From: James (james@towardex.com)
Date: Thu Oct 07 2004 - 12:59:17 GMT-3
On Thu, Oct 07, 2004 at 07:14:59AM -0400, ccie2be wrote:
> Hi Brian,
>
> That example was very helpful. Thank you.
>
> I'd like to confirm my understanding and summarize some concepts related to
> this topic.
>
> In terms of functionality, the only difference between a GRE tunnel and
> virtual link is that with a GRE tunnel the transit area can be of any type
> (stub, nssa, regular non-backbone area) while with a virtual link the
> transit area must be a regualr non-backbone. Correct?
Just as an FYI --
The GRE tunnel encapsulates packets over another IP header, thereby creating
a tunneled logical transport circuit. It is fun, and it certainly works well.
One major caveat to be aware of with GRE tunnels is that running OSPF over
it will often cause traffic to transit through the tunnel interface. This
means, on a highly-trafficked network, your router's CPU may potentially
shoot through the roof as GRE packets place additional load on the routing
processor. But GRE encap/decap is not an extremely expensive CPU work, so
on fairly low to moderate trafficked network, it should not be too much of
an issue in general (just wait til you get DDoS attacked over tunnel though).
There are certain feature cards available from certain vendors that allow
hardware ASIC-based offloading of tunnel encapsulation/decapsulation, which
can perform around 630Mbps +/- at line-rate in full-duplex over tunnel
interfaces (using 64 byte packets).
If this was a real-life scenario, I'd much rather be more comfortable using
virtual-links instead, since packets traverse over physical interfaces when
adjacencies are built using vlinks. But this is lab, so either methods work
perfectly cool dependent on lab question's requirements and restrictions
imposed.
My 0.002 :-D
-J
>
> With a GRE tunnel, the endpoints must be in and advertised throughout the
> transit area. They don't have to be physical interfaces. They could be
> loopback interfaces in the transit area. True?
>
> With GRE tunnel, the ip address is arbitrary but must be advertised in Area
> 0. True?
>
> Thanks, Tim
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "mani poopal" <mani_ccie@yahoo.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Wednesday, October 06, 2004 8:13 PM
> Subject: RE: ospf virtual-links vs GRE
>
>
> > Mani,
> >
> > Yes, that is exactly what I was referring to. See the following
> > output:
> >
> > R1#show ip ospf int lo0 | in Area
> > Internet Address 10.1.1.1/24, Area 0
> > R1#show ip ospf int tun0 | in Area
> > Internet Address 0.0.0.0/0, Area 0
> > R1#show ip ospf int e0/0 | in Area
> > Internet Address 15.1.1.1/8, Area 1
> >
> > R1#show ip ospf nei
> >
> > Neighbor ID Pri State Dead Time Address
> > Interface
> > 10.2.2.2 0 FULL/ - 00:00:34 10.2.2.2
> > Tunnel0
> > 10.2.2.2 1 FULL/BDR 00:00:33 15.1.1.2
> > Ethernet0/0
> >
> > R2#show ip ospf nei
> >
> > Neighbor ID Pri State Dead Time Address
> > Interface
> > 10.1.1.1 0 FULL/ - 00:00:38 10.1.1.1
> > Tunnel0
> > 10.1.1.1 1 FULL/DR 00:00:38 15.1.1.1
> > Ethernet0/0
> > 3.3.3.3 0 FULL/ - 00:00:34 23.0.0.3
> > Serial0/1
> >
> > R3#show ip ospf nei
> >
> > Neighbor ID Pri State Dead Time Address
> > Interface
> > 10.2.2.2 0 FULL/ - 00:00:35 23.0.0.2
> > Serial1/3
> >
> >
> > R1#sh ip route ospf
> > O IA 23.0.0.0/8 [110/11175] via 10.2.2.2, 00:00:33, Tunnel0
> > 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
> > O 10.2.2.2/32 [110/11112] via 10.2.2.2, 00:03:22, Tunnel0
> > O IA 10.3.3.3/32 [110/11176] via 10.2.2.2, 00:00:23, Tunnel0
> >
> > R2#sh ip route ospf
> > 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
> > O 10.3.3.3/32 [110/65] via 23.0.0.3, 00:00:19, Serial0/1
> > O 10.1.1.1/32 [110/11112] via 10.1.1.1, 00:00:29, Tunnel0
> >
> > R3#show ip route ospf
> > 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
> > O IA 10.2.2.2/32 [110/782] via 23.0.0.2, 00:00:20, Serial1/3
> > O IA 10.1.1.1/32 [110/11893] via 23.0.0.2, 00:00:20, Serial1/3
> > O IA 15.0.0.0/8 [110/791] via 23.0.0.2, 00:00:20, Serial1/3
> >
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > mani poopal
> > > Sent: Wednesday, October 06, 2004 6:36 PM
> > > To: Brian McGahan
> > > Cc: ccielab@groupstudy.com
> > > Subject: RE: ospf virtual-links vs GRE
> > >
> > > Brian,
> > >
> > > If R1 connect to area 0 & 1. R2 connect to area 1& 2. How can I make
> > an
> > > unnumbered interface (R2's lo 0 to participate in area 0). Is the
> > > following config should be ok on R2(note I am advertiseing lo 0 of R2
> > in
> > > area 0 eventhough R2 is not connected to area 0.)
> > >
> > > Example:
> > >
> > > ----------area 0---R1(15.1.1.1)------Area
> > 1--------(15.1.1.2)R2-----Area
> > > 2------R3
> > > R1 lo 0=10.1.1.1/24
> > > R2 lo 0=10.2.2.2/24
> > > R2 lo 0=10.3.3.3/24
> > >
> > > R1 Config:
> > > router ospf 1
> > > network 15.1.1.1 0.0.0.0 area 1
> > > network 10.1.1.1 0.0.0.0 area 0
> > >
> > > int tunnel 0
> > > ip unnumbered lo 0
> > > tunnel source 15.1.1.1
> > > tunnel destination 15.1.1.2
> > >
> > >
> > > R2 Config:
> > > router ospf 1
> > > network 15.1.1.2 0.0.0.0 area 1
> > > network 10.2.2.2 0.0.0.0 area 0<------Since I am using unnumbered lo 0
> > is
> > > it area 0 or 2
> > >
> > > int tunnel 0
> > > ip unnumbered lo 0
> > > tunnel source 15.1.1.2
> > > tunnel destination 15.1.1.1
> > >
> > > PS:Brian in R2 the loopback is advertised as area 0 or area1. With
> > the
> > > above config, will I will be able to see R3's routes(lo 0) in R1. I
> > > haven't tested yet. Thanks for taking your time.
> > >
> > > Mani
> > >
> > >
> > >
> > >
> > > Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
> > > Mani,
> > >
> > > As long as the tunnel sources and destinations are reachable by
> > > both endpoints of the tunnel, the ip address used on the tunnel itself
> > > is arbitrary, as long as it participates in area 0. Also, you don't
> > > necessarily even have to give the tunnel it's own address. You could
> > > unnumber it to another interface that is already participating in OSPF
> > > area 0.
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of
> > > > mani poopal
> > > > Sent: Wednesday, October 06, 2004 1:32 PM
> > > > To: James
> > > > Cc: ccielab@groupstudy.com
> > > > Subject: Re: ospf virtual-links vs GRE
> > > >
> > > > Hi James,
> > > >
> > > > Thanks for the info. From where we are getting ip address for the
> > > tunnel
> > > > interface(10.1.10.1). Then we are advertising this network in the
> > > routing
> > > > domain and this route is propaged to the rest of the network. Is it
> > > ok to
> > > > come up with an ip address for tunnel interface. Because we
> > shouldn't
> > > > learn about the tunnel interface itself from the routing
> > > protocol(ospf),
> > > > do we have to advertise it in a different routing protocol, say rip.
> > > I am
> > > > looking through cisco website and could not get good config example
> > > for
> > > > gre/tunnel interface for ospf/rip/eigrp configuration. Any
> > suggestion
> > > > which books or url is better for this subject. By the way I tried
> > the
> > > > command you gave me and is not working, from both ABR's I created a
> > > tunnel
> > > > interface and advertised both tunnel interface in area 0.
> > > >
> > > > thanks
> > > >
> > > > Mani
> > > >
> > > > James wrote:
> > > > On Wed, Oct 06, 2004 at 06:36:37AM -0700, mani poopal wrote:
> > > > > Hi Group,
> > > > >
> > > > > In the exam if an ospf area is not connected to area 0, you can
> > use
> > > > virtual link to have the connectivity. It the requirement says not
> > to
> > > use
> > > > virtual link, I know you can achieve the desired result by GRE
> > tunnel.
> > > Can
> > > > any one point me to sampe url for configuration in the cisco website
> > > or
> > > > post a sample config.
> > > >
> > > > Router A:
> > > > in tun0
> > > > tun so a.a.a.a
> > > > tun des b.b.b.b
> > > > ip add 10.1.10.1 255.255.255.252
> > > > no shut
> > > > !
> > > > router osp 100
> > > > net 10.1.10.0 0.0.0.3 ar 0
> > > > !
> > > >
> > > > Router B:
> > > > in tun0
> > > > tun so b.b.b.b
> > > > tun des a.a.a.a
> > > > ip add 10.1.10.2 255.255.255.252
> > > > no shut
> > > > !
> > > > router osp 100
> > > > net 10.1.10.0 0.0.0.3 ar 0
> > > > !
> > > >
> > > > HTH,
> > > > -J
> > > >
> > > >
> > > > --
> > > > James Jun TowardEX Technologies, Inc.
> > > > Technical Lead Network Design, Consulting, IT Outsourcing
> > > > james@towardex.com Boston-based Colocation & Bandwidth Services
> > > > cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
> > www.twdx.net
> > > >
> > > >
> > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > > > (416)431 9929
> > > > MANI_CCIE@YAHOO.COM
> > > >
> > > > ---------------------------------
> > > > Do you Yahoo!?
> > > > vote.yahoo.com - Register online to vote today!
> > > >
> > > >
> > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > > (416)431 9929
> > > MANI_CCIE@YAHOO.COM
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > vote.yahoo.com - Register online to vote today!
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:44 GMT-3