Setting up BGP
on a MikroTik is much much much easier than getting
IPIP mesh to run on anything!
I see an opportunity here to learn BGP. I'm for
this idea.
I posted an example configuration above. Of course this is not the same
as "learn BGP", but
I think many users of the current IPIP mesh also did not "learn IPIP"
and "learn RIP" but only
copied an example configuration and fiddled with it until it worked.
Of course when you want to setup a regional VPN server you need some
configuration for that
as well, but when such a system would be deployed of course examples for
that can be
given as well.
BGP for such a small closed network is not that complicated. Basically
every system maintains
a TCP connection (port 179) with all its peers, and it sends the
networks that it can route.
It receives the same information from the other side, and fills the
route table. The active
route is selected on a couple of criteria, where the least number of
hops is usually preferred.
It is possible to send tags along each route (called bgp-communities)
that can be used to
prefer certain routes over others, e.g. to prefer routes over radio when
both a radio and a
VPN path exist.
There are some issues with BGP, e.g. the total lack of security in the
protocol. Anyone can claim
that they have a subnet and all the others will happily route all
traffic for that subnet to them.
The routing filters are an attempt to work around the most severe
problems, but as can be seen
on the internet (which also uses BGP) it is difficult to make it
completely failsafe.
Also, in our world it is a bit of a nuisance that there is no way to
incorporate some form of
dynamically determined link quality in the routing decision. Links are
either up or down. But for
this proposed use (replacement of the IPIP mesh) that is not a problem,
it mainly affects the
use of BGP on the radio links in our network.
Rob
