31.05.2020

Mikrotik BGP configuration

In this guide we will provide detailed guide which will help to establish BGP session between FastNetMon and Mikrotik. To start configuration, please establish ssh connection with your device.

If you need IPv6 support you need to enable additional package and reboot router after that:

/system package enable ipv6

As first step, you need to create BGP instance, we use private 16 bit ASN in our tests. With 32 bit ASN you will need to follow slightly different steps:

/routing bgp instance set default as=65001 redistribute-static=no

To confirm that it was created correctly, please use this command:

/routing bgp instance print

Example output:

Flags: * - default, X - disabled 
 0 *  name="default" as=65001 router-id=0.0.0.0 redistribute-connected=no redistribute-static=no redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no 
      out-filter="" client-to-client-reflection=yes ignore-as-path-len=no routing-table="" 

As next step, we will create peer for FastNetMon which supports IPv4 and IPv6 unicast families. Please replace 192.168.1.134 by address of machine with FastNetMon:

/routing bgp peer add remote-address=192.168.1.134 remote-as=65001 address-families=ip,ipv6

Then check configuration of created peer:

/routing bgp peer print

Example output:

Flags: X - disabled, E - established
 #   INSTANCE    REMOTE-ADDRESS       REMOTE-AS  
 0   default     192.168.1.134        65001     

Check peer status using this command:

/routing bgp peer print status

Example output:

Flags: X - disabled, E - established 
 0   name="peer1" instance=default remote-address=192.168.1.134 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m 
     ttl=255 in-filter="" out-filter="" address-families=ip,ipv6 default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no state=opensent

You need to look on “state=…” it should be “Established” for a properly configured BGP session.

As next step, we need to configure FastNetMon’s BGP session (please replace ASN number by your real ASN and replace “192.168.1.188” by IP address of Mikrotik):

sudo fcli set main gobgp enable
sudo fcli set bgp connection_to_my_router
sudo fcli set bgp connection_to_my_router local_asn 65001
sudo fcli set bgp connection_to_my_router remote_asn 65001
sudo fcli set bgp connection_to_my_router local_address 192.168.1.134
sudo fcli set bgp connection_to_my_router remote_address 192.168.1.188
sudo fcli set bgp connection_to_my_router ipv4_unicast enable
sudo fcli set bgp connection_to_my_router active enable
sudo fcli commit

After that, you can check status of session from FastNetMon:

gobgp nei 192.168.1.188
BGP neighbor is 192.168.1.188, remote AS 65001
  BGP version 4, remote router ID 10.0.0.1
  BGP state = ESTABLISHED, up for 00:00:22
  BGP OutQ = 0, Flops = 0
  Hold time is 90, keepalive interval is 30 seconds
  Configured hold time is 90, keepalive interval is 30 seconds
 
  Neighbor capabilities:
    multiprotocol:
        ipv4-unicast:    advertised and received
        ipv4-flowspec:    advertised
    route-refresh:    advertised and received
    4-octet-as:    advertised and received
  Message statistics:
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                0          0
    Keepalives:             1          1
    Route Refresh:          0          0
    Discarded:              0          0
    Total:                  2          2
  Route statistics:
    Advertised:             0
    Received:               0
    Accepted:               

BGP state should be ESTABLISHED and on lines about ipv4-unicast you will see advertised and received.

As next step, we need to check BGP status on Mikrotik again using command:

/routing bgp peer print status

Example output:

Flags: X - disabled, E - established 
 0 E name="peer1" instance=default remote-address=192.168.1.134 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m 
     ttl=255 in-filter="" out-filter="" address-families=ip,ipv6 default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no 
     remote-id=192.168.1.134 local-address=192.168.1.188 uptime=3s prefix-count=0 updates-sent=0 updates-received=0 withdrawn-sent=0 withdrawn-received=0 
     remote-hold-time=1m30s used-hold-time=1m30s used-keepalive-time=30s refresh-capability=yes as4-capability=yes state=established 

For correctly established session you will see state=established. That’s great success.

After making example blackhole announce from FastNetMon you can confirm that it was received this way:

/ip route print detail

Example output (we’ve announces 11.22.33.0/24 and 11.22.33.44/32 from FastNetMon):

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 0 A S  dst-address=0.0.0.0/0 gateway=192.168.1.254 gateway-status=192.168.1.254 reachable via  ether1 distance=1 scope=30 target-scope=10

 1  DC  dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=ether2 gateway-status=ether2 unreachable distance=255 scope=10

 2 ADb  dst-address=11.22.33.0/24 gateway=192.168.1.134 gateway-status=192.168.1.134 reachable via  ether1 distance=200 scope=40 target-scope=30 bgp-local-pref=100 bgp-origin=incomplete bgp-communities=65001:667 received-from=peer1

 3 ADb  dst-address=11.22.33.44/32 gateway=192.168.1.134 gateway-status=192.168.1.134 reachable via  ether1 distance=200 scope=40 target-scope=30 bgp-local-pref=100 bgp-origin=incomplete bgp-communities=65001:668 received-from=peer1

 4 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.188 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10