Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

​IWAN - Domain Setup

Picture
This lab example deploys PfRv3 to the HQ and branch sites. CSR7 is the Hub MC, CSR3 and CSR4 are the border routers. CSR9 is a branch MC and CSR10 is branch border router. CSR11 and CSR12 are branch MC and border routers.



CSR7 - Hub Master Controller
ip prefix-list DC1 seq 5 permit 10.1.0.0/16 le 24
ip prefix-list ENTERPRISE seq 5 permit 10.0.0.0/8 le 24
!
domain default
 vrf default
  master hub
   source-interface Loopback0
   site-prefixes prefix-list DC1
   enterprise-prefix  prefix-list ENTERPRISE



CSR3 - Hub Border - INET
domain default
 vrf default
  border
   source-interface Loopback0
   master 10.1.7.7
  master branch
interface tunnel1
 domain path INET path-id 1




CSR4 - Hub Border - MPLS
domain default
 vrf default
  border
   source-interface Loopback0
   master 10.1.7.7
  master branch
!
interface tunnel2
 domain path MPLS path-id 



CSR9
domain default
 vrf default
  border
   source-interface Loopback0
   master local
  master branch
   source-interface Loopback0
   hub 10.1.7.7
!
interface Tunnel1
 domain path INET path-



CSR10
domain default
 vrf default
  border
   source-interface Loopback0
   master 10.3.9.9
!
interface Tunnel2
 domain path MPLS path-id 2



CSR11
domain default
 vrf default
  border
   source-interface Loopback0
   master local
  master branch
   source-interface Loopback0
   hub 10.1.7.7
!
interface Tunnel1
 domain path INET path-id 1
!
interface Tunnel2
 domain path MPLS path-id 2



CSR12
domain default
 vrf default
  border
   source-interface Loopback0
   master local
  master branch
   source-interface Loopback0
   hub 10.1.7.7
!
interface Tunnel1
 domain path INET path-id 1
!
interface Tunnel2
 domain path MPLS path-id 2




CSR3#show domain default border all 

Thu Dec 26 22:33:33.075
--------------------------------------------------------------------
Borders Configured:

VRF: default
Instance Status: UP
Present status last updated: 05:34:13 ago
Loopback: Configured Loopback0 UP (10.1.3.3)
Master: 10.1.7.7
Master version: 2
Connection Status with Master: UP
MC connection info: CONNECTION SUCCESSFUL
Connected for: 04:17:46
Route-Control: Enabled
Asymmetric Routing: Disabled
Minimum Mask Length Internet: 24
Minimum Mask Length Enterprise: 24
Connection Keepalive: 10 seconds
Sampling: off
Channel Unreachable Threshold Timer: 4 seconds
Minimum Packet Loss Calculation Threshold: 15 packets
Minimum Byte Loss Calculation Threshold: 10240 bytes
Monitor cache usage: 4000 (20%) Auto allocated
Minimum Requirement: Met
Smart Probe Profile:
  General Monitor:
    Current Provision Level: Master Hub
        Master Hub:
            Packets per burst: 1
            Interval(secs): 1
  Quick Monitor:
    Current Provision Level: Master Hub
        Master Hub:
            Packets per burst: 20
            Interval(secs): 1
  Notification to PD:
    add: 3, upd: 0, del: 2
External Wan interfaces: 
     Name: Tunnel1 Interface Index: 16 SNMP Index: 11 SP: INET path-id: 1 Status: UP Zero-SLA: NO Path of Last Resort: Disabled

Auto Tunnel information:

   Name:Tunnel0 if_index: 17
   Virtual Template: Not Configured
   Borders reachable via this tunnel:  10.1.4.4
--------------------------------------------------------------------




CSR3#show domain default border site-prefix 
  Change will be published between 5-60 seconds 
  Prefix DB Origin: 10.1.7.7
  Last publish Status : 
  Total publish errors : 0
  Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured; M-shared

Site-id              Site-prefix          Last Updated         DC Bitmap  Flag      
--------------------------------------------------------------------------------
9.9.9.9               9.9.9.9/32           05:37:33 ago         0x0         S,C
10.1.7.7              10.1.7.7/32          05:37:33 ago         0x1         S,C
10.1.7.7              10.1.0.0/16          05:37:33 ago         0x1         S,C,M
10.3.9.9              10.3.1.0/24          00:08:10 ago         0x0         S
10.3.9.9              10.3.2.0/24          00:08:10 ago         0x0         S
10.3.9.9              10.3.9.9/32          00:08:10 ago         0x0         S,C
10.3.9.9              10.3.10.10/32        00:08:10 ago         0x0         S
10.3.9.9              10.3.15.15/32        00:08:10 ago         0x0         S
10.3.9.9              10.3.109.10/32       00:08:10 ago         0x0         S
10.3.9.9              10.3.109.0/24        00:08:10 ago         0x0         S
10.3.9.9              10.3.151.10/32       00:08:10 ago         0x0         S
10.3.9.9              10.3.151.0/24        00:08:10 ago         0x0         S
10.3.9.9              10.3.159.9/32        00:08:10 ago         0x0         S
10.3.9.9              10.3.159.0/24        00:08:10 ago         0x0         S
10.4.11.11            10.4.11.11/32        04:17:48 ago         0x0         S,C
10.4.11.11            10.4.16.16/32        04:17:48 ago         0x0         S
10.4.11.11            10.4.116.11/32       04:17:48 ago         0x0         S
10.4.11.11            10.4.116.0/24        04:17:48 ago         0x0         S
10.5.12.12            10.5.12.12/32        04:17:32 ago         0x0         S,C
10.5.12.12            10.5.17.17/32        04:17:32 ago         0x0         S
10.5.12.12            10.5.127.12/32       04:17:32 ago         0x0         S
10.5.12.12            10.5.127.0/24        04:17:32 ago         0x0         S
255.255.255.255      *10.0.0.0/8           05:37:33 ago         0x0         S,T
11.11.11.11           11.11.11.11/32       05:37:33 ago         0x0         S,C
12.12.12.12           12.12.12.12/32       05:37:33 ago         0x0         S,C
--------------------------------------------------------------------------------




CSR11#show domain default master all 

  *** Domain MC Status ***

 Master VRF: Global

  Instance Type:    Branch
  Instance id:      0
  Operational status:  Up
  Configured status:  Up
  Loopback IP Address: 10.4.11.11
  Load Balancing:
   Operational Status: Up
   Max Calculated Utilization Variance: 0%
   Last load balance attempt: 04:07:02 ago
   Last Reason:  Variance less than 20%
   Total unbalanced bandwidth: 
         External links: 0 Kbps  Internet links: 0 Kbps
  Route Control: Enabled
  Transit Site Affinity: Enabled
  95% Bandwidth Check: Enabled
  Load Sharing: Enabled
  Connection Keepalive: 10 seconds
  Mitigation mode Aggressive: Disabled
  Policy threshold variance: 20
  Minimum Mask Length Internet: 24
  Minimum Mask Length Enterprise: 24
  Syslog TCA suppress timer: 180 seconds
  Traffic-Class Ageout Timer: 5 minutes
  Minimum Packet Loss Calculation Threshold: 15 packets
  Minimum Bytes Loss Calculation Threshold: 10240 bytes
  Branch to Branch Traffic Control: Enabled
  Maximum Traffic Classes Supported: 4000
  Minimum Requirement: Met

  Borders:
    IP address: 10.4.11.11
    Version: 2
    Connection status: CONNECTED (Last Updated 04:21:06 ago )
    Interfaces configured:
      Name: Tunnel2 | type: external | Service Provider: MPLS | Status: UP | Zero-SLA: NO | Path of Last Resort: Disabled
          Number of default Channels: 0

          Path-id list: 0:2

      Name: Tunnel1 | type: external | Service Provider: INET | Status: UP | Zero-SLA: NO | Path of Last Resort: Disabled
          Number of default Channels: 0

          Path-id list: 0:1

    Tunnel if: Tunnel0

--------------------------------------------------------------------------------



CSR3#              sh ip route eigrp 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 30 subnets, 2 masks
D        10.1.1.0/24 
           [90/10880] via 10.1.133.13, 04:24:38, GigabitEthernet1.133
D        10.1.2.0/24 
           [90/10880] via 10.1.133.13, 04:24:38, GigabitEthernet1.133
D        10.1.3.0/24 
           [90/10880] via 10.1.133.13, 04:24:38, GigabitEthernet1.133
D        10.1.4.4/32 [90/10880] via 10.1.34.4, 04:24:25, GigabitEthernet1.34
D        10.1.7.7/32 [90/10880] via 10.1.37.7, 04:24:38, GigabitEthernet1.37
D        10.1.13.13/32 
           [90/10880] via 10.1.133.13, 04:24:38, GigabitEthernet1.133
D        10.1.47.0/24 [90/15360] via 10.1.37.7, 04:24:38, GigabitEthernet1.37
D        10.1.134.0/24 
           [90/15360] via 10.1.133.13, 04:24:25, GigabitEthernet1.133
           [90/15360] via 10.1.34.4, 04:24:25, GigabitEthernet1.34
D        10.1.147.0/24 [90/15360] via 10.1.34.4, 04:24:25, GigabitEthernet1.34
D   p    10.3.1.0/24 [90/76805760] via 172.16.1.9, 04:17:41, Tunnel1
D   p    10.3.2.0/24 [90/76805760] via 172.16.1.9, 04:17:37, Tunnel1
D   p    10.3.9.9/32 [90/76800640] via 172.16.1.9, 04:24:45, Tunnel1
D        10.3.10.10/32 
           [90/76805760] via 10.1.34.4, 04:24:17, GigabitEthernet1.34
D   p    10.3.15.15/32 [90/76805760] via 172.16.1.9, 04:24:17, Tunnel1
D        10.3.109.0/24 
           [90/76810240] via 10.1.34.4, 04:24:17, GigabitEthernet1.34
D   p    10.3.151.0/24 [90/76810240] via 172.16.1.9, 04:24:17, Tunnel1
                       [90/76810240] via 10.1.34.4, 04:24:17, GigabitEthernet1.34
D   p    10.3.159.0/24 [90/76805120] via 172.16.1.9, 04:24:45, Tunnel1
D   p    10.4.11.11/32 [90/76800640] via 172.16.1.11, 04:24:24, Tunnel1
D   p    10.4.16.16/32 [90/76805760] via 172.16.1.11, 04:24:24, Tunnel1
D   p    10.4.116.0/24 [90/76805120] via 172.16.1.11, 04:24:24, Tunnel1
D   p    10.5.12.12/32 [90/76800640] via 172.16.1.12, 04:24:38, Tunnel1
D   p    10.5.17.17/32 [90/76805760] via 172.16.1.12, 04:24:38, Tunnel1
D   p    10.5.127.0/24 [90/76805120] via 172.16.1.12, 04:24:38, Tunnel1
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D        172.16.2.0/24 
           [90/76805120] via 10.1.34.4, 04:24:38, GigabitEthernet1.34



CSR11#sh ip route eigrp 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 28 subnets, 2 masks
D   p    10.1.1.0/24 [90/76805760] via 172.16.2.4, 04:24:45, Tunnel2
                     [90/76805760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.2.0/24 [90/76805760] via 172.16.2.4, 04:24:45, Tunnel2
                     [90/76805760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.3.0/24 [90/76805760] via 172.16.2.4, 04:24:45, Tunnel2
                     [90/76805760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.3.3/32 [90/76800640] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.4.4/32 [90/76800640] via 172.16.2.4, 04:24:45, Tunnel2
D   p    10.1.7.7/32 [90/76805760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.13.13/32 [90/76805760] via 172.16.2.4, 04:24:45, Tunnel2
                       [90/76805760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.34.0/24 [90/76805120] via 172.16.2.4, 04:24:45, Tunnel2
                      [90/76805120] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.37.0/24 [90/76805120] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.47.0/24 [90/76810240] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.133.0/24 [90/76805120] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.1.134.0/24 [90/76805120] via 172.16.2.4, 04:24:45, Tunnel2
D   p    10.1.147.0/24 [90/76805120] via 172.16.2.4, 04:24:45, Tunnel2
D   p    10.3.1.0/24 [90/102405760] via 172.16.2.4, 04:18:02, Tunnel2
                     [90/102405760] via 172.16.1.3, 04:18:02, Tunnel1
D   p    10.3.2.0/24 [90/102405760] via 172.16.2.4, 04:17:58, Tunnel2
                     [90/102405760] via 172.16.1.3, 04:17:58, Tunnel1
D   p    10.3.9.9/32 [90/102400640] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.3.10.10/32 [90/102400640] via 172.16.2.4, 04:24:38, Tunnel2
D   p    10.3.15.15/32 [90/102405760] via 172.16.2.4, 04:24:38, Tunnel2
                       [90/102405760] via 172.16.1.3, 04:24:38, Tunnel1
D   p    10.3.109.0/24 [90/102405120] via 172.16.2.4, 04:24:38, Tunnel2
D   p    10.3.151.0/24 [90/102405120] via 172.16.2.4, 04:24:38, Tunnel2
D   p    10.3.159.0/24 [90/102405120] via 172.16.1.3, 04:24:38, Tunnel1
D        10.4.16.16/32 
           [90/10880] via 10.4.116.16, 04:24:44, GigabitEthernet1.116
D   p    10.5.12.12/32 [90/102400640] via 172.16.2.4, 04:24:45, Tunnel2
                       [90/102400640] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.5.17.17/32 [90/102405760] via 172.16.2.4, 04:24:45, Tunnel2
                       [90/102405760] via 172.16.1.3, 04:24:45, Tunnel1
D   p    10.5.127.0/24 [90/102405120] via 172.16.2.4, 04:24:45, Tunnel2
                       [90/102405120] via 172.16.1.3, 04:24:45, Tunnel1




CSR11#sh ip route overrides pfr 
RIB Longest Match:
------------------
D   p 10.1.7.7/32 [90/76805760] via 172.16.1.3, 04:25:27, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.1.0/24 [90/102405760] via 172.16.2.4, 04:18:44, Tunnel2
                  [90/102405760] via 172.16.1.3, 04:18:44, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.2.0/24 [90/102405760] via 172.16.2.4, 04:18:40, Tunnel2
                  [90/102405760] via 172.16.1.3, 04:18:40, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.9.9/32 [90/102400640] via 172.16.1.3, 04:25:27, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.10.10/32 [90/102400640] via 172.16.2.4, 04:25:20, Tunnel2

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.15.15/32 [90/102405760] via 172.16.2.4, 04:25:20, Tunnel2
                    [90/102405760] via 172.16.1.3, 04:25:20, Tunnel1
          
PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.109.0/24 [90/102405120] via 172.16.2.4, 04:25:20, Tunnel2

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.151.0/24 [90/102405120] via 172.16.2.4, 04:25:20, Tunnel2

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.3.159.0/24 [90/102405120] via 172.16.1.3, 04:25:20, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.5.12.12/32 [90/102400640] via 172.16.2.4, 04:25:27, Tunnel2
                    [90/102400640] via 172.16.1.3, 04:25:27, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present

RIB Longest Match:
------------------
D   p 10.5.17.17/32 [90/102405760] via 172.16.2.4, 04:25:27, Tunnel2
                    [90/102405760] via 172.16.1.3, 04:25:27, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present
          
RIB Longest Match:
------------------
D   p 10.5.127.0/24 [90/102405120] via 172.16.2.4, 04:25:27, Tunnel2
                    [90/102405120] via 172.16.1.3, 04:25:27, Tunnel1

PfR Overrides:
--------------
No traffic classes currently present
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto