It seems like everything being virtualized these days, we have Virtual LANs, Virtual machines, Virtual networks, Virtual storage, Virtual NICs, and now the latest new thing is WAN Virtualization.
A WAN virtualization / software-defined WANs aims to provide a consistent experience across your WANs without involving the service provider. Cisco offers a few options such as iWAN, which is DMVPN + PfRv3 + the kitchen sink (we’ll talk about that soon enough) and EIGRP Over The Top which allows EIGRP to work between sites without needing MPLS or a VPN for connectivity.
It does this by tunneling the traffic with LISP so all traffic. All non-EIGRP traffic is embedded in UDP port 4343.
Let’s build a quick lab to play with this feature, all we need is a 5ish CSR routers connected to a unmanaged switch. I’m using VIRL for this but it would work just fine with GNS3 or whatever else you want to use.
The logical topology will look like the following:
R2 and R3 will represent the service provider network and R1, R4, and Hub will act as the branches. All transit networks will be running OSPF Area 0 and we will make some loopbacks to advertise into EIGRP AS 14.
The first thing we’ll configure EIGRP OTP between R1 and R4.
Once the basic network is setup, make some loopback interfaces for the EIGRP domain.
R1(config)#int l0 R1(config-if)#ip add 192.168.1.1 255.255.255.0 R1(config-if)#int l1 R1(config-if)#ip add 192.168.11.1 255.255.255.0
R4(config)#int l0 R4(config-if)#ip add 192.168.4.4 255.255.255.0 R4(config-if)#int l1 R4(config-if)#ip add 192.168.44.4 255.255.255.0
Now to actually configure EIGRP, first create a Named EIGRP instance and put it in AS 14.
R1(config)#router eigrp OTP R1(config-router)#address-family ipv4 unicast autonomous-system 14
Then we simple need to use a neighbor statement that points to the other EIGRP router and tells it to use LISP encapsulation like so:
R1(config-router-af)#neighbor 10.3.4.4 g2.102 remote 10 lisp-encap 1 R1(config-router-af)# *Feb 8 04:53:43.085: %LINEPROTO-5-UPDOWN: Line protocol on Interface LISP1, changed state to up
10.3.4.4 – is R4’s WAN interface that is learned through OSPF.
G2.102 – is the outgoing WAN interface.
Remote – the maximum number of hops allowed.
Lisp-encap – tells EIGRP to use LISP encapsulation and what LISP ID to use.
Finally we just need to advertise the loopback networks like we normally would.
R1(config-router-af)#network 192.168.1.0
R1(config-router-af)#network 192.168.11.0
Once we configure R4 we should see EIGRP come up.
R4(config)#router eigrp OTP R4(config-router)#address-family ipv4 unicast autonomous-system 14 R4(config-router-af)#neighbor 10.1.2.1 g2.304 remote 10 lisp-encap 1 *Feb 8 04:56:14.155: %DUAL-5-NBRCHANGE: EIGRP-IPv4 14: Neighbor 10.1.2.1 (GigabitEthernet2.304) is up: new adjacency *Feb 8 04:56:15.093: %LINEPROTO-5-UPDOWN: Line protocol on Interface LISP1, changed state to up *Feb 8 04:56:15.096: %VXE_VNIC_IF-3-MSGINITERROR: VXE vNIC interface command: multicast_null failed: -1 for LISP1 R4(config-router-af)#network 192.168.4.0 R4(config-router-af)#network 192.168.44.0
Looking at the routing table we can see that we are learning the loopbacks through the LISP interface!
R1(config)#do sh ip route eigrp | be Gate Gateway of last resort is not set
D 192.168.4.0/24 [90/93994331] via 10.3.4.4, 00:01:55, LISP1 D 192.168.44.0/24 [90/93994331] via 10.3.4.4, 00:01:53, LISP1 R1(config)# do ping 192.168.4.4 so l0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 5/46/201 ms
If we look at a packet capture we can see that all traffic that uses the EIGRP routes on R1 and R4 are now encapsulated in LISP.
However EIGRP traffic itself isn’t directly LISPified.
Even though the feature is using LISP, LISP isn’t directly configured on either router. It is all automatic!
R1#show ip lisp map-cache % LISP is not running.
Even though the feature is using LISP, LISP isn’t directly configured on either router. It is all automatically done for us!
As you may have guessed with the name of a certain router. The last thing we’ll look at tonight is using OTP is running the feature in a Hub & Spoke topology.
The EIGRP topology will look like this:
All we need to do is point R1 and R4 to the Hub router and then do a little bit of config on the Hub router. R1 will point to the 10.2.11.11 interface and R4 will point to the 10.3.11.11
R1(config)#no router eigrp OTP R1(config)#router eigrp OTP R1(config-router)#add ipv4 uni auto 14 R1(config-router-af)#neigh 10.2.11.11 g2.102 remote 10 lisp-encap 1 R1(config-router-af)#network 192.168.0.0 0.0.255.255
R4(config)#no router ei OTP R4(config)#router eigrp OTP R4(config-router)#add ipv4 uni auto 14 R4(config-router-af)#neigh 10.3.11.11 g2.304 remote 10 lisp-encap 1 R4(config-router-af)#network 192.168.0.0 0.0.255.255
On the hub we use the remote-neighbor command to tell it to process the incoming LISP traffic.
Hub(config)#router ei OTP Hub(config-router)#add ipv4 uni auto 14 Hub(config-router-af)#remote-neigh source g2.211 unicast lisp 1 Hub(config-router-af)#remote-neigh source g3.211 unicast lisp 1 *Feb 8 06:01:15.833: %DUAL-5-NBRCHANGE: EIGRP-IPv4 14: Neighbor 10.1.2.1 (GigabitEthernet2.211) is up: new adjacency *Feb 8 06:01:24.507: %DUAL-5-NBRCHANGE: EIGRP-IPv4 14: Neighbor 10.3.4.4 (GigabitEthernet2.311) is up: new adjacency
Because it is a Hub and Spoke topology we will want to disable split-horizon and next-hop-self or at least we would if we didn’t use two subinterfaces 🙂
Hub(config)#router ei OTP Hub(config-router)#add ipv4 uni auto 14 Hub(config-router-af)#af-interface default Hub(config-router-af-interface)#no next-hop-self Hub(config-router-af-interface)#no split-horizon