Hi Bruce, Thank you for the offer, and Yes, I am very much interested in the details, if you can share at your convenience.
Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Bruce Robertson" <br...@pooh.com> > To: af@afmug.com > Sent: Tuesday, August 30, 2016 7:23:00 PM > Subject: Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF weirdness > Communities. Lemme know if you need more detail on that. I'm a little pressed > for time right now. > On 08/30/2016 03:23 PM, Faisal Imtiaz wrote: >> I have a follow up question in regards to this... >> How do you prevent having ebgp routes being sent to your smaller routers >> which >> are doing ibgp with the Route Reflectors ? >> Are you using filters ? or some there method ? >> Thanks. >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> >>> To: af@afmug.com >>> Sent: Friday, August 26, 2016 11:36:42 PM >>> Subject: Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF weirdness >>> For me, it was a bit of an experiment, but I have ended up liking it. Yes, >>> it >>> does add some overhead, but I didn't have to add routers to be the route >>> reflectors - I just chose two routers which provided good geographic >>> redundancy >>> balanced with being as well-connected as possible to the rest of the routers >>> and checked the "route reflect to peers" box. Route reflecting is really no >>> more intensive than just BGP peering; probably most already know this, but >>> the >>> only different between a route reflector and a non-route reflector is that >>> at >>> route reflector is allowed to break the iBGP rule of not disseminating >>> routes >>> learned from one peer to another peer. >>> One of the things I really like about using BGP for access prefixes is that >>> I >>> don't have to mess with filters or using non-backbone areas and area-ranges >>> to >>> summarize pools used for things like PPPoE. It's nice that more recent >>> versions >>> of MikroTik automate adding the U route of a summarized area-range after the >>> first connected route shows up, but with BGP, I simply add the prefix to >>> Networks and it's done. >>> Another advantage, albeit a "band-aid" one is that if I'm having some link >>> quality issue that is ultimately causing OSPF to lose adjacency (packet loss >>> causing dropped Hello's, for example, or some jackass carrier providing a >>> circuit that upgrades their platform and they don't read the release notes >>> and >>> multicast gets dropped...), I can deploy a small handful of static routes to >>> improve stability slightly until I can resolve the issue (just a small time >>> saver). >>> Obviously, none of this functionality REQUIRES the use of BGP and it can >>> all be >>> done using OSPF. Indeed, while I'm using OSPF + iBGP in my WISP, the telco >>> I'm >>> also the network architect/engineer at uses only OSPF as the IGP and we have >>> thousands of internal OSPF routes and dozens of routers in the backbone area >>> (along with others in non-backbone areas) and it's extremely stable. I think >>> its easy to misinterpret problems which manifest themselves as OSPF issues, >>> but >>> are really just OSPF reacting to some other condition; the canary in the >>> coal >>> mine, if you will. >>> <rant> If you're having issues with OSPF losing adjacencies or changing from >>> full to down or full to init, you've got some problem with the link. Period. >>> OSPF is not the problem. OSPF has been stable in MikroTiks since 3.x.</rant> >>> Jesse DuPont >>> Network Architect >>> email: jesse.dup...@celeritycorp.net >>> Celerity Networks LLC >>> Celerity Broadband LLC >>> Like us! facebook.com / celeritynetworksllc >>> Like us! facebook.com /celeritybroadband >>> On 8/26/16 1:16 PM, Faisal Imtiaz wrote: >>>> So just for the sake of a technical discussion... >>>> In your opinion, what is the merit of such a config (osfp + ibgp) ? >>>> It can be argued that such a config, >>>> a) Still depends on OSPF functioning. >>>> b) Layer an additional dynamic protocol on top of it (ibgp) >>>> c) Requires additional Routers (route reflectors). >>>> If the merit of such an approach is to manage manage OSFP behavior in a >>>> more >>>> granular fashion, Why not use the those features as they are available in >>>> OSPF >>>> / Best Practices... >>>> (OSFP best practices, suggest that, don't advertise connected or static >>>> routes, >>>> setup all interfaces as passive, and control prefix advertisements via the >>>> network section of OSPF). >>>> OSPF also tends to be the most common denominator (protocol) across >>>> different >>>> mfg. Bgp being the 2nd. >>>> Regards >>>> Faisal Imtiaz >>>> Snappy Internet & Telecom >>>> 7266 SW 48 Street >>>> Miami, FL 33155 >>>> Tel: 305 663 5518 x 232 >>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> >>>>> To: af@afmug.com >>>>> Sent: Friday, August 26, 2016 12:03:58 AM >>>>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness >>>>> Right, PTP and loopback prefixes are distributed with OSPF (and possibly >>>>> management subnets for radios) and "access" network prefixes >>>>> (customer-facing) >>>>> are distributed via iBGP. >>>>> I have two of my routers configured as BGP route reflectors and all other >>>>> routers peer with only these two; this solves the full mesh and provides >>>>> redundancy. >>>>> Jesse DuPont >>>>> Network Architect >>>>> email: jesse.dup...@celeritycorp.net >>>>> Celerity Networks LLC >>>>> Celerity Broadband LLC >>>>> Like us! facebook.com / celeritynetworksllc >>>>> Like us! facebook.com /celeritybroadband >>>>> On 8/25/16 8:40 PM, David Milholen wrote: >>>>>> He may have meant only have the ptp and loopback addresses listed in >>>>>> networks >>>>>> On 8/25/2016 9:31 PM, Mike Hammett wrote: >>>>>>> I've heard this concept a few times now. I'm not sure how only using >>>>>>> OSPF for >>>>>>> the loopbacks works. >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions >>>>>>> Midwest Internet Exchange >>>>>>> The Brothers WISP >>>>>>> From: "Bruce Robertson" <br...@pooh.com> >>>>>>> To: af@afmug.com >>>>>>> Sent: Thursday, August 25, 2016 6:28:43 PM >>>>>>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness >>>>>>> I've said it before, and been argued with... this is one of many >>>>>>> reasons why you >>>>>>> use iBGP to distribute {customer, dynamic pool, server subnets, >>>>>>> anything} >>>>>>> routes, and use OSPF *only* to distribute router loopback addresses.� >>>>>>> All >>>>>>> your weird OSPF problems will go away.� My apologies if I'm >>>>>>> misunderstanding >>>>>>> the problem, but my point still stands. >>>>>>> On 08/25/2016 10:22 AM, Robert Haas wrote: >>>>>>>> Alright, this problem has raised it head again on my network since I >>>>>>>> started to >>>>>>>> renumber some PPPoE pools. >>>>>>>> Customer gets a new IP address via PPPoE x.x.x.208/32 (from >>>>>>>> x.x.x.192/27 pool). >>>>>>>> Customer can�t surf and I can�t ping them from my office: >>>>>>>> � >>>>>>>> [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] >>>>>>>> � [Hayti >>>>>>>> Router] � [customer] >>>>>>>> � >>>>>>>> A traceroute from my office dies @ the Bernie router but I am not >>>>>>>> getting any >>>>>>>> type of ICMP response from the Bernie router ie no ICMP Host >>>>>>>> Unreachable/Dest >>>>>>>> unreachable etc � just blackholes after my office router. >>>>>>>> A traceroute from the Customer to the office again dies at the Bernie >>>>>>>> router >>>>>>>> with no type of response. >>>>>>>> � >>>>>>>> Checking the routing table on the Bernie router shows a valid route >>>>>>>> pointing to >>>>>>>> the Braggcity router. It is also in the OSPF LSA�s. >>>>>>>> -- >>>>>>>> Another customer gets x.x.x.207/32 and has no issue at all. >>>>>>>> � >>>>>>>> -- >>>>>>>> Force the original customer to a new ip address of x.x.x.205/32 and >>>>>>>> the service >>>>>>>> starts working again. >>>>>>>> � >>>>>>>> -- >>>>>>>> � >>>>>>>> Now � even though there is no valid route to x.x.x.208/32 in the >>>>>>>> routing table >>>>>>>> � traffic destined to the x.x.x.208/32 IP is still getting >>>>>>>> blackholed.. I >>>>>>>> should be getting a Destination host unreachable from the Bernie >>>>>>>> router. >>>>>>>> � >>>>>>>> This is correct the correct response .206 is not being used and there >>>>>>>> is no >>>>>>>> route to it: >>>>>>>> C:\Users\netadmin>ping x.x.x.206 >>>>>>>> � >>>>>>>> Pinging x.x.x.206 with 32 bytes of data: >>>>>>>> Reply from y.y.y.1: Destination host unreachable. >>>>>>>> Reply from y.y.y.1: Destination host unreachable. >>>>>>>> � >>>>>>>> Ping statistics for x.x.x.206: >>>>>>>> ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), >>>>>>>> � >>>>>>>> C:\Users\netadmin>tracert 74.91.65.206 >>>>>>>> � >>>>>>>> Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] >>>>>>>> over a maximum of 30 hops: >>>>>>>> � >>>>>>>> � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z >>>>>>>> � 2���� 6 ms���� 6 ms���� 6 ms� >>>>>>>> y.bpsnetworks.com >>>>>>>> [y.y.y.1] >>>>>>>> � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host >>>>>>>> unreachable. >>>>>>>> � >>>>>>>> Trace complete. >>>>>>>> � >>>>>>>> This is what I see to x.x.x.208 even though it is not being used and >>>>>>>> there is no >>>>>>>> route to it. >>>>>>>> C:\Users\netadmin>ping x.x.x.208 >>>>>>>> � >>>>>>>> Pinging x.x.x.208 with 32 bytes of data: >>>>>>>> Request timed out. >>>>>>>> Request timed out. >>>>>>>> � >>>>>>>> Ping statistics for x.x.x.208: >>>>>>>> ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), >>>>>>>> � >>>>>>>> C:\Users\netadmin>tracert x.x.x.208 >>>>>>>> � >>>>>>>> Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] >>>>>>>> over a maximum of 30 hops: >>>>>>>> � >>>>>>>> � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z >>>>>>>> � 2���� *������� *������� >>>>>>>> *���� >>>>>>>> Request timed out. >>>>>>>> � 3���� *������� *���� ^C >>>>>>>> � >>>>>>>> -- >>>>>>>> � >>>>>>>> I�ve verified there is no firewall that would affect the traffic � >>>>>>>> I even >>>>>>>> put an accept rule in the forward chain for both the source and >>>>>>>> destination of >>>>>>>> x.x.x.208 and neither increment at all. So the traffic is not even >>>>>>>> making out >>>>>>>> of the routing flow and into the firewall.. >>>>>>>> � >>>>>>>> Any pointers are where to start troubleshooting next? >>>>>> -- >> !DSPAM:2,57c60796289379943469318!