Max Transit to Balance 380 via SpeedFusion, onward travel through Cisco network?

I’ll apologise in advance as I can only assume I have missed something very obvious on this, but maybe somebody can point me in the right direction.

In short, I have a temp branch office needing to be installed- typically we would use all manner of circuit types- sometimes a Peplink 4G solution to build a GRE tunnel & run DMVPN over the SpeedFusion tunnel between an on site Cisco router and one in the DC- all is well, we are really just using the Speedfusion as a transit tunnel for the GRE tunnel & DMVPN to form. In this case though, there is no Cisco router available for the branch office- no problem I assumed. Either I bring up BGP between the branch router (Router 2) and the Cisco ISR (Router 1), or since there are just a couple of local networks at the branch, a default route from R2 pointing to R1 and static routes from Router 1 which are advertised into the wider BGP network.

Quick overview of the setup- drawing should help a little. Hub 1 and Router 1 are directly connected on a /30 network, so where required we have static routes on R1 pointing to the Hub to bring up DMVPN- nothing very interesting. Router 2 is 4G only, with a SpeedFusion tunnel to Hub 1. Router 2 has an outbound policy to kick everything through the SF Tunnel with the exception of InControl management traffic & NTP which can break out via the cellular connections.

A network on Router 2 is given a /30 address just to use as the source interface for BGP, Router 1 has a static route to this. They can happily ping each other.

I’ll kick off with my issues with BGP. I can bring up BGP as expected (Obviously with eBGP multihop 2 since it’s passing through the hub), Router 2 shares the routes I have told it to- however on R1 they are shown with a next hop of 5.192..… which threw me off. Eventually figured out this is an ID given to the SF tunnel which of course Router 1 doesn’t know about. Once I add a static route to this /32 pointing towards the Hub, I can ping R2’s local /24 gateways from R1. If I look at routers on the rest of the BGP network they know about R2’s networks and install them into their routing tables, however for whatever reason they just don’t function- I cannot ping the R2 local gateways. I can trace through to R1, however traffic then fails and never appears to make it to R2.

Prior to this I had attempted to go about this a different way- R1 has 2 static routes for the 10.1.0.0/24 and 10.1.1.0/24 networks pointing towards the hub- again, I can then ping the gateways over the SF tunnel. R1 then readvertises the traffic to the wider estate- but again, this failed.

I am guessing that traffic is making it from R2 to the hub, but doesn’t actually know where to go from there- what I really need is a way to specify that all traffic from that particular site should be routed directly to R1’s LAN interface… but the question is how?!

Possibly I’m going about this all wrong… but it’s that weird time between Christmas and New Year and my brain is fried…

Any smarter minds would be appreciated!!

peplink-network.PNG|1083x753

I assume you had set the Hub 1 WAN interface to IP forwarding instead of NAT?

9 times out of 10 I don’t end up using the LAN interface on the hub device in a deployment scenario like yours.

Instead I use a WAN port set to IP Forwarding (with the core datacentre routers as the default gateway), and then use that WAN as the assigned BGP interface for the rest of the network(s) in the datacentre.

This then means I can use outbound policies on the hub to further control where remote site traffic flows.

1 Like

Please disregard! I needed to create a static default route on the Hub pointing towards the Cisco ISR- all is resolved now.

1 Like