Re: BGP and Tunnel

From: dusth@comcast.net
Date: Tue Nov 15 2005 - 17:11:03 GMT-3

• Next message: Brian Dennis: "RE: trace route - why unix is using UDP for trace route?"
• Previous message: Schulz, Dave: "RE: RSPAN question - ??"
• Maybe in reply to: dusth@comcast.net: "BGP and Tunnel"
• Next in thread: Godswill Oletu: "Re: BGP and Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Danny, yes it works now but require additional IGP to do the routing loopback reachability this is might not a best solution for the real lab. Might need to consider other solutions if are not restricted by the lab.Dustin

-------------- Original message --------------

> You said in an earlier email Godwill that you couldn't get this
> working in your lab - do you have it working now? I labbed it up the
> other day, broadly as you describe here. Worked a treat.
>
> cheers
> Danny
>
> On 12/11/05, Godswill Oletu wrote:
> > Dustine,
> >
> > Remember that in place of running EIGRP 1, you can use:
> >
> > !
> > access-list 100 permit tcp any eq bgp any
> > access-list 100 permit tcp any any eq bgp
> > !
> > route-map BGP permit 10
> > match ip address 100
> > set interface tunnel14
> > !
> > ip local policy route-map BGP
> > !
> >
> > HTH
> > Godswill Oletu
> >
> > ----- Original Message -----
> > From: "Godswill Oletu"
> > To: ; "Danny Cox"
> > Cc:
> > Sent: Saturday, November 12, 2005 5:02 PM
> > Subject: Re: BGP and Tunnel
> >
> >
> > > Dustine,
> > >
> > > It is working for me, The key here will be to learn the loopback
> > addresses through a separate IGP: In this example, my main IGP is RIP, and I
> > am running EIGRP 1 over the tunnel interfaces to learn the loopback
> > addresses, these are the loopback addresses I will use to then implement the
> > BGP peering.
> > >
> > >
> > >
> > R1(s0=1.1.1.1/8)<--------->(s0=1.1.1.2/0)R2(s1=2.2.2.2/8)<-------------->(s0
> > =2.2.2.1/8)R3
> > >
> > > R1:
> > > interface Loopback0
> > > ip address 5.5.5.5 255.255.255.255
> > > !
> > > interface Tunnel14
> > > ip unnumbered Loopback0
> > > tunnel source 1.1.1.1
> > > tunnel destination 2.2.2.1
> > > !
> > > interface Serial0/0
> > > ip address 1.1.1.1 255.0.0.0
> > > !
> > > router eigrp 1
> > > network 5.0.0.0
> > > !
> > > router rip
> > > network 1.0.0.0
> > > !
> > > router bgp 1
> > > neighbor 7.7.7.7 remote-as 1
> > > !
> > > ------------------
> > > R2:
> > > !
> > > interface Serial0
> > > ip address 1.1.1.2 255.0.0.0
> > > clockrate 125000
> > > !
> > > interface Serial1
> > > ip address 2.2.2.2 255.0.0.0
> > > clockrate 125000
> > > !
> > > router rip
> > > network 1.0.0.0
> > > network 2.0.0.0
> > > !
> > > -----------------
> > > R3:
> > > interface Loopback0
> > > ip address 7.7.7.7 255.255.255.255
> > > !
> > > interface Tunnel14
> > > ip unnumbered Loopback0
> > > tunnel source 2.2.2.1
> > > tunnel destination 1.1.1.1
> > > !
> > > interface Serial0
> > > ip address 2.2.2.1 255.0.0.0
> > > !
> > > router eigrp 1
> > > network 7.0.0.0
> > > !
> > > router rip
> > > network 2.0.0.0
> > > !
> > > router bgp 1
> > > neighbor 5.5.5.5 remote-as 1
> > > !
> > > --------
> > >
> > > To validate that the bgp traffic is going through tunnel14, do the
> > following on R1 & R2:
> > >
> > > access-list 100 permit tcp any any eq bgp
> > > access-list 100 permit tcp any eq bgp any
> > >
> > > debug ip packet 100
> > > clear ip bpg 1
> > >
> > > Results:
> > > 00:21:31: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> > > 00:21:33: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> > > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 44, rcvd 4
> > > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 104, rcvd 4
> > > 00:21:41: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up
> > > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 131, rcvd 4
> > > 00:21:41: IP: s=5.5.5.5 (Tunnel14), d=7.7.7.7, len 40, rcvd 4
> > >
> > > HTH
> > >
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: dusth@comcast.net
> > > To: Godswill Oletu ; Danny Cox
> > > Cc: ccielab@groupstudy.com
> > > Sent: Sunday, November 13, 2005 2:24 PM
> > > Subject: Re: BGP and Tunnel
> > >
> > >
> > >
> > > Godswill, sorry for confusing, your uderstanding is correct. However, I
> > try your configuration, bgp does not come up and stay in active. Eventhough
> > I put the serial interfaces into igp for reachability, bgp still stay in
> > active mode. I think the using unnumber ip address for tunnel does not work
> > since it's using loopback ip address and this ip address is reach able via
> > igp then it takes the igp routing for reaching the tunnel instead of using
> > the tun source/dest ip address for reach ability. Like in configuring tunnel
> > with static ip address assign to it, there is reachability for tun
> > source/destination but not for tunnel ip address itself via igp.
> > > -------------- Original message --------------
> > >
> > > Dustine,
> > >
> > > Now I am confused as to what the goal of the task is.
> > >
> > > My initial understanding of what the goal is that, you should force
> > BGP traffics, including peerings through the tunnel interface and not
> > through the interface/route through which the tunnel was setup and no new ip
> > addresses should be introduced while accomplishing this task eg:
> > >
> > > R1----R2
> > >
> > > R1:
> > > interface loopback0
> > > ip address 5.5.5.5 255.0.0.0
> > > !
> > > interface serial0/0
> > > ip address 1.1.1.1 255.255.255.252
> > > !
> > > interface tunnel14
> > > ip unnumbered loopback0
> > > tunnel source 1.1.1.1
> > > tunnel destination 1.1.1.2
> > > !
> > > router eigrp 1
> > > network 5.0.0.0
> > > !
> > > router bgp 1
> > > neighbor 7.7.7.7 remote-as 1
> > > !
> > >
> > > R2:
> > > interface loopback0
> > > ip address 7.7.7.7 255.0.0.0
> > > !
> > > interface serial0/0
> > > ip address 1.1.1.2 255.255.255.252
> > > !
> > > interface tunnel14
> > > ip unnumbered loopback0
> > > tunnel source 1.1.1.2
> > > tunnel destination 1.1.1.1
> > > !
> > > router eigrp 1
> > > network 7.0.0.0
> > > !
> > > router bgp 1
> > > neighbor 5.5.5.5 remote-as 1
> > >
> > > You can also use ISIS, but require more steps than EIGRP. This implies
> > that
> > > R1&R2 are directly connected, if otherwise use another IGP process to
> > > implement reachability between the tunnel source and destination
> > addresses.
> > >
> > > IP Local policy route map will also work.
> > >
> > > Let me know if my understanding of the goal/restriction of the task is
> > wrong.
> > >
> > > HTH
> > > Godswill Oletu
> > > ----- Original Message -----
> > > From: dusth@comcast.net
> > > To: Danny Cox ; Godswill Oletu
> > > Cc: ccielab@groupstudy.com
> > > Sent: Sunday, November 13, 2005 11:05 AM
> > > Subject: Re: BGP and Tunnel
> > >
> > >
> > > I think what he mig mean w/ this config:
> > >
> > > int tunnel14
> > > ip unnumber lo0
> > > tunnel source s0/0 - connect to your internal net
> > > tunnel dest r4:s0/0 - r1 connection to your internal net
> > >
> > > route-map bgp
> > > match bgproutes
> > > set int tunnel14
> > >
> > > and same config on the other end
> > >
> > > Godswill, please validate your command if i understand you
> > correctly. I still can not lab this up yet. My 16mon old daughter takes all
> > my last several days time:)
> > >
> > > Dustin
> > >
> > > -------------- Original message --------------
> > >
> > > > > Using a ip local policy-map & route-map, then setting the next
> > hop to
> > > > > 'interface tunnel14' would have been the preferred solution,
> > but for some
> > > > > reason that is not working in my lab.
> > > >
> > > > Having re-read the email I sent, I see I worded it badly - this
> > is
> > > > what I meant. I'm ingtrigued that it didn't work for you. I'll
> > try
> > > > to lab it up.
> > > >
> > > > > The solution that will work is to set the tunnel source to a
> > local interface
> > > > > (eg ethernet or serial, must be advertised by IGP) & the
> > tunnel destination
> > > > > ip to the remote router's local interface (advertised by IGP).
> > Then let IGP
> > > > > advetise the loopback0 of both routers and do a bgp neighbor
> > peering using
> > > > > the loopback0 ip address of the other router and also using
> > the bgp multihop
> > > > > option, this worked for me even without the multihop option.
> > > >
> > > > I think I'm misunderstanding you. What makes this force BGP
> > traffic
> > > > down the tunnel? Do you mean that traffic to the loopback0 is
> > routed
> > > > via the tunnel according to the IGP, whereas traffic destined
> > for
> > > > other interfaces follows the usual IGP rules?
> > > >
> > > > cheers
> > > > Danny
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Brian Dennis: "RE: trace route - why unix is using UDP for trace route?"
• Previous message: Schulz, Dave: "RE: RSPAN question - ??"
• Maybe in reply to: dusth@comcast.net: "BGP and Tunnel"
• Next in thread: Godswill Oletu: "Re: BGP and Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3