Cisco SD-WAN 017 - Service VPN1 BGP Peering Setup and Route Propagation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how's it going everybody in this video we're going to continue our bgp section by talking about getting bgp up and running and what i want to do is just reiterate real quickly what it is we're going to be doing in the for the deployment and then go through those steps so first and foremost what we're planning on doing i'm going to get out of the way is we're going to go and take create a new loopback on vh1 and the edge 2. obviously we're going to do vh1 because it's all cli based out of the out of the gate then we're going to advertise that into ospf once it gets advertised into ospf switch 16 will learn that and then what will end up happening is switch 16's loopback will also be advertised into ospf what will end up happening is we'll be able to form an ibgb peering between vh1 and switch 16 and we'll be able to take any routes that vh1 has learned and be able to propagate those down to the edge one or two switch 16. we're also going to do the same thing but via templates in the same thing we're going to create a loopback ad interface we're going to tie it to the template for bh2 we'll advertise that inside of ospf and then we'll make sure to set up an ibgp peering which is switch 16 so there will be two ibgb peerings set up on between these two routers once that is complete we'll go ahead and we'll redistribute ospf into bgp for all the rounds that have been learned and we'll talk about why that is and then all the routes from here here and here will come across and then b will start to show up over here on switch 16 as uh ibgp routes so it'll be internal bgp routes then what we'll do on switch 16 is we'll actually bump up the ospf aed from 110 to 201 so that it's less preferred than bgp and then all those routes will get installed into the routing table of switch 16 as bgp routes and then once we do that we'll be able to in the next video go through and actually do the route pop uh doing the rod pop routing policy so we'll be able to create a local policy on vh1 and vh2 through vmanage will push that config down to the local v edges and we'll talk about how to manipulate the routing and stuff like that with the local control policies because the cool thing about it is it's not a centralized control policy that affects every location or potentially could affect every location we're going to be specific to the individual device with the localized control policy which actually has to be pushed down the policy itself has to be pushed to the device and then once it's pushed the device then it can be called from the individual writing process at the device level so we'll talk about how that also all that stuff comes into play it's not terribly difficult to follow but if you've never dealt with it before and you're you're new to it it's just like huh so um so yeah let's go ahead and dive into the config and get all that squared away so the first thing i'm going to do is clear the screen i'm going to go ahead and get out of the way and i'm going to pull up secure crt so on vh1 we're going to start here and we're going to begin by setting up the the loopback so the very first step is globalconfig vpn1 interface loopback loop back 0 and the ip address here is going to be 10.1.0.1.32 don't forget to no shut the port i've made that mistake a few times and it's come back to bite me now we have that in play we're gonna type in router ospf area zero and then advertise interface loopback zero into ospf so now that i've got that done let's go ahead and commit the config and then we're going to go over to switch 16 and we're going to do a show ip route so we should see momentarily we should see the 10 1 route come across which we do right there okay so that means that we've got at least that coming across i'm going to go back to v-edge one and i'm going to begin the bgp config which is going to be bgp-65012 and then i'm going to say neighbor of 10.1.0.16 update source is going to be loopback 0. the remote as is going to be 65012 so it's going to be an ibgp pairing we're going to set the next top to be self now you might ask why do we need to care about next top self what does that really what does that really do well it's sort of not necessary but sort of necessary at the same point in time because if we learned in any ebgp routes from anybody anywhere else in the network for example what will end up happening is the ebgp updates don't actually update the next hops themselves so we'd have to set the ibgp next top to the edge one i'm throwing it in there because the fact that it's something that i'm accustomed to doing not always necessary so if i was to leave it off for example let me go ahead and just not throw that in for good measure what i'm going to go ahead and do now is i'm going to type an address family ipv4 unicast so it enables that particular address family on this particular neighbor i'm going to exit out a couple times and then type in address family ipv4 unicast i'm going to redistribute ospf now the reason why i have to redistribute ospf not omp because if we do a show iprout vpn1 do show iprout vpn1 you're going to see that a lot of the routes that i'm learning in i'm learning them in via ospf right notice that all these routes i do see them in here but they're omp there's no information available to them so i for the routes that are coming in that actually have a value next to them that are in the f comma s or what they refer to as the where is it uh it's in the fib and it's selected those are the routes that i want to redistribute not the omp routes so now that i've got that all in place i'm going to do a show config so we can see the config we're going to go vpn 1 router bgp 65012 address family ipv4 adacast redistribute ospf and then set up a period to the neighbor i'm going to go ahead i'm going to commit that config and now what i have to go do is on switch 16 i have to set up the bgb config here so go to global config router bgp 65012 i'm going to type in no bgp default ipv4 unicast which will prevent any automatic ipv4 unicast peerings from happening by default i have to enable them so i'm going to type in neighbor of 10.1.0.1 remote as of 65012 i'm going to specify the update sources update source is going to be loopback 0. i'm going to enable the ipv4 address family on these particular this particular neighbor this will get my neighbor adjacency up and running and then as soon as that does happen which will take a couple seconds to to do its thing once it comes up we will be able to learn a bunch of routes in from bgp there it goes and so what i'm going to do now is a show ipbgp summary i am currently not learning any routes but that will change after a short period of time the rats usually take a couple seconds to come across let me just double check and make sure that i advertise correctly redistribute ospf yep they're all there so hopefully they come across because right now we haven't learned any prefixes i can also throw in for good measure a uh redistribute omp commit that as well and go back to switch 16 hit the up arrow and for some reason it is show run section bgp see why that's not coming across i've got the the activation going back and forth which is what i want all that looks good let me go back to the edge one let's do show run vpn one router bgp 65012 i've no shut that which is what i want all that looks good let's go back here interesting not coming across let me do a clear ipbgp star soft inbound see if that has anything to do with it this is a little unusual because the fact that we're ibgb peers we should be receiving something let me go back to the edge one and let me show bgp routes vpn one okay so i'm learning a bunch of stuff in here it might have just taken some time for it to do its thing really weird i'm learning stuff really there are there is stuff coming across let me just see what else show bgp bpn uh let's see summary vpn one we haven't received any prefixes from switch 16. neighbors vpn one i do have an active session up which is what i would expect to see summary nothing has been installed from them but that's that's okay for switch 16 to not have that that's really weird let me clear the table clear ipbgp star bring down the the peering and see if that doesn't trigger something because i'm clearly learning routes what i mean by that is we do a show ip route vpn one i'm learning a bunch of routes in from a bunch of different places and if i do a show bgp routes from bpn1 or i'm sorry in vpn one i'm learning a bunch of stuff so if we look at 10 3 this is all set that we're being redistributed and we can see the origins inc is is incomplete so if i i know i'm learning things in v redistributing those routes into bgp so let's see if that has any effect on it that is really weird really really weird um let me pause the video and see if i can't figure this out so playing around with the configuration you see i did a debug and then i cleared the config on this side i just did a i pushed it out and i was looking at switch 16 and i got a precarious update and says due to deny due to next top is our own address and uh so it doesn't go into specifics here as to what that particular issue is so like we're getting um some interesting updates here so what i'm going to do here and i don't i can't say that i've ever seen this problem before which is why i'm a little perplexed what i'm going to do is i'm going to set the next top on this neighbor to be next top self so let me go up here vpn 1 and paste this in router and then bgp and then set next top self let me commit that change and see if that makes any difference and okay there we go so next top self was required for those routes to get propagated so we're setting the updates in and if i do show feb gp update there we go i have 19 updates so next top stop is required in order for this to work but if i do a show ip route we're not installing those ospf updates or those updates as bgp we're just we're installing them as ospf e2 i mean there's technically nothing wrong with that but in order to take advantage of the routing config we have to change that up right so what i'm going to go do is on here i'm going to go to global config underneath router ospf 1 and i'm going to say the distance here is going to be for ospf for in uh for uh external routes i'm going to say is going to be 201 and for intra area it's going to be 201 and for enter area is going to be 201 just so they're all along the same lines so what's going to end up happening is all those routes are not going to get installed in the main table and you just saw that so by showipbgp those routes are now installed in the routing table so show iprout now we have a bunch of bgp routes in the writing table so that's what we need to do on uh for to switch for vh2 when we do its config so that's really what the the main case is here so so just to recap what we've done we got the bgb appearing up and running right we got that all squared away i've created a loopback advertised it into bgp i'm sorry ospf got the bgp pairing up and running but we weren't propagating any routes i didn't set the next top self command just to show you that it was it was required and then once i set the next top and i verified that the routes were being received but they were being denied to be added to the bgb table through the adjacency rib in buffer if you will that's there's part of the b2b process of ins when you receive routes in if they don't pass the like sniff test initially so like you have the weight local preference you know if the next stop isn't reachable is you don't install it but if loop prevention kicks in it's like well if it's my own next top i'm not going to believe it so by changing the next top to be another value we're able to inject the routes which we're good to go now on so now what i'm going to go do is i'm going to change this up and instead of going through the configuration like i have it now we're going to go through the manage so let me go ahead and pull up b manage and we're going to go through and configure it this way so this will take us a little bit of time to get it all squared away but i promise that it'll be i'll try to go as be to make it as painless as i can so first thing we need to do is admin and admin we need to log in go ahead and get rid of this some reason it always does that all right so now we have that going for us we're going to go to templates and then on feature templates we need to create a couple now i'm only going to be doing this to the the dual site templates so i need to add a template for loopback zero so i'm going to come in here and i'm going to create a template the edge cloud i'm going to come down here to vpn interface it says ethernet but it really isn't so it's going to be v edge underscore dual site bpn1 int loop loopback 0. copy that paste it down here we're going to no shut that port the interface is going to be loopback zero let's try to get there we go loopback and then we're going to say loopback zero and then we're going to give it a static ip the static ip we're just going to set is going to be global in this case because no other site is going to get this but if other sites were going to get it you would populate that information actually let's go ahead and just do a device specific we're going to type in vpn v4 or vpn 1 for the loopback let's do this vpn 1 underscore loopback 0 ipv4 address there we go and then not going to be a tunnel no net no vrp none of that stuff and i'm going to go ahead and click on save we just have to create the loopback now the loopback's created now i'm going to go underneath the ospf let me go ahead and organize them real quick i'm going to do the ospf right here because you can see the type is ospf i'm going to add i'm going to um i'm going to edit this guy underneath area i'm going to add i'm going to add an interface so under interface i'm going to come in here and add interface and the interface id is going to be loopback and it's going to be loopback 0 like that i'm not going to do anything to it other than just advertise it in and i'm going to save changes save changes again and now we're in good shape there and i'm going to go ahead and click up click on update that's going to cause a push to v-ed the edge if we come in here we go to edit device template we can see that we it doesn't actually ask us for an address because or does it actually i need to call that from i need to call the i can't do that yet i have to call the um let's go back to the ospf template real quick the ospf template if we come in here and we've got a we've got a sorry so i did things a little bit out of order or the logic was out of order excuse me so create the loopback first tie it to the device template then push the device template down with the updated loopback down to the um down to vh2 once we have loopback there we can enable ospf on it because until the loopback is there you won't be able to call it from ospf so let's go do that real quick we have the loop back here right we come over here and we do this we know the loopback is there so we're going to go to the device template for dual device we're going to come underneath here and edit and what we'll do is we'll go underneath the service vpn and we're going to add an interface so pin a vpn interface we'll choose the interface we're going to just type in loopback zero and we're gonna click on update just by doing that alone will cause the a push to the device so i'll give that a couple of seconds to do its thing i'm going to come in here edit device template we're going to scroll down and here's where we have to type in the ip address so it's going to be 10.1.0.2 32. i'm going to click on update and then next and then i'm going to go ahead and i'm just going to configure devices and we're going to go into the hurry up and wait game so i'm going to pause while this is working all right so the config was pushed so we can just double cl real quick verify that by coming in here to be edge 2 and admin and then admin and we do a show run vpn 1 and we'll see that loopback 0 is now has now been added so now we'll come back over here to the templates we'll grab the feature templates and we'll come down to the ospf template let's go ahead and reorder them click on the ospf template click on edit and then what we're going to do is underneath area we're going to go ahead and uh edit this we're going to add a vpn interface which is going to be in this case here loopback and we'll say loopback zero we're going to click on save changes add save changes again and then update and then what'll end up happening is that information will get pushed down to the v edge and we're just going to go ahead and configure devices because we're just adding the loopback to ospf all right so we're going to do a show run vpn 1 router ospf and we're going to see that loopback 0 has been added right we're not doing anything fancy to it because it doesn't need anything fancy if we come down here to switch 16 and we do a show ip route we're going to see that we have an ospf route and sorry right here this bgp route is being learned in via router one so it is pushing which is no big deal we're getting it pushed the way we need to one of the things that i'm going to do is now set up the bgp configuration in order for us to do this setup so normally like for example on vh1 if we look at the show run vpn one router bgp 65012 normally i would never redistribute this much so let me go ahead and try to clean this up just a little bit so let's go underneath here and i'm going to remove ospf so we should only have to redistribute omp we go ahead and redis no redistribute ospf and then we're going to go over to switch 16 and notice how all that stuff gets withdrawn let's do a show ipbgp summary all of our routes are gone so if we were to go back to vh1 and type in no redistribute omp commit and then let's redistribute ospf just so we know what we need to have in there and we'll recommit that and then switch 16 will be able to learn the routes back again so we'll be in good shape there now because of the fact that we're going to have those routes coming in now we have the 20 routes we have a bunch of routes in the riding table we're in really good shape right so what i'm going to do now is i'm going to go on here i'm going to go to templates i'm going to go to feature templates and we need to create a bgp template so i'm going to come underneath here bh cloud for bgp and we need to come in here under here type in v edge underscore dual underscore site underscore vpn one underscore uh bgp template okay copy and paste that in we're going to say that it is uh it's no shutdown so we're going to leave that alone and i'm not going to mess with any of this information right here because that's the way i it's the way i want it i'm going to say that the address family right now is maximum pass we're not going to mess with that we are going to redistribute so we're going to come in here we're going to choose the protocol we're going to redistribute ospf and click on add so we want to explicitly redistribute that if we if something else pops up we can deal with that but we're going to type in or click on new neighbor the neighbor address we're going to say is going to be device specific bgp neighbor address respond with me go ahead and device specific the remote as we're going to go ahead and say that's fine we're going to say yes we want to turn the address family on and then we're going to choose ipv4 unicast i'm not going to do anything else beyond that and the reason why i'm throwing all these add-ons is because in following videos we're going to use the route policy capability to affect those routes so we're going to go ahead and click on add once we get to that point and make sure you click on add or also well let me go ahead get out of the way it won't uh it won't add if you don't put that in there so we have our neighbor statement configured and we're going to go ahead and click on save so now we have our bgb peering squared away i'm now going to go to the device template click on dual site grab the edit option here and then i'm going to go down to service vpn and i'm going to add bgp i'm going to choose the bgp template bpn1 for dual site and click on update and that will get us in a good stop a good place to push the config so we're going to go ahead and edit the device template because we're going to populate some information the ads number is going to be 65012 the neighbor address is going to be 10.1.0.16 and the remote as is 65012. okay so basically it's an ibtb pairing i'm going to go ahead and click on update and then click on next and then i'm going to let's do a quick view of the config diff to make sure that we understand what's going on and get all that stuff squared away so let's take a look at the config diff now so come down here to bpn1 we can see that we're doing um bgp6065012 redistributing ospf and we're all that stuff what we'll have to do is set the next top self i didn't forget to do that so let's go ahead and configure devices anyway and right now it's not that big of a deal if it's not set up right we'll go back and fix that once the push happens i'll show you how to do that on a minor update so we're gonna have to push that i'll pause until we're done all right the config has been pushed and if we look uh let's go to switch 16 we're going to go to google config router bgp 65012 or type in neighbor of 10.1.0.2 remote as of 65012 we're going to specify the update source will be loopback 0 and then the address family ipv4 we're gonna go ahead and activate that that adjacency or i should say that peering that'll come online here in just a second and once it does um we likely won't learn the routes give that a couple seconds to come up a little slow in this lab because it is kind of busy okay it was taking a couple of minutes and i noticed i was like well wait a minute that's weird i never set the update source and i didn't set the next stop so let's go ahead and update that real quick so we're going to go to feature template we'll grab um put them in order we'll grab bgp this should be the bgp1 right here which it is edit this we'll go underneath the neighbor statement underneath the neighbor's table we're going to go ahead and edit this and we're going to go underneath the advanced options we're going to set the source interface is going to be loopback 0 and we're going to come down to let's see is next stop self we're going to say global to be on so save changes we're missing a value source interface loopback address oh um let me go to the name that's my fault so underneath here so yeah if you put the address in you'll have to plug in the address if you want the interface you have to use the name which will be global which will be loopback 0 and then save changes there we go so update and so we'll just double check that config well i've got the config here so we'll be able to do a quick double check we're going to go next config diff and we should say update source will be loopback zero and the next top will be nextup self will be set so that should take care of that problem config if we're taking a little bit longer than usual maybe i should have just said configure there we go come down to vpn 1 and we're going to add update source loopback zero and next stop self so i'm gonna go ahead and configure devices and then that should push down to down to the box pretty quickly here has to do like a config check to make sure everything's right all right so if we come in here and we do a show that there it goes and we should have a bgb pairing with switch 16 here momentarily as soon as that comes online we should be good to go and i'm a little impatient i want things to go faster i'm like hurry up so show ipbgp summary so let's do a show run section bgp make sure that it's configured correctly i wonder if i might have a configuration issue on some side that's squared away let's make sure that vh2 10 116 right that's what it's supposed to be oh yeah that's what it's supposed to be 10 116 and if we do a show run vpn one we should be calling from 10 1 yeah so it's advertised make sure it's in beat ospf loopback is in ospf which is where it's supposed to be going back to switch 16 if i 10 1 two it's ping 10.1.0.2 okay so that's not working let's say show ip ospf neighbor okay so i'm appearing so ip route gig001 okay i'm learning so i should be learning 10 1 2 on switch 16. so let's do a show ip ospf database and i'm learning i'm not learning that route let me go back over here to bh2 i'll do a show ospf interface vpn1 so i've got the loopback address being advertised i've also got the the connected link advertised so everything looks good there show iprout vpn one gig zero slash two i'm learning stuff in okay everything looks right why is this not coming up switch 16 can i ping [Music] ping 10.1.0.16 from vpn1 okay i can ping that can i ping it sourcing from loopback i might have to uh source interfaces loopback zero okay okay so okay so we have a transport issue so the problem is that for whatever reason when i try to paint the loopback of switch 16 and from the loopback of bh2 it's not being learned and that's the problem so i have to figure out why that's not coming up so let's see here let's dive into this a little bit and see what the actual problem is so i'm not learning ten one see i see this coming in so let's look at the show ip ospf database for the router lsa from the advertising router of 10.12.0.2 what am i learning okay i'm learning the let's see here so i am learning the loopback so i'm learning it that's good for whatever reason it's not being installed so show iprout ospf okay so i'm not learning not learning it the way that i need to be learning it so let's do a show up your route bgp and somehow i'm learning it via bgp from router 1. which is a little bit weird why am i learning that via router 1. interesting let me double check to make sure vh1 isn't advertising anything it shouldn't be showrun vpn 1 interface so i've got gig two and gig three loopback one show ip route vpn one i'm learning in learning in router 2's loopback from switch 16. let me go back to switch 16 and let's go to global config and type in do show run ospf and what i want to do is i want to remove that distance command to install those bgp routes with let me go ahead and come underneath here and let me do show ip interface brief okay so router ospf 1 no distance 201 okay so let's do that real quick so i should still see bgp routes here which i do if i do a show ip route i should see 10 1 2 in here now which is what i want to see but there it goes so now i'm receiving routes so show ipbgp summary oops show ipbgp summary now i've got it so it had to be so i it was kind of i did things a little bit backwards but those are easy things to uh to figure out so router 2 is now propagating routes if i was to do show ipbgp we're going to learn some routes in uh 160 we're going to learn we should be learning more than that over os via from vh2 um let's do a show run vpn one router bgp 65012 i believe i'm advertising just ospf um if i do a show ip route vpn one although there's a lot of other stuff you omp so what i should do is i should learn i should redistribute omp as well so let me go ahead and add that in real quick go back to templates let me go ahead and get out of the way go underneath feature template for bgp for vpn one vpn one right here yeah you can tell like the description i give it helps me understand that come underneath here edit and then what i'm going to do for this guy is underneath the unicast address family couldn't spit that out actually i'm going to go ahead and add a redistribution and i'm going to choose omp i'm going to go and click on add i'm going to go ahead and update and that's going to push that config out to there and i'm going to edit the device template everything looks good there update and then next and then i'm just going to go and push it because then it'll take all these routes to be omp and propagate them as well so let's go ahead and give that a couple seconds to do its thing and that'll get pushed down to this device and then what i'll be able to do is i should be able to go back to router or switch 16 and get the update to push all right so i'm going to do now is i'm going to go back to switch 16 we can see more routes have been propagated so show ippgp and so that's what i'm looking for right here so that's exactly the operation i was looking for so we have that going for us excellent so we're in good shape there the next thing i'm going to go do is i'm going to go and on switch 16 i'm going to go to global config show ipro right now we're learning all things via ospf and i'm going to go to global config and i'm going to go to router ospf 1 and i'll type in distance is going to be ospf is going to be 201 for external routes will be 201 because that's really what we need because if we look because i was doing internal routes as well and that was my mistake so that's my fault because what we were doing before was we were doing intra area routes inter area routes and external routes we're coming in as 201 routes so an administrative distance of 201 and so by doing that you can see that here ospf external type 2 but you notice these routes right here are ospf intra area so we don't want to affect those so if we do a show ipbgp those routes still stay in the routing table right so we do a show ip route we get our loopback addresses are configured as intra area so we're going to maintain our bgp period that way but then all the routes that come from the b edges that are redistributed in they get propagated in via um they get advertised into the writing table as bgp instead of ospf so just so everybody understands that by setting the distance to for all the route types in ospf we were basically preferring bgp and not ospf which was a bad idea so when i removed the distance command it automatically brought our bgp pairing up to vh2 by just adjusting the redistribution statement or i should say the distance for external ospf routes that allows the external uh the oe2 routes to get tagged with a different administrative distance which for ospf is going to be 201 which is going to be less preferred than bgp and that allows the bgp routes to get injected in the writing table so that's basically where we're at um i know a little bit of a little bit of a mess but i do apologize about that but i was some of this stuff i don't plan ahead i just go with it but you see me figure it out as we go if you didn't have a strong rotting background and you didn't understand those concepts and it's not even like a cca thing it's really more of a if you have a solid ccna ccnp you should be able to identify those issues but things happen i get it so with that being said we're in a good place for the next video we're going to go through and set up the local route policies to push them down to the um the appropriate devices we're going to do that uh via um i'm going to show you to do it through vh1 obviously cli then the templates and go from there so until this time guys thanks so much for stopping by and i'll catch you all you guys in the next video

Info

Channel: Rob Riker's Tech Channel

Views: 2,406

Rating: undefined out of 5

Keywords: cisco, sd-wan, sd, wan, bgp, route, advertise

Id: So-L5zasxSI

Channel Id: undefined

Length: 41min 22sec (2482 seconds)

Published: Fri Oct 02 2020