Community discussions

MikroTik App
 
DaneelOlivaw200
just joined
Topic Author
Posts: 9
Joined: Wed Sep 21, 2022 3:07 am

BGP Aggregate-Address alternative in Mikrotik

Wed Sep 21, 2022 3:14 am

Hi there, new Mikrotik user here. Haven't even made it to production yet, but seems to work well so far!

So, on a Cisco device, I might use something like the following:

router bgp 65001
aggregate-address 1.1.1.0 255.255.255.0
neighbor 192.168.1.1 remote-as 65001
neighbor <isp_address> remote-as 101
redistribute connected

interface GigabitEthernet0/0/1
ip address 1.1.1.1 255.255.255.128

interface GigabitEthernet0/0/2
ip address 1.1.1.128 255.255.255.128

interface GigabitEthernet0/0/3
ip address <isp_customer_address> 255.255.255.252

The 1.1.1.0/24 prefix is advertised to the ISP.

How do I specify the "aggregate-address" command in Mikrotik?

Is this something configured in the filter?

The older versions appear to have an obvious command in the documentation, but 7.x version doesn't seem to show this.

How do I go about applying something like this?
 
jmay
Member
Member
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Mon Sep 26, 2022 6:33 pm

I would also like to know, I just found out the hard way that going from 6 to 7 has changed so I had to downgrade. I wasn't getting any aggregates advertised at all. What are we missing?
 
jmay
Member
Member
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Mon Sep 26, 2022 7:09 pm

I just watched a turorial on youtube and it seems that now we create a firewalll list with the networks we want to advertise, then under our BGP filter we set that address list under Output Network.

Is this correct? Also the video made it sound like this is a temporary work around for v7. Can anyone confirm if this will be the way going forward or will it eventually change again?
 
jmay
Member
Member
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Mon Sep 26, 2022 9:14 pm

Ok, I pieced together enough information to figure out that with v7 you have to create an address list for your bgp routes and create a blackhole route for anything less than a /24 and the advertises get sent out properly. What's the advantage to all this?
 
DaneelOlivaw200
just joined
Topic Author
Posts: 9
Joined: Wed Sep 21, 2022 3:07 am

Re: BGP Aggregate-Address alternative in Mikrotik

Thu Mar 16, 2023 5:39 am

@jmay that's exactly what I did and it worked like a charm!
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 6:17 am

Any chance you could post your config. I’m struggling with this.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 12:06 pm

As there is no more route aggregation in v7, and also no more advertising of routes that you do not really have (bgp networks with synchronize=no), you need to:
- add a "blackhole" route for the network you want to aggregate, e.g. 1.1.1.0/24 in the above (when you don't have a 1.1.1.0/24 route yet)
- add the 1.1.1.0/24 item to the address list you have specified as "output network" (this is named bgp-networks by default when you migrated from v6)
- create an output routing filter that has something like:
add chain=out disabled=no rule="if (dst == 1.1.1.0/24 && dst-len in 25-32) { reject; }"
add chain=out disabled=no rule="accept;"

and configure that for the bgp connection as well.
The filter will make sure that the smaller subnets within the aggregated /24 will not get advertised.
Of course it is still not the same as route aggregation, as the peer will not know about all this (with route aggregation they get a special "aggregator" attribute with the route).
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 12:42 pm

Thanks. My issue is I only want the MikroTik to advisetise the /24 when it receives the /28 from a downstream router…
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 1:45 pm

Yeah, that kind of things cannot be done anymore in v7, unless you want to use some scheduled script.
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 7:40 pm

That’s a pretty key feature of BGP unfortunately. Not quite sure how MT have got to a position of only selling hardware that supports 7, with a feature set that is lacking.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 17, 2023 8:45 pm

I don't like it either. And even less I like the fact that BFD still is not available.
It seems that MikroTik have been pressed into implementing a multi-threaded BGP implementation, especially because they were selling routers with more and more cores (like the CCR1072 with 72 cores) that were very slow in BGP for multiple full internet tables. They split the work in multiple processes, but lost some important functionality because of that.
And worst of all, it took so long that those many-core routers are now mostly EOL and are being replaced by new models with fewer and faster cores. So maybe it was not absolutely necessary to have this, after all.
However, I don't think it is going to change. We have to adjust our expectations and maybe find some workarounds. In my network, I will have to do some reconfiguration and maybe renumbering to cope with it.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Thu Mar 23, 2023 7:52 am

Aggregates on ROSv7 is similar to JunOS.

In JunOS, we create a prefix list containing the aggregates, we then use the route aggregation feature to auto-generate discard routes the moment there's a contributing route for an aggregate.

In ROSv7, we create a prefix list (address list) containing the aggregates, now simply statically route to blackhole for all aggregates on each edge router on the network, that's it. In BGP peer config, set output network to the address list, if required you can fine tune using route filters. Some examples below.

if (dst in bgp-networks && dst-len<24) {accept} else {reject}
if (dst in bgp-networks && dst-len>29 && dst-len<32) {accept} else {reject}
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 24, 2023 9:19 am

Aggregates on ROSv7 is similar to JunOS.

In JunOS, we create a prefix list containing the aggregates, we then use the route aggregation feature to auto-generate discard routes the moment there's a contributing route for an aggregate.

In ROSv7, we create a prefix list (address list) containing the aggregates, now simply statically route to blackhole for all aggregates on each edge router on the network, that's it. In BGP peer config, set output network to the address list, if required you can fine tune using route filters. Some examples below.
Are you saying something like this should work:
/ip firewall address-list add address=1.1.1.0/23 list=[b]bgp_agg_2d[/b]

/ip route add blackhole disabled=no distance=1 dst-address=1.1.1.0/26

/routing bgp connection add as=38900 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no hold-time=45s input.filter=2D-IN .ignore-as-path-len=yes listen=yes local.role=ebgp .ttl=2 name="2D" output.filter-chain=2D-OUT- .k
eep-sent-attributes=yes .network=[b]bgp_agg_2d[/b] .no-client-to-client-reflection=yes .redistribute=static,bgp remote.address=9.9.9.9/32 .as=9790 .port=179 router-id=8.8.8.8 routing-table=main templates=default
Then when another BGP pair advertised 1.1.1.0/26 to the router, it will advertise 1.1.1.0/23?
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Fri Mar 24, 2023 9:55 pm

There are problems with your config overall, you failed to properly add CPU input/output affinity, this will kill your router's CPU when deploying large tables. in/out affinity mode should match CPU model of your router for all BGP peers including iBGP.

Here what I will do, I will share my config from production running on a CCR1072, where CPU has massive CPU cores regarding affinity. MikroTik ROSv7 has templates now to autoconfigure certain values when you create a fresh peer. And also some sample route filters will be shared.

We will assume I want to export only aggregates of /21 and /22 size for this example, because in real life you can have /21 aggregate, /22, /23 etc in a single aggregate list.
#Aggregate route#
/ip/firewall/address-list
add address=100.64.0.0/21 list=bgp-networks
add address=10.0.0.0/22 list=bgp-networks

/ip route
add blackhole comment="Blackhole route (Public Aggregate)" disabled=no dst-address=100.64.0.0/21
add blackhole comment="Blackhole route (Public Aggregate)" disabled=no dst-address=10.0.0.0/22

/routing bgp template
set default as=123 disabled=no hold-time=1m input.affinity=alone keepalive-time=20s output.affinity=alone .network=bgp-networks .redistribute=bgp remove-private-as=yes router-id=100.64.0.0 routing-table=main

/routing bgp connection
add address-families=ip as=123 disabled=no hold-time=1m input.affinity=alone .filter=Transit-IN-IPv4 keepalive-time=20s local.address=192.168.0.0 role=ebgp-customer name=IPv4-Transit output.affinity=alone .filter-chain=Transit-OUT-IPv4 .network=bgp-networks .redistribute=bgp remote.address=192.168.0.1 .as=1234 remove-private-as=yes router-id=100.64.0.0 routing-table=main templates=default

/routing filter rule
add chain=Transit-IN-IPv4 disabled=no rule="if (dst in not_in_internet) {reject} else {set pref-src 100.64.0.0; accept}"
add chain=Transit-OUT-IPv4 disabled=no rule="if (dst in bgp-networks && dst-len==21 || dst-len=22) {accept} else {reject}"
I use the same logic on Juniper, we've not seen any problems. The only difference is syntax/CLI/vendor and lack of auto route aggregation on MikroTik.

Also my RouterID = loopback IP of the device for simplicity.
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Sat Mar 25, 2023 2:39 am

There are problems with your config overall, you failed to properly add CPU input/output affinity, this will kill your router's CPU when deploying large tables. in/out affinity mode should match CPU model of your router for all BGP peers including iBGP.

Here what I will do, I will share my config from production running on a CCR1072, where CPU has massive CPU cores regarding affinity. MikroTik ROSv7 has templates now to autoconfigure certain values when you create a fresh peer. And also some sample route filters will be shared.

We will assume I want to export only aggregates of /21 and /22 size for this example, because in real life you can have /21 aggregate, /22, /23 etc in a single aggregate list.
Thanks - this is currently a POC config - running on a CCR-2116 - Ill take note to review the affinity before deployment.

Thanks for sharing your configuration. The issue I still have is i only want the router to advertise the 100.64.0.0/21 route, when it has a route within that range within its own routing table.

For example, if an upstream router advertises 100.64.0.0/24 to the router, i'd want the router to advertise 10.64.0.0/21 to its peers, and not the /24. Using filters etc its easy enough to remove the /24 - but following the config example (in my case anyway) the aggregate route of 10.64.0.0/21 is always advertised.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: BGP Aggregate-Address alternative in Mikrotik

Sat Mar 25, 2023 7:02 am

Like I said, MikroTik doesn't support auto aggregate, like Juniper.
 
randomnz
just joined
Posts: 10
Joined: Mon Apr 08, 2019 10:51 am

Re: BGP Aggregate-Address alternative in Mikrotik

Sat Mar 25, 2023 11:24 am

Disappointingly, it did in ros6..

Thanks for your help…. Got me much further along

Who is online

Users browsing this forum: No registered users and 22 guests