IWAN: Why EIGRP or BGP over the DMVPN Tunnels?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to a little lab rat fun networking with fish what we're going to talk about today is I win intelligent what area networking Cisco's SD win solution and specifically why ERG RP or BGP over the dmvpn a lot of people seem to think that the reason why we say to please do Yeji our peer bgp over the dmvpn is because they scale well in a hub-and-spoke environment that is true they both scale very well in a hub-and-spoke environment as opposed to OSPF but it's not everything so let's talk about some of the additional coolness and magic of what intelligent path control can do which you'll then see in just a little bit so we're gonna go ahead and do is look at the seat pocket the customer proof of concept I went pre-built testbed the brownfield one not the Greenfield one with the APM and the i1 app so this is already all built and what we're going to go ahead and do is we're gonna drill in just a little bit so it doesn't get so busy and we're gonna look just at branch three so branch three and then we have an isp cloud MPLS cloud and we also have pop one as you notice the other pop one away and a data center so what we're going to go ahead and do is we're going to go ahead and talk about branch three anything behind branch 3 is 10 dot 3 to 0 dot 0 / 6 teen and this little TC right here is actually a traffic generator a Spirent traffic generator that i'm using to send traffic between branch 3 and over here up at the hub the hub is at address 170 to 1600 slash 16 so my sonic traffic generator is also that TC up there is a siren traffic generator this WB right here is a impairment tool it is the wham bridge that you can get out on just on the web and it actually has impairment going on I have some impairment going on right now coincidentally but getting ahead of myself now let's talk about your environment right now your environment a lot of people are running a branch with an MPLS and an internet link and a lot of people are doing that in a primary backup type environment where your internet link your isp link is only used today should the primary path fail over the MPLS and a large amount of people right now with like the MPLS link to get used and are using the MPLS link as a primary both from branch 3 to the hub and from the hub to branch 3 again with the isp link as a backup only now what is starting to happen is is that people are starting to look at that backup link and saying hey you know look at this I've got 1.5 Meg here in both directions for my in pilis primary but I've got to may going down and 10 Meg going down to Meg going up on my internet I'd like to start using this I think I haven't really used it a lot not too sure but everyone says that they're getting more reliable and so what I'd like to do is I'd like to go ahead and start using them so let's talk about how this is going to go again in your environment you probably have a primary and a backup in our environment this is tunnel 10 is the MPLS primary it is tunnel 10 right down here from branch 3 up to the dmvpn head end up here I win pop one mpls and it is tunnel 20 from down here into the isp up through the a sa and up here - I win - pop one - i net i'm actually doing a IG RP in this environment both over the dmvpn as well as up in the hub so from that perspective you would normally have one entry so in branch 3 if you're doing this today from a primary and backup perspective if you were to look at the routing table on branch 3 you would see one entry in the rib for 170 - 1600 slash 16 so over here on branch 3 if we were to go into the rib we would have one entry in the rib for 170 - 1600 slash 16 and over here in what we call the core router or named i wank or we would have one entry in the rib for 10.3 0.0 / 16 the entry and branch 3 would be using the primary so it would be going up and pointing up to the other end of tunnel 10 and it would be going over to the MPLS link and the core would actually be pointing up towards Iowa and - pop 1 - MPLS going out that way very typical that this is how people have this set up so let's go ahead and look at that right now and we'll go ahead and look in branch 3 and do a show IP route and right down here we will see that we have 1 e IG RP entry for the hub subnet 1 7 2 1600 16 in our rib we do not have the other entry over tunnel 10 however if you will notice show IP EIGRP neighbors we do have two neighbors we have an e IG RP neighbor from us branch 3 up to the MPLS dmvpn hub 10 0.2 to 4.1 we also have an e IG RP neighbor over on 10.0 2 to 3 2.1 on tunnel twenty if we were to do an e IP EIGRP topo table 1 7 2.16 dot 0 dot 0 slash 16 what we would actually see is that yes we as branch 3 are getting an advertisement over the isp link over tunnel twenty from 10.0 two three 2.1 on how to get to the hub prefix 1 7 to 1600 16 however we are choosing the one over tell 10 as the best best and we are putting this one in the rib so again branch three has one entry in the rib if we go up to the core router and we look on how do we get to 10.3 we can see up on the core router right here that if we want to get to 10.3 we are supposed to go to gigabit one zero twenty three now again we do a show IP EIGRP neighbor i actually have a connection gigabit zero gigabit one zero twenty three is actually my AI GRP neighbor from the core router up to the mpls when hub and gigabit one zero twenty four is actually my connection to the internet d MVP and hub again if we were to do a show i peo GRP topo 10.3 dot 0 dot 0 slash 16 what we would find is we actually are getting an advertisement from both of them but we're only actually putting one of them in the rib so from that perspective that's where we're at but a lot of people are actually thinking of course we want to use that other link so what they want to do is actually put business-critical over tunnel 10 because they already have they're already paying the money they're already having tight SLA s and they're already paying for those tight as LA's and they'd like to send the non business-critical out over tunnel 20 tunnel 20 is a bit of an unknown there's a there is admittedly from a lot of customers that I've seen a lot of fear uncertainty and doubt because it has been sitting there not doing a lot for a lot of people unless the MPLS link goes down so as people are actually moving to intelligent path control and the iowans solution what I am finding is is that they're not necessarily jumping to let's go ahead and get rid of that MPLS it's more a let's put the business-critical over the MPLS and let's try to move the business as critical over to the isp now how do you do that intelligent path control or PFR v3 is actually going to sit on top of the routing table what do I mean by that well it's a little bit confusing right the question is is if we're going to send the business critical traffic for example let's say EF AF 41 AF 31 so the traffic that is going to the hub 172 1600 16 and we're gonna say hey EF AF 41 and AF 31 you're going to go ahead and use the MPLS but AF 11 yeah you're going to go ahead and use the ISP now how do we use tunnel 20 to get to 170 to 1600 16 if it's not in the RHIB well that's pretty much what intelligent path control comes in for so if we actually do intelligent path control we can actually use that not only just for the business critical the EF the AF 41 the AF 31 or whatever you decide you can of course also do and bar to that we're based application recognition not only can you split your business critical non business critical but what you can also do of course in keeping with intelligent decision making at the win edge if there is impairment right here and I'm actually causing 5% loss impairment right here and I have business critical traffic I have EF traffic that is coming in from this Spirent test center up to the switch out here and my one policy to rule them all which I actually defined over here on the Iowan master controller says that a 5% loss is an impairment that I desperately would like to avoid for my business critical traffic move me over to the non business critical link the tunnel 20 link now of course with one entry in the rib for 170 to 1600 16 and that is still pointing out tunnel 10 how do I send anything out on tunnel 20 destined for 170 to 1600 16 again the intelligent path control let's look at this so we already know that at branch 3 if I were to do a show IP route it would say that I am supposed to according to control plane send 170 to 1600 16 traffic out over tunnel 10 if that were the case then please riddle me this I'm going to hit a refresh button right now this is live action and this is going to tell me exactly where that EF critical traffic is going and as you can see from branch 3 that traffic is actually going in and out of tunnel 20 it is going in and out of the internet it is going in and out of the i net pop head and DMP p.m. it is not going in and out of tunnel 10 in fact it is completely staying off of tunnel 10 because the intelligent decision in making it the Winn Edge has realized that there is an impairment over there and we need to avoid that so we were actually going over the Internet right now right this very second how is this happening how am i from a branch 3 perspective how am i from a branch three perspective going in and out of tunnel twenty how is this possibly happening we already looked at the routing table and we saw that the routing table believes that it is supposed to be going in and out of the MPLS cloud if we actually look back here at branch three we'll see a little pea flag here that little pea flag says hey by the way there might be an override right now so my routing table my routing information base tells me to go to ten tunnel ten however intelligent path control decision-making may be saying that we need to go out a different way so if we actually do a show IP route and like you can actually do an AI GRP or an OSPF and now you can do an overrides PFR and we can even do a DSC PEF which is what my traffic is and there you go right here show IP route overrides PFR dscp EF so show IP route and you could have done an e I GRP or whatever so this is just a new thing that you can go ahead and get even more granular with so what does this say this says that in my ribbon my routing information base my control plane ERP from over tunnel ten is telling me that what should be best is going out over tunnel ten PFR maybe overriding this and this is actually going to tell me and be in sync with the PFR intelligent path control code and it's gonna say yeah you know what I actually have traffic that is EF traffic that is going to the hub site it's traffic class ID eleven this is its fingerprint and right now it is actually going up primary channel 24 backup channel 31 so it's going out primary channel 24 Tunnel 10 backup Channel 31 so sorry primary channel 24 primary interface tunnel twenty so it is going out tunnel twenty it is not going out tunnel ten there's a backup channel channel 31 and that's to go back over this one so if we do a show domain default master traffic class whoops-a-daisy traffic class dscp EF now i want you to remember class ID eleven primary channel 24 backup channel 31 this is another way of looking at it this is specifically the PFR v3 the intelligent path control traffic class 11 traffic class 11 we are going out present channel 24 channel 24 and we are going out the I net which is right here and our backup channel is right here why did we move well we moved because of the fact that we were on the MPLS and then we had to move over to the I net and the reason was and I'm so sorry that this goes off the screen but the reason is is that we were out of policy we had a loss rate of four point eight seven remember I told you I actually have impairment on that MPLS link so we avoided it the reason for the last change the reason from going from MPLS to the I net the reason why we have been on the I net for the past hour is because of the fact that we actually had loss this is actually following a voice voice policy we also could have done a summary so a summary will actually show you right here this is EF again traffic class ID 11 primary channel 24 backup channel 31 service providers I net it is currently going out tunnel twenty that actually is also happening in the other way around but just focusing right here for right now so why did we not actually change the rib why why did intelligent path control not actually put in a tunnel 20 there well it didn't put it as a you want this to happen should intelligent path control die but as you just see from the PFR overrides you can actually find that information in there and where exactly your traffic is going let's take this one step further why is there only one entry in the rib well let me ask you a question if something were to happen that the intelligent path control died for example there was a problem up at the head end borders can't talk to borders border can't talk to the master controller whatever we would no longer be able to actually check the quality it is the intelligent path controller does the PFR v3 that actually sends the probe does the reporting does the unified monitoring and again as we talked before that is P linking you using it in a very very large capacity when it's been sitting there as a backup for so long that's very new so really what I'm finding a lot of people want to do is if something happens with the intelligent path control you want to fall back to your MPLS service provider you're tried you're true you're tested where you have tight SLA s and you are still paying for those so you fall back to whatever is in the rib but that's the beauty of intelligent path control you can have that one entry in the rib in case you need to fall back to routing but when the intelligent path control is up and working you can go ahead and send the business-critical traffic over one way and then burn on business critical traffic another way and you can go ahead and have that world if you're wondering a little bit about what we do over that backup channel the business critical traffic is taken very very seriously what I might suggest is if dmvpn is newer to you or you're asking yourself not necessarily why EIGRP and bgp but what you're asking yourself is why dmvpn I'm going to go ahead and suggest that you look here at networking with fish but let's go ahead and go back to our original question why ew jarppi why bgp what does that do how does that help with the magic here have having one entry in the RHIB how did we ever even think about going over here and why can't we do that with OSPF here's the beautiful thing we want to make intelligent decisions at the Wynn edge what we don't want to do is to have 5% loss on the business critical traffic over on the MPLS and actually just go ahead and jump from the frying-pan of 5% loss on the primary link into the fire of I have absolutely no idea whether I can even get to 172 16 from here what do I mean by that what I mean by that is if I only have one entry in the rib at branch 3 and that entry is to go out here to tunnel 10 how do I know at all that I can go out tunnel 20 to get to 1 7 to 16 well here's the beautiful thing and also yeh you're a peer BGP intelligent path control of PFR v3 can actually read the EIG RP topo table and it can read the BGP table it can actually make an intelligent decision at the Wynn edge if you recall correctly branch 3 actually did have in its AI GRP topo table that it could get to 170 to 1600 16 out over tunnel twenty it's just that II I jar apiece dual only promoted one of them into the rib but we're making an intelligent decision at the Wynn edge by knowing that we have 5% loss on the business critical link but we also know that that dmvpn head end is actually advertising to branch 3 I can get you to this as well and with that additional ability to be able to look in the BGP table or the EIGRP topo table you can have the one entry in the rib and then fall back to just routing should you have a problem in your network and not be able to tell the quality of that backup link and you want to make it back a backup again oh SPF we cannot look at the OSPF database are we going to if I was writing the code I wouldn't why because it does actually get back to e IG RPM bgp do scale better they are better solutions for larger hub-and-spoke type environments and intelligent path control can go ahead and go up to 2,000 branch locations so we do want to go ahead and begin with the end in mind so it will be e edger P or BGP what about static routes static routes actually would also have to have two entries in the ribbet branch 3 to get to 1 7 to 16 it is with the eigrp or the BGP that we can go ahead and make the deeper decision and actually look at the BGP table or the eigrp tobu table so again that is why e IG RP or BGP over your dmvpn Thomas if you are wondering again about why dmvpn I will suggest that you go to networking with fish and look at the business-critical apps section you may also want to go ahead and go back one blog to which path in the when are those business critical applications taking and that will help you understand why dmvpn so that's it and thank you again for playing in the lab with fish and I hope that you had a wonderful time with I win and why ya GRP and dmvpn

Info

Channel: Cisco CPOC

Views: 7,143

Rating: 4.9322033 out of 5

Keywords: IWAN, PfR

Id: e4JjlOYrwgY

Channel Id: undefined

Length: 25min 2sec (1502 seconds)

Published: Fri Dec 04 2015