Re: Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path!

From: Anthony Sequeira (terry.francona@gmail.com)
Date: Thu Nov 24 2005 - 14:26:41 GMT-3

• Next message: Gustavo Novais: "RE: Scripts to check routing tables"
• Previous message: Ian Stong: "RE: 2600XM Image on 2600"
• Maybe in reply to: Anthony Sequeira: "Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path!"
• Next in thread: Anthony Sequeira: "Re: Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Chris - yeah - I think for my example I am going to need to mess with
metric or filtering to get the tunnel to be used.

I am using loopbacks that are all in the same major network. You "cheated" a
bit and used 1.1.1.1 and 3.3.3.3 on these routers....but you have me
thinking in the right direction now for sure - I need to figure out how to
get the tunnel to be used without breaking anything else. I think metric
manipulation or filtering must be the key!

On 11/24/05, Chris Lewis <chrlewiscsco@yahoo.com> wrote:
>
> Anthony, I've pasted in a working config at the end of this mail for what
> I understand you want to achieve.
>
> In fact what you describe is the way internetworks were originally
> intended to be run with BGP only at the edges. Network designers thougt to
> tunnel between edge devices. However back then the processing cost of
> tunneling was too great for software based routers and BGP ended up being
> needed on all transit devices to stop black-holing. Now the processing cost
> of tunneling has gone away with hardware implementations of MPLS and L2TPv3
> tunneling, BGP free cores are gaining popularity with designers. Anyway, I
> digress.
>
> I have the following setup
>
> R4------R1----R2-----R3
>
> R4 is eBGP to R1 and R1 is iBGP to R3. R2 has no BGP.
>
> R4 injects the prefix 172.16.4.0 in to BGP and has the loopback 172.16.4.4
>
> R2 has no knowledge of this route and R3 is able to ping it via a tunnel.
>
> I think the key issues to consider are the following
>
> With next-hop-self on R1, R3 will see the next hop for 172.16.4.0 as R1,
> we want R3 then to route towards R1 via the tunnel created between R1 and
> R3. However we do not want R3 to see other destinations via the tunnel, as
> you could then run in to route recursion issues and the tunnel would come
> down. In this example, I have auto-summary on for eigrp, so the
1.1.1.0learned via the tunnel; is the longest path match for
> 1.1.1.1, but if auto-summary was off, you would have to mess with metrics
> or filtering to get the route to 1.1.1.1 preferred via the tunnel.
>
> The following are good guidelines (pased to my by Tinjin Chang) for
> creating stable tunnels that have never let me down.
> [TC begins]
> You need to worry about "ip unnumbered" only if you are told that you
> couldn't add another address/subnet. The highlights assume that we are
> tunnelling OSPF across an IS-IS only part of the network. But these
> concepts apply even if you are tunnelling OSPF across OSPF.
>
> *1) The interface that you are going to reference in "ip unnumbered"
> * a) these interfaces must belong to the SAME OSPF area on both
> routers
> If you're going to use the loopback0s, for example, then these two
> routers'
> loopback0s must be in the same area or OSPF won't work correctly.
>
> *2) The tunnel source
> * a) must be reachable *prior* to the tunnel going up
> b) the far end must *NOT* learn this route via OSPF inside the
> tunnel
> i) use *distance* or *distribute-list*, depending on the
> requirements
>
> *3) The tunnel destination
> * a) must be reachable *prior* to the tunnel going up
> b) the local router must *NOT* learn this route via OSPF inside
> the tunnel
> i) use *distance* or *distribute-list*, depending on the
> requirements
>
> *4) The tunnel mode
> * a) Your choices are gre, ipip, and nos
> [TC ends]
>
> Once you have a stable tunnel, the routing table on R3 should look like
> this
>
> 1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
> D 1.1.1.0/24 [90/297372416] via 1.1.1.1, 00:18:41, Tunnel0
> D 1.0.0.0/8 [90/2300416] via 4.4.12.2, 00:21:26, FastEthernet0/0
> D 2.0.0.0/8 [90/156160] via 4.4.12.2, 00:18:41, FastEthernet0/0
> 3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
> C 3.3.3.0/24 is directly connected, Loopback0
> D 3.0.0.0/8 is a summary, 00:18:41, Null0
> 4.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
> B 4.4.4.0/24 [200/0] via 1.1.1.1, 00:15:36
> D 4.0.0.0/8 is a summary, 00:22:05, Null0
> D 4.4.8.0/24 [90/2172416] via 4.4.12.2, 00:18:43, FastEthernet0/0
> C 4.4.12.0/24 is directly connected, FastEthernet0/0
> D 4.4.14.0/24 [90/2174976] via 4.4.12.2, 00:18:43, FastEthernet0/0
> 172.16.0.0/24 is subnetted, 1 subnets
> B 172.16.4.0 [200/0] via 1.1.1.1, 00:15:37
>
> The routing table on R2 has no 172.16.0.0
>
> R2#sho ip rout 172.16.0.0
> % Network not in table
> R2#
>
> R3 can ping 172.16.4.4 via the tunnel to R1
>
> R3(config-router)#do ping 172.16.4.4
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 172.16.4.4, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms
> R3#trace 172.16.4.4
> Type escape sequence to abort.
> Tracing the route to 172.16.4.4
> 1 1.1.1.1 40 msec 40 msec 44 msec
> 2 4.4.14.4 40 msec * 44 msec
>
> These are all configs for router 1 through 4
>
> R1
> interface Loopback0
> ip address 1.1.1.1 255.255.255.0
> !
> interface Tunnel0
> ip unnumbered Loopback0
> tunnel source 4.4.8.1
> tunnel destination 4.4.12.3
> !
> interface Serial0/0
> ip address 4.4.8.1 255.255.255.0
> encapsulation frame-relay
> ip ospf network broadcast
> frame-relay map ip 4.4.8.2 122 broadcast
> no frame-relay inverse-arp
> !
> interface FastEthernet0/1
> ip address 4.4.14.1 255.255.255.0
> !
> router eigrp 1
> network 1.0.0.0
> network 4.0.0.0
> auto-summary
> !
> router bgp 13
> no synchronization
> bgp log-neighbor-changes
> neighbor 3.3.3.3 remote-as 13
> neighbor 3.3.3.3 update-source Loopback0
> neighbor 3.3.3.3 next-hop-self
> neighbor 4.4.14.4 remote-as 4
> no auto-summary
> R2
> interface Loopback0
> ip address 2.2.2.2 255.255.255.0
> !
> interface FastEthernet0/0
> ip address 4.4.12.2 255.255.255.0
> duplex auto
> speed auto
> !
> interface Serial0/0
> ip address 4.4.8.2 255.255.255.0
> encapsulation frame-relay
> ip ospf network broadcast
> ip ospf priority 0
> frame-relay map ip 4.4.8.1 221 broadcast
> no frame-relay inverse-arp
> !
> router eigrp 1
> network 2.0.0.0
> network 4.0.0.0
> auto-summary
> R3
> interface Loopback0
> ip address 3.3.3.3 255.255.255.0
> !
> interface Tunnel0
> ip unnumbered Loopback0
> tunnel source 4.4.12.3
> tunnel destination 4.4.8.1
> !
> interface FastEthernet0/0
> ip address 4.4.12.3 255.255.255.0
> !
> router eigrp 1
> network 3.0.0.0
> network 4.0.0.0
> auto-summary
> !
> router bgp 13
> no synchronization
> bgp log-neighbor-changes
> network 3.3.3.0 mask 255.255.255.0
> neighbor 1.1.1.1 remote-as 13
> neighbor 1.1.1.1 update-source Loopback0
> no auto-summary
> R4
> interface Loopback0
> ip address 4.4.4.4 255.255.255.0
> !
> interface Loopback1
> ip address 172.16.4.4 255.255.255.0
> !
> router bgp 4
> no synchronization
> bgp log-neighbor-changes
> network 4.4.4.0 mask 255.255.255.0
> network 172.16.4.0 mask 255.255.255.0
> neighbor 4.4.14.1 remote-as 13
> no auto-summary
>
>
>
> *Anthony Sequeira <terry.francona@gmail.com>* wrote:
>
> I want to tunnel my iBGP peering from R1 to R4 because R2 is not running
> BGP. I want to use the loopback 0 interfaces for the peerings. The IGP in
> use is EIGRP and all of the interfaces shown below are running EIGRP.
>
>
>
> R1-----4.4.8.0/24-----R2-----4.4.12.0/24-----R4
>
>
>
> R1 lo0 4.4.1.1/24
>
> R4 lo0 4.4.4.4/24
>
>
>
> I have this sample scenario labbed up and I am having a heck of a time. I
> have tried the following with no luck:
>
>
>
> Attempt 1
>
> R1:
>
> int tunnel 0
>
> ip unnumbered lo0
>
> tunnel source 4.4.8.1
>
> tunnel destination 4.4.12.4
>
>
>
> R2:
>
> int tunnel 0
>
> ip unnumbered lo0
>
> tunnel source 4.4.12.4
>
> tunnel destination 4.4.8.1
>
>
>
> Attempt 2
>
> R1:
>
> int tunnel 0
>
> ip unnumbered lo0
>
> tunnel source lo0
>
> tunnel destination 4.4.4.4
>
>
>
> R2:
>
> int tunnel 0
>
> ip unnumbered lo0
>
> tunnel source lo0
>
> tunnel destination 4.4.1.1
>
>
>
> You see  this is easy and works great if I create a new subnet for the
> tunnel and use that in my BGP peerings  the issue that I am having is
> trying to use the loopback addresses for the peerings and still use my
> tunnel.
>
>
>
> I notice that my tunnel interface does not show up in the routing table
> when
> I am pulling the address from the loopback..I guess this must be why my
> BGP
> is not using it????
>
>
>
> Anyone feel like labbing this one up and trying this one? Or is it
> something
> really simple that I am missing about tunnels?
>
>
>
> Thanks in advance for you consideration of this e-mail.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> ------------------------------
> Yahoo!
DSL<http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=37474/*http://promo.yahoo
.com/broadband/+%0D%0A>Something to write home about. Just $16.99/mo. or less

• Next message: Gustavo Novais: "RE: Scripts to check routing tables"
• Previous message: Ian Stong: "RE: 2600XM Image on 2600"
• Maybe in reply to: Anthony Sequeira: "Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path!"
• Next in thread: Anthony Sequeira: "Re: Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3