Two sites, one LAN

Scenario

This lab extends a LAN over VPN link to two different sites. These sites will be connected to the Internet and routed with BGP.

eBGP to “ISP router” and iBGP between the sites.

The two “sites” are my laptops and the hosts and routers running in these “sites” are Virtualbox guests. Router guests are Vyatta 6.5, servers guests Bodhi Linux.

All the routers have an IPv4 connection to “ISP-router” which is a Cisco.

IPv6 from r1a and r2b is tunneled over IPv4 link.
L2VPN between the sites is done over IPv4 link.

The end result should be that you can connect a host to either site, using the LAN prefix 2001:98:0013:004f::/64 and that host gets IPv6 Internet-connection. The connection should have automatic failover using the other link to the “ISP router”.

Network Diagram

two-sites-one-lan

I apologise for the crappy network diagram. I drew it as Google docs presentation and it felt a bit clumsy.

Set up the Lab

Install guests (the routers) on the two hosts.
Give routers IPv4 address.
Configure IPv4 routing so that guest routers can see each other, 0/0 points to the “ISP router”.
Try that all routers can ping each other with IPv4 addresses.

L2VPN

Create L2VPN between r3a and r4b, using the IPv4 network as transport.

generate openvpn key r3a-r4b

r3a
set interfaces bridge br2
set interfaces ethernet eth4 bridge‐group bridge br2
commit
set interfaces openvpn vtun2 mode site‐to‐site
set interfaces openvpn vtun2 remote‐host 10.1.4.2
set interfaces openvpn vtun2 shared‐secret‐key‐file /home/user/r3a-r4b
set interfaces openvpn vtun2 bridge‐group bridge br2
commit

r4b
set interfaces bridge br2
set interfaces ethernet eth5 bridge‐group bridge br2
commit
set interfaces openvpn vtun2 mode site‐to‐site
set interfaces openvpn vtun2 remote‐host 10.1.3.2
set interfaces openvpn vtun2 shared‐secret‐key‐file /home/user/r3a-r4b
set interfaces openvpn vtun2 bridge‐group bridge br2

commit

Give the lab-routers their IPv6 addresses

set interfaces ethernet eth4 ipv6 address eui64 2001:98:13:4f::/64
set interfaces ethernet eth4 ipv6 router-advert prefix 2001:98:13:4f::/64
set interfaces ethernet eth4 ipv6 router-advert other-config-flag true

IPv6 tunnels

If your virtualization software and network environment allows, you may skip this phase and give r1a and r2b their IPv6 link addresses directly. In my system I have VirtualBox and the link is over wifi. It will not allow me to directly use IPv6 in this interface.

That is why I use tunnels.

Create IPv6-over-IPv4 tunnels between

“ISP-router” – r1a
“ISP-router” – r2b

IPv6 addresses for the tunnels

“ISP-router” Cisco
2001:98:0013:004e::1/126
r1a
2001:98:0013:004e::2/126

“ISP-router” Cisco
2001:98:0013:004e::5/126
r2b
2001:98:0013:004e::6/126

Cisco config
interface Tunnel3
description IPv6 tunnel to r1a
no ip address
ipv6 address 2001:98:0013:004e::1/126
ipv6 enable
tunnel source 10.1.1.1
tunnel destination 10.1.1.2
tunnel mode ipv6ip

Vyatta config for r1a
edit interfaces tunnel tun3
set address 2001:98:0013:004e::2/126
set encapsulation sit
set local-ip 10.1.1.2
set remote-ip 10.1.1.1
set description "IPv6 tunnel to cisco"
exit
commit

Adjust accordingly for r2b.

Routing

Configure IPv6 eBGP from r1a and r2b to Internet-router.

r1a
set protocols bgp 65502 neighbor 2001:98:13:4e::1 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65502 neighbor 2001:98:13:4e::1 remote-as 65501
set protocols bgp 65502 parameters router-id 10.1.1.2

cisco
router bgp 65501
no synchronization
bgp log-neighbor-changes
neighbor 2001:98:13:4E::2 remote-as 65502
no auto-summary
!
address-family ipv6
neighbor 2001:98:13:4E::2 activate
neighbor 2001:98:13:4E::2 next-hop-self
neighbor 2001:98:13:4E::2 soft-reconfiguration inbound
redistribute static
default-information originate
no synchronization
exit-address-family
!

Adjust accordingly for r2b

Configure IPv6 iBGP r1a – r2b

r2b
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 remote-as 65502
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 address-family ipv6-unicast nexthop-self
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 update-source 2001:98:13:4f:a00:27ff:fe97:1e3c

Adjust accordingly for r1a.
Inject the LAN prefix into BGP

r1a & r2b
set protocols bgp 65502 address-family ipv6-unicast network 2001:98:0013:004f::/64

Testing

Set up a host on both “sites”
Bring down routers, links, or the connection between sites. What happens?

My observations:

1. When I turn off routers, the routing changes to the other link immediately.

2. When I put down the main WAN link, it takes time to reroute. About a minute or two.

3. From my two “servers” the other one changes the first-hop immediately and automatically. The other one does not. Don’t know why. Both hosts are with automatic configs.

BGP AS-path prepending

BGP has its ways to choose a link to use. Which route did your routers choose to be the active one? Now we want to tell it that we would prefer to pass traffic via r1a. So put this configuration in r2b to make its path appear longer.

r2b
set policy route-map prepend-secondary rule 10 action permit
set policy route-map prepend-secondary rule 10 set as-path-prepend "65502 65502"
set protocols bgp 65502 neighbor 2001:98:13:4E::5 address-family ipv6-unicast route-map export prepend-secondary

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s