Page 1 of 1

BGP troubles

Posted: Tue Dec 23, 2014 1:52 pm
by Krisken

This weekend, i've tried to set up a BGP session with our new provider to announce our own IP range ( I connected the network of our provider to port 1 of the mikrotik and a simple client (Raspberry PI) on port 2 (IP : A strange thing : we can ping the Mikrotik router from the Raspberry PI and we can ping the internet (eg from the Mikrotik router. But we can't ping the internet from the Raspberry PI.

Very weird thing : the same setup works with another provider (with another IP block).

We tried the setup with a Routerboard RB2011UiAS-2HnD-IN. When working, we would replace it with a CCR.

Our AS : 48260
Our IP : (gateway is or .129 as VRRP)
Remote AS : 61029
Remote IP :
# dec/19/2014 16:08:36 by RouterOS 6.22
# software id = K6Z0-T31J
/interface ethernet
set [ find default-name=ether1 ] mac-address=D4:CA:6D:4A:B8:6A name=\
    "ether01 - Bitency BGP feed"
set [ find default-name=ether2 ] mac-address=D4:CA:6D:4A:B8:6B name=\
    "ether02 - Bitency Server Feed"
set [ find default-name=ether3 ] disabled=yes mac-address=D4:CA:6D:4A:B8:6C \
    master-port="ether02 - Bitency Server Feed" name=ether03
set [ find default-name=ether4 ] mac-address=D4:CA:6D:4A:B8:6D master-port=\
    "ether02 - Bitency Server Feed" name="ether04 - PFSense"
set [ find default-name=ether5 ] disabled=yes mac-address=D4:CA:6D:4A:B8:6E \
set [ find default-name=ether6 ] disabled=yes mac-address=D4:CA:6D:4A:B8:6F \
set [ find default-name=ether7 ] disabled=yes mac-address=D4:CA:6D:4A:B8:70 \
set [ find default-name=ether8 ] disabled=yes mac-address=D4:CA:6D:4A:B8:71 \
set [ find default-name=ether9 ] disabled=yes mac-address=D4:CA:6D:4A:B8:72 \
set [ find default-name=ether10 ] disabled=yes mac-address=D4:CA:6D:4A:B8:73 \
    name="ether10 - Internal network"
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290 ssid="RTR DC Rijen"
/ip neighbor discovery
set "ether01 - Bitency BGP feed" discover=no
/interface ethernet switch port
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 12 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
set 0 name=serial0
/routing bgp instance
set default as=48260 redistribute-connected=yes redistribute-ospf=yes \
    redistribute-other-bgp=yes redistribute-rip=yes redistribute-static=yes \
/system logging action
set 1 disk-file-name=""
set 2 remember=yes
/tool user-manager customer
/ip address
add address= comment="Bitency BGP" interface=\
    "ether01 - Bitency BGP feed" network=
add address= comment="Bitency Internet" interface=\
    "ether02 - Bitency Server Feed" network=
/ip cloud
set enabled=yes
/ip dhcp-client
add default-route-distance=100 dhcp-options=hostname,clientid disabled=no \
    interface="ether10 - Internal network" use-peer-dns=no use-peer-ntp=no
/ip dns
set allow-remote-requests=yes servers=,
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/routing bgp peer
add address-families=ip,ipv6 default-originate=if-installed hold-time=\
    infinity keepalive-time=10s name="Bitency BGP" remote-address=\ remote-as=61029 ttl=default
set enabled=yes location="Netherlands - Rijen" \
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name="RTR DC Rijen"
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set "ether01 - Bitency BGP feed" disabled=yes display-time=5s
set "ether02 - Bitency Server Feed" disabled=yes display-time=5s
set ether03 disabled=yes display-time=5s
set "ether04 - PFSense" disabled=yes display-time=5s
set ether05 disabled=yes display-time=5s
set ether06 disabled=yes display-time=5s
set ether07 disabled=yes display-time=5s
set ether08 disabled=yes display-time=5s
set ether09 disabled=yes display-time=5s
set "ether10 - Internal network" disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp= secondary-ntp=
/tool graphing interface
/tool graphing resource
/tool mac-server
set [ find default=yes ] disabled=yes
add interface="ether02 - Bitency Server Feed"
add interface=ether03
add interface="ether04 - PFSense"
add interface=ether05
add interface=ether06
add interface=ether07
add interface=ether08
add interface=ether09
add interface="ether10 - Internal network"
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="ether02 - Bitency Server Feed"
add interface=ether03
add interface="ether04 - PFSense"
add interface=ether05
add interface=ether06
add interface=ether07
add interface=ether08
add interface=ether09
add interface="ether10 - Internal network"

Re: BGP troubles

Posted: Tue Dec 23, 2014 5:57 pm
by faisali
Just a wild guess.... possibly Missing default route on the Raspberry Pi ?

Re: BGP troubles

Posted: Tue Dec 23, 2014 6:47 pm
by Krisken
I don't think that is the reason. Because with VyOS it do work perfectly?

Re: BGP troubles

Posted: Sat Dec 27, 2014 6:19 pm
by SwissWISP
By the sounds of it, it's a routing problem of your own subnet. Your router is able to ping because it uses the IP of your ISP to do so. What happens if you set the source IP in PING to the one in your own subnet? I would bet it won't work...

Besides some things in your config which (usually) don't make sense (send a default route to your ISP, redistribute routes from other protocols, etc.), you should first check if your ISP gets your prefix. There are a lot of reasons why this could fail. If they don't get it, start from there. If they get it you should see the path on the looking glass sites which can be found on the net. If your prefix can't be found on these sites, your ISP or one of its upstreams may filter your prefix.

If above is all ok, it HAS to be a problem in your local network (forward rule in the firewall) or on the client it self.

Note, I don't know all details about your network, so I may see some things as a "unusual" way to config this router even if it's the correct way.

Hope this helps a bit to find the problem.

- Mat

Re: BGP troubles

Posted: Tue Dec 30, 2014 11:58 pm
by Krisken
Can somebody please help me with the correct script for this configuration?