Community discussions

MUM Europe 2020
Topic Author
Posts: 47
Joined: Sat May 29, 2004 11:46 am
Location: Bulgaria


Tue Feb 21, 2012 4:54 pm

I am trying to set up an VPN for a customer, using eBGP to talk to the customer.

I first tried using "pure" BGP and VRF -- set up L2 tunnels between each site and on each site ran BGP within an VRF. Each of my BGP routers would connect to the customer router (customer facing interface is in the VRF, as well as all L2 links) but iBGP would not connect all. As long as all L2 interfaces are in the VRF, they would not connect. Seems BGP does not properly attach there..

I also tried the suggested setup, as described in ... g_protocol. Even although my setup was simpler -- different customer AS at each site and no multihomed customer sites, there were at least two problems with it:

- no indication that my BGP routers send anything to the customer's peers. Although, the customer indicated that they see the updates from me. Nothing shows up in /routing bgp advertisements.
- inconsistent BGP routing table. For example, if I have three sites, A, B and C. The customer had their own internal connectivity and they announce the same prefix at each connect point, but with different path -- my iBGP would not sort that out and sometimes only sees/announces the longer prefix. At site A, I would announce the BGP routes of site B via site C on customer's internal BGP network instead of announcing what they announce from site B to me.. When I set up iBGP/eBGP without any of the VRF/VPNv4 stuff, everything works as expected. Probably this mess has something to do with VPNv4.

Has anyone experienced anything like this? Is there a fix? This was tested on both ROS 5.12 and 5.13.
User avatar
MikroTik Support
MikroTik Support
Posts: 5970
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia

Re: BGP and VRF

Thu Feb 23, 2012 9:47 am

-vpnv4 advetisements can be seen in
/routing bgp vpnv4-route> print

- as for inconsistency. Provide network diagram you have and all router configurations.
Topic Author
Posts: 47
Joined: Sat May 29, 2004 11:46 am
Location: Bulgaria

Re: BGP and VRF

Thu Feb 23, 2012 12:43 pm

The vpnv4 routes are seen in /routing bgp vpnv4-route> print. But there is no way to see what is announced to the customer via eBGP.

About the topology:

Variant 1: BGP over VRF (no MPLS)
Provider Network: routers interconnected by L2 tunnels (tried all variations, let's assume EoIP - to keep it simple), AP, BP, CP. These routers are connected with each other with L2 tunnels.
Customer Network: three access routers to Provider, own internal BGP network, exports to provider eBGP (internal network), let's name customer's routers: AC, BC, CC.

AC connects to AP, BC connects to BP, CC connects to CP -- all via physical Ethernet interfaces.

All participating interfaces in the Provider network, the Ethernet facing customer, the EoIP tunnels and the loopback interfaces used for BGP are in the same VRF. The BGP instance is configured to use thatVRF routing table.

Failure: eBGP between Provider and Customer connects. iBGP within Provider network does not.
(perhaps some VRF bug with virtual interfaces, but verified to work when connecting to customer via VLAN)

Variant 2: BGP with VPNv4 and MPLS

Same network topology, setup identical to the one described in ... g_protocol, except:
- customer has different AS at each site, so no allow-as-in= statements.
- no multihoming customer site, so no site-of-origin= statements. Because of this no BGP import/export filters.

The primary difference with the lab example is that the customer sites in fact run their internal BGP and announce to Provider the same routes at different sites. Perhaps this is why it does not work..

I can provide the full set of the configuration directives although the wiki already has it well documented. I could get the customer to reconfigure again and provide some real BGP data as well, but .. no idea when this might happen.

By the way, I believe it will be more useful to make the first scenario work. It will avoid the messing with VPNv4 and one could signal VPLS tunnels via BGP as well (using a different instance).

Who is online

Users browsing this forum: No registered users and 21 guests