Just another Cisco blog
Posts tagged Tunnel
MPLS and BGP Lab Guide, Part 3
Dec 9th
This is the third post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
DMVPN Tutorial
Dec 2nd
I’ve been interested in Dynamic Multipoint VPN (DMVPN) for quite awhile, I decided to lab it a few months ago, but never posted about it. We use EasyVPN at my company, which functions similarly in that it doesn’t require static IPs on the spoke devices, which means there is less config per new deployment. What makes DMVPN so much better (IMO) than EasyVPN is it’s ability to make dynamic spoke-to-spoke tunnels. This is very, very cool. One drawback, which affects companies like mine, is that DMVPN is not supported on firewalls, which is what most of our VPN deployments use. Here’s the topology:
Let’s get to the config:
R2 (hub router)
hostname R2 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Loopback25 ip address 10.1.25.1 255.255.255.255 ! interface FastEthernet1/0 ip address 10.1.2.2 255.255.255.252 ! interface Tunnel200 ip address 192.168.5.2 255.255.255.0 no ip redirects ip nhrp map multicast dynamic ip nhrp network-id 200 tunnel source 10.1.25.1 tunnel mode gre multipoint |
There aren’t any “dmvpn” configuration commands (that I know of), as you can see, it’s all done with NHRP. NHRP (Next Hop Resolution Protocol) is what makes all of this work.
R1 interface Tunnel200 ip address 192.168.5.1 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.1.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.1.2 255.255.255.252 R3 interface Tunnel200 ip address 192.168.5.3 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.3.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.3.2 255.255.255.252 R4 interface Tunnel200 ip address 192.168.5.4 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.25.1 ip nhrp map 192.168.5.2 10.1.25.1 ip nhrp network-id 200 ip nhrp nhs 192.168.5.2 ip nhrp cache non-authoritative tunnel source 10.1.4.2 tunnel mode gre multipoint ! interface FastEthernet1/0 ip address 10.1.4.2 255.255.255.252 |
PeerIX Project
Sep 16th
What is PeerIX:
PeerIX is a project a bunch of other nerds and I are working on. Most of us know each other from HardForum and/or Networking-Forum. The idea is to develop a functional “mini-internet” to learn and gain experience with enterprise and service provider technologies.
What are the requirements?
A network device that supports IPsec, GRE and BGP. Other routing protocols may be considered but will be “corner case” as the core will be eBGP.
What devices work?
Cisco routers
Vyatta
Currently most Cisco routers will work permitted that you are running an IOS that supports the core technologies above.
You can use the IOS feature navigator to verify if your IOS/device supports the required features.
What technologies are you talking about?
The sky is the limit here, but the main core technologies are IPSec, GRE and BGP. Right now we have limited things going on within this network but eventually the hope is to grow it much larger with more services.
Recent Comments