=49.123.123.0/24 afi=ip nexthop=111.222.222.111 origin=0 as-path=sequence 123456
I then established a VxLAN tunnel between the ISP and my local MT. I assigned the IP addresses as in the below diagram.
Lastly, I added a static route on the ISP-side MT:
[admin@MikroTik] /ip/route> export
/ip route
add blackhole disabled=no distance=200 dst-address=49.123.123.0/24
add disabled=no dst-address=49.123.123.3/32 gateway=192.168.123.2 routing-table=main
┌────────────────────┐ ┌─────────────────────┐
│ │ │ │ IPv4 BGP
│ Mikrotik 1 │ │ Mikrotik 2 │ Full table
│ │ │ │ ▲
│ vxlan-local │◄───────►│ vxlan-2 │ │
│ 192.168.123.2/30 │ VxLAN │ 192.168.123.1/30 │ │
│ 49.123.123.3/32 │ │ │ │
│ │ │ eth1-WAN │ │
│ eth1-WAN │ │ 111.222.222.111/24 ├──────────┘
│ Normal internet │ │ 49.123.123.2/32 │
│ │ │ │
│ eth2-LAN │ │ │
│ Normal LAN │ │ │
│ │ │ │
│ │ │ │
│ │ │ │
└────────────────────┘ └─────────────────────┘
I confirmed that the local MT can ping ISP-MT (192.168.123.1), and ISP-MT can ping local MT (192.168.123.2 and 49.123.123.3). Additionally, I can ping ISP-MT (111.222.222.111 and 49.123.123.2) from the outside, which is great. BGP is working, and static routing works I think.
The issue is I can’t ping local MT from outside. Am I missing anything?
BGP works, both routers can talk to each other, but outside can’t access local MT.
Currently at a loss. Any help will be appreciated.