Hello again! Emmanuel Corels here from Emmanuel Corels Creatives. You’ve gotten a taste of dynamic routing with OSPF in the last article, so now it’s time to look at something even bigger: BGP (Border Gateway Protocol). This protocol is the backbone of the internet—literally used by ISPs, data centers, and large enterprises to exchange routing information across autonomous systems. If you’re connecting multiple networks or peering with an ISP, BGP is your new best friend.
Why BGP?
BGP is about telling the world—or at least your partners and peers—how to reach your networks, and learning how to reach theirs. It’s path-vector based, with many policy controls. With BGP, you get:
- Scalability: Can handle massive, internet-scale routing tables.
- Policy-based Control: Choose which prefixes to advertise or accept, control path preferences, and apply traffic engineering.
- Autonomous System Isolation: Each network is an AS (autonomous system), with its own routing decisions.
If you ever plan to get your own IP ranges (Provider Independent addresses) and an AS number from a Regional Internet Registry (like ARIN, RIPE, AFRINIC, etc.), you’ll need BGP to announce them.
Key BGP Concepts
-
Autonomous System (AS)
A network or group of networks under a single administrative domain. Identified by an AS number (e.g., 64512 for private, or a registered public AS like 12345). -
eBGP vs. iBGP
- eBGP (External BGP): Peering between different ASes (e.g., you and your ISP).
- iBGP (Internal BGP): Peering within the same AS (if you have multiple BGP routers inside your network).
-
Neighbor or Peer
Another BGP router you form a relationship with. You specify each other’s IP addresses and talk via TCP port 179. -
Advertisements (Prefixes)
The IP blocks you share with your neighbors. BGP carries these routes, and each router decides the best path based on attributes like AS-PATH, LOCAL_PREF, or MED. -
Routing Policies
You can filter which routes to accept or which you advertise, and manipulate BGP attributes to influence path selection.
Getting Started: Basic BGP on MikroTik
In RouterOS (especially v7), you’ll find Routing → BGP in WinBox, or you can do it via CLI. Let’s assume a simple scenario: you have your own AS (65001) and want to peer with your ISP’s AS (65000) on IP addresses 1.2.3.1 (your side) and 1.2.3.2 (ISP side).
Set Your Router ID
It’s good practice to set your router ID under Routing → BGP → Instances in WinBox, or:
/routing bgp instance set default router-id=10.10.10.1 as=65001
This means the default BGP instance uses AS 65001, and the router ID is 10.10.10.1. (You might also see a separate setting for RouterOS “Routing ID” if you’re mixing multiple protocols.)
Add a Peer
In the Peers section:
- Name:
ISP_peer. - Remote Address:
1.2.3.2. - Remote AS:
65000. - Listen: Yes, if you want the router to accept inbound sessions.
- Update Source: If you want to specify the outgoing interface or IP for the BGP session (e.g., your WAN IP).
CLI example:
/routing bgp connection add name=ISP_peer remote.address=1.2.3.2 remote.as=65000 local.address=1.2.3.1
In older RouterOS or different naming, it might be:
/routing bgp peer add name=ISP_peer remote-address=1.2.3.2 remote-as=65000 update-source=1.2.3.1
Advertising Your Networks
If you want to announce, say, 10.50.0.0/24 to the ISP, add a route filter or in newer RouterOS:
/routing bgp network add network=10.50.0.0/24
Or set up an Output Filter allowing that prefix to be advertised. Some folks prefer to do “Redistribute Connected” or “Redistribute Static,” but the more controlled approach is to explicitly list the networks you want to advertise or create a filter.
iBGP vs. eBGP
If you have multiple routers in your own AS, you might form iBGP sessions among them to share external routes internally. A few pointers:
- Full Mesh: iBGP requires a full mesh among routers in the same AS, or you use Route Reflectors to break that mesh requirement.
- No AS-PATH Prepend: iBGP doesn’t add your AS again to the path. The path only changes when it exits or enters a different AS.
- Local Preference: Typically used in iBGP to decide which exit router to use for outbound traffic if you have multiple eBGP gateways.
Monitoring and Validation
After configuring BGP, see if the session is “established”:
- WinBox: Routing → BGP → Connections or Peers, look for a state like “established.”
- CLI:
or/routing bgp connection print
depending on the RouterOS version./routing bgp peer print
Check if you’re receiving or sending prefixes:
/ip route print where bgp
You should see routes labeled with “Db” or “Bgp” in the flags. For the ones you’re advertising, confirm with your ISP (or the remote router) that they see your prefixes.
BGP Attributes and Traffic Engineering
BGP isn’t just about sharing routes—policy is huge. You can manipulate attributes to steer traffic:
- AS-PATH Prepending: Make a path look longer so it’s less preferred by external networks.
- LOCAL_PREF: A higher LOCAL_PREF is more preferred for outbound traffic in your AS.
- MED (Multi-Exit Discriminator): Suggest a preferred entry path for inbound traffic to your AS (though many ISPs ignore it).
- Communities: Tag routes with certain labels (communities) to group them, making it easier to filter or apply consistent policies.
In MikroTik, you use Routing Filters (v7 has a new syntax vs. v6). For instance, to prepend your AS twice when advertising a specific prefix:
/routing filter rule add chain=bgp-out prefix=10.50.0.0/24 set-bgp-prepend=2
Then assign bgp-out to your BGP connection’s output filter.
Common Pitfalls
- Missing Next Hop: If your routes show up but traffic can’t flow, check that the next hop is reachable. BGP can advertise routes with a next hop that your router can’t actually reach.
- Wrong or Missing Filters: If you’re trying to advertise a prefix but forgot to add it to the BGP network or filters, it won’t show up on the remote side.
- AS Number Mistakes: eBGP only forms if the remote AS doesn’t match your local one. iBGP only forms if it does match. Simple, but easy to mess up.
- RouterOS Version Differences: BGP underwent big changes from v6 to v7. Keep an eye on documentation for your version.
Practical Use Cases
- Multi-homed ISP Connection
You have your own public IP range and AS, connecting to two different ISPs. BGP chooses the best path, and you can apply policies to balance or fail over. - Data Center Peering
If you co-locate servers in a data center, you may peer with the facility’s router. You’ll advertise your subnets, they’ll advertise default or partial routes to you. - Branch Offices with Multiple Paths
If each branch has an AS or a common iBGP scenario across the WAN, BGP can help with dynamic routing between them.
Next Steps
- Route Reflectors: If you have many iBGP routers, look into setting up a route reflector to avoid full mesh overhead.
- Communities: Learn how to use standard or extended communities for advanced routing policy.
- Monitoring: Tools like BGP Looking Glass or your ISP’s route servers can confirm your prefixes are visible globally.
- Security: Implement filters to avoid accepting bogus routes from neighbors. BGP attacks are real. You might also consider MD5 authentication.
Final Thoughts on BGP
BGP might feel more complex than OSPF because it’s not just about reachability—it’s about policy and control at large scale. But once you get your head around the basics—peers, local/remote AS, route filtering, and path selection—you’ll appreciate the power it gives you to manage traffic flows and route announcements. Whether you’re running a small multi-homed setup or a major ISP network, BGP is the key to speaking the internet’s routing language.
As always, if you find yourself tangled in route filters or can’t figure out why a prefix isn’t showing up, don’t hesitate to ask for help. The MikroTik community and BGP wizards out there are happy to guide you. Go forth and conquer those global routes!
Explained in detail by
Emmanuel Corels – Admin, Emmanuel Corels Creatives
