Solved: thx for answer, i know it´s

Heinz Kern · ‎01-16-2015

hello,

i´m searching for a trick to inject /32 routes.

Situation: two datacenters, on each side i have the same network 10.1.1.0/24. hosts are moved from left to the right side. from routing perspective i need to achieve that the hosts are reachable from outside.

so on the left sie we announce /24 network into the backbone. from the right side we just want to announce /32 routes.

the big question is: how can i inject the /32 routes by not breaking the forwarding path. for example: if i use a static route to the Null interface the route is in the backbone, but when the traffic flow arrives on this router it is terminated because sent to the Null interface.

the routers are MPLS-PE so BGP-mechanisms are not an option.

LISP is also not an option at the moment

we could change the config to BGP if this is the only way.

any idea?

Jon Marshall · ‎01-19-2015

Okay, not familiar with Nexus but I will tell you what I did in the lab and you may be able to adapt this to the Nexus.

R1 (eth0/2 - 10.1.1.1) -> SW1 -> servers

R1 is the BGP router.

So what I did was to use another interface on the router and readdress eth0/2 ie.

vlan 2 is a transit vlan between the router interfaces

vlan 3 is the server vlan

eth0/2 - 192.168.5.1 -> SW1 (vlan 2)

R1

eth0/3.2 - 192.168.5.2 -> trunk port SW1 (vlan 2 & vlan 3)

eth0/3.3 - 10.10.10.1

then I created a new VRF and added eth0/3.2 and eth0/3.3 to that VRF.

I then added a default route to the VRF pointing to 192.168.5.1.

Because 10.10.10/24 is in a VRF it is not in the global routing table. So that means you can then add your host routes into the global routing table with the next hop as 192.168.5.2 which is also in the VRF.

Traffic coming into R1 gets routed via the switch to 192.168.5.2 then routed to the server. The server sends traffic back to it's default gateway and the router then routes it onto the transit vlan back to 192.168.5.1.

I tested with the above setup using BGP and it worked for me.

I'm not sure if/how this could be applied to the Nexus. I don't know if you could somehow use a point to point SVI setup, if you see what I mean, to emulate what I did.

I suspect you can't but as I don't have any L3 switches to test with can't say one way or the other.

I appreciate it's not the most simple solution but I can't think of any other way.

Jon

View solution in original post

Bilal Nawaz · ‎01-19-2015

You could have easily achieved this if we had a VDC to play about with and at least two interfaces, one for WAN, one for LAN? I guess same could be said for VRF, but all seems a lot of work. Maybe it's same as what Jon is describing, I'm not sure - seems it to me :)

The thinking was that you have your N7K with SVI's as internal (I will reference them as LAN for now) and your servers talk to these SVIs as default GW and you create a 'routed hop' via means of a VRF or VDC.

So you would now have these two functions. One for LAN, and one for WAN/MPLS. The way to link these two would be via a routed transit link, giving that flexibility to allow us to put /32 static routes in the WAN/MPLS towards the LAN in DC2. And then redistribute. We've ruled out LISP which would have worked out really well especially in this scenario.

Is this a long term solution or just temp?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

AllertGen · ‎01-16-2015

Hello, Heinz Kern.

Your network and what you want is not very clear. Your 2 datacenters has a 1 router? You want annonce your network to the ISP router or to the one of your outside devices?

I'm asking this because if you want to show information to your router (that you mention above) you can just use static routes because the route with the biggest mask (in my opinion at /24 and /32, the /32 is bigger) has a priority. For example 2 lines:

1# ip route 10.1.1.0 255.255.255.0 10.1.2.1 5

2# ip route 10.1.1.20 255.255.255.255 10.1.3.1 5

At this example the second line has priority even if they has the same metric (5 at this example).

I can't say more without your network scheme and information what you want to get at the end.

Heinz Kern · ‎01-16-2015

thx for answer, i know it´s hard to describe by words. i try it once more:

i´m talking of rouring just within my backbone (no ISP or whatever)

we have:

10.1.1.0/24 on datacenter A (in new york) with host 10.1.1.100

10.1.1.0/24 in datacenter B (los angeles) with host 10.1.1.200

we have a big MPLS- network nad the idea is: inject a /24 route into the routing table from datacenter A. but i can not inject a /24 from datacenter B. here i want to inject /32 (10.1.1.200) routes because this would solve the routing issue.

BUT: how can i inject the route on datacenter B (10.1.1.200)? if i point it to the Null interface, the route is generated. it attracts traffic ...but the traffic is sent to the null interface...so i have a problem with packet forwarding.

which other technique exists beside pointing to the null interface because it doesn´t work?

is it more clear?

mlund · ‎01-16-2015

Hi

You can put in the correct interface instead of the null0. For example

ip route 10.1.1.200/32 ethernet1

/Mikael

Heinz Kern · ‎01-16-2015

it is an SVI-interface

already tried:

CLAB4-SDR1(config-vrf)# ip route 6.6.6.6/32 vlan 2300 ?
A.B.C.D IP next-hop address in format i.i.i.i

this doesn´t work

AllertGen · ‎01-16-2015

Hi, Heinz Kern.

I undestood what you want. But it's a really hard to do. I can proposit only this:

You can create a interfaces with mask /30 or /29 (more than a /24) and use redistribute with route-map to annonce this small network to dynamic routeng. The only problem is you can't give IP address of this interface (as well as IP address of network and broadcast) to the end clients.And you need connect your clients to this intarface as well. But i'm not sure it'd work well.

The second solution is NAT. If you need access to only one side then there is no problem. You can make a usual NAT and annonce a loopback interface. But if you need full access to both directions you need to do a static NAT for each client.

Jon Marshall · ‎01-16-2015

Can you just clarify something.

Are the servers directly connected to the PE devices ?

I would have though in a DC you would have other L3 devices eg. switches that the servers connected to in which case you could simply point to the correct next hop on the PE routers ?

Jon

Heinz Kern · ‎01-18-2015

unfortunately it´s directly the PE. so in the current scenario this is not possible. but it seems that something like that is the only possibility. so we will build up anything whhere we get a next hop.

thx

Jon Marshall · ‎01-19-2015

So the servers connect to a L2 switch which then connects to the PE ?

If so -

1) does the PE device have a spare interface

2) do the servers need to talk to anything else within the same DC ie. other IP subnets ?

Jon

Heinz Kern · ‎01-19-2015

yes you are right.

the PE has a spare interface

the servers need to talk within the DC, right.

Jon Marshall · ‎01-19-2015

Can you just clarify.

The servers may need to talk other servers in the same vlan.

They will also need to communicate with clients outside the DC.

But do the servers need to talk to other devices in the same DC ie. devices that are not in the server vlan ?

Jon

Heinz Kern · ‎01-19-2015

yes, they need to talk to everything everywhere without restriction

Jon Marshall · ‎01-19-2015

Edit - doesn't matter it won't work anyway, really stupid idea.

Sorry.

Jon.

Jon Marshall · ‎01-19-2015

Actually it may not be a stupid idea after all as I have just labbed it up and it works but it is dependant on how your router is setup.

You say you have a spare interface on the PE.

I need to understand how the rest is setup for the internal vlans ie. what else is connected to the PE device internally ?

So the interface the 10.1.1.0/24 subnet is connected to, is that dedicated to that IP subnet or do you have subinterfaces for other vlans as well.

Basically I'm trying work work what else is internal to the DC and where those vlans are routed ?

Jon

Heinz Kern · ‎01-19-2015

we are talking of a nexus 7700. this is the PE. n5k are connectet to N7k via layer2

n5k´s host the server´s

n7k has several hundred SVI interfaces. one of them is 10.1.1.0/24