Community discussions

MikroTik App
 
mremme
just joined
Topic Author
Posts: 12
Joined: Tue Sep 01, 2020 12:06 pm

BGP via CHR LANs unreachables

Mon Dec 27, 2021 5:19 pm

Ciao,

I've started my first CHR over the internet and I'm willing to make some routing betweend 3 sites....

Site 1:
VLAN 10 - 192.168.0.0/24
VLAN 15 - 172.16.15.0/26
VLAN 20 - 172.16.15.64/26
SSTP to chr IP 172.16.100.2/30 ==> CHR Remote 172.16.100.1/30
BGP Configuration
/routing bgp instance
set default as=100 client-to-client-reflection=no router-id=172.16.100.2
/routing bgp network
add network=192.168.0.0/24 synchronize=no
add network=172.16.15.0/26 synchronize=no
add network=172.16.15.64/26 synchronize=no
/routing bgp peer
add name=peer-chr remote-address=172.16.100.1 remote-as=500

Site 2 - No VLANs
192.168.178.0/24
SSTP to chr IP 172.16.100.10/30 ==> CHR Remote 172.16.100.9/30
BGP Configuration
/routing bgp instance
set default as=111 router-id=172.16.100.10
/routing bgp network
add network=192.168.178.0/24 synchronize=no
/routing bgp peer
add name=bgp-chr remote-address=172.16.100.9 remote-as=500

Site 3 - No VLANs (unrechable at the momento for other issue)
192.168.11.0/24
SSTP to chr IP 172.16.100.6/30 ==> CHR Remote 172.16.100.5/30


CHR BGP Configuration
/routing bgp instance
set default disabled=yes
add as=500 client-to-client-reflection=no name=bgp-chr out-filter=dynamic-in router-id=172.16.100.1
/routing bgp network
add network=192.168.255.0/24 synchronize=no
add network=172.16.100.0/24 synchronize=no
/routing bgp peer
add instance=bgp-chr name=bgp-site1 remote-address=172.16.100.2 remote-as=100
add instance=bgp-chr name=bgp-site3 remote-address=172.16.100.6 remote-as=110
add instance=bgp-chr name=bgp-site2 remote-address=172.16.100.10 remote-as=111
BGP works fine and routes are generated correctly
[marco@chr-MM] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          XX.XX.106.1              1
 1 ADC  XX.XX.106.0/23    XX.XX.106.96   ether1                    0
 2 ADb  172.16.15.0/26                     172.16.100.2             20
 3 ADb  172.16.15.64/26                    172.16.100.2             20
 4 ADC  172.16.100.2/32    172.16.100.1    sstp-site1                0
 5 ADC  172.16.100.10/32   172.16.100.9    sstp-site2                0
 6 ADb  192.168.0.0/24                     172.16.100.2             20
 7 ADb  192.168.178.0/24                   172.16.100.10            20
 8 ADC  192.168.255.0/24   192.168.255.254 bridge                    0
also on site 1 and site2 routes are forwarded correctly.... and from the console of the sire Mikrotiks, I can ping the remote lans
Example:
from site2 mikrotik I can ping the router IP of site1 vlan10 network 192.168.0.254
from site1 mikrotik I can ping the router IP of site2 network 192.168.0.254

BUT.... from any LAN clients I cannot reach remote Lans....
from my pc in site1/VLAN10 (192.168.0.102) I cnanot ping 192.168.178.1, BUT I can reach the SSTP IP address of the remote site 172.16.100.10
Viceversa, la PC in site2 (192.168.178.38) cannot ping 192.168.0.254, 172.16.100.2 works

I cannot figure out what could it be.... :(
Can anyone help me in solve this issue?
thanks
Marco

Who is online

Users browsing this forum: No registered users and 23 guests