Thanks Bruce,
one would have to use filters to make sure the Ebgp does not get injected into
the smaller routers.
Anyone with more examples ? Would be appreciated.
Thanks.
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232
Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> From: "Bruce Robertson" <br...@pooh.com>
> To: af@afmug.com
> Sent: Wednesday, August 31, 2016 1:59:23 PM
> Subject: Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF weirdness
> Okay, had a moment to remember how I've done this. On Cisco, I've used
> communities. You tag every prefix you put into iBGP with a community, and then
> only distribute tagged routes within the iBGP mesh. Hopefully you won't ask me
> for Cusco examples... It's been 3+ years and I don't have access to those
> routers anymore. Barry Sherwood, if you're reading this, maybe you can
> contribute some sample configs.
> I peeked at the most recent Mikrotik network I set up (still over a year ago)
> and it appears that that network is not yet doing eBGP to anyone, so I didn't
> set up that part. But I would imagine that I would either do the same trick
> with communities, or would use filters on the eBGP routers. Should be pretty
> easy to set up, since the gateway routers are only doing iBGP with the route
> reflectors, so there's only one choke point. This is also an MPLS network, so
> the BGP configuration is really pretty trivial. Most routers aren't even
> running a BGP instance.
> On 08/30/2016 03:23 PM, Faisal Imtiaz wrote:
>> I have a follow up question in regards to this...
>> How do you prevent having ebgp routes being sent to your smaller routers
>> which
>> are doing ibgp with the Route Reflectors ?
>> Are you using filters ? or some there method ?
>> Thanks.
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net>
>>> To: af@afmug.com
>>> Sent: Friday, August 26 , 2016 11:36:42 PM
>>> Subject: Re: [AFMUG] (OSPF + ibgp) / formerly Mikrotik OSPF weirdness
>>> For me, it was a bit of an experiment, but I have ended up liking it. Yes,
>>> it
>>> does add some overhead, but I didn't have to add routers to be the route
>>> reflectors - I just chose two routers which provided good geographic
>>> redundancy
>>> balanced with being as well-connected as possible to the rest of the routers
>>> and checked the "route reflect to peers" box. Route reflecting is really no
>>> more intensive than just BGP peering; probably most already know this, but
>>> the
>>> only different between a route reflector and a non-route reflector is that
>>> at
>>> route reflector is allowed to break the iBGP rule of not disseminating
>>> routes
>>> learned from one peer to another peer.
>>> One of the things I really like about using BGP for access prefixes is that
>>> I
>>> don't have to mess with filters or using non-backbone areas and area-ranges
>>> to
>>> summarize pools used for things like PPPoE. It's nice that more recent
>>> versions
>>> of MikroTik automate adding the U route of a summarized area-range after the
>>> first connected route shows up, but with BGP, I simply add the prefix to
>>> Networks and it's done.
>>> Another advantage, albeit a "band-aid" one is that if I'm having some link
>>> quality issue that is ultimately causing OSPF to lose adjacency (packet loss
>>> causing dropped Hello's, for example, or some jackass carrier providing a
>>> circuit that upgrades their platform and they don't read the release notes
>>> and
>>> multicast gets dropped...), I can deploy a small handful of static routes to
>>> improve stability slightly until I can resolve the issue (just a small time
>>> saver).
>>> Obviously, none of this functionality REQUIRES the use of BGP and it can
>>> all be
>>> done using OSPF. Indeed, while I'm using OSPF + iBGP in my WISP, the telco
>>> I'm
>>> also the network architect/engineer at uses only OSPF as the IGP and we have
>>> thousands of internal OSPF routes and dozens of routers in the backbone area
>>> (along with others in non-backbone areas) and it's extremely stable. I think
>>> its easy to misinterpret problems which manifest themselves as OSPF issues,
>>> but
>>> are really just OSPF reacting to some other condition; the canary in the
>>> coal
>>> mine, if you will.
>>> <rant> If you're having issues with OSPF losing adjacencies or changing from
>>> full to down or full to init, you've got some problem with the link. Period.
>>> OSPF is not the problem. OSPF has been stable in MikroTiks since 3.x.</rant>
>>> Jesse DuPont
>>> Network Architect
>>> email: jesse.dup...@celeritycorp.net
>>> Celerity Networks LLC
>>> Celerity Broadband LLC
>>> Like us! facebook.com / celeritynetworksllc
>>> Like us! facebook.com /celeritybroadband
>>> On 8/26/16 1:16 PM, Faisal Imtiaz wrote:
>>>> So just for the sake of a technical discussion...
>>>> In your opinion, what is the merit of such a config (osfp + ibgp) ?
>>>> It can be argued that such a config,
>>>> a) Still depends on OSPF functioning.
>>>> b) Layer an additional dynamic protocol on top of it (ibgp)
>>>> c) Requires additional Routers (route reflectors).
>>>> If the merit of such an approach is to manage manage OSFP behavior in a
>>>> more
>>>> granular fashion, Why not use the those features as they are available in
>>>> OSPF
>>>> / Best Practices...
>>>> (OSFP best practices, suggest that, don't advertise connected or static
>>>> routes,
>>>> setup all interfaces as passive, and control prefix advertisements via the
>>>> network section of OSPF).
>>>> OSPF also tends to be the most common denominator (protocol) across
>>>> different
>>>> mfg. Bgp being the 2nd.
>>>> Regards
>>>> Faisal Imtiaz
>>>> Snappy Internet & Telecom
>>>> 7266 SW 48 Street
>>>> Miami, FL 33155
>>>> Tel: 305 663 5518 x 232
>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>>>> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net>
>>>>> To: af@afmug.com
>>>>> Sent: Friday, August 26 , 2016 12:03:58 AM
>>>>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness
>>>>> Right, PTP and loopback prefixes are distributed with OSPF (and possibly
>>>>> management subnets for radios) and "access" network prefixes
>>>>> (customer-facing)
>>>>> are distributed via iBGP.
>>>>> I have two of my routers configured as BGP route reflectors and all other
>>>>> routers peer with only these two; this solves the full mesh and provides
>>>>> redundancy.
>>>>> Jesse DuPont
>>>>> Network Architect
>>>>> email: jesse.dup...@celeritycorp.net
>>>>> Celerity Networks LLC
>>>>> Celerity Broadband LLC
>>>>> Like us! facebook.com / celeritynetworksllc
>>>>> Like us! facebook.com /celeritybroadband
>>>>> On 8/25/16 8:40 PM, David Milholen wrote:
>>>>>> He may have meant only have the ptp and loopback addresses listed in
>>>>>> networks
>>>>>> On 8/25/2016 9:31 PM, Mike Hammett wrote:
>>>>>>> I've heard this concept a few times now. I'm not sure how only using
>>>>>>> OSPF for
>>>>>>> the loopbacks works.
>>>>>>> -----
>>>>>>> Mike Hammett
>>>>>>> Intelligent Computing Solutions
>>>>>>> Midwest Internet Exchange
>>>>>>> The Brothers WISP
>>>>>>> From: "Bruce Robertson" <br...@pooh.com>
>>>>>>> To: af@afmug.com
>>>>>>> Sent: Thursday, August 25 , 2016 6:28:43 PM
>>>>>>> Subject: Re: [AFMUG] Mikrotik OSPF weirdness
>>>>>>> I've said it before, and been argued with... this is one of many
>>>>>>> reasons why you
>>>>>>> use iBGP to distribute {customer, dynamic pool, server subnets,
>>>>>>> anything}
>>>>>>> routes, and use OSPF *only* to distribute router loopback addresses.�
>>>>>>> All
>>>>>>> your weird OSPF problems will go away.� My apologies if I'm
>>>>>>> misunderstanding
>>>>>>> the problem, but my point still stands.
>>>>>>> On 08/25/2016 10:22 AM, Robert Haas wrote:
>>>>>>>> Alright, this problem has raised it head again on my network since I
>>>>>>>> started to
>>>>>>>> renumber some PPPoE pools.
>>>>>>>> Customer gets a new IP address via PPPoE x.x.x.208/32 (from
>>>>>>>> x.x.x.192/27 pool).
>>>>>>>> Customer can�t surf and I can�t ping them from my office:
>>>>>>>> �
>>>>>>>> [office] � [Bernie Router] � [Braggcity Router] � [Ross Router]
>>>>>>>> � [Hayti
>>>>>>>> Router] � [customer]
>>>>>>>> �
>>>>>>>> A traceroute from my office dies @ the Bernie router but I am not
>>>>>>>> getting any
>>>>>>>> type of ICMP response from the Bernie router ie no ICMP Host
>>>>>>>> Unreachable/Dest
>>>>>>>> unreachable etc � just blackholes after my office router.
>>>>>>>> A traceroute from the Customer to the office again dies at the Bernie
>>>>>>>> router
>>>>>>>> with no type of response.
>>>>>>>> �
>>>>>>>> Checking the routing table on the Bernie router shows a valid route
>>>>>>>> pointing to
>>>>>>>> the Braggcity router. It is also in the OSPF LSA�s.
>>>>>>>> --
>>>>>>>> Another customer gets x.x.x.207/32 and has no issue at all.
>>>>>>>> �
>>>>>>>> --
>>>>>>>> Force the original customer to a new ip address of x.x.x.205/32 and
>>>>>>>> the service
>>>>>>>> starts working again.
>>>>>>>> �
>>>>>>>> --
>>>>>>>> �
>>>>>>>> Now � even though there is no valid route to x.x.x.208/32 in the
>>>>>>>> routing table
>>>>>>>> � traffic destined to the x.x.x.208/32 IP is still getting
>>>>>>>> blackholed.. I
>>>>>>>> should be getting a Destination host unreachable from the Bernie
>>>>>>>> router.
>>>>>>>> �
>>>>>>>> This is correct the correct response .206 is not being used and there
>>>>>>>> is no
>>>>>>>> route to it:
>>>>>>>> C:\Users\netadmin>ping x.x.x.206
>>>>>>>> �
>>>>>>>> Pinging x.x.x.206 with 32 bytes of data:
>>>>>>>> Reply from y.y.y.1: Destination host unreachable.
>>>>>>>> Reply from y.y.y.1: Destination host unreachable.
>>>>>>>> �
>>>>>>>> Ping statistics for x.x.x.206:
>>>>>>>> ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
>>>>>>>> �
>>>>>>>> C:\Users\netadmin>tracert 74.91.65.206
>>>>>>>> �
>>>>>>>> Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206]
>>>>>>>> over a maximum of 30 hops:
>>>>>>>> �
>>>>>>>> � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z
>>>>>>>> � 2���� 6 ms���� 6 ms���� 6 ms�
>>>>>>>> y.bpsnetworks.com
>>>>>>>> [y.y.y.1]
>>>>>>>> � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host
>>>>>>>> unreachable.
>>>>>>>> �
>>>>>>>> Trace complete.
>>>>>>>> �
>>>>>>>> This is what I see to x.x.x.208 even though it is not being used and
>>>>>>>> there is no
>>>>>>>> route to it.
>>>>>>>> C:\Users\netadmin>ping x.x.x.208
>>>>>>>> �
>>>>>>>> Pinging x.x.x.208 with 32 bytes of data:
>>>>>>>> Request timed out.
>>>>>>>> Request timed out.
>>>>>>>> �
>>>>>>>> Ping statistics for x.x.x.208:
>>>>>>>> ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
>>>>>>>> �
>>>>>>>> C:\Users\netadmin>tracert x.x.x.208
>>>>>>>> �
>>>>>>>> Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208]
>>>>>>>> over a maximum of 30 hops:
>>>>>>>> �
>>>>>>>> � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z
>>>>>>>> � 2���� *������� *�������
>>>>>>>> *����
>>>>>>>> Request timed out.
>>>>>>>> � 3���� *������� *���� ^C
>>>>>>>> �
>>>>>>>> --
>>>>>>>> �
>>>>>>>> I�ve verified there is no firewall that would affect the traffic �
>>>>>>>> I even
>>>>>>>> put an accept rule in the forward chain for both the source and
>>>>>>>> destination of
>>>>>>>> x.x.x.208 and neither increment at all. So the traffic is not even
>>>>>>>> making out
>>>>>>>> of the routing flow and into the firewall..
>>>>>>>> �
>>>>>>>> Any pointers are where to start troubleshooting next?
>>>>>> --
>> !DSPAM:2,57c60796289379943469318!
