Community discussions

MikroTik App
 
stefanelul2000
just joined
Topic Author
Posts: 23
Joined: Fri Feb 23, 2018 6:08 pm

BGP Speed Issues

Wed Aug 03, 2022 4:50 pm

I have a /24 IPv4 which I announce via BGP via 2 ISPs. Primary ISP is 1gbps, backup ISP is 200mbps.
With both peers enabled I am only getting ~200mbps download and 6-800 upload. This would somehow indicate that it's using the backup line but I don't think so.
As soon as I disable the backup peer and I am running only the primary one everything is "fine" 6-800 upload and download.
I am doing the BGP on a Mikrotik RB3011. Other than routing it doesn't do anything.
What could I be doing wrong or what could I miss?

Please see the configuration:
# aug/03/2022 15:37:19 by RouterOS 6.48.6
# software id = 
#
# model = RB3011UiAS
# serial number = 
/interface bridge
add admin-mac=DC:2C:6E:ED:A9:D7 auto-mac=no comment=defconf name=bridge
/interface bonding
add mode=802.3ad name=insideRSL slaves=ether3,ether5
add mode=802.3ad name=outsideRSL slaves=ether2,ether4
/interface vrrp
add interface=outsideRSL name=vrrpWan on-backup="/system script run failoverLogic" on-master="/system script run failoverLogic" vrid=124
/interface vlan
add interface=insideRSL name=public vlan-id=2999
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/routing bgp instance
set default as=199225 redistribute-connected=yes
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether6 list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether6 network=192.168.88.0
add address=10.255.255.254/30 comment="dummy address; needed to enable vrrp" interface=outsideRSL network=10.255.255.252
add address=212.xxx.xxx.2/24 interface=public network=212.xxx.xxx.0
add address=212.xxx.xxx.1/24 comment="enabled by script/failoverLogic" interface=public network=212.xxx.xxx.0
add address=193.247.168.22/30 interface=vrrpWan network=193.247.168.20
add address=62.179.116.98/30 interface=vrrpWan network=62.179.116.96
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=10.0.1.0/24 list=hostsRouterAccess
add address=10.0.2.0/24 list=hostsRouterAccess
add address=192.168.88.0/24 list=hostsRouterAccess
add address=212.xxx.XXX.X/24 comment="vitznau public" list=hostsRouterAccess
add address=93.83.154.16/28 list=hostsRouterAccess
add address=62.179.116.97 list=hostsBgpPartners
add address=193.247.168.141 list=hostsBgpPartners
add address=212.152.204.2 comment=cwilly list=hostsRouterAccess
add address=195.70.232.163 comment=cwilly list=hostsRouterAccess
add address=10.0.0.0/8 list=rfcPrivateIps
add address=172.16.0.0/12 list=rfcPrivateIps
add address=192.168.0.0/16 list=rfcPrivateIps
add address=217.116.187.144/28 comment=mhof list=hostsRouterAccess
add address=217.116.188.32/28 comment=mhof list=hostsRouterAccess
/ip firewall filter
add action=accept chain=svcEstablishedAndRelated connection-state=established
add action=accept chain=svcEstablishedAndRelated connection-state=related
add action=return chain=svcEstablishedAndRelated
add action=accept chain=svcRouterAccess dst-port=22 protocol=tcp
add action=accept chain=svcRouterAccess dst-port=80 protocol=tcp
add action=accept chain=svcRouterAccess dst-port=8291 protocol=tcp
add action=return chain=svcRouterAccess
add action=accept chain=input protocol=icmp
add action=jump chain=input jump-target=svcEstablishedAndRelated
add action=jump chain=input jump-target=svcRouterAccess src-address-list=hostsRouterAccess
add action=jump chain=input jump-target=svcRouterAccess src-address-list=rfcPrivateIps
add action=accept chain=input src-address-list=hostsBgpPartners
add action=accept chain=input protocol=vrrp
add action=drop chain=svcTMP-BlockLocalServices dst-port=22 protocol=tcp
add action=drop chain=svcTMP-BlockLocalServices dst-port=21 protocol=tcp
add action=drop chain=svcTMP-BlockLocalServices dst-port=23 protocol=tcp
add action=drop chain=svcTMP-BlockLocalServices dst-port=80 protocol=tcp
add action=drop chain=svcTMP-BlockLocalServices dst-port=53 protocol=tcp
add action=drop chain=svcTMP-BlockLocalServices dst-port=53 protocol=udp
add action=drop chain=svcTMP-BlockLocalServices dst-port=123 protocol=udp
add action=jump chain=input jump-target=svcTMP-BlockLocalServices
add action=return chain=svcTMP-BlockLocalServices
add action=accept chain=input comment="sstp tunnel" dst-port=443 protocol=tcp
add action=log chain=input
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=212.xxx.xxx.2 dst-port=444 protocol=tcp to-addresses=212.xxx.xxx.7
/ip proxy
set parent-proxy=0.0.0.0 src-address=0.0.0.0
/ip service
set www-ssl certificate=bgp1.crt_0 disabled=no
set api disabled=yes
/ip ssh
set allow-none-crypto=yes always-allow-password-login=yes forwarding-enabled=local
/ip traffic-flow
set cache-entries=4k
/ip upnp
set allow-disable-external-interface=yes
/lcd
set default-screen=informative-slideshow read-only-mode=yes
/lcd pin
set pin-number=6354
/lcd interface
set sfp1 disabled=yes
set ether7 disabled=yes
set ether8 disabled=yes
set ether9 disabled=yes
set ether10 disabled=yes
/routing bgp network
add network=212.xxx.XXX.X/24 synchronize=no
/routing bgp peer
add in-filter=bgp-in-swisscom name=swisscom out-filter=bgp-out-secondary remote-address=193.247.168.21 remote-as=3303 ttl=default
add in-filter=bgp-in name=cablecom out-filter=bgp-out-primary remote-address=62.179.116.97 remote-as=6830 ttl=default
/routing filter
add action=accept chain=bgp-out-primary prefix=212.xxx.XXX.X/24
add action=discard chain=bgp-out-primary
add action=accept chain=bgp-out-secondary prefix=212.xxx.XXX.X/24 set-bgp-prepend=5
add action=discard chain=bgp-out-secondary
add action=accept chain=bgp-in prefix=0.0.0.0 prefix-length=0
add action=discard chain=bgp-in
add action=accept chain=bgp-in-swisscom prefix=0.0.0.0 prefix-length=0
add action=discard chain=bgp-in-swisscom
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Zurich
/system identity
set name=BGP100
/system package update
set channel=upgrade
/system script
add dont-require-permissions=no name=failoverLogic owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local ifname \"vrrpWan\"\r\
    \n\r\
    \n:if ([/interface vrrp get [find name=\$ifname] master]) do={\r\
    \n#:put \"isMaster\"\r\
    \n/ip address set [find address=\"212.243.123.1/24\"] disabled=no comment=\"enabled by script/failoverLogic\"\r\
    \n} else={\r\
    \n#:put \"isNotMaster\"\r\
    \n/ip address set [find address=\"212.243.123.1/24\"] disabled=yes comment=\"disabled by script/failoverLogic\"\r\
    \n}"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
sander123
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Oct 28, 2020 11:58 pm

Re: BGP Speed Issues

Wed Aug 03, 2022 6:15 pm

If i read you config correctly you need to set bgp-local-pref on the in filter.

For example 120 for primary ISP
and 100 for back-up ISP.
 
stefanelul2000
just joined
Topic Author
Posts: 23
Joined: Fri Feb 23, 2018 6:08 pm

Re: BGP Speed Issues

Thu Aug 04, 2022 9:26 am

As soon as I set the bgp-local-pref, I am no longer getting any route form that ISP connection.
 
sander123
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Oct 28, 2020 11:58 pm

Re: BGP Speed Issues

Thu Aug 04, 2022 9:57 am

As soon as I set the bgp-local-pref, I am no longer getting any route form that ISP connection.
If i see your filters correctly it looks like you only accept default route at the moment 0.0.0.0/0, load balancing is only possible with partial or full routes.
Than you kan also do a peer-prepend on inbound.
 
stefanelul2000
just joined
Topic Author
Posts: 23
Joined: Fri Feb 23, 2018 6:08 pm

Re: BGP Speed Issues

Thu Aug 04, 2022 3:11 pm

If i see your filters correctly it looks like you only accept default route at the moment 0.0.0.0/0, load balancing is only possible with partial or full routes.
Than you kan also do a peer-prepend on inbound.
Even if I accept the whole bgp-in without any discard or deny rul, the only route I am getting is 0.0.0.0/0
 
sander123
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed Oct 28, 2020 11:58 pm

Re: BGP Speed Issues

Thu Aug 04, 2022 3:13 pm

If i see your filters correctly it looks like you only accept default route at the moment 0.0.0.0/0, load balancing is only possible with partial or full routes.
Than you kan also do a peer-prepend on inbound.
Even if I accept the whole bgp-in without any discard or deny rul, the only route I am getting is 0.0.0.0/0
Does your Transit ISP send you full route?
 
stefanelul2000
just joined
Topic Author
Posts: 23
Joined: Fri Feb 23, 2018 6:08 pm

Re: BGP Speed Issues

Thu Aug 04, 2022 3:20 pm



Even if I accept the whole bgp-in without any discard or deny rul, the only route I am getting is 0.0.0.0/0
Does your Transit ISP send you full route?
Not sure, but based on what I'm getting / seeing, I'm not receiving a full routing table.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: BGP Speed Issues

Thu Aug 04, 2022 5:04 pm

in routing filters, in in filter, set prepend on backup link, although this does not always work so well anymore, then "set bgp weight" for the primary / backup links, i.e. set it to 10 for backup and 15 for primary

You could also just set bgp weight for primary to 10 as example, default is 0 and highest will take preference

EDIT: Apologies, prepend should be set in out filter, set bgp weight in in filter

Who is online

Users browsing this forum: Google [Bot] and 2 guests