Community discussions

MikroTik App
 
ultraprofissionais
just joined
Topic Author
Posts: 1
Joined: Thu Dec 09, 2021 8:14 pm

BGP Confederation on Mikrotik V7

Thu Dec 09, 2021 10:32 pm

Hello,

Could someone give some guidance regarding the configuration of BGP Confederation, in the new version of routerOs?

I took a CCR and updated it to version 7, but it remade the settings but when viewing via winbox, it changed something that made the session establish.

It seems to be an issue with the local.role option.

I even looked at the draft, but found it a little confused.

Could someone pass on any tips?

The settings made are:
/routing bgp connection
    add address-families=ip as=4560/65000 connect=yes disabled=no input.filter=ULTRA_CCR1072_IN \
     listen=yes local.role=ibgp name=ULTRA_CCR1072 \
     nexthop-choice=force-self output.filter-chain=ULTRA_CCR1072_OUT \
    .network=bgp-networks remote.address=172.30.29.1/32 .as=4560/65001 routing-table=main \
    templates=default
Here are some images with the error messages in the log.

Thank you in advance for your attention

Best Regards
João Pedro
You do not have the required permissions to view the files attached to this post.
 
User avatar
edielson_atm
Trainer
Trainer
Posts: 30
Joined: Tue May 29, 2007 5:23 am
Location: Brasilia - Brasil
Contact:

Re: BGP Confederation on Mikrotik V7

Tue Dec 14, 2021 3:11 pm

I have the same problem, did you get a solution?
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: BGP Confederation on Mikrotik V7

Mon Jan 24, 2022 5:05 pm

Had the same problem. I seem to have solved it. The confedration AS is 78910. Sub AS 65534 is for R08. Sub AS 65535 is for R09
R08
add as=78910/65534 disabled=no local.address=10.1.89.8 .role=ebgp name="R08 - R09" remote.address=10.1.89.9/32 .as=65535/78910 router-id=172.16.0.8 routing-table=main


R09
add as=78910/65535 disabled=no local.address=10.1.89.9 .role=ebgp name="R09 - R08" remote.address=10.1.89.8/32 .as=65534/78910 router-id=172.16.0.9 routing-table=main
The remote.as is just the other way around.
 
psm
just joined
Posts: 18
Joined: Thu Apr 06, 2006 3:23 pm
Location: Rzeszow, Poland

Re: BGP Confederation on Mikrotik V7

Wed Apr 06, 2022 2:34 pm

Hi,

Something doesn't work properly in my opinion.

CHR1:
/routing bgp template
set default address-families=ip as=65001 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.1 routing-table=main

/routing bgp connection
add address-families=ip as=65001/1111 disabled=no local.role=ebgp name=bgp-CHR2 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.0.2/32 .as=65002 router-id=192.168.1.1 routing-table=main templates=default
add address-families=ip as=1111 as-override=no disabled=no local.role=ebgp name=bgp-CHR3 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.2.1/32 .as=65003 remove-private-as=no router-id=192.168.1.1 routing-table=main templates=default
CHR2:
/routing bgp template
set default address-families=ip as=65002 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.2 routing-table=main

/routing bgp connection
add address-families=ip as=65002/1111 disabled=no local.role=ebgp name=bgp-CHR1 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.0.1/32 .as=65001 router-id=192.168.1.2 routing-table=main templates=default
CHR3:
/routing bgp template
set default address-families=ip as=65003 disabled=no output.filter-chain=bgp-out .network=bgp-nets router-id=192.168.1.3 routing-table=main

/routing bgp connection
add address-families=ip as=65003 disabled=no local.role=ebgp name=bgp-CHR1 output.filter-chain=bgp-out .network=bgp-nets remote.address=10.0.2.2/32 .as=1111 remove-private-as=no router-id=192.168.1.3 routing-table=main templates=default
CHR1 and CHR2 are in confederation. CHR3 is "outside" router.

Routing table on CHR1
Image

Routing table on CHR3
Image

Problem is in AS-PATH for transited routes. On CHR3 router they should be visible as routes originated from 1111 not 65002.

Do you see any misconfiguration?

Thank you for any help :)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Confederation on Mikrotik V7

Wed Apr 06, 2022 2:47 pm

Currently, there are known problems with the BGP confederation configuration. It is not possible to set it up to work as intended, the problem will be solved in upcoming versions.
 
fleetinfo
just joined
Posts: 4
Joined: Wed May 22, 2019 3:59 am

Re: BGP Confederation on Mikrotik V7

Mon Feb 27, 2023 2:17 pm

is this issue now fixed ?
 
petkodmitriy
just joined
Posts: 12
Joined: Mon Apr 23, 2018 8:44 am

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 9:38 am

any update about bgp confederation?
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 2:07 pm

In modern network deployments, we avoid two things:
1. Fully-meshed iBGP/Route reflector bullshit.
2. BGP confederation bullshit.

We should use is-is/OSPF or underlay of learning loopbacks between adjacent neighbours. Then use iBGP for adjacent neighbours using loopbacks on each side.

Now for anything else use eBGP with private ASN for upstream/downstream relationships.

https://www.rfc-editor.org/rfc/rfc7938.html

I've successfully deployed this method in both ISP and DC environments. No complaints from clients.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 4:31 pm

In modern network deployments, we avoid two things:
1. Fully-meshed iBGP/Route reflector bullshit.
2. BGP confederation bullshit.

We should use is-is/OSPF or underlay of learning loopbacks between adjacent neighbours. Then use iBGP for adjacent neighbours using loopbacks on each side.

Now for anything else use eBGP with private ASN for upstream/downstream relationships.

https://www.rfc-editor.org/rfc/rfc7938.html

I've successfully deployed this method in both ISP and DC environments. No complaints from clients.

If the thread was whether or not to use Confederations, this would be a valid discussion but there will always be a corner case where different protocols are useful and without context, you can't say if if it's the right solution or not. It's better to keep debate about protocol usage out of the threads relating to feature support and whether it's working or not. It clutters the conversation.
Last edited by StubArea51 on Thu Mar 30, 2023 5:07 pm, edited 1 time in total.
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 5:01 pm

Well stated Sir, and to add even MT recognized there are issues with their implementation and are actively seeking to fix it...........so its worth it from their perspective as well.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 7:36 pm

@404network …. What happened to you ??? Did they ban your remarkable friend “Anav” again for being a PITA? I can’t believe Anav is in the penalty box … tell me it ain’t so!
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: BGP Confederation on Mikrotik V7

Thu Mar 30, 2023 7:49 pm

Sad but true mozerd. Undergoing therapy and counselling at the moment.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: BGP Confederation on Mikrotik V7

Fri Mar 31, 2023 12:02 am

My grieving pal @Anav, bless his poor soul!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Confederation on Mikrotik V7

Fri Mar 31, 2023 12:37 am

Do you still have confederation problems with v7.8 or newer? If yes, contact support.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: BGP Confederation on Mikrotik V7

Fri Mar 31, 2023 4:52 am

if i do remember well on v6 multihop must to be able to make it work, unlike v7.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP Confederation on Mikrotik V7

Fri Mar 31, 2023 11:43 am

Like I said, if you have a non-working confederation setup with the latest v7 version, contact support.
 
benniej
just joined
Posts: 5
Joined: Fri Apr 14, 2023 1:26 pm

Re: BGP Confederation on Mikrotik V7

Wed Apr 19, 2023 4:14 pm

Like I said, if you have a non-working confederation setup with the latest v7 version, contact support.
Ticket logged SUP-113377. Please see if you can assist.
 
benniej
just joined
Posts: 5
Joined: Fri Apr 14, 2023 1:26 pm

Re: BGP Confederation on Mikrotik V7

Mon May 08, 2023 4:45 pm

Still not working in ROS 7.9
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: BGP Confederation on Mikrotik V7

Tue May 09, 2023 2:55 am

how u mean?
export your config, or do what @mrz suggested
 
petkodmitriy1
just joined
Posts: 4
Joined: Fri Jun 16, 2023 4:35 pm

Re: BGP Confederation on Mikrotik V7

Fri Jun 16, 2023 4:38 pm

will you solve the problem? if so please share the result
 
benniej
just joined
Posts: 5
Joined: Fri Apr 14, 2023 1:26 pm

Re: BGP Confederation on Mikrotik V7

Fri Jun 30, 2023 6:44 pm

Tested BGP Confederations with ROS v7.10.1 and still does not seem to work.

Steps to reproduce:

1) Set-up 2 X ROS 6.48.7 CHR/routers with BGP Confederations etc. See example config below.

CORE1:
/interface bridge
add name=loopback0 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=CORE2 disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp instance
set default as=64600 cluster-id=0.0.0.2 confederation=64555 router-id=192.168.61.25
/routing ospf instance
set [ find default=yes ] router-id=192.168.61.255
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.61.1/30 interface=ether1 network=192.168.61.0
add address=192.168.61.254 interface=loopback0 network=192.168.61.254
/ip dns
set allow-remote-requests=yes
/routing bgp peer
add default-originate=if-installed name=CORE2 remote-address=192.168.61.254 remote-as=64600 update-source=loopback0
/routing ospf interface
add passive=yes
add interface=ether1 network-type=point-to-point use-bfd=yes
add interface=loopback0 network-type=broadcast passive=yes
/routing ospf network
add area=backbone network=192.168.61.0/24
/system identity
set name=CORE1
/system package update
set channel=long-term
CORE2:
/interface bridge
add name=loopback0 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=CORE1 disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp instance
set default as=64600 cluster-id=0.0.0.2 confederation=64555 router-id=192.168.61.254
/routing ospf instance
set [ find default=yes ] router-id=192.168.61.254
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.61.2/30 interface=ether1 network=192.168.61.0
add address=192.168.61.254 interface=loopback0 network=192.168.61.254
/ip dns
set servers=192.168.61.1
/routing bgp peer
add name=CORE1 remote-address=192.168.61.255 remote-as=64600 update-source=loopback0
/routing ospf interface
add passive=yes
add interface=ether1 network-type=point-to-point use-bfd=yes
add interface=loopback0 network-type=broadcast passive=yes
/routing ospf network
add area=backbone network=192.168.61.0/24
/system identity
set name=CORE2
/system package update
set channel=long-term
2) Upgrade one of the routers and BOOM!

CORE2:
/interface bridge
add name=loopback0 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=CORE1 disable-running-check=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=virtual0
/routing bgp template
set default as=64555/64600 cluster-id=0.0.0.2 disabled=no output.network=bgp-networks router-id=192.168.61.254
/routing ospf instance
add disabled=no name=default-v2 router-id=192.168.61.254
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.61.2/30 interface=ether1 network=192.168.61.0
add address=192.168.61.254 interface=loopback0 network=192.168.61.254
/ip dns
set servers=192.168.61.1
/ip route
add gateway=192.168.61.1
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/routing bgp connection
add cisco-vpls-nlri-len-fmt=auto-bits connect=yes listen=yes local.address=loopback0 .role=ibgp name=CORE1 remote.address=192.168.61.255 .as=64555/64600 .port=179 templates=default
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether1 networks=192.168.61.0/30 priority=1 type=ptp use-bfd=yes
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=loopback0 networks=192.168.61.254 passive priority=1 use-bfd=no
/system identity
set name=CORE2
/system note
set show-at-login=n
CORE 2 Logs:
 15:35:42 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:37037 -> 192.168.61.253:179 } Socket{ 4 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:42 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:41837 -> 192.168.61.255:179 } Socket{ 6 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:42 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:35453 -> 192.168.61.252:179 } Socket{ 5 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:53 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:35205 -> 192.168.61.253:179 } Socket{ 4 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:53 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:40565 -> 192.168.61.252:179 } Socket{ 6 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:53 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:46835 -> 192.168.61.255:179 } Socket{ 5 ida } out } readsz=45 } cancelRemoteAs=64600
 15:35:54 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:179 -> 192.168.61.252:37954 } Socket{ 4 ida } in } readsz=45 } cancelRemoteAs=64600
 15:36:05 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:36141 -> 192.168.61.252:179 } Socket{ 5 ida } out } readsz=45 } cancelRemoteAs=64600
 15:36:05 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:43623 -> 192.168.61.253:179 } Socket{ 4 ida } out } readsz=45 } cancelRemoteAs=64600
 15:36:05 route,bgp,error Invalid remote AS, expected 64555BgpStarter{ c=Connection{ ConnId{ 192.168.61.254:37851 -> 192.168.61.255:179 } Socket{ 6 ida } out } readsz=45 } cancelRemoteAs=64600
CORE1 Logs:
15:35:42 route,bgp,info Connection opened by remote host 
15:35:42 route,bgp,info     RemoteAddress=192.168.61.254 
15:35:42 route,bgp,error Received notification 
15:35:42 route,bgp,error     OPEN error: bad remote-as 
15:35:52 route,bgp,info Connection opened by remote host 
15:35:52 route,bgp,info     RemoteAddress=192.168.61.254 
15:35:52 route,bgp,error Received notification 
15:35:52 route,bgp,error     OPEN error: bad remote-as 
15:36:02 route,bgp,info Connection opened by remote host 
15:36:02 route,bgp,info     RemoteAddress=192.168.61.254 
15:36:05 route,bgp,error Received notification 
15:36:05 route,bgp,error     OPEN error: bad remote-as
Notes:
1) Conversion from v6 to v7 seems to be correct(at least according to my interpretation of the manual)
2) BFD without confederations seems to be stable.
 
benniej
just joined
Posts: 5
Joined: Fri Apr 14, 2023 1:26 pm

Re: BGP Confederation on Mikrotik V7

Fri Jun 30, 2023 6:51 pm

how u mean?
export your config, or do what @mrz suggested
Already done that...... but only crickets
Ticket Logged: 2023/04/14
Last Generic Reply: 2023/05/08
Like I said, if you have a non-working confederation setup with the latest v7 version, contact support.
Ticket logged SUP-113377. Please see if you can assist.
 
petkodmitriy1
just joined
Posts: 4
Joined: Fri Jun 16, 2023 4:35 pm

Re: BGP Confederation on Mikrotik V7

Sat Jul 01, 2023 2:42 pm

i know why confederation doesn't workinkg on ROS7.
In open message in ROS7 send packet with confederation_as instead SUB_as. In result peer discard this open message.
mikrotik tech support says that is OK))))). and dont wont confirm the bug and resolve problem.

SUP-119427
 
petkodmitriy1
just joined
Posts: 4
Joined: Fri Jun 16, 2023 4:35 pm

Re: BGP Confederation on Mikrotik V7

Sat Jul 01, 2023 2:43 pm

Do you still have confederation problems with v7.8 or newer? If yes, contact support.
support doesn't help
 
petkodmitriy
just joined
Posts: 12
Joined: Mon Apr 23, 2018 8:44 am

Re: BGP Confederation on Mikrotik V7

Thu Jul 13, 2023 9:40 am

Currently, there are known problems with the BGP confederation configuration. It is not possible to set it up to work as intended, the problem will be solved in upcoming versions.
Help, problem still not solved
 
benniej
just joined
Posts: 5
Joined: Fri Apr 14, 2023 1:26 pm

Re: BGP Confederation on Mikrotik V7

Wed Aug 23, 2023 12:04 pm

Tested with:

ROS v6.49.8
ROS v7.11

Still not working. Despite the below URL say it does work…..
https://help.mikrotik.com/docs/display/ ... l+Overview

Who is online

Users browsing this forum: No registered users and 17 guests