MikroTik

Hello,

I a trying to do BGP peering with two bandwidth providers, according to example http://wiki.mikrotik.com/wiki/Manual:Si ... ultihoming en el setup que se llama “Load Sharing”.

My problem is one of the dynamic obtained routes is inactive

/ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
2 ADb 0.0.0.0/0 12.250.170.117 20
5 Db 0.0.0.0/0 50.84.34.213 20


Number 5 is NOT ACTIVE ... WHY? --- Attached screenshot .

Here's my conf, can you please help pointing me in the right direction?

/routing bgp instance
set default as=13959 client-to-client-reflection=no comment="Autophone of Laredo" disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-con
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""

/routing bgp network
add disabled=no network=216.150.33.0/24 synchronize=no
add disabled=no network=216.150.32.0/24 synchronize=no
add disabled=no network=216.150.34.0/24 synchronize=no
add disabled=no network=216.150.35.0/24 synchronize=no
add disabled=no network=216.150.36.0/24 synchronize=no
add disabled=no network=216.150.37.0/24 synchronize=no
add disabled=no network=216.150.38.0/24 synchronize=no
add disabled=no network=216.150.39.0/24 synchronize=no
add disabled=no network=216.150.40.0/24 synchronize=no
add disabled=no network=216.150.41.0/24 synchronize=no
add disabled=no network=216.150.42.0/24 synchronize=no
add disabled=no network=216.150.43.0/24 synchronize=no
add disabled=no network=216.150.44.0/24 synchronize=no
add disabled=no network=216.150.45.0/24 synchronize=no
add disabled=no network=216.150.46.0/24 synchronize=no
add disabled=no network=216.150.47.0/24 synchronize=no

/routing bgp peer
add address-families=ip as-override=no comment="ACC AT&T" default-originate=never disabled=no hold-time=3m in-filter=isp1-in instance=default multihop=no name=
nexthop-choice=default out-filter=isp1-out passive=no remote-address=12.250.170.117 remote-as=7018 remove-private-as=no route-reflect=no tcp-md5-key="" ttl
use-bfd=no
add address-families=ip as-override=no comment=TWC default-originate=never disabled=no hold-time=3m in-filter=isp2-in instance=default multihop=no name=toISP2
nexthop-choice=default out-filter=isp2-out passive=no remote-address=50.84.34.213 remote-as=11427 remove-private-as=no route-reflect=no tcp-md5-key="" ttl=
use-bfd=no

/routing filter
add action=accept chain=isp1-out comment="Accept our own network and prepend second network" disabled=no invert-match=no prefix=12.217.156.216/29 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.32.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.33.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.34.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.35.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.36.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.37.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.38.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.39.0/24 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.40.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.41.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.42.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.43.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.44.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.45.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.46.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp1-out disabled=no invert-match=no prefix=216.150.47.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=discard chain=isp1-out comment="Discard the rest" disabled=no invert-match=no set-bgp-prepend-path=""
add action=accept chain=isp2-out comment="Accept our networks and prepend AS path three times" disabled=no invert-match=no prefix=12.217.156.216/29 set-bgp-prepend=3 \
set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.32.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.33.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.34.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.35.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.36.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.37.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.38.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.39.0/24 set-bgp-prepend=3 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.40.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.41.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.42.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.43.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.44.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.45.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.46.0/24 set-bgp-prepend-path=""
add action=accept chain=isp2-out disabled=no invert-match=no prefix=216.150.47.0/24 set-bgp-prepend-path=""
add action=discard chain=isp2-out comment="Discard the rest" disabled=no invert-match=no set-bgp-prepend-path=""
add action=discard chain=isp1-in comment="We do not need any routes from both ISPs, because default route is used to force outgoing traffic through ISP1 and leave ISP2 as backup\
. OJO ESTO PUEDE O NO REQUERIRSE !!!" disabled=yes invert-match=no set-bgp-prepend-path=""
add action=discard chain=isp2-in disabled=yes invert-match=no set-bgp-prepend-path=""

Thanks a lot for your help.

J. Boardman

BUMP

I dont see the problem, this is the behavior I would expect with two default routes received via BGP.

You cannot have two active routes to the same prefix with BGP, it does not support ECMP natively.

Yep.

Default expected behaviour. You are receiving two routes, with equal path length and cost.

If you want to distribute your traffic between your two peers, you will need to receive full routing tables from both your providers. BGP will then use AS Path length to determine which provider to use for which prefix

I dont see the problem, this is the behavior I would expect with two default routes received via BGP.

You cannot have two active routes to the same prefix with BGP, it does not support ECMP natively.

Thanks, that is what I had in mind but wanna be sure, what's the best way you recommend to balance the load between the two providers? By using Prepend, Local Preference or AS-PATH?
And for Upload... Policy routing? Or is there some BGP attribute that can be used?

Jorge

Yep.

Default expected behaviour. You are receiving two routes, with equal path length and cost.

If you want to distribute your traffic between your two peers, you will need to receive full routing tables from both your providers. BGP will then use AS Path length to determine which provider to use for which prefix

Thanks, that is what I had in mind but wanna be sure, what's the best way you recommend to balance the load between the two providers? By using Prepend, Local Preference or AS-PATH?
And for Upload... Policy routing? Or is there some BGP attribute that can be used?

Do I forcefully have to receive full routing tables from both providers in order to be able to distribute traffic?

Jorge

Anyone ?

Thanks

From manual :


Load sharing setup

Using previous setup we are kind of wasting one link. So it is possible to redesign our setup as illustrated below to utilize both links. Bgp-multihoming-download-sharing.png

The same as in previous setup BGP AS prepend will be used to achieve our goal. This time we will advertise one of the netowrks to ISP1 without prepend and another network prepended three times. The opposite for ISP2.

Outgoing filters to ISP1:
/routing filter
#accept our networks and prepend second network
add chain=isp1-out prefix=10.1.1.0/24 action=accept
add chain=isp1-out prefix=10.1.2.0/24 action=accept set-bgp-prepend=3
#discard the rest
add chain=isp1-out action=discard


Outgoing filters to ISP2:
/routing filter
#accept our networks and prepend first network
add chain=isp2-out prefix=10.1.1.0/24 action=accept set-bgp-prepend=3
add chain=isp2-out prefix=10.1.2.0/24 action=accept
#discard the rest
add chain=isp2-out action=discard


Configuration above is only for packets going to our network. There are several options how to deal with packets going from our network:
leave gateways as in main/backup configuration - this will result in only one link utilized and asymmetric routing
use policy routing to force outgoing packets over the same link as incoming
use BGP to receive full routing tables from both peers and using BGP attributes make part of the routes available through one link and other part through another link. For example, traffic local to your country is sent over ISP1 the rest is sent over ISP2.

All those methods are covered in other articles and will not be shown here.

[ Top | Back to Content ]

Thanks for your kind reply samsun172

If you see the first post, my router configuration is exactly as the example you are mentioning, I used precisely that one. But for some reason I can't find there's traffic on both ISP links; I have sixteen /24 networks, first set of 8 I want to get feed by ISP1 and second set of 8 by ISP2, so I setup my filters that way, using prepend=3. Currently there are NO users on the second set of networks, but I can see (torch) download traffic coming from BOTH ISP's ....

Any idea why? prepend=3 not enough? maybe prepend=10 should do it? ... I am not receiving full routes from ISP's should I ask them to forward those to me?

Any help will be really appreciated.


Best Regards
J. Boardman

If you peer With an AS'nr you should always get the full Internett BGP table from Your peer. Its a bit memory consuming, but to one peer 1 gig would do. 2 peer, should be ok with about 2gig memory.

The bgp route, would always take the AS path with shortest distance. If you have a default route (0.0.0.0.0/0) from one provider, and "low" distance, it's always used. If you have a lot of routes, all with different cost, the router will choose the one witch have the lowest path. After reciving full internet table, remember to remove the default route.

about the prepend stuff, its not easy to do it right without knowlege on what you do. and why. i have a little something. Read, and try to understand:

http://oreilly.com/catalog/bgp/chapter/ch06.html

Any idea why? prepend=3 not enough? maybe prepend=10 should do it? ... I am not receiving full routes from ISP's should I ask them to forward those to me?

I'd suggest that you need to advertise your allocated /20 route (216.150.32.0/20). If your router will handle it, you can also ask your providers if they will give you partial+default routes (or full routes). This will mean that both providers will be routing inbound traffic for your and you will be automatically sharing your outbound traffic between the two based on standard BGP route-selection.

Get that all working and you'll likely find that you don't need to advertise the de-aggregated /24 prefixes, and you don't need to use path-prepending.

Regards,

If you peer With an AS'nr you should always get the full Internett BGP table from Your peer. Its a bit memory consuming, but to one peer 1 gig would do. 2 peer, should be ok with about 2gig memory.

The bgp route, would always take the AS path with shortest distance. If you have a default route (0.0.0.0.0/0) from one provider, and "low" distance, it's always used. If you have a lot of routes, all with different cost, the router will choose the one witch have the lowest path. After reciving full internet table, remember to remove the default route.

about the prepend stuff, its not easy to do it right without knowlege on what you do. and why. i have a little something. Read, and try to understand:

http://oreilly.com/catalog/bgp/chapter/ch06.html

Thanks samsung172

Any idea why? prepend=3 not enough? maybe prepend=10 should do it? ... I am not receiving full routes from ISP's should I ask them to forward those to me?

I'd suggest that you need to advertise your allocated /20 route (216.150.32.0/20). If your router will handle it, you can also ask your providers if they will give you partial+default routes (or full routes). This will mean that both providers will be routing inbound traffic for your and you will be automatically sharing your outbound traffic between the two based on standard BGP route-selection.

Get that all working and you'll likely find that you don't need to advertise the de-aggregated /24 prefixes, and you don't need to use path-prepending.

Regards,

Thanks cupis

Hello all,

Kindly request you all to help my cases.

I have 2 providers and configured bgp received default route only from each. BGP estblished and work fine. but the problem is, one of the default route (From Operator 2) is inactive always (blue colour). So i can't use that route never.
even i disconnect the Operator 1's link. But it was never came as an Active Route and we lost evey traffic drop.

While we connected Operator's 1 Links, Download traffic were come down from Both of them, depend on as-prepand policy.


and i have 2 prefixs from APNIC.
103.135.37.0/24
103.150.58.0/24

this two prefix has announce to both of operators with set-bgp-prepand for download share to each prefix.


Address
========

;;; OML_Uplink (#Operator 1)
74.50.211.10/30 74.50.211.8 VLAN4010

;;; CPN_Uplink (#Operator 2)
123.253.228.169/31 123.253.228.168 sfp-sfpplus8

Default Route Received
===========
> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 0.0.0.0/0 74.50.211.9 20
1 Db 0.0.0.0/0 123.253.228.168 20


advertise
==========
/routing bgp> network print
Flags: X - disabled
# NETWORK SYNCHRONIZE
0 103.135.37.0/24 no
1 103.150.58.0/24 no


> routing bgp instance print
Flags: * - default, X - disabled
0 * name="default" as=138634 router-id=0.0.0.0 redistribute-connected=no redistribute-static=no redistribute-rip=no
redistribute-ospf=no redistribute-other-bgp=no out-filter="" client-to-client-reflection=yes ignore-as-path-len=no
routing-table=""

Filtering
===========

/routing bgp peer
add hold-time=15s in-filter=OML-in keepalive-time=5s multihop=yes name=OML \
out-filter=OML-out remote-address=74.50.211.9 remote-as=132167 \
tcp-md5-key="" ttl=10

add hold-time=1m30s in-filter=CPN-in keepalive-time=30s multihop=yes name=CPN \
out-filter=CPN-out remote-address=123.253.228.168 remote-as=136168 \
tcp-md5-key="" ttl=10

/routing filter
add action=accept chain=OML-out prefix=103.135.37.0/24
add action=accept chain=OML-out prefix=103.150.58.0/24 set-bgp-prepend=10
add action=discard chain=OML-out
add action=accept chain=OML-in prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=OML-in prefix=10.0.0.0/8
add action=discard chain=OML-in prefix=169.254.0.0/16
add action=discard chain=OML-in prefix=192.168.0.0/16
add action=discard chain=OML-in prefix=172.16.0.0/12
add action=discard chain=OML-in prefix=224.0.0.0/4
add action=discard chain=OML-in prefix=240.0.0.0/4
add action=discard chain=OML-in prefix=127.0.0.0/8
add action=discard chain=OML-in prefix=103.135.37.0/24
add action=discard chain=OML-in prefix=103.150.58.0/24
add action=accept chain=OML-in
add action=accept chain=CPN-out prefix=103.135.37.0/24 set-bgp-prepend=10
add action=accept chain=CPN-out prefix=103.150.58.0/24
add action=discard chain=CPN-out
add action=accept chain=CPN-in prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=CPN-in prefix=10.0.0.0/8
add action=discard chain=CPN-in prefix=169.254.0.0/16
add action=discard chain=CPN-in prefix=192.168.0.0/16
add action=discard chain=CPN-in prefix=172.16.0.0/12
add action=discard chain=CPN-in prefix=224.0.0.0/4
add action=discard chain=CPN-in prefix=240.0.0.0/4
add action=discard chain=CPN-in prefix=127.0.0.0/8
add action=discard chain=CPN-in prefix=103.135.37.0/24
add action=discard chain=CPN-in prefix=103.150.58.0/24
add action=accept chain=CPN-in

Thanks in advanced
Dau

Default Route Received
===========
> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 0.0.0.0/0 74.50.211.9 20
1 Db 0.0.0.0/0 123.253.228.168 20

Hello, it means that you're properly receiving the default route at both peers, but BGP with RouterOS will always choose only one of those, and that's the active route, if you want o force the election of the second default route you can add a new routing-filter rule and increase the weight or local-preference.

If you want to test the backup route once the main BGP peer goes down, you must wait for a couple of minutes until the route properly delete that route and active the backup route, for a fastest convergence time you might want to decrease the BGP default timers.