Hi Brian/All,
First, thank you for all the efforts/replies to this subject. Much appreciated.
Let me explain my setup first in detail.
This is for a real world setup.
Also the main Goal here is to save IP addresses - main restriction in my design.
I have many sites with two CE router running HSRP & BGP connecting to
2 PE routers
CE1:S0/0 <---> PE1:S0/0
F0/0
|
F0/0
CE2:S0/0 <---> PE2:S0/0
On CE1 & CE2, F0/0 is user LAN with 10.x.x.0/24 running HSRP. This
will take 3 IPs (two for each router F0/0 plus HSRP IP).
Both CEs peer iBGP between the 2 LAN interfaces & both CEs peer eBGP
with both PEs (same AS on PEs - MPLS cloud) ).
Both CEs advertise 10.x.x.0/24 via BGP to MPLS cloud (SOO is setup on
MPLS 2 PEs).
We have this setup up & running on about 2000 sites all over the world
& each site has 10.x.x.0/24 allocated to their LAN - almost all the
IPs are used on LAN devices.
CE1 is the HSRP active device carrying all the traffic & CE2 acts as a
hot standby.
Now we want to off load some of the traffic to CE2 in order to reduce
the load on CE1 link. I have came up with the below setup & tested
successfully.
1. Policy based routing on CE1's F0/0 with tracking to PE2's IP that
connects to CE2. The idea is when the link between CE2 & PE2 is down,
policy routing stops.
2. On CE2, we advertise a free IP from user LAN (in 10.x.x.0/24) with
a static route - ip route 10.x.x.4 255.255.255.255 F 0/0 & advertised
in BGP. NAT/PAT is being configured to 10.x.x.4 with the below
configuration.
The IP 10.x.x.4 is NOT pingable as it is not allocated to any device
or interface.
The is the basic configuration that I took to explain this current
setup which was tested successfully on 2 sites.
Now to my question - same one as before -> User can not allocate the
10.x.x.4 or any free IP from their LAN range for the NAT. The reason
being initially, years ago, only 3 IPs from /24 reserved for network
use.
That is why I am trying to find a way to use the IP of CE2's F0/0 -
10.x.x.3 for NAT but the issue is I need to advertise it in BGP also
to get the return traffic to CE2.
At the moment, the only way out is to configure a static route on PE2
for this 10.x.x.3 but it is NOT allowed to do on PE routers for
non-technical reasons.
My challenge is to find a way to manage this withing the CE routers
with the currently reserved 3 IPs for the network.
We need to first get the IP 10.x.x.3 as /32 into routing table of CE2
to advertise in BGP.
Getting the IP 10.x.x.3 as /32 into routing table of CE2 is the
challenge that I am facing with this design.
If you have any ideas, it will be much appreciated as it looks more
like impossible with the IOS unless there is a way to workaround it in
IOS or with completely different design etc.
CE1
!
interface FastEthernet0
ip address 10.x.x.2 255.255.255.0
standby 11 ip 10.x.x.1
standby 11 preempt
standby 11 priority 110
!
router bgp AS1
network 10.x.x.0 mask 255.255.255.0
!
CE2
!
interface FastEthernet0/0
ip address 10.x.x.3 255.255.255.0
standby 11 ip 10.x.x.1
standby 11 preempt
ip nat inside
!
interface Serial0/0/0
ip nat outside
!
ip nat pool OFFLOAD 10.x.x.4 10.x.x.4 prefix-length 1
ip nat inside source list OFFLOAD-ACL pool OFFLOAD overload
!
ip route 10.x.x.4 255.255.255.255 FastEthernet0/0 name FOR_OFFLOAD_NAT
!
router bgp AS1
network 10.x.x.4 mask 255.255.255.255
network 10.x.x.0 mask 255.255.255.0
!
Regards & thanks in advance.
Mathew
On Fri, Apr 1, 2011 at 4:44 AM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> What are you really trying to accomplish in the design? From what I gathered you want different routers doing NAT to /32 addresses that are within the same allocation, but you don't want to assign them to the link since you'll lose addresses from the pool, correct?
>
> If this is the case, you can NAT to the /32 without having to assign it to the LAN interface to begin with. For example if I want to translate to 1.2.3.4/32, all I need is the NAT config, then either a Loopback with 1.2.3.4/32 assigned or a route to Null0 for 1.2.3.4/32. The loopback or route puts the address in the routing table, which means you can the advertise it into BGP. For the transit link, you could assign RFC 1918, such as 10.0.0.0/24.
>
> If this fits your requirements let me know and I can send you a reference config.
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> On Mar 31, 2011, at 7:44 AM, "Mathew" <mathewfer_at_gmail.com> wrote:
>
>> Hi Adam/All,
>>
>> Thank you for the reply & the configuration.
>> Sorry, I am bit new to PPPoE configurations.
>>
>> It seems we need to get the PPPoE between the 2 routers. Yes, I see it
>> is working. In my setup, I am looking a way to originate this /32
>> within the router itself as this is required on a CE router connecting
>> to a PE. It is not very easy to make PPPoE configurations on a PE
>> router.
>>
>> Anyway, I will further study your configuration & also will see others
>> reply if any more.
>>
>> Regards,
>>
>> Mathew
>>
>>
>> On Thu, Mar 31, 2011 at 11:19 PM, Adam Means <adam.means_at_gmail.com> wrote:
>>> Matthew,
>>>
>>> PPPoE w/ ip unnumbered works as described so see if this answers your
>>> question. You need to apply the /32 to the loopback and then apply ip
>>> unnumbered loopbackX to the virtual-template interface and respective client
>>> dialer interface. Running 12.4 and it'd be something along lines of:
>>>
>>> R1:f0/0 <---> R2:f0/0
>>>
>>> R1:
>>> bba-group pppoe global
>>> virtual-template 1
>>> int lo0
>>> ip add 1.1.1.1 255.255.255.255
>>> interface virtual-te1
>>> ip unnumbered lo0
>>> interface f0/0
>>> pppoe enable group global
>>> router bgp 12
>>> neighbor 2.2.2.2 remote 12
>>> network 1.1.1.1 mask 255.255.255.255
>>> network 2.2.2.2 mask 255.255.255.255
>>>
>>> R2:
>>> interface dialer1
>>> mtu 1492
>>> ip unnumbered lo0
>>> encap ppp
>>> dialer pool 1
>>> dialer persistent
>>> interface f0/0
>>> pppoe enable
>>> pppoe-client dial-pool-number 1
>>> router bgp 12
>>> neighbor 1.1.1.1 remote 12
>>> network 2.2.2.2 mask 255.255.255.255
>>> network 1.1.1.1 mask 255.255.255.255
>>>
>>>
>>>
>>> R1(config-router)#do sh bgp ipv4 uni
>>> BGP table version is 6, local router ID is 1.1.1.1
>>> Status codes: s suppressed, d damped, h history, * valid, > best, i -
>>> internal,
>>> r RIB-failure, S Stale
>>> Origin codes: i - IGP, e - EGP, ? - incomplete
>>>
>>> Network Next Hop Metric LocPrf Weight Path
>>> * i1.1.1.1/32 2.2.2.2 0 100 0 i
>>> *> 0.0.0.0 0 32768 i
>>> * i2.2.2.2/32 2.2.2.2 0 100 0 i
>>> *> 0.0.0.0 0 32768 i
>>>
>>> R1(config-router)#do sh ip route
>>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>>> E1 - OSPF external type 1, E2 - OSPF external type 2
>>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
>>> ia - IS-IS inter area, * - candidate default, U - per-user static
>>> route
>>> o - ODR, P - periodic downloaded static route
>>>
>>> Gateway of last resort is not set
>>>
>>> 1.0.0.0/32 is subnetted, 1 subnets
>>> C 1.1.1.1 is directly connected, Loopback0
>>> 2.0.0.0/32 is subnetted, 1 subnets
>>> C 2.2.2.2 is directly connected, Virtual-Access1.1
>>>
>>>
>>>
>>>
>>> On Thu, Mar 31, 2011 at 12:38 AM, Mathew <mathewfer_at_gmail.com> wrote:
>>>>
>>>> Hi Jules,
>>>>
>>>> Thank you again for your reply & testing it.
>>>>
>>>> How did you get the loopback configured with the same IP as Ethernet
>>>> with /32 mask.
>>>> For me, I can not get the loopback. Did you have the Ethernet also
>>>> with the same address but different mask - like 24. See below.
>>>> I think if I can get the loopback interface configured, we can
>>>> advertise it straight in BGP. Is'n it?
>>>>
>>>> What am I missing here?
>>>>
>>>> Please check your configuration again for me, how you tested it & let
>>>> us see your full config with the IOS ver tested.
>>>>
>>>> Thank you again for your reply.
>>>>
>>>> R2#sho runn int fast 0/0
>>>> Building configuration...
>>>>
>>>> Current configuration : 530 bytes
>>>> !
>>>> interface FastEthernet0/0
>>>> ip address 10.100.40.2 255.255.255.0
>>>> end
>>>>
>>>> R2#conf t
>>>> Enter configuration commands, one per line. End with CNTL/Z.
>>>> R2(config)#int loopback 44
>>>> R2(config-if)#ip address 10.100.40.2 255.255.255.255
>>>> % 10.100.40.2 overlaps with FastEthernet0/0
>>>> R2(config-if)#
>>>>
>>>> Regards,
>>>>
>>>> Mathew
>>>>
>>>> On Thu, Mar 31, 2011 at 11:47 AM, jules NYA BAWEU <nyabaweu_at_gmail.com>
>>>> wrote:
>>>>> Can you try getting around with the PPPOE client config?
>>>>>
>>>>> loo100 -- > 10.100.40.2 255.255.255.255
>>>>> dialer 1 -- > unnumbered loo100
>>>>> then link fa0/0 to the dialer pool
>>>>>
>>>>> You should then use the /32 network in statement in the BGP section.
>>>>>
>>>>> I just tried it and able to advertise the /32. Sorry if I missed some
>>>>> details in you requirement
>>>>>
>>>>> On Wed, Mar 30, 2011 at 5:33 PM, Mathew <mathewfer_at_gmail.com> wrote:
>>>>>>
>>>>>> Hi Aaron,
>>>>>>
>>>>>> Thank you for the reply.
>>>>>>
>>>>>> No, I did not try because I am trying to find a way to get /32. Reason
>>>>>> is that this project involve many routers & we are limited with IPs.
>>>>>>
>>>>>> Any more ideas?
>>>>>>
>>>>>>
>>>>>> Mathew
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 31, 2011 at 10:52 AM, Aaron <aaron1_at_gvtc.com> wrote:
>>>>>>> You tried a /31?
>>>>>>>
>>>>>>> Aaron
>>>>>>>
>>>>>>> On Mar 30, 2011, at 6:21 PM, Mathew <mathewfer_at_gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Hubert/All,
>>>>>>>>
>>>>>>>> I tried the sub-interface options you suggested but it did not work,
>>>>>>>> see below. I tried before to enter /32 IP under main Ethernet
>>>>>>>> interface & it did not take /32 IP & it seems same with a
>>>>>>>> sub-interface too.
>>>>>>>>
>>>>>>>> Any other ideas are welcome as I have ran out of options but I
>>>>>>>> believe
>>>>>>>> there should be a way to do this too.
>>>>>>>>
>>>>>>>> R2(config)#int FastEthernet0/0.1
>>>>>>>>
>>>>>>>> R2(config-subif)#encapsulation dot1Q 1
>>>>>>>> R2(config-subif)#ip address 2.2.2.2 255.255.255.255
>>>>>>>> Bad mask /32 for address 2.2.2.2
>>>>>>>> R2(config-subif)#ip address 2.2.2.2 255.255.255.252
>>>>>>>> R2(config-subif)#do sho runn int FastEthernet0/0.1
>>>>>>>> Building configuration...
>>>>>>>>
>>>>>>>> Current configuration : 101 bytes
>>>>>>>> !
>>>>>>>> interface FastEthernet0/0.1
>>>>>>>> encapsulation dot1Q 1 native
>>>>>>>> ip address 2.2.2.2 255.255.255.252
>>>>>>>> end
>>>>>>>>
>>>>>>>> R2(config-subif)#
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Mathew
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Mar 31, 2011 at 9:33 AM, Hubert Hinsley
>>>>>>>> <hubert.hinsley_at_gmail.com> wrote:
>>>>>>>>> Hello, would it be possible to achieve the solution via
>>>>>>>>> subinterfaces
>>>>>>>>> on the
>>>>>>>>> router ethernet interface? One with a /32 address and one with a
>>>>>>>>> /24?
>>>>>>>>> Or,
>>>>>>>>> possibly via primary and secondary ip addresses on the same
>>>>>>>>> interface?
>>>>>>>>> Apologies if I have misunderstood the question.Regards, Hubert.
>>>>>>>>>
>>>>>>>>> On 30 Mar 2011 20:53, "Mathew" <mathewfer_at_gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Hi Stephen,
>>>>>>>>>
>>>>>>>>> Thank you for the reply.
>>>>>>>>> Yes, I need to be advertise in BGP. So unfortunately, PPP idea can
>>>>>>>>> not
>>>>>>>>> be used here.
>>>>>>>>>
>>>>>>>>> Mathew
>>>>>>>>>
>>>>>>>>> On Wed, Mar 30, 2011 at 6:32 AM, Narbik Kocharians
>>>>>>>>> <narbikk_at_gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>> Mathew,
>>>>>>>>>>
>>>>>>>>>> Does it...
>>>>>>>>>
>>>>>>>>>> Sr. Technical Instructor
>>>>>>>>>> Ask about our FREE Lab Voucher with our Boot Camps
>>>>>>>>>> YES! We take Cisco...
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Mathew
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>
>>>>>>>>> __________________________________...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Mathew
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks
>>>>>>
>>>>>> Mathew
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks
>>>>
>>>> Mathew
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> --
>> Thanks
>>
>> Mathew
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 01 2011 - 15:25:12 ART
This archive was generated by hypermail 2.2.0 : Sun May 01 2011 - 09:00:29 ART