Thursday, September 1, 2011

LAB: BGP over GRE


2 devices have ebgp peering across non-bgp capable router cloude, this would mean that any attemp to reach a bgp prefix across the non-bgp cloude would result in prefix black-holing.

the use of GRE tunnel between ebgp peers and force all packets go across the tunnel.  the trick here is  that the next-hop for bgp peering are modified to point to the tunnel endpoints. other solution can also use the  endpoint tunnel for bgp peering.

config:

R2:
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
tunnel source 155.1.23.2
tunnel destination 155.1.146.4
!
router bgp 200
neighbor 155.1.146.4 remote-as 100
neighbor 155.1.146.4 ebgp-multihop 255
neighbor 192.10.1.254 remote-as 254
neighbor 192.10.1.254 password CISCO
network 150.1.2.0 mask 255.255.255.0

R4:
interface Tunnel0
ip address 10.0.0.4 255.255.255.0
tunnel source 155.1.146.4
tunnel destination 155.1.23.2
!
route-map SET_NEXT_HOP_TO_TUNNEL_OUT permit 10
set ip next-hop 10.0.0.4
!
route-map SET_NEXT_HOP_TO_TUNNEL_IN permit 10
set ip next-hop 10.0.0.2
!
router bgp 100
neighbor 155.1.23.2 remote-as 200
neighbor 155.1.23.2 ebgp-multihop 255
neighbor 155.1.23.2 route-map SET_NEXT_HOP_TO_TUNNEL_OUT out
neighbor 155.1.23.2 route-map SET_NEXT_HOP_TO_TUNNEL_IN in
neighbor 204.12.1.254 remote-as 54
network 150.1.4.0 mask 255.255.255.0

verification:

Rack1R2#sho ip bgp        
BGP table version is 41, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 28.119.16.0/24   10.0.0.4                               0 100 54 i
*> 28.119.17.0/24   10.0.0.4                               0 100 54 i
*> 112.0.0.0        10.0.0.4                               0 100 54 50 60 i
*> 113.0.0.0        10.0.0.4                               0 100 54 50 60 i
*> 114.0.0.0        10.0.0.4                               0 100 54 i
*> 115.0.0.0        10.0.0.4                               0 100 54 i
*> 116.0.0.0        10.0.0.4                               0 100 54 i
*> 117.0.0.0        10.0.0.4                               0 100 54 i
*> 118.0.0.0        10.0.0.4                               0 100 54 i
*> 119.0.0.0        10.0.0.4                               0 100 54 i
*> 150.1.1.0/24     10.0.0.4                               0 100 i
*> 150.1.2.0/24     0.0.0.0                  0         32768 i
*> 150.1.3.0/24     10.0.0.4                               0 100 i
*> 150.1.4.0/24     10.0.0.4                 0             0 100 i
*> 150.1.5.0/24     10.0.0.4                               0 100 i
*> 150.1.6.0/24     10.0.0.4                               0 100 i
*> 150.1.7.0/24     10.0.0.4                               0 100 i
   Network          Next Hop            Metric LocPrf Weight Path
*> 150.1.8.0/24     10.0.0.4                               0 100 i
*> 150.1.10.0/24    10.0.0.4                               0 100 i
*> 205.90.31.0      192.10.1.254             0             0 254 ?
*> 220.20.3.0       192.10.1.254             0             0 254 ?
*> 222.22.2.0       192.10.1.254             0             0 254 ?

Rack1R2#traceroute 112.0.0.1 so lo0

Type escape sequence to abort.
Tracing the route to 112.0.0.1

  1 10.0.0.4 72 msec 92 msec 24 msec
  2 204.12.1.254 80 msec 28 msec 28 msec
  3 172.16.4.1 28 msec *  80 msec

Rack1R4(config-router)#do sho ip bgp
BGP table version is 65, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 28.119.16.0/24   204.12.1.254             0             0 54 i
*> 28.119.17.0/24   204.12.1.254             0             0 54 i
*> 112.0.0.0        204.12.1.254                           0 54 50 60 i
*> 113.0.0.0        204.12.1.254                           0 54 50 60 i
*> 114.0.0.0        204.12.1.254                           0 54 i
*> 115.0.0.0        204.12.1.254                           0 54 i
*> 116.0.0.0        204.12.1.254                           0 54 i
*> 117.0.0.0        204.12.1.254                           0 54 i
*> 118.0.0.0        204.12.1.254                           0 54 i
*> 119.0.0.0        204.12.1.254                           0 54 i
*> 150.1.2.0/24     10.0.0.2                 0             0 200 i
*> 150.1.4.0/24     0.0.0.0                  0         32768 i
*> 205.90.31.0      10.0.0.2                               0 200 254 ?
*> 220.20.3.0       10.0.0.2                               0 200 254 ?
*> 222.22.2.0       10.0.0.2                               0 200 254 ?

Rack1R4#traceroute 222.22.2.1 source loopback 0

Type escape sequence to abort.
Tracing the route to 222.22.2.1

  1 10.0.0.2 24 msec 76 msec 32 msec
  2 192.10.1.254 8 msec *  80 msec


Posted by at
Labels:

2 comments:

  1. AnonymousAugust 1, 2016 at 2:17 PM

    Hey,

    a little confused at your traceroute:

    Rack1R2#traceroute 112.0.0.1 so lo0

    Type escape sequence to abort.
    Tracing the route to 112.0.0.1

    1 10.0.0.4 72 msec 92 msec 24 msec
    2 204.12.1.254 80 msec 28 msec 28 msec
    3 172.16.4.1 28 msec * 80 msec

    Shouldn't the only next-hop we see from R2 be the GRE tunnel endpoint? (i.e. R4's Tunnel IP 10.0.0.4)

    Thanks.

    ReplyDelete
  2. PriyaFebruary 6, 2017 at 3:19 PM

    Good post. I learn something totally new and challenging on blogs I stumble upon on a daily basis. It will always be interesting to read articles from other authors and practice something from their websites...
    GRE Coaching in Chennai | GRE Training institutes in Chennai

    ReplyDelete

Subscribe to: Post Comments (Atom)