SD-WAN Lab Note Part 6
TLOC Extension with Physical Interfaces
TLOC Extension with Physical Interfaces
vEdge1 and vEdge2 (site3 copy as it is)
Create feature template "vEdge1-Site2-vpn0-ge0/1"
Create feature template "vEdge2-Site2-vpn0-ge0/2"
Create feature template "vEdge2-Site2-vpn0-ge0/1"
Create feature template "vEdge1-Site2-vpn0-ge0/2"
Edit device template "vEdge1-Site2"
Attach and deploy
Device show run
vEdge1
vEdge1# show run vpn 0
vpn 0
router
bgp 65000
address-family ipv4-unicast
network 172.18.0.0/30
!
neighbor 101.0.0.2
no shutdown
remote-as 1
ebgp-multihop 3
address-family ipv4-unicast
!
!
!
!
interface ge0/0
ip address 192.168.2.2/24
tunnel-interface
encapsulation ipsec
color public-internet restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 172.18.0.1/30
tloc-extension ge0/0
no shutdown
!
interface ge0/2
ip address 172.17.0.1/30
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 172.17.0.2
ip route 0.0.0.0/0 192.168.2.1
vEdge2
vEdge2# show run vpn 0
vpn 0
router
bgp 65000
address-family ipv4-unicast
network 172.17.0.0/30
!
neighbor 101.0.1.1
no shutdown
remote-as 1
address-family ipv4-unicast
!
!
!
!
interface ge0/0
ip address 101.0.1.2/24
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 172.18.0.2/30
tunnel-interface
encapsulation ipsec
color public-internet restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/2
ip address 172.17.0.2/30
tloc-extension ge0/0
no shutdown
!
ip route 0.0.0.0/0 172.18.0.1
vEdge3
vEdge3# show run vpn 0
vpn 0
router
bgp 65001
address-family ipv4-unicast
network 172.20.0.0/30
!
neighbor 101.0.0.2
no shutdown
remote-as 1
ebgp-multihop 3
address-family ipv4-unicast
!
!
!
!
interface ge0/0
ip address 192.168.3.2/24
tunnel-interface
encapsulation ipsec
color public-internet restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/2
ip address 172.20.0.1/30
tloc-extension ge0/0
no shutdown
!
interface ge0/3
ip address 172.19.0.1/30
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 172.19.0.2
ip route 0.0.0.0/0 192.168.3.1
vEdge4
vEdge4# show run vpn 0
vpn 0
router
bgp 65001
address-family ipv4-unicast
network 172.19.0.0/30
!
neighbor 101.0.2.1
no shutdown
remote-as 1
address-family ipv4-unicast
!
!
!
!
interface ge0/0
ip address 101.0.2.2/24
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/2
ip address 172.20.0.2/30
tunnel-interface
encapsulation ipsec
color public-internet restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/3
ip address 172.19.0.2/30
tloc-extension ge0/0
no shutdown
!
ip route 0.0.0.0/0 172.20.0.1
vEdge1# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.4.0.1 3 up mpls mpls 172.17.0.1 172.19.0.1 12406 ipsec 7 1000 0:00:23:09 0
10.4.0.1 3 up public-internet public-internet 192.168.2.2 192.168.3.2 12346 ipsec 7 1000 0:01:16:09 0
10.5.0.1 3 up mpls mpls 172.17.0.1 101.0.2.2 12346 ipsec 7 1000 0:00:23:11 0
10.5.0.1 3 up public-internet public-internet 192.168.2.2 172.20.0.2 12366 ipsec 7 1000 0:00:04:25 0
vEdge2# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.4.0.1 3 up mpls mpls 101.0.1.2 172.19.0.1 12406 ipsec 7 1000 0:00:23:39 0
10.4.0.1 3 up public-internet public-internet 172.18.0.2 192.168.3.2 12346 ipsec 7 1000 0:00:19:48 0
10.5.0.1 3 up mpls mpls 101.0.1.2 101.0.2.2 12346 ipsec 7 1000 0:01:16:11 0
10.5.0.1 3 up public-internet public-internet 172.18.0.2 172.20.0.2 12366 ipsec 7 1000 0:00:04:55 0
vEdge3# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.2.0.1 2 up mpls mpls 172.19.0.1 172.17.0.1 12386 ipsec 7 1000 0:00:24:02 0
10.2.0.1 2 up public-internet public-internet 192.168.3.2 192.168.2.2 12426 ipsec 7 1000 0:01:17:04 0
10.3.0.1 2 up mpls mpls 172.19.0.1 101.0.1.2 12386 ipsec 7 1000 0:00:24:02 0
10.3.0.1 2 up public-internet public-internet 192.168.3.2 172.18.0.2 12406 ipsec 7 1000 0:00:20:12 0
vEdge4# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.2.0.1 2 up mpls mpls 101.0.2.2 172.17.0.1 12386 ipsec 7 1000 0:00:24:25 0
10.2.0.1 2 up public-internet public-internet 172.20.0.2 192.168.2.2 12426 ipsec 7 1000 0:00:05:37 0
10.3.0.1 2 up mpls mpls 101.0.2.2 101.0.1.2 12386 ipsec 7 1000 0:01:16:54 0
10.3.0.1 2 up public-internet public-internet 172.20.0.2 172.18.0.2 12406 ipsec 7 1000 0:00:05:37 0
INT & MPLS Router
INT
hostname INT
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 101.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/3
ip address 10.61.91.178 255.255.255.128
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/4
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/5
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
!
router eigrp 100
network 0.0.0.0
redistribute connected
redistribute static
passive-interface default
no passive-interface GigabitEthernet0/3
!
router bgp 2
bgp log-neighbor-changes
neighbor 101.0.0.2 remote-as 1
!
address-family ipv4
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
redistribute static
neighbor 101.0.0.2 activate
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 10.0.0.0 255.255.255.0 192.168.1.2
ip route 172.18.0.0 255.255.255.252 192.168.2.2
ip route 172.20.0.0 255.255.255.252 192.168.3.2
!
!
MPLS
hostname MPLS
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
username admin privilege 15 password 0 admin
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 101.0.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 101.0.0.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 101.0.2.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router bgp 1
bgp log-neighbor-changes
neighbor 101.0.0.1 remote-as 2
neighbor 101.0.0.1 ebgp-multihop 3
neighbor 101.0.1.2 remote-as 65000
neighbor 101.0.2.2 remote-as 65001
neighbor 192.168.2.2 remote-as 65000
neighbor 192.168.2.2 ebgp-multihop 3
neighbor 192.168.3.2 remote-as 65001
neighbor 192.168.3.2 ebgp-multihop 3
!
address-family ipv4
network 101.0.1.0 mask 255.255.255.0
network 101.0.2.0 mask 255.255.255.0
neighbor 101.0.0.1 activate
neighbor 101.0.1.2 activate
neighbor 101.0.1.2 default-originate
neighbor 101.0.2.2 activate
neighbor 101.0.2.2 default-originate
neighbor 192.168.2.2 activate
neighbor 192.168.2.2 default-originate
neighbor 192.168.3.2 activate
neighbor 192.168.3.2 default-originate
exit-address-family
!
No comments:
Post a Comment