[132055] in North American Network Operators' Group
RE: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs
daemon@ATHENA.MIT.EDU (Seth)
Thu Nov 11 23:52:17 2010
Date: Thu, 11 Nov 2010 20:52:12 -0800 (PST)
From: Seth <ssscud@yahoo.com>
To: "nanog@nanog.org" <nanog@nanog.org>, James Smallacombe <up@3.am>,
Jeff Saxe <jsaxe@briworks.com>
In-Reply-To: <AD91C39815BD1A49858ABF6142EFFDD402B08A37D2@EXVMBX020-21.exch020.serverdata.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
With the latest IOS you MUST use loopback addresses or the Tunnel will not =
form, regardless of the class settings especially if using a L3 router temi=
nation device(s).
SRR
--- On Thu, 11/11/10, Jeff Saxe <jsaxe@briworks.com> wrote:
> From: Jeff Saxe <jsaxe@briworks.com>
> Subject: RE: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs
> To: "nanog@nanog.org" <nanog@nanog.org>, "James Smallacombe" <up@3.am>
> Date: Thursday, November 11, 2010, 4:29 AM
> Agreed: We used to use L2TPv3 tunnels
> fairly often to provide nailed-up private VLAN services to
> clients when we could only procure a Layer 3 circuit from
> another provider. They're pretty simple to set up and work
> reliably, although you may need to maintain both ends of the
> L2TPv3 at approximately matching IOS versions... at one
> point we had a perfectly working customer, then I upgraded a
> router at one end of the tunnel, and they suddenly had
> major, unexplainable packet loss all through the day. After
> I upgraded the other end, it returned to working fine.
>=20
> But yeah, you don't really need a loopback. We routinely
> terminated the tunnels on the WAN address closest to the
> Internet. I think the only time I had to introduce a
> loopback was when one router was a tunnel terminator for two
> far-end locations, and when I tried to configure the second
> peer it complained at me. Also one time I wanted to have two
> parallel tunnels between the same source and destination
> routers (which is perfectly fine, because it has a tunnel
> discriminator number that keeps the two customers' traffic
> separate), except I also wanted to do some fancy QoS
> prioritization on one of them. By the time the traffic hits
> the WAN interface, the tunnel discriminator is buried too
> far down in the packet to use any "match" statements in the
> QoS, so I made one of the tunnels have a separate L2TPv3
> endpoint on each router, and then I could just match on
> destination IP address.
>=20
> But that was a weird edge case. Most of the time we just
> used the outside Internet address, either T1 or Ethernet.
> Email me back privately if you want me to dig up the configs
> out of our CatTools archive.
>=20
> -- Jeff Saxe
> Blue Ridge InternetWorks
> Charlottesville, VA
>=20
>=20
> ________________________________________
> From: David Freedman [david.freedman@uk.clara.net]
> Sent: Wednesday, November 10, 2010 1:22 PM
> To: nanog@nanog.org
> Subject: Re: Ciscos, BGP, L2TPV3 pseudowires and loopback
> IPs
>=20
> e.
> >
> > We will need to set up a L2TPV3 tunnel to their old
> location (single
> > homed, no BGP on that side).=A0 Upon initial
> reading of Cisco docs to do
> > this, we will need a routable IP on a loopback
> interface for starters.
>=20
> I'm pretty sure this is just a recommendation based on good
> practise
> (routeability to endpoints), I'm sure since you are not
> multihomed you
> can just use "ip local interface WAN1" and be done with it,
> I seem to
> remember doing something similar in an l2tpv3 pw class and
> it working.
>=20
>=20
>=20
> > Using one from the /24 LAN is out unless we subnet it,
> which we don't
> > want to do.
> >
> > So the question is, can I just "move" the PTP IP
> address x.x.129.174
> > from the WAN interface to the loopback like this?
> >
> >=A0 interface Loopback0
> >=A0=A0=A0ip address x.x.129.174
> 255.255.255.252=A0 (that's the mask we're using on
> >=A0 =A0 =A0 =A0 =A0
> =A0=A0=A0the WAN- Cisco's loopback examples show
> .255)
> >
> >=A0 interface WAN1 (actually a gigether)
> >=A0=A0=A0ip unnumbered loopback0=A0 (or no
> ip addr?)
> >
> >=A0 neighbor x.x.128.173 update-source Loopback0
>=20
> No, if you were to do this you should get a new transfer
> network, you
> can't have the same address on two interfaces (and in fact,
> you should
> really be stealing an address from your internal /24 which
> doesn't
> require any re-subnetting (if you are happy for this
> address to be
> unreachable) and it should have a /32 mask...
>=20
> --
>=20
>=20
> David Freedman
> Group Network Engineering
> Claranet Group
>=20
>=20
>=20
> =0A=0A=0A
