Above is a simple setup to demonstrate the feature of ISIS over GRE tunnel. It is worthy to note that:
- This tunnel is a software tunnel without hardware programming. It ONLY works for the local packets generated by CPU and is capped by CoPP policy. So no data/traffic traffic is thru the tunnel.
- The only valid use case per TOI is to advertise the ISIS routes to a remote application, like below
- The application can learn the whole view of a network topology
- Based application or business intelligence, it can program the routers to instruct the traffic flows. So a practical SDN solution to me.
Limitation:
- IPv6 underlay endpoint is not supported
- Underlay VRF is not supported
- That says the tunnel source/destination must be ipv4 address under default VRF.
Some extras:
- Even in the above the TOI, it says it only supports ISIS, but in the lab, the BGP session is up and running w/o any issue. But one thing to be aware is to assign the tunnel interface TTL. Otherwise, the neighbor fails to come up
R11(config-router-bgp)#sh run sec router bgp
router bgp 11
neighbor 10.100.100.44 remote-as 44
neighbor 10.100.100.44 maximum-routes 12000
redistribute connected
R11(config-router-bgp)#sh ip bgp sum
BGP summary information for VRF default
Router identifier 11.11.11.11, local AS number 11
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc
10.100.100.44 4 44 4002 4013 0 0 01:29:18 Estab 11 11 <<<< session is up
- Overlay VRF is supported, so tunnel interface can belong to none-default VRF
R11(config)#sh run int tunnel 101
interface Tunnel101
description sw-tunnel-gre-vrf-v1
vrf forwarding v1
ip address 10.101.101.11/24
isis enable isis.over.GRE.v1
isis bfd
isis network point-to-point
tunnel mode gre
tunnel source 11.11.11.1
tunnel destination 44.44.44.1
R11(config)#sh int tunnel 101
Tunnel101 is up, line protocol is up (connected)
Hardware is Tunnel, address is 0b0b.0b01.0800
Description: sw-tunnel-gre-vrf-v1
Internet address is 10.101.101.11/24
Broadcast address is 255.255.255.255
Tunnel source 11.11.11.1, destination 44.44.44.1
....
R44(config)#sh run int tu101
interface Tunnel101
description sw-tunnel-gre-vrf-v1
vrf forwarding v1
ip address 10.101.101.44/24
isis enable isis.over.GRE.v1
isis bfd
isis network point-to-point
tunnel mode gre
tunnel source 44.44.44.1
tunnel destination 11.11.11.1
R44(config)#sh int tu101
Tunnel101 is up, line protocol is up (connected)
Hardware is Tunnel, address is 2c2c.2c01.0800
Description: sw-tunnel-gre-vrf-v1
Internet address is 10.101.101.44/24
Broadcast address is 255.255.255.255
....
R11(config)#ping vrf v1 10.101.101.44
PING 10.101.101.44 (10.101.101.44) 72(100) bytes of data.
80 bytes from 10.101.101.44: icmp_seq=1 ttl=64 time=0.234 ms
80 bytes from 10.101.101.44: icmp_seq=2 ttl=64 time=0.153 ms
...
R11(config)#sh isis neighbors vrf v1
Instance VRF System Id Type Interface SNPA State Hold time Circuit Id
isis.over v1 R44 L1 Tunnel101 P2P UP 25 87
R11(config)#sh ip route vrf v1 isis
VRF: v1
....
I L1 101.101.44.1/32 [115/11] via 10.101.101.44, Tunnel101
I L1 101.101.44.2/32 [115/11] via 10.101.101.44, Tunnel101
I L1 101.101.44.3/32 [115/11] via 10.101.101.44, Tunnel101
I L1 101.101.44.4/32 [115/11] via 10.101.101.44, Tunnel101
No comments:
Post a Comment