My VTI notes

28 Tuesday Sep 2010

Posted by suryantofang in Uncategorized

≈ Leave a comment

I know its weird to say that I use VTI , but this technic i use to advertise OSPF between Router host when it’s use MPLS from ISP. since ISP gave us only /30 IP per connection so difficult for me to adv OSPF into the cloud.

Here is What I already Play with Virtual Tunnel Interface :



##########Router BH

ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
vpdn enable

!
!
!
voice-card 0
!
!
!
!
!
username suryanto privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxx
archive
 log config
 hidekeys
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set T1 esp-3des esp-sha-hmac
!
crypto ipsec profile P1
 set transform-set T1
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.0.1 255.255.255.255
!
interface Loopback2
 ip address 192.168.0.2 255.255.255.255
!
interface Loopback3
 ip address 192.168.0.4 255.255.255.255
!
interface Loopback5
 ip address 172.123.124.2 255.255.255.0
!
interface Tunnel0
 description Tunnel MPLS BH Router
 ip address 172.12.12.1 255.255.255.0
 ip ospf mtu-ignore
 load-interval 30
 tunnel source 172.16.124.6
 tunnel destination 172.16.124.14
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile P1
!
interface FastEthernet0/0
 ip address 10.1.249.210 255.255.255.0
 duplex auto
 speed auto
!

!
interface Serial0/0/0
 description MPLS
 ip address 172.16.124.6 255.255.255.252
!

!
router ospf 1
 router-id 10.100.100.2
 log-adjacency-changes
 redistribute ospf 200 subnets
 network 172.1.105.0 0.0.0.255 area 0
 network 172.12.12.0 0.0.0.255 area 0
 network 172.16.124.6 0.0.0.0 area 0
 network 172.123.124.0 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
 neighbor 172.123.123.1
!
ip forward-protocol nd

ip route 172.16.124.12 255.255.255.252 172.16.124.5

no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
end

##########################################################################################

### Branch Router
Current configuration : 2081 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MPLS_POC_Branch1
!
boot-start-marker
boot system flash c2600-advsecurityk9-mz.124-15.T10.bin
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
 log config
 hidekeys
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set T1 esp-3des esp-sha-hmac
!
crypto ipsec profile P1
 set transform-set T1
!
!
!
!
!
!
!
interface Loopback1
 ip address 172.123.123.1 255.255.255.255
!
interface Loopback2
 ip address 172.123.123.2 255.255.255.255
!
interface Loopback3
 ip address 172.123.123.3 255.255.255.255
!
interface Loopback4
 ip address 172.123.123.4 255.255.255.255
!
interface Loopback5
 ip address 172.123.123.5 255.255.255.255
!
interface Tunnel0
 description temporary tunnel
 ip address 172.12.12.2 255.255.255.0
 ip ospf mtu-ignore
 load-interval 30
 tunnel source 172.16.124.14
 tunnel destination 172.16.124.6
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile P1
!
!
interface Serial0/0
 description MPLS2
 bandwidth 256
 ip address 172.16.124.14 255.255.255.252

!
router ospf 1
 router-id 10.100.100.1
 log-adjacency-changes
 redistribute static
 network 172.12.12.0 0.0.0.255 area 0
 network 172.123.123.0 0.0.0.7 area 1
!
ip forward-protocol nd
ip route 172.16.124.4 255.255.255.252 172.16.124.13
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line aux 0
line vty 0 4
 exec-timeout 0 0
 login local
!
!
end

From Backhaul we could see the route table from neighbor

Router-BH#sh ip route ospf
 172.123.0.0/16 is variably subnetted, 6 subnets, 2 masks
O IA    172.123.123.4/32 [110/1001] via 172.12.12.2, 02:15:26, Tunnel0
O IA    172.123.123.5/32 [110/1001] via 172.12.12.2, 02:15:26, Tunnel0
O IA    172.123.123.1/32 [110/1001] via 172.12.12.2, 02:15:26, Tunnel0
O IA    172.123.123.2/32 [110/1001] via 172.12.12.2, 02:15:26, Tunnel0
O IA    172.123.123.3/32 [110/1001] via 172.12.12.2, 02:15:26, Tunnel0

Leave a comment Cancel reply