Embedded Files
Overview
Overview
In this lab we are going to setup connectivity between 2 sites, so that hosts from site1 are able to reach hosts from site2 and vice versa.
We will setup a VPN between site1 and site2 and configure routing internally(ospf) and externally (bgp).
Site1 Subnets (ro1 + ro3):
sw10: 192.168.10.0/24
sw11: 192.168.11.0/24
sw12: 192.168.12.0/24
Site2 Subnets (ro2 + ro4):
sw20: 192.168.20.0/24
sw21: 192.168.21.0/24
sw22: 192.168.22.0/24
sw23: 192.168.23.0/24
OpenVPN Configuration
OpenVPN Configuration
We want to be able to connect between LAN20 and LAN10 and between LAN11 and LAN23. As the traffic needs to go via isp1 (internet) we first need to create a connection between site1 and site2 that we can use to route traffic over the internet. We will use openvpn to create a tunnel from site2(openvpn-client) to site1 (openvpn-server) through the internet.
Site1 Subnets:
LAN10: 192.168.10.0/24
LAN11: 192.168.11.0/24
LAN12: 192.168.12.0/24
Site2 Subnets:
LAN20: 192.168.20.0/24
LAN21: 192.168.21.0/24
LAN22: 192.168.22.0/24
LAN23: 192.168.23.0/24
ro1 and ro2
ro1 and ro2
opnvpn-server:
openvpn-client:
#copy the vpn.key file from ro1 to ro2 as it is a symmetric(shared) key
We test if the tunnel is up and if we can reach our peer from both sides.
ro1 -> ro2
ro2 -> ro1
BGP Configuration
BGP Configuration
Now that we have successfully established a VPN between site1 and site2 we can configure BGP on the router ro1 and ro2.
ro1 and ro2
ro1 and ro2
First we need to make sure the bgp and ospf daemons are started and we also need to use the frr_profile datacenter.
Next we are going to configure BGP on both router. We only want to to configure certain subnets per router, as we don't want to expose all LANS from site1 to site2 and vice versa. We only want hosts in LAN10 and LAN11 to be able to connect to hosts in LAN20 and LAN23.
On ro2 we can see the propagated route from ro1, namely LAN10, but on ro1 we only find the route to LAN20 from ro2. Why is that?
The reason is that ro2 doesn't know anything about LAN23 yet as it is behind ro4.
OSPF Configuration
OSPF Configuration
We will configure now the router pairs on each site, so that they know all LAN's.
ro1 and ro3
ro1 and ro3
If we look at the routing we'll find the ospf configured networks as highlighted below.
ro2 and ro4
ro2 and ro4
We also check if everything works as expected by looking at the rouing on the router. The ospf propagated networks are highlighted below.
Connectivity Testing
Connectivity Testing
ns1 <-> ns2
ns1 <-> ns2
ns1 -> ns2
ns2 -> ns1
dc1 <-> dc2
dc1 <-> dc2
dc1 -> dc2
dc2 -> dc1
If we try the other hosts in LAN10, LAN11, LAN20 and LAN23 we will see that they are all able to communicate with each other.
If we test communication between hosts in LAN11 and LAN21 we will easily see that it not working as ro1 doesn't know anything about LAN21 and thus routes packets with the destination of LAN21 to its defined default route which is isp1 and that router also doesn't know anything about LAN21.
Google Sites
Report abuse