Hello experts,
I had a pretty basic hub and spoke network setup where everything was working on a private 10.10.1.x network. I am able to route traffic fine on that network, then came the point where I was able to get a /24 from ARIN. I contacted the upstream fiber provider and set up BGP peering with them. We have two peers with the same provider through their Juniper Edge Router. This also worked fine with the private 10.10.1.x network. Then, I started trying to use my /24 from ARIN. I have been reading every article, forum, google search I can get my hands on. But I cannot get the /24 to work correctly. I can use the 10.10.1.x network fine but the 23.X.Y.0/24 network is not working. The peers are up, but I can't route through them. Initially, I was planning on having all of the network on the public addresses. I would appreciate any advice or help you experts have on this. If I missed any information let me know. I am trying to learn. What am I missing?

A tracert to 8.8.8.8 results in a TTL expired in transit between the 164.S.T.234 and 164.S.T.237 addresses.

pings to 8.8.8.8 timeout

A VPN session works great. ???

Settings from ISP
BGP Activation

Advertising Space: 23.X.Y.0/24

Customer ASN: MYASN

Customer Peer Address(s): 164.S.T.234 , 164.S.T.235

DQE ASN: DQEASN

DQE Peer Address(s): 164.S.T.237 , 164.S.T.238

Netmask: 255.255.255.248

//Mikrotik router config
/interface bridge
add comment="BGP from DQE" fast-forward=no name="bridge bgp from DQE"
add comment="Bridge Combo and DHCP Lan" fast-forward=no name=\
"bridge2-antennas internal"
/interface ethernet
set [ find default-name=ether1 ] comment="MGMT LAN"
set [ find default-name=ether2 ] comment="DHCP LAN"
set [ find default-name=ether3 ] comment="WAN from ISP"
set [ find default-name=ether4 ] comment="DHCP LAN Building"
set [ find default-name=ether5 ] comment="WAN from ISP"
/ip pool
add comment="private 10 network" name=dhcp_pool0-10net ranges=\
10.10.1.11-10.10.1.245
add comment="private 192 network" name="dhcp_pool3-192 net" ranges=\
192.168.0.11-192.168.0.250
add comment="public ipv4" name=pool-ipv4-public ranges=\
23.X.Y.15-23.X.Y.245
/ip dhcp-server
add address-pool=pool-ipv4-public authoritative=after-2sec-delay disabled=no \
interface="bridge2-antennas internal" name=dhcp1
add address-pool="dhcp_pool3-192 net" interface=ether4 name=dhcp2
add address-pool=pool-ipv4-public interface=ether2 name=dhcp-pi
/routing bgp instance
set default as=#MYASN# router-id=164.S.T.234
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge="bridge2-antennas internal" comment="Rasp Pi" interface=ether2
add bridge="bridge2-antennas internal" comment="SFP to Netonix" interface=\
combo1
add bridge="bridge bgp from DQE" comment="BGP1 from DQE" interface=ether3
add bridge="bridge bgp from DQE" comment="BGP2 from DQE" interface=ether5
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=combo1 \
network=192.168.88.0
add address=10.10.1.10/24 comment="Roof Antennas" interface=\
"bridge2-antennas internal" network=10.10.1.0
add address=164.S.T.234/29 comment="WAN from ISP" interface=ether3 \
network=164.S.T.232
add address=192.168.0.10/24 comment="Internal LAN" disabled=yes interface=\
ether4 network=192.168.0.0
add address=164.S.T.235 interface=ether5 network=164.S.T.235
add address=23.X.Y.0/24 interface="bridge2-antennas internal" network=\
23.X.Y.0
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=Y.58.254.2,Y.58.255.2,8.8.8.8 gateway=\
10.10.1.10
add address=23.X.Y.0/24 dns-server=Y.58.254.2,Y.58.255.2,8.8.8.8 \
gateway=23.X.Y.10
/ip dns
set servers=8.8.8.8
/ip dns static
add address=Y.58.254.2 name="Primary DNS-DQE"
add address=Y.58.255.2 name="Secondary DNS-DQE"
/ip firewall filter
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid
add action=drop chain=input comment="drop ssh brute forcers" in-interface=\
"bridge2-antennas internal" log=yes log-prefix="Drop ssh brute forcer" \
src-address-list=ssh_blacklist
add action=drop chain=input comment="drop ssh brute forcers" disabled=yes \
in-interface=ether5 log=yes log-prefix="Drop ssh brute forcer" \
src-address-list=ssh_blacklist
add action=drop chain=input in-interface="bridge bgp from DQE" log=yes \
log-prefix="Dropped 10.0.0.0/8 address trying to ssh" src-address=\
10.0.0.0/8
add action=drop chain=input in-interface="bridge bgp from DQE" log=yes \
log-prefix="Dropped 192.168.0.0/16 address trying to ssh" src-address=\
192.168.0.0/16
add action=drop chain=input in-interface="bridge bgp from DQE" log=yes \
log-prefix="Dropped 172.16.0.0/12 address trying to ssh" src-address=\
172.16.0.0/12
add action=accept chain=input comment="FHL Internal network" in-interface=\
"bridge bgp from DQE" log=yes log-prefix="Coming from inside of FHL" \
src-address=207.M.N.129
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input comment=\
"Add address to the blacklist for 10 days." connection-state=new \
disabled=yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"****XXXX*****Added to ssh_blacklist" src-address=!164.S.T.232/29 \
src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input comment=\
"Add address to the blacklist for 10 days." connection-state=new \
disabled=yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"****XXXX*****Added to ssh_blacklist" src-address=!23.X.Y.0/24 \
src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage3 for 1 minute." connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage3 list" src-address=!164.S.T.232/29 \
src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage3 for 1 minute." connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage3 list" src-address=!23.X.Y.0/24 src-address-list=\
ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage2 for 1 minute" connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage2 list." src-address=!164.S.T.232/29 \
src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage2 for 1 minute" connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage2 list." src-address=!23.X.Y.0/24 src-address-list=\
ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage1 for 1 minute." connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage1 list." src-address=!164.S.T.232/29
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input comment=\
"Add address to ssh_stage1 for 1 minute." connection-state=new disabled=\
yes in-interface="bridge bgp from DQE" log=yes log-prefix=\
"Added to ssh_stage1 list." src-address=!23.X.Y.0/24
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes log=yes \
new-routing-mark=23.X.Y.0/24 passthrough=yes src-address=\
23.X.Y.0/25
/ip firewall nat
add action=dst-nat chain=dstnat comment="Rasp Pi Remote Desktop" dst-address=\
164.S.T.234 dst-port=3389 in-interface="bridge bgp from DQE" log=yes \
protocol=tcp to-addresses=23.X.Y.245 to-ports=3389
add action=dst-nat chain=dstnat comment="Rasp Pi SSH" disabled=yes \
dst-address=164.S.T.234 dst-port=22 in-interface="bridge bgp from DQE" \
log=yes protocol=tcp to-addresses=23.X.Y.242 to-ports=22
add action=src-nat chain=srcnat comment="Firewall Rules" src-address=\
10.10.1.0/24 to-addresses=164.S.T.234
add action=src-nat chain=srcnat comment="Firewall Rules" src-address=\
23.X.Y.0/24 to-addresses=23.X.Y.0/24
/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=yes distance=1 gateway=164.S.T.233
add disabled=yes distance=1 dst-address=23.X.Y.0/24 gateway=\
"bridge bgp from DQE" pref-src=23.X.Y.10 scope=10
add distance=1 dst-address=164.S.T.234/32 gateway="bridge bgp from DQE" \
pref-src=23.X.Y.10 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox address=0.0.0.0/0
set api-ssl disabled=yes
/lcd
set color-scheme=dark time-interval=hour
/ppp secret
add local-address=10.10.1.250 name=username password=Password profile=\
default-encryption remote-address=10.10.1.251 service=pptp
add local-address=23.X.Y.250 name=username password=password profile=\
default-encryption remote-address=23.X.Y.251 service=pptp
/routing bgp network
add network=23.X.Y.0/24 synchronize=no
/routing bgp peer
add in-filter=DQE-In name=peer1-dqe out-filter=DQE-Out remote-address=\
164.S.T.237 remote-as=DQEASN# ttl=default
add in-filter=DQE-In name=peer2-dqe out-filter=DQE-Out remote-address=\
164.S.T.238 remote-as=DQEASN# ttl=default
/routing filter
add action=accept chain=isp1-in disabled=yes prefix=0.0.0.0/0
add action=discard chain=isp1-in disabled=yes prefix=0.0.0.0/0 prefix-length=\
0-32
add action=accept chain=DQE-In prefix=0.0.0.0/0
add action=discard chain=DQE-In prefix=0.0.0.0/0 prefix-length=0-32
add action=accept chain=DQE-Out prefix=23.X.Y.0/24
add action=discard chain=DQE-Out prefix=0.0.0.0/0 prefix-length=0-32
/system clock
set time-zone-name=America/New_York
/system identity
set name=MTCCR1009
/system logging
add topics=ipsec
/system ntp client
set enabled=yes primary-ntp=129.250.35.250 secondary-ntp=216.229.0.50
/system routerboard settings
set silent-boot=no
/tool bandwidth-server
set enabled=no

Setting up peering by itself isn't enough. Both your uplines and possibly their uplines will need to allow your route announcements through their filters.

Hi, if you want to check your advertisements, please check the results of the command:
If the results aren't ok, you'll need to talk with your provider if they're allowing your public subnet at their filters and you can check that by using any looking glass provider, for my region the easiest way is using the Hurricane Electrics looking glass -> http://lg.he.net