MikroTik RouterOS — BGP

4 05 2007

I have always wanted to learn about BGP. This time I got the honor chance to implement BGP for an ISP. This ISP has its own AS number and a /21 IP address block. This BGP setup is pretty simple because I’m only using 1 PC (with 3 ethernet cards and a MikroTik’s level 4 DOM) to interconnect with an Internet Exchange (IX) — NiCE — and a transit ISP (another transit will be added soon).

In MikroTik RouterOS version 2.9.42, BGP features are available for level 3 and above. You also need to enable routing-test package if you want more flexibility (BGP filtering features). The routing package, as of this version, only allows basic BGP features. I’m sure this will change later when they release RouterOS v3. Once you have enabled routing-test package, you will see new options (Routing – Filters in winbox, or /routing filters on CLI). This is very important when you have to peer with 2 or more ASes (specifically an IX and a transit which is not interested in getting IX’s routes for obvious reasons).

Since I have never configured BGP before, I caused a major problem when routes from each peer goes to another peer when they shouldn’t! I didn’t place any filter for BGP advertisements my BGP router sends to its peers. My transit ISP received the IX’s routes and the IX received full Internet routes feed my BGP router gets from the transit ISP. BGP is an exterior distance-vector routing protocol, it picks its best path by comparing the AS path lengths of every route it has. Advertising the whole Internet BGP feed to the local IX caused other ISPs’ routers participating in the IX to discover a shorter path of international routes going via my BGP router so the routers chose this new shorter path instead and outgoing traffic of these ISPs started to flow via my transit ISP! On the other hand, advertising IX routes to my transit was not a big problem since the path will be farther for their customers anyway, having to go via my BGP router first (that’s one AS further for the transit ISP’s customers to reach the IX routes, so BGP will not select it).

Fortunately I was able to spot the error immediately and placed BGP routing filters to include only my /21 IP block in the advertisements my BGP router sends to both the IX and transit. I also added an incoming BGP filter to discard a default route my transit IP includes in its BGP feed. This default route is not required since I get full BGP feed that is unfiltered.

Useful links:
http://www.mikrotik.com/testdocs/ros/2.9/routing/bgp.php
http://www.mikrotik.com/testdocs/ros/2.9/routing/filter.php
http://wiki.mikrotik.com/wiki/BGP_Case_Studies_1 — Route filters examples
http://wiki.mikrotik.com/wiki/Using_scope_and_target-scope_attributes — Important! Make sure that BGP neighbors are reachable via static routes for dynamic routes to be active (in the case of multihop BGP neighbors)
http://wiki.mikrotik.com/wiki/BGP_soft_reconfiguration_alternatives_in_RouterOS
Cisco’s BGP Reference


Actions

Informations

3 responses to “MikroTik RouterOS — BGP”

24 06 2007
Learning On Demand | Resources for Mikrotik Self Learning (00:34:58) :

[...] 3. MikroTik RouterOS — BGP [...]

2 12 2008
arif (13:06:33) :

whereis the example configuration, could you share? may be with fake ip address,
thanks 4 advance

7 12 2008
Andryan (22:17:18) :

Hi Arif,

This is the example:
from /routing filter
0 ;;; Advertise 116.0.0.0/21 to OpenIXP in /24s
chain=to_OpenIXP prefix=116.0.0.0/21 prefix-length=24 invert-match=no action=accept

1 ;;; Advertise 61.45.224.0/20 to OpenIXP in /24s
chain=to_OpenIXP prefix=61.45.224.0/20 prefix-length=24 invert-match=no action=accept

2 ;;; Advertise only our prefixes to OpenIXP, do not redistribute transit routes to IX
chain=to_OpenIXP invert-match=no action=discard

3 ;;; Discard default route from OpenIXP
chain=from_OpenIXP prefix=0.0.0.0/0 invert-match=no action=discard

4 ;;; IX routes should get higher priority
chain=from_OpenIXP invert-match=no action=accept set-bgp-local-pref=200

5 ;;; Advertise 61.45.224.0/20 to NAP
chain=to_NAP prefix=61.45.224.0/20 prefix-length=20 invert-match=no action=accept

6 ;;; Advertise 116.0.0.0/21 to NAP
chain=to_NAP prefix=116.0.0.0/21 prefix-length=21 invert-match=no action=accept

7 ;;; Advertise only our prefixes to NAP, do not redistribute IX routes/other transit routes to this transit
chain=to_NAP invert-match=no action=discard

8 X ;;; Only use default route from NAP’s BGP feed, opposite the following rule
chain=from_NAP prefix=0.0.0.0/0 invert-match=yes action=discard

9 ;;; Discard default route from NAP
chain=from_NAP prefix=0.0.0.0/0 invert-match=no action=discard

from /routing bgp network
0 A 116.0.0.0/21 no
1 A 116.0.0.0/24 no
2 A 116.0.1.0/24 no
3 A 116.0.2.0/24 no
4 A 116.0.3.0/24 no
5 A 116.0.4.0/24 no
6 A 116.0.5.0/24 no
7 A 116.0.6.0/24 no
8 A 116.0.7.0/24 no
9 A 61.45.224.0/20 no
10 A 61.45.224.0/24 no
11 A 61.45.225.0/24 no
12 A 61.45.226.0/24 no
13 A 61.45.227.0/24 no
14 A 61.45.228.0/24 no
15 A 61.45.229.0/24 no
16 A 61.45.230.0/24 no
17 A 61.45.231.0/24 no
18 A 61.45.232.0/24 no
19 A 61.45.233.0/24 no
20 A 61.45.234.0/24 no
21 A 61.45.235.0/24 no
22 A 61.45.236.0/24 no
23 A 61.45.237.0/24 no
24 A 61.45.238.0/24 no
25 A 61.45.239.0/24 no

Please note that OpenIXP advertises the smaller prefixes (/24) to make sure that local IX traffic takes the OpenIXP path rather than the NAP path. I also choose to drop default route from NAP to receive full BGP feed from my NAP. If you wish to receive only the default route (make sure your NAP does provide a default route otherwise your packets will go nowhere), enable filter #8 and disable #9.

Good luck!

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WordPress Anti-Spam by WP-SpamShield

veranda-lozenge