Conectivity question -End to End

In the lab, we are typcally asked to provide end to end connectivity between the remote vpn sites. Take this simple scenario as an example:

 

CE1-------PE1-----PE2-------CE2

assume that you are running any IGP other then OSPF as the ce to pe protocol. On CE1 (or CE2), you advertise your loopback 0 and the interface connected to the PE. On the PE, you do mutual redistribution between bgp and igp to gain end to end connectivity.

Taking on board the above scenario, if we ping from CE1 to CE2, it will fail unless we source it from the loopback 0 interface on the CEs. Unless we do redistribute connected or use the network statments (on the PEs) to advertise links between the PEs and the CEs, CEs will only be able to ping each other via the loopback interfaces.

The question is this, pinging from loopback addresses only from the CEs, does it actually satisfy the question's requirement of end to end connectivity or should we also redistribute connected or use the network statments to advertise link info as well so when we ping from the CEs, we do not need to use loopback 0 as our source address?

 

Comments

  • Hi faraz!

    I think the answer is in your question. A loopack interface is nothing else than a virtual interface connected to the router. So it is directly connected like any LAN subnet that is connected to your CE

    In the lab, we are typcally asked to provide end to end connectivity between the remote vpn sites.
    .

    I think that they mean with "between the remote sites" ..."between the directly connected LAN interfaces/subnets of the CEs right?

     

    Hope this helps.

    Regards!

     

  • I would agree with zool..

    Full connectivity means LAN to LAN for me , just loop backs is not enough

    In this environment you can leave out the WAN for sure . But I would make sure the LAN and loop backs are both available .

    IF you lab is marked with a ping script, then for sure they will try to ping the LAN interfaces

    HTH

  • That's the time to ask the proctor; how they expect us to perform.

  • in sp sample labs they ping with loopbacks

     

  • Hi

    In the SP labs, the VPN sites typically dont have LAN interfaces. You have the WAN link and the loopback addresses.

    Would it be simply safer to redist connected on the PE so you can also ping the WAN link to the CE  along with the loopback(s) address(es) on the CE as well?

  • Hello Zool

    I realise that on a CE, a loopback address is seen as a connected or a local interface however, in a SP scenario, you will be asked to advertise that into the IGP. It is on the PE where the decision is made whether to advertise the WAN links or not as redistributing igp into bgp will not advertise the directly connected WAN link (except ospf).

     

    Should the CE be able ping the remote CE site via the WAN link as its source address? or simply do redist connected or network statment on the PE to resolve this issue?

    I simply dont want to get marked down for something so silly.

  • Hi!

    I would also advertise the loopbacks as the loopback is also useful for the customer to monitor...for example they could have multi-homing etc.

    The WAN link as its source address...if you mean the WAN-link from the CE to PE then I would say yes, because imagine you do a traceroute. If the link is not available you probably get strange results.

    Regards!

Sign In or Register to comment.