From: Fanglo MA \(E-mail\) (fangloma@xxxxxxxxxxxxxx)
Date: Fri Aug 02 2002 - 23:07:50 GMT-3
Dear Kym,
Thank for your explanation. I do have FR switch but will do your suggestion
on sunday lab to get working on tunnel. Will let you know the result.
Regards,
Fanglo
-----Original Message-----
From: kym blair [mailto:kymblair@hotmail.com]
Sent: Saturday, August 03, 2002 5:10 AM
To: fangloma@pacific.net.hk; ccielab@groupstudy.com
Subject: RE: Frame-relay switching -- GRE Tunnels
Fanglo,
To learn about GRE tunnels, someone on Groupstudy recommended Adam
Quiggley's VPN book, then someone else also recommended it, so it must be
good. I've read some of the papers about GRE on CCO, but don't have a
specific one to recommend. I haven't tested the config I posted, so let me
know if there is a problem; but I'm confident it will work. The concept is
simple:
(1) You need a physical path between the source router and the destination
router. Our example is really easy ... they're connected back-to-back. It
would be okay for R1 and R2 to be several hops away from each other, but
you'd need to be sure R1 and R2 know how to reach each other (i.e., run some
IGP such as OSPF and make sure the address you want to anchor the tunnel to
is known to the remote router).
(2) Create tunnel interfaces on R1 and R2 (the tunnel interface number
doesn't need to match, but the source and destination IP addresses do):
R1
interface tunnel 5
tunnel source 132.173.15.2
tunnel destination 205.41.75.7
R2
interface tunnel 8
tunnel source 205.41.75.7
tunnel destination 132.173.15.2
(3) Now you can use "show cdp neighbor detail" and see the remote router
through the tunnel interface even though you have not given the tunnel
interface an IP address yet (because CDP works at layer 2; IP works at layer
3). This is pretty cool when the destination router is several physical
hops away; it behaves just as if the tunnel connection is a physical
connection.
(4) Apply whatever routing you want to happen on the tunnel (IP addresses or
IPX addresses or both, multicast, etc. or frame-relay route commands).
(5) Whatever goes into the tunnel on R1 will come out the same tunnel on R2,
so match up your DLCI traffic. If you want several connections between R1
and R2, then you need several tunnels (each anchored to different Serial,
Ethernet, or Loopback interfaces) because you cannot have tunnel
subinterfaces. DLCIs are local, so their numbers don't have to match, but
for your own sanity you should match the DLCI numbers.
Recommend you draw my sample config on paper and see where each DLCI
connects between a serial interface to a tunnel interface, and out the other
side to a serial interface; and see that each tunnel is anchored to a
different loopback. All of the loopbacks must be reachable by the remote
router (via a routing protocol, or in our example, via the default-gateway).
In a routing environment, the main problem you find with GRE tunnels is that
initially R1 and R2 know how to find each other's IP address via some
physical link, thus allowing the GRE tunnel to form. Then the routing
protocol decides the shortest path between R1 and R2 is over the one-hop
tunnel connection, and all the routes show the tunnel interface as the
preferred path. That's fine for all the routes except the route to the
loopback that the tunnel is anchored to; i.e., the way to the tunnel
destination cannot be over the tunnel! So the tunnel collapses. A moment
later, the routing protocol finds a physical path to the destination IP and
the tunnel reforms. Then it collapses again. Over and over. Solution is to
filter the advertisement of the tunnel destination from being advertised
between R1 and R2 via the tunnel.
Hope this is not too long and confusing. Regards, Kym
------------------------------------------------------------------
>From: Fanglo MA <fangloma@pacific.net.hk>
>Reply-To: Fanglo MA <fangloma@pacific.net.hk>
>To: kym blair <kymblair@hotmail.com>
>CC: <harbir.kohli@bellnexxia.com>, <ccielab@groupstudy.com>
>Subject: RE: Frame-relay switching
>Date: Fri, 2 Aug 2002 19:49:50 +0800 (HKT)
>
>Wow! How you reach it!!? You are really best on how to apply tunnel. Any
>source/reference would you recommend?
>
>Regards,
>Fanglo
>
>On Fri, 2 Aug 2002, kym blair wrote:
>
> > Harbir, try this method of building a frame-relay switch from two 2501
> > routers (assuming FRS1 and FRS2 are connected S0-to-S0 as in your first
> > attempt, and routers are connected to S1 on each FRS):
> >
> > FRS1
> > _____
> >
> > frame-relay switching
> > !
> > interface Tunnel12
> > no ip address
> > tunnel source Serial0
> > tunnel destination 12.12.12.2
> > !
> > interface Serial0
> > ip address 12.12.12.1 255.255.255.0
> > !
> > interface Serial1
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 104 interface Tunnel12 401
> >
> >
> >
> > FRS2
> > ---------
> > frame-relay switching
> > !
> > interface Tunnel12
> > no ip address
> > tunnel source Serial0
> > tunnel destination 12.12.12.1
> > !
> > interface Serial0
> > ip address 12.12.12.2 255.255.255.0
> > !
> > interface Serial1
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 104 interface Tunnel12 401
> >
> > --------------------------------------------------------------
> > --------------------------------------------------------------
> > Or E0-E0 back-to-back with full-mesh DLCIs would allow you to connect up
>to
> > 4 routers with any combination of point-to-point or multipoint:
> >
> > FRS1
> > _____
> >
> > frame-relay switching
> > !
> > Ethernet 0
> > ip address 192.168.1.1 255.255.255.0
> > !
> > ip classless
> > ip subnet-zero
> > ip route 0.0.0.0 0.0.0.0 192.168.1.2
> > !
> > interface Loopback13
> > ip address 132.173.13.1 255.255.255.0
> > !
> > interface Tunnel13
> > no ip address
> > tunnel source Loopback13
> > tunnel destination 132.173.13.2
> > !
> > interface Loopback14
> > ip address 132.173.14.1 255.255.255.0
> > !
> > interface Tunnel14
> > no ip address
> > tunnel source Loopback14
> > tunnel destination 132.173.14.2
> > !
> > interface Loopback23
> > ip address 132.173.23.1 255.255.255.0
> > !
> > interface Tunnel23
> > no ip address
> > tunnel source Loopback23
> > tunnel destination 132.173.23.2
> > !
> > interface Loopback24
> > ip address 132.173.24.1 255.255.255.0
> > !
> > interface Tunnel24
> > no ip address
> > tunnel source Loopback24
> > tunnel destination 132.173.24.2
> > !
> > !
> > interface Serial0
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 102 interface serial1 201
> > frame-relay route 103 interface Tunnel13 111
> > frame-relay route 104 interface Tunnel14 444
> > !
> > interface Serial1
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 201 interface Serial0 102
> > frame-relay route 203 interface Tunnel23 333
> > frame-relay route 204 interface Tunnel24 222
> >
> >
> > FRS2
> > ---------
> > frame-relay switching
> > !
> > Ethernet 0
> > ip address 192.168.1.2 255.255.255.0
> > !
> > ip classless
> > ip subnet-zero
> > ip route 0.0.0.0 0.0.0.0 192.168.1.1
> > !
> > interface Loopback13
> > ip address 132.173.13.2 255.255.255.0
> > !
> > interface Tunnel13
> > no ip address
> > tunnel source Loopback13
> > tunnel destination 132.173.13.1
> > !
> > interface Loopback14
> > ip address 132.173.14.2 255.255.255.0
> > !
> > interface Tunnel14
> > no ip address
> > tunnel source Loopback14
> > tunnel destination 132.173.14.1
> > !
> > interface Loopback23
> > ip address 132.173.23.2 255.255.255.0
> > !
> > interface Tunnel23
> > no ip address
> > tunnel source Loopback23
> > tunnel destination 132.173.23.1
> > !
> > interface Loopback24
> > ip address 132.173.24.2 255.255.255.0
> > !
> > interface Tunnel24
> > no ip address
> > tunnel source Loopback24
> > tunnel destination 132.173.24.1
> > !
> > interface Serial0
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 401 interface Tunnel14 444
> > frame-relay route 402 interface Tunnel24 222
> > frame-relay route 403 interface Serial1 304
> > !
> > interface Serial1
> > no ip address
> > encapsulation frame-relay
> > clockrate 2000000
> > frame-relay intf-type dce
> > frame-relay route 301 interface Tunnel13 111
> > frame-relay route 302 interface Tunnel23 333
> > frame-relay route 304 interface Serial0 403
> >
> >
> > That's it for the frame-relay switch. Now you have to config the
>routers.
> > This is a good drill, but really recommend you buy a router with 4 or
>more
> > serial ports to be your frame-relay switch.
> >
> > HTH, Kym
> >
> >
> >
> >
> > >From: "Fanglo MA \(E-mail\)" <fangloma@pacific.net.hk>
> > >Reply-To: "Fanglo MA \(E-mail\)" <fangloma@pacific.net.hk>
> > >To: "'Kohli, Harbir'" <harbir.kohli@bellnexxia.com>,
> > ><ccielab@groupstudy.com>
> > >Subject: RE: Frame-relay switching
> > >Date: Fri, 2 Aug 2002 08:53:29 +0800
> > >
> > >Try no keepalive. May be it can be help.
> > >
> >
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/12
0
> > >t/120t5/frkeep.htm
> > >
> > >Regards,
> > >Fanglo
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > >Kohli, Harbir
> > >Sent: Thursday, August 01, 2002 9:16 PM
> > >To: 'ccielab@groupstudy.com'
> > >Subject: RE: Frame-relay switching
> > >
> > >
> > >Hi,
> > >
> > >I am trying to create a frame-relay cloud by using 2 routers (FRS1 and
> > >FRS2)
> > >
> > >
> > >I am not able to get frame-relay switching to work over the cloud.
> > >
> > >I have 2 routers connected one to FRS1 and another to FRS2).
> > >FRS1
> > >_____
> > >
> > >...
> > >frame-relay switching
> > >!
> > >interface Tunnel12
> > >no ip address
> > >tunnel source Serial0
> > >tunnel destination 12.12.12.2
> > >!
> > >interface Serial0
> > >ip address 12.12.12.1 255.255.255.0
> > >!
> > >interface Serial1
> > >no ip address
> > >encapsulation frame-relay
> > >frame-relay intf-type dce
> > >frame-relay route 104 interface Tunnel12 401
> > >!
> > >FRS2
> > >---------
> > >
> > >..
> > >frame-relay switching
> > >interface Serial0
> > >ip address 23.23.23.2 255.255.255.0
> > >interface Serial1
> > >no ip address
> > >encapsulation frame-relay
> > >clockrate 2000000
> > >frame-relay intf-type dce
> > >frame-relay route 401 interface Tunnel12 104
> > >
> > >FRS2#sh frame pvc
> > >
> > >PVC Statistics for interface Serial1 (Frame Relay DCE)
> > >
> > >DLCI = 401, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE =
> > >Serial1
> > >
> > >What is it that I am missing?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:15 GMT-3