diff options
author | ekhudiyev <88712424+ekhudiyev@users.noreply.github.com> | 2021-12-10 16:31:04 +0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-10 16:31:04 +0400 |
commit | 08dc6a027f2d48cfea3c2e00cb664780c0cfc72e (patch) | |
tree | 388b8b1bdb347d46221ea4b4b61179a9a83953b5 /docs/configexamples | |
parent | 4c9f3adc5f765fd853544c52b8a3c0afa4eb90ed (diff) | |
download | vyos-documentation-08dc6a027f2d48cfea3c2e00cb664780c0cfc72e.tar.gz vyos-documentation-08dc6a027f2d48cfea3c2e00cb664780c0cfc72e.zip |
Initial document creation.
Diffstat (limited to 'docs/configexamples')
-rw-r--r-- | docs/configexamples/dual-hub-dmvpn | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/docs/configexamples/dual-hub-dmvpn b/docs/configexamples/dual-hub-dmvpn new file mode 100644 index 00000000..dd265fa9 --- /dev/null +++ b/docs/configexamples/dual-hub-dmvpn @@ -0,0 +1,102 @@ + +######################## +Dual-Hub DMVPN with VyOS +######################## + +DMVPN is a Dynamic Multipoint VPN technology that provides the capability +for creating a dynamic-mesh VPN network without having to pre-configure +(static) all possible tunnel end-point peers those simplifying deployment +and management of the newly added remote sites. There are 3 main protocols +primarily used to implement DMVPN: + +* NHRP - provides the dynamic tunnel endpoint discovery mechanism (endpoint +registration, and endpoint discovery/lookup) +* mGRE - provides the tunnel encapsulation itself +* IPSec - protocols handle the key exchange, and crypto mechanism + +For his example we are using the following devices: + +* 2 x Hubs +* 3 x Spokes +* 1 x Client device (VPC) +* 1 x ISP router + +The following software was used in the creation of this document: + +* Operating system: VyOS +* Version: 1.3-beta-202112090443 +* Image name: vyos-1.3-beta-202112090443-amd64.iso + + + +******** +Topology +******** +.. image:: /_static/images/VyOS_Dual-Hub_DMVPN.png + :width: 80% + :align: center + :alt: Network Topology Diagram + + + +****************************************** +Network Addressing and Protocol Parameters +****************************************** + +The following ip addressing schema used for the devices IPv4 connectivity: + +10.X1.0.0/30 - p2p Hubs to ISP networks, where X is Hub site number +10.Y1.1.0/24 - p2p Spokes to ISP networks(DHCP), where Y is Spoke site number +172.16.253.0/29 - tunnels addressing for Hub-1 connections +172.16.254.0/29 - tunnels addressing for Hub-2 connections +192.168.0.0/24 - HQ site local network +192.168.Z.0/24 - remote sites local network, where Z is Spoke site number + +eBGP parameters for the routers: + +AS65000 - HQ (Hub-1 and Hub-2) +AS6500X - Spokes, where X is Spoke site number + + + +************* +Configuration +************* + + + +Step-1: Configuring IGP and enabling MPLS LDP +============================================= + +At the first step we need to configure the IP/MPLS backbone network using OSPF as +IGP protocol and LDP as label-switching protocol for the base connectivity between +**P** (rovider), **P** (rovider) **E** (dge) and **R** (oute) **R** (eflector) nodes: + +- VyOS-P1: + +.. code-block:: none + + # interfaces + set interfaces dummy dum10 address '10.0.0.3/32' + set interfaces ethernet eth0 address '172.16.30.1/24' + set interfaces ethernet eth1 address '172.16.40.1/24' + set interfaces ethernet eth2 address '172.16.90.1/24' + set interfaces ethernet eth3 address '172.16.10.1/24' + set interfaces ethernet eth5 address '172.16.100.1/24' + + # protocols ospf+ldp + set protocols mpls interface 'eth1' + set protocols mpls interface 'eth2' + set protocols mpls interface 'eth3' + set protocols mpls interface 'eth5' + set protocols mpls interface 'eth0' + set protocols mpls ldp discovery transport-ipv4-address '10.0.0.3' + set protocols mpls ldp interface 'eth0' + set protocols mpls ldp interface 'eth1' + set protocols mpls ldp interface 'eth2' + set protocols mpls ldp interface 'eth3' + set protocols mpls ldp interface 'eth5' + set protocols mpls ldp router-id '10.0.0.3' + set protocols ospf area 0 network '0.0.0.0/0' + set protocols ospf parameters abr-type 'cisco' + set protocols ospf parameters router-id '10.0.0.3 |