06-11-2013 02:55 PM - edited 03-03-2019 07:05 AM
This is a very simple question so don't laugh!
We have 10 837's that are about to migrate to an MPLS network.
We will be using BT Clear IP for the ADSL.
I realise that there isn't much to setup on our CE routers apart from adding static routes.
Our internal address range for one of our routers (SITE A) is 10.10.1.0/24.
BT (our MPLS provider) have provided:
PE Router IP: 81.141.*.*
Routing Type : STATIC Loop Back IP Address: 192.168.100.1
Address Prefix: 192.168.100.1
Mask: 255.255.255.255
So if I put 192.168.100.1 as the static IP for the WAN interface or create a eg loopback0 interface?
The 837 doesn't like the /32 mask either so it's proving to be a bit of a pain to get it going.
I would have thought it would of went something like:
SITE A:
WAN IP = 192.168.100.1/32
LAN IP = 10.10.1.0/24
SITE B
WAN IP = 192.168.100.5/32
LAN IP 10.10.2.0/24
STATIC ROUTES:
SITE A
ip route 10.10.2.0/24 via 192.168.100.5
SITE B
ip route 10.10.1.0/24 via 192.168.100.1
I can actually ping SITE B's external interface from SITE A's LAN and vice versa.
But I can't seem to go from LAN to LAN.
Any ideas would be apreciated.
Apologies for the basic question......
Solved! Go to Solution.
06-17-2013 08:39 AM
Hi, I'm a little closer now.
Believe it or not, I wasn't given the full details on the spreadsheet and the column with AS numbers was missing.
Now that I have that, I have BGP working on it and the ip routing table is showing lots of ip routes.
The only issue I have now is that although I can reach destinations from the router itself eg ping 10.10.1.1 etc, I can't seem to do it from the LAN.
I've tried NAT, no NAT etc and it still doesn't go. The clients on the LAN are picking up an dhcp lease and can ping the router. They can't however, ping the beyond that.
Config is below..... I'm sure I'm missing something simple:
!This is the running config of the router: 10.10.1.1
!----------------------------------------------------------------------------
!version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXX
!
username XXXXXXXX privilege 15 password 0 XXXXXXXXXXXXXXX
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool SITE_A_CLIENTS
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 10.10.1.10 10.10.1.11
!
!
ip domain name XXXXXXXX.local
ip cef
ip ids po max-events 100
ip ssh version 1
no ftp-server write-enable
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.100.1 255.255.255.255
!
interface Ethernet0
ip address 10.10.1.1 255.255.255.0
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer0
ip unnumbered Loopback0
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXX@adslconnect.bt.com
ppp chap password 0 XXXXXXXXXX
ppp pap sent-username XXXXXXXXXX@adslconnect.bt.com password 0 XXXXXXXXXXX
!
router bgp 55010
no synchronization
bgp log-neighbor-changes
network 10.10.1.0
neighbor xxx.xxx.xxx.xxx remote-as 2856
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
!
!
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
exec-timeout 60 0
privilege level 15
password XXXXXXX
login local
transport preferred ssh
transport input ssh
transport output all
!
scheduler max-task-time 5000
end
mfurnival wrote:
Yes, it is possible that the ISP is adding the routes to your VRF via RADIUS attributes when you authenticate your PPP session. Have you been asked to provide your LAN subnets to BT for each site?
Most of the sites are IP Connect Plus and only ask for a loopback.
However, there are 2 sites that use "ADSL max" and they have asked for the LAN ip range of those sites as well as the loopback.
06-17-2013 08:52 AM
Sounds like you are nearly there.
Forget about NAT - you don't need it in this setup.
Can you post a:
"show ip route"
"show ip bgp"
"show ip bgp summary"
What address are you trying to ping from the LAN clients?
06-17-2013 11:08 PM
I'm trying to ping another LAN that is on the mpls network and is definetely working.
Ping from ROUTER of SITE A:
10.10.1.1 = OK (LAN side of SITE A)
192.168.100.1 = OK (loopback address & ip unnumbered address of ADSL)
81.141.*.* = OK (PE Router and next hop)
192.168.100.12 = OK (ip address of ROUTER on SITE B)
10.10.12.1 = OK (LAN side of SITE B)
So it looks ok.
Ping from LAPTOP on LAN of SITE A:
10.10.1.1 = OK (LAN side of SITE A)
192.168.100.1 = OK (loopback address & ip unnumbered address of ADSL)
ALL other pings externally FAIL (can't even ping PE Router)
Could it be that the other sites don't know how to get back to 10.10.1.0/24?
06-18-2013 12:36 AM
Yes, I suspect that is the case.
Under BGP you have a statement:
network 10.10.1.0
You would normally add a network mask to this as BGP will only advertise a network into BGP when it has the matching route in its routing table. You can try changing it to:
network 10.10.1.0 netmask 255.255.255.0
Or (preferably) I would just do "redistribute connected" under BGP.
06-26-2013 11:22 AM
Hi all,
sorry been away for a while. Just to let you know, we now have success.
So for anybody in the future who comes across this, our main sticking points with this were:
1. Not given the full details ie the AS#
2. Loopbacks have to be configured on ADSL as they generally have a /32 and use ip unnumbered loopback0
3. Our core network routes needed changing to be able to reply back to the router's lan
4. Due to using loopbacks, use "neighbor xxx.xxx.xxx.xxx update-source loopback
And the one that really had me going was:
"neighbor xxx.xxx.xxx.xxx disable-connected-check" which was strange because i didn't need it with the first router which used the same model and firmware.
So config ended up like:
router bgp 55010
no synchronization
bgp log-neighbor-changes
network 10.10.1.0 mask 255.255.255.0
neighbor xxx.xxx.xxx.xxx remote-as 2856
neighbor xxx.xxx.xxx.xxx update-source loopback0
neighbor xxx.xxx.xxx.xxx disable-connected-check
redistribute connected
no auto-summary
So all in all, we are there and thank you to everyone who contributed and offered assistance in this thread.
Correct answer has to go to mfurnival as he's been extremely helpful.
Thank you.
06-27-2013 01:28 AM
Glad you got it working louis - I have never come across that "disable-connected-check" command before so I have learnt something new this morning.
06-27-2013 11:49 PM
Just another quick question on here as I've been asked this and I honestly don't know the answer.
Can you use any old router as a CE Router.
For the above connections, our MPLS provider gave us AS# and only asked for loopbacks to be specified and the only way we could get this to work was by configuring BGP.
We also have a couple of other ADSL connections where our provider has asked us to provide a loopback AND a lan subnet. They haven't supplied AS#'s for these connections.
So to me, it looks like the provider is going to populate the routing table with the Lan's on these connections so any old router could be used.
Whereas with the connections where they haven't asked for the lan subnet and provided us with AS#'s, we can only use BGP to populate the routing table? Or can static routes be used here?
06-28-2013 12:40 AM
I am a bit confused about what you are asking here. Let me try and explain.
Any Cisco router can use a loopback address - the use of loopbacks is mainly for administration purposes and allows you to have a hardware independent interface that can be used for management or sourcing control plane traffic.
The ability to run BGP is dependent on the IOS feature set you are running on the router rather than the router model.
In my experience you would either do the following in MPLS environments:
1. Run BGP with the provider and redistribute your local subnets into BGP on your CE router usually over some sort of ethernet access circuit (typically where you have a higher spec router).
2. Run some other routing protocol (RIP / OSPF / EIGRP) over a DSL type connection.
3. Don't run any routing protocol over the WAN link and the provider would insert LAN subnet routes into the VRF via RADIUS attributes.
So don't get bogged down with the link between AS numbers and loopbacks - this is just good practice. In reality all of your routers should have loopback addresses.
06-28-2013 06:13 AM
I think you have answered my question there as well.
The connections that I'm refering to are DSL connections.
Our provider has given us 2 types, which are IP Clear Connect Plus & IP Clear Connect Max.
For the first type, they only asked us to specify our loopback addresses.
For the second type, they asked us to specify a loopback address and the lan subnet that we inteneded to use.
So, to me, for the first type..... it looks as though we have to advertise our routes into the vrf via BGP as that is all they use.
However, the second type already has the lan specified into the vrf by the providers so it looks as though any old router would work with this (as it doesn't have to use BGP and its subnet is already in the vrf)
So, going back to the first type (without the provider specifying the lan subnet), is it possible to use a router on this type of connection that doesn't use BGP?
06-28-2013 06:35 AM
Well you would have to run some sort of routing protocol (whether it be BGP or something else) in order to tell the provider what subnets you have on that site - how else would they know otherwise? But with any routing protocol the provider has to be doing the same thing on their PE or it won't work - for example you could enable RIP / EIGRP / OSPF on your WAN interface but learn nothing from the cloud if the provider has not enabled it on their side - likewise, anything you advertise out will not be learnt by the PE if they are not running a routing protocol.
So the answer is - if you have not told your provider that site x has subnet x.x.x.x locally then you must then use some sort of routing protocol to get it working.
06-28-2013 01:22 PM
Great. Exactly what I though as I'm being badgered to put another type of router on there that doesn't support BGP and I couldn't see how you would do it without some form of routing protocol.
The first type of connection doesn't give us that option whereas the second type does.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: