03-14-2016 11:23 AM - edited 03-08-2019 04:57 AM
Hi!
I've been experimenting with implementing a BGP-Tunnel-BGP setup in GNS3.
In a nutshell:
- a HQ site and a remote site, each peered to the ISP using BGP
- a VTI tunnel between the HQ and remote site
- BGP peering between the HQ and remote site via the tunnel
I've tried to simulate the setup in GNS3; however, I had an interesting discovery:
- When both tunnels are using loopback IPs for tunnel source and destination, BGP peering between the HQ and remote site is successful
- However, when the HQ site is using its WAN physical IP for the tunnel source and loopback IP of the remote site for the tunnel destination, BGP peering isn't successful
I'm still trying to figure out the cause of the above, but would greatly appreciate it if someone could give me some hints on what could be the issue with using an actual interface's IP for the tunnel source and loopback IP for the tunnel destination; it seems that using exclusively loopback addresses OR physical interface addresses for BOTH tunnel source and destination works just fine. However mixing them up just seems to break BGP peering.
Thanks so much for your time in reading this!
I've attached the GNS3 topology in case anyone would like to give it a spin :)
Solved! Go to Solution.
03-14-2016 01:30 PM
I do not have GNS3 so I can not read your file. But my first guess about the issue is that the loopback interfaces are probably advertised in BGP through the ISP. So a ping from loopback to loopback works and that demonstrates the IP connectivity that must exist for the tunnel to work. But my guess is that the physical interfaces may not be advertised in BGP through the ISP. So a ping from physical interface to physical interface would not work. And that lack of IP connectivity will prevent the tunnel from working. A good check on that would be show ip bgp <remote_physical_address> and see if the address is in the BGP table.
HTH
Rick
03-14-2016 01:30 PM
I do not have GNS3 so I can not read your file. But my first guess about the issue is that the loopback interfaces are probably advertised in BGP through the ISP. So a ping from loopback to loopback works and that demonstrates the IP connectivity that must exist for the tunnel to work. But my guess is that the physical interfaces may not be advertised in BGP through the ISP. So a ping from physical interface to physical interface would not work. And that lack of IP connectivity will prevent the tunnel from working. A good check on that would be show ip bgp <remote_physical_address> and see if the address is in the BGP table.
HTH
Rick
03-14-2016 11:44 PM
Thanks for your prompt reply, Richard.
There's actually no issue with configuring a physical IP for the tunnel source and loopback for the tunnel destination; I realized a stupid configuration mistake on my part (wrong configuration).
03-16-2016 09:22 AM
You are welcome. I am glad that you got it worked out.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide