The first DMVPN lesson explained the basics and I explained how to configure a basic DMVPN phase 2 network. I also created an example for BGP on DMVPN phase 1 networks.
In this lesson we’ll take a look how we can use BGP on DMVPN phase 2 networks. Here is the topology we will use:
One hub router and two spoke routers, each has a loopback interface which we will advertise in BGP.
Configuration
Tunnel interfaces
Let’s start with the tunnel on the hub router:
Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Hub(config-if)#end
Here are the spoke routers:
Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel mode gre multipointSpoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint
Let’s make sure the spokes have registered with the hub:
Hub#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.123.2 172.16.123.2 UP 00:09:48 D
1 192.168.123.3 172.16.123.3 UP 00:09:56 D
And that we can ping our spoke routers:
Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/7/11 msHub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/10 ms
Everything is working, time for BGP.
eBGP
We will start with external BGP. This will work but it has one disadvantage:
Spoke routers have to learn each others networks if we want direct spoke-to-spoke communication. This means we can’t use the same AS on all spoke routers since they would not accept prefixes that have the same AS number in the AS path.
We will need a different AS number for each spoke router, this means we can’t use dynamic neighbors so we’ll have to configure them manually.
Here’s what it looks like:
Hub(config)#router bgp 65001
Hub(config-router)#neighbor 172.16.123.2 remote-as 65002
Hub(config-router)#neighbor 172.16.123.3 remote-as 65003
Hub(config-router)#network 1.1.1.1 mask 255.255.255.255Spoke1(config)#router bgp 65002
Spoke1(config-router)#neighbor 172.16.123.1 remote-as 65001
Spoke1(config-router)#network 2.2.2.2 mask 255.255.255.255Spoke2(config)#router bgp 65003
Spoke2(config-router)#neighbor 172.16.123.1 remote-as 65001
Spoke2(config-router)#network 3.3.3.3 mask 255.255.255.255
Let’s see what we find in the routing tables:
Hub#show ip route bgp
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 172.16.123.2, 00:01:00
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 172.16.123.3, 00:01:00Spoke1#show ip route bgp
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 172.16.123.1, 00:01:04
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 172.16.123.3, 00:00:34Spoke2#show ip route bgp
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 172.16.123.1, 00:01:08
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 172.16.123.2, 00:01:08
We can find all prefixes in the routing tables. External BGP also preserves the next hop addresses which is a good thing for us. Let’s try a trace from spoke1 to spoke2:
Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.123.3 7 msec 11 msec *
No problem, we can get from spoke1 to spoke2 directly.
If you want the same AS number on all spoke routers then you could use some “dirty” tricks like AS override, allow AS in or remove private AS.
hostname Hub
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.1 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65001
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 172.16.123.2 remote-as 65002
neighbor 172.16.123.3 remote-as 65003
!
end
hostname Spoke1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.2 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map 172.16.123.1 192.168.123.1
ip nhrp map multicast 192.168.123.1
ip nhrp network-id 1
ip nhrp nhs 172.16.123.1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65002
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65001
!
endhostname Spoke2
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.3 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map 172.16.123.1 192.168.123.1
ip nhrp map multicast 192.168.123.1
ip nhrp network-id 1
ip nhrp nhs 172.16.123.1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65003
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65001
!
endiBGP
Let’s try something else now, we’ll go for internal BGP. The advantage of iBGP is that we can use dynamic peers. We need to make sure that prefixes from one spoke router will be advertised to another spoke router. To accomplish this, we’ll configure the hub router as a route reflector:
Hub(config)#router bgp 65123
Hub(config-router)#bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
Hub(config-router)#neighbor DMVPN_SPOKES peer-group
Hub(config-router)#neighbor DMVPN_SPOKES remote-as 65123
Hub(config-router)#neighbor DMVPN_SPOKES route-reflector-client
Hub(config-router)#network 1.1.1.1 mask 255.255.255.255
In the example above I used dynamic neighbors so that the hub accepts any BGP neighbor in the 172.16.123.0/24 range. Let’s configure the spoke routers:
Spoke1(config)#router bgp 65123
Spoke1(config-router)#neighbor 172.16.123.1 remote-as 65123
Spoke1(config-router)#network 2.2.2.2 mask 255.255.255.255Spoke2(config)#router bgp 65123
Spoke2(config-router)#neighbor 172.16.123.1 remote-as 65123
Spoke2(config-router)#network 3.3.3.3 mask 255.255.255.255
Let’s check the routing tables:
Hub#show ip route bgp
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 172.16.123.2, 00:01:44
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [200/0] via 172.16.123.3, 00:00:18Spoke1#show ip route bgp
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [200/0] via 172.16.123.1, 00:01:57
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [200/0] via 172.16.123.3, 00:00:31Spoke2#show ip route bgp
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [200/0] via 172.16.123.1, 00:00:13
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 172.16.123.2, 00:00:13
This is looking good, just like eBGP…the next hop addresses are preserved. Let’s do a quick test:
Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.123.3 6 msec 7 msec *
Traffic from spoke1 to spoke2 can be sent directly.
hostname Hub
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.1 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65123
bgp log-neighbor-changes
bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
network 1.1.1.1 mask 255.255.255.255
neighbor DMVPN_SPOKES peer-group
neighbor DMVPN_SPOKES remote-as 65123
neighbor DMVPN_SPOKES route-reflector-client
!
end
hostname Hub
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.1 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65123
bgp log-neighbor-changes
bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
network 1.1.1.1 mask 255.255.255.255
neighbor DMVPN_SPOKES peer-group
neighbor DMVPN_SPOKES remote-as 65123
neighbor DMVPN_SPOKES route-reflector-client
!
endhostname Spoke1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.2 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map 172.16.123.1 192.168.123.1
ip nhrp map multicast 192.168.123.1
ip nhrp network-id 1
ip nhrp nhs 172.16.123.1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65123
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65123
!
endhostname Spoke2
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 172.16.123.3 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN
ip nhrp map 172.16.123.1 192.168.123.1
ip nhrp map multicast 192.168.123.1
ip nhrp network-id 1
ip nhrp nhs 172.16.123.1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
!
interface GigabitEthernet0/1
ip address 192.168.123.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65123
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65123
!
endConclusion
BGP is a good choice for DMVPN networks, it’s simple to configure and flexible. I hope you enjoyed this lesson, if you have any questions feel free to leave a comment.
No comments:
Post a Comment