Re: BGP and Tunnel

From: Godswill Oletu (oletu@inbox.lv)
Date: Fri Nov 11 2005 - 14:56:52 GMT-3

• Next message: Godswill Oletu: "Re: pppoa / virtual-template."
• Previous message: Ralph: "Re: RE: refuse-message again!"
• Maybe in reply to: dusth@comcast.net: "BGP and Tunnel"
• Next in thread: dusth@comcast.net: "Re: BGP and Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Danny,

If you think through setting the bgp next hop to 4.4.4.4, you will notice
that, somewhere along the line it will not work, even if the access-list
only allow bgp traffic. The policy map will still go to the routing table to
know the interface to send the 4.4.4.4 traffic to; that interface will not
be tunnel14, it will be some other IGP learned route or another interface.
Remember that, the GRE protocol asked the routing table that same question
before it was able to setup its tunnel14, and the response it got from the
IGP table will not have been, 'to reach 4.4.4.4, go through interface
tunnel14'. There is nothing in the policy route that indicates that the
interface to reach 4.4.4.4 changed after the GRE tunnel came up.

Using a ip local policy-map & route-map, then setting the next hop to
'interface tunnel14' would have been the preferred solution, but for some
reason that is not working in my lab.

The solution that will work is to set the tunnel source to a local interface
(eg ethernet or serial, must be advertised by IGP) & the tunnel destination
ip to the remote router's local interface (advertised by IGP). Then let IGP
advetise the loopback0 of both routers and do a bgp neighbor peering using
the loopback0 ip address of the other router and also using the bgp multihop
option, this worked for me even without the multihop option.

I was able to lab the above solution and it works.

HTH

----- Original Message -----
From: "Danny Cox" <dandermanuk@gmail.com>
To: <dusth@comcast.net>
Cc: <ccielab@groupstudy.com>
Sent: Saturday, November 12, 2005 9:15 AM
Subject: Re: BGP and Tunnel

> On 11/11/05, dusth@comcast.net <dusth@comcast.net> wrote:
> > Hi all, I need some clarification on how does bgp know to traverse
inside the tunnel and what parameter of the tunnel interface tell that for
bgp end points? I do not have access to the lab right now so I can not
verify the config.
> > Here is the example:
> > r1:
> > interface tunnel 14
> > ip unnumber loopback 0
> > tunnel source 1.1.1.1
> > tunnel destination 4.4.4.4
> > bgp 10
> > nei 4.4.4.4 remote-as 10
> > nei 4.4.4.4 update-source loopback0
> > Does the ip unnumber of the tunnel or the tunnel source & destination
tell router that bgp traffic need to traverse inside the tunnel?
>
> As Leigh said in another post, this won't work because the BGP traffic
> will just follow the route given by the IGP. If you manage to get the
> IGP to indicate that it should go down the tunnel, then that's the
> route which GRE will try to use and the tunnel will be like a snake
> eating its own tail.
>
> On the other hand, if you use policy routing you can do this. Set the
> next-hop to be 4.4.4.4 for BGP traffic only, specified using a route
> map and an ACL. That way the GRE traffic will follow the IGP route,
> but BGP traffic will go down the tunnel.
>
> Hope that helps?
> cheers
> Danny
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Godswill Oletu: "Re: pppoa / virtual-template."
• Previous message: Ralph: "Re: RE: refuse-message again!"
• Maybe in reply to: dusth@comcast.net: "BGP and Tunnel"
• Next in thread: dusth@comcast.net: "Re: BGP and Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3