Wednesday, September 17, 2008

ISCW Lab (and BSCI review )

NOTE: this is a ISCW lab only, it uses basic mpls setup, I agree that a real ISP will implement mpls vpn instead of direct routing the customers prefixes...

Well:
A new lab for practice ISCW arguments, thanks to Luca Moretti for partecipating.


Here the topology:




Scenario:
Acme Gmbh is a trading company that have a central office named "Hannover"(CON6 and CON7) and two branches (CON8 = branch "Bergamo" and CON11+CON1 = branch "Trento").
The connection between Hannover and Trento is made by a fastethernet connection with an ISP named "Majico Connecting World" ;-) (CON2 + CON3 + CON4) and have a redundant E1 (serial link) as backup link.

Goal of this lab:
-configure routing between branches and provider (see topology map) (backup serial link betw Hannover and Trento is a leased line, it costs much and have a traffic based bill, so be careful and use ISP as preferred route!)
-do not redistribute ISP internal routes to customers, but generate a default for each office using bgp
-loopbacks representing office lans and have to be routed with correct netmask
-configure basic mpls for ISP routers
-configure various tunnels to secure branches connections

...more tasks and configurations as soon as possible...

-(optional ONT refresh) configure QoS using nbar on link between CON7 and CON8 (both directions), assign the appropriate bandwidth values for Voip, sql, default and sacvenger (p2p, kazaa...) classes. CON8 (Trento) office has 15 ip Cisco 7940 with G.729 codec.
-(optional ONT refresh 2) configure QoS on CON11 to minimize bandwidth waste due to peer-to-peer traffic

Solution config parts:

1) routing:

CON11#
router ospf 1
router-id 172.16.99.11
log-adjacency-changes
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface Tunnel0
network 172.17.1.2 0.0.0.0 area 15
network 192.168.0.0 0.0.0.3 area 15 !-- this network is used for tunneling..
!
router bgp 64815
no synchronization
bgp log-neighbor-changes
redistribute ospf 1 match internal
neighbor 172.16.0.22 remote-as 65000
neighbor 172.17.1.1 remote-as 64815
neighbor 172.17.1.1 next-hop-self !-- Next-hop-self for neighbour CON1, because CON1 don't have a route to the link betw CON11 and CON2
no auto-summary

One of the most difficult task was the use of ISP between CON7 and CON8 instead of backup serial link... because CON7 and 8 use the same BGP as ...

CON8#
router bgp 64814
no synchronization
bgp log-neighbor-changes
redistribute ospf 1
neighbor 172.16.0.1 remote-as 65000
neighbor 172.16.0.1 allowas-in 1 !-- this allows prefixes with the same as in path (here 64814), 1 means 1 recursion allowed
neighbor 172.16.0.1 route-map LAN-via-ISP in !--route map to set weight
neighbor 172.17.1.6 remote-as 64814
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ip access-list extended LAN-CON7 !-- matches internal lan of CON7 and CON6
permit ip 10.2.0.0 0.0.0.255 any
permit ip 10.3.0.0 0.0.0.255 any
!
!
route-map LAN-via-ISP permit 10
match ip address LAN-CON7
set weight 35500 !-- the weight for locally generated routes is 32768, so a value of 35500 is preferred and prefixes inserted into routing table


the same for CON7, modify access-list prefixes (and bgp neighbour) only.

2 comments:

itdualism said...

I'm now in the ISCW process and this lab is a good help.
thanks,
Rofi Neron
http://itdualism.wordpress.com/

Marco Rizzi said...

you wellcome,

enjoy your mpls studies, it's a great topic, ISCW covers only the basics, but there is a lot to study and practice with it!

Marco