Thursday 27 November 2014

MPLS: OSPF sham-links

Introduction
The provider’s MPLS cloud has three routers namely – R1 (P-router), R2 (PE-R2) and R3 (PE-R3). These routers formed OSPF adjacency with one another. R2 and R3 are iBGP neighbors peering with each other’s loopback address.
The TTL propagation within the MPLS cloud was suppressed with no mpls ip propagate-ttl command. This is to “hide” the number of mpls routers that exist within the provider’s MPLS core.
Reason to use ospf sham link
It is possible that customer’s network has an OSPF backdoor link to each other despite subscribing MPLS service which links customer’s edge routers.

R4 and R5 has OSPF backdoor link between them.
The OSPF link through the MPLS cloud would be an inter-area link despite both site-a and site-b links are in OSPF area 0, this poses a problem if customer wants traffic to traverse from site-a to site-b or vice versa through the MPLS core. OSPF will prefer the intra-area route, in this case is the backdoor link which resides in the same OSPF area, to reach the destination.
To solve this problem, OSPF sham link is used.

Read more »
Posted by at No comments:

Wednesday 19 November 2014

Dynamic Multipoint VPN (DMVPN) Configuration

DMVPN (Dynamic Multipoint VPN) is a technique where we use multipoint GRE tunnels instead of GRE point-to-point tunneling. These multipoint GRE tunnels will be encrypted using IPSEC so that we have a secure scalable tunneling solution. If you are unfamiliar with tunneling or IPSEC I highly recommend to check the basic configuration for GRE first and how to configure an encrypted GRE tunnel with IPSEC. Having said that let’s look at the configuration of DMVPN. This is the topology that we will use:
DMVPN Topology
Let me explain this topology to you:
·         R1,R2 and R3 are able to reach each other using their FastEthernet 0/0 interfaces. I used the 192.168.123.0 /24 subnet so that they can reach each other.
·         R1 will be the hub router and R2/R3 will be the spoke routers.
·         R2 and R3 will establish a tunnel to R1 as shown with the green dotted line.
·         When R2 and R3 want to communicate with each other they will create a spoke-to-spoke tunnel as shown with the purple dotted line.
·         We will use the 172.16.123.0 /24 subnet for the tunnel interfaces.
·         Each router has a loopback interface with an IP address. The routers will reach each others loopback by going through the tunnel interface.
The configuration consists of a number of steps:
Read more »
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)