I am trying to set up an VPN for a customer, using eBGP to talk to the customer.
I first tried using "pure" BGP and VRF -- set up L2 tunnels between each site and on each site ran BGP within an VRF. Each of my BGP routers would connect to the customer router (customer facing interface is in the VRF, as well as all L2 links) but iBGP would not connect all. As long as all L2 interfaces are in the VRF, they would not connect. Seems BGP does not properly attach there..
I also tried the suggested setup, as described in http://wiki.mikrotik.com/wiki/EBGP_as_P ... g_protocol. Even although my setup was simpler -- different customer AS at each site and no multihomed customer sites, there were at least two problems with it:
- no indication that my BGP routers send anything to the customer's peers. Although, the customer indicated that they see the updates from me. Nothing shows up in /routing bgp advertisements.
- inconsistent BGP routing table. For example, if I have three sites, A, B and C. The customer had their own internal connectivity and they announce the same prefix at each connect point, but with different path -- my iBGP would not sort that out and sometimes only sees/announces the longer prefix. At site A, I would announce the BGP routes of site B via site C on customer's internal BGP network instead of announcing what they announce from site B to me.. When I set up iBGP/eBGP without any of the VRF/VPNv4 stuff, everything works as expected. Probably this mess has something to do with VPNv4.
Has anyone experienced anything like this? Is there a fix? This was tested on both ROS 5.12 and 5.13.