i have an setup here, where a Mikrotik Router connects to 2 different wireguard tunnels via 2 different interfaces. Then over each of these interfaces i connect via bgp with a different router. These different routers share an ibgp and they are announcing the same routes to the Mikrotik Router.
On the Mikrotik Router i set Local Preference of BGP 1 to 500 and of BGP 2 to 100. This should force Traffic to get routed via BGP 1. But no matter what i am trying, the traffic gets routed via BGP 2.
Can somebody give me a hint what i am doing wrong? The same setup on other Routers (Cisco etc.) works perfectly as intended.
Here is my config:
Code: Select all
/interface bridge
add name=bridge1
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
add listen-port=13232 mtu=1420 name=wireguard2
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
/routing bgp template
set default disabled=no output.network=bgp-networks
/interface wireguard peers
add allowed-address=0.0.0.0/0 comment=rz-1 endpoint-address=vpn-1.example.com endpoint-port=51820 interface=wireguard1 persistent-keepalive=25s public-key="XXX"
add allowed-address=0.0.0.0/0 comment=rz-2 endpoint-address=vpn-2.example.com endpoint-port=51821 interface=wireguard2 persistent-keepalive=25s public-key="XXX"
/ip address
add address=10.253.87.1/24 comment=LAN-Static interface=bridge1 network=10.253.87.0
add address=10.254.10.89/24 interface=wireguard1 network=10.254.10.0
add address=10.254.20.89/24 interface=wireguard2 network=10.254.20.0
/ip firewall address-list
add address=10.253.87.0/24 list=BGP-Announce
/routing bgp connection
add address-families=ip as=65187 disabled=no input.filter=in-main local.address=10.254.10.89 .role=ebgp name=bgp-1 output.default-originate=never .filter-chain=out .network=BGP-Announce remote.address=10.254.10.1/32 .as=65499 router-id=10.254.10.89 routing-table=main
add address-families=ip as=65187 disabled=no input.filter=in-back local.address=10.254.20.89 .role=ebgp name=bgp-2 output.default-originate=never .filter-chain=out .network=BGP-Announce remote.address=10.254.20.1/32 .as=65499 router-id=10.254.20.89 routing-table=main
/routing filter rule
add chain=in-back disabled=no rule="if ( afi ipv4 ) { set bgp-local-pref 100; accept }"
add chain=out disabled=no rule="if ( afi ipv4 && dst ==10.253.87.0/24 ) { accept }"
add chain=in-main disabled=no rule="if ( afi ipv4 ) { set bgp-local-pref 500; accept }"
The Routes from the 10.254.10.1 show BGP Local Pref 500 and from 20.1 show 100. But this does not seem to have any effect.Flags: D - dynamic; X - disabled, I - inactive, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; + - ecmp
DAd dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=100.64.0.1 immediate-gw=100.64.0.1%ether1 distance=1 scope=30 target-scope=10 vrf-interface=ether1 suppress-hw-offload=no
DAc dst-address=10.253.87.0/24 routing-table=main gateway=bridge1 immediate-gw=bridge1 distance=0 scope=10 suppress-hw-offload=no local-address=10.253.87.1%bridge1
DAc dst-address=10.254.10.0/24 routing-table=main gateway=wireguard1 immediate-gw=wireguard1 distance=0 scope=10 suppress-hw-offload=no local-address=10.254.10.89%wireguard1
DAc dst-address=10.254.20.0/24 routing-table=main gateway=wireguard2 immediate-gw=wireguard2 distance=0 scope=10 suppress-hw-offload=no local-address=10.254.20.89%wireguard2
DAc dst-address=100.64.0.0/10 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10 suppress-hw-offload=no local-address=100.109.74.232%ether1
DAb + dst-address=172.17.1.36/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.36/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.39/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.39/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.46/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.46/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.57/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.57/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.60/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.60/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.124/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.124/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.133/32 routing-table=main gateway=10.254.20.1 immediate-gw=10.254.20.1%wireguard2 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
DAb + dst-address=172.17.1.133/32 routing-table=main gateway=10.254.10.1 immediate-gw=10.254.10.1%wireguard1 distance=20 scope=40 target-scope=10 suppress-hw-offload=no
Help is really appreciated!
Best Regards