CISCO EXPERT – CCIE#23373

Ricardo Martins

Archive for the ‘OSPF’ Category

Cisco Expert – Virtual-Links and Tunnels

Posted by Ricardo Martins on July 29, 2008

In my opinion, there are certain network topics we need to understand and be able to configure them without any trouble. Virtual-links are likely to be tested in the CCIE Lab because it helps to solve a problem which is a big thing in OSPF – ALL AREAS HAVE TO BE DIRECTLY CONNECTED TO THE BACKBONE AREA 0. Virtual-links are meant to be configured for a scenario where you have some area not connected to the backbone. It is important to mention that this is a bad design. You dont want to have ospf areas all over the place, virtual-links everywhere and confusion. The goal of a netwok is to keep it simple and functional.

To be honest, the point of this article is not so much the virtual-links because you probably have heard about it 100000 times but the interface tunnels. I would like to mention as well that I am more focus in in a small explanation and configuration than giving you a full boring description of the technology itself. You cal always get that sort of information in Cisco website.

As usual, we have a topology where I have already configured all the ip addresses and ospf.

The problem we run into is the routing table in R4. Because area 2 is not directly connected to the backbone, R4 is not receving any ospf routes installed.
R4#sh ip route ospf

R4#

Once again, in the real world this would be a bad design, but if you have run into it during a lab or exam you need to configure a virtual-link between R2 and R3 through area 1 as such:

R2#sh run | s ospf
router ospf 1
router-id 2.2.2.2
area 1 virtual-link 3.3.3.3
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.2 0.0.0.0 area 1

R3#sh run | s ospf
router ospf 1
router-id 3.3.3.3
area 1 virtual-link 2.2.2.2
network 10.10.1.3 0.0.0.0 area 1
network 10.10.2.3 0.0.0.0 area 2

Now if we look again to the routing table of R4 we have received the ospf routes as expected. And when I say expected I have to mention something that Brian Dennis has said in a video that always stayed in my head which is something like this – At CCIE level you should be able to look into your topologies and be able to know how your routing tables should look like.
Strong advice.

R4#sh ip route ospf
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.10.0.0 [110/21] via 10.10.2.3, 00:01:04, FastEthernet0/0
O IA 10.10.1.0 [110/11] via 10.10.2.3, 00:01:29, FastEthernet0/0

So far so good. Another scenario would be if they would tell to configure area 1 as stub area, totally stubby area, NSSA and so on…
First, I will remove the virtual-links, configure the area as a stub and try to apply the virtual-link command once again, and let’s see what happens

R2(config)#router ospf 1
R2(config-router)#area 1 stub
R2(config-router)#no area 1 virtual-link 3.3.3.3
% OSPF: Area 1 is a stub or nssa so virtual links are not allowed

Yes, virtual links are not allowed in stub or nssa areas. In order to solve this problem, instead of virtual-links we have to use GRE tunnels. Take a look in the configuration bellow.

R2#sh run int tu 0
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 10.10.1.3

R2#sh run | s ospf
router ospf 1
area 1 stub
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.2 0.0.0.0 area 1
network 172.16.1.2 0.0.0.0 area 0

R3#sh run int tu 0
interface Tunnel0
ip address 172.16.1.3 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 10.10.1.2

R3#sh run | s ospf
router ospf 1
area 1 stub
network 10.10.1.3 0.0.0.0 area 1
network 10.10.2.3 0.0.0.0 area 2
network 172.16.1.3 0.0.0.0 area 0

It is actually very simple if you follow some simple steps. Create a tunnel interface, give it an ip address (or use ip unnumbered of a netwrok that is being advertised to area 0) and advertise it under ospf to AREA 0, then just apply the tunnel source and destination commands and you are good to go.

And once again, the routing table on R4

R4#sh ip route ospf
172.16.0.0/24 is subnetted, 1 subnets
O IA 172.16.1.0 [110/11112] via 10.10.2.3, 00:03:14, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.10.0.0 [110/11122] via 10.10.2.3, 00:03:04, FastEthernet0/0
O IA 10.10.1.0 [110/11] via 10.10.2.3, 00:03:14, FastEthernet0/0

We have received all the ospf routes.

Authentication:
As a final note, if you get asked to authenticate area 0 either with md5 or clear-text, you need to authenticate the virtual-links or the interface tunnels if it is the case. Remember that R3 now believes it is directly connected to the backbone so it needs to be authenticated in order to receive all the routes.

If you have the possibility of trying this article in GNS3 or real equipment is a plus. Sometimes, we think we know just because we read about it but when it comes to configure it ourselves ups…besides it is good to try all different scenarios that work or not, at least we will know.

Remember, keep it always simple in your head…you will understand it better.

Advertisements

Posted in OSPF | Tagged: , , | 13 Comments »