From: Godswill Oletu (oletu@inbox.lv)
Date: Sat Nov 12 2005 - 19:12:08 GMT-3
Dustine,
Remember that in place of running EIGRP 1, you can use:
!
access-list 100 permit tcp any eq bgp any
access-list 100 permit tcp any any eq bgp
!
route-map BGP permit 10
match ip address 100
set interface tunnel14
!
ip local policy route-map BGP
!
HTH
Godswill Oletu
----- Original Message -----
From: "Godswill Oletu" <oletu@inbox.lv>
To: <dusth@comcast.net>; "Danny Cox" <dandermanuk@gmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Saturday, November 12, 2005 5:02 PM
Subject: Re: BGP and Tunnel
> Dustine,
>
> It is working for me, The key here will be to learn the loopback
addresses through a separate IGP: In this example, my main IGP is RIP, and I
am running EIGRP 1 over the tunnel interfaces to learn the loopback
addresses, these are the loopback addresses I will use to then implement the
BGP peering.
>
>
>
R1(s0=1.1.1.1/8)<--------->(s0=1.1.1.2/0)R2(s1=2.2.2.2/8)<-------------->(s0
=2.2.2.1/8)R3
>
> R1:
> interface Loopback0
> ip address 5.5.5.5 255.255.255.255
> !
> interface Tunnel14
> ip unnumbered Loopback0
> tunnel source 1.1.1.1
> tunnel destination 2.2.2.1
> !
> interface Serial0/0
> ip address 1.1.1.1 255.0.0.0
> !
> router eigrp 1
> network 5.0.0.0
> !
> router rip
> network 1.0.0.0
> !
> router bgp 1
> neighbor 7.7.7.7 remote-as 1
> !
> ------------------
> R2:
> !
> interface Serial0
> ip address 1.1.1.2 255.0.0.0
> clockrate 125000
> !
> interface Serial1
> ip address 2.2.2.2 255.0.0.0
> clockrate 125000
> !
> router rip
> network 1.0.0.0
> network 2.0.0.0
> !
> -----------------
> R3:
> interface Loopback0
> ip address 7.7.7.7 255.255.255.255
> !
> interface Tunnel14
> ip unnumbered Loopback0
> tunnel source 2.2.2.1
> tunnel destination 1.1.1.1
> !
> interface Serial0
> ip address 2.2.2.1 255.0.0.0
> !
> router eigrp 1
> network 7.0.0.0
> !
> router rip
> network 2.0.0.0
> !
> router bgp 1
> neighbor 5.5.5.5 remote-as 1
> !
> --------
>
> To validate that the bgp traffic is going through tunnel14, do the
following on R1 & R2:
>
> access-list 100 permit tcp any any eq bgp
> access-list 100 permit tcp any eq bgp any
>
> debug ip packet 100
> clear ip bpg 1
>
> Results:
> 00:21:31: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> 00:21:33: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 44, rcvd 4
> 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 104, rcvd 4
> 00:21:41: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up
> 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 131, rcvd 4
> 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
>
> HTH
>
>
>
>
>
>
> ----- Original Message -----
> From: dusth@comcast.net
> To: Godswill Oletu ; Danny Cox
> Cc: ccielab@groupstudy.com
> Sent: Sunday, November 13, 2005 2:24 PM
> Subject: Re: BGP and Tunnel
>
>
>
> Godswill, sorry for confusing, your uderstanding is correct. However, I
try your configuration, bgp does not come up and stay in active. Eventhough
I put the serial interfaces into igp for reachability, bgp still stay in
active mode. I think the using unnumber ip address for tunnel does not work
since it's using loopback ip address and this ip address is reach able via
igp then it takes the igp routing for reaching the tunnel instead of using
the tun source/dest ip address for reach ability. Like in configuring tunnel
with static ip address assign to it, there is reachability for tun
source/destination but not for tunnel ip address itself via igp.
> -------------- Original message --------------
>
> Dustine,
>
> Now I am confused as to what the goal of the task is.
>
> My initial understanding of what the goal is that, you should force
BGP traffics, including peerings through the tunnel interface and not
through the interface/route through which the tunnel was setup and no new ip
addresses should be introduced while accomplishing this task eg:
>
> R1----R2
>
> R1:
> interface loopback0
> ip address 5.5.5.5 255.0.0.0
> !
> interface serial0/0
> ip address 1.1.1.1 255.255.255.252
> !
> interface tunnel14
> ip unnumbered loopback0
> tunnel source 1.1.1.1
> tunnel destination 1.1.1.2
> !
> router eigrp 1
> network 5.0.0.0
> !
> router bgp 1
> neighbor 7.7.7.7 remote-as 1
> !
>
> R2:
> interface loopback0
> ip address 7.7.7.7 255.0.0.0
> !
> interface serial0/0
> ip address 1.1.1.2 255.255.255.252
> !
> interface tunnel14
> ip unnumbered loopback0
> tunnel source 1.1.1.2
> tunnel destination 1.1.1.1
> !
> router eigrp 1
> network 7.0.0.0
> !
> router bgp 1
> neighbor 5.5.5.5 remote-as 1
>
> You can also use ISIS, but require more steps than EIGRP. This implies
that
> R1&R2 are directly connected, if otherwise use another IGP process to
> implement reachability between the tunnel source and destination
addresses.
>
> IP Local policy route map will also work.
>
> Let me know if my understanding of the goal/restriction of the task is
wrong.
>
> HTH
> Godswill Oletu
> ----- Original Message -----
> From: dusth@comcast.net
> To: Danny Cox ; Godswill Oletu
> Cc: ccielab@groupstudy.com
> Sent: Sunday, November 13, 2005 11:05 AM
> Subject: Re: BGP and Tunnel
>
>
> I think what he mig mean w/ this config:
>
> int tunnel14
> ip unnumber lo0
> tunnel source s0/0 - connect to your internal net
> tunnel dest r4:s0/0 - r1 connection to your internal net
>
> route-map bgp
> match bgproutes
> set int tunnel14
>
> and same config on the other end
>
> Godswill, please validate your command if i understand you
correctly. I still can not lab this up yet. My 16mon old daughter takes all
my last several days time:)
>
> Dustin
>
> -------------- Original message --------------
>
> > > Using a ip local policy-map & route-map, then setting the next
hop to
> > > 'interface tunnel14' would have been the preferred solution,
but for some
> > > reason that is not working in my lab.
> >
> > Having re-read the email I sent, I see I worded it badly - this
is
> > what I meant. I'm ingtrigued that it didn't work for you. I'll
try
> > to lab it up.
> >
> > > The solution that will work is to set the tunnel source to a
local interface
> > > (eg ethernet or serial, must be advertised by IGP) & the
tunnel destination
> > > ip to the remote router's local interface (advertised by IGP).
Then let IGP
> > > advetise the loopback0 of both routers and do a bgp neighbor
peering using
> > > the loopback0 ip address of the other router and also using
the bgp multihop
> > > option, this worked for me even without the multihop option.
> >
> > I think I'm misunderstanding you. What makes this force BGP
traffic
> > down the tunnel? Do you mean that traffic to the loopback0 is
routed
> > via the tunnel according to the IGP, whereas traffic destined
for
> > other interfaces follows the usual IGP rules?
> >
> > cheers
> > Danny
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3