In the previous lab example, we saw how to control the overlay topology using restricted TLOC colors. In this example, we will see how to use tunnel-groups in conjunction with the restrict parameter to break up the overlay fabric into two separate meshes of tunnels.
In real-world deployments, it is pretty standard for organizations to have a group of branches in close geographical proximity, such as stores on the east coast and another faraway group, for example, on the west coast.
We will make a mesh of overlay tunnels between vEdges 1,2,3 and 4 (highlighted in yellow) and another mesh of tunnels between vEdges 1,2,5,6 (highlighted in purple). To achieve that, we will configure the TLOCs of vEdge-3 and 4 with the tunnel-group id 1. On the opposite side, we will configure the TLOCs of vEdge-5 and 6 with the tunnel-group id 2.
Recall that a local TLOC will only form an overlay tunnel to remote TLOCs that have the same tunnel-group-id or no tunnel-group-id. Tunnel groups work in conjunction with the color restrict option. If a color is restricted, a local TLOC with that color will only form a tunnel to remote TLOCs with the same tunnel-group ID and the same TLOC color.
Therefore, to achieve the topology shown in figure 1, we must configure the local TLOCs of vEdge-3 and 4 with tunnel-group id 1 and the ones of vEdge-5 and 6 with group id 2. The key point here is that the local TLOCs of vEdges 1 and 2 must be configured with no group id so they can make tunnels to all tunnel-group ids.
Configuring tunnel-groups on vEdges 3,4,5 and 6
Configuring tunnel groups is as simple as adding one parameter to the local TLOC configuration on a transport interface in vpn 0. Just go ahead and configure the local TLOCs of vEdges 3 and 4 with group id 1 as shown in the output below.
Configure this on vEdge-3 and vEdge-4 vpn 0 interface ge0/0 tunnel-interface group 1 ! interface ge0/1 tunnel-interface group 1 !
When we apply and commit this configuration, nothing will change yet because all other TLOCs in the environment will still have no group-id configured. (any group-id forms a tunnel to no group-id). However, let’s go ahead and configure the local TLOCs of vEdges 5 and 6 with a different group-id 2.
Configure this on vEdge-5 and vEdge-6 vpn 0 interface ge0/0 tunnel-interface group 2 ! interface ge0/1 tunnel-interface group 2 !
Once we apply this configuration, we can see that vEdges 3 and 4 no longer form overlay tunnels to vEdges 5 and 6 because their TLOCs have different tunnel-group id.
Let’s verify the topology by checking the BFD sessions on vEdge-3 and vEdge-6.
Full Content Access is for Registered Users Only (it's FREE)...
- Learn any CCNA, DevNet or Network Automation topic with animated explanation.
- We focus on simplicity. Networking tutorials and examples written in simple, understandable language for beginners.