Manual:BGP HowTo & FAQ: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
'''''Problem:''' BGP is not connecting'' | '''''Problem:''' BGP is not connecting'' | ||
:BGP uses TCP, you can start with testing TCP connectivity. One way to do that is as simple as '''/system telnet <remote-ip> 179'''. | :BGP uses TCP, you can start with testing TCP connectivity. One way to do that is as simple as '''/system telnet <remote-ip> 179'''. The result you see should be something like this: ''"Connection closed by foreign host"''. This means BGP port (179) is open and reachable. | ||
: | :If this is eBGP, make sure you have configured '''multihop=yes''' and TTL as needed. Use '''/routing bgp peer print status''' to see the current state of BGP connection. | ||
:Also note that if the remote peer is not supporting BGP Capabilities Advertisement (RFC 2842), some extra time will be needed for session establishment. | |||
:Also note that if the remote peer is not supporting BGP Capabilities Advertisement (RFC 2842), some extra time | |||
| Line 43: | Line 41: | ||
:There is also an '''out-filter''' BGP peer parameter for filtering outgoing BGP updates. | :There is also an '''out-filter''' BGP peer parameter for filtering outgoing BGP updates. | ||
'''''Question:''' How to control advertised routing information?'' | |||
:Use routing filters. | |||
:To advertise the same information (e.g. some BGP attribute value) to all peers, use BGP instance out-filter: | |||
/routing filter add set-bgp-communities=111:222 chain=bgp-out | |||
/routing bgp instance set default out-filter=bgp-out | |||
:To send routing information to different peers, use peer specific filters. For example, if you want to advertise a lower preference value (higher path cost) to one of the peers, you can prepend your AS number multiple times to the BGP AS_PATH attribute: | |||
/routing filter add set-bgp-prepend=4 chain=bgp-out-peer1 | |||
/routing bgp peer set peer1 out-filter=bgp-out-peer1 | |||
| Line 65: | Line 76: | ||
'''''Question:''' Can | '''''Question:''' Can MT propagate BGP route updates without installing them in IP route table (i.e. serve as a pure route reflector)?'' | ||
:No. | :No. | ||
Revision as of 15:38, 14 August 2008
Problem: BGP is not connecting
- BGP uses TCP, you can start with testing TCP connectivity. One way to do that is as simple as /system telnet <remote-ip> 179. The result you see should be something like this: "Connection closed by foreign host". This means BGP port (179) is open and reachable.
- If this is eBGP, make sure you have configured multihop=yes and TTL as needed. Use /routing bgp peer print status to see the current state of BGP connection.
- Also note that if the remote peer is not supporting BGP Capabilities Advertisement (RFC 2842), some extra time will be needed for session establishment.
Problem: BGP connection is established, but routing updates are ignored
- NLRI (Network Layer Reachability Information) is ignored if path attributes are invalid. Turn on BGP debug logs to see the exact cause of the problem. (/system logging add topics=bgp,!raw).
- One frequent case is unacceptable BGP nexthop. (Read here more about RouterOS and BGP nexthops.) In this case you must fix the nexthop on the sending side. Use nexthop-choice peer setting to modify default nexthop selection preferences. If that fails, specify nexthop manually using set-out-nexthop routing filter.
Problem: Routes are exchanged and installed in IP route table, but they stay inactive
- Routes must be resolved to become active; it's possible that you need to change scope or target-scope attributes for some routes.
Question: How to advertise default route?
- To send default route to a particular peer, set originate-default=yes for that peer.
Question: How to announce just a single large IP prefix instead of many smaller (i.e. more specific) prefixes?
- Use BGP aggregates if you need to aggregate multiple BGP routes in a single one. An aggregate will be announced one if there are some active BGP routes falling under it. When an aggregate becomes active, a corresponding blackhole route is a automatically created.
- If the smaller prefixes belong to IGP or static routes instead, simply configure a BGP network and filter out all unneeded smaller prefixes. Specify synchronize=yes in BGP network parameters if you want to announce the network only when there are some active underlying IGP routes.
Question: How to filter out something?
- Use routing filters. For example, to filter out routes with a specific BGP community, add this rule:
/routing filter add bgp-communities=111:222 chain=bgp-in action=discard
- Then tell BGP peer to use that filter chain:
/routing bgp peer set peer in-filter=bgp-in
- There is also an out-filter BGP peer parameter for filtering outgoing BGP updates.
Question: How to control advertised routing information?
- Use routing filters.
- To advertise the same information (e.g. some BGP attribute value) to all peers, use BGP instance out-filter:
/routing filter add set-bgp-communities=111:222 chain=bgp-out /routing bgp instance set default out-filter=bgp-out
- To send routing information to different peers, use peer specific filters. For example, if you want to advertise a lower preference value (higher path cost) to one of the peers, you can prepend your AS number multiple times to the BGP AS_PATH attribute:
/routing filter add set-bgp-prepend=4 chain=bgp-out-peer1 /routing bgp peer set peer1 out-filter=bgp-out-peer1
Problem: Looks like my routing filter isn't working
- Most likely prefix matcher is configured incorrectly. For example, say that you want to configure filter that will discard all routes falling under prefix 1.1.1.0/24.
- This rule is incorrect:
add prefix=1.1.1.0 action=discard chain=bgp-in
- Default netmask is /32, so it will match only prefix 1.1.1.0/32
- This is incorrect too:
add prefix=1.1.1.0/24 action=discard chain=bgp-in
- This will match only route with netmask 255.255.255.0.
- The correct way to do this is to also specify prefix-length matcher:
add prefix=1.1.1.0/24 prefix-length=24-32 action=discard chain=bgp-in
- Or (the same effect):
add prefix=1.1.1.0 prefix-length=24-32 action=discard chain=bgp-in
- Use filter action log to see which routes are matched by it.
Question: Can MT propagate BGP route updates without installing them in IP route table (i.e. serve as a pure route reflector)?
- No.