This topic is to discuss the following lesson:
VPN 10 & VPN 20 are configured as services VPN.
Configured OSPF inside the VPN 10 for network 10.1.1.0/24
Configured BGP inside the VPN 20 for network 10.11.1.0/24
Redistributed BGP to OMP & OMP to BFP
I can see an outside router in the VPN 10 show IP route vpn 10 but I can’t see any outside router in VPN 20 show IP route vpn 20
Attaching the configuration file here
vEdge-DELHI-2# show ip routes vpn 10
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
10 10.1.1.0/24 ospf IA ge0/2 192.168.10.3 - - - - F,S
10 10.1.2.0/24 ospf IA ge0/2 192.168.10.3 - - - - F,S
10 10.1.3.1/32 ospf IA ge0/2 192.168.10.3 - - - - F,S
10 10.2.1.0/24 omp - - - - 7.7.7.7 biz-internet ipsec F,S
10 10.2.2.0/24 omp - - - - 7.7.7.7 biz-internet ipsec F,S
10 10.2.3.1/32 omp - - - - 7.7.7.7 biz-internet ipsec F,S
10 10.3.1.0/24 omp - - - - 8.8.8.8 biz-internet ipsec F,S
10 10.3.2.0/24 omp - - - - 8.8.8.8 biz-internet ipsec F,S
10 10.3.3.1/32 omp - - - - 8.8.8.8 biz-internet ipsec F,S
10 10.4.1.0/24 omp - - - - 10.10.10.10 biz-internet ipsec F,S
10 10.4.1.0/24 omp - - - - 11.11.11.11 biz-internet ipsec F,S
10 10.4.2.0/24 omp - - - - 10.10.10.10 biz-internet ipsec F,S
10 10.4.2.0/24 omp - - - - 11.11.11.11 biz-internet ipsec F,S
10 10.4.3.0/24 omp - - - - 10.10.10.10 biz-internet ipsec F,S
10 10.4.3.0/24 omp - - - - 11.11.11.11 biz-internet ipsec F,S
10 10.5.1.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
10 10.5.1.0/24 omp - - - - 13.13.13.13 biz-internet ipsec F,S
10 10.10.5.0/30 omp - - - - 9.9.9.9 default ipsec F,S
10 10.100.1.1/32 omp - - - - 4.4.4.4 default ipsec F,S
10 10.100.2.1/32 omp - - - - 4.4.4.4 default ipsec F,S
10 10.100.3.1/32 omp - - - - 4.4.4.4 default ipsec F,S
10 192.168.10.0/29 ospf IA ge0/2 - - - - - -
10 192.168.10.0/29 connected - ge0/2 - - - - - F,S
10 192.168.20.0/30 omp - - - - 7.7.7.7 biz-internet ipsec F,S
10 192.168.30.0/30 omp - - - - 8.8.8.8 biz-internet ipsec F,S
10 192.168.40.0/28 omp - - - - 10.10.10.10 biz-internet ipsec F,S
10 192.168.40.0/28 omp - - - - 11.11.11.11 biz-internet ipsec F,S
10 192.168.50.0/28 omp - - - - 12.12.12.12 biz-internet ipsec F,S
10 192.168.50.0/28 omp - - - - 13.13.13.13 biz-internet ipsec F,S
10 192.168.90.0/24 omp - - - - 9.9.9.9 default ipsec F,S
10 192.168.100.0/24 omp - - - - 4.4.4.4 default ipsec F,S
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2# show ospf neighbor
DBsmL -> Database Summary List
RqstL -> Link State Request List
RXmtl -> Link State Retransmission List
SOURCE DEAD
VPN IP ADDRESS INTERFACE ROUTER ID STATE PRIORITY TIMER DBsmL RqstL RXmtL
-------------------------------------------------------------------------------------------------------
0 192.168.201.2 ge0/0 192.168.206.2 full 1 38 0 0 0
10 192.168.10.2 ge0/2 6.6.6.6 full 1 39 0 0 0
10 192.168.10.3 ge0/2 10.1.3.1 full 1 39 0 0 0
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2# show ip routes vpn 20
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
20 10.11.1.0/24 bgp i ge0/3 192.168.11.3 - - - - F,S
20 10.11.2.0/24 bgp i ge0/3 192.168.11.3 - - - - F,S
20 10.11.3.0/24 bgp i ge0/3 192.168.11.3 - - - - F,S
20 192.168.11.0/29 connected - ge0/3 - - - - - F,S
vEdge-DELHI-2# sh route bgp
-------------------^
syntax error: missing display group
vEdge-DELHI-2# show bgp route
bgp routes-table vpn 20 10.11.1.0/24
info 0
nexthop 192.168.11.3
metric 0
local-pref 100
weight 0
origin igp
as-path Local
path-status valid,best,internal
tag 0
ospf-tag 0
bgp routes-table vpn 20 10.11.2.0/24
info 0
nexthop 192.168.11.3
metric 0
local-pref 100
weight 0
origin igp
as-path Local
path-status valid,best,internal
tag 0
ospf-tag 0
bgp routes-table vpn 20 10.11.3.0/24
info 0
nexthop 192.168.11.3
metric 0
local-pref 100
weight 0
origin igp
as-path Local
path-status valid,best,internal
tag 0
ospf-tag 0
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2#
vEdge-DELHI-2# sh run
system
host-name vEdge-DELHI-2
location DELHI
system-ip 5.5.5.5
site-id 1
admin-tech-on-failure
no route-consistency-check
sp-organization-name SDWAN-LAN-NEW
organization-name SDWAN-LAN-NEW
clock timezone Asia/Muscat
vbond 100.1.1.3
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1
!
user ciscotacro
description CiscoTACReadOnly
group operator
status enabled
!
user ciscotacrw
description CiscoTACReadWrite
group netadmin
status enabled
!
!
logging
disk
enable
!
!
!
omp
no shutdown
overlay-as 65000
graceful-restart
advertise bgp
advertise ospf external
advertise connected
advertise static
!
security
ipsec
authentication-type sha1-hmac ah-sha1-hmac
!
!
banner
login "AUTHORIZED BY PRAKASH"
motd "WELCOME TO PRAKASH LAB"
!
vpn 0
name "TRANSPORT VPN"
router
ospf
timers spf 200 1000 10000
area 0
interface ge0/0
network point-to-point
exit
exit
!
!
interface ge0/0
description "TRANSPORT MPLS"
ip address 192.168.201.1/24
tunnel-interface
encapsulation ipsec
color mpls
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
description "TRANSPORT INTERNET"
ip address 200.1.201.1/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 200.1.201.2
!
vpn 10
name "SERVICE LAN VPN"
router
ospf
default-information originate
timers spf 200 1000 10000
redistribute omp
area 0
interface ge0/2
exit
exit
!
!
interface ge0/2
description "INTERNAL LAN"
ip address 192.168.10.1/29
no shutdown
!
!
vpn 20
name "SERVICE LAN VPN20"
router
bgp 65333
propagate-aspath
address-family ipv4-unicast
maximum-paths paths 2
redistribute omp
!
neighbor 192.168.11.3
description BGP-PEER
no shutdown
remote-as 65333
next-hop-self
address-family ipv4-unicast
!
!
!
!
interface ge0/3
description "INTERNAL LAN - VPN20"
ip address 192.168.11.1/29
no shutdown
!
!
vpn 512
name MGMT
interface eth0
description MGMT
no shutdown
!
!
vEdge-DELHI-2#
Yes,
But i can see VPN20 Routes to vSmart from Dilhi Edge Router