Community discussions

MikroTik App
 
ahsan09
just joined
Topic Author
Posts: 4
Joined: Sat Nov 09, 2019 11:10 pm

Unable to Reach BGP Neighbour

Thu Feb 18, 2021 9:14 am

Need help..
Trying to establish BGP b/w two networks although bgp established but unable to reach both lan ,Also gre tunnel create b/w both mikrotik.
You do not have the required permissions to view the files attached to this post.
 
ahsan09
just joined
Topic Author
Posts: 4
Joined: Sat Nov 09, 2019 11:10 pm

Re: Unable to Reach BGP Neighbour

Mon Feb 22, 2021 11:41 am

Anyone here to help me???
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 6882
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to Reach BGP Neighbour

Tue Feb 23, 2021 7:48 pm

Both your drawings give little clue on what is the actual issue you're dealing with. Can you provide the current configuration exports instead? Is the BGP connection between the routers established but the routing tables are not updated, or the BGP is not up at all, or the routing tables are updated but packets don't get through?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
ahsan09
just joined
Topic Author
Posts: 4
Joined: Sat Nov 09, 2019 11:10 pm

Re: Unable to Reach BGP Neighbour

Tue Feb 23, 2021 10:04 pm

Both your drawings give little clue on what is the actual issue you're dealing with. Can you provide the current configuration exports instead? Is the BGP connection between the routers established but the routing tables are not updated, or the BGP is not up at all, or the routing tables are updated but packets don't get through?
Thanks for replying. Actually, I have configured it on both sides by giving AS and remote IP. The state has changed to established but once I tried to reach remote lan from both ends it didn't reach.
 
sindy
Forum Guru
Forum Guru
Posts: 6882
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to Reach BGP Neighbour

Tue Feb 23, 2021 10:22 pm

By the above you have responded only one of the questions, now we know that the BGP communication is established. But you haven't posted the configurations, and you haven't looked into the routing tables of both devices to see whether the routes to the remote devices' LAN subnets appeared there (marked with b in the leftmost column to indicate BGP as their origin) or not. If they are there, it is a firewall issue; if they are not, it is a BGP configuration issue.

You can't expect a useful help if you don't provide useful input.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1145
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Unable to Reach BGP Neighbour

Wed Feb 24, 2021 4:12 am

You're BGP router needs to be on the same network and the other up-stream BGP router you will be peering with.
Example. Your BGP upstream interface ( live Internet IP addresses ). 123.123.123.2/30 and you peer to 123.123.123.1/30

Both BGP routers need to know the AS number of each other

Your BGP router announces to the upstream BGP router your ARIN assigned IPv4 and/or IPv6 networks.
Example , you announce your live network IPv4 block is 123.50.50.0/24 - this is sent to your upstream ISP BGP peer.
The upstream BGP peer then announces to all BGP routers in the world how to get to your IP addresses.
Your router receives every BGP router announcements from all routers in the world - thousands of routes. Now your BGP router knows how to get to every Internet IP address.
Your router also had a static router - you route your live network ( example 123.50.50.0/24 ) to your 2nd router and then your second router performs static routes to all of your networks that you manage.

It's actually pretty easy
 
ahsan09
just joined
Topic Author
Posts: 4
Joined: Sat Nov 09, 2019 11:10 pm

Re: Unable to Reach BGP Neighbour

Wed Feb 24, 2021 3:17 pm

Both your drawings give little clue on what is the actual issue you're dealing with. Can you provide the current configuration exports instead? Is the BGP connection between the routers established but the routing tables are not updated, or the BGP is not up at all, or the routing tables are updated but packets don't get through?
Please find the attached config file.I have checked the routing table and found no BGP routes there, although on BGP tab state has established .
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 6882
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to Reach BGP Neighbour

Wed Feb 24, 2021 3:42 pm

As the BGP peer is Fortinet and you haven't shown its configuration, it is hard to judge anything (and no, I don't know enough about Fortigate to be able to help with its configuration).

Don't use rich text formats for configuration files. A plain .txt is enough and the probability that you inadvertently spread a virus is much lower. The easiest way to post configs is to copy-paste them to the body of the post between [code] and [/code] tags (created by pressing the [ </> ] button above the editing field).

I'd say your best friend is sniffing now:
  • disable the BGP peer
  • run /tool sniffer set file-name=bgp-start.pcap
  • run /tool sniffer quick port=179
  • enable the BGP peer
  • wait 3 minutes, then stop the /tool sniffer quick ...
  • download the file, open it using Wireshark, and see whether the Fortigate is advertising the expected prefixes on its end (and whether the Mikrotik advertises 100.127.36.0/29)
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Google [Bot], sindy and 152 guests