Customer just brought up their first BGP session at a new location. It is up fine with a full routing table, the second provider hookup is a few weeks away.
The provider allocated a /24 (x.x.1.0/24) for the network and a /30 for the PTP connection (x.x.129.172/30). For the initial setup, I did not configure a loopback, I just put x.x.129.174 on the WAN interface and set up the neighbor as x.x.129.173. It's working fine.
We will need to set up a L2TPV3 tunnel to their old location (single homed, no BGP on that side). Upon initial reading of Cisco docs to do this, we will need a routable IP on a loopback interface for starters. Using one from the /24 LAN is out unless we subnet it, which we don't want to do.
So the question is, can I just "move" the PTP IP address x.x.129.174 from the WAN interface to the loopback like this?
interface Loopback0
ip address x.x.129.174 255.255.255.252 (that's the mask we're using on
the WAN- Cisco's loopback examples show .255)
interface WAN1 (actually a gigether)
ip unnumbered loopback0 (or no ip addr?)
neighbor x.x.128.173 update-source Loopback0
Does this look even close to right? Or do we need another, single routabe IP from the provider for the loopback? Also, I am assuming we don't need separate loopback interfaces for BGP as for the Bridge/Tunnel. What about when the second provider comes up? A second or third loopback to nail up their WAN IP?
***OR*** is there a way to put their WAN I/F IP on the loopback and take it off their LAN Ether...and then do IP unnum loop0 on the LAN?
TIA,
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
We will need to set up a L2TPV3 tunnel to their old location (single
homed, no BGP on that side). Upon initial reading of Cisco docs to do
this, we will need a routable IP on a loopback interface for starters.
I'm pretty sure this is just a recommendation based on good practise
(routeability to endpoints), I'm sure since you are not multihomed you
can just use "ip local interface WAN1" and be done with it, I seem to
remember doing something similar in an l2tpv3 pw class and it working.
Using one from the /24 LAN is out unless we subnet it, which we don't
want to do.
So the question is, can I just "move" the PTP IP address x.x.129.174
from the WAN interface to the loopback like this?
interface Loopback0
ip address x.x.129.174 255.255.255.252 (that's the mask we're using on
the WAN- Cisco's loopback examples show .255)
interface WAN1 (actually a gigether)
ip unnumbered loopback0 (or no ip addr?)
neighbor x.x.128.173 update-source Loopback0
No, if you were to do this you should get a new transfer network, you
can't have the same address on two interfaces (and in fact, you should
really be stealing an address from your internal /24 which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...
We will need to set up a L2TPV3 tunnel to their old location (single
homed, no BGP on that side). Upon initial reading of Cisco docs to do
this, we will need a routable IP on a loopback interface for starters.
I'm pretty sure this is just a recommendation based on good practise
(routeability to endpoints), I'm sure since you are not multihomed you
can just use "ip local interface WAN1" and be done with it, I seem to
remember doing something similar in an l2tpv3 pw class and it working.
Using one from the /24 LAN is out unless we subnet it, which we don't
want to do.
So the question is, can I just "move" the PTP IP address x.x.129.174
from the WAN interface to the loopback like this?
interface Loopback0
ip address x.x.129.174 255.255.255.252 (that's the mask we're using on
the WAN- Cisco's loopback examples show .255)
interface WAN1 (actually a gigether)
ip unnumbered loopback0 (or no ip addr?)
neighbor x.x.128.173 update-source Loopback0
No, if you were to do this you should get a new transfer network, you
can't have the same address on two interfaces (and in fact, you should
really be stealing an address from your internal /24 which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...
That's not correct.
From a VZ IP circuit that I have:
interface Loopback0
ip address x.x.x.x 255.255.255.255 (actual assigned mask is 255.255.255.252)
interface Serial0/0/0
bandwidth 1536
ip unnumbered Loopback0
Agreed: We used to use L2TPv3 tunnels fairly often to provide nailed-up private VLAN services to clients when we could only procure a Layer 3 circuit from another provider. They're pretty simple to set up and work reliably, although you may need to maintain both ends of the L2TPv3 at approximately matching IOS versions... at one point we had a perfectly working customer, then I upgraded a router at one end of the tunnel, and they suddenly had major, unexplainable packet loss all through the day. After I upgraded the other end, it returned to working fine.
But yeah, you don't really need a loopback. We routinely terminated the tunnels on the WAN address closest to the Internet. I think the only time I had to introduce a loopback was when one router was a tunnel terminator for two far-end locations, and when I tried to configure the second peer it complained at me. Also one time I wanted to have two parallel tunnels between the same source and destination routers (which is perfectly fine, because it has a tunnel discriminator number that keeps the two customers' traffic separate), except I also wanted to do some fancy QoS prioritization on one of them. By the time the traffic hits the WAN interface, the tunnel discriminator is buried too far down in the packet to use any "match" statements in the QoS, so I made one of the tunnels have a separate L2TPv3 endpoint on each router, and then I could just match on destination IP address.
But that was a weird edge case. Most of the time we just used the outside Internet address, either T1 or Ethernet. Email me back privately if you want me to dig up the configs out of our CatTools archive.
-- Jeff Saxe
Blue Ridge InternetWorks
Charlottesville, VA
We will need to set up a L2TPV3 tunnel to their old location (single
homed, no BGP on that side). Upon initial reading of Cisco docs to do
this, we will need a routable IP on a loopback interface for starters.
Also, like any other tunnel, beware of MTU issues, these are so
routinely forgotten
Yeah, it's evil. I don't see a cisco equiv to state it's point to point (you can tell ISIS it is, but not define the interface as such). However, I'm not sure of the limitations or associated problems, you might try:
FastEthernet0/0.1
encap dot1q 1 native
ip unnumbered loopback1
!
Haven't tested it, but it utilizes the access code in IOS for subscriber management using vlans. As long as you have a route pointing out the interface, it will allow the traffic to go through.
With the latest IOS you MUST use loopback addresses or the Tunnel will not form, regardless of the class settings especially if using a L3 router temination device(s).
SRR