Communities. Lemme know if you need more detail on that. I'm a little
pressed for time right now.
On 08/30/2016 03:23 PM, Faisal Imtiaz wrote:
I have a follow up question in regards to this...
How do you prevent having ebgp routes being sent to your smaller
routers which are doing ibgp with the Route Reflectors ?
Are you using filters ? or some there method ?
Thanks.
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232
Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
------------------------------------------------------------------------
*From: *"Jesse DuPont" <jesse.dup...@celeritycorp.net>
*To: *af@afmug.com
*Sent: *Friday, August 26, 2016 11:36:42 PM
*Subject: *Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF
weirdness
For me, it was a bit of an experiment, but I have ended up liking
it. Yes, it does add some overhead, but I didn't have to add
routers to be the route reflectors - I just chose two routers
which provided good geographic redundancy balanced with being as
well-connected as possible to the rest of the routers and checked
the "route reflect to peers" box. Route reflecting is really no
more intensive than just BGP peering; probably most already know
this, but the only different between a route reflector and a
non-route reflector is that at route reflector is allowed to break
the iBGP rule of not disseminating routes learned from one peer to
another peer.
One of the things I really like about using BGP for access
prefixes is that I don't have to mess with filters or using
non-backbone areas and area-ranges to summarize pools used for
things like PPPoE. It's nice that more recent versions of MikroTik
automate adding the U route of a summarized area-range after the
first connected route shows up, but with BGP, I simply add the
prefix to Networks and it's done.
Another advantage, albeit a "band-aid" one is that if I'm having
some link quality issue that is ultimately causing OSPF to lose
adjacency (packet loss causing dropped Hello's, for example, or
some jackass carrier providing a circuit that upgrades their
platform and they don't read the release notes and multicast gets
dropped...), I can deploy a small handful of static routes to
improve stability slightly until I can resolve the issue (just a
small time saver).
Obviously, none of this functionality REQUIRES the use of BGP and
it can all be done using OSPF. Indeed, while I'm using OSPF + iBGP
in my WISP, the telco I'm also the network architect/engineer at
uses only OSPF as the IGP and we have thousands of internal OSPF
routes and dozens of routers in the backbone area (along with
others in non-backbone areas) and it's extremely stable. I think
its easy to misinterpret problems which manifest themselves as
OSPF issues, but are really just OSPF reacting to some other
condition; the canary in the coal mine, if you will.
<rant> If you're having issues with OSPF losing adjacencies or
changing from full to down or full to init, you've got some
problem with the link. Period. OSPF is not the problem. OSPF has
been stable in MikroTiks since 3.x.</rant>
*Jesse DuPont*
Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC
Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc
Like us! facebook.com/celeritybroadband
On 8/26/16 1:16 PM, Faisal Imtiaz wrote:
So just for the sake of a technical discussion...
In your opinion, what is the merit of such a config (osfp +
ibgp) ?
It can be argued that such a config,
a) Still depends on OSPF functioning.
b) Layer an additional dynamic protocol on top of it (ibgp)
c) Requires additional Routers (route reflectors).
If the merit of such an approach is to manage manage OSFP
behavior in a more granular fashion, Why not use the those
features as they are available in OSPF / Best Practices...
(OSFP best practices, suggest that, don't advertise
connected or static routes, setup all interfaces as passive,
and control prefix advertisements via the network section of
OSPF).
OSPF also tends to be the most common denominator (protocol)
across different mfg. Bgp being the 2nd.
Regards
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232
Help-desk: (305)663-5518 Option 2 or Email:
supp...@snappytelecom.net
------------------------------------------------------------------------
*From: *"Jesse DuPont" <jesse.dup...@celeritycorp.net>
*To: *af@afmug.com
*Sent: *Friday, August 26, 2016 12:03:58 AM
*Subject: *Re: [AFMUG] Mikrotik OSPF weirdness
Right, PTP and loopback prefixes are distributed with OSPF
(and possibly management subnets for radios) and "access"
network prefixes (customer-facing) are distributed via iBGP.
I have two of my routers configured as BGP route
reflectors and all other routers peer with only these two;
this solves the full mesh and provides redundancy.
*Jesse DuPont*
Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC
Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc
Like us! facebook.com/celeritybroadband
On 8/25/16 8:40 PM, David Milholen wrote:
He may have meant only have the ptp and loopback
addresses listed in networks
On 8/25/2016 9:31 PM, Mike Hammett wrote:
I've heard this concept a few times now. I'm not
sure how only using OSPF for the loopbacks works.
-----
Mike Hammett
Intelligent Computing Solutions
<http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Bruce Robertson" <br...@pooh.com>
*To: *af@afmug.com
*Sent: *Thursday, August 25, 2016 6:28:43 PM
*Subject: *Re: [AFMUG] Mikrotik OSPF weirdness
I've said it before, and been argued with... this
is one of many reasons why you use iBGP to
distribute {customer, dynamic pool, server
subnets, anything} routes, and use OSPF *only* to
distribute router loopback addresses.� All your
weird OSPF problems will go away.� My apologies
if I'm misunderstanding the problem, but my point
still stands.
On 08/25/2016 10:22 AM, Robert Haas wrote:
Alright, this problem has raised it head again
on my network since I started to renumber some
PPPoE pools.
Customer gets a new IP address via PPPoE
x.x.x.208/32 (from x.x.x.192/27 pool).
Customer can�t surf and I can�t ping them
from my office:
�
[office] � [Bernie Router] � [Braggcity
Router] � [Ross Router] � [Hayti Router]
� [customer]
�
A traceroute from my office dies @ the Bernie
router but I am not getting any type of ICMP
response from the Bernie router ie no ICMP
Host Unreachable/Dest unreachable etc � just
blackholes after my office router.
A traceroute from the Customer to the office
again dies at the Bernie router with no type
of response.
�
Checking the routing table on the Bernie
router shows a valid route pointing to the
Braggcity router. It is also in the OSPF LSA�s.
--
Another customer gets x.x.x.207/32 and has no
issue at all.
�
--
Force the original customer to a new ip
address of x.x.x.205/32 and the service starts
working again.
�
--
�
Now � even though there is no valid route to
x.x.x.208/32 in the routing table � traffic
destined to the x.x.x.208/32 IP is still
getting blackholed.. I should be getting a
Destination host unreachable from the Bernie
router.
�
This is correct the correct response .206 is
not being used and there is no route to it:
C:\Users\netadmin>ping x.x.x.206
�
Pinging x.x.x.206 with 32 bytes of data:
Reply from y.y.y.1: Destination host unreachable.
Reply from y.y.y.1: Destination host unreachable.
�
Ping statistics for x.x.x.206:
��� Packets: Sent = 2, Received = 2,
Lost = 0 (0% loss),
�
C:\Users\netadmin>tracert 74.91.65.206
�
Tracing route to
host-x.x.x.206.bpsnetworks.com [x.x.x.206]
over a maximum of 30 hops:
�
� 1���� 6 ms���� 6
ms���� 7 ms� z.z.z.z
� 2���� 6 ms���� 6
ms���� 6 ms� y.bpsnetworks.com [y.y.y.1]
� 3� y.bpsnetworks.com [y.y.y.1]
�reports: Destination host unreachable.
�
Trace complete.
�
This is what I see to x.x.x.208 even though it
is not being used and there is no route to it.
C:\Users\netadmin>ping x.x.x.208
�
Pinging x.x.x.208 with 32 bytes of data:
Request timed out.
Request timed out.
�
Ping statistics for x.x.x.208:
��� Packets: Sent = 2, Received = 0,
Lost = 2 (100% loss),
�
C:\Users\netadmin>tracert x.x.x.208
�
Tracing route to
host-x.x.x.208.bpsnetworks.com [x.x.x.208]
over a maximum of 30 hops:
�
� 1���� 6 ms���� 6
ms���� 6 ms� z.z.z.z
� 2���� *�������
*������� *���� Request
timed out.
� 3���� *�������
*���� ^C
�
--
�
I�ve verified there is no firewall that
would affect the traffic � I even put an
accept rule in the forward chain for both the
source and destination of x.x.x.208 and
neither increment at all. So the traffic is
not even making out of the routing flow and
into the firewall..
�
Any pointers are where to start
troubleshooting next?
--
!DSPAM:2,57c60796289379943469318!
