RE: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs

[Jeff Saxe <jsaxe () briworks com>]

Agreed: We used to use L2TPv3 tunnels fairly often to provide nailed-up private VLAN services to clients when we could 
only procure a Layer 3 circuit from another provider. They're pretty simple to set up and work reliably, although you 
may need to maintain both ends of the L2TPv3 at approximately matching IOS versions... at one point we had a perfectly 
working customer, then I upgraded a router at one end of the tunnel, and they suddenly had major, unexplainable packet 
loss all through the day. After I upgraded the other end, it returned to working fine.

But yeah, you don't really need a loopback. We routinely terminated the tunnels on the WAN address closest to the 
Internet. I think the only time I had to introduce a loopback was when one router was a tunnel terminator for two 
far-end locations, and when I tried to configure the second peer it complained at me. Also one time I wanted to have 
two parallel tunnels between the same source and destination routers (which is perfectly fine, because it has a tunnel 
discriminator number that keeps the two customers' traffic separate), except I also wanted to do some fancy QoS 
prioritization on one of them. By the time the traffic hits the WAN interface, the tunnel discriminator is buried too 
far down in the packet to use any "match" statements in the QoS, so I made one of the tunnels have a separate L2TPv3 
endpoint on each router, and then I could just match on destination IP address.

But that was a weird edge case. Most of the time we just used the outside Internet address, either T1 or Ethernet. 
Email me back privately if you want me to dig up the configs out of our CatTools archive.

-- Jeff Saxe
Blue Ridge InternetWorks
Charlottesville, VA


________________________________________
From: David Freedman [david.freedman () uk clara net]
Sent: Wednesday, November 10, 2010 1:22 PM
To: nanog () nanog org
Subject: Re: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs

e.
> We will need to set up a L2TPV3 tunnel to their old location (single
> homed, no BGP on that side).  Upon initial reading of Cisco docs to do
> this, we will need a routable IP on a loopback interface for starters.

I'm pretty sure this is just a recommendation based on good practise
(routeability to endpoints), I'm sure since you are not multihomed you
can just use "ip local interface WAN1" and be done with it, I seem to
remember doing something similar in an l2tpv3 pw class and it working.



> Using one from the /24 LAN is out unless we subnet it, which we don't
> want to do.
>
> So the question is, can I just "move" the PTP IP address x.x.129.174
> from the WAN interface to the loopback like this?
>
>  interface Loopback0
>   ip address x.x.129.174 255.255.255.252  (that's the mask we're using on
>             the WAN- Cisco's loopback examples show .255)
>
>  interface WAN1 (actually a gigether)
>   ip unnumbered loopback0  (or no ip addr?)
>
>  neighbor x.x.128.173 update-source Loopback0

No, if you were to do this you should get a new transfer network, you
can't have the same address on two interfaces (and in fact, you should
really be stealing an address from your internal /24 which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...

--


David Freedman
Group Network Engineering
Claranet Group