MikroTik

Hi. Currently running hub&spoke vpn config with around 900 spokes, two vpns to each + ospf on top of it. Spokes splited around 100 per area so pretty big LSA database.
As ros7 support dynamic bgp neighbors I'm considering switching to iBGP, but never had experience with it.
Any advices? Pros cons? How many routers can speak in singe AS? Do I need to split spokes to different AS as in areas using ospf? Or can I use single AS for all routers?
Thanks,

hello gryyzli,

interesting. listening mode=on

As ros7 support dynamic bgp neighbors

hmm.. never heard of it. could you elaborate?

hello gryyzli,

interesting. listening mode=on

As ros7 support dynamic bgp neighbors

hmm.. never heard of it. could you elaborate?

You can define bgp connection using network as remote address, like below:
/routing bgp connection
add as=123456 disabled=no local.address=10.0.0.1 .role=ibgp name=bgp1 nexthop-choice=force-self output.redistribute=static remote.address=10.0.0.0/24 routing-table=main templates=default
No need to specify exact address of peer.

hello

No need to specify exact address of peer.

hmm... getting more interesting

ok. before getting deeper into this dynamic peer, from your previous diagram - let us say : *ospf vs ibgp* for simplicity - i am just wondering what do you have in mind?

what i mean is:
a. where or which part of your network will you put those ibgp routers? what kind of industry would fit to your proposal? ie : isp? data center? other businesses?

b. in what way those ibgp router you consider could replace ospf, aside from database?

It is a business case, HQ and 900 branches. All working fine on ospf regarding rare situations when there is a problem with Internet links in HQ. It causes multiple reconnections on routers in HQ and sometimes crush ospf process, then restart is needed.

Now there is a need of connecting all branches to AWS so it is good opportunity for me to consider switching to BGP instead of creating new multiple areas, ospf instances etc.
So I'm wondering if I can connect all 900 branches with BGP using one AS? Or better split it to multiple AS. Is there a limit of BGP sessions in Mikrotik. How does it scale. etc.

hello gryyzli,

[*]
Now there is a need of connecting all branches to AWS so it is good opportunity for me to consider switching to BGP instead of creating new multiple areas, ospf instances etc.
[*]

do you mean you were thinking about having *sd-wan like* bgp over the cloud, to overcome hq session and hardware failure?

well, I think the most obvious thing is bandwidth traversing the cloud, and perhaps some security concerns as well. 900 spokes.

but, if you insist that cloud *route reflector* method - i was thinking about dmvpn.

just a thought

Use OSPF for underlay to learn loopbacks of all adjacent neighbours. Use iBGP to full-mesh with all loopbacks.

Use OSPF for underlay to learn loopbacks of all adjacent neighbours. Use iBGP to full-mesh with all loopbacks.

would this not just rank up convergence timers and overhead?

sure sounds like a quite good plan but timing, i guess may be problematic here

OSPF+BFD. BGP+BFD. This is a MikroTik problem that's likely resolved in 7.10 stable upcoming.

The OSPF+BGP design is used by Facebook as well in their large-scale deployments. It's not a new design approach.

OSPF+BFD. BGP+BFD. This is a MikroTik problem that's likely resolved in 7.10 stable upcoming.

The OSPF+BGP design is used by Facebook as well in their large-scale deployments. It's not a new design approach.

hopefully yes. then this design surely should work fine.

oh do they, didn't know about that. thx

You can read here for more details, but I'm sure you can find more design info in the public web, Facebook isn't the only one doing this design, ISP/Telcos who are up-to speed do as well:
https://www.rfc-editor.org/rfc/rfc7938.html

Preferably OSPF should be replaced with ISIS, but that's not supported on MikroTik.

You can read here for more details, but I'm sure you can find more design info in the public web, Facebook isn't the only one doing this design, ISP/Telcos who are up-to speed do as well:
https://www.rfc-editor.org/rfc/rfc7938.html

Preferably OSPF should be replaced with ISIS, but that's not supported on MikroTik.

thanks a lot
will have a look into this.