From: Danny Cox (dandermanuk@gmail.com)
Date: Tue Nov 15 2005 - 12:08:48 GMT-3
You said in an earlier email Godwill that you couldn't get this
working in your lab - do you have it working now? I labbed it up the
other day, broadly as you describe here. Worked a treat.
cheers
Danny
On 12/11/05, Godswill Oletu <oletu@inbox.lv> wrote:
> Dustine,
>
> Remember that in place of running EIGRP 1, you can use:
>
> !
> access-list 100 permit tcp any eq bgp any
> access-list 100 permit tcp any any eq bgp
> !
> route-map BGP permit 10
> match ip address 100
> set interface tunnel14
> !
> ip local policy route-map BGP
> !
>
> HTH
> Godswill Oletu
>
> ----- Original Message -----
> From: "Godswill Oletu" <oletu@inbox.lv>
> To: <dusth@comcast.net>; "Danny Cox" <dandermanuk@gmail.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Saturday, November 12, 2005 5:02 PM
> Subject: Re: BGP and Tunnel
>
>
> > Dustine,
> >
> > It is working for me, The key here will be to learn the loopback
> addresses through a separate IGP: In this example, my main IGP is RIP, and I
> am running EIGRP 1 over the tunnel interfaces to learn the loopback
> addresses, these are the loopback addresses I will use to then implement the
> BGP peering.
> >
> >
> >
> R1(s0=1.1.1.1/8)<--------->(s0=1.1.1.2/0)R2(s1=2.2.2.2/8)<-------------->(s0
> =2.2.2.1/8)R3
> >
> > R1:
> > interface Loopback0
> > ip address 5.5.5.5 255.255.255.255
> > !
> > interface Tunnel14
> > ip unnumbered Loopback0
> > tunnel source 1.1.1.1
> > tunnel destination 2.2.2.1
> > !
> > interface Serial0/0
> > ip address 1.1.1.1 255.0.0.0
> > !
> > router eigrp 1
> > network 5.0.0.0
> > !
> > router rip
> > network 1.0.0.0
> > !
> > router bgp 1
> > neighbor 7.7.7.7 remote-as 1
> > !
> > ------------------
> > R2:
> > !
> > interface Serial0
> > ip address 1.1.1.2 255.0.0.0
> > clockrate 125000
> > !
> > interface Serial1
> > ip address 2.2.2.2 255.0.0.0
> > clockrate 125000
> > !
> > router rip
> > network 1.0.0.0
> > network 2.0.0.0
> > !
> > -----------------
> > R3:
> > interface Loopback0
> > ip address 7.7.7.7 255.255.255.255
> > !
> > interface Tunnel14
> > ip unnumbered Loopback0
> > tunnel source 2.2.2.1
> > tunnel destination 1.1.1.1
> > !
> > interface Serial0
> > ip address 2.2.2.1 255.0.0.0
> > !
> > router eigrp 1
> > network 7.0.0.0
> > !
> > router rip
> > network 2.0.0.0
> > !
> > router bgp 1
> > neighbor 5.5.5.5 remote-as 1
> > !
> > --------
> >
> > To validate that the bgp traffic is going through tunnel14, do the
> following on R1 & R2:
> >
> > access-list 100 permit tcp any any eq bgp
> > access-list 100 permit tcp any eq bgp any
> >
> > debug ip packet 100
> > clear ip bpg 1
> >
> > Results:
> > 00:21:31: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> > 00:21:33: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 44, rcvd 4
> > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 104, rcvd 4
> > 00:21:41: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up
> > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 131, rcvd 4
> > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> >
> > HTH
> >
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: dusth@comcast.net
> > To: Godswill Oletu ; Danny Cox
> > Cc: ccielab@groupstudy.com
> > Sent: Sunday, November 13, 2005 2:24 PM
> > Subject: Re: BGP and Tunnel
> >
> >
> >
> > Godswill, sorry for confusing, your uderstanding is correct. However, I
> try your configuration, bgp does not come up and stay in active. Eventhough
> I put the serial interfaces into igp for reachability, bgp still stay in
> active mode. I think the using unnumber ip address for tunnel does not work
> since it's using loopback ip address and this ip address is reach able via
> igp then it takes the igp routing for reaching the tunnel instead of using
> the tun source/dest ip address for reach ability. Like in configuring tunnel
> with static ip address assign to it, there is reachability for tun
> source/destination but not for tunnel ip address itself via igp.
> > -------------- Original message --------------
> >
> > Dustine,
> >
> > Now I am confused as to what the goal of the task is.
> >
> > My initial understanding of what the goal is that, you should force
> BGP traffics, including peerings through the tunnel interface and not
> through the interface/route through which the tunnel was setup and no new ip
> addresses should be introduced while accomplishing this task eg:
> >
> > R1----R2
> >
> > R1:
> > interface loopback0
> > ip address 5.5.5.5 255.0.0.0
> > !
> > interface serial0/0
> > ip address 1.1.1.1 255.255.255.252
> > !
> > interface tunnel14
> > ip unnumbered loopback0
> > tunnel source 1.1.1.1
> > tunnel destination 1.1.1.2
> > !
> > router eigrp 1
> > network 5.0.0.0
> > !
> > router bgp 1
> > neighbor 7.7.7.7 remote-as 1
> > !
> >
> > R2:
> > interface loopback0
> > ip address 7.7.7.7 255.0.0.0
> > !
> > interface serial0/0
> > ip address 1.1.1.2 255.255.255.252
> > !
> > interface tunnel14
> > ip unnumbered loopback0
> > tunnel source 1.1.1.2
> > tunnel destination 1.1.1.1
> > !
> > router eigrp 1
> > network 7.0.0.0
> > !
> > router bgp 1
> > neighbor 5.5.5.5 remote-as 1
> >
> > You can also use ISIS, but require more steps than EIGRP. This implies
> that
> > R1&R2 are directly connected, if otherwise use another IGP process to
> > implement reachability between the tunnel source and destination
> addresses.
> >
> > IP Local policy route map will also work.
> >
> > Let me know if my understanding of the goal/restriction of the task is
> wrong.
> >
> > HTH
> > Godswill Oletu
> > ----- Original Message -----
> > From: dusth@comcast.net
> > To: Danny Cox ; Godswill Oletu
> > Cc: ccielab@groupstudy.com
> > Sent: Sunday, November 13, 2005 11:05 AM
> > Subject: Re: BGP and Tunnel
> >
> >
> > I think what he mig mean w/ this config:
> >
> > int tunnel14
> > ip unnumber lo0
> > tunnel source s0/0 - connect to your internal net
> > tunnel dest r4:s0/0 - r1 connection to your internal net
> >
> > route-map bgp
> > match bgproutes
> > set int tunnel14
> >
> > and same config on the other end
> >
> > Godswill, please validate your command if i understand you
> correctly. I still can not lab this up yet. My 16mon old daughter takes all
> my last several days time:)
> >
> > Dustin
> >
> > -------------- Original message --------------
> >
> > > > Using a ip local policy-map & route-map, then setting the next
> hop to
> > > > 'interface tunnel14' would have been the preferred solution,
> but for some
> > > > reason that is not working in my lab.
> > >
> > > Having re-read the email I sent, I see I worded it badly - this
> is
> > > what I meant. I'm ingtrigued that it didn't work for you. I'll
> try
> > > to lab it up.
> > >
> > > > The solution that will work is to set the tunnel source to a
> local interface
> > > > (eg ethernet or serial, must be advertised by IGP) & the
> tunnel destination
> > > > ip to the remote router's local interface (advertised by IGP).
> Then let IGP
> > > > advetise the loopback0 of both routers and do a bgp neighbor
> peering using
> > > > the loopback0 ip address of the other router and also using
> the bgp multihop
> > > > option, this worked for me even without the multihop option.
> > >
> > > I think I'm misunderstanding you. What makes this force BGP
> traffic
> > > down the tunnel? Do you mean that traffic to the loopback0 is
> routed
> > > via the tunnel according to the IGP, whereas traffic destined
> for
> > > other interfaces follows the usual IGP rules?
> > >
> > > cheers
> > > Danny
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3