01-04-2013 11:34 PM - edited 03-07-2019 10:54 AM
Hi all,
Please Can any one help me understand this concept...
Let me show you the scenario
one MPLS connection from ISP coming to my router and from my router to DMZ servers
i have to connect to the Remote server to my DMZ server
The ISP gave me the details of BGP to configure
now what i have to do to Route my private network to the remote servers...
i performed NAT on my router to go through the ISP Connection.....now i can ping to ISP gateway and can see all the router in #sh bgp table
is it correct or i have to directly forward the traffic of Internal Network to ISP through BGP................or
Do i have to Create Tunnels ..if Tunnels are required then what i have to Know from the Remote Office
Many many Thanks in advance
Solved! Go to Solution.
01-08-2013 12:07 AM
Thankyou John,
can you explain how the null0 route works in my scenario...
i googled it but not able to understand that how the connectivity will be
01-08-2013 04:51 AM
Null0 gives you a static route to advertise. BGP needs an existing route to be in the routing table before it can advertise it to other peers. The purpose for it in this scenario is that you're natting to an address that is nowhere on your router. The static route allows for the route to be put into the table and let bgp use it. When bgp advertises it, it will show that the 10.16.21.206 comes from your AS and will let everyone upstream know how to get to this address. Technically, I guess you could create a loopback with the ip on there and nat out as that addres but I'd have to lab that up.
I attached the diagram for you to review...
R3 192.168.1.1 is natted out as 10.10.10.10. R1 has natting configured, but doesn't hold that ip anywhere:
R1:
ip nat inside source static tcp 192.168.1.2 80 10.10.10.10 80 extendable
R1#sh ip route 10.10.10.10
% Network not in table
R1#
On R2, it doesn't exist either:
R2#sh ip route 10.10.10.10
% Network not in table
R2#
I'll add the null route:
R1(config)#do sh run | inc ip route
ip route 10.10.10.10 255.255.255.255 Null0
R1(config)#
Is it in the routing table now?
R1(config)#do sh ip route 10.10.10.10
Routing entry for 10.10.10.10/32
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1
So far so good...now let's advertise it in bgp:
R1#sh run | inc router bgp|10.10.10.10
router bgp 10
network 10.10.10.10 mask 255.255.255.255
It's showing in the bgp table:
R1#sh ip bgp regex ^$
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 10.10.10.10/32 0.0.0.0 0 32768 i
*> 172.20.20.0/30 0.0.0.0 0 32768 i
*> 192.168.1.0/30 0.0.0.0 0 32768 i
R1#
What about R2?
R2#sh ip route 10.10.10.10
Routing entry for 10.10.10.10/32
Known via "bgp 200", distance 20, metric 0
Tag 10, type external
Last update from 172.20.20.1 00:01:53 ago
Routing Descriptor Blocks:
* 172.20.20.1, from 172.20.20.1, 00:01:53 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 10
Okay, so we have the 10.10.10.10/32 route over at R2. Can it get to 10.10.10.10:80?
R2#telnet 10.10.10.10 80
Trying 10.10.10.10, 80 ... Open
Get / http/1.0
HTTP/1.1 401 Unauthorized
Date: Fri, 01 Mar 2002 00:20:54 GMT
Server: cisco-IOS
Accept-Ranges: none
WWW-Authenticate: Basic realm="level_15_access"
401 Unauthorized
[Connection to 10.10.10.10 closed by foreign host]
Yes it can....so your null route allows for you to basically advertise a route into bgp. There are other uses for null0 like summaries, but this is just to be able to get a route to advertise.
I also labbed up the loopback question and you should be able to do that as well:
R1(config-if)#do sh run int lo1
Building configuration...
Current configuration : 106 bytes
!
interface Loopback1
ip address 10.10.10.10 255.255.255.255
ip nat outside
ip virtual-reassembly
end
Same configuration for everything else, but you wouldn't have a static route to null0. Notice how I have "ip nat outside" on the loopback interface. That's because I want traffic to use this ip as outgoing. I still have the nat configuration on the router though:
R1#sh run | i ip nat inside source
ip nat inside source static tcp 192.168.1.2 80 interface Loopback1 80
R1#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 10.10.10.10:80 192.168.1.2:80 --- ---
R1#
On R2:
R2#telnet 10.10.10.10 80
Trying 10.10.10.10, 80 ... Open
Sorry for such a long post In conclusion, you can use either one you wish; both seem to work fine.
HTH,
John
*** Please rate all useful posts ***
01-08-2013 10:43 PM
Hi John,
i am speechless after seeing your post...
i don't know how to thank you, you took so much stress to explain this to adumb guy like me......hatsoff to your efforts
you made my life so much easy.....
the first one looks like secure but i want to go for the second one by creating loopback ..
now i am looking ahead for the testing phase with the remote server....i hope everything wil work fine
i configured loopback...
#int loopback 10
#ip add 10.16.21.206/32
advertised it through Bgp ...
#network 10.16.21.206 mask 255.255.255.255
#neighbor 172.18.4.129 remote as 65000
natted the incoming and outgoing traffic ..
#ip nat inside source static tcp 10.10.10.28 5775 10.16.21.206 5775 extendable
# int lo 10
ip nat outside
# int gig 0/1
ip nat inside
is it correct
once again thanks a lot...
thanks a lot....
01-09-2013 03:56 AM
It looks correct to me Thank you for the kind words and I hope I helped. I look forward to hearing how things went!
John
07-15-2016 10:59 PM
http://www.ccnaccnplinux.com/2015/03/bgp-configuration-part-2-ccnp.html
if You visit i am sure you will get useful information
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide