img img
Practice Exams:
View All
  • Home
  • Cisco CCNP Enterprise 300-415 ENSDWI – Router Deployment Part 5

Cisco CCNP Enterprise 300-415 ENSDWI – Router Deployment Part 5

  1. OSPF Part 02

After attaching the template again, we got an error that due to some firewall issue it is not working. So what we can do is that we can go to that DC One and then the VPN template and we can go and improve that template. So I have created the copy we can see actually we should go and check the template that is related to VPN Ten. So what was the main template we have? This is the template we are looking for. Just go and verify that what is VPN Ten template name. Then I will go and check VPN Ten. So that is DC VPN Ten. Let’s go back and let’s check that DC VPN Ten template. So here it is and I will do one thing. I’ll go and create the copy and this is DC One VH v E one. Once I have the copy what I want to do that at this point of time I just wanted to remove the firewall configuration that we can check later on. So here you can see you have the services option.

You can go there and you can remove these services. You can update it. Now once I have these templates up and running I can go back and now I can edit my final template. Let’s go and click edit. And I need to call the changes. So I should go inside VPN Ten instead of this guy that is VC one I can go and use DC VPN Ten like this then with filter that is correct. Loop back 100 that is also correct. Okay this should be DC VH one then VPN Ten interface template that is correct.

Or let’s quickly check if we have created some DC One VPN Ten template like this but we haven’t done any change inside the VPN Ten interface. But we have done change inside VPN Ten itself and then we have added one loop back inside VPN Ten. That’s okay. And then what we have done that we have added we have done some OSPF change. So that’s correct. Okay let’s click Update and then we’ll go and check the changes and I’ll show you the chain. Let me quickly attach this with the DC one and once we do the configuration, once everything is up and running then we’ll go and verify the OSPF configuration. So now it is showing that it is going good here you can wait. Validation is successful.

Configuration should be also successful. Once this will be successful we can go here and verify the loop back is added and if you go and check Show and VPN Ten you can see that inside OSPF configuration you have loop back. You can go and check Show OSPF neighbor who are your neighbor? And now if you go to DC Two and if you go and check the OSPF route still it is not coming but if you go and check Show OMP routes we can discuss this that while it is not coming because it should come as a OMP route and OSPF is local.

So here you can see that it is coming as an OEM P route and we are receiving from the Vsmart. All right, so you can create the loop back and loop back will go and reach out to the other places. Now we have DC one and DC two and those are the local, those are running the local OSPF. So if I go and check show OSPF neighbor you can see that it is pairing with DC one. You can see here show interface description inside VPN ten you have IP ten 110, one 50. And here you can see that his neighbor is ten 110, one 50. Now here if you check show OSPF routes related to 102. Here you will see that because you are getting it as an intra area network.

This is your next hop. So within the reason within the same site if I’m running OSPF commonly as per our diagram. So we are getting it and over the other side obviously it will go to the Vsmart and Vsmart has to reflect. Now, the thing here you can see that if you go and check the V smart, although you can see the origin of the protocol is the intra area and they are learning that and they be a smart OMP. At least they know that. Who is the origin of the protocol, actually from where it is coming and reaching to us? Now interesting thing here is, and it’s very important to make this point, this point. If you go and check there are so many things why it is coming. Because you have two Vs smart and both the Vs smarts, they are reflecting this route. So you are learning the same route with ten 101-1234 times and with ten 1024 times with both the Vs my time learning actually.

But if you go and check the CIR that is the installed and resolved then you can see the installed and resolve. So it is actually resolved from the Vs smart one that is the primary Vs smart. Okay. So it is not resolved from everyone but CIR is from primary Vs one over MPLS one over internet. Now why it is so? Because if you go and check now that you can see here that for the route that is coming inside and when the device that is the DC two Vs one is learning, he is learning as a connected. Because loop bag zero is your connected. But if you go and check to the other side that is say for example Ten. Let me show you here. Now here you can see that we are smart too for him. This is the inter area. So one of the device so what is happening that one of the device is learning and is sending to other device and other device he is learning as an OSPF into an area route.

What I’m bringing this point here. The reason is that OMP is a protocol who can understand the origin of the protocol and they are carrying the origin. So later on, if we have to take a decision A versus B versus C, obviously we know that the connected route has the higher precedence over the OSPF route because of the ad value. So that’s the main reason. If you go and check the routing table, even the OMP table, also you will see that the installed so here if you go and check, for example the OMP, you can see this is the installed. That means if I go and check show OMP routes for VPN Ten. Let me show you the summary.

So it will install only 200 routes and I should use the so here you can see in OMP table, it is showing you like this. But now if you go and check the routing table, remember how these things build OMP Table Routing Table fifth Table so if you go and check, show IP route for VPN Ten. And now if you go and check 132, you’ll find only two parts, correct? So that’s for the noting purpose. All right, so let’s just stop here. We have completed OSPF. At this point of time, OSPF is working as an underlay protocol as a IGP that should be advertised to OMP. And then OMP will distribute to other places. But OMP has brain, he has to check that how from OMP it will go to routing table and then routing table it will go to the Fib table.

  1. BGP Configuration & Verification

Next task. We have established PGP. Now here you can see that we have to do lot many things. So as per our topology diagram you can see that we need to establish PGP between this V edge two and router number three. So we need to figure out that why BGP is not working in between them. Then we have some look back at addresses in router three. We need to advertise these loop back addresses to my peer router. And here they are using EBGP.

Now the other use case or test case we have here, that what we want. That all these BGP routes because by default they will go everywhere inside VPN one. But here the test case is that all these BGP routes will prefer DC one and DC two. So rather preferring direct branch two to branch one, it will prefer DC one and DC two. So these are the cases that we need to figure out. So first of all we need to establish BGP here and then these BGP routes that my V edge is learning. These data center will prefer these routes. Okay, so let’s do it. So here we have devices. First of all see what configuration we have for router number three. This router number three is virtual router, it’s not V edge, it’s some other Cisco router.

So let’s see that what BGP configuration we have here and we can see that. Okay we have BGP running 5000 router ID, the neighbor and then the BGP statement. So we are advertising these loop backs. So from this side everything looks good. Okay now we’ll go to the DC one, that is the branch. Okay we’ll go to the branch two and from branch two we’ll check what is the peer address I want to give. So here inside VPN one you can see that this is the address to the peer.

So what’s the neighbor address? That’s correct. Now I need to check that what IP address it has because from this side I have to give this particular neighbor IP. So let’s do it. We’ll go to VPN one, we’ll go to router BGP and then make sure that we are giving the correct remote ace. Okay, so this is local ace. Now then what options we have? We have address family. I can go to address family. Let’s see what options we have in VH Azure family like in Cisco. Best part distance neighbor router ID. Give the router ID as well because that is there in the task. So 27 one seven was the router ID we had.

Then what options we have? We have address family and we have never command as well. So we can give that. Let me reconnect. Okay we are back. So reconnection happened. Now what are the other things? So we have to give the address family IPV four unicast. Then we have options related to network redistribute, et cetera. Leave that at the moment and then we can go out because I have to define what’s the neighbor.

So my neighbor is 221201 what’s the remote A’s for that? So this remote A should be correct. What other options we have? We have password. We have to give password as well. Here I’ll give the password other side also I have to fix the password. And let’s see that what we have done so far. The V edge BGP configuration. So router BGP router ID address family neighbor no shutdown remote as and this command. So we are very much good. We can do commit. And if we start debug BGP events for VPN One and package for repeat if we to monitor our old monitor command and then we debug, let’s see that how it will work.

So BGP general is scanning, table is scanning. Performing is scanning. And here if we go, if we check Show IP BGP summary. On the other hand, so it will not form BGP obviously because password that we have given, it will not work. Apart from that, I just wanted to make sure that we have given correct BGP configuration. So if I go here Show and VPN One, this should be correct. And what locks we have. You can see here that source destination destination IP protocol IPsec we have some issue here. Correct. So what is this? Deleted false reason timeout. You can see here the logs, the debug messages. It is tried to establish over both the MPLS and the gold.

Because system IP source IP and it has some issue. So let’s say that what issue it has and then we’ll try to fix it. So if I go to shore and VPN one BGP I need to stop this. Otherwise I can’t fix this. Remote is no shut down neighbor and IP address. Since the configuration is correct, I need to give the password here. So I’ll go here router BGP and then my neighbor. So what neighbor? I have to do 1203 and the password password let me give the password. Password is SDWAN. Go out here we’ll see Show IP BGP summary still it is in active state. So from this side everything is correct. Now router three configuration for VGP is correct. We don’t have any problem. If any issue I have, I have to go and check the VH two. Okay, so we’ll parallel map this as well. So let’s go back to our original configuration. And I will stop the monitoring.

So let me do monitor stop administrator stop the monitoring. But we have enough log messages that we can see that what is tried to do here with the BCP debug. So let’s see that what configuration we have given. So we have given that configuration. That is my BGP correct. Router ID correct address family is also correct. Neighbor is also correct. Let’s verify Show IP BGP show IP and see that we have option or not. Okay, show VGP neighbor VPN One so established here it is showing established Show Ipbgp summary. Now it is established.

So now you can see that the neighbor has been established. It was broken due to the key after the initial configuration. Now if I see that, do I am getting BGP routes or not? Let’s see now I am getting the BGP routes as well. That’s good. Inside VPN One. I am getting the BGP routes. These are e as the EBGP routes. So okay, up to this point I am receiving let me go to the data center one and let me see Show IP route BGP.

I am getting BGP route or not. Nothing is coming. So why nothing is coming? What is happening? Actually that whenever we are talking about any of the service routes, any of the service routes that is coming to my network, how it will come? Suppose I have one device here, let me draw. I have one device here that is Ve for example, branch two. Now it is connected with router number three. And router number three is sending BGP package to him. But this is inside VPN one, correct? Now this VPN one inside the VIP telefabric whatever devices I have inside that device either say DC or branch VPN one, these VGP routes will go. Why? Because this device will advertise to Vsmart and Vs Smart will work as a route reflector. It will reflect those routes to other sites. Correct. So we need to fix that. We are doing any type of redistribution or not.

That’s very important. So if I go here, if I check Show and OMP you can see inside OMP, I am not advertising BGP. So once I advertise BGP inside OMP that means now my VA smart controller knowing those VGP routes and then it will reflect to all the devices. Correct. So I can see that it’s still that DC One is not receiving VGP routes or maybe some issue with this device. Let me go and log to other device. I just logged into V manage to log into any of the other device. So I’ll do show control connection. I just want to SSH to any of the device. Any of the V edge here I can go to. So let’s check five and we’ll verify that what is the thing that we are checking because that is very important. Now. This is DC Two. If I check show IP route BGP here also. We don’t have BGP.

So technically that BGP route that I have to receive, is it a VGP route or is it some sort of encapsulation? And I’m getting technically what is happening? Say when any of the device, when it is getting BGP from any of the service VPN, then it will send to the Vs Smart. Because inside OMP I am advertising that now when the Vsmart will advertise to any of the device, it will advertise as a OMP route, it will not advertise as a PGP route. Correct. So we know that what is the prefixes that is coming? If I go and check show IP route OMP. Let’s see, do I have 13? Yes, you can see we have this 13 1313 route. We have these ten routes over both feed transport. And these routes are OMP routes. So even in the GC one.

Also if I check show OMP routes or if I check show IP routes, you’ll get this 13 1313 routes. Okay? So this testing has been successful. We have successfully established the connection BGP connection between this and this. Now if I go to router three and if I check Show IP route show IP say BGP. So these are my own routes that I am sending to router three. But I am not receiving any route from the Ve side, from the VH side. So for that what we can do, we can go to say VPN One and then say router BGP whatever ace number we have. Let’s see that. Can we do redistribution here? So if I type question mark, do I have redistribution option? Or I have to go inside address family IPV four unicast and then I can do redistribution. Yeah. So I can do redistribute OMP. Correct. I can do say redistribute connected. Now if I go ahead and now if I check Show IP route BGP let’s see show IP route I am getting any route here. I am getting routes. BGP is slow protocol so it will converge late. I should have routes you can see. So now I have routes two to 9110-5136.

Okay? And those routes are related to show IP route VPN one. So we can see two to 91 and we can refer the Arbitropology diagram as well. So 91 is coming. 10 five is coming. So 91 is coming. 10 five is coming. One three six is coming. One three, six is coming and we can see. So now we have plenty of routes and we have successfully done redistribution of BGP as well. So from the service side BGP to the V edge, from that V edge it is going everywhere.

Okay? Now the next target we have is to prefer these BGP routes towards the data center. So for that, obviously we need to create policy. Let me hide this or let me fix this. Now for that I have to go inside Vsmart and then I have to check that. That’s how I can do that. So let’s go to the Vsmart and I want to SSH to Vsmart. That is one three, correct? Yes. Let’s go inside. Vsmart. Let me increase the font size for the Vsmart as well. I have increased the font size for Vs smart. And let’s do it.

So what I’ll do, I’m going to create control policy where I want to select this BGP route. So how we can do it? First of all, let’s go here and create the prefix list. Okay? Say BGP routes and what BGP routes we have, we’ll give that so that actually I want 13 routes. So 13 1313 one and then two and then three. Let’s take only one, two, three. These three prefixes rest two routes. We’ll see, that how it is going. So we have these prefixes. Now I’ll create a site list, all DC.

And here I will give the site ID for the data center. What is that? Site ID is 20 and 30. So we can refer the site IDs are 20 and 30. So I’ll give 20 and then I’ll give 30. All right. Then I’ll create one more site ID. Because what I want here, that the branch. I want to apply these rules to branches. Okay. Or how we can do it. So what will be the strategy we have? Let’s discuss that. What I want to do here, I have data center one, data center two. I have branch one and branch two. So all these BGP routes, what I want that GC one and DC two will prefer, okay? So what I can do, I will apply the policy for say branch number two, BR two. And so what we can do here, we may have different strategies to do this.

So I can do this. I can create policy. Say for branch number two, where I will match the site list, match the VPN list, match the prefix obviously with the route. So route of branch two will match these criteria. And while applying, I will apply to branch so I will apply to DC actually all DC. And here what I will do. So routes of branch two will have preference higher preference value towards the data center. Okay? So let me do this. Then you will understand what I tried to explain here.

So let’s do it. So, I have all DC. And then I’ll create one more site. Say branch two where I want to match the BGP routes. So for branch two we have site ID of 100. I’ll go to top. We’ll check the configuration, what we have done. So I have list all data center one of the branch and then the routes correct. I’ll create one more list. That is VPN list. So policy and then list, say VPN list VPN one. And that VPN is actually one. Commit this great.

Now we have to create the policy. So my control policy name is BGP DC prefer PGP out shower DC. We have to prefer. I’ll go to sequence number ten. I want to match the route of the site ID say branch two. And that should be site list branch two. And the VPN list. We have VPN list of VPN one and prefix list of VGP routes. Let’s see what configuration we have.

So what I am telling that, okay, match route for branch two for VPN one for these prefixes correct. And then we have to take action. So action. What I want to do here, action. Except set the preference value, say 500. And then we have service TLoG tlock action tlock list OMP tag. I think that is okay. So we are setting this and then I will go to the default statement. And the default statement will give say default action is accepting. Okay, I’ll go to Top. Let us see that what configuration we have so far.

So now we can see that. Okay, we have one policy for branch two VPN one BGP routes. I am giving high preference to that. And the default action is accept. All right, now we will apply this policy. Apply this policy to site list with all the DC. The control policy name is BGP, prefer in the Egress direction. Validate this. Commit this. Wow. Let’s go to DC One. Now, if I go here, if I check show IP route and even we can see VPN one as well because we are specific to VPN.

So all these VPN routes say 1313, 123-12-3123. So I should go to branch one as well. So how my branch one? They are getting the route. So we have applied this policy and I want to open one of the branch. So from here only I can open. Let me end the session exit and we’ll go to one of the branch. That is branch one. So for branch one, what is the system IP? Let’s see, I can see from here. Branch one, system IP. Branch one. System IP is one dot. Branch one. Sorry. Branch one four. So one four admin show IP route VPN one. I’m just focusing on these routes that I am learning. This is coming directly to that’s. Okay. OMP IP is one seven. So let’s stop here and I’ll we’ll continue this thing. We’ll do more traffic engineering in the next recording.

  1. BGP Verification

Let us continue where we left off. So now I am checking the BGP routes and their preference value in branch one and say all the DC. So I’ll go to DC one and DC. Two and I’ll check that. Now here, if I go to branch tools, okay, if I go to branch DC One, for example, and if I check show OMP route. So you can see here the BGP routes. It is coming, obviously, via OMP. So what we can do here we can check show OMP routes say for VPN one and you can see that okay I’m learning the VPN routes but few of the routes that we have set, the preference value that is one, two, three preference value is 500 means it will be preferred, these routes will be preferred.

If you want to know more about this then you can give this prefix as well show OMP routes and then the detail. So now we can see here that okay I’m learning this route received from one three, that is the Vsmart path ID, the label ID, the status and then who is the originator one seven MPLS IPsec and site ID the preference value. So this is the originator information, it’s the EBGP routes received from so who is originating from where I am getting and then the attributes again you can see the originator. So we are getting from two parts, one is the gold IPsec, one is the MPLS IPsec. Obviously we can filter out whenever we wanted and the preference value is set and here also higher is better.

Now if I go to say for example branch number one and if I check show IP routes VPN one and we can give this as well actually I will check OMP route but let’s see this as well. So if I go here okay pompom all these things say protocol is pompom, we have two paths now what I’ll do, I’ll do show OMP, OMP routes VPN one and then I will give that prefix 32.

Now you can see that preference is not set okay tag is also not set and that was the result that we have done. Now suppose if you want so again this is other use case that we can use here that will be again different use case because by default we know that they are in full mesh. But if you want to break this full mesh, if you want to make this as a hub and a spoke then what we can do that this particular IPsec channel we can invalidate and then we have either this type of topology or this type of topology. So any route that is going towards any of the branch for a branch so that will obviously go first to the data center and then go to the other branch. Go first to the data center then it will go to the branch again here also we can set the preference value that I am preferring DC One or DC Two for this route. So all these options are always available for us. So we are very good with this section. It’s close then.

Related posts:

  1. 7 Programming Languages For Developers In 2018
  2. 98-381 Microsoft Introduction to Python – Variables & Data Types Part 2
  3. 98-381 Microsoft Introduction to Python – Arrays Part 2
  4. Best Cisco Security Certifications In 2018
  5. Cisco CCAr: What’s the Point?
  6. Four Perspectives of Big Data Analytics: Data Science, Business, Real-Time Usability, and Job Market
  7. List of Top Financial Certifications That Boost Your Career Potential in 2020
  8. Prepare for Cisco Exams Using One of the Top Five Network Simulators
  9. Top 5 Computer Networking Certifications In 2018
  10. What Should Be Done to Guarantee a Successful Career in This Digital Age?

Popular posts

Top Vendors On The IT Certification Market

Top 5 Agile Certifications You Should Pursue in 2020

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

What Should You Know About New Amazon AWS Certified Database – Specialty Exam?

Recent Posts

img