Thursday, March 17, 2016

Overlay VPN task #5. GRE based VPN part 1.

Topology:



Configure loopback0 interfaces and links between routers for initial configuration.
AS30 and AS31 provides connectivity between customer sites R6, R7 and R8.
Customer network uses private IP address space 10/8, which should not be advertised to AS30 and AS31.

Requirements: 

1. Configure AS30 internal network using OSPF area 0.
2. Configure AS31 internal network using ISIS area 49.0045. Only create Level-2 databases. 
3. Configure link between AS30 and AS31 using network 30.0.24/24. Each AS shall advertise it's /16 prefix to neighbor AS. 
4. Configure links between R6, R7 and R8 to AS30 and AS31. Use networks 30.0.16/24, 31.0.57/24 and 30.0.38/24. 
5. On R6, R7 and R8, use static default route to provide connectivity to external networks (31.0/16 and 30.0/16). 
6. Configure routers R6, R7 and R8 to provide connectivity between customer private networks (10.X). 
            6.1 Each site shall have connectivity to every other site. 
            6.2 Traffic between branches shall always traverse the HQ router R6. 
            6.3 Traffic shall be GRE encapsulated. Only single GRE tunnel per router is allowed. 
            6.4 Use OSPF area 0 to exchange routing information between customer sites. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of DMVPN Phase I with OSPF as routing protocol. 

Requirement #6 - GRE encapsulation, and limitation of one tunnel per router requires mGRE tunnel at the HQ site, which leads to DMVPN solution. Requirement to always send traffic via the hub site implies DMVPN phase I. 
Note that using OSPF requires to manually set OSPF network type to Broadcast on tunnel interfaces, and adjust the priority to force the hub site to be elected DR, and spoke sites to be DROTHER. 

R1:

!
interface Loopback0
 ip address 30.0.1.1 255.255.255.0
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.12.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.13.1 255.255.255.0
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.16.1 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.1.1
 passive-interface Ethernet1/0
!
router bgp 30
 bgp router-id 30.0.1.1
 bgp log-neighbor-changes
 neighbor 30.0.2.2 remote-as 30
 neighbor 30.0.2.2 update-source Loopback0
 neighbor 30.0.3.3 remote-as 30
 neighbor 30.0.3.3 update-source Loopback0
!

R2:

!
interface Loopback0
 ip address 30.0.2.2 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.12.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.23.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.24.2 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.2.2
 passive-interface Ethernet1/0
!
router bgp 30
 bgp router-id 30.0.2.2
 bgp log-neighbor-changes
 network 30.0.0.0 mask 255.255.0.0
 neighbor 30.0.1.1 remote-as 30
 neighbor 30.0.1.1 update-source Loopback0
 neighbor 30.0.3.3 remote-as 30
 neighbor 30.0.3.3 update-source Loopback0
 neighbor 30.0.24.4 remote-as 31
!
ip route 30.0.0.0 255.255.0.0 Null0

R3:

!
interface Loopback0
 ip address 30.0.3.3 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.13.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.23.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.38.3 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.3.3
 passive-interface Ethernet1/0
!
router bgp 30
 bgp log-neighbor-changes
 neighbor 30.0.1.1 remote-as 30
 neighbor 30.0.1.1 update-source Loopback0
 neighbor 30.0.2.2 remote-as 30
 neighbor 30.0.2.2 update-source Loopback0
!

R4:

!
interface Loopback0
 ip address 31.0.4.4 255.255.255.255
 ip router isis 1
!
interface Ethernet0/0
 ip address 31.0.45.4 255.255.255.0
 ip router isis 1
!
!
interface Ethernet1/0
 ip address 30.0.24.4 255.255.255.0
!
!
router isis 1
 net 49.0045.0000.0000.0004.00
 is-type level-2-only
 metric-style wide
 passive-interface Ethernet1/0
!
router bgp 31
 bgp log-neighbor-changes
 network 31.0.0.0 mask 255.255.0.0
 neighbor 30.0.24.2 remote-as 30
 neighbor 31.0.5.5 remote-as 31
 neighbor 31.0.5.5 update-source Loopback0
!
ip route 31.0.0.0 255.255.0.0 Null0

R5:

!
interface Loopback0
 ip address 31.0.5.5 255.255.255.255
 ip router isis 1
!
interface Ethernet0/0
 ip address 31.0.45.5 255.255.255.0
 ip router isis 1
!
!
interface Ethernet1/0
 ip address 31.0.57.5 255.255.255.0
!
!
router isis 1
 net 49.0045.0000.0000.0005.00
 is-type level-2-only
 metric-style wide
 passive-interface Ethernet1/0
!
router bgp 31
 bgp log-neighbor-changes
 neighbor 31.0.4.4 remote-as 31
 neighbor 31.0.4.4 update-source Loopback0
!

R6:

!
interface Loopback0
 ip address 10.6.6.6 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.6 255.255.255.0
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip ospf network broadcast
 ip ospf priority 255
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
!
interface Ethernet0/0
 ip address 30.0.16.6 255.255.255.0
!
interface Ethernet0/1
 ip address 10.6.1.1 255.255.255.0
 ip ospf 1 area 0
 no keepalive
!
!
router ospf 1
 router-id 10.6.6.6
!
ip route 0.0.0.0 0.0.0.0 30.0.16.1

R7:

!
interface Loopback0
 ip address 10.7.7.7 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.7 255.255.255.0
 ip nhrp map 10.0.0.6 30.0.16.6
 ip nhrp map multicast 30.0.16.6
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.6
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel destination 30.0.16.6
!
interface Ethernet0/0
 ip address 31.0.57.7 255.255.255.0
!
interface Ethernet0/1
 ip address 10.7.1.1 255.255.255.0
 ip ospf 1 area 0
 no keepalive
!
!
router ospf 1
 router-id 10.7.7.7
!
ip route 0.0.0.0 0.0.0.0 31.0.57.5

R8:

!
interface Loopback0
 ip address 10.8.8.8 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.8 255.255.255.0
 ip nhrp map 10.0.0.6 30.0.16.6
 ip nhrp map multicast 30.0.16.6
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.6
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel destination 30.0.16.6
!
interface Ethernet0/0
 ip address 30.0.38.8 255.255.255.0
!
interface Ethernet0/1
 ip address 10.8.1.1 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 10.8.8.8
!
ip route 0.0.0.0 0.0.0.0 30.0.38.3

Verification:

Note that AS30 and AS31 are not aware of private customer routing.

R1#       sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
B        30.0.0.0/16 [200/0] via 30.0.2.2, 06:05:21
C        30.0.1.0/24 is directly connected, Loopback0
L        30.0.1.1/32 is directly connected, Loopback0
O        30.0.2.2/32 [110/11] via 30.0.12.2, 06:06:22, Ethernet0/0
O        30.0.3.3/32 [110/21] via 30.0.12.2, 06:03:15, Ethernet0/0
C        30.0.12.0/24 is directly connected, Ethernet0/0
L        30.0.12.1/32 is directly connected, Ethernet0/0
C        30.0.13.0/24 is directly connected, Ethernet0/1
L        30.0.13.1/32 is directly connected, Ethernet0/1
C        30.0.16.0/24 is directly connected, Ethernet1/0
L        30.0.16.1/32 is directly connected, Ethernet1/0
O        30.0.23.0/24 [110/20] via 30.0.12.2, 06:06:12, Ethernet0/0
O        30.0.24.0/24 [110/20] via 30.0.12.2, 06:06:12, Ethernet0/0
O        30.0.38.0/24 [110/30] via 30.0.12.2, 06:03:15, Ethernet0/0
      31.0.0.0/16 is subnetted, 1 subnets
B        31.0.0.0 [200/0] via 30.0.24.4, 06:00:09


R3#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
B        30.0.0.0/16 [200/0] via 30.0.2.2, 06:01:57
O        30.0.1.1/32 [110/21] via 30.0.23.2, 06:03:26, Ethernet0/1
O        30.0.2.2/32 [110/11] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.3.3/32 is directly connected, Loopback0
O        30.0.12.0/24 [110/20] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.13.0/24 is directly connected, Ethernet0/0
L        30.0.13.3/32 is directly connected, Ethernet0/0
O        30.0.16.0/24 [110/30] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.23.0/24 is directly connected, Ethernet0/1
L        30.0.23.3/32 is directly connected, Ethernet0/1
O        30.0.24.0/24 [110/20] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.38.0/24 is directly connected, Ethernet1/0
L        30.0.38.3/32 is directly connected, Ethernet1/0
      31.0.0.0/16 is subnetted, 1 subnets
B        31.0.0.0 [200/0] via 30.0.24.4, 06:00:22

R5#        sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B        30.0.0.0/16 [200/0] via 30.0.24.2, 05:58:16
i L2     30.0.24.0/24 [115/10] via 31.0.45.4, 05:58:27, Ethernet0/0
      31.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
B        31.0.0.0/16 [200/0] via 31.0.4.4, 05:58:16
i L2     31.0.4.4/32 [115/20] via 31.0.45.4, 05:58:27, Ethernet0/0
C        31.0.5.5/32 is directly connected, Loopback0
C        31.0.45.0/24 is directly connected, Ethernet0/0
L        31.0.45.5/32 is directly connected, Ethernet0/0
C        31.0.57.0/24 is directly connected, Ethernet1/0
L        31.0.57.5/32 is directly connected, Ethernet1/0


R6#          sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 30.0.16.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 30.0.16.1
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.6/32 is directly connected, Tunnel1
C        10.6.1.0/24 is directly connected, Ethernet0/1
L        10.6.1.1/32 is directly connected, Ethernet0/1
C        10.6.6.6/32 is directly connected, Loopback0
O        10.7.1.0/24 [110/1010] via 10.0.0.7, 05:11:27, Tunnel1
O        10.7.7.7/32 [110/1001] via 10.0.0.7, 05:11:27, Tunnel1
O        10.8.1.0/24 [110/1010] via 10.0.0.8, 05:11:27, Tunnel1
O        10.8.8.8/32 [110/1001] via 10.0.0.8, 05:11:27, Tunnel1
      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        30.0.16.0/24 is directly connected, Ethernet0/0
L        30.0.16.6/32 is directly connected, Ethernet0/0


R6#    sho ip nhrp dynamic
10.0.0.7/32 via 10.0.0.7
   Tunnel1 created 05:12:42, expire 01:27:18
   Type: dynamic, Flags: unique registered
   NBMA address: 31.0.57.7
10.0.0.8/32 via 10.0.0.8
   Tunnel1 created 05:12:40, expire 01:27:20
   Type: dynamic, Flags: unique registered
   NBMA address: 30.0.38.8



R6#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.7.7.7          0   FULL/DROTHER    00:00:39    10.0.0.7        Tunnel1
10.8.8.8          0   FULL/DROTHER    00:00:30    10.0.0.8        Tunnel1


R7#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 31.0.57.5 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 31.0.57.5
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.7/32 is directly connected, Tunnel1
O        10.6.1.0/24 [110/1010] via 10.0.0.6, 05:12:34, Tunnel1
O        10.6.6.6/32 [110/1001] via 10.0.0.6, 05:12:34, Tunnel1
C        10.7.1.0/24 is directly connected, Ethernet0/1
L        10.7.1.1/32 is directly connected, Ethernet0/1
C        10.7.7.7/32 is directly connected, Loopback0
O        10.8.1.0/24 [110/1010] via 10.0.0.8, 05:12:24, Tunnel1
O        10.8.8.8/32 [110/1001] via 10.0.0.8, 05:12:24, Tunnel1
      31.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        31.0.57.0/24 is directly connected, Ethernet0/0
L        31.0.57.7/32 is directly connected, Ethernet0/0

R7# traceroute 10.8.1.1 source 10.7.1.1
Type escape sequence to abort.
Tracing the route to 10.8.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.6 5 msec 5 msec 6 msec
  2 10.0.0.8 5 msec 5 msec 6 msec

R7# traceroute 10.6.1.1 source 10.7.1.1
Type escape sequence to abort.
Tracing the route to 10.6.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.6 1 msec 1 msec 0 msec

R8#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 30.0.38.3 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 30.0.38.3
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.8/32 is directly connected, Tunnel1
O        10.6.1.0/24 [110/1010] via 10.0.0.6, 05:13:05, Tunnel1
O        10.6.6.6/32 [110/1001] via 10.0.0.6, 05:13:05, Tunnel1
O        10.7.1.0/24 [110/1010] via 10.0.0.7, 05:13:05, Tunnel1
O        10.7.7.7/32 [110/1001] via 10.0.0.7, 05:13:05, Tunnel1
C        10.8.1.0/24 is directly connected, Ethernet0/1
L        10.8.1.1/32 is directly connected, Ethernet0/1
C        10.8.8.8/32 is directly connected, Loopback0
      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        30.0.38.0/24 is directly connected, Ethernet0/0
L        30.0.38.8/32 is directly connected, Ethernet0/0


No comments:

Post a Comment