[132018] in North American Network Operators' Group
RE: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs
daemon@ATHENA.MIT.EDU (Jeff Saxe)
Thu Nov 11 07:29:15 2010
From: Jeff Saxe <jsaxe@briworks.com>
To: "nanog@nanog.org" <nanog@nanog.org>, James Smallacombe <up@3.am>
Date: Thu, 11 Nov 2010 04:29:07 -0800
In-Reply-To: <ibentg$lak$1@dough.gmane.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Agreed: We used to use L2TPv3 tunnels fairly often to provide nailed-up pri=
vate VLAN services to clients when we could only procure a Layer 3 circuit =
from another provider. They're pretty simple to set up and work reliably, a=
lthough you may need to maintain both ends of the L2TPv3 at approximately m=
atching IOS versions... at one point we had a perfectly working customer, t=
hen I upgraded a router at one end of the tunnel, and they suddenly had maj=
or, unexplainable packet loss all through the day. After I upgraded the oth=
er end, it returned to working fine.
But yeah, you don't really need a loopback. We routinely terminated the tun=
nels on the WAN address closest to the Internet. I think the only time I ha=
d to introduce a loopback was when one router was a tunnel terminator for t=
wo far-end locations, and when I tried to configure the second peer it comp=
lained at me. Also one time I wanted to have two parallel tunnels between t=
he same source and destination routers (which is perfectly fine, because it=
has a tunnel discriminator number that keeps the two customers' traffic se=
parate), except I also wanted to do some fancy QoS prioritization on one of=
them. By the time the traffic hits the WAN interface, the tunnel discrimin=
ator is buried too far down in the packet to use any "match" statements in =
the QoS, so I made one of the tunnels have a separate L2TPv3 endpoint on ea=
ch router, and then I could just match on destination IP address.
But that was a weird edge case. Most of the time we just used the outside I=
nternet address, either T1 or Ethernet. Email me back privately if you want=
me to dig up the configs out of our CatTools archive.
-- Jeff Saxe
Blue Ridge InternetWorks
Charlottesville, VA
________________________________________
From: David Freedman [david.freedman@uk.clara.net]
Sent: Wednesday, November 10, 2010 1:22 PM
To: nanog@nanog.org
Subject: Re: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs
e.
>
> We will need to set up a L2TPV3 tunnel to their old location (single
> homed, no BGP on that side). Upon initial reading of Cisco docs to do
> this, we will need a routable IP on a loopback interface for starters.
I'm pretty sure this is just a recommendation based on good practise
(routeability to endpoints), I'm sure since you are not multihomed you
can just use "ip local interface WAN1" and be done with it, I seem to
remember doing something similar in an l2tpv3 pw class and it working.
> Using one from the /24 LAN is out unless we subnet it, which we don't
> want to do.
>
> So the question is, can I just "move" the PTP IP address x.x.129.174
> from the WAN interface to the loopback like this?
>
> interface Loopback0
> ip address x.x.129.174 255.255.255.252 (that's the mask we're using on
> the WAN- Cisco's loopback examples show .255)
>
> interface WAN1 (actually a gigether)
> ip unnumbered loopback0 (or no ip addr?)
>
> neighbor x.x.128.173 update-source Loopback0
No, if you were to do this you should get a new transfer network, you
can't have the same address on two interfaces (and in fact, you should
really be stealing an address from your internal /24 which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...
--
David Freedman
Group Network Engineering
Claranet Group
