Thanks Philip and Kyle, Adding the filter rule (with passthrough) has certainly helped. The bias is more toward megaport by about 15Mbps (Thanks Philip! If we meet at the next MUM I will buy you a beer.) Interestingly I am still seeing 10-15Mbps oscillation between the ISP and Megaport. Picture here... https://malfunction.faed.name/2019/09/outbound-bgp-traffic-oscillation.html I had disabled connection tracking prior to implementing the IX and moved my NAT clients etc onto a separate router. For this to occur some routes must be changing to / from the ISP and IXP. I know it is not much traffic in the greater scheme of things, but would be nice to understand it further. @Kyle I will look into flow monitoring. It has been on my list of things to do! Regards, *Malcolm Faed*Network Broadcast Engineer malcolm@avcomm.com.au Av-Comm Office: +61 2 9939 4377 Mobile+61 424 957 053 Unit 24 / 9 Powells Road, Brookvale, NSW 2100, Australia. avcomm.com.au [image: Twitter] <https://twitter.com/AvCommSatellite>[image: Google Plus] <https://plus.google.com/+AvcommAustralia/>[image: Youtube] <https://www.youtube.com/channel/UCO8ZtcnwoTH7e54LAndE-yw>[image: Linkedin] <https://www.linkedin.com/company-beta/6583589/> This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorised disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Av-Comm is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. On Mon, 9 Sep 2019 at 13:29, Kyle Pharo <kyle@tangelo.com> wrote:
Hey Malcolm,
If you have the time/resources it might be interesting to set up a flow monitor, I have been using Elastiflow https://github.com/robcowart/elastiflow
You should be able to log the flows and see which IP/ASN they're destined for as well as the interface (I don't think mikrotik includes interface names, just a numerical id starting 0 from memory) that they leave the router on.
Two things that come to mind are CDN's that might try and influence your routing to load balance (via MED or more specific routes), being able to see more details on the traffic flows should get you a better idea of what prefixes are actually changing
Cheers,
Kyle
| kyle pharo | CTO | nz +64 21 064 6723 | | kyle@tangelo.com | www.tangelo.com | | https://www.peeringdb.com/net/10453 |
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Malcolm Faed Sent: Friday, 6 September 2019 20:39 To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] BGP with ISP and IXP traffic variation
Hi All,
I have just completed implementing BGP with Megaport and our ISP.
I am seeing an usual pattern only with my outbound traffic. See https://malfunction.faed.name/ for a graph.
I can't easily see what 1000's of users are doing but it seems like some routes are changing between ISP and IXP, then changing back causing this pattern.
Can anyone suggest how to investigate this further? Or perhaps this is normal if anyone has experience in this.
Thanks in advance, Mal
*Malcolm Faed*Network Broadcast Engineer malcolm@avcomm.com.au
Av-Comm
Office: +61 2 9939 4377 Mobile+61 424 957 053
Unit 24 / 9 Powells Road, Brookvale, NSW 2100, Australia. avcomm.com.au
[image: Twitter] <https://twitter.com/AvCommSatellite>[image: Google Plus] <https://plus.google.com/+AvcommAustralia/>[image: Youtube] <https://www.youtube.com/channel/UCO8ZtcnwoTH7e54LAndE-yw>[image: Linkedin] <https://www.linkedin.com/company-beta/6583589/>
This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorised disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Av-Comm is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au