MPLS Customer router physical interface
My provider wants to sell me MPLS services but I can't seem to get a straight answer regarding what the physical interface on my customer router needs to be. Some personnel tell me it will be a normal ethernet connection, other say it'll be a DS3 or T1 connection depending on the speed.
Please give me some advice on what to expect regarding an MPLS circuit? Or point me to some good documentation to maybe I can communicate better with the service provider.
Thank you.
Hi Tod
Few points from my side for your query
Access Link should be considered based on whether we are going for MPLS L3 VPN or MPLS L2 VPN Soilution
MPLS L3 VPN from my understanding is independent of Access Media but the Access Media will definitely put different hardware requirements for your Customer Edge Router
The Access Link Type and Bandwidth would vary depending upon the BW requirements for the network. The T1/T3 or a Subrate T3 Access Links would be a choice when we have BW requirements in that range(<45 Megs)
Using FE as an Acces link would require SP to provide Colocation Services or rather go for spanning a Fiber out from their Colo and deploying Optical Mux at Customer Premises and again suitable for BW requirements more than 45 Megs
MPLS L2 VPN
Ethernet is the choice for taking MPLS L2 VPN Services to connect your different branches in a point-to-multipoint fashion using VPLS at SP end.
You can go through the Cisco Doc - "Layer 3 MPLS VPN Enterprise Consumer Guide" which should help you gain more insight for choosing the PE-CE Routing Protocol and other points to consider for an MPLS L3 VPN Service.
Thats from my understanding. Hope you will get more good advises on this.
Regards
Vaibhava Varma
Similar Messages
-
Multiple Public IP's on one physical interface for devices behind Router.
Hi guys, I am trying to find information on applying multiple IP addresses to a router
basically one for the Router itself and then some for the devices behind the router, Which i am sure I need to apply some 1 to 1 NATs. I just do not know if i need to specify all the IP addresses on the main interface.
Example being I have a router with WAN ip of xxx.xxx.xxx.xxx/25 , it only has 2 interface one for WAN one for LAN, i have a server I would like assigned its own public IP address. but still on the same LAN network.
Could someone help me out and point me in the right direction with a sample configI agree with the previous response that you need a static NAT to allow outside resources to initiate traffic to your server. You also will need NAT or PAT using the router interface address to allow the other hosts in your network to access outside.
You do not need to configure any other of the addresses on the router interface other than the primary IP that you assign to the router interface. As long as the other addresses are used for NAT/PAT they are configured in the nat statements and not on the physical interface.
HTH
Rick -
Physical Interface not present in show ip route connected
Hi,
Thanks for reading my post.
I have a reccurent issue with a CISCO881-K9.
My WAN interface is regularly unsuable even if it's UP/UP. I can't even ping the interface from the router itself.
A reboot solves the issue. But now I have time and I'd like to get a proper understanding of what's going on.
The route doesn't appear in "show ip route connected".
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 X.Y.Z.82 YES NVRAM up up
Loopback0 10.31.129.5 YES NVRAM up up
NVI0 X.Y.Z.82 YES unset up up
Tunnel0 10.32.129.1 YES NVRAM up down
Vlan1 172.22.129.102 YES NVRAM up up
Router#ping X.Y.Z.82
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to X.Y.Z.82, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Router#
Router#show ip route
Gateway of last resort is X.Y.Z.81 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via X.Y.Z.81
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
R 10.30.129.0/24 [120/1] via 172.22.129.101, 00:00:08, Vlan1
R 10.31.129.1/32 [120/1] via 172.22.129.101, 00:00:08, Vlan1
C 10.31.129.5/32 is directly connected, Loopback0
172.22.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.22.128.0/24 [1/0] via 172.28.28.254
C 172.22.129.0/24 is directly connected, Vlan1
L 172.22.129.102/32 is directly connected, Vlan1
172.27.0.0/24 is subnetted, 1 subnets
S 172.27.0.0 [1/0] via 172.28.28.254
172.28.0.0/24 is subnetted, 1 subnets
R 172.28.28.0 [120/2] via 172.22.129.101, 00:00:08, Vlan1
172.30.0.0/24 is subnetted, 1 subnets
S 172.30.1.0 [1/0] via 172.28.28.254
172.31.0.0/24 is subnetted, 1 subnets
S 172.31.0.0 [1/0] via 172.28.28.254
S 192.0.0.0/16 [1/0] via 172.28.28.254
192.168.48.0/32 is subnetted, 1 subnets
S 192.168.48.247 [1/0] via 172.28.28.254
192.168.84.0/32 is subnetted, 1 subnets
S 192.168.84.247 [1/0] via 172.28.28.254
S 192.168.101.0/24 [1/0] via 172.28.28.254
R 192.168.104.0/24 [120/2] via 172.22.129.101, 00:00:08, Vlan1
Router#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is X.Y.Z.81 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.31.129.5/32 is directly connected, Loopback0
172.22.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.22.129.0/24 is directly connected, Vlan1
L 172.22.129.102/32 is directly connected, Vlan1
interface FastEthernet4
description WAN
ip address X.Y.Z.82 255.255.255.252
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1300
duplex full
speed 100
keepalive 3
crypto map MYSTREAM-MAP
hold-queue 224 in
end
Router#show interfaces fastEthernet 4
FastEthernet4 is up, line protocol is up
Hardware is PQII_PRO_UEC, address is 4403.a738.3c02 (bia 4403.a738.3c02)
Description: WAN
Internet address is X.Y.Z.82/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (3 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/224/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26675 packets input, 1826301 bytes
Received 12230 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
44029 packets output, 8969818 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
3 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Could you help on this? Or lead me to Tshoot that problem.
By the way the interface 4 is connected to an ISP Modem (TWC in US).
Thanks,
WilliamHi,
Thanks for your answer. I've checked the release notes and there is no bug about that.
I think I must use the WAN interface which is fastethernet 4. I'm not able to change the patch cable for now.
What could be the cause?
show version
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 21-Mar-12 00:27 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Router uptime is 1 week, 3 hours, 6 minutes
System returned to ROM by reload at 08:12:54 UTC Fri Oct 3 2014
System restarted at 08:14:30 UTC Fri Oct 3 2014
System image file is "flash:c880data-universalk9-mz.151-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
If you require further assistance please contact us by sending email to
[email protected]
Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FGL1652265J
5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO881-K9 FGL1652265J
License Information for 'c880-data'
License Level: advsecurity Type: Permanent
Next reboot license Level: advsecurity
Configuration register is 0x2102 -
No route after Interface change in VRF
Hi Everyone,
I have had a couple of strange incidents where changing a physical interface or ip address on an interface causes routing problems. We are running ASR9010 on IOS-XR 4.2.3
Case 1:
Changed a physical interface gi0/0/0/1.12 to BE21.12 on a vrf.
I lost static routes and had to remove and re-apply.
Case2:
Changed the IP address to a different network 172.17.254.126/27 to 172.27.254.126/27
ARP OK and ping from VRF or local device in other VRF OK, however host on connected interface cannot be pinged from across MPLS. Connected route is carried across MPLS OK. We will be trying to remove the entire interface and vrf config and re-apply.
EDIT: We re-applied config after removing and commiting. It is now working.
Any ideas or clues?
Cheers
MikeThanks,
The basic thing for case 2 is:
Customer --> VRF Gateway- Ping OK
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf BACKUP-MANAGEMENT 172.27.254.99
Fri Feb 14 12:42:49.771 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.254.99, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Server --> MPLS --> VRF Gateway - Ping OK
> ping routing-instance BACKUP_SERVERS 172.27.254.126
PING 172.27.254.126 (172.27.254.126): 56 data bytes
64 bytes from 172.27.254.126: icmp_seq=0 ttl=255 time=1.126 ms
64 bytes from 172.27.254.126: icmp_seq=1 ttl=255 time=1.029 ms
64 bytes from 172.27.254.126: icmp_seq=2 ttl=255 time=1.097 ms
64 bytes from 172.27.254.126: icmp_seq=3 ttl=255 time=0.998 ms
64 bytes from 172.27.254.126: icmp_seq=4 ttl=255 time=1.032 ms
^C
--- 172.27.254.126 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.998/1.056/1.126/0.047 ms
Server --> MPLS --> VRF --> Customer - Destination Unreachable
> ping routing-instance BACKUP_SERVERS 172.27.254.99
PING 172.27.254.99 (172.27.254.99): 56 data bytes
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 940d 0 0000 40 01 3404 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 a361 0 0000 40 01 24b0 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 a8ae 0 0000 40 01 1f63 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 ad11 0 0000 40 01 1b00 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 b5ab 0 0000 40 01 1266 172.28.91.252 172.27.254.99
--- 172.27.254.99 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf BACKUP-MANAGEMENT 172.27.254.99
Fri Feb 14 12:42:49.771 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.254.99, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01# sh arp vrf M2MGMT23509001
Fri Feb 14 12:56:57.313 EST
0/1/CPU0
Address Age Hardware Addr State Type Interface
172.27.254.99 00:14:08 0050.5682.66c0 Dynamic ARPA Bundle-Ether2.12
172.27.254.124 03:08:07 0050.5682.565c Dynamic ARPA Bundle-Ether2.12
172.27.254.126 - 6c9c.ed03.8eb2 Interface ARPA Bundle-Ether2.12
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01# sh arp vrf M2MGMT23509001
Fri Feb 14 12:57:25.328 EST
VRF Gateway --> MPLS --> Server - Ping OK
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf M2MGMT23509001 172.28.91.19
Fri Feb 14 13:00:13.402 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.28.91.19, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#sh run router bgp 17477 vrf M2MGMT23509001
Fri Feb 14 13:02:11.425 EST
router bgp 17477
vrf M2MGMT23509001
rd auto
label-allocation-mode per-vrf
address-family ipv4 unicast
redistribute connected
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#sho route vrf M2MGMT23509001
Fri Feb 14 13:03:46.700 EST
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
B 10.117.24.0/23 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
B 10.135.0.0/24 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
B 10.135.2.0/24 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
C 172.27.254.96/27 is directly connected, 2d02h, Bundle-Ether2.12
L 172.27.254.126/32 is directly connected, 2d02h, Bundle-Ether2.12
B 172.28.1.240/28 [200/0] via 125.7.35.120 (nexthop in vrf default), 6d22h
B 172.28.91.0/24 [200/0] via 125.7.35.120 (nexthop in vrf default), 6d22h
B 172.28.92.0/24 is directly connected, 1d01h, Bundle-Ether4 (nexthop in vrf BACKUP-SERVER) -
Hi,
I regularly use bridge domains to connect sub interfaces on different vlans using this sort of configuration:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/10.3122 l2transport
description CUSTOMER A CORE
encapsulation dot1q 3122
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
interface GigabitEthernet0/0/0/5.21
interface GigabitEthernet0/0/0/10.3122
When I try to use the same method to bridge two sub interfaces on the same physical interface so as to create a L2 VPN no data flows:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/5.22 l2transport
description CUSTOMER A WAN2
encapsulation dot1q 22
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
interface GigabitEthernet0/0/0/5.21
interface GigabitEthernet0/0/0/5.22
If I add a BVI interface to the bridge domain then the CE devices at the remote end of the WAN interface can both ping the BVI IP but they remain unable to ping each other.
Is this because tag rewrites are not happening since packets don't leave the physical interface?
How can I work around this and establish a L2 connection between the two subinterfaces?
Thank youa vlan is usually the equivalent of an l3 subnet, so linking 2 vlans together in the same bridge domain, likely needs to come with some sort of routing (eg a BVI interface).
If these 2 vlans are still in the same subnet, then there is still arp going on, from one host to the other that traverses the bD.
you will need to verify the state of the AC, the forwarding in the BD and see if something gets dropped somewhere and follow the generic packet troubleshooting guides (see support forums for that also).
that might give a hint to what the precise issue in your forwarding is.
regards
xander -
The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?
Hello
I think the following topologies are supported for Cisco Routers
And the Physical interface also can be using as Native VLAN interface right?
Topology 1.
R1 Gi0.1 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
R1 - configuration
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
Topology 2.
R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3
Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4 (same VLAN-ID)
R1 - configuration
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet8.20
encapsulation dot1Q 20
ip address 20.0.0.1 255.255.255.0
Any information is very appreciated. but if there is any CCO document please let me know.
Thank you very much and regards,
Masanobu HiyoshiHello,
The diagram is helpful.
If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
Best regards,
Peter -
Apply WCCP redirect to logical or physical interface?
If there is a logical subinterface configured under its physical interface (for example serial0/0/0.100 for routing), I should apply WCCP redirect (ip wccp 62 redirect in) to the logical interface, not the physical interface. Is that correct?
ThanksYes. You apply WCCP redirect to subinterface if you are using sub interfaces.
Regards.
PS: Please mark this Answered, if it answers your question. -
Physical interface Default Gateway connecting VPN with AnyConnect
When I connect vpn with AnyConnect, I can't see default gateway on Physical Interface.
before connect vpn
==========================================
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.10
after connect vpn with anyconnect
==========================================
C:\WINDOWS\system32>
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :'Can't see default gateway'
Is this the specification of Anyconnect?Nyanko,
This will happen when you are using tunnel all as the split tunneling policy, the computer will encrypt all the traffic so the default gateway will be removed from the physical connection and placed into the virtual adapter. If you take a look at the routing table you will see that what really happens is that the original default route's metric will be changed so that it is higher than the one injected by the virtual adapter, once you disconnect it should go back to normal.
Further information on split tunneling:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml
HTH
Jonnathan -
Participation In Customer Routing.
Hello ,
I am sending one question which I believe was wrongly answered on Cisco forum.In forum the answer guessed is A but I think the answer is B.I am also giving some explaination.
Which one of the following is true?
A. MPLS and traditional peer-to-peer VPNs require the service provider to participate in
the customer routing.
B. MPLS and traditional peer-to-peer VPNs require that the customer routing is
transparent to the service provider.
C. MPLS VPNs require the use of link-state routing protocols, traditional peer-to-peer
VPN implementations require distance vector protocols.
D. MPLS VPNs are constructed using dynamic routing protocols; traditional peer-topeer
VPN implementations are constructed using static routes.
Consider the scenario. BGP/MPLS VPN is considered as provider provisioned VPN, where the edge
router takes part in provisioning VPN service.
example: VPN A has three sites, 1, 2, 3 connected to PE1, PE2, PE3
respectively.
VPN A Customer routes from site 1 may or may not be directly reachable from
site 2, and site 3, depending on how they are provisioned by the Service
provider at PE. Infact customer has to depend on Provider for this
configuration.
But the core routers in the provider network, is not aware of existence of
any VPN and does not process any route which belongs to customer network,
outside the provider's network.
That is what my interpretation is.
In that respect, the customer routing is transparent to the provider.
Request all of you to comment and come to the conclusion this is important question from Cisco 640-910 examination point of view also.
Regards ,
Ranjeet Badhe
Engineer (Access Networks)Agreed, the answer should be B not A.
-
Hi,
I ususally use cisco asa to connect site to site vpn. The outside Eth0/0 intereface I ususally use for public internet static IP and eth0/1 to connect internal network.
For router. I have saw a lot of example over the web. It usually use FE0/1 for public internet static IP for both site to site VPN connection point and FE0/0 for internal network. Could you tell me why ? My concept is outside interface of FE0/0 must use for public IP address because the less security level. Please help to explain. Thank youHi,
The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.
You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.
Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.
There is nothing stopping you from using something different.
- Jouni -
Why assign IP addresses to router/switch interfaces?
I get why I would ever want to assign a IP address to a router or switch, for remote login and IP for hosts to reach it. But why assign IP addresses to the interfaces? Is it so the router/switch knows which port to send the packet out? Route summation? But I thought they do that through the routing table, like " that address is out this port".
So why would we ever need to assign IP addresses to specific port interfaces?Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You normally assign IP addresses to L3 interfaces so other L3 devices have an IP address to forward traffic to. (L2 IP address are generally only used for management.)
Suppose you had Host (192.168.1.5/24) <> R1 <> R2 <> (192.168.2.8/24) Host, and you want the two hosts to intercommunicate. How would you get this to work?
You might started by providing interface IPs on the router interfaces facing the host, such as:
Host (192.168.1.5/24) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24) Host
You then configure "gateway" IPs on both hosts:
Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
Now each hosts "knows" to send all its off local subnet, traffic physically to the GW IP. So, for example, if 192.168.1.5 want to sent to 192.168.2.8, it would forward the traffic to the GW IP, 192.168.1.1. This is a example of why you want an IP on the router's L3 interface.
Next we want R1 to forward the packet to R2, but it too needs a "next hop" IP address, so we assign addresses on the link between the two router, e.g.:
Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 (192.168.3.1/24) <> (192.168.3.2/24) R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
R1 then needs to "know" where to send packets with an destination IP network of 192.168.2.0/24, in this case, it need to "know" to send the to IP 192.168.3.2. When it does, R2, having and interface with 192.168.2.1, will also know 192.168.2.8 can be reached by sending the packet out that interface.
Hopefully, the above will show why IP addresses on router L3 interfaces are needed.
BTW, normally for the R1<>R2 link, you would assign a /30 or /31 network or you might use "unnumbered" interfaces (which "borrow" IPs from another interface). -
"mpls ip" global vs interface level command
What is the purpose of "mpls ip" global command? I think just enabling mpls on an interface by using "mpls ip" should be sufficient, but then what is the purpose of the global level command?
Usage Guidelines
Globally enabling MPLS forwarding does not enable it on the interfaces. You must enable MPLS forwarding on the interfaces separately.
MPLS forwarding of packets along normally routed paths (also called dynamic label switching) is enabled by this command. For a given interface to perform dynamic label switching, this switching function must be enabled.
The no form of this command stops dynamic label switching for all the interfaces regardless of the interface configuration; it also stops distribution of labels for dynamic label switching. However, the no form of this command does not affect the sending of labeled packets through the LSP tunnels.
link:
http://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/command/reference/cpt93_cr/cpt93_cr_chapter_010.html#wp1254011620
HTH -
Do gatekeepers need a dedicated physical interface
I recently took control of a network that has several h323 vtc endpoints registered to a gatekeeper.
The 3700 router that is the gatekeeper has a physical interface that appears to only exist to be the IP address of the gatekeeper. The 3700 router has other physical interfaces such as the serial interface to the WAN plus the gateway interface for the LAN.
The 10/100 interface with the gatekeeper IP address has no other configuration besides the "ip address" command. It is also physically connected to the switch.
All the gatekeeper unique configs are in the gatekeeper config on the 3700.
Do I really need to dedicate a physical interface so be the gatekeeper? Can I usa loopback interface or use my gateway ip address?
Thank you.We've redeployed out gatekeeper using /32 loop back interfaces. We have 2 routers each with a /32 loop back. Then we have 1 gatekeeper on each router configred in a cluster with each other. It works great. Now we can use that physical interface for something else and we have redundancy.
Thanks for the input. -
Critical physical interface or critical service ?
Hi,
I use a one arm solution ( Trunk interface) in active/standby environment made by 2 CSS 11501, working in router mode. They, each, connect to a separte swicth through the trunk interface. In such configuation, I ask,if configuring critical physical interface is suficient? the switchs are connect through a trunk interface also, and the server and client side are distributed among them in their respectives VLANS.
DavidDavid,
The trunk with the switch could be up but the servers or the default gateway not reachable.
You could add a critical service for the gateway.
Gilles. -
Network = 2 subnet on 1 physical interface on 1 VLAN
Hello,
For migration purpose I will need to configure a physical interface to be at the same time on two different subnet on only 1 physical interface.
On router it is called secondary IP but I don't know if sun is able to do that. I have no routing trouble as Sun servers are just talking in local.
example:
10.0.0.1---------
| ----------> same physical (if) and logical network (VLAN)
192.168.0.2----
Any clue would be helpfull
Thanks !Ok I have done test and I know that it is possible but I have 2 bugs :
-when restarting my server I get an error and must restart manually my interfaces ( exit status 96 ...) and manually add my default route which was not taken...
- I must specify my subnet in the hostname.ce0 for IP addresses that are in a "sub-network"
here is my config :
# cat /etc/hostname.ce0
toto + netmask 255.255.252.0 + up
addif test + netmask + up
# cat /etc/hosts
10.170.225.205 toto loghost hostname
127.0.0.1 localhost loopback
192.168.0.1 test
192.168.0.2 test2
# cat /etc/inet/ipnodes
::1 localhost
10.170.225.205 toto loghost hostname
127.0.0.1 localhost loopback
192.168.0.1 test
192.168.0.2 test2
# cat /etc/netmasks
10.170.224.0 255.255.252.0
192.168.0.0 255.255.255.0
# cat /etc/defaultrouter
10.170.227.254
Thansk for any help !!
JF
Maybe you are looking for
-
Error while uploading data through CSV File
Dear All, While Performing following steps I have encounted error in BW 3.5. Step 1. Right-click Source System u2013 demo: flat file, and then select Create InfoPackageu2026. Step 2. Select the DataSource Material number (Master data), enter a descri
-
My IPAD has been asking me to bckup my info onto icloud for over 2 weeks. i was travelling and was unable to do the same. now that i am trying to back up the ipad using the ipad device.....the reminder notification on my screen is locked.......i cant
-
Working with multiple spool work process
We have around 2500 spool request generated every day on an average.we had only 1 spool work process,last week we increased it by 1 and now 2 spool work process there in the system But we are not getting any help from second spool work process as all
-
How to join data from SAP BW and Oracle database from Webi?
Hi, Need to create a Web Intelligence Report connecting to multiple data sources. Ø SAP-BW contains the data (All units). Ø Oracle db contains the access security
-
Firefox 4 seems to hang when I try to type in the address bar...
I have Windows 7, Firefox 4.0, and am trying F-Secure Internet security 2011 trial. My issue is when I am browsing, quite often when I am typing in the address bar or search bar nothing happens. I cannot highlight the text or anything. I have figured