In this guide we will provide detailed guide which will help to establish BGP session between FastNetMon and Mikrotik. To start configuration, please establish ssh connection with your device.
If you need IPv6 support you need to enable additional package and reboot router after that:
/system package enable ipv6
As first step, you need to create BGP instance, we use private 16 bit ASN in our tests. With 32 bit ASN you will need to follow slightly different steps:
/routing bgp instance set default as=65001 redistribute-static=no
To confirm that it was created correctly, please use this command:
/routing bgp instance print
Flags: * - default, X - disabled 0 * name="default" as=65001 router-id=0.0.0.0 redistribute-connected=no redistribute-static=no redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no out-filter="" client-to-client-reflection=yes ignore-as-path-len=no routing-table=""
As next step, we will create peer for FastNetMon which supports IPv4 and IPv6 unicast families. Please replace 192.168.1.134 by address of machine with FastNetMon:
/routing bgp peer add remote-address=192.168.1.134 remote-as=65001 address-families=ip,ipv6
Then check configuration of created peer:
/routing bgp peer print
Flags: X - disabled, E - established # INSTANCE REMOTE-ADDRESS REMOTE-AS 0 default 192.168.1.134 65001
Check peer status using this command:
/routing bgp peer print status
Flags: X - disabled, E - established 0 name="peer1" instance=default remote-address=192.168.1.134 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip,ipv6 default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no state=opensent
You need to look on “state=…” it should be “Established” for a properly configured BGP session.
As next step, we need to configure FastNetMon’s BGP session (please replace ASN number by your real ASN and replace “192.168.1.188” by IP address of Mikrotik):
sudo fcli set main gobgp enable sudo fcli set bgp connection_to_my_router sudo fcli set bgp connection_to_my_router local_asn 65001 sudo fcli set bgp connection_to_my_router remote_asn 65001 sudo fcli set bgp connection_to_my_router local_address 192.168.1.134 sudo fcli set bgp connection_to_my_router remote_address 192.168.1.188 sudo fcli set bgp connection_to_my_router ipv4_unicast enable sudo fcli set bgp connection_to_my_router active enable sudo fcli commit
After that, you can check status of session from FastNetMon:
gobgp nei 192.168.1.188 BGP neighbor is 192.168.1.188, remote AS 65001 BGP version 4, remote router ID 10.0.0.1 BGP state = ESTABLISHED, up for 00:00:22 BGP OutQ = 0, Flops = 0 Hold time is 90, keepalive interval is 30 seconds Configured hold time is 90, keepalive interval is 30 seconds Neighbor capabilities: multiprotocol: ipv4-unicast: advertised and received ipv4-flowspec: advertised route-refresh: advertised and received 4-octet-as: advertised and received Message statistics: Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 0 0 Keepalives: 1 1 Route Refresh: 0 0 Discarded: 0 0 Total: 2 2 Route statistics: Advertised: 0 Received: 0 Accepted:
BGP state should be ESTABLISHED and on lines about ipv4-unicast you will see advertised and received.
As next step, we need to check BGP status on Mikrotik again using command:
/routing bgp peer print status
Flags: X - disabled, E - established 0 E name="peer1" instance=default remote-address=192.168.1.134 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip,ipv6 default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no remote-id=192.168.1.134 local-address=192.168.1.188 uptime=3s prefix-count=0 updates-sent=0 updates-received=0 withdrawn-sent=0 withdrawn-received=0 remote-hold-time=1m30s used-hold-time=1m30s used-keepalive-time=30s refresh-capability=yes as4-capability=yes state=established
For correctly established session you will see state=established. That’s great success.
After making example blackhole announce from FastNetMon you can confirm that it was received this way:
/ip route print detail
Example output (we’ve announces 18.104.22.168/24 and 22.214.171.124/32 from FastNetMon):
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=192.168.1.254 gateway-status=192.168.1.254 reachable via ether1 distance=1 scope=30 target-scope=10 1 DC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=ether2 gateway-status=ether2 unreachable distance=255 scope=10 2 ADb dst-address=126.96.36.199/24 gateway=192.168.1.134 gateway-status=192.168.1.134 reachable via ether1 distance=200 scope=40 target-scope=30 bgp-local-pref=100 bgp-origin=incomplete bgp-communities=65001:667 received-from=peer1 3 ADb dst-address=188.8.131.52/32 gateway=192.168.1.134 gateway-status=192.168.1.134 reachable via ether1 distance=200 scope=40 target-scope=30 bgp-local-pref=100 bgp-origin=incomplete bgp-communities=65001:668 received-from=peer1 4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.188 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10