I have a follow up question in regards to this... How do you prevent having ebgp routes being sent to your smaller routers which are doing ibgp with the Route Reflectors ?
Are you using filters ? or some there method ? Thanks. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> > To: af@afmug.com > Sent: Friday, August 26, 2016 11:36:42 PM > Subject: Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF weirdness > For me, it was a bit of an experiment, but I have ended up liking it. Yes, it > does add some overhead, but I didn't have to add routers to be the route > reflectors - I just chose two routers which provided good geographic > redundancy > balanced with being as well-connected as possible to the rest of the routers > and checked the "route reflect to peers" box. Route reflecting is really no > more intensive than just BGP peering; probably most already know this, but the > only different between a route reflector and a non-route reflector is that at > route reflector is allowed to break the iBGP rule of not disseminating routes > learned from one peer to another peer. > One of the things I really like about using BGP for access prefixes is that I > don't have to mess with filters or using non-backbone areas and area-ranges to > summarize pools used for things like PPPoE. It's nice that more recent > versions > of MikroTik automate adding the U route of a summarized area-range after the > first connected route shows up, but with BGP, I simply add the prefix to > Networks and it's done. > Another advantage, albeit a "band-aid" one is that if I'm having some link > quality issue that is ultimately causing OSPF to lose adjacency (packet loss > causing dropped Hello's, for example, or some jackass carrier providing a > circuit that upgrades their platform and they don't read the release notes and > multicast gets dropped...), I can deploy a small handful of static routes to > improve stability slightly until I can resolve the issue (just a small time > saver). > Obviously, none of this functionality REQUIRES the use of BGP and it can all > be > done using OSPF. Indeed, while I'm using OSPF + iBGP in my WISP, the telco I'm > also the network architect/engineer at uses only OSPF as the IGP and we have > thousands of internal OSPF routes and dozens of routers in the backbone area > (along with others in non-backbone areas) and it's extremely stable. I think > its easy to misinterpret problems which manifest themselves as OSPF issues, > but > are really just OSPF reacting to some other condition; the canary in the coal > mine, if you will. > <rant> If you're having issues with OSPF losing adjacencies or changing from > full to down or full to init, you've got some problem with the link. Period. > OSPF is not the problem. OSPF has been stable in MikroTiks since 3.x.</rant> > Jesse DuPont > Network Architect > email: jesse.dup...@celeritycorp.net > Celerity Networks LLC > Celerity Broadband LLC > Like us! facebook.com / celeritynetworksllc > Like us! facebook.com /celeritybroadband > On 8/26/16 1:16 PM, Faisal Imtiaz wrote: >> So just for the sake of a technical discussion... >> In your opinion, what is the merit of such a config (osfp + ibgp) ? >> It can be argued that such a config, >> a) Still depends on OSPF functioning. >> b) Layer an additional dynamic protocol on top of it (ibgp) >> c) Requires additional Routers (route reflectors). >> If the merit of such an approach is to manage manage OSFP behavior in a more >> granular fashion, Why not use the those features as they are available in >> OSPF >> / Best Practices... >> (OSFP best practices, suggest that, don't advertise connected or static >> routes, >> setup all interfaces as passive, and control prefix advertisements via the >> network section of OSPF). >> OSPF also tends to be the most common denominator (protocol) across different >> mfg. Bgp being the 2nd. >> Regards >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> >>> To: af@afmug.com >>> Sent: Friday, August 26, 2016 12:03:58 AM >>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness >>> Right, PTP and loopback prefixes are distributed with OSPF (and possibly >>> management subnets for radios) and "access" network prefixes >>> (customer-facing) >>> are distributed via iBGP. >>> I have two of my routers configured as BGP route reflectors and all other >>> routers peer with only these two; this solves the full mesh and provides >>> redundancy. >>> Jesse DuPont >>> Network Architect >>> email: jesse.dup...@celeritycorp.net >>> Celerity Networks LLC >>> Celerity Broadband LLC >>> Like us! facebook.com / celeritynetworksllc >>> Like us! facebook.com /celeritybroadband >>> On 8/25/16 8:40 PM, David Milholen wrote: >>>> He may have meant only have the ptp and loopback addresses listed in >>>> networks >>>> On 8/25/2016 9:31 PM, Mike Hammett wrote: >>>>> I've heard this concept a few times now. I'm not sure how only using OSPF >>>>> for >>>>> the loopbacks works. >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions >>>>> Midwest Internet Exchange >>>>> The Brothers WISP >>>>> From: "Bruce Robertson" <br...@pooh.com> >>>>> To: af@afmug.com >>>>> Sent: Thursday, August 25, 2016 6:28:43 PM >>>>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness >>>>> I've said it before, and been argued with... this is one of many reasons >>>>> why you >>>>> use iBGP to distribute {customer, dynamic pool, server subnets, anything} >>>>> routes, and use OSPF *only* to distribute router loopback addresses.� >>>>> All >>>>> your weird OSPF problems will go away.� My apologies if I'm >>>>> misunderstanding >>>>> the problem, but my point still stands. >>>>> On 08/25/2016 10:22 AM, Robert Haas wrote: >>>>>> Alright, this problem has raised it head again on my network since I >>>>>> started to >>>>>> renumber some PPPoE pools. >>>>>> Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 >>>>>> pool). >>>>>> Customer can�t surf and I can�t ping them from my office: >>>>>> � >>>>>> [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] >>>>>> � [Hayti >>>>>> Router] � [customer] >>>>>> � >>>>>> A traceroute from my office dies @ the Bernie router but I am not >>>>>> getting any >>>>>> type of ICMP response from the Bernie router ie no ICMP Host >>>>>> Unreachable/Dest >>>>>> unreachable etc � just blackholes after my office router. >>>>>> A traceroute from the Customer to the office again dies at the Bernie >>>>>> router >>>>>> with no type of response. >>>>>> � >>>>>> Checking the routing table on the Bernie router shows a valid route >>>>>> pointing to >>>>>> the Braggcity router. It is also in the OSPF LSA�s. >>>>>> -- >>>>>> Another customer gets x.x.x.207/32 and has no issue at all. >>>>>> � >>>>>> -- >>>>>> Force the original customer to a new ip address of x.x.x.205/32 and the >>>>>> service >>>>>> starts working again. >>>>>> � >>>>>> -- >>>>>> � >>>>>> Now � even though there is no valid route to x.x.x.208/32 in the >>>>>> routing table >>>>>> � traffic destined to the x.x.x.208/32 IP is still getting >>>>>> blackholed.. I >>>>>> should be getting a Destination host unreachable from the Bernie router. >>>>>> � >>>>>> This is correct the correct response .206 is not being used and there is >>>>>> no >>>>>> route to it: >>>>>> C:\Users\netadmin>ping x.x.x.206 >>>>>> � >>>>>> Pinging x.x.x.206 with 32 bytes of data: >>>>>> Reply from y.y.y.1: Destination host unreachable. >>>>>> Reply from y.y.y.1: Destination host unreachable. >>>>>> � >>>>>> Ping statistics for x.x.x.206: >>>>>> ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), >>>>>> � >>>>>> C:\Users\netadmin>tracert 74.91.65.206 >>>>>> � >>>>>> Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] >>>>>> over a maximum of 30 hops: >>>>>> � >>>>>> � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z >>>>>> � 2���� 6 ms���� 6 ms���� 6 ms� >>>>>> y.bpsnetworks.com >>>>>> [y.y.y.1] >>>>>> � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host >>>>>> unreachable. >>>>>> � >>>>>> Trace complete. >>>>>> � >>>>>> This is what I see to x.x.x.208 even though it is not being used and >>>>>> there is no >>>>>> route to it. >>>>>> C:\Users\netadmin>ping x.x.x.208 >>>>>> � >>>>>> Pinging x.x.x.208 with 32 bytes of data: >>>>>> Request timed out. >>>>>> Request timed out. >>>>>> � >>>>>> Ping statistics for x.x.x.208: >>>>>> ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), >>>>>> � >>>>>> C:\Users\netadmin>tracert x.x.x.208 >>>>>> � >>>>>> Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] >>>>>> over a maximum of 30 hops: >>>>>> � >>>>>> � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z >>>>>> � 2���� *������� *������� >>>>>> *���� >>>>>> Request timed out. >>>>>> � 3���� *������� *���� ^C >>>>>> � >>>>>> -- >>>>>> � >>>>>> I�ve verified there is no firewall that would affect the traffic � I >>>>>> even >>>>>> put an accept rule in the forward chain for both the source and >>>>>> destination of >>>>>> x.x.x.208 and neither increment at all. So the traffic is not even >>>>>> making out >>>>>> of the routing flow and into the firewall.. >>>>>> � >>>>>> Any pointers are where to start troubleshooting next? >>>>>> !DSPAM:2,57bf295962076342819562! >>>> --