Friday, June 24, 2016

Overlay VPN task #8. LISP part 1.

Topology:



Configure loopback0 interfaces and links between routers for initial configuration.
All routers are IOS.
Use the following networks for links between routers in different autonomous systems:

R1-R5: 35.0.15/24
R1-R8: 38.0.18/24
R3-R6: 36.0.36/24
R3-R9: 39.0.39/24
R5-R6: 35.0.56/24
R5-R8: 35.0.58/24
R6-R8: 36.0.68/24
R6-R9: 36.0.69/24
R8-R9: 38.0.89/24

AS35, AS36, AS38 and AS 39 are 4 interconnected ISPs.
Site A and Site B are two customer sites which use private IP address scheme internally.
R2 and R4 represent internal hosts inside customer sites.
Routers R7 and R10 are customer owned routers collocated at ISPs AS35 and AS39.

Requirements: 

1. Configure each ISP (AS35, AS36, AS38 and AS39) to advertise its IPv4 prefix to neighbors via eBGP.
2. Configure links between Site A and Site B to upstream ISPs. DO NOT run eBGP between customer and ISP routers. 
3. Configure the network to allow connectivity between Site A and Site B internal private networks (R2 to R4). Only apply configuration on customer owned devices to complete this requirement. 
4. Traffic between site A and Site B shall be balanced between the two upstream links. 
5. The configuration shall allow the customer site to change it's upstream provider, without requiring configuration changes to other customer sites.
6. Do not use NAT to complete this task. 
    

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of LISP, and configuration of LISP on IOS platform. 
This is example of basic LISP configuration with single xTR per site and two MR/MS elements. 

Requirement #5 implies the use of LISP, since using any type of direct tunnels between sites, requires configuring the tunnel destination address at the tunnel headend. LISP solves this "issue" by using MR/MS element to store and resolve the EID to RLOC addresses mappings. 


Use routers R1 and R3 as xTR devices, and  R7 and R10 as MR/MS devices to solve this task.

R1:


!
interface Ethernet0/0
 ip address 35.0.15.1 255.255.255.0
!
interface Ethernet0/1
 ip address 38.0.18.1 255.255.255.0
!
interface Ethernet0/2
 ip address 10.1.12.1 255.255.255.0
!
!
router lisp
 database-mapping 10.1.0.0/16 35.0.15.1 priority 100 weight 50
 database-mapping 10.1.0.0/16 38.0.18.1 priority 100 weight 50
 ipv4 itr map-resolver 35.0.57.7
 ipv4 itr map-resolver 39.0.109.10
 ipv4 itr
 ipv4 etr map-server 35.0.57.7 key STRONG
 ipv4 etr map-server 39.0.109.10 key STRONG
 ipv4 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 35.0.15.5
ip route 0.0.0.0 0.0.0.0 38.0.18.8

R2:


!
interface Ethernet0/0
 ip address 10.1.12.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.1.12.1

R3:


!
interface Ethernet0/0
 ip address 36.0.36.3 255.255.255.0
!
interface Ethernet0/1
 ip address 39.0.39.3 255.255.255.0
!
interface Ethernet0/2
 ip address 10.3.34.3 255.255.255.0
!
!
router lisp
 database-mapping 10.3.0.0/16 36.0.36.3 priority 100 weight 50
 database-mapping 10.3.0.0/16 39.0.39.3 priority 100 weight 50
 ipv4 itr map-resolver 35.0.57.7
 ipv4 itr map-resolver 39.0.109.10
 ipv4 itr
 ipv4 etr map-server 35.0.57.7 key STRONG
 ipv4 etr map-server 39.0.109.10 key STRONG
 ipv4 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 36.0.36.6
ip route 0.0.0.0 0.0.0.0 39.0.39.9
!

R4:



!
interface Ethernet0/0
 ip address 10.3.34.4 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.3.34.3


R5:


!
interface Loopback0
 ip address 35.0.5.5 255.255.255.255
!
interface Ethernet0/0
 ip address 35.0.56.5 255.255.255.0
!
interface Ethernet0/1
 ip address 35.0.57.5 255.255.255.0
!
!
interface Ethernet1/0
 ip address 35.0.15.5 255.255.255.0
!
interface Ethernet1/1
 ip address 35.0.58.5 255.255.255.0
!
!
router bgp 35
 bgp log-neighbor-changes
 network 35.0.0.0 mask 255.255.0.0
 neighbor 35.0.56.6 remote-as 36
 neighbor 35.0.58.8 remote-as 38
!
ip route 35.0.0.0 255.255.0.0 Null0

R6:


!
interface Loopback0
 ip address 36.0.6.6 255.255.255.255
!
interface Ethernet0/0
 ip address 35.0.56.6 255.255.255.0
!
!
interface Ethernet1/0
 ip address 36.0.36.6 255.255.255.0
!
interface Ethernet1/1
 ip address 36.0.69.6 255.255.255.0
!
interface Ethernet1/2
 ip address 36.0.68.6 255.255.255.0
!
!
router bgp 36
 bgp log-neighbor-changes
 network 36.0.0.0 mask 255.255.0.0
 neighbor 35.0.56.5 remote-as 35
 neighbor 36.0.68.8 remote-as 38
 neighbor 36.0.69.9 remote-as 39
!
ip route 36.0.0.0 255.255.0.0 Null0

R7:


!
vrf definition MRMS
 !
 address-family ipv4
 exit-address-family
!
!
interface Ethernet0/0
 ip address 35.0.57.7 255.255.255.0
!
!
router lisp
 site S1
  authentication-key STRONG
  eid-prefix 10.1.0.0/16
  exit
 !
 site S3
  authentication-key STRONG
  eid-prefix 10.3.0.0/16
  exit
 !
 ipv4 map-server
 ipv4 map-resolver
 ipv4 alt-vrf MRMS
 exit
!
ip route 0.0.0.0 0.0.0.0 35.0.57.5

R8:


!
interface Loopback0
 ip address 38.0.8.8 255.255.255.255
!
interface Ethernet0/0
 ip address 38.0.89.8 255.255.255.0
!
!
interface Ethernet1/0
 ip address 38.0.18.8 255.255.255.0
!
interface Ethernet1/1
 ip address 35.0.58.8 255.255.255.0
!
interface Ethernet1/2
 ip address 36.0.68.8 255.255.255.0
!
!
router bgp 38
 bgp log-neighbor-changes
 network 38.0.0.0 mask 255.255.0.0
 neighbor 35.0.58.5 remote-as 35
 neighbor 36.0.68.6 remote-as 36
 neighbor 38.0.89.9 remote-as 39
!
ip route 38.0.0.0 255.255.0.0 Null0


R9:


!
interface Loopback0
 ip address 39.0.9.9 255.255.255.255
!
interface Ethernet0/0
 ip address 38.0.89.9 255.255.255.0
!
interface Ethernet0/1
 ip address 39.0.109.9 255.255.255.0
!
!
interface Ethernet1/0
 ip address 39.0.39.9 255.255.255.0
!
interface Ethernet1/1
 ip address 36.0.69.9 255.255.255.0
!
!
router bgp 39
 bgp log-neighbor-changes
 network 39.0.0.0 mask 255.255.0.0
 neighbor 36.0.69.6 remote-as 36
 neighbor 38.0.89.8 remote-as 38
!
ip route 39.0.0.0 255.255.0.0 Null0


R10:


!
vrf definition MRMS
 !
 address-family ipv4
 exit-address-family
!
!
!
interface Ethernet0/0
 ip address 39.0.109.10 255.255.255.0
!
!
router lisp
 site S1
  authentication-key STRONG
  eid-prefix 10.1.0.0/16
  exit
 !
 site S3
  authentication-key STRONG
  eid-prefix 10.3.0.0/16
  exit
 !
 ipv4 map-server
 ipv4 map-resolver
 ipv4 alt-vrf MRMS
 exit
!
ip route 0.0.0.0 0.0.0.0 39.0.109.9

Verification:


R2#traceroute 10.3.34.4
Type escape sequence to abort.
Tracing the route to 10.3.34.4
VRF info: (vrf in name/id, vrf out name/id)
  1 10.1.12.1 5 msec 5 msec 5 msec
  2 35.0.15.5 5 msec 6 msec 5 msec
  3 35.0.56.6 6 msec 6 msec 6 msec
  4 36.0.36.3 6 msec 1 msec 6 msec
  5 10.3.34.4 5 msec 5 msec 6 msec

R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 38.0.18.8 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 38.0.18.8
                [1/0] via 35.0.15.5
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.12.0/24 is directly connected, Ethernet0/2
L        10.1.12.1/32 is directly connected, Ethernet0/2
      35.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        35.0.15.0/24 is directly connected, Ethernet0/0
L        35.0.15.1/32 is directly connected, Ethernet0/0
      38.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        38.0.18.0/24 is directly connected, Ethernet0/1
L        38.0.18.1/32 is directly connected, Ethernet0/1

R5#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      35.0.0.0/8 is variably subnetted, 10 subnets, 3 masks
S        35.0.0.0/16 is directly connected, Null0
C        35.0.5.5/32 is directly connected, Loopback0
C        35.0.15.0/24 is directly connected, Ethernet1/0
L        35.0.15.5/32 is directly connected, Ethernet1/0
C        35.0.56.0/24 is directly connected, Ethernet0/0
L        35.0.56.5/32 is directly connected, Ethernet0/0
C        35.0.57.0/24 is directly connected, Ethernet0/1
L        35.0.57.5/32 is directly connected, Ethernet0/1
C        35.0.58.0/24 is directly connected, Ethernet1/1
L        35.0.58.5/32 is directly connected, Ethernet1/1
      36.0.0.0/16 is subnetted, 1 subnets
B        36.0.0.0 [20/0] via 35.0.56.6, 19:53:05
      38.0.0.0/16 is subnetted, 1 subnets
B        38.0.0.0 [20/0] via 35.0.58.8, 19:48:39
      39.0.0.0/16 is subnetted, 1 subnets
B        39.0.0.0 [20/0] via 35.0.58.8, 19:44:21


R8#       sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      35.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        35.0.0.0/16 [20/0] via 35.0.58.5, 19:48:59
C        35.0.58.0/24 is directly connected, Ethernet1/1
L        35.0.58.8/32 is directly connected, Ethernet1/1
      36.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        36.0.0.0/16 [20/0] via 36.0.68.6, 19:48:51
C        36.0.68.0/24 is directly connected, Ethernet1/2
L        36.0.68.8/32 is directly connected, Ethernet1/2
      38.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
S        38.0.0.0/16 is directly connected, Null0
C        38.0.8.8/32 is directly connected, Loopback0
C        38.0.18.0/24 is directly connected, Ethernet1/0
L        38.0.18.8/32 is directly connected, Ethernet1/0
C        38.0.89.0/24 is directly connected, Ethernet0/0
L        38.0.89.8/32 is directly connected, Ethernet0/0
      39.0.0.0/16 is subnetted, 1 subnets
B        39.0.0.0 [20/0] via 38.0.89.9, 19:44:41


R7#show lisp site detail
LISP Site Registration Information

Site name: S1
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 10.1.0.0/16
    First registered:     19:27:42
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 38.0.18.1, last registered 00:00:34, no proxy-reply, no map-notify
                   TTL 1d00h, no merge, nonce 0xED309F90-0x2290B66F
                   state complete
      Locator    Local  State      Pri/Wgt
      35.0.15.1  yes    up         100/50
      38.0.18.1  yes    up         100/50
Site name: S3
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 10.3.0.0/16
    First registered:     19:27:42
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 39.0.39.3, last registered 00:00:51, no proxy-reply, no map-notify
                   TTL 1d00h, no merge, nonce 0x259CB080-0x6FBCADEA
                   state complete
      Locator    Local  State      Pri/Wgt
      36.0.36.3  yes    up         100/50
      39.0.39.3  yes    up         100/50

R10#show lisp site detail
LISP Site Registration Information

Site name: S1
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 10.1.0.0/16
    First registered:     02:19:06
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 38.0.18.1, last registered 00:00:09, no proxy-reply, no map-notify
                   TTL 1d00h, no merge, nonce 0xED309F90-0x2290B66F
                   state complete
      Locator    Local  State      Pri/Wgt
      35.0.15.1  yes    up         100/50
      38.0.18.1  yes    up         100/50
Site name: S3
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 10.3.0.0/16
    First registered:     02:20:25
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 39.0.39.3, last registered 00:00:17, no proxy-reply, no map-notify
                   TTL 1d00h, no merge, nonce 0x259CB080-0x6FBCADEA
                   state complete
      Locator    Local  State      Pri/Wgt
      36.0.36.3  yes    up         100/50
      39.0.39.3  yes    up         100/50

2 comments:

  1. Great job you are doing especially considering the lack of materials for SPv4 out there. Only INE's and Nick Russo's workbooks to my knowledge , hoping for Narbik's soon (his SPv3 was awesome). Keep it up .

    ReplyDelete
  2. On the off chance that you don't have a justifiable reason purpose behind associating with a specific VPN area, picking the one nearest to you is the best alternative.get india ip address

    ReplyDelete