Network nerds?

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
So, myself and a few others have decided to create a little project and see how things come a long. Myself and Vito have BGP peered via Ipsec GRE tunnels and a few other people as well. If anyone has a cisco device/something that can do IPSEC over GRE(for routing protocols) WITH BGP let us know as we want to see how large we can get this. Again, we're going to be using BGP to simulate a very large grouping of AS's(lets call it internet 3 :p)

This will be a no BS network as most of our private networks are part of it, so if you want to legitimately join in to learn post it up. Also, intra-network voice services are currently available but only Cisco hard/soft phones are working right now.

Again, if you would like to join in let us know or if you have any ideas let us know. Some I have come up with:

Conference bridge for CCIE topic discussion
Multicast video streaming of non-pirated material
streaming audio services
ESX4 sandbox
CCIE pod(s)
dynamips sandbox's

This idea obviously involves a lot of trust ;)
 

Electrofreak

[H]ard|Gawd
Joined
Aug 5, 2008
Messages
1,080
If I knew what the heck you were talking about I'd love to participate.

::Studies harder:: :D
 

cymon

Limp Gawd
Joined
Apr 16, 2009
Messages
453
Are you guys using the reserved AS numbers or what? I'm very interested in joining this. I've got a 3640 and a friend of mine has a 7206 non-VXR.
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
If I knew what the heck you were talking about I'd love to participate.

::Studies harder:: :D

If you can get something on the edge that can meet the requirement(just list the device, I can tell you) then ill configure it for you. Also, this would be a great learning experience for anyone wanting some practical VPN and BGP training.

Are you guys using the reserved AS numbers or what? I'm very interested in joining this. I've got a 3640 and a friend of mine has a 7206 non-VXR.
Reserved-ish :D ... since we obviously can't peer with real AS's and are peering via GRE we can use whatever AS number we would like(2 byte that is ;)). If you want to use the private reserved range, thats fine as well. Get me on AIM later today, I think that will be the primary communication medium for this. You're golden with both of those devices, just remember to get a k9 IOS(crypto).
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
I can install openbgp and use the ipsec in pfsense? Otherwise I could crack out the pix 506 for what little longer i'll have it ;)


Edit:
Not a bad idea fella's. I really need to learn BGP before it pwns me with this Juniper Install.

Edit Edit:
Crap... I haven't been on aim in so long it's not even funny... Thank god gTalk supports aim
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Tired of Editing, But I will probably be building Asterisk (SIP) and potentially have my esx setup out there along with vmware view.
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
I can install openbgp and use the ipsec in pfsense? Otherwise I could crack out the pix 506 for what little longer i'll have it ;)
pretty sure that pfsense will terminate a GRE tunnel, which is what we need. Your PIX wont do that :( .... verify GRE with the pfsense box though.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
pretty sure that pfsense will terminate a GRE tunnel, which is what we need. Your PIX wont do that :( .... verify GRE with the pfsense box though.

Looking at it now.. From what I'm seeing (and probably misunderstanding) is that the next release of pfsense has gre tunneling. I currently have pfsense 1.2.2. Unless you know different I would love to give it a shot.

Edit.. If it's any help I have a 2948g-l3. I know that I've seen commands for bgp before.
 
Joined
Feb 19, 2004
Messages
3,861
I'm definitely interested but I think I already sold off all my crap that can do GRE. :(

What is the cheapest Cisco router that would do this? I could also setup a pfSense box, not a big deal to get that going at all.
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
Looking at it now.. From what I'm seeing (and probably misunderstanding) is that the next release of pfsense has gre tunneling. I currently have pfsense 1.2.2. Unless you know different I would love to give it a shot.

Edit.. If it's any help I have a 2948g-l3. I know that I've seen commands for bgp before.
Not sure if the 2948 will do GRE.
http://blog.pfsense.org/?p=208
1.3 is now 2.0. Its alpah.... but try it out! :D

What is the cheapest Cisco router that would do this? I could also setup a pfSense box, not a big deal to get that going at all.
What routers do you still have? 26xx,36xx,18xx,28xx + should all support GRE and BGP with the proper image. Some 8xx will also support BGP but I wouldn't do it :p
 

just2cool

Gawd
Joined
Sep 22, 2005
Messages
524
calvinj -- Don't worry about it. Basic BGP config isn't very hard. Configure the local ASN, neighbor(s) IP(s) and remote ASN, and any networks you want to advertise via "network x.x.x.x mask y.y.y.y". Also, you'd normally want to disable synch and auto-summary. There are a few gotchas... TCP 179 has to be open, your eBGP neighbor can't be more than 1 hop away (by default), and you can run into trouble if you don't advertise direct links to other eBGP neighbors to your iBGP peers.

The advanced configuration is harder, but makes it a pretty cool and robust routing protocol (imo). It's just designed to be slow as balls to converge. You can modify the timers within your internal organization though.

xphil3 -- I don't have anything at my house to use. Only thing I have is a 7971 IP phone, 7921 wireless IP phone, 3524xl switch (yuck), and a DD-WRT "vpn" router. Think DD-WRT will do GRE and BGP.. and my build might do IPSec.. not sure. But what good is it anyway? All of my cool shit is in my lab at work haha.
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
xphil3 -- I don't have anything at my house to use. Only thing I have is a 7971 IP phone, 7921 wireless IP phone, 3524xl switch (yuck), and a DD-WRT "vpn" router. Think DD-WRT will do GRE and BGP.. and my build might do IPSec.. not sure. But what good is it anyway? All of my cool shit is in my lab at work haha.
Thats depressing.... you need to seriously get a good edge router. Why not hit up ebay and grab something real quick, you're one of the ones I figured would be all over this pretty quickly. For you, i would be disappointed with anything other than a Cisco device terminating the tunnels.

Also, hopefully people are willing to terminate multiple tunnels for obvious BGP reasons(path manipulation, failover, etc) :D
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
Didn't see this thread earlier.

Anyone willing should definitely jump on this. I'd like to get a big ring, or maybe some partial mesh action.

xphil3, get on AIM, I need you to point your CUCM to my CCME.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Wait.. I forgot.. I have a 2621 with 2 fe interfaces. I could find another IOS for it if needed.. Will that work?

What would be a good edge router that won't break the bank.
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
Wait.. I forgot.. I have a 2621 with 2 fe interfaces. I could find another IOS for it if needed.. Will that work?

What would be a good edge router that won't break the bank.
Another great thing, if you dont want that sitting at your edge creating a potential bottleneck just configure NAT-T( or many devices already support it) and throw it behind your NAT device if its more powerful :D. That router will definitely suffice though.

Vito,
Heading home in a bit, going to help Alex setup his ESX3.5 box and then maybe we can do the trunk. Also, going to try and do a conference bridge tonight with me, you and alex so have your CIPC loaded.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Another great thing, if you dont want that sitting at your edge creating a potential bottleneck just configure NAT-T( or many devices already support it) and throw it behind your NAT device if its more powerful :D. That router will definitely suffice though.

Already have a vlan setup for the wan. Won't take much to tag for a vlan and plug in accordingly.. What do you recommend for an IOS?
 

criccio

Fully Equipped
Joined
Mar 26, 2008
Messages
13,977
This sounds awesome, if only I knew what you where talking about.

*hits up wikipedia*
 

Langly

Supreme [H]ardness
Joined
Dec 23, 2002
Messages
4,490
I have my 1841 im willing to throw in the loop.

I gotta do a firmware update first and then study some :D I sorta understand whats going on but I will research out to learn more :D

shoot me a PM and I'll give you better contact info
 
Joined
Feb 19, 2004
Messages
3,861
xphil3 said:
What routers do you still have? 26xx,36xx,18xx,28xx + should all support GRE and BGP with the proper image. Some 8xx will also support BGP but I wouldn't do it :p

Unfortunately, I got rid of ALL of my routers. :(

I'm going to start hunting around on eBay for a 2621 or something if that will work. I just blew all my tech toy wad on those Rackable Servers and a UPS. :D
 

QHalo

2[H]4U
Joined
Sep 30, 2002
Messages
3,432
This is a cool idea. I'm seriously considering breaking my 1841 out of my pod to connect in.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Planning on downloading the new IOS that will support bgp and gre tunnels. current i have
c2600-i-mz.122-26c.bin. Wondering what Specifically I would need to download tonight from cco
 

xphil3

[H]ard|Gawd
Joined
Nov 11, 2005
Messages
1,212
Planning on downloading the new IOS that will support bgp and gre tunnels. current i have
c2600-i-mz.122-26c.bin. Wondering what Specifically I would need to download tonight from cco
Get something with k9 in the filename, this implies crypto(required).

Also, everyone that wants to participate place IM me asap. Im going to setup a chat room in AIM so we can all gather there and talk about how this is going to work.
 

just2cool

Gawd
Joined
Sep 22, 2005
Messages
524
Thats depressing.... you need to seriously get a good edge router.

Yeah. Sucks where I work... it's like being a kid in a candy store. You don't know how much I'd like to take the 7301 I've got in the lab (basically a 7200 NPE-G2 in a 1U form) back for CCIE studying purposes. It's small enough to have at home -- it's just a loud sucker haha.
11984195.jpg



I might be able to dig up a 26xx or 36xx (non-xm). That's probably the best I can do. Might look into ebay.. but with the amount of expensive stuff I have access to here via my VPN connection, I don't really see the point of buying an old ass device. We'll see...
 

cymon

Limp Gawd
Joined
Apr 16, 2009
Messages
453
If you can get something on the edge that can meet the requirement(just list the device, I can tell you) then ill configure it for you. Also, this would be a great learning experience for anyone wanting some practical VPN and BGP training.


Reserved-ish :D ... since we obviously can't peer with real AS's and are peering via GRE we can use whatever AS number we would like(2 byte that is ;)). If you want to use the private reserved range, thats fine as well. Get me on AIM later today, I think that will be the primary communication medium for this. You're golden with both of those devices, just remember to get a k9 IOS(crypto).

I'm going to go ahead and cal AS1337 or AS31337, if you don't mind. I've got a few brief questions on how to get this working with a PIX 520.
 

just2cool

Gawd
Joined
Sep 22, 2005
Messages
524
Oh man, what a piece of crap:

cisco 3620 (R4700) processor (revision 0x81) with 24576K/8192K bytes of memory.
Processor board ID 28002352
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Get something with k9 in the filename, this implies crypto(required).

Also, everyone that wants to participate place IM me asap. Im going to setup a chat room in AIM so we can all gather there and talk about how this is going to work.

Count me in. I'll PM you my AIM Addy.. Hopefully it's not while I'm headed to supper
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
Anyone who want to join my AIM is VitoCorleoneR, send me your info and I'll give you the config and get you set up on my end.
 

cymon

Limp Gawd
Joined
Apr 16, 2009
Messages
453
Geez, I've got a 3640 and a 2611 and I thought the 3640 was decent!
 

QHalo

2[H]4U
Joined
Sep 30, 2002
Messages
3,432
Oh man, what a piece of crap:

cisco 3620 (R4700) processor (revision 0x81) with 24576K/8192K bytes of memory.
Processor board ID 28002352
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)

HEY!!! That's my Frame Switch :p
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
c2600-ik9s-mz.122-26c.bin

Hopefully that will work because it's what i just downloaded ;)
 

just2cool

Gawd
Joined
Sep 22, 2005
Messages
524
Found a bunch of 3660s... (225MHz + 256MB RAM). No way in hell I want to bring those mammoths home.

I did find one diamond in the rough... a 3725:
c3725 processor with 262144 Kbytes of main memory
Cisco 3725 (R7000) processor (revision 0.1) with 196608K/65536K bytes of memory.
Processor board ID JMX0714L17L
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 Serial interfaces
2 Channelized T1/PRI ports
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
125184K bytes of ATA System CompactFlash (Read/Write)

Need to see if I can borrow this for 6-8 months... it's just sitting downstairs collecting dust, much like 15 6500 chassis haha. Definitely not crazy enough to bring that crap home like you xphil3.
 

just2cool

Gawd
Joined
Sep 22, 2005
Messages
524
Oh haha... my bad guys, didn't mean to offend you all with my comment. They're not that bad. I am spoiled beyond belief. Even this 37xx seems mundane to me.

Alright, wish me luck going through all the red tape at fort knox to get this home...
 

TGA

Gawd
Joined
Jun 26, 2004
Messages
825
Damn you guys really make me wish I hadn't got drug in to other projects.

As it stands my 1841 is still just sitting around waiting for me to pick up some books so I can learn how to set her up.

Sounds like I am missing out on great learning opportunity.
 
Top