Solved: Re: ip route via interface when loopback in bind mode

dijix1990 · ‎07-27-2023

How can I make default route via interface with loopback in bind mode?

interface Loopback1
  tunnel-interface
   encapsulation ipsec
   color red
   bind GigabitEthernet1
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   allow-service https
   no allow-service snmp
  exit
exit

ip route 0.0.0.0 0.0.0.0 GigabitEthernet1

Kanan Huseynli · ‎07-29-2023

It is not so similar.

In legacy case, you have physical port which inherits loopback IP.

In SD-WAN you have separate IPs in loopback and physical. So, return route is needed.

Plus, it is not recommended to have static route with exit interface it if is multiaccess based (ethernet is and requires arp). For each remote destination, router will generate arp and proxy-arp should help from ISP side.

In short, configure normal L3 interconnection with loopback having separate IP and return route in ISP side.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

MHM Cisco World · ‎07-27-2023

I think no need

Under vpn0

There are interface use to connect to MPLS or internet

And there is lo use only for TLOC.

So defualt route use WAN and tloc use lo

dijix1990 · ‎07-27-2023

Of course I bind loopback to interface which is transport. It's GigabitEthernet1, and my route on the vpn0 via ip doesn't work, for legacy scheme I use route via interface.

My task is using /32 ip address as transport

dijix1990 · ‎07-27-2023

It's place where we want to use cisco sdwan instead of vmware because of we need to increase performance. New vmware edge will arrived in 4 month and before it we want to move to cisco sdwan.

Kanan Huseynli · ‎07-28-2023

Hi,

did you configure default route for next-hop over Gig1 on your SD-WAN router and respective return route on upstream device (ISP, if it is production ask ISP to do it) for loopback interface?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

dijix1990 · ‎07-28-2023

route via Gig 1 I did, but return no, because I thought that it will be work without it as in legacy scheme (non sdwan)

For example - it works

edge#sh run int gi0/0.936
Building configuration...

Current configuration : 99 bytes
!
interface GigabitEthernet0/0.936
 encapsulation dot1Q 936 native
 ip unnumbered Loopback936
end

edge#sh run int lo936
Building configuration...

Current configuration : 70 bytes
!
interface Loopback936
 ip address 192.168.20.2 255.255.255.255
end

edge#sh run | i ip route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.936
edge#

interface GigabitEthernet0/0
 ip address 192.168.20.1 255.255.255.248
 duplex auto
 speed auto
 media-type rj45
end

isp#sh run int lo1
Building configuration...

Current configuration : 63 bytes
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
end

isp#sh run | i ip route
isp#

edge#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms
edge#tra
edge#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.20.1 6 msec 4 msec 5 msec
edge#

Kanan Huseynli · ‎07-29-2023

It is not so similar.

In legacy case, you have physical port which inherits loopback IP.

In SD-WAN you have separate IPs in loopback and physical. So, return route is needed.

Plus, it is not recommended to have static route with exit interface it if is multiaccess based (ethernet is and requires arp). For each remote destination, router will generate arp and proxy-arp should help from ISP side.

In short, configure normal L3 interconnection with loopback having separate IP and return route in ISP side.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

dijix1990 · ‎07-29-2023

So we don't use cisco sdwan in that case too, it's very inconvenient and doesn't flexible, because I need to use ip /32. will wait new vmware edge

dijix1990 · ‎07-29-2023

return route in google cloud isn't possible

MHM Cisco World · ‎07-29-2023

Legacy or sd-wan you can use lo'

In sd-wan using lo as tloc if lo is public and reachable by internet.

Here trick' lo must public and you get it from ISP

Kanan Huseynli · ‎07-29-2023

What is your exact scenario? Could you describe it? It may be useful to help as possible as I can

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

dijix1990 · ‎07-29-2023

It's simple scheme.

I have two providers with public ip for example 10.10.10.1/32 and 20.20.20.1/32. Now it works as vmware sdwan edge, but it has small performance (100mb). we wanted to change edge to cisco isr4431 but on the cisco our scheme doesn't work because of it needs reverse route from provider. Provider said that they don't add reverse routes.
On vmware edge my route looks like:
0.0.0.0/0 GE1 10.10.10.254
0.0.0.0/0 GE2 20.20.20.254

dijix1990 · ‎07-29-2023

oh, I realized another one problem we can't use separate ip to make a nat for different vpn

Ge1
10.10.10.2 255.255.255.255 secondary
10.10.10.1 255.255.255.255

nat for 192.168.100.0/24 via 10.10.10.1

nat for 192.168.200.0/24 via 10.10.10.2

I remember that for nat dia it doesn't work

Teoretically I can use it thorugh Loopback interface which is binded to physical, but provider rejected to configure reverse route

Kanan Huseynli · ‎07-29-2023

How will you use it for loopback? It will have the same issue interface or loopback, you will not able to choose exact external IP for source IP portion.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

dijix1990 · ‎07-29-2023

it's true for cisco sdwan because it isn't flexible. For velocloud it works perfectly.