Re: l2tp redundancy, one router into 2 with ip sla tracking ?

matiasv · ‎09-03-2024

Hello, im pretty new in the IT world, just started few weeks ago, im trying to stablish something with l2tp tunnels, i dont know if its possible, wasnt able to find too much about it, maybe you guys can give a idea on how can be possible, or what should i be using.

This is what im trying to do:

the scenario is:

office1 with the asr1001 into 2 4331 routers in datacenters, one datacenter is in backup and the other in master, what i need is just layer2 traffic there.

does this config can work or something is wrong? havent tested this yet since i have to change the lab routers in different subnets to test this config, and im in the planning phase xd

asr1001:

xconnect to the Master

interface GigabitEthernet0/0/0.1 <---i dont know yet the vlans used but let pretend is 1
encapsulation dot1Q 1
xconnect 192.168.243.1 100 encapsulation l2tpv3
backup peer 192.168.242.1 200 encapsulation l2tpv3
ip address 192.168.x.x <--- does i need a different ip in the lan? those are pc hosts in a office

SLA track

ip sla 1
icmp-echo 192.168.243.1 source-interface GigabitEthernet0/0/1
frequency 10
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 192.168.243.0 255.255.255.0 GigabitEthernet0/0/1 track 1

~~ip route 192.168.242.0 255.255.255.0 GigabitEthernet0/0/1 200~~ <---is needed? theres a backup peer in the xconnect already, this should be a floating static route, kinda

4331-Master

interface GigabitEthernet0/0/0.1 <---i dont know yet the vlans used but let pretend is 1
encapsulation dot1Q 1
xconnect 192.168.24.1 100 encapsulation l2tpv3

4331-Backup

interface GigabitEthernet0/0/0.1 <---i dont know yet the vlans used but let pretend is 1
encapsulation dot1Q 1
xconnect 192.168.24.1 200 encapsulation l2tpv3

This may be really simple for you all guys, im still learning, so all you can teach me is welcome

thanks in advance, greetings from Uruguay

M02@rt37 · ‎09-03-2024

Hello @matiasv

To establish an L2TPv3 tunnel between your office (ASR1001) and two data centers (using 4331 routers) for layer 2 traffic, you can configure the 1001 to connect primarily to the master router and use the backup router as a failover. On this ASR1001, set up the interface with xconnect to the Master router's IP, and include a backup peer to the Backup router. Use ip sla to monitor the Master router and set a tracked static route for it, with a fallback route for the Backup router.

On both the Master and Backup 4331 routers, configure their interfaces to establish L2TPv3 tunnels back to the ASR1001 using matching xconnect parameters.

Sum up:

**ASR1001:**
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1
xconnect 192.168.243.1 100 encapsulation l2tpv3
backup peer 192.168.242.1 200 encapsulation l2tpv3

ip sla 1
icmp-echo 192.168.243.1 source-interface GigabitEthernet0/0/1
frequency 10
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 192.168.243.0 255.255.255.0 GigabitEthernet0/0/1 track 1
ip route 192.168.242.0 255.255.255.0 GigabitEthernet0/0/1 200

**4331-Master:**
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1
xconnect 192.168.24.1 100 encapsulation l2tpv3

**4331-Backup:**
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1
xconnect 192.168.24.1 200 encapsulation l2tpv3

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

matiasv · ‎09-03-2024

hello M02@rt37 , so it mean the config should work and its ok, right?

In case that i have multiples vlans, do i need to use the same xconnect and backup peer in each of the subinterfaces created for each vlan? for example : g0/0/0.200 .300 .XX and so on?

Im not quite sure about the config because i havent used l2tp and those things used in this setup ,so im depending on your knowage xd

Thanks!

M02@rt37 · ‎09-03-2024

@matiasv

If you have multiple VLANs that need to be transported over the L2TPv3 tunnels, you will indeed need to create a separate subinterface for each VLAN on both the ASR1001 and the 4331 routers. Each subinterface will have its own xconnect configuration pointing to the same peer IPs but with unique pseudowire IDs.

Example on asr1001, assuming you have VLANs 200, 300, etc...

interface GigabitEthernet0/0/0.200
encapsulation dot1Q 200
xconnect 192.168.243.1 100 encapsulation l2tpv3
backup peer 192.168.242.1 200 encapsulation l2tpv3

interface GigabitEthernet0/0/0.300
encapsulation dot1Q 300
xconnect 192.168.243.1 101 encapsulation l2tpv3
backup peer 192.168.242.1 201 encapsulation l2tpv3

4331-Master:

interface GigabitEthernet0/0/0.200
encapsulation dot1Q 200
xconnect 192.168.24.1 100 encapsulation l2tpv3

interface GigabitEthernet0/0/0.300
encapsulation dot1Q 300
xconnect 192.168.24.1 101 encapsulation l2tpv3

4331-backup:

interface GigabitEthernet0/0/0.200
encapsulation dot1Q 200
xconnect 192.168.24.1 200 encapsulation l2tpv3

interface GigabitEthernet0/0/0.300
encapsulation dot1Q 300
xconnect 192.168.24.1 201 encapsulation l2tpv3

--

Each VLAN's subinterface should use a unique pseudowire ID (100,101, etc., for the master connection and 200,201, etc., for the backup).

Consistent Peer IPs: The xconnect and backup peer configurations will use the same IP addresses across all VLANs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Giuseppe Larosa · ‎09-03-2024

Hello M02@rt37 ,

the subinterface used to configure the xconnect has no L3 services over it.

Taking this in account the source address for IP SLA has to be a different true L3 interface.

Edit:

I see that in your proposed configuration the access interface is gi0/0/0.1 and the source interface for SLA is gi0/0/1 so you are fine.

Hope to help

Giuseppe

M02@rt37 · ‎09-03-2024

Thanks sir !

@matiasv it can help you:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ha/configuration/xe-3s/wan-l2vpn-pw-red-xe.html#GUID-751568E4-945D-496A-BFD2-B061421E9EA0

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎09-03-2024

I will test in my lab and update you

MHM

matiasv · ‎09-03-2024

Hello @MHM Cisco World , thanks for testing it yourself, i will wait for your confirmation on this config

ps: do you test it with real hardware or in gns3 (or any similar software)? I remember that when using gns3, i had to work with really old cisco systems.

MHM Cisco World · ‎09-03-2024

MHM

MHM Cisco World · ‎09-04-2024

Check xconnect redundancy with track and it not work

The solution (can not test bfd in my lab)

PW-class MHM

Encap l2tpv3

Protocol l2tpv3

Ip local interface <the interface connect router to SP>

Monitor peer bfd local interface <interface connect router to SP>

!

PW-class MHM2

Encap l2tpv3

Protocol l2tpv3

Ip local interface <the interface connect router to SP>

!

Interface x/x. 100

Encap dot1x 100

Xconnect <primary> 100 encap l2tpv3 pW-class MHM

Backup peer <backup peer> 100 pW-class MHM2

MHM Cisco World · ‎09-12-2024

any update

MHM

paul driver · ‎09-04-2024

Hello
Looks like you have the the atom pseudowire on the wrong interfaces for the transit path

Office 1
int gig0/1.x
ip mpls
exit
mpls ldp router-Id <reachable loopback or physical interface of gig0/1.x)

int gig0/0
xconnect <remote loopback or remote physical interface of DCs> encapsulation mpls

DC
int gig0/0/1.x
ip mpls
exit
mpls ldp router-Id <reachable loopback or physical interface of gig0/1.x)

int gig0/0
xconnect <remote loopback or remote physical interface of office1> encapsulation mpls

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul