Community discussions

MikroTik App
 
ghostt
just joined
Topic Author
Posts: 21
Joined: Tue Apr 24, 2018 4:07 pm
Location: Australia

How to disable ECMP on BGP?

Thu Sep 08, 2022 3:10 am

Hi Everyone,

Is it possible to cancel ECMP over BGP? Our clients (Router OS v7.5) establish 2 VPN tunnels to 2 different CCR routers in 2 offices (Router OS v6.49.6 on both). BGP is running over both VPN tunnels. ECMP on v7.5 router creates confusion in terms it becomes impossible to reach any client's equipment from offices networks without disabling one of the VPN tunnels. So, it would be handy to cancel ECMP

Thank you in advance.
Last edited by ghostt on Mon Sep 12, 2022 3:17 am, edited 1 time in total.
 
eduplant
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Dec 19, 2017 9:45 am

Re: ECMP on BGP

Thu Sep 08, 2022 10:27 am

From my understanding, BGP multipathing (multiple BGP next hops, both installed) isn’t implemented in RouterOS, however recursive resolution for BGP routes (one BGP next hop, ECMP next hop to reach it) is implemented. This might be what your client is experiencing with two ECMP routes pointing over the tunnel towards the BGP client. I’m not sure whether in your case those routes are static or coming from a routing protocol. If you make an adjustment to make it pick a single preferred path to the BGP nexthop, the resulting routes should follow.
 
ghostt
just joined
Topic Author
Posts: 21
Joined: Tue Apr 24, 2018 4:07 pm
Location: Australia

Re: ECMP on BGP

Fri Sep 09, 2022 2:19 am

Hi eduplant,

Thank you for your answer. You are right, the client router (v7.5) has 2 routes to the same IP address range over both VPNs. Both routes are coming from BGP:
/ip/route> print
Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, b, d, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#      DST-ADDRESS       GATEWAY          DISTANCE
  DAb+ 172.20.0.0/16     10.20.0.1              20
  DAb+ 172.20.0.0/16     10.40.0.1              20
  
But because VPNs are established to 2 different offices, ECMP becomes a real issue. In earlier versions flag “+”, which is ECMP wasn’t there and everything was working perfectly. Since ECMP for BGP was implemented in (at least) v7.5, I thought there must be a way to stop / disable it per BGP connection.

Or, if I may, it could be a good idea not to start it automatically. If some one needs it, there might be an option to turn it on. For example, a router doesn't automatically create 4095 VLANs just in case if a user needs all of them.

If you make an adjustment to make it pick a single preferred path to the BGP nexthop, the resulting routes should follow.

That's what I'm talking about. :) I don't know how to disable automatic multipath. The only adjustments I could think of is a work around using Mangle rules (and it works by the way), but this is really not a solution, this is just a band aid. :) So, it would be great if someone tells me how to disable ECMP over BGP.

Kind regards

P.S. I know many people asked for ECMP for BGP. I’m not saying it’s a bad idea, I’d just like to know how to turn it off if need be.
 
eduplant
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Dec 19, 2017 9:45 am

Re: ECMP on BGP

Fri Sep 09, 2022 2:43 am

Ah I see, in that case no I wasn't correct. I didn't realize 7.x came with proper BGP multihoming support. Looking at your routing table, they have different next hops and are both installed.

Is it possible for you to write a routing policy to localpref up one of the prefixes? That ought to prevent the routes from being otherwise equal and both being installed.

Most vendors I've worked with only install one BGP next hop unless you configure it to install more. I'm surprised it's the other way around and that there doesn't seem to be a configuration option to turn it off. Maybe Mikrotik will consider adding one.
 
ghostt
just joined
Topic Author
Posts: 21
Joined: Tue Apr 24, 2018 4:07 pm
Location: Australia

Re: ECMP on BGP

Fri Sep 09, 2022 3:58 am

Sorry, did you mean to add a static route? I'm not sure how to set a policy to local pref. But even so, this is a band aid again :) and it doesn't solve the issue. I've just shown one network destination as an example. I have quite a few of them, also variable per customer.
 
eduplant
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Dec 19, 2017 9:45 am

Re: ECMP on BGP

Fri Sep 09, 2022 7:45 am

On Mikrotik, BGP policy is expressed with route filters under /routing/filter/rule [1]. The syntax works sort of like a mix of the firewall rule chains and a pattern matching language. I’m not exactly sure of the context in which you’re running BGP, but it’s usually good practice to have inbound and outbound policies with any BGP neighbors that you don’t control. The idea is to ensure that you’re only announcing and accepting what you intend.

The client side router can implement two filter chains, one for each peering. One chain accepts anything and sets localpref to, say 200 (up from the default of 100). The other accepts the same but sets localpref to, say, 50. You can get much more granular than this, but this should influence the BGP route selection algorithm [2] to ensure that only the routes you want are installed. ECMP is only happening because the two routes have the same weight, localpref, AS path, origin, and MED plus were both learned from eBGP. Adjusting any of those metrics should cause one route to be preferred over the other(s).

It might be tempting to adjust weight but that’s local to the device, whereas localpref can be set once and will be automatically be preserved within your AS.

[1] https://help.mikrotik.com/docs/display/ ... nd+Filters
[2] https://help.mikrotik.com/docs/display/ ... hSelection
 
ghostt
just joined
Topic Author
Posts: 21
Joined: Tue Apr 24, 2018 4:07 pm
Location: Australia

Re: ECMP on BGP

Fri Sep 09, 2022 8:38 am

Thank you! I do use filters, although not to that extend, just didn't click they're called policies. I'll experiment with filters, thank you for your help. But it still would be great to have an option to disable ECMP for BGP, something like you can disable STP at a bridge settings.
 
ericdriver
just joined
Posts: 8
Joined: Thu Aug 20, 2020 8:03 am

Re: ECMP on BGP

Tue Nov 08, 2022 1:40 pm

Hi eduplant,

Thank you for your answer. You are right, the client router (v7.5) has 2 routes to the same IP address range over both VPNs. Both routes are coming from BGP:
/ip/route> print
Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, b, d, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#      DST-ADDRESS       GATEWAY          DISTANCE
  DAb+ 172.20.0.0/16     10.20.0.1              20
  DAb+ 172.20.0.0/16     10.40.0.1              20
  
But because VPNs are established to 2 different offices, ECMP becomes a real issue. In earlier versions flag “+”, which is ECMP wasn’t there and everything was working perfectly. Since ECMP for BGP was implemented in (at least) v7.5, I thought there must be a way to stop / disable it per BGP connection.

Or, if I may, it could be a good idea not to start it automatically. If some one needs it, there might be an option to turn it on. For example, a router doesn't automatically create 4095 VLANs just in case if a user needs all of them.

If you make an adjustment to make it pick a single preferred path to the BGP nexthop, the resulting routes should follow.

That's what I'm talking about. :) I don't know how to disable automatic multipath. The only adjustments I could think of is a work around using Mangle rules (and it works by the way), but this is really not a solution, this is just a band aid. :) So, it would be great if someone tells me how to disable ECMP over BGP.

Kind regards

P.S. I know many people asked for ECMP for BGP. I’m not saying it’s a bad idea, I’d just like to know how to turn it off if need be.
Hi ghostt, could you share your BGP configuration? Here it said that BGP mulipath has not ready yet viewtopic.php?t=190724 , but on your screen I see clear BGP multipath.

Who is online

Users browsing this forum: jprietove and 9 guests