Hello, I have two mikrotik routers with the internet public networks in a VRF and bgp running happily until I tried to add a second router which also had its internet network in a VRF. BGP just sits there at connect. If I remove the VRF on one of them, it all of a sudden connects. If the BGP desintation is not inside a VRF (well I assume it is not or the other end is not mikrotik, it works fine). I emailed mikrotik support and apparently there is a known issue with connecting two bgp peers if both ends are inside a vrf. Anyone else seen this and have any work arounds? I am running MPLS on the same router so I would prefer to keep the public internet on its own VRF. Matthew Enger | Managing Director PO Box 3279, The Pines, Victoria, 3109 T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 m.enger@xi.com.au | www.xi.com.au This email message and any attachments are the property of X Integration. The contents of this email are copyright and may also be confidential and/or legally privileged. They are intended solely for the addressee and it is not intended that either confidentiality or privilege be waived or lost by mistaken delivery to you. Please notify us immediately and delete this communication if received in error. Consider the environment before printing this email.
VRF rule affecting route to the peer maybe? Cheers!
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Matthew Enger Sent: Tuesday, 21 March 2017 7:43 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] VRF & BGP
Hello,
I have two mikrotik routers with the internet public networks in a VRF and bgp running happily until I tried to add a second router which also had its internet network in a VRF.
BGP just sits there at connect.
If I remove the VRF on one of them, it all of a sudden connects. If the BGP desintation is not inside a VRF (well I assume it is not or the other end is not mikrotik, it works fine).
I emailed mikrotik support and apparently there is a known issue with connecting two bgp peers if both ends are inside a vrf.
Anyone else seen this and have any work arounds? I am running MPLS on the same router so I would prefer to keep the public internet on its own VRF.
Matthew Enger | Managing Director PO Box 3279, The Pines, Victoria, 3109 T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 m.enger@xi.com.au | www.xi.com.au
This email message and any attachments are the property of X Integration. The contents of this email are copyright and may also be confidential and/or legally privileged. They are intended solely for the addressee and it is not intended that either confidentiality or privilege be waived or lost by mistaken delivery to you. Please notify us immediately and delete this communication if received in error. Consider the environment before printing this email. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
I thought of that but I can run BGP in VRFs to other peers without issue. The peer is directly connected as well. Matthew Enger | Managing Director PO Box 3279, The Pines, Victoria, 3109 T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 m.enger@xi.com.au | www.xi.com.au This email message and any attachments are the property of X Integration. The contents of this email are copyright and may also be confidential and/or legally privileged. They are intended solely for the addressee and it is not intended that either confidentiality or privilege be waived or lost by mistaken delivery to you. Please notify us immediately and delete this communication if received in error. Consider the environment before printing this email. On 21/3/17, 9:54 am, "Mike Everest" <mike@duxtel.com> wrote: VRF rule affecting route to the peer maybe? Cheers! > -----Original Message----- > From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of > Matthew Enger > Sent: Tuesday, 21 March 2017 7:43 AM > To: MikroTik Australia Public List <public@talk.mikrotik.com.au> > Subject: [MT-AU Public] VRF & BGP > > Hello, > > I have two mikrotik routers with the internet public networks in a VRF and bgp > running happily until I tried to add a second router which also had its internet > network in a VRF. > > BGP just sits there at connect. > > If I remove the VRF on one of them, it all of a sudden connects. If the BGP > desintation is not inside a VRF (well I assume it is not or the other end is not > mikrotik, it works fine). > > I emailed mikrotik support and apparently there is a known issue with > connecting two bgp peers if both ends are inside a vrf. > > Anyone else seen this and have any work arounds? I am running MPLS on the > same router so I would prefer to keep the public internet on its own VRF. > > > > > > > > > Matthew Enger | Managing Director > PO Box 3279, The Pines, Victoria, 3109 > T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 > m.enger@xi.com.au | www.xi.com.au > > > > This email message and any attachments are the property of X Integration. > The contents of this email are copyright and may also be confidential and/or > legally privileged. They are intended solely for the addressee and it is not > intended that either confidentiality or privilege be waived or lost by mistaken > delivery to you. Please notify us immediately and delete this communication if > received in error. Consider the environment before printing this email. > _______________________________________________ > Public mailing list > Public@talk.mikrotik.com.au > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg Click here to report this message as spam: https://console.mailguard.com.au/ras/1QuHF2zS6B/1eMOCp2ORvPE9Q1Gsb5lYC/2.2
Hi Matthew, Are you using a separate BGP instance with the routing mark set in the instance, or are you using the VRF section of the BGP configuration? I have had different experiences with each one. From memory, if the BGP peer is an IP within a VRF, you need to define the routing table (VRF) to use in the BGP instance so that it can route to the peer. But it seems very odd to me that you can get it working as long as only one end is in a VRF. It may be worth doing some packet captures to see where the traffic flow is breaking, and then you may have the option of using some creative mangle rules to get it working. In particular, recent conversations on here about using connection marks to ensure traffic is dropped in the right VRF may be just what you need. Regards, Philip Loenneker | Network Engineer | TasmaNet -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Matthew Enger Sent: Tuesday, 21 March 2017 10:30 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] VRF & BGP I thought of that but I can run BGP in VRFs to other peers without issue. The peer is directly connected as well. Matthew Enger | Managing Director PO Box 3279, The Pines, Victoria, 3109 T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 m.enger@xi.com.au | www.xi.com.au This email message and any attachments are the property of X Integration. The contents of this email are copyright and may also be confidential and/or legally privileged. They are intended solely for the addressee and it is not intended that either confidentiality or privilege be waived or lost by mistaken delivery to you. Please notify us immediately and delete this communication if received in error. Consider the environment before printing this email. On 21/3/17, 9:54 am, "Mike Everest" <mike@duxtel.com> wrote: VRF rule affecting route to the peer maybe? Cheers! > -----Original Message----- > From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of > Matthew Enger > Sent: Tuesday, 21 March 2017 7:43 AM > To: MikroTik Australia Public List <public@talk.mikrotik.com.au> > Subject: [MT-AU Public] VRF & BGP > > Hello, > > I have two mikrotik routers with the internet public networks in a VRF and bgp > running happily until I tried to add a second router which also had its internet > network in a VRF. > > BGP just sits there at connect. > > If I remove the VRF on one of them, it all of a sudden connects. If the BGP > desintation is not inside a VRF (well I assume it is not or the other end is not > mikrotik, it works fine). > > I emailed mikrotik support and apparently there is a known issue with > connecting two bgp peers if both ends are inside a vrf. > > Anyone else seen this and have any work arounds? I am running MPLS on the > same router so I would prefer to keep the public internet on its own VRF. > > > > > > > > > Matthew Enger | Managing Director > PO Box 3279, The Pines, Victoria, 3109 > T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 > m.enger@xi.com.au | www.xi.com.au > > > > This email message and any attachments are the property of X Integration. > The contents of this email are copyright and may also be confidential and/or > legally privileged. They are intended solely for the addressee and it is not > intended that either confidentiality or privilege be waived or lost by mistaken > delivery to you. Please notify us immediately and delete this communication if > received in error. Consider the environment before printing this email. > _______________________________________________ > Public mailing list > Public@talk.mikrotik.com.au > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg Click here to report this message as spam: https://console.mailguard.com.au/ras/1QuHF2zS6B/1eMOCp2ORvPE9Q1Gsb5lYC/2.2 _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Matthew Enger Sent: Tuesday, 21 March 2017 10:30 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] VRF & BGP
I thought of that but I can run BGP in VRFs to other peers without issue.
The peer is directly connected as well.
Matthew Enger | Managing Director PO Box 3279, The Pines, Victoria, 3109 T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 m.enger@xi.com.au | www.xi.com.au
This email message and any attachments are the property of X Integration. The contents of this email are copyright and may also be confidential and/or legally privileged. They are intended solely for the addressee and it is not intended that either confidentiality or privilege be waived or lost by mistaken delivery to you. Please notify us immediately and delete this communication if received in error. Consider the environment before printing this email. On 21/3/17, 9:54 am, "Mike Everest" <mike@duxtel.com> wrote:
VRF rule affecting route to the peer maybe?
Cheers!
> -----Original Message----- > From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of > Matthew Enger > Sent: Tuesday, 21 March 2017 7:43 AM > To: MikroTik Australia Public List <public@talk.mikrotik.com.au> > Subject: [MT-AU Public] VRF & BGP > > Hello, > > I have two mikrotik routers with the internet public networks in a VRF and bgp > running happily until I tried to add a second router which also had its internet > network in a VRF. > > BGP just sits there at connect. > > If I remove the VRF on one of them, it all of a sudden connects. If
Sure - I was just thinking that there may be a VRF that somehow includes the BGP peer address, and preventing BGP packets routing across the connected interface... I'd have to think too hard to work out whether that is even possible, so I thought I'd just toss it out there for consideration! :-D Cheers! Mike. the
BGP > desintation is not inside a VRF (well I assume it is not or the
other end
is not > mikrotik, it works fine). > > I emailed mikrotik support and apparently there is a known issue
with
> connecting two bgp peers if both ends are inside a vrf. > > Anyone else seen this and have any work arounds? I am running MPLS
on
the > same router so I would prefer to keep the public internet on its own VRF. > > > > > > > > > Matthew Enger | Managing Director > PO Box 3279, The Pines, Victoria, 3109 > T 1300 789 299 D 03 9909 3104 M 0406 532 792 F 03 8611 7946 > m.enger@xi.com.au | www.xi.com.au > > > > This email message and any attachments are the property of X Integration. > The contents of this email are copyright and may also be confidential and/or > legally privileged. They are intended solely for the addressee and it is not > intended that either confidentiality or privilege be waived or lost by mistaken > delivery to you. Please notify us immediately and delete this communication if > received in error. Consider the environment before printing this email. > _______________________________________________ > Public mailing list > Public@talk.mikrotik.com.au > http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Message protected by MailGuard: e-mail anti-virus, anti-spam and
content
filtering.http://www.mailguard.com.au/mg Click here to report this message as spam:
https://console.mailguard.com.au/ras/1QuHF2zS6B/1eMOCp2ORvPE9Q1Gsb 5lYC/2.2
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (3)
-
Matthew Enger
-
Mike Everest
-
Philip Loenneker