Manual:BGP HowTo & FAQ
Problem: BGP is not connecting
- BGP uses TCP, you can start with testing TCP connectivity. One way to do that is as simple as /system telnet <remote-ip> 179.
- The result you see should be something like this: "Connection closed by foreign host". This means BGP port (179) is open and reachable.
- If this is eBGP, make sure you have configured multihop=yes and TTL as needed. Use /routing bgp peer print status to see current state of BGP connection.
- Also note that if the remote peer is not supporting BGP Capabilities Advertisement (RFC 2842), some extra time is needed for session establishment.
Problem: BGP connection is established, but routing updates are ignored
- NLRI (Network Layer Reachability Information) is ignored if path attributes are invalid. Turn on BGP debug logs to see the exact cause of the problem. (/system logging add topics=bgp,!raw).
- One frequent case is unacceptable BGP nexthop. (Read here more about RouterOS and BGP nexthops.) In this case you must fix the nexthop on the sending side. Use nexthop-choice peer setting to modify default nexthop selection preferences. If that fails, specify nexthop manually using set-out-nexthop routing filter.
Problem: Routes are exchanged and installed in IP route table, but they stay inactive
- Routes must be resolved to become active; it's possible that you need to change scope or target-scope attributes for some routes.
Question: How to advertise default route?
- To send default route to a particular peer, set originate-default=yes for that peer.
Question: How to announce just a single large IP prefix instead of many smaller (i.e. more specific) prefixes?
- Use BGP aggregates if you need to aggregate multiple BGP routes in a single one. An aggregate will be announced one if there are some active BGP routes falling under it. When an aggregate becomes active, a corresponding blackhole route is a automatically created.
- If the smaller prefixes belong to IGP or static routes instead, simply configure a BGP network and filter out all unneeded smaller prefixes. Specify synchronize=yes in BGP network parameters if you want to announce the network only when there are some active underlying IGP routes.
Question: How to filter out something?
- Use routing filters. For example, to filter out routes with a specific BGP community, add this rule:
/routing filter add bgp-communities=111:222 chain=bgp-in action=discard
- Then tell BGP peer to use that filter chain:
/routing bgp peer set peer in-filter=bgp-in
- There is also an out-filter BGP peer parameter for filtering outgoing BGP updates.
Problem: Looks like my routing filter isn't working
- Most likely prefix matcher is configured incorrectly. For example, say that you want to configure filter that will discard all routes falling under prefix 188.8.131.52/24.
- This rule is incorrect:
add prefix=184.108.40.206 action=discard chain=bgp-in
- Default netmask is /32, so it will match only prefix 220.127.116.11/32
- This is incorrect too:
add prefix=18.104.22.168/24 action=discard chain=bgp-in
- This will match only route with netmask 255.255.255.0.
- The correct way to do this is to also specify prefix-length matcher:
add prefix=22.214.171.124/24 prefix-length=24-32 action=discard chain=bgp-in
- Or (the same effect):
add prefix=126.96.36.199 prefix-length=24-32 action=discard chain=bgp-in
- Use filter action log to see which routes are matched by it.
Question: Can a MT propagate BGP route updates without installing them in IP route table (i.e. serve as a pure route reflector)?