From: Godswill Oletu (oletu@inbox.lv)
Date: Sat Nov 12 2005 - 19:02:18 GMT-3
Dustine,
It is working for me, The key here will be to learn the loopback addresses through a separate IGP: In this example, my main IGP is RIP, and I am running EIGRP 1 over the tunnel interfaces to learn the loopback addresses, these are the loopback addresses I will use to then implement the BGP peering.
R1(s0=1.1.1.1/8)<--------->(s0=1.1.1.2/0)R2(s1=2.2.2.2/8)<-------------->(s0=2.2.2.1/8)R3
R1:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Tunnel14
ip unnumbered Loopback0
tunnel source 1.1.1.1
tunnel destination 2.2.2.1
!
interface Serial0/0
ip address 1.1.1.1 255.0.0.0
!
router eigrp 1
network 5.0.0.0
!
router rip
network 1.0.0.0
!
router bgp 1
neighbor 7.7.7.7 remote-as 1
!
------------------
R2:
!
interface Serial0
ip address 1.1.1.2 255.0.0.0
clockrate 125000
!
interface Serial1
ip address 2.2.2.2 255.0.0.0
clockrate 125000
!
router rip
network 1.0.0.0
network 2.0.0.0
!
-----------------
R3:
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Tunnel14
ip unnumbered Loopback0
tunnel source 2.2.2.1
tunnel destination 1.1.1.1
!
interface Serial0
ip address 2.2.2.1 255.0.0.0
!
router eigrp 1
network 7.0.0.0
!
router rip
network 2.0.0.0
!
router bgp 1
neighbor 5.5.5.5 remote-as 1
!
--------
To validate that the bgp traffic is going through tunnel14, do the following on R1 & R2:
access-list 100 permit tcp any any eq bgp
access-list 100 permit tcp any eq bgp any
debug ip packet 100
clear ip bpg 1
Results:
00:21:31: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
00:21:33: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 44, rcvd 4
00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 104, rcvd 4
00:21:41: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up
00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 131, rcvd 4
00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
HTH
----- Original Message -----
From: dusth@comcast.net
To: Godswill Oletu ; Danny Cox
Cc: ccielab@groupstudy.com
Sent: Sunday, November 13, 2005 2:24 PM
Subject: Re: BGP and Tunnel
Godswill, sorry for confusing, your uderstanding is correct. However, I try your configuration, bgp does not come up and stay in active. Eventhough I put the serial interfaces into igp for reachability, bgp still stay in active mode. I think the using unnumber ip address for tunnel does not work since it's using loopback ip address and this ip address is reach able via igp then it takes the igp routing for reaching the tunnel instead of using the tun source/dest ip address for reach ability. Like in configuring tunnel with static ip address assign to it, there is reachability for tun source/destination but not for tunnel ip address itself via igp.
-------------- Original message --------------
Dustine,
Now I am confused as to what the goal of the task is.
My initial understanding of what the goal is that, you should force BGP traffics, including peerings through the tunnel interface and not through the interface/route through which the tunnel was setup and no new ip addresses should be introduced while accomplishing this task eg:
R1----R2
R1:
interface loopback0
ip address 5.5.5.5 255.0.0.0
!
interface serial0/0
ip address 1.1.1.1 255.255.255.252
!
interface tunnel14
ip unnumbered loopback0
tunnel source 1.1.1.1
tunnel destination 1.1.1.2
!
router eigrp 1
network 5.0.0.0
!
router bgp 1
neighbor 7.7.7.7 remote-as 1
!
R2:
interface loopback0
ip address 7.7.7.7 255.0.0.0
!
interface serial0/0
ip address 1.1.1.2 255.255.255.252
!
interface tunnel14
ip unnumbered loopback0
tunnel source 1.1.1.2
tunnel destination 1.1.1.1
!
router eigrp 1
network 7.0.0.0
!
router bgp 1
neighbor 5.5.5.5 remote-as 1
You can also use ISIS, but require more steps than EIGRP. This implies that
R1&R2 are directly connected, if otherwise use another IGP process to
implement reachability between the tunnel source and destination addresses.
IP Local policy route map will also work.
Let me know if my understanding of the goal/restriction of the task is wrong.
HTH
Godswill Oletu
----- Original Message -----
From: dusth@comcast.net
To: Danny Cox ; Godswill Oletu
Cc: ccielab@groupstudy.com
Sent: Sunday, November 13, 2005 11:05 AM
Subject: Re: BGP and Tunnel
I think what he mig mean w/ this config:
int tunnel14
ip unnumber lo0
tunnel source s0/0 - connect to your internal net
tunnel dest r4:s0/0 - r1 connection to your internal net
route-map bgp
match bgproutes
set int tunnel14
and same config on the other end
Godswill, please validate your command if i understand you correctly. I still can not lab this up yet. My 16mon old daughter takes all my last several days time:)
Dustin
-------------- Original message --------------
> > Using a ip local policy-map & route-map, then setting the next hop to
> > 'interface tunnel14' would have been the preferred solution, but for some
> > reason that is not working in my lab.
>
> Having re-read the email I sent, I see I worded it badly - this is
> what I meant. I'm ingtrigued that it didn't work for you. I'll try
> to lab it up.
>
> > The solution that will work is to set the tunnel source to a local interface
> > (eg ethernet or serial, must be advertised by IGP) & the tunnel destination
> > ip to the remote router's local interface (advertised by IGP). Then let IGP
> > advetise the loopback0 of both routers and do a bgp neighbor peering using
> > the loopback0 ip address of the other router and also using the bgp multihop
> > option, this worked for me even without the multihop option.
>
> I think I'm misunderstanding you. What makes this force BGP traffic
> down the tunnel? Do you mean that traffic to the loopback0 is routed
> via the tunnel according to the IGP, whereas traffic destined for
> other interfaces follows the usual IGP rules?
>
> cheers
> Danny
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3