From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Aug 06 2004 - 11:54:44 GMT-3
Hey Ken,
It's good to hear from you. I hope all is going well for you and life as a
new ccie is very good.
Getting back to the question at hand, I'm not sure I fully understand what
you're saying.
Let's suppose that the first task that needs to be done is the iBGP
configuration. And, before moving on to configure Ebgp peers or any
subsequent bgp tasks, I want to verify, if possible, that iBGP has been
correctly configured.
Let's also assume that because of a brain malfunction, the tunnel between R1
and R3 was configured using the loopbacks of R1 and R3 as the endpoints
instead of the correct ip addresses. And, the neighbor x.x.x.x remote-as on
each peer also used the loopback addresses.
If I now do a show ip bgp sum, everything will look fine. Although,
everything is NOT fine. There's trouble in River City !!!
The problem is that the peering session between R1 and R3 will come up even
though it's not using the tunnel. It's just using the IGP.
So, the question is how can the configuration up to this point be verified
assuming that it can be.
This is very important to me ( and potentially all ccie candidates) because
I'd like to have 100% confidence that this step is correct before moving on
so that if I have any problems in later steps I know where to look and more
importantly where not to look.
Also, I dont understand how the neighbor x.x.x.x next-hop-self relates to
this particular problem. Does using a tunnel in this situation require that
the next-hop-self command also be used?
I do understand that if the subnet between R1 (or R3) and it's Ebgp peers
isn't known by the IGP, then I need to use this command, but does having a
tunnel between R1 and R3 also create a need for this command?
Thanks for feedback and help on this.
Tim
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Brian McGahan"
<bmcgahan@internetworkexpert.com>; "Group Study" <ccielab@groupstudy.com>;
<samccie2004@yahoo.co.uk>
Sent: Friday, August 06, 2004 10:20 AM
Subject: RE: Using Tunnels with iBGP
Tim,
If you issue a "show ip bgp summary" shows the IP address of the remote
side of the tunnel, that means your IGP adjacency has been established
via the tunnel.
It depends on what you are trying to accomplish here. If R3 peers with
another AS and you want R3 to advertise routes it receives via this EBGP
relationship so that these routes will be available to R1, a tunnel
won't help you without "next-hop-self" attached to your "neighbor [R1]"
statement on R3. (I know this isn't your question but I think it's
important to mention). If you would like more of an explanation on
this, just let me know.
Nonetheless, if you use the "next-hop-self", then R1 should send to the
other side of the tunnel for the next-hop of those routes. You can
check this by doing a "show ip bgp [network]" and make sure the
"next-hop" is listed as the remote side of the tunnel interface. You
can also try to "traceroute" to this network and the remote end of the
tunnel should respond back as the first hop.
Does this help at all?
Kenneth E. Wygand
Systems Engineer, Project Services
CCIE #13720, CISSP #37102, CCNP/DP, ACSP,
Cisco IPT Design Specialist, MCP, CNA, Network+, A+
Custom Computer Specialists, Inc.
"Failure only occurs at the point in which one stops trying."
-Anonymous
Custom Computer Specialists, Inc.
"Celebrating 25 Years of Excellence"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Friday, August 06, 2004 9:57 AM
To: 'Brian McGahan'; 'Group Study'; samccie2004@yahoo.co.uk
Subject: Re: Using Tunnels with iBGP
Hey Sam,
It seems like you understand the issue here, but you didn't mention how
I
can verify if packets between the peers are using the tunnel rather than
just the IGP.
The problem is that the usual command to verify bgp is useless (it
seems) in
this scenario because peering will be established whether or not the
tunnel
is being used by the BGP peers.
Thanks for your input.
Tim
----- Original Message -----
From: <samccie2004@yahoo.co.uk>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
<ccielab@groupstudy.com>; "'Brian McGahan'"
<bmcgahan@internetworkexpert.com>
Sent: Tuesday, August 17, 2004 9:39 AM
Subject: RE: Using Tunnels with iBGP
> Not if u specify ur update source as tunnel interface and u peer with
> tunnel interface on remote router.
>
> I hope I understood ur Question correctly
>
> Sam
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: 06 August 2004 15:00
> To: Group Study; Brian McGahan
> Subject: Using Tunnels with iBGP
>
> Hi guys,
>
> Here's the scenario:
>
> R1 ----- R2 ---- R3
> | ------ tunnel --- |
>
>
> R1 and R3 are running BGP and are in the same AS.
>
> R2 is NOT running BGP & I'm not allowed to redist BGP into the IGP.
>
> Here's the problem:
>
> Assuming no eBGP peers have been set up at this point, how can the R1
to
> R3
> peering session and tunnel config be verified as correct?
>
> I assume that the output of the show ip bgp summary command will show
> that R1
> and R3 are successfully peering whether or not the tunnel is being
used.
>
> TIA, Tim
>
>
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:34 GMT-3