Community discussions

MikroTik App
 
User avatar
UplinkLLC
just joined
Topic Author
Posts: 12
Joined: Sun May 15, 2022 7:29 am
Location: USA

BGP default route shows invalid in ROS v7.2.3

Sun May 29, 2022 1:15 am

Hello,

Using RouterOS v7.2.3 BGP we are having a problem with the default route obtained from our upstream provider showing up in the route table as Invalid (DIFb).
The BGP session is established as shown below.

Flags: E - established 
 0 E remote.address=50.xxx.xxx.225 .as=1xxx2 .id=198.xxx.xxx.102 .refused-cap-opt=no .capabilities=mp,rr,gr,as4,llgr .hold-time=1m30s .messages=135 .bytes=2609 .gr-time=120 .eor=ip 
     local.address=50.xxx.xxx.226 .as=3xxxx5 .id=10.219.250.1 .capabilities=mp,rr,gr,as4 .messages=126 .bytes=2423 .eor="" 
     output.procid=62 .filter-chain=out-CSpire .network=bgp-networks 
     input.procid=62 .filter=in-CSpire ebgp 
     hold-time=1m30s keepalive-time=30s uptime=1h2m2s 

Our settings for BGP are below. The BGP settings are from doing an upgrade from 6.45.9 to 7.2.3.
This all worked in RouterOS v6.

/routing bgp connection
add as=3xxxx5 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no input.filter=in-CSpire listen=yes local.address=50.xxx.xxx.226 .role=ebgp name=Cspire output.filter-chain=out-CSpire .network=bgp-networks remote.address=50.xxx.xxx.225/32 .as=1xxx2 .port=179 router-id=10.219.250.1 routing-table=main

We have two small blocks of public IP addresses that we rent from our upstream provider. A /27 and a /28.
We also have our own /24 public IP block that we obtained recently from ARIN.

Routing Filters:
add chain=in-CSpire comment="ACCEPT DEFAULT ROUTE" disabled=no rule="if (dst in 0.0.0.0 && dst-len == 0) { accept; }"
add chain=in-CSpire comment="DROP ALL OTHER ROUTES" disabled=no rule="if (dst in 0.0.0.0/0 && dst-len in 0-64) { reject; }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 173.xxx.xxx.0/27 && dst-len == 24) { accept; }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 173.xxx.xxx.144/28 && dst-len == 24) { accept; }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 45.xxx.xxx.0/24 && dst-len == 24) { accept; }"
Address List:
add address=45.xxx.xxx.0/24 list=bgp-networks
add address=173.xxx.xxx.144/28 list=bgp-networks
add address=173.xxx.xxx.0/27 list=bgp-networks

We added a static default route to keep everything working while we tested BGP. The default route obtained from our upstream provider is exactly the same as our static default route except it shows as invalid.

Static Routes:
add comment="STATIC ROUTE TO C-SPIRE TOWER" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=50.xxx.xxx.225 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add blackhole disabled=no distance=1 dst-address=173.xxx.xxx.0/27 gateway="" pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add blackhole disabled=no distance=1 dst-address=173.xxx.xxx.144/28 gateway="" pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add blackhole disabled=no distance=1 dst-address=45.xxx.xxx.0/24 gateway=0.0.0.0 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
routes.png

How can we make the default route obtained by BGP show up as a valid route?
You do not have the required permissions to view the files attached to this post.
 
User avatar
ingdaka
Trainer
Trainer
Posts: 444
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: BGP default route shows invalid in ROS v7.2.3

Sun May 29, 2022 10:44 pm

What happen if you remove static one with same IP or set it's distance to more than 20?
 
User avatar
UplinkLLC
just joined
Topic Author
Posts: 12
Joined: Sun May 15, 2022 7:29 am
Location: USA

Re: BGP default route shows invalid in ROS v7.2.3

Sun May 29, 2022 10:57 pm

Hello ingdaka,

Thank you for the reply.

What happen if you remove static one with same IP or set it's distance to more than 20?

I set the distance on the static route to 25. Disabled the BGP connection, waited 30 seconds, enabled the BGP connection. The BGP session is reestablished with the same results, invalid (DIFb).
I don't want to disable the static route because it will disrupt service, but theoretically, it should not need to be disabled for the BGP default route to work.

Thank you,
 
User avatar
UplinkLLC
just joined
Topic Author
Posts: 12
Joined: Sun May 15, 2022 7:29 am
Location: USA

Re: BGP default route shows invalid in ROS v7.2.3  [SOLVED]

Mon May 30, 2022 3:29 am

Hello,

In case this helps somebody else. The BGP filter rule for the default route did not translate properly when the router was upgraded from v6 to v7.

The rule for the default route now looks like this:
add chain=in-CSpire comment="ACCEPT DEFAULT ROUTE" disabled=no rule="if (dst in 0.0.0.0/0) { accept }"

The default route is now DAb instead of DIFb

Our filters are below:
/routing filter rule
add chain=in-CSpire comment="ACCEPT DEFAULT ROUTE" disabled=no rule="if (dst in 0.0.0.0/0) { accept }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 173.xxx.xxx.144/28) { accept }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 173.xxx.xxx.0/27) { accept }"
add chain=out-CSpire comment="ONLY ADVERTISE THESE ROUTES" disabled=no rule="if (dst in 45.xxx.xxx.0/24) { accept }"

Also, for our situation, we didn't need any of that blackhole stuff.

Regards,

Who is online

Users browsing this forum: Bing [Bot] and 3 guests