CISCO EXPERT – CCIE#23373

Ricardo Martins

Cisco Expert – Virtual-Links and Tunnels

Posted by Ricardo Martins on July 29, 2008

In my opinion, there are certain network topics we need to understand and be able to configure them without any trouble. Virtual-links are likely to be tested in the CCIE Lab because it helps to solve a problem which is a big thing in OSPF – ALL AREAS HAVE TO BE DIRECTLY CONNECTED TO THE BACKBONE AREA 0. Virtual-links are meant to be configured for a scenario where you have some area not connected to the backbone. It is important to mention that this is a bad design. You dont want to have ospf areas all over the place, virtual-links everywhere and confusion. The goal of a netwok is to keep it simple and functional.

To be honest, the point of this article is not so much the virtual-links because you probably have heard about it 100000 times but the interface tunnels. I would like to mention as well that I am more focus in in a small explanation and configuration than giving you a full boring description of the technology itself. You cal always get that sort of information in Cisco website.

As usual, we have a topology where I have already configured all the ip addresses and ospf.

The problem we run into is the routing table in R4. Because area 2 is not directly connected to the backbone, R4 is not receving any ospf routes installed.
R4#sh ip route ospf

R4#

Once again, in the real world this would be a bad design, but if you have run into it during a lab or exam you need to configure a virtual-link between R2 and R3 through area 1 as such:

R2#sh run | s ospf
router ospf 1
router-id 2.2.2.2
area 1 virtual-link 3.3.3.3
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.2 0.0.0.0 area 1

R3#sh run | s ospf
router ospf 1
router-id 3.3.3.3
area 1 virtual-link 2.2.2.2
network 10.10.1.3 0.0.0.0 area 1
network 10.10.2.3 0.0.0.0 area 2

Now if we look again to the routing table of R4 we have received the ospf routes as expected. And when I say expected I have to mention something that Brian Dennis has said in a video that always stayed in my head which is something like this – At CCIE level you should be able to look into your topologies and be able to know how your routing tables should look like.
Strong advice.

R4#sh ip route ospf
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.10.0.0 [110/21] via 10.10.2.3, 00:01:04, FastEthernet0/0
O IA 10.10.1.0 [110/11] via 10.10.2.3, 00:01:29, FastEthernet0/0

So far so good. Another scenario would be if they would tell to configure area 1 as stub area, totally stubby area, NSSA and so on…
First, I will remove the virtual-links, configure the area as a stub and try to apply the virtual-link command once again, and let’s see what happens

R2(config)#router ospf 1
R2(config-router)#area 1 stub
R2(config-router)#no area 1 virtual-link 3.3.3.3
% OSPF: Area 1 is a stub or nssa so virtual links are not allowed

Yes, virtual links are not allowed in stub or nssa areas. In order to solve this problem, instead of virtual-links we have to use GRE tunnels. Take a look in the configuration bellow.

R2#sh run int tu 0
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 10.10.1.3

R2#sh run | s ospf
router ospf 1
area 1 stub
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.2 0.0.0.0 area 1
network 172.16.1.2 0.0.0.0 area 0

R3#sh run int tu 0
interface Tunnel0
ip address 172.16.1.3 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 10.10.1.2

R3#sh run | s ospf
router ospf 1
area 1 stub
network 10.10.1.3 0.0.0.0 area 1
network 10.10.2.3 0.0.0.0 area 2
network 172.16.1.3 0.0.0.0 area 0

It is actually very simple if you follow some simple steps. Create a tunnel interface, give it an ip address (or use ip unnumbered of a netwrok that is being advertised to area 0) and advertise it under ospf to AREA 0, then just apply the tunnel source and destination commands and you are good to go.

And once again, the routing table on R4

R4#sh ip route ospf
172.16.0.0/24 is subnetted, 1 subnets
O IA 172.16.1.0 [110/11112] via 10.10.2.3, 00:03:14, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.10.0.0 [110/11122] via 10.10.2.3, 00:03:04, FastEthernet0/0
O IA 10.10.1.0 [110/11] via 10.10.2.3, 00:03:14, FastEthernet0/0

We have received all the ospf routes.

Authentication:
As a final note, if you get asked to authenticate area 0 either with md5 or clear-text, you need to authenticate the virtual-links or the interface tunnels if it is the case. Remember that R3 now believes it is directly connected to the backbone so it needs to be authenticated in order to receive all the routes.

If you have the possibility of trying this article in GNS3 or real equipment is a plus. Sometimes, we think we know just because we read about it but when it comes to configure it ourselves ups…besides it is good to try all different scenarios that work or not, at least we will know.

Remember, keep it always simple in your head…you will understand it better.

Advertisements

11 Responses to “Cisco Expert – Virtual-Links and Tunnels”

  1. Adam said

    thanks for the details, i’ll put my share virtual-link vs GRE tunnels

  2. adesh said

    Thanks its really very helpful for my scenario.

  3. Robert said

    Thank you Ricardo. Very nice and clear explanation. The last final note -regarding authentication – everyone should be careful about since sometimes this kind of subtle details can break network communication as once happened to me.

  4. CCIE labs said

    CCIE labs…

    […]Cisco Expert – Virtual-Links and Tunnels « CISCO EXPERT – CCIE#23373[…]…

  5. Julio Carvajal Segura said

    Great document 😀
    Right to the point

  6. Excellent blog here! Also your website loads up very fast! What host
    are you using? Can I get your affiliate link to your host?
    I wish my web site loaded up as quickly as yours lol

  7. Good article. I’m dealing with many of these issues as well..

  8. I was recommended this web site by my cousin. I am not sure whether this post is written
    by him as nobody else know such detailed about my difficulty.
    You are wonderful! Thanks!

  9. Mark Lewis said

    How many should I claim on my W4 being a single mom?
    What about child care credit?

  10. site said

    Hi there to all, how is all, I think every one is getting more from this web site, and your
    views are fastidious designed for new visitors.

  11. Some cat bedding is larger than others, coming in different shapes and sizes.
    If a cat has his private furnishings and trees to play
    on and to scratch at, it is probably that he will
    not use the family furnishings as his particular playground
    any longer. It talks about its range, habitat, hunting and preying, and reproduction habits.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: