This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations. I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!). The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and each has some unique features and quirks, so I will try and point them out where necessary.
The only problem that BGP introduces here is that it is a bit higher-touch for routing. You will need to configure the spoke as well as the HUB to support the new neighbor relationship. This might not be a big deal, but if you have quite a few of these sites, this means every add will require you to modify the hub router. Guess we could call it job security 🙂
Quick note: When I am posting the configurations for the sites I will only notate the routing protocol additions. If you need information on DMVPN configuration, see my previous post.
Router/Switch Output
Commands
Notes
Lets start with the DMVPN hub.
First, lets get that loopoback created so we have something to advertise.
Rack1DMVPN(config)#interface Loopback0
Rack1DMVPN(config-if)# ip address 100.100.100.100 255.255.255.255
There are no tunnel configurations to make, so we can skip that part!
So, lets get the BGP done. Since we are the hub router, we will need to configure each spoke as a route-reflector client.
Rack1DMVPN(config)#router bgp 100
Rack1DMVPN(config-router)# bgp log-neighbor-changes
First we will define the neighbors and their AS
Rack1DMVPN(config-router)# neighbor 192.168.11.3 remote-as 100
Rack1DMVPN(config-router)# neighbor 192.168.11.4 remote-as 100
Rack1DMVPN(config-router)# neighbor 192.168.11.5 remote-as 100
Now lets get the address family and route-reflector clients established.
Rack1DMVPN(config-router)# address-family ipv4
We need to activate the neighbor and set them as a route-reflector-client. Setting them as a RR client is what allows BGP to work in this setup.
Rack1DMVPN(config-router-af)# neighbor 192.168.11.3 activate
Rack1DMVPN(config-router-af)# neighbor 192.168.11.3 route-reflector-client
Rack1DMVPN(config-router-af)# neighbor 192.168.11.4 activate
Rack1DMVPN(config-router-af)# neighbor 192.168.11.4 route-reflector-client
Rack1DMVPN(config-router-af)# neighbor 192.168.11.5 activate
Rack1DMVPN(config-router-af)# neighbor 192.168.11.5 route-reflector-client
Rack1DMVPN(config-router-af)# no auto-summary
Rack1DMVPN(config-router-af)# no synchronization
Time to advertise the loopback
Rack1DMVPN(config-router-af)# network 100.100.100.100 mask 255.255.255.255
That is it for the hub, onto R3
First, the loopback
Rack1R3(config)#interface Loopback0
Rack1R3(config-if)# ip address 3.3.3.3 255.255.255.255
Now for BGP
Rack1R3(config)#router bgp 100
Rack1R3(config-router)# no synchronization
Rack1R3(config-router)# bgp log-neighbor-changes
Define the network
Rack1R3(config-router)# network 3.3.3.3 mask 255.255.255.255
And the neighbor. Since we are a route-reflector client, we only need to peer with the hub
Rack1R3(config-router)# neighbor 192.168.11.1 remote-as 100
Rack1R3(config-router)# no auto-summary
Time for R4
Same here, loopback interfecae!
Rack1R4(config)#interface Loopback0
Rack1R4(config-if)# ip address 4.4.4.4 255.255.255.255
Now the routing protocol
Rack1R4(config)# router bgp 100
Rack1R4(config-router)# no synchronization
Rack1R4(config-router)# bgp log-neighbor-changes
Rack1R4(config-router)# network 4.4.4.4 mask 255.255.255.255
Rack1R4(config-router)# neighbor 192.168.11.1 remote-as 100
Rack1R4(config-router)# no auto-summary
and lastly, R5
the loopback
Rack1R5(config)# interface Loopback0
Rack1R5(config-if)# ip address 5.5.5.5 255.255.255.255
and the routing protocol
Rack1R5(config)# router bgp 100
Rack1R5(config-router)# no synchronization
Rack1R5(config-router)# bgp log-neighbor-changes
Rack1R5(config-router)# network 5.5.5.5 mask 255.255.255.255
Rack1R5(config-router)# neighbor 192.168.11.1 remote-as 100
Rack1R5(config-router)# no auto-summary
So, lets look at the bgp peers on the DMVPN hub
Rack1DMVPN#sh ip bgp summary
BGP router identifier 100.100.100.100, local AS number 100
BGP table version is 5, main routing table version 5
4 network entries using 480 bytes of memory
4 path entries using 208 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 1092 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.11.3 4 100 5 9 5 0 0 00:01:57 1 192.168.11.4 4 100 5 9 5 0 0 00:01:59 1 192.168.11.5 4 100 6 10 5 0 0 00:02:07 1 Rack1DMVPN#
All the neighbors are there, lets look at R3
Rack1R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 20, main routing table version 20
4 network entries using 528 bytes of memory
4 path entries using 208 bytes of memory
3/2 BGP path/bestpath attribute entries using 504 bytes of memory
2 BGP rrinfo entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 1320 total bytes of memory
BGP activity 7/3 prefixes, 11/7 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.11.1 4 100 48 35 20 0 0 00:02:15 3 Rack1R3#
Just the 1 neighbor, what we expect
Lets look at the BGP table on R3
Rack1R3#sh ip bgp
BGP table version is 20, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 3.3.3.3/32 0.0.0.0 0 32768 i *>i4.4.4.4/32 192.168.11.4 0 100 0 i *>i5.5.5.5/32 192.168.11.5 0 100 0 i *>i100.100.100.100/32 192.168.11.1 0 100 0 i Rack1R3#
Yup, we see all the networks there.
Now lets look at the routing table on r3
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 1 subnets
B 100.100.100.100 [200/0] via 192.168.11.1, 00:02:50
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [200/0] via 192.168.11.4, 00:02:50
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 192.168.11.5, 00:02:50
C 192.168.11.0/24 is directly connected, Tunnel0
150.1.0.0/24 is subnetted, 1 subnets
C 150.1.13.0 is directly connected, GigabitEthernet0/1
S 150.0.0.0/8 [1/0] via 150.1.13.13
Rack1R3#
All the routes are there with the correct next hop address.
Now if we look at the DMVPN, what peers do we have: Rack1R3#sh dmvpn Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete N - NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries with same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding UpDn Time --> Up or Down Time for a Tunnel ==========================================================================
Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb ----- --------------- --------------- ----- -------- ----- 1 150.1.254.254 192.168.11.1 UP 00:11:55 S
Rack1R3#
Just the hub – that is what we should see.
Lets ping R4 and R5 loopbacks from R3 Loopback
Rack1R3#ping 4.4.4.4 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Rack1R3#ping 5.5.5.5 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Rack1R3#
Yup, we have connectivity – just like we should.
Lets look at the DMVPN peers now: Rack1R3#sh dmvpn Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete N - NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries with same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding UpDn Time --> Up or Down Time for a Tunnel ==========================================================================
Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHRP Peers:3,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb ----- --------------- --------------- ----- -------- ----- 1 150.1.254.254 192.168.11.1 UP 00:12:32 S 1 150.1.9.4 192.168.11.4 UP 00:00:05 D 1 150.1.10.5 192.168.11.5 UP 00:00:02 D
Rack1R3#
And we can see that we built the peer relationship with the other spokes.
Just like it is suppoesd to be!
Next up…. Is this a routing protocol? 🙂
Steve S. said:
In regards to your “high touch” statement about BGP, in recent versions of 15.1 IOS and some newer flavors of 12.2(33) for the 6k, there is a new feature called BGP dynamic neighbors which allows you to configure a subnet range to listen for BGP peers instead of configuring each peer separately. This allows for a zero-touch DMVPN hub site router.
http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_neighbor.html#wp1054174
fryguy said:
I did notice that feature, but hard a time finding an IOS for a 7200 that would support it. You are correct though, that would make the bgp peers easier to configure.