Topology diagram :
Interfaces used :
1) 12.12.12.X & 23.23.23.X - OSPF neighborship
2) 50.50.50.50 & 150.150.150.150 - Tunnel source
3) 13.13.13.X - Tunnel Build
4) 11.11.11.11 & 33.33.33.33 - Data traffic between R1 & R3 spoke sites. R2 is Provider here
OSPF & Eigrp neighborship build :
R1#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
23.23.23.1 0 FULL/ - 00:00:38 12.12.12.2 Serial0/0
R1#sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 13.13.13.3 Tu13 14 00:33:52 88 5000 0 3
R2#sh ip ospf neigh << It's Provider Network >> OSPF link both customer sites
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:32 23.23.23.2 Serial0/1
1.1.1.1 0 FULL/ - 00:00:37 12.12.12.1 Serial0/0
R2#sh ip eigrp neigh << It's Provider network >> So no Company running IGP Protocol
R3#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
23.23.23.1 0 FULL/ - 00:00:37 23.23.23.1 Serial0/0
R3#sh ip eigrp neigh
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 13.13.13.1 Tu13 12 00:30:50 94 5000 0
Configuration :
R1:
interface Loopback11
ip address 11.11.11.11 255.255.255.255
!
interface Loopback50
ip address 50.50.50.50 255.255.255.0
!
interface Tunnel13
ip address 13.13.13.1 255.255.255.0
tunnel source Loopback50
tunnel destination 150.150.150.150
interface Serial0/0
ip address 12.12.12.1 255.255.255.252
router eigrp 1
network 11.11.11.11 0.0.0.0
network 13.13.13.1 0.0.0.0
no auto-summary
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 12.12.12.1 0.0.0.0 area 0
network 50.50.50.50 0.0.0.0 area 0
R2 :
interface Serial0/0
ip address 12.12.12.2 255.255.255.252
ip ospf 1 area 0
interface Serial0/1
ip address 23.23.23.1 255.255.255.252
ip ospf 1 area 0
R3:
interface Loopback33
ip address 33.33.33.33 255.255.255.255
!
interface Loopback150
ip address 150.150.150.150 255.255.255.0
!
interface Tunnel13
ip address 13.13.13.3 255.255.255.0
tunnel source Loopback150
tunnel destination 50.50.50.50
interface Serial0/0
ip address 23.23.23.2 255.255.255.252
router eigrp 1
network 13.13.13.3 0.0.0.0
network 33.33.33.33 0.0.0.0
no auto-summary
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 23.23.23.2 0.0.0.0 area 0
network 150.150.150.150 0.0.0.0 area 0
Testing :
Check the Routing protocols what is what : So the Customer traffic should go only by Tunnel to deal with security and leakage of cutomer data or traffic, of course this is basic tunnel people can pull the data being not secured. We will go more in future LAB on how to deal with Security by implementing GRE/IPSec tunnel.
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
C 50.50.50.0 is directly connected, Loopback50
33.0.0.0/32 is subnetted, 1 subnetsD 33.33.33.33 [90/297372416] via 13.13.13.3, 00:38:31, Tunnel13 <EIGRP carrying> 23.0.0.0/30 is subnetted, 1 subnets
O 23.23.23.0 [110/128] via 12.12.12.2, 01:03:55, Serial0/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback11
12.0.0.0/30 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
C 13.13.13.0 is directly connected, Tunnel13
150.150.0.0/32 is subnetted, 1 subnets
O 150.150.150.150 [110/129] via 12.12.12.2, 01:02:06, Serial0/0
R2#sh ip route
Gateway of last resort is not set
50.0.0.0/32 is subnetted, 1 subnets
O 50.50.50.50 [110/65] via 12.12.12.1, 01:02:40, Serial0/0
23.0.0.0/30 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, Serial0/1
12.0.0.0/30 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Serial0/0
150.150.0.0/32 is subnetted, 1 subnets
O 150.150.150.150 [110/65] via 23.23.23.2, 01:03:20, Serial0/1
R3#sh ip route
Gateway of last resort is not set
50.0.0.0/32 is subnetted, 1 subnets
O 50.50.50.50 [110/129] via 23.23.23.1, 01:04:21, Serial0/0
33.0.0.0/32 is subnetted, 1 subnets
C 33.33.33.33 is directly connected, Loopback33
23.0.0.0/30 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, Serial0/0
11.0.0.0/32 is subnetted, 1 subnets
D 11.11.11.11 [90/297372416] via 13.13.13.1, 00:41:49, Tunnel13 <EIGRP carrying> 12.0.0.0/30 is subnetted, 1 subnets
O 12.12.12.0 [110/128] via 23.23.23.1, 01:06:22, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
C 13.13.13.0 is directly connected, Tunnel13
150.150.0.0/24 is subnetted, 1 subnets
C 150.150.150.0 is directly connected, Loopback150
~~~~~// Filtering the Routes // ~~~~~~~
--> How to filter the Routes if we adertise the same ip address space by mistake in different IGP protocol used for different purpose.
--> Chances are less because OSPF here is SP part and we build the GRE Tunnel and EIGRP is going by GRE Tunnel. But still need to know in order to provide solution for tricky CCIE LAB tickets.
If you encounter such problem :
--> fix it by filtering tunnel Source & Destination IPs using a distribute list (Using AD or ACL or prefix-list)
Happy reading ^-^
Q&A :
No comments:
Post a Comment