Community discussions

 
saibarker
just joined
Topic Author
Posts: 16
Joined: Tue Jun 06, 2017 11:50 am

2 WAN BGP failover

Wed Sep 04, 2019 5:44 am

Hi,

I have a bit of an odd scenario..

I have 2x WAN connections which both advertise the 103.107.224.0/23 network with AS 123456 via BGP. WAN1 is SFP1 and WAN2 is SFP2

I have local subnet 10.10.2.0/24 and 103.107.224.0/23
I want 103.107.224.0/23 to primarily use the WAN1 connection and failover to WAN2 if WAN1 fails
I also want 10.10.2.0/24 to primarily use the WAN2 connection and failover to WAN1 if WAN2 fails.

Can this be done on my CCR1036? if so what would a config look like?

Thanks in advanced,
 
pwuk
newbie
Posts: 31
Joined: Wed Aug 01, 2012 8:51 pm

Re: 2 WAN BGP failover

Thu Sep 05, 2019 10:54 am

Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2

That would mean that incoming traffic would

However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)

I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.

You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping

Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes

Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!
 
User avatar
ingdaka
Member Candidate
Member Candidate
Posts: 181
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: 2 WAN BGP failover

Thu Sep 05, 2019 12:04 pm

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Ilir Daka
Electronic & Network Engineer
E-mail: ilirdaka@live.com
Mob: +355692982151
WhatsApp: +355692982151
Mikrotik Official Consultant
CCNA | Fortinet NSE3 | MTCRE | MTCSE
 
saibarker
just joined
Topic Author
Posts: 16
Joined: Tue Jun 06, 2017 11:50 am

Re: 2 WAN BGP failover

Fri Sep 06, 2019 7:11 am

Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2

That would mean that incoming traffic would

However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)

I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.

You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping

Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes

Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!
Hi Pwuk,
Thanks for the insight!
You have given me a few paths to explore so Ill let you know what I find once have a chance to do some testing!

Cheers,
 
User avatar
ahmadzai
just joined
Posts: 11
Joined: Wed Sep 02, 2015 8:35 am
Location: Kabul
Contact:

Re: 2 WAN BGP failover

Fri Sep 06, 2019 8:07 am

Your Question answer is well explained in following link Load Sharing Setup area and i have also deployed it in my ISP setup and running smoothly, kindly read it carefully and if you had any question feel free to let me know i will assist you.

https://wiki.mikrotik.com/wiki/Manual:S ... ultihoming
Best Regards

Atiqullah Ahmadzai
Network Technical Manager | Easy Connect ISP
IT (Network, VoIP, WISP, CCTV, Fiber-Optic, Telecom)
Contact: (+) 93 792 99 00 19 / (+) 93 787 45 35 75
Email Add: atiqullah.ahmadzai@easyconnect.af
Skype ID = alu14581
 
pwuk
newbie
Posts: 31
Joined: Wed Aug 01, 2012 8:51 pm

Re: 2 WAN BGP failover

Fri Sep 06, 2019 2:54 pm

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Of course you can

Here's one router I have
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          172.26.114.241           20
 1 ADb  10.67.57.0/24                      172.26.114.241           20
 2 ADb  10.168.30.0/24                     172.26.114.241           20
 3 ADb  10.169.42.9/32                     172.26.114.241           20
You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.
 
MichaelHallager
just joined
Posts: 24
Joined: Sun May 13, 2018 8:12 am

Re: 2 WAN BGP failover

Sun Sep 08, 2019 6:51 am

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Of course you can

You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.

If you publicly announce RFC1918 space - in the vast majority of instances your bad/bogan routes will be simply dropped. In any other instances you will look like a muppet.

Who is online

Users browsing this forum: No registered users and 5 guests