Just another Cisco blog
Posts tagged Dynagen
MPLS and BGP Lab Guide, Part 3
Dec 9th
This is the third post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
MPLS and BGP Lab Guide, Part 2
Dec 7th
This is the second post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
BGP ORF Tutorial
Dec 5th
Yesterday I learned about a really interesting BGP feature that I’d never heard of. It’s called ORF (Outbound Route Filtering). With traditional filtering we have two options, filter updated in (coming from your neighbor) or out (going to your neighbor). This method works well, but there is overhead on both sides, one neighbor sending all the updates with the other neighbor filtering some or most of them. ORF is a better way of accomplishing this. Here’s the topology:
The goal of ORF is the ability of the neighbors to tell each other what prefixes they want BEFORE they are sent. This saves bandwidth and processing. For instance, R1 can tell R2 that it only cares about the 24.95.102.0/24 and 128.27.45.0/24 networks, so R2 doesn’t bother sending the 72.89.30.0/24 network at all.
Let’s get to the config:
R1
hostname R1 ! interface Loopback1 ip address 41.58.12.1 255.255.255.0 ! interface Serial0/0 ip address 10.1.1.1 255.255.255.252 ! router bgp 6505 no synchronization bgp log-neighbor-changes network 41.58.12.0 mask 255.255.255.0 neighbor 10.1.1.2 remote-as 5680 no auto-summary |
R2
hostname R2 ! interface Loopback1 ip address 72.89.30.1 255.255.255.0 ! interface Loopback2 ip address 24.95.102.1 255.255.255.0 ! interface Loopback3 ip address 128.27.45.1 255.255.255.0 ! interface Serial0/0 ip address 10.1.1.2 255.255.255.252 ! router bgp 5680 no synchronization bgp log-neighbor-changes network 24.95.102.0 mask 255.255.255.0 network 72.89.30.0 mask 255.255.255.0 network 128.27.45.0 mask 255.255.255.0 neighbor 10.1.1.1 remote-as 6505 no auto-summary |
MPLS and BGP Lab Guide, Part 1
Dec 4th
This is the first post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
DMVPN Tutorial
Dec 2nd
I’ve been interested in Dynamic Multipoint VPN (DMVPN) for quite awhile, I decided to lab it a few months ago, but never posted about it. We use EasyVPN at my company, which functions similarly in that it doesn’t require static IPs on the spoke devices, which means there is less config per new deployment. What makes DMVPN so much better (IMO) than EasyVPN is it’s ability to make dynamic spoke-to-spoke tunnels. This is very, very cool. One drawback, which affects companies like mine, is that DMVPN is not supported on firewalls, which is what most of our VPN deployments use. Here’s the topology:
Let’s get to the config:
R2 (hub router)
hostname R2 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Loopback25 ip address 10.1.25.1 255.255.255.255 ! interface FastEthernet1/0 ip address 10.1.2.2 255.255.255.252 ! interface Tunnel200 ip address 192.168.5.2 255.255.255.0 no ip redirects ip nhrp map multicast dynamic ip nhrp network-id 200 tunnel source 10.1.25.1 tunnel mode gre multipoint |
There aren’t any “dmvpn” configuration commands (that I know of), as you can see, it’s all done with NHRP. NHRP (Next Hop Resolution Protocol) is what makes all of this work.
R1 interface Tunnel200 ip address 192.168.5.1 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.1.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.1.2 255.255.255.252 R3 interface Tunnel200 ip address 192.168.5.3 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.3.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.3.2 255.255.255.252 R4 interface Tunnel200 ip address 192.168.5.4 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.4.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.4.2 255.255.255.252 |
Recent Comments