I've started my first CHR over the internet and I'm willing to make some routing betweend 3 sites....
Site 1:
VLAN 10 - 192.168.0.0/24
VLAN 15 - 172.16.15.0/26
VLAN 20 - 172.16.15.64/26
SSTP to chr IP 172.16.100.2/30 ==> CHR Remote 172.16.100.1/30
BGP Configuration
Code: Select all
/routing bgp instance
set default as=100 client-to-client-reflection=no router-id=172.16.100.2
/routing bgp network
add network=192.168.0.0/24 synchronize=no
add network=172.16.15.0/26 synchronize=no
add network=172.16.15.64/26 synchronize=no
/routing bgp peer
add name=peer-chr remote-address=172.16.100.1 remote-as=500
Site 2 - No VLANs
192.168.178.0/24
SSTP to chr IP 172.16.100.10/30 ==> CHR Remote 172.16.100.9/30
BGP Configuration
Code: Select all
/routing bgp instance
set default as=111 router-id=172.16.100.10
/routing bgp network
add network=192.168.178.0/24 synchronize=no
/routing bgp peer
add name=bgp-chr remote-address=172.16.100.9 remote-as=500
Site 3 - No VLANs (unrechable at the momento for other issue)
192.168.11.0/24
SSTP to chr IP 172.16.100.6/30 ==> CHR Remote 172.16.100.5/30
CHR BGP Configuration
Code: Select all
/routing bgp instance
set default disabled=yes
add as=500 client-to-client-reflection=no name=bgp-chr out-filter=dynamic-in router-id=172.16.100.1
/routing bgp network
add network=192.168.255.0/24 synchronize=no
add network=172.16.100.0/24 synchronize=no
/routing bgp peer
add instance=bgp-chr name=bgp-site1 remote-address=172.16.100.2 remote-as=100
add instance=bgp-chr name=bgp-site3 remote-address=172.16.100.6 remote-as=110
add instance=bgp-chr name=bgp-site2 remote-address=172.16.100.10 remote-as=111
Code: Select all
[marco@chr-MM] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 XX.XX.106.1 1
1 ADC XX.XX.106.0/23 XX.XX.106.96 ether1 0
2 ADb 172.16.15.0/26 172.16.100.2 20
3 ADb 172.16.15.64/26 172.16.100.2 20
4 ADC 172.16.100.2/32 172.16.100.1 sstp-site1 0
5 ADC 172.16.100.10/32 172.16.100.9 sstp-site2 0
6 ADb 192.168.0.0/24 172.16.100.2 20
7 ADb 192.168.178.0/24 172.16.100.10 20
8 ADC 192.168.255.0/24 192.168.255.254 bridge 0
Example:
from site2 mikrotik I can ping the router IP of site1 vlan10 network 192.168.0.254
from site1 mikrotik I can ping the router IP of site2 network 192.168.0.254
BUT.... from any LAN clients I cannot reach remote Lans....
from my pc in site1/VLAN10 (192.168.0.102) I cnanot ping 192.168.178.1, BUT I can reach the SSTP IP address of the remote site 172.16.100.10
Viceversa, la PC in site2 (192.168.178.38) cannot ping 192.168.0.254, 172.16.100.2 works
I cannot figure out what could it be....
Can anyone help me in solve this issue?
thanks
Marco