howto/mikrotik/How-to-setup-slash-32-address-on-GRE-or-Point-to-Point-link-on-Mikrotik-RouterOS.md
... ...
@@ -0,0 +1,68 @@
1
+## RouterOS issues
2
+
3
+ * RouterOS doesn't have direct Point-to-Point addresses.
4
+ * BGP doesn't resolve next-hop route for a /32 route that uses a interface as next-hop
5
+
6
+The long explanation about how mikrotik resolves recursive routes is documentated at [Mikrotik's page](https://wiki.mikrotik.com/wiki/Manual:IP/Route#Nexthop_lookup).
7
+
8
+How can we workaround these issues? Simple. We setup a /32 on the Point-to-Point interface, we setup a direct route to our to other peer (using the interface as next-hop for this route) and use bgp filters to change the next-hop interface.
9
+
10
+## Legend
11
+
12
+ * 172.24.0.1 -> Your /32 inside tunnel address
13
+ * 172.26.2.2 -> Peer's /32 inside tunnel address.
14
+ * gre-dn42-peer -> This is the name of the interface
15
+ * 1.1.1.1 - peer external IP
16
+ * 2.2.2.2 - your external IP
17
+ * bgp-dn42-peer-in -> This is the name of the chain filter. You should use a different chain per point to point link
18
+
19
+## Setup
20
+
21
+You create the GRE interface in the same way the [Mikrotik Guide](/howto/mikrotik) does.
22
+
23
+```
24
+/interface gre
25
+add allow-fast-path=no comment="DN42 somepeer" local-address=2.2.2.2 name=gre-dn42-peer \
26
+remote-address=1.1.1.1
27
+```
28
+
29
+Next you add the /32 address on the interface. You can install this address on a loop interface (on RouterOS this means an empty bridge) if you plan to use the same address over several GRE tunnels or other OpenVPN interfaces.
30
+
31
+```
32
+/ip address add address=172.24.0.1/32 interface=gre-dn42-peer
33
+```
34
+
35
+Next, we add the direct route as next-hop using the interface
36
+
37
+```
38
+/ip route add distance=1 dst-address=172.26.2.2/32 gateway=gre-dn42-peer pref-src=172.24.0.1
39
+```
40
+
41
+At this point, the ping with the peer should work. Also, the bgp session can be established, but the routes will not work. We need a input filter to fix the next-hop routes.
42
+
43
+```
44
+/routing filter add chain=bgp-dn42-peer-in protocol=bgp set-in-nexthop-direct=gre-dn42-peer
45
+```
46
+
47
+if you have other global input chain filters, you should add a jump in the same chain, like this:
48
+```
49
+/routing filter add action=jump chain=bgp-dn42-peer-in protocol=bgp jump-target=bgp-global-dn42-input
50
+```
51
+
52
+If you haven't created the BGP session, create it now from the [Mikrotik guide](/howto/mikrotik#how-to-connect-to-dn42-using-mikrotik-routeros_bgp). Change the peer input filter to use the chain we've just created:
53
+
54
+```
55
+/routing bgp peer set bgp-dn42-somename in-filter=bgp-dn42-peer-in
56
+```
57
+
58
+With this fix, all the routes will have set next-hop the GRE interface and there will be no need to use RouterOS' recursive route resolve.
59
+
60
+Check the routes with:
61
+```
62
+/ip routes print detail where received-from=bgp-dn42-somename
63
+```
64
+
65
+There should an attribute like:
66
+```
67
+gateway=gre-dn42-peer gateway-status=gre-dn42-peer reachable
68
+```
... ...
\ No newline at end of file