Community discussions

MikroTik App
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Default Route advertisement eBGP failover

Thu Feb 25, 2021 10:06 pm

Hi all,

I am having some issues with my default route propagation between my towers during a failover scenario. I attached a high level diagram that goes over the setup which can be summarized below when all the circuits are up and running.

Tower1 receives default from Core and advertises to Tower2
Tower2 receives default from Tower1 & Tower3 ; configured to advertise to both neighbors if installed
Tower3 receives default from Tower2 & Tower4 ; configured to advertise to both neighbors if installed
Tower4 receives default from Core and advertises to Tower3

Tower2 and 3 have two defaults learned and failover is working as expected. The issue is with Tower1 and Tower4. If Tower1 loses its connection to the core, I am expecting the Mikrotik to learn a default from Tower2's Mikrotik but it's not happening. When Tower1's circuit towards the core is up, Tower2 learns it's primary default from Tower1 and it does not advertise it back to Tower1. That is expected, but shouldn't Tower2 use the default learned from Tower3 and then advertise it towards Tower1 in my scenario?

Thanks,
AT
You do not have the required permissions to view the files attached to this post.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Default Route advertisement eBGP failover

Thu Feb 25, 2021 10:28 pm

You'd need to show your export (of at least /routing (including bgp and filters)) for us to start to understand what and why it should happen - and why it may not be. You may be filtering it out. You may have peer config slightly off. In a general scenario - Tower3 should still install a default route to Tower1 - and Tower1 decides which one to use, if its not there all the time then the advertisement is not being passed on for some reason.
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Re: Default Route advertisement eBGP failover

Fri Feb 26, 2021 6:23 pm

Thanks for your reply joegoldman. I attached my filters from Towers 1, 2, and 3.

Tower1:

0 ;;; eBGP Core-QFX Allow-In
chain=ebgp-core-qfx5100-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
1 chain=ebgp-core-qfx5100-accept invert-match=no action=discard set-bgp-prepend-path=""
2 ;;; eBGP Core-QFX Allow-Out
chain=ebgp-core-qfx5100-announce prefix=10.50.105.0/24 prefix-length=24-32 invert-match=no action=accept
set-bgp-prepend-path=""
3 chain=ebgp-core-qfx5100-announce prefix=10.105.0.0/22 prefix-length=22-32 invert-match=no action=accept
set-bgp-prepend-path=""
4 chain=ebgp-core-qfx5100-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
5 chain=ebgp-core-qfx5100-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept
set-bgp-prepend-path=""
6 chain=ebgp-core-qfx5100-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept
set-bgp-prepend-path=""
7 chain=ebgp-core-qfx5100-announce invert-match=no action=discard set-bgp-prepend-path=""

8 ;;; eBGP Cedar Allow-Out (Tower2)
chain=ebgp-cedar-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
9 chain=ebgp-cedar-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
10 chain=ebgp-cedar-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
11 chain=ebgp-cedar-announce prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
12 chain=ebgp-cedar-announce invert-match=no action=discard set-bgp-prepend-path=""
13 ;;; eBGP Cedar Allow-In (Tower2)
chain=ebgp-cedar-accept prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
14 chain=ebgp-cedar-accept prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
15 chain=ebgp-cedar-accept prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
16 chain=ebgp-cedar-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
17 chain=ebgp-cedar-accept invert-match=no action=discard set-bgp-prepend-path=""

Tower2:
0 ;;; eBGP Riverview Allow-Out (Tower1)
chain=ebgp-riverview-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
1 chain=ebgp-riverview-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
2 chain=ebgp-riverview-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
3 chain=ebgp-riverview-announce prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
4 chain=ebgp-riverview-announce invert-match=no action=discard set-bgp-prepend-path=""
5 ;;; eBGP Riverview Allow-In (Tower1)
chain=ebgp-riverview-accept prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
6 chain=ebgp-riverview-accept prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
7 chain=ebgp-riverview-accept prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
8 chain=ebgp-riverview-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
9 chain=ebgp-riverview-accept invert-match=no action=discard set-bgp-weight=150 set-bgp-prepend-path=""

10 ;;; eBGP Willson Allow-Out (Tower3)
chain=ebgp-willson-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
11 chain=ebgp-willson-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
12 chain=ebgp-willson-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
13 chain=ebgp-willson-announce prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
14 chain=ebgp-willson-announce invert-match=no action=discard set-bgp-prepend-path=""
15 ;;; eBGP Willson Allow-In (Tower3)
chain=ebgp-willson-accept prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
16 chain=ebgp-willson-accept prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
17 chain=ebgp-willson-accept prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
18 chain=ebgp-willson-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
19 chain=ebgp-willson-accept invert-match=no action=discard set-bgp-prepend-path=""

Tower3:
0 ;;; eBGP Addison Allow-Out (Tower4)
chain=ebgp-addison-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
1 chain=ebgp-addison-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
2 chain=ebgp-addison-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
3 chain=ebgp-addison-announce prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-weight=0
set-bgp-prepend-path=""
4 chain=ebgp-addison-announce invert-match=no action=discard set-bgp-prepend-path=""

5 ;;; eBGP Addison Allow-In (Tower4)
chain=ebgp-addison-accept prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
6 chain=ebgp-addison-accept prefix=172.20.0.0/16 prefix-length=30-32 invert-match=no action=accept set-bgp-prepend-path=""
7 chain=ebgp-addison-accept prefix=172.25.0.0/16 prefix-length=30-32 invert-match=no action=accept set-bgp-prepend-path=""
8 chain=ebgp-addison-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
9 chain=ebgp-addison-accept invert-match=no action=discard set-bgp-prepend-path=""

10 ;;; eBGP Cedar Announce (Tower2)
chain=ebgp-cedar-announce prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-weight=0
set-bgp-prepend-path=""
11 chain=ebgp-cedar-announce prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-weight=0
set-bgp-prepend-path=""
12 chain=ebgp-cedar-announce prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-weight=0
set-bgp-prepend-path=""
13 chain=ebgp-cedar-announce prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-weight=100
set-bgp-prepend-path=""
14 chain=ebgp-cedar-announce invert-match=no action=discard set-bgp-prepend-path=""

15 ;;; eBGP Cedar Allow-In (Tower2)
chain=ebgp-cedar-accept prefix=10.0.0.0/8 prefix-length=22-32 invert-match=no action=accept set-bgp-prepend-path=""
16 chain=ebgp-cedar-accept prefix=172.20.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
17 chain=ebgp-cedar-accept prefix=172.25.0.0/16 prefix-length=24-32 invert-match=no action=accept set-bgp-prepend-path=""
18 chain=ebgp-cedar-accept prefix=0.0.0.0/0 prefix-length=0 invert-match=no action=accept set-bgp-prepend-path=""
19 chain=ebgp-cedar-accept invert-match=no action=discard set-bgp-prepend-path=""
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Re: Default Route advertisement eBGP failover

Fri Feb 26, 2021 6:43 pm

Below are the advertisements from Tower2 towards Tower1. The default is not being advertised. I have tried to set the "Default Originate - always, from if installed" and the result is the same after clearing the BGP peering and rebooting the box.

[atetu@empcle.cedar.ccr1036] > routing bgp advertisements print peer=eBGP-Riverview
PEER PREFIX NEXTHOP AS-PATH ORIGIN LOCAL-PREF
eBGP-... 10.106.0.0/22 172.25.111.2 65108,65106 igp
eBGP-... 172.20.106.0/30 172.25.111.2 65108,65106 igp
eBGP-... 10.50.106.0/24 172.25.111.2 65108,65106 igp
eBGP-... 10.106.14.0/23 172.25.111.2 65108,65106 igp
eBGP-... 10.106.10.0/23 172.25.111.2 65108,65106 igp
eBGP-... 10.106.60.0/24 172.25.111.2 65108,65106 igp
eBGP-... 10.106.16.0/23 172.25.111.2 65108,65106 igp
eBGP-... 10.51.108.0/24 172.25.111.2 65108 igp
eBGP-... 10.106.62.0/24 172.25.111.2 65108,65106 igp
eBGP-... 10.106.12.0/23 172.25.111.2 65108,65106 igp
eBGP-... 10.111.0.0/22 172.25.111.2 igp
eBGP-... 10.51.106.0/24 172.25.111.2 65108,65106 igp
eBGP-... 10.108.0.0/22 172.25.111.2 65108 igp
eBGP-... 10.51.111.0/24 172.25.111.2 igp
eBGP-... 10.50.108.0/24 172.25.111.2 65108 igp
eBGP-... 10.50.111.0/24 172.25.111.2 igp
eBGP-... 172.25.108.0/30 172.25.111.2 65108 igp
eBGP-... 172.25.111.2/32 172.25.111.2 igp
eBGP-... 172.25.111.9/32 172.25.111.2

routing bgp peer print status (Tower2 - Tower1 status)
Flags: X - disabled, E - established
0 E name="eBGP-Riverview" instance=default remote-address=172.25.111.1 remote-as=65105 tcp-md5-key="" nexthop-choice=default
multihop=no route-reflect=no hold-time=1m30s keepalive-time=30s ttl=255 in-filter=ebgp-riverview-accept
out-filter=ebgp-riverview-announce address-families=ip default-originate=if-installed remove-private-as=no as-override=no
passive=no use-bfd=no remote-id=172.20.105.2 local-address=172.25.111.2 uptime=1d19h44m58s prefix-count=6 updates-sent=71
updates-received=13 withdrawn-sent=49 withdrawn-received=0 remote-hold-time=1m30s used-hold-time=1m30s
used-keepalive-time=30s refresh-capability=yes as4-capability=yes state=established
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Default Route advertisement eBGP failover

Sat Feb 27, 2021 3:14 am

Only suggestion (which shouldn't change much) dont specify a prefix length on your default route accept rules - currently it appears to be '0' but try it with nothing specified / that field disabled (can't remember how to do this CLI but can change that on Winbox/Webfig)

Other than that it'd require some actual looking over things to try get a feel for why this is happening. If you want I'd be happy to spend 5-10 minutes looking over one pair of your routers to see if i can assist via Anydesk or similar but there will be a reason that the towers are not accepting the default route - and its likely a filter reason - considering you have it set to always originate default.
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Re: Default Route advertisement eBGP failover

Mon Mar 01, 2021 6:22 pm

Hi joegoldman,

I would really appreciate it if you can make the time to remote in and take a look. Please let me know what days/time work best for you.

-AT
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Default Route advertisement eBGP failover

Mon Mar 01, 2021 6:38 pm

Is this an eBGP design where every tower is a separate ASN? From reading the notes, it seems that way

If so, you'll want to default originate if-installed for every ebgp peering, You also need to make sure that you have a valid and active default route for it to pick up and make sure your in and out filters are permitting 0.0.0.0/0 (it appears to be missing from your eBGP Core-QFX Allow-Out chain)
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Re: Default Route advertisement eBGP failover

Mon Mar 01, 2021 6:48 pm

IPANetEngineer,

That is correct, every tower is a separate ASN. I excluded the 0.0.0.0/0 from the "eBGP Core Allow-Out" chain because I didn't want Tower1 advertising a default towards the core. Tower1 and Tower4 learn the default from the core and then I wanted the default to propagate amongst the towers so they each have one active and one "standby".

Should Tower1 and Tower4 inject a default back towards the core?

-AT
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Default Route advertisement eBGP failover

Mon Mar 01, 2021 7:14 pm

Normally, you only want the default to originate at the border router where you are peering or have DIA with an upstream.

Then:

  • Default Originate (if installed) on all eBGP peerings
  • Permit it via all other eBGP peers in
 
AdrianT88
just joined
Topic Author
Posts: 21
Joined: Thu Mar 05, 2020 6:20 pm

Re: Default Route advertisement eBGP failover

Mon Mar 01, 2021 8:48 pm

IPANetEngineer,

On a high level, that is the design implemented. I just changed Tower2's default originate from "if-installed" to "always" and the the default is now being advertised to Tower1.

Tower2 learns its active default from Tower1 and backup default from Tower3. The issue first described on this post was the fact that Tower2 was not advertising the default towards Tower1 allowing Tower1 to route through Tower2, Tower3, Tower4, Core, DIA if it lost its peering towards the core.

The default got injected as soon as I changed Tower2's default originate to always. I'm assuming since Tower2 learned its primary default through Tower1, it didn't send the default back with the originate if-installed config.

Tower1:
[atetu@empcle.riverview.ccr1036] > ip route print where dst-address=0.0.0.0/0
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 0.0.0.0/0 172.20.105.1 20 ----- learned from Core
1 Db 0.0.0.0/0 172.25.111.2 20 ----- learned from Tower2

Tower2:
[atetu@empcle.cedar.ccr1036] > ip route print where dst-address=0.0.0.0/0
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 0.0.0.0/0 172.25.111.1 20 ----- learned from Tower1
1 Db 0.0.0.0/0 172.25.111.9 20 ----- learned from Tower3

-AT

Who is online

Users browsing this forum: No registered users and 15 guests