Hey Guys, I ran an experiment to upgrade a ROS6 box to ROS7 to see what it looks like and found at least the following things: 1 - route "check" tracking doesn't seem to work? 2 - no-exports set on routes towards EBGP peers are interpreted rather than forwarded - so you can't signal to EBGP peers to no-export your routes from outside of their ASN anymore. 3 - it appears that the route policy conversion bugs out if one of the entries is disabled so you have to be prepared to fix any entries that are missing. 4 - you can no longer set the ASN of a route being advertised. (would need to update RPKI information) 5 - non-synchronous network statements are gone, so you can't easily send scrub communities via BGP anymore (because a legit route now has to exist in table). 1,2 and 3 feels like bugs, the rest I'm not sure why the functionality was removed. Anyone successfully spoken to MikroTik about what their thought process was with the changes? (I opened a ticket for 2 and it was ignored.) Thanks Tim
G'day Tim! Thanks for posting your experience with that - we really don't get enough of it IMO :-} I'd really like to see some more details on each of those (e.g. with examples) - for example, I'm not even sure what (1) even means :-} If you're willing to send some details through to support@duxtel.com I'd like to chase it up with MT, since such info is actually quite important as more and more routers are updated or upgraded to v7 - especially since all of the new CCR models are v7 only these days :-l Cheers! Mike. -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Tim Warnock via Public Sent: Friday, 17 November 2023 12:32 PM To: 'public@talk.mikrotik.com.au' <public@talk.mikrotik.com.au> Cc: Tim Warnock <timoid@timoid.org> Subject: [MT-AU Public] ROS6->ROS7 and BGP Hey Guys, I ran an experiment to upgrade a ROS6 box to ROS7 to see what it looks like and found at least the following things: 1 - route "check" tracking doesn't seem to work? 2 - no-exports set on routes towards EBGP peers are interpreted rather than forwarded - so you can't signal to EBGP peers to no-export your routes from outside of their ASN anymore. 3 - it appears that the route policy conversion bugs out if one of the entries is disabled so you have to be prepared to fix any entries that are missing. 4 - you can no longer set the ASN of a route being advertised. (would need to update RPKI information) 5 - non-synchronous network statements are gone, so you can't easily send scrub communities via BGP anymore (because a legit route now has to exist in table). 1,2 and 3 feels like bugs, the rest I'm not sure why the functionality was removed. Anyone successfully spoken to MikroTik about what their thought process was with the changes? (I opened a ticket for 2 and it was ignored.) Thanks Tim _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
5 - non-synchronous network statements are gone, so you can't easily send scrub communities via BGP anymore (because a legit route now has to exist in table) Following on from this, is very close to my biggest complaint on ROS7. We use RouterOS devices for our blackholing system (blocking nasties, unpaid suspensions, etc), and would tag the routes with communities on ROS 6.x. You cannot set a community on routes anymore. We had to have multiple local bridges, with different local IP's on them, and then use route filters to test on next-hop IP of local routes, and use those to set the blackholing communities we advertise upstream to our route reflectors (and thus on to upstreams, or just to borders for blackholing) Cheers, DG On Fri, 17 Nov 2023 at 12:33, Tim Warnock via Public < public@talk.mikrotik.com.au> wrote:
Hey Guys,
I ran an experiment to upgrade a ROS6 box to ROS7 to see what it looks like and found at least the following things:
1 - route "check" tracking doesn't seem to work? 2 - no-exports set on routes towards EBGP peers are interpreted rather than forwarded - so you can't signal to EBGP peers to no-export your routes from outside of their ASN anymore. 3 - it appears that the route policy conversion bugs out if one of the entries is disabled so you have to be prepared to fix any entries that are missing. 4 - you can no longer set the ASN of a route being advertised. (would need to update RPKI information) 5 - non-synchronous network statements are gone, so you can't easily send scrub communities via BGP anymore (because a legit route now has to exist in table).
1,2 and 3 feels like bugs, the rest I'm not sure why the functionality was removed.
Anyone successfully spoken to MikroTik about what their thought process was with the changes? (I opened a ticket for 2 and it was ignored.)
Thanks Tim
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
participants (3)
-
Damien Gardner Jnr
-
Mike Everest
-
Tim Warnock