DMVPN using loopback interface vs. physical interface

Similar Messages

• DMVPN using GRE Configuration with EIGRP

  Good morning to all,
  What a pleasure to find a forum in our language and in our language to express any objection to our network and enlist the help of experts.
  I want to express my case is as follows:
  I configured DMVPN using tunnel to lift the VPN using Loopback interfaces on the spokes and the Hub, the VPN is properly UP, but I have a problem, I have not yet achieved the data sent is encrypted by the tunnel, I lack in the settings to accomplish this, send them here eh settings made ​​in the Hub and spokes.
  Spoke
  crypto isakmp policy 1
  encr aes
  hash md5
  authentication pre-share
  group 2
  crypto isakmp key NETWORKLESSONS address 0.0.0.0 0.0.0.0
  crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
  crypto ipsec profile MGRE
  set transform-set MYSET
  interface Tunnel0
  bandwidth 512
  ip address 10.254.254.3 255.255.255.0
  ip mtu 1500
  ip nhrp authentication cisco
  ip nhrp map multicast 10.2.32.21
  ip nhrp map 10.254.254.1 10.2.32.21
  ip nhrp network-id 1
  ip nhrp nhs 10.254.254.1
  ip tcp adjust-mss 1436
  no ip split-horizon eigrp 100
  tunnel source 10.60.5.32
  tunnel destination 10.60.0.0
  tunnel key 1
  tunnel protection ipsec profile MGRE
  interface Serial0/0/0.532 point-to-point
  description CON ENLACE ASR-1000
  bandwidth 256
  ip address 10.2.32.22 255.255.255.252
  frame-relay interface-dlci 532  
    class QoS-256kbps
  ip access-list extended GRE
  permit gre host 10.2.32.22 host 10.2.32.21
  ------------  HUB
  crypto isakmp policy 1
  encr aes
  hash md5
  authentication pre-share
  group 2
  crypto isakmp key NETWORKLESSONS address 0.0.0.0 0.0.0.0
  crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
  crypto ipsec profile MGRE
  set transform-set MYSET
  interface Tunnel0
  ip address 10.254.254.1 255.255.255.0
  no ip redirects
  ip flow ingress
  ip nhrp authentication cisco
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  no ip split-horizon eigrp 100
  tunnel source Loopback1
  tunnel mode gre multipoint
  tunnel key 1
  tunnel protection ipsec profile MGRE
  interface GigabitEthernet1/1/4.532
  description Aeropuerto Maturin CTO:CEEAP-XXXX
  bandwidth 256
  encapsulation dot1Q 2532
  ip address 10.2.32.21 255.255.255.252
  service-policy output QoS-256Kbps
  ASR-ROSAL-01#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  10.60.0.0       10.60.5.32      QM_IDLE          22062 ACTIVE
  IPv6 Crypto ISAKMP SA
  Anyone have any idea regarding this configuration.
  Thank you.

  hi Reza Sharifi ,
  Thanks for the help i added the following configuration to the Routers:
  R1 & R2:
  Interface Tunnel0
   ip hello-interval eigrp 100 60
   ip hold-time eigrp 100 300
  in this case it will have to miss 5 hello to declare the neighbor dead.
  i will let you know if this fixed the problem or not.
  Best Regards
  Sensie

• When not to use loopback?

  Hi guys,
  It seems very simple question, but it made me go thinking and thinking and decided it would be worthwhile to share it here with you.
  I am building a small network with one core switch doing all inter vlan routing and connecting to two edge routers (these routers are used for different purpose).
  I am planning to use a management vlan having all the switches as part of it. And I was thinking of using loopback interfaces on the routers and use static routing so the core knows where they are located.
  My question (which may seem stupid here ) was to ask whether having loopback here would be really worthwhile? or if there is a better way in regards to management of the network devices?
  Thanks,
  Mo

  having a loop back really only makes sense if you have more than 1 path into the router. If you have a single network connection into the switch and that connection goes down, having a loop back wouldn't help much.
  Hth,
  John
  Sent from Cisco Technical Support iPad App

• Could I use "vlan interface" as a tunnel source of DMVPN ?

  I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
  Could I use vlan interface as a tunnel source when configuring DMVPN ?
  The vlan ports is on the 9 port FE Switch module.
  Because it's used now in production,I can't try it.

  Hello.
  I think there is no restriction on software routers like 2811.
  PS: using loopback could be a better idea.

• Crypto Map on Loopback interface or Physical Interface

  Dear All,
  When we try to apply the crypto map on any physical interface or the loopback interface on WS-6506-E, it is showing the error. But the same i could apply on VLAN interface. Can anyone explain me what is the issue..?
  6506(config)#interface loopback 3
  6506(config-if)#crypto map XXXX
  ERROR: Crypto Map configuration is not supported on the given interface
  Any hardware limitation?

  This was proven to break CEF in the past and is a bad design choice by default.
  Newer release do not allow you to configure this.
  If you're curious if it will work for you check releases prior to 15.x.
  M.

• Benefit of loopback interface

  why do we use a loopback, is it just for when we are using routing protocols, and if say a router has 2 interfaces, the loopback can be reached from both ?

  Hello Carl,
  Loopback interfaces are indeed often used with routing protocols as ospf, bgp, eigrp.
  The advantage is that loopback interfaces are always up, because they are virtual. If they can be reach depends ofcourse on your routing protocol.
  Ik you have for example a router with 3 physical interfaces all connected and your routing is configured correctly then the remote side can always reach your loopback till all paths (physical) are down.
  But there are a lot more reasons to use loopbacks, but i think this one is the most important one.

• OSPF and loopback interface

  Hello,
  When you set a loopback interface port, do you use the same ip address as the interface configured for the area number? Example, if the interface is 192.168.0.1, will your loopback ip address be 192.168.0.1?
  Do you increment the ip address for example: 192.168.0.2
  Thank you,

  Jason
  I do not understand whether your question is asking how you configure a loopback interface or whether you are asking how you configure OSPF to process on the loopback interface.
  A loopback interface is a virtual interface on a router. You assign an IP address to the loopback interface much as you would assign an address on a physical interface. The subnet mask for the loopback interface can be a normal subnet mask or it could be a host specific /32 mask (255.255.255.255). What mask to use depends on how your network is designed.
  Once you have assigned an IP address on the loopback interface if you want to have OSPF include the interface then you would need a network statement under router ospf that would include the loopback interface address. If your loopback interface were assigned address 172.16.1.10 then any of these network statements could work:
  network 172.16.1.10 0.0.0.0 area 10
  network 172.16.1.0 0.0.0.31 area 10
  network 172.16.0.0 0.0.255.255 area 10
  If this does not explain what you want then perhaps you can clarify your question.
  HTH
  Rick

• Loopback interface as dial peer?

  Can a loopback interface be specified in the session target command when configuring dial peers for FXS ports? Currently using a physical address and have an application that needs to specify a logical address. Will try in lab environment. Just wondering if anyone has done this?

  Yes, you can.
  Be sure to put h323-gateway voip interface
  and h323-gateway voip bind srcaddr under the loppback interface.
  This is actually the preferred method.

• Loopback Interface

  What is the purpose of the loopback interface?

  Sherman
  A loopback interface is a virtual interface that can be configured on a router. When we say it is a virtual interface this means that it logically exists but it does not exist physically (there is no physical interface and no cable to plug into it). One important aspect of the loopback interface is that it removes physical dependencies - you can not unplug a cable and have the interface go down (unless the cable was the power cable for the router).
  The loopback interface can have many uses. Some routing protocols have the concept of a routerID and we frequently want a loopback interface address to be the RID (because it is more stable than any physical interface). We frequently want to use a loopback interface addresses for management purposes. We may want to source our SNMP messages from the loopback. If we want to ping an interface on the router to determine whether the router is up or not it is good to ping the loopback interface. If you want to telnet to the router you do not have to be concerned whether you are accessing it by its serial interface, its Ethernet interface, or any other interface if you telnet to the loopback interface address. If you are using AAA and an ACS server for authentication it is good to source the authentication packets using the loopback interface. Some protocols need to specify peer addresses (BGP, and GRE tunnels and IPSec are examples that come to mind) and it may be advantageous to use the loopback interface address as the peer address.
  There are more uses for loopback interfaces but this gets the discussion started.
  HTH
  Rick

• Baseline template - look for specific loopback interface when specifying "ip tftp source-interface"

  Hello all
  I'm new to regex and I'm trying to make a baseline template, that will check our network devices for our required basic configuration.
  What I'm trying to do is to make a template that will look for either a loopback0 or loopback1 interface.
  If eíther one is found (the loopback interfaces will not be there at the same time) it must apply the following command:
  ip tftp source-interface loopback0 (or loopback1)
  Is it even possible to make an if-then statement using regex?
  Thank you in advance.
  Best regards
  Jesper Ross Petersen
  Message was edited by: Jesper Ross Petersen

  Yes, this can be done
  #Go to the tcl shell of the device.
  C1811#tclsh
  C1811(tcl)#
  #copy and paste this at the tcl prompt.
  proc intf {} {
  set runningcfg [exec show run | inc ^interface Loopback]
  foreach line [split $runningcfg \n] {
  if {[regexp {interface (Loopback[0-1])} $line -> interface] } {
  ios_config "ip tftp source-interface $interface"
  return "ip tftp source-interface $interface"
  # now type the name of the proc (intf) at the tcl prompt.
  C1811(tcl)#intf
  # If loopback0 or 1 is present the tftp source interface is added to the running config.
  ip tftp source-interface Loopback0
  C1811(tcl)#

• Missing loopback interface and modules, and isofs mounting [SOLVED!]

  In my new archlinux istallation, isofs and loopback facilities are not present and when installed by hand do not seem to work. [See FINAL SOLUTION below. Thanks for the suggestions I got].
  Now, I was under the impression that such facilities should be automatically available at the end of a normal installation.
  For instance, in an installation I made last fall, I can mount .iso filesystem through the loopback interface with no problems (and that even without using -t, with just 'mount image.iso /mnt/iso').  In that installation, lsmod shows the modules
    loop                  18526  2
    isofs                  32946  1
  (also, a module isofs is present in /lib/modules, though I cannot find a loop module there)
  and eight loopback devices are available as /dev/loop0 ... /dev/loop7
  On the other hand, in the new installation no /dev/loop devices are present, and no loop and isofs modules show up either
  as installed (as reported by lsmod) or at least in the libraries. Has something changed recently? Do I need to install a package that will set up my installation for loopack mounting and mounting of .iso filesystems?
  INTERIM SOLUTION
  I mentioned above that in my older Linux box, on an Arch Linux installed months ago but not upgraded for many weeks, I had loopback devices running and isofs and loop modules installed, and all working well by itself. Today I did an upgrade, and noticed that it came with a new kernel (3.3?), probably the same I had on the new machine. So I rebooted after that---and found the exact problem as on the new machine: /dev/loop* missing, no modules isofs or loop appearing in lsmod. So I installed by hand a loopback interface, with 'mknod /dev/loop0 b 7 0'. Then I made sure I had the isofs package installed, and installed the isofs module with modprob; this time isofs showed on lsmod, but loop didn't yet. Finally I mounted a data DVD (note that the incantation -t iso9660 is no longer necessary), and as a last thing I mounted an .iso file; both worked. Only after this did a module loop show up in lsmod.
  So probably something subtle changed in the dependencies between installed packages, installed modules, and installed loopback devices, so that something is out of sync and has to be nursed manually. Better experts than I may throw
  some light on this problem and hopefully fix it.
  FINAL AND SATISFACTORY SOLUTION
  Whatever may have happened before, the following works like a charm:
  I upgrade Arch; it installs 3.3.1-1-ARCH as a kernel in /boot.
  I reboot to let the new kernel "take".
  No loop0,...,loop7 devices show up in /dev; no isofs or loop show up with lsmod; isofs (but no loop) present in /lib/modules
  I do 'mount /dev/sr0 /iso' (NOTE: no -t iso9660' option) with a CD in the sr0 drive; the CD filesystem shows up in /iso.
     After this, isofs shows up in 'lsmod|grep isofs', but no loop device yet.
  I unmount /iso and do 'mount ~tt/ markov.iso /iso' (NOTE: no -t iso9660' option); the markov filesystem shows up in /iso.
    After this, loop0,...,loop7 devices show up in /dev, and a loop module (wherever that camefrom) appears in lsmod.
  In other words, everything required for isofs automounts as necessary and remains mounted until new reboot.
  The '-t iso9660' option is not necessary. As noted by an other Arch post, this option may be detrimental and might have been the culprit; this is an issue I will explore on the next reboot.
  Last edited by rugantino (2012-04-11 20:11:55)

  When /etc/rc.sysinit is invoked during the bootprocess; it should automatically start a loopback interface (unless you've specifically disabled it in /etc/rc.d/network or so).
  Check your logs to see if your find any related errors.

• Adding Loopback interface for branch routers

  Hi,
  I have several branch routers that i want to add a loopback interface for managament purposes. I am currently using ospf as my routing protocol.
  Will the rotuer-id be updated accordingly and will there be any effect on my ospf routing?
  Thanks.

  Hi,
  No, the router id will not change unless you clear the OSPF process. So, this will cause an outage to your environment and should be done during a maintenance window.
  from the ospf document:
  OSPF automatically prefers a loopback interface over any other kind, and it chooses the highest IP address among all loopback interfaces. If there are no loopback interfaces present, the highest IP address in the router is chosen. The OSPF cannot be directed to use any particular interface. Once the router ID is elected, it does not change unless the OSPF process restarts or the router is reloaded.
  http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/23862-duplicate-router-id-ospf.html
  HTH

• Loopback interface on catalyset switches

  Hello,
  I need to know if I can configure loopback interfaces on L2 switches (2950) and if yes , in which IOS
  Thanks
  Moamen

  Hello,
  for admin, I need to create loopback interface and use it as the admin IP to reach the switch
  I know that the admin ip configured under interface vlan1
  but I'm asking because I have a switch that has the int loopback in his menu when using
  conf t# int ?
  I can found loopback , but I can't configured it
  switch(config)#interface ?
  Async Async interface
  BVI Bridge-Group Virtual Interface
  Dialer Dialer interface
  FastEthernet FastEthernet IEEE 802.3
  Group-Async Async Group interface
  Lex Lex interface
  Loopback Loopback interface<<<<<
  Multilink Multilink-group interface
  Null Null interface
  Port-channel Ethernet Channel of interfaces
  Tunnel Tunnel interface
  Virtual-Template Virtual Template interface
  Virtual-TokenRing Virtual TokenRing
  Vlan Catalyst Vlans
  range interface range command
  System image file is "flash:c2950-i6q4l2-mz.121-22.EA3"
  but when I'm trying to configure it the switch refused
  Thanks & BR
  Moamen

• Loopback interface performance...

  Hi all,
  I've got an application that runs in a Solaris box. During application cycles, it needs to make internal call to itself (web-Services based architecture) and until now they were using the Internet IP of the box (hme0 interface).
  Would it not be better to use the loopback interface (lo0) for internal connections instead of using the normal internet interface (hme0) ?
  Is the loopback interface more suitable for this purpose ? is it scalable enough ?
  our ifconfig as follows :
  hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 1
  inet 192.168.0.6 netmask ffffff00 broadcast 192.168.0.255
  hme2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 129.157.66.18 netmask ffff0000 broadcast 129.157.255.255
  hme2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 129.157.66.28 netmask ffff0000 broadcast 129.157.255.255
  lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 3
  inet 127.0.0.1 netmask ff000000
  Thanks in advance.
  Nicolas

  The loopback interface address of 127.0.0.1 seems to work well:
  sd-6:/tmp
  root:=> mkfile 100m test
  sd-6:/tmp
  root:=> ftp 127.0.0.1
  Connected to 127.0.0.1.
  220 sd-6 FTP server ready.
  Name (127.0.0.1:root): root
  331 Password required for root.
  Password:
  230-Please read the file README.pdf
  230- it was last modified on Wed Dec 15 15:26:58 2004 - 39 days ago
  230 User root logged in.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> bin
  200 Type set to I.
  ftp> cd /tmp
  250 CWD command successful.
  ftp> get test test2
  200 PORT command successful.
  150 Opening BINARY mode data connection for test (104857600 bytes).
  226 Transfer complete.
  local: test2 remote: test
  104857600 bytes received in 2 seconds (50724.56 Kbytes/s)
  ftp>

• Editing the Customer Address using Open Interface

  Hi All,
  The requirement is to edit the address details(postal codes) of the customer using Open Interface and not the APIs.
  They are insisting on using open interface as the Vertex validation(Taxation rules) is taken care only by Open Interface.
  Will need help on this.Kindly advice.

  Please refer the following whitepaper
  https://metalink2.oracle.com/cgi-bin/cr/getfile.cgi?p_attid=67196.1:1
  Thanks,
  Anil