Hello Folks.
I have a very simple VyOS configuration where I announce 3 /22 subnets over BGP. I don’t have any problems with announcements to my direct upstreams. It works without problems and VyOS is very fast.
I have 2 Mikrotik routers on 2 different IXPs. These are working well and no problems there either.
My problem is when I connect my VyOS to those 2 Mikrotik routers.
VyOS learn the routes from the Mikrotiks but then, it doesn’t forward traffic to those.
What I have done:
Make a GRE session to the Mikrotik on IXP 1.
Make a GRE session to the Mikrotik on IXP 2.
Ping both GRE internal IPs: OK.
Make the BGP Configuration for both Mikrotiks (IPv4 and IPv6).
Check the learned routes: Routes received with the next-hop the ip address of the Mikrotiks.
Ping any IP of routes learned (example of one ip is the Cloudflare DNS address 1.1.1.1): FAIL
Note 1: If replace the VyOS with a Mikrotik or a Cisco router and copy the configuration, it works like a charm.
Note 2: I basically copy the config from one of my upstreams and changed the IPs, ASN and take out the subnet limitations.
Note 3: I have set a higher local-pref for the routes learned from the IXPs so these be prefered instead of the upstreams.
So… is there any config that differs from iBGP to eBGP?
Generally speaking other than verifying if route reflector setting is enabled or not (depending on your need) the difference between iBGP and eBGP is often automatic.
As in if the ASN is equal between your box and the peer its considered iBGP but if its different its considered eBGP.
Would also be handy if you bring output of “show config commands | strip-private” along with the working config of Mikrotik and Cisco you say works if you replace that VyOS with a Mikrotik or Cisco box instead.
$ show config commands | strip-private
set interfaces loopback lo address 'xxx.xxx.0.1/32'
set interfaces loopback lo address 'xxx.xxx.0.1/32'
set interfaces loopback lo address '::1/128'
set interfaces tunnel tun0 address 'xxx.xxx.10.1/30'
set interfaces tunnel tun0 description 'GigaPix IPv4 Master Tunnel'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 remote 'xxx.xxx.90.15'
set interfaces tunnel tun0 source-address 'xxx.xxx.188.74'
set interfaces tunnel tun0 source-interface 'eth0.10'
set interfaces tunnel tun1 address 'xxx.xxx.11.1/30'
set interfaces tunnel tun1 description 'GigaPix IPv4 Backup Tunnel'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 remote 'xxx.xxx.117.13'
set interfaces tunnel tun1 source-address 'xxx.xxx.188.82'
set interfaces tunnel tun1 source-interface 'eth0.10'
set interfaces tunnel tun2 address 'xxx.xxx.20.1/30'
set interfaces tunnel tun2 address 'fd00::20:1/126'
set interfaces tunnel tun2 description 'DE-CIX Master Tunnel'
set interfaces tunnel tun2 encapsulation 'gre'
set interfaces tunnel tun2 remote 'xxx.xxx.60.42'
set interfaces tunnel tun2 source-address 'xxx.xxx.188.74'
set interfaces tunnel tun2 source-interface 'eth0.10'
set interfaces tunnel tun3 address 'xxx.xxx.21.1/30'
set interfaces tunnel tun3 address 'fd00::21:1/126'
set interfaces tunnel tun3 description 'DE-CIX Backup Tunnel'
set interfaces tunnel tun3 encapsulation 'gre'
set interfaces tunnel tun3 remote 'xxx.xxx.60.50'
set interfaces tunnel tun3 source-address 'xxx.xxx.188.82'
set interfaces tunnel tun3 source-interface 'eth0.10'
set interfaces tunnel tun4 address 'fd00::10:1/126'
set interfaces tunnel tun4 address 'fd00::11:1/126'
set interfaces tunnel tun4 description 'GigaPix IPv6 Master Tunnel'
set interfaces tunnel tun4 encapsulation 'ip6gre'
set interfaces tunnel tun4 mtu '1400'
set interfaces tunnel tun4 remote 'xxxx:xxxx:0:12::2'
set interfaces tunnel tun4 source-address 'xxxx:xxxx:cccc::122'
set interfaces tunnel tun4 source-interface 'eth0.10'
set interfaces tunnel tun5 address 'fd00::11:1/126'
set interfaces tunnel tun5 description 'GigaPix IPv6 Backup Tunnel'
set interfaces tunnel tun5 encapsulation 'ip6gre'
set interfaces tunnel tun5 mtu '1400'
set interfaces tunnel tun5 remote 'xxxx:xxxx:0:12::2'
set interfaces tunnel tun5 source-address 'xxxx:xxxx:cccc::142'
set interfaces tunnel tun5 source-interface 'eth0.10'
set nat destination rule 99 description 'Allow AntiSPAM'
set nat destination rule 99 destination address 'xxx.xxx.0.0/0'
set nat destination rule 99 destination port '25'
set nat destination rule 99 exclude
set nat destination rule 99 inbound-interface 'eth0.1000'
set nat destination rule 99 protocol 'tcp'
set nat destination rule 99 source address 'xxx.xxx.128.233'
set nat destination rule 100 description 'Forward port 25 to AntiSPAM'
set nat destination rule 100 destination address 'xxx.xxx.0.0/0'
set nat destination rule 100 destination port '25'
set nat destination rule 100 inbound-interface 'eth0.1000'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 translation address 'xxx.xxx.128.233'
set nat destination rule 100 translation port '26'
set nat source rule 200 outbound-interface 'eth0.10'
set nat source rule 200 source address 'xxx.xxx.1.0/24'
set nat source rule 200 translation address 'masquerade'
set policy prefix-list IXs description 'Prefixes from IXs'
set policy prefix-list IXs rule 10 action 'permit'
set policy prefix-list IXs rule 10 prefix 'xxx.xxx.0.0/0'
set policy prefix-list XERVERS description 'XERVERS Subnets'
set policy prefix-list XERVERS rule 10 action 'permit'
set policy prefix-list XERVERS rule 10 prefix 'xxx.xxx.96.0/22'
set policy prefix-list XERVERS rule 20 action 'permit'
set policy prefix-list XERVERS rule 20 prefix 'xxx.xxx.96.0/24'
set policy prefix-list XERVERS rule 30 action 'permit'
set policy prefix-list XERVERS rule 30 prefix 'xxx.xxx.97.0/24'
set policy prefix-list XERVERS rule 60 action 'permit'
set policy prefix-list XERVERS rule 60 prefix 'xxx.xxx.128.0/22'
set policy prefix-list XERVERS rule 70 action 'permit'
set policy prefix-list XERVERS rule 70 prefix 'xxx.xxx.128.0/24'
set policy prefix-list XERVERS rule 80 action 'permit'
set policy prefix-list XERVERS rule 80 prefix 'xxx.xxx.129.0/24'
set policy prefix-list XERVERS rule 90 action 'permit'
set policy prefix-list XERVERS rule 90 prefix 'xxx.xxx.130.0/24'
set policy prefix-list XERVERS rule 100 action 'permit'
set policy prefix-list XERVERS rule 100 prefix 'xxx.xxx.131.0/24'
set policy prefix-list XERVERS rule 110 action 'permit'
set policy prefix-list XERVERS rule 110 prefix 'xxx.xxx.252.0/24'
set policy prefix-list XERVERS rule 120 action 'permit'
set policy prefix-list XERVERS rule 120 prefix 'xxx.xxx.177.0/24'
set policy prefix-list XERVERS rule 130 action 'permit'
set policy prefix-list XERVERS rule 130 prefix 'xxx.xxx.178.0/24'
set policy prefix-list6 XERVERS description 'XERVERS Subnets'
set policy prefix-list6 XERVERS rule 10 action 'permit'
set policy prefix-list6 XERVERS rule 10 prefix 'xxxx:xxxx::/29'
set policy prefix-list6 XERVERS rule 20 action 'permit'
set policy prefix-list6 XERVERS rule 20 prefix 'xxxx:xxxx::/29'
set policy route-map AS47787-Backup-IN description 'Annoucements from AS47787 Ba ckup'
set policy route-map AS47787-Backup-IN rule 10 action 'deny'
set policy route-map AS47787-Backup-IN rule 10 match ip address prefix-list 'XER VERS'
set policy route-map AS47787-Backup-IN rule 20 action 'permit'
set policy route-map AS47787-Backup-IN rule 20 set ip-next-hop 'xxx.xxx.188.73'
set policy route-map AS47787-Backup-IN rule 30 action 'deny'
set policy route-map AS47787-Backup-IN rule 30 match ipv6 address prefix-list 'X ERVERS'
set policy route-map AS47787-Backup-IN rule 40 action 'permit'
set policy route-map AS47787-Backup-IN rule 40 set ipv6-next-hop global 'xxxx:xx xx:cccc::121'
set policy route-map AS47787-Backup-IN rule 50 action 'permit'
set policy route-map AS47787-Backup-IN rule 50 set local-preference '90'
set policy route-map AS47787-Backup-OUT description 'Annoucements to AS47787 Bac kup'
set policy route-map AS47787-Backup-OUT rule 10 action 'permit'
set policy route-map AS47787-Backup-OUT rule 10 match ip address prefix-list 'XE RVERS'
set policy route-map AS47787-Backup-OUT rule 20 action 'permit'
set policy route-map AS47787-Backup-OUT rule 20 match ipv6 address prefix-list ' XERVERS'
set policy route-map AS47787-IN description 'Annoucements from AS47787'
set policy route-map AS47787-IN rule 10 action 'deny'
set policy route-map AS47787-IN rule 10 match ip address prefix-list 'XERVERS'
set policy route-map AS47787-IN rule 20 action 'permit'
set policy route-map AS47787-IN rule 20 set ip-next-hop 'xxx.xxx.188.73'
set policy route-map AS47787-IN rule 30 action 'deny'
set policy route-map AS47787-IN rule 30 match ipv6 address prefix-list 'XERVERS'
set policy route-map AS47787-IN rule 40 action 'permit'
set policy route-map AS47787-IN rule 40 set ipv6-next-hop global 'xxxx:xxxx:cccc ::121'
set policy route-map AS47787-IN rule 50 action 'permit'
set policy route-map AS47787-IN rule 50 set local-preference '100'
set policy route-map AS47787-OUT description 'Annoucements to AS47787'
set policy route-map AS47787-OUT rule 10 action 'permit'
set policy route-map AS47787-OUT rule 10 match ip address prefix-list 'XERVERS'
set policy route-map AS47787-OUT rule 20 action 'permit'
set policy route-map AS47787-OUT rule 20 match ipv6 address prefix-list 'XERVERS '
set policy route-map DECIX-In description 'Inbound routes from DE-CIX'
set policy route-map DECIX-In rule 10 action 'deny'
set policy route-map DECIX-In rule 10 match ip address prefix-list 'XERVERS'
set policy route-map DECIX-In rule 11 action 'deny'
set policy route-map DECIX-In rule 11 match ipv6 address prefix-list 'XERVERS'
set policy route-map DECIX-In rule 20 action 'permit'
set policy route-map DECIX-In rule 20 match ip address prefix-list 'IXs'
set policy route-map DECIX-In rule 30 action 'permit'
set policy route-map DECIX-In rule 30 set local-preference '110'
set policy route-map DECIX-Out description 'Outbound routes to DE-CIX'
set policy route-map DECIX-Out rule 10 action 'permit'
set policy route-map DECIX-Out rule 10 match ip address prefix-list 'XERVERS'
set policy route-map DECIX-Out rule 11 action 'permit'
set policy route-map DECIX-Out rule 11 match ipv6 address prefix-list 'XERVERS'
set policy route-map GigaPix-In description 'Inbound routes from GigaPix'
set policy route-map GigaPix-In rule 10 action 'deny'
set policy route-map GigaPix-In rule 10 match ip address prefix-list 'XERVERS'
set policy route-map GigaPix-In rule 11 action 'deny'
set policy route-map GigaPix-In rule 11 match ipv6 address prefix-list 'XERVERS'
set policy route-map GigaPix-In rule 20 action 'permit'
set policy route-map GigaPix-In rule 20 match ip address prefix-list 'IXs'
set policy route-map GigaPix-In rule 30 action 'permit'
set policy route-map GigaPix-In rule 30 set local-preference '110'
set policy route-map GigaPix-Out description 'Outbound routes to GigaPix'
set policy route-map GigaPix-Out rule 10 action 'permit'
set policy route-map GigaPix-Out rule 10 match ip address prefix-list 'XERVERS'
set policy route-map GigaPix-Out rule 11 action 'permit'
set policy route-map GigaPix-Out rule 11 match ipv6 address prefix-list 'XERVERS '
set protocols bgp address-family ipv4-unicast network xxx.xxx.96.0/22
set protocols bgp address-family ipv4-unicast network xxx.xxx.96.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.97.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.128.0/22
set protocols bgp address-family ipv4-unicast network xxx.xxx.128.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.129.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.130.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.131.0/24
set protocols bgp address-family ipv6-unicast network xxxx:xxxx::/29
set protocols bgp address-family ipv6-unicast network xxxx:xxxx::/29
set protocols bgp neighbor xxx.xxx.10.2 address-family ipv4-unicast nexthop-self force
set protocols bgp neighbor xxx.xxx.10.2 address-family ipv4-unicast route-map ex port 'GigaPix-Out'
set protocols bgp neighbor xxx.xxx.10.2 address-family ipv4-unicast route-map im port 'GigaPix-In'
set protocols bgp neighbor xxx.xxx.10.2 address-family ipv4-unicast soft-reconfi guration inbound
set protocols bgp neighbor xxx.xxx.10.2 description 'GigaPix Master IPv4'
set protocols bgp neighbor xxx.xxx.10.2 remote-as '206316'
set protocols bgp neighbor xxx.xxx.10.2 update-source 'tun0'
set protocols bgp neighbor xxx.xxx.11.2 address-family ipv4-unicast nexthop-self force
set protocols bgp neighbor xxx.xxx.11.2 address-family ipv4-unicast route-map ex port 'GigaPix-Out'
set protocols bgp neighbor xxx.xxx.11.2 address-family ipv4-unicast route-map im port 'GigaPix-In'
set protocols bgp neighbor xxx.xxx.11.2 address-family ipv4-unicast soft-reconfi guration inbound
set protocols bgp neighbor xxx.xxx.11.2 description 'GigaPix Backup IPv4'
set protocols bgp neighbor xxx.xxx.11.2 remote-as '206316'
set protocols bgp neighbor xxx.xxx.11.2 update-source 'tun1'
set protocols bgp neighbor xxx.xxx.20.2 address-family ipv4-unicast nexthop-self force
set protocols bgp neighbor xxx.xxx.20.2 address-family ipv4-unicast route-map ex port 'DECIX-Out'
set protocols bgp neighbor xxx.xxx.20.2 address-family ipv4-unicast route-map im port 'DECIX-In'
set protocols bgp neighbor xxx.xxx.20.2 address-family ipv4-unicast soft-reconfi guration inbound
set protocols bgp neighbor xxx.xxx.20.2 description 'DECIX Master IPv4'
set protocols bgp neighbor xxx.xxx.20.2 remote-as '206316'
set protocols bgp neighbor xxx.xxx.20.2 update-source 'tun2'
set protocols bgp neighbor xxx.xxx.21.2 address-family ipv4-unicast nexthop-self force
set protocols bgp neighbor xxx.xxx.21.2 address-family ipv4-unicast route-map ex port 'DECIX-Out'
set protocols bgp neighbor xxx.xxx.21.2 address-family ipv4-unicast route-map im port 'DECIX-In'
set protocols bgp neighbor xxx.xxx.21.2 address-family ipv4-unicast soft-reconfi guration inbound
set protocols bgp neighbor xxx.xxx.21.2 description 'DECIX Backup IPv4'
set protocols bgp neighbor xxx.xxx.21.2 remote-as '206316'
set protocols bgp neighbor xxx.xxx.21.2 update-source 'tun3'
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv4-unicast nexthop-se lf force
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv4-unicast remove-pri vate-as
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv4-unicast route-map export 'AS47787-OUT'
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv4-unicast route-map import 'AS47787-IN'
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv4-unicast soft-recon figuration inbound
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv6-unicast nexthop-se lf
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv6-unicast route-map export 'AS47787-OUT'
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv6-unicast route-map import 'AS47787-IN'
set protocols bgp neighbor xxx.xxx.188.73 address-family ipv6-unicast soft-recon figuration inbound
set protocols bgp neighbor xxx.xxx.188.73 capability dynamic
set protocols bgp neighbor xxx.xxx.188.73 description 'EDGOO IPv4'
set protocols bgp neighbor xxx.xxx.188.73 remote-as '47787'
set protocols bgp neighbor xxx.xxx.188.73 update-source 'eth0.10'
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv4-unicast nexthop-se lf force
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv4-unicast remove-pri vate-as
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv4-unicast route-map export 'AS47787-Backup-OUT'
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv4-unicast route-map import 'AS47787-Backup-IN'
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv4-unicast soft-recon figuration inbound
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv6-unicast route-map export 'AS47787-Backup-OUT'
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv6-unicast route-map import 'AS47787-Backup-IN'
set protocols bgp neighbor xxx.xxx.188.81 address-family ipv6-unicast soft-recon figuration inbound
set protocols bgp neighbor xxx.xxx.188.81 capability dynamic
set protocols bgp neighbor xxx.xxx.188.81 description 'EDGOO IPv4'
set protocols bgp neighbor xxx.xxx.188.81 remote-as '47787'
set protocols bgp neighbor xxx.xxx.188.81 update-source 'eth0.10'
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv4-unicast route -map export 'AS47787-OUT'
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv4-unicast route -map import 'AS47787-IN'
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv4-unicast soft- reconfiguration inbound
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv6-unicast nexth op-self force
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv6-unicast remov e-private-as
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv6-unicast route -map export 'AS47787-OUT'
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv6-unicast route -map import 'AS47787-IN'
set protocols bgp neighbor xxxx:xxxx:cccc::121 address-family ipv6-unicast soft- reconfiguration inbound
set protocols bgp neighbor xxxx:xxxx:cccc::121 capability dynamic
set protocols bgp neighbor xxxx:xxxx:cccc::121 description 'EDGOO IPv6'
set protocols bgp neighbor xxxx:xxxx:cccc::121 remote-as '47787'
set protocols bgp neighbor xxxx:xxxx:cccc::121 update-source 'eth0.10'
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv4-unicast route -map export 'AS47787-Backup-OUT'
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv4-unicast route -map import 'AS47787-Backup-IN'
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv4-unicast soft- reconfiguration inbound
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv6-unicast nexth op-self force
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv6-unicast remov e-private-as
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv6-unicast route -map export 'AS47787-Backup-OUT'
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv6-unicast route -map import 'AS47787-Backup-IN'
set protocols bgp neighbor xxxx:xxxx:cccc::141 address-family ipv6-unicast soft- reconfiguration inbound
set protocols bgp neighbor xxxx:xxxx:cccc::141 capability dynamic
set protocols bgp neighbor xxxx:xxxx:cccc::141 description 'EDGOO IPv6'
set protocols bgp neighbor xxxx:xxxx:cccc::141 remote-as '47787'
set protocols bgp neighbor xxxx:xxxx:cccc::141 update-source 'eth0.10'
set protocols bgp neighbor fd00::10:2 address-family ipv6-unicast nexthop-self f orce
set protocols bgp neighbor fd00::10:2 address-family ipv6-unicast route-map expo rt 'GigaPix-Out'
set protocols bgp neighbor fd00::10:2 address-family ipv6-unicast route-map impo rt 'GigaPix-In'
set protocols bgp neighbor fd00::10:2 address-family ipv6-unicast soft-reconfigu ration inbound
set protocols bgp neighbor fd00::10:2 description 'GigaPix Master IPv6'
set protocols bgp neighbor fd00::10:2 remote-as '206316'
set protocols bgp neighbor fd00::10:2 update-source 'tun4'
set protocols bgp neighbor fd00::11:2 address-family ipv6-unicast nexthop-self f orce
set protocols bgp neighbor fd00::11:2 address-family ipv6-unicast route-map expo rt 'GigaPix-Out'
set protocols bgp neighbor fd00::11:2 address-family ipv6-unicast route-map impo rt 'GigaPix-In'
set protocols bgp neighbor fd00::11:2 address-family ipv6-unicast soft-reconfigu ration inbound
set protocols bgp neighbor fd00::11:2 description 'GigaPix Backup IPv6'
set protocols bgp neighbor fd00::11:2 remote-as '206316'
set protocols bgp neighbor fd00::11:2 update-source 'tun5'
set protocols bgp neighbor fd00::20:2 address-family ipv6-unicast nexthop-self f orce
set protocols bgp neighbor fd00::20:2 address-family ipv6-unicast route-map expo rt 'DECIX-Out'
set protocols bgp neighbor fd00::20:2 address-family ipv6-unicast route-map impo rt 'DECIX-In'
set protocols bgp neighbor fd00::20:2 address-family ipv6-unicast soft-reconfigu ration inbound
set protocols bgp neighbor fd00::20:2 description 'DECIX Master IPv6'
set protocols bgp neighbor fd00::20:2 remote-as '206316'
set protocols bgp neighbor fd00::20:2 update-source 'tun2'
set protocols bgp neighbor fd00::21:2 address-family ipv6-unicast nexthop-self f orce
set protocols bgp neighbor fd00::21:2 address-family ipv6-unicast route-map expo rt 'DECIX-Out'
set protocols bgp neighbor fd00::21:2 address-family ipv6-unicast route-map impo rt 'DECIX-In'
set protocols bgp neighbor fd00::21:2 address-family ipv6-unicast soft-reconfigu ration inbound
set protocols bgp neighbor fd00::21:2 description 'DECIX Backup IPv6'
set protocols bgp neighbor fd00::21:2 remote-as '206316'
set protocols bgp neighbor fd00::21:2 update-source 'tun3'
set protocols bgp parameters router-id 'xxx.xxx.0.1'
set protocols bgp system-as '206316'
set protocols static route xxx.xxx.128.0/27 description 'Service 1522'
set protocols static route xxx.xxx.128.0/27 interface eth0.1000
I don’t have route reflection enable anywhere.
I’ve spend all night testing situations and here’s what I found:
If on MK1 and MK2 I set the option “nexthop-choice: force-self”, I get the routes correctly on VyOS (with the nexthop the IPs of MK1 and MK2) but I can’t ping any of the learned routes and the traceroute dies after the MK1 and MK2.
If I disable the option “nexthop-choice: force-self”, VyOS get the routes with the nexthop the IPs of the peers on each IXP. I can ping the routes. But when I perform a traceroute, the trace goes out my upstreams but the 2nd hop is the routers on the IXP.
I am kinda lost here… The behaviors don’t make any sense…
As a starter I would probably take backup of all config and then redo stuff from scratch only selecting one peer.
To begin with why are you using the GRE tunnels and are they really needed?
Are they towards upstream or between MK and VyOS?
The tunnels are set for MTU 1400 bytes but that doesnt necessary mean that the BGP process will catch that.
Do there exist some MTU or “adjust-to-mss” setting for the BGP process itself at MIk or VyOS?
When peering is configured - no need for password?
Depending on implementation sometimes you need a route-map even if its empty with just “any accept” as the only rule. Arista can enforce this (I dont recall which RFC recommends this setup when it comes to BGP - the idea is that you dont leak or accept whatever is sent just because you have configured a peer - you must also define the route-map for this peer).
Also since the RIB is deattached from the FIB in the BGP-world (you can see BGP as just a database to exchange information between nodes - doesnt necessary mean that the nodes themselves will be using the learned routes as with IGP’s such as OSPF or RIP) what you often want to do is to set self-ip through route-map when sending routes to your downstreams (MK towards VyOS) otherwise as you already observed the VyOS will learn the IP of the ISP router as nexthop instead and that can be handy (or not what you normally want depending on your situation).
However sometimes the self-ip can be incorrect (like a loopback interface which your downstream doesnt have a route for) so sometimes you want to not just do “selfhop” but manually configure what this IP should be when sending the routing information from MK to VyOS.
If you for whatever reason want to keep GRE tunnel between MK and VyOS (or for that matter between MK and ISP) I would first start the troubleshooting by setting up static routes and by that verify that the physical paths (including tunnels) are properly setup.
For example setup a default from VyOS towards MK1 either inside tunnel or outside tunnel and from MK1 have a static towards ISP either inside tunnel or outside tunnel. I mean if not even the static works then you have some other issue to resolve first.