Mikrotik BGP + calico peer. whats wrong ?
Posted: Sun Jul 14, 2024 8:58 pm
I'm getting this error again and I don't understand why.
I'm not much of an expert on microtics.
I'm trying to configure connectivity between microtik and calico BGP
ping redirect
PING 10.233.103.141 (10.233.103.141): 56 data bytes
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3e 01 0429 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3d 01 0529 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3c 01 0629 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3b 01 0729 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3a 01 0829 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 39 01 0929 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 38 01 0a29 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 37 01 0b29 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 0
92 bytes from router.lan (192.168.88.1): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 bdcf 0 0000 01 01 6fbd 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 1
92 bytes from router.lan (192.168.88.1): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 9dcb 0 0000 01 01 8fc1 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
route on calico host:
ip route
default via 192.168.88.1 dev eth0 proto bird
default via 192.168.88.1 dev eth0 proto static metric 100
10.233.0.3 via 169.254.1.1 dev bpfin.cali
10.233.77.128/26 via 192.168.88.12 dev eth0 proto bird
10.233.87.0/26 via 192.168.88.10 dev eth0 proto bird
blackhole 10.233.103.128/26 proto bird
10.233.103.141 dev calie6451f39401 scope link
10.233.103.142 dev calie5e6e56b098 scope link
169.254.1.1 dev bpfin.cali scope link
192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.11 metric 100
microtik routes
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, b - BGP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 192.168.55.33 1
DAb 10.233.77.128/26 192.168.88.10 20
D b 10.233.77.128/26 192.168.88.11 20
DAb 10.233.87.0/26 192.168.88.10 20
D b 10.233.87.0/26 192.168.88.11 20
DAb 10.233.103.128/26 192.168.88.10 20
D b 10.233.103.128/26 192.168.88.11 20
DAc 192.168.55.32/27 ether1 0
DAc 192.168.88.0/24 bridge 0
bgp session
Flags: E - established
0 name="bgp1_to_calico-1"
remote.address=192.168.88.12 .as=64512 .id=192.168.88.12 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .gr-time=120 .gr-afi=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip
output.default-originate=always ebgp stopped
keepalive-time=1m last-started=2024-07-14 18:46:58 last-stopped=2024-07-14 18:47:04 prefix-count=0
1 E name="bgp_calico_global-2"
remote.address=192.168.88.11 .as=64512 .id=192.168.88.11 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .messages=10 .bytes=233 .gr-time=120 .gr-afi=ip .eor=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip .messages=10 .bytes=260 .eor=""
output.procid=20 .default-originate=always
input.procid=20 ebgp
hold-time=3m keepalive-time=1m uptime=7m58s880ms last-started=2024-07-14 21:43:19 prefix-count=3
2 E name="bgp_calico_global-1"
remote.address=192.168.88.10 .as=64512 .id=192.168.88.10 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .messages=11 .bytes=252 .gr-time=120 .gr-afi=ip .eor=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip .messages=11 .bytes=298 .eor=""
output.procid=21 .default-originate=always
input.procid=21 ebgp
hold-time=3m keepalive-time=1m uptime=7m58s560ms last-started=2024-07-14 21:43:19 prefix-count=3
calico config:
apiVersion: crd.projectcalico.org/v1
kind: BGPConfiguration
metadata:
name: default
spec:
listenPort: 179
asNumber: 64512
nodeToNodeMeshEnabled: yes
apiVersion: crd.projectcalico.org/v1
kind: BGPPeer
metadata:
name: bgppeer-external-microtik
spec:
peerIP: 192.168.88.1
asNumber: 64555
apiVersion: crd.projectcalico.org/v1
kind: IPPool
metadata:
generation: 1
name: default-pool
spec:
allowedUses:
- Workload
- Tunnel
blockSize: 26
cidr: 10.233.64.0/18
ipipMode: Never
natOutgoing: false
nodeSelector: all()
vxlanMode: Never
Can you please tell me what I'm doing wrong?
I'm not much of an expert on microtics.
I'm trying to configure connectivity between microtik and calico BGP
ping redirect
PING 10.233.103.141 (10.233.103.141): 56 data bytes
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3e 01 0429 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3d 01 0529 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3c 01 0629 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3b 01 0729 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 3a 01 0829 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 39 01 0929 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 38 01 0a29 192.168.88.254 10.233.103.141
92 bytes from router.lan (192.168.88.1): Redirect Host(New addr: 192.168.88.10)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ec63 0 0000 37 01 0b29 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 0
92 bytes from router.lan (192.168.88.1): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 bdcf 0 0000 01 01 6fbd 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 1
92 bytes from router.lan (192.168.88.1): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 9dcb 0 0000 01 01 8fc1 192.168.88.254 10.233.103.141
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
route on calico host:
ip route
default via 192.168.88.1 dev eth0 proto bird
default via 192.168.88.1 dev eth0 proto static metric 100
10.233.0.3 via 169.254.1.1 dev bpfin.cali
10.233.77.128/26 via 192.168.88.12 dev eth0 proto bird
10.233.87.0/26 via 192.168.88.10 dev eth0 proto bird
blackhole 10.233.103.128/26 proto bird
10.233.103.141 dev calie6451f39401 scope link
10.233.103.142 dev calie5e6e56b098 scope link
169.254.1.1 dev bpfin.cali scope link
192.168.88.0/24 dev eth0 proto kernel scope link src 192.168.88.11 metric 100
microtik routes
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, b - BGP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 192.168.55.33 1
DAb 10.233.77.128/26 192.168.88.10 20
D b 10.233.77.128/26 192.168.88.11 20
DAb 10.233.87.0/26 192.168.88.10 20
D b 10.233.87.0/26 192.168.88.11 20
DAb 10.233.103.128/26 192.168.88.10 20
D b 10.233.103.128/26 192.168.88.11 20
DAc 192.168.55.32/27 ether1 0
DAc 192.168.88.0/24 bridge 0
bgp session
Flags: E - established
0 name="bgp1_to_calico-1"
remote.address=192.168.88.12 .as=64512 .id=192.168.88.12 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .gr-time=120 .gr-afi=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip
output.default-originate=always ebgp stopped
keepalive-time=1m last-started=2024-07-14 18:46:58 last-stopped=2024-07-14 18:47:04 prefix-count=0
1 E name="bgp_calico_global-2"
remote.address=192.168.88.11 .as=64512 .id=192.168.88.11 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .messages=10 .bytes=233 .gr-time=120 .gr-afi=ip .eor=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip .messages=10 .bytes=260 .eor=""
output.procid=20 .default-originate=always
input.procid=20 ebgp
hold-time=3m keepalive-time=1m uptime=7m58s880ms last-started=2024-07-14 21:43:19 prefix-count=3
2 E name="bgp_calico_global-1"
remote.address=192.168.88.10 .as=64512 .id=192.168.88.10 .capabilities=mp,rr,gr,as4,ap,err,llgr .afi=ip .hold-time=4m .messages=11 .bytes=252 .gr-time=120 .gr-afi=ip .eor=ip
local.address=192.168.88.1 .as=64555 .id=192.168.88.1 .capabilities=mp,rr,gr,as4 .afi=ip .messages=11 .bytes=298 .eor=""
output.procid=21 .default-originate=always
input.procid=21 ebgp
hold-time=3m keepalive-time=1m uptime=7m58s560ms last-started=2024-07-14 21:43:19 prefix-count=3
calico config:
apiVersion: crd.projectcalico.org/v1
kind: BGPConfiguration
metadata:
name: default
spec:
listenPort: 179
asNumber: 64512
nodeToNodeMeshEnabled: yes
apiVersion: crd.projectcalico.org/v1
kind: BGPPeer
metadata:
name: bgppeer-external-microtik
spec:
peerIP: 192.168.88.1
asNumber: 64555
apiVersion: crd.projectcalico.org/v1
kind: IPPool
metadata:
generation: 1
name: default-pool
spec:
allowedUses:
- Workload
- Tunnel
blockSize: 26
cidr: 10.233.64.0/18
ipipMode: Never
natOutgoing: false
nodeSelector: all()
vxlanMode: Never
Can you please tell me what I'm doing wrong?