Topologi
Materi Lab
R1
- BGP
- iBGP
- eBGP
- Confederation
- Redudant Route-Reflector
- Multihoming
- Filtering (MED Local-pref)
- Recrusive Gateway
Tujuan Lab
Semua Router saling bertukar informasi Routing menggunakan BGP, terdapat tiga AS, salah satu AS terdiri dari sub-AS Confederation, dua AS lainnya memiliki dua jalur penghubung ke satu AS yang sama (Multihoming), Terdapat dua Router Route-Reflector yang bersifat Redudant.
Pada AS yang ada di kanan dan kiri setiap informasi yang masuk akan difilter dan dimodifikasi nilai MED, Local-pref dan semua atribut BGP lainnya
Konfigurasi AS 1234
Pada AS ini terdiri dari 4 Router, dan terbagi lagi menjadi dua AS Confederation yaitu AS 14 dan 23 yang bertujuan untuk mengurangi jumlah koneksi iBGP yang terbentuk.
IP Address
Pertama berikan alamat IP pada masing-masing Interface Router dalam AS iniR1
/interface bridge add name=lo0 /ip address add address=12.12.12.1/24 interface=ether1 network=12.12.12.0 add address=14.14.14.1/24 interface=ether2 network=14.14.14.0 add address=18.18.18.1/24 interface=ether3 network=18.18.18.0 add address=1.1.1.1 interface=lo0 network=1.1.1.1
R2
/interface bridge add name=lo0 /ip address add address=23.23.23.2/24 interface=ether1 network=23.23.23.0 add address=12.12.12.2/24 interface=ether2 network=12.12.12.0 add address=27.27.27.2/24 interface=ether3 network=27.27.27.0 add address=2.2.2.2 interface=lo0 network=2.2.2.2
R3
/interface bridge add name=lo0 /ip address add address=23.23.23.3/24 interface=ether1 network=23.23.23.0 add address=34.34.34.3/24 interface=ether2 network=34.34.34.0 add address=35.35.35.3/24 interface=ether3 network=35.35.35.0 add address=3.3.3.3 interface=lo0 network=3.3.3.3
R4
/interface bridge add name=lo0 /ip address add address=34.34.34.4/24 interface=ether1 network=34.34.34.0 add address=14.14.14.4/24 interface=ether2 network=14.14.14.0 add address=45.45.45.4/24 interface=ether3 network=45.45.45.0 add address=4.4.4.4 interface=lo0 network=4.4.4.4
BGP Confederation
Konfigurasi setiap sub-as dalam AS iniAS 14 (R1 & R4)
Pada kedua Router baik itu R1 dan R4 buat instance BGP dengan AS 14 dan confederation identifier dengan AS utama yaitu 1234, sedangkan confederation peers adalah AS confederation tetangga sebelah yaitu 23.R1
/routing bgp instance
set default disabled=yes
add as=14 confederation=1234 confederation-peers=23 name=lab-bgp \
redistribute-connected=yes router-id=1.1.1.1
R4
/routing bgp instance
set default disabled=yes
add as=14 confederation=1234 confederation-peers=23 name=lab-bgp \
redistribute-connected=yes router-id=4.4.4.4
Lalu konfigurasi BGP Peer pada Router BGP yang terhubung langsung dengan masing-masing RouterR1
/routing bgp peer
add in-filter=bgp-in-filter instance=lab-bgp name=peer1 remote-address=\
14.14.14.4 remote-as=14
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
12.12.12.2 remote-as=23
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 remote-address=\
18.18.18.8 remote-as=78
R4
/routing bgp peer
add in-filter=bgp-in-filter instance=lab-bgp name=peer1 remote-address=\
14.14.14.1 remote-as=14
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
34.34.34.3 remote-as=23
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 out-filter=\
bgp-out-attr remote-address=45.45.45.5 remote-as=56
AS 23 (R2 dan R3)
Hal yang sama juga dilakukan pada sub-as ini.R2
/routing bgp instance
set default disabled=yes
add as=23 confederation=1234 confederation-peers=14 name=lab-bgp \
redistribute-connected=yes router-id=2.2.2.2
/routing bgp peer
add in-filter=bgp-in-filter instance=lab-bgp name=peer1 remote-address=\
12.12.12.1 remote-as=14
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
23.23.23.3 remote-as=23
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 remote-address=\
27.27.27.7 remote-as=78
R3
/routing bgp instance
set default disabled=yes
add as=23 confederation=1234 confederation-peers=14 name=lab-bgp \
redistribute-connected=yes router-id=3.3.3.3
/routing bgp peer
add in-filter=bgp-in-filter instance=lab-bgp name=peer1 remote-address=\
23.23.23.2 remote-as=23
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
34.34.34.4 remote-as=14
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 out-filter=\
bgp-out-attr remote-address=35.35.35.5 remote-as=56
BGP Filter
Kita akan melakukan fitering pada rute-rute yang sudah dimiliki oleh Router (terhubung langsung) akan di discard dan memodifikasi nilai scope dan target scope informasi bgp yang masuk.R1
R1 sudah memiliki network 12.12.12.0/24, 14.14.14.0/24, dan 18.18.18.0/24 jika ada informasi yang sama berusaha memasuki Router R1 akan di discard atau dibuang./routing filter add chain=bgp-in-filter set-scope=20 set-target-scope=40 add action=discard chain=bgp-in-filter prefix=12.12.12.0/24 add action=discard chain=bgp-in-filter prefix=14.14.14.0/24 add action=discard chain=bgp-in-filter prefix=18.18.18.0/24
R2
/routing filter add chain=bgp-in-filter set-scope=20 set-target-scope=40 add action=discard chain=bgp-in-filter prefix=23.23.23.0/24 add action=discard chain=bgp-in-filter prefix=12.12.12.0/24 add action=discard chain=bgp-in-filter prefix=27.27.27.0/24
R3
/routing filter add chain=bgp-in-filter set-scope=20 set-target-scope=40 add action=discard chain=bgp-in-filter prefix=23.23.23.0/24 add action=discard chain=bgp-in-filter prefix=34.34.34.0/24 add action=discard chain=bgp-in-filter prefix=35.35.35.0/24
R4
/routing filter add chain=bgp-in-filter set-scope=20 set-target-scope=40 add action=discard chain=bgp-in-filter prefix=34.34.34.0/24 add action=discard chain=bgp-in-filter prefix=14.14.14.0/24 add action=discard chain=bgp-in-filter prefix=45.45.45.0/24Setelah selesai semua konfigurasi sekarang kita lihat Routing table pada salah satu Router
[admin@R4] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 1.1.1.1/32 14.14.14.1 200
1 ADb 2.2.2.2/32 12.12.12.2 200
2 ADb 3.3.3.3/32 34.34.34.3 20
3 ADC 4.4.4.4/32 4.4.4.4 lo0 0
4 ADb 12.12.12.0/24 14.14.14.1 200
5 ADC 14.14.14.0/24 14.14.14.4 ether2 0
6 ADb 18.18.18.0/24 14.14.14.1 200
7 ADb 23.23.23.0/24 12.12.12.2 200
8 Db 23.23.23.0/24 34.34.34.3 20
9 ADb 27.27.27.0/24 12.12.12.2 200
10 ADC 34.34.34.0/24 34.34.34.4 ether1 0
11 ADb 35.35.35.0/24 34.34.34.3 20
12 ADC 45.45.45.0/24 45.45.45.4 ether3 0
[admin@R4] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=1.1.1.1/32 gateway=14.14.14.1
gateway-status=14.14.14.1 reachable via ether2 distance=200 scope=20
target-scope=40 bgp-local-pref=100 bgp-origin=incomplete
received-from=peer1
1 ADb dst-address=2.2.2.2/32 gateway=12.12.12.2
gateway-status=12.12.12.2 recursive via 14.14.14.1 ether2
distance=200 scope=20 target-scope=40 bgp-as-path="(23)"
bgp-local-pref=100 bgp-origin=incomplete received-from=peer1
2 ADb dst-address=3.3.3.3/32 gateway=34.34.34.3
gateway-status=34.34.34.3 reachable via ether1 distance=20 scope=20
target-scope=40 bgp-as-path="(23)" bgp-local-pref=100
bgp-origin=incomplete received-from=peer2
3 ADC dst-address=4.4.4.4/32 pref-src=4.4.4.4 gateway=lo0
gateway-status=lo0 reachable distance=0 scope=10
4 ADb dst-address=12.12.12.0/24 gateway=14.14.14.1
gateway-status=14.14.14.1 reachable via ether2 distance=200 scope=20
-- [Q quit|D dump|down]
Konfigurasi AS 56 (R5 & R6)
Pada AS ini hanya terdiri dari dua Router, dan memiliki dua jalur untuk menuju satu AS yang sama (multihoming).IP Address
Pertama konfigurasi IP Address setiap interface RouterR5
/interface bridge add name=lo0 /ip address add address=35.35.35.5/24 interface=ether1 network=35.35.35.0 add address=45.45.45.5/24 interface=ether2 network=45.45.45.0 add address=56.56.56.5/24 interface=ether3 network=56.56.56.0 add address=5.5.5.5 interface=lo0 network=5.5.5.5
R6
/interface bridge add name=lo0 /ip address add address=56.56.56.6/24 interface=ether1 network=56.56.56.0 add address=60.60.60.60 interface=lo0 network=60.60.60.60
BGP
R5
/routing bgp instance
set default disabled=yes
add as=56 name=lab-bgp redistribute-connected=yes router-id=5.5.5.5
/routing bgp peer
add in-filter=bgp-exit-1 instance=lab-bgp name=peer1 out-filter=bgp-out-attr1 \
remote-address=35.35.35.3 remote-as=1234
add in-filter=bgp-exit-2 instance=lab-bgp name=peer2 out-filter=bgp-out-attr2 \
remote-address=45.45.45.4 remote-as=1234
add instance=lab-bgp name=peer3 remote-address=56.56.56.6 remote-as=56
R6
/routing bgp instance
set default disabled=yes
add as=56 name=lab-bgp redistribute-connected=yes router-id=6.6.6.6
/routing bgp peer
add in-filter=bgp-in-scope instance=lab-bgp name=peer1 remote-address=\
56.56.56.5 remote-as=56
Filtering
Filtering untuk memodifikasi nilai Local Preference, MED dan atribut lainnya terhadap infomasi bgp yang masuk.R5
Informasi yang didapat dari R3 akan di set local-pref 90, med 70, dan weight 80. Dan yang didapat dari R4 akan di set local-pref 150 med 130 dan weight 120./routing filter
add chain=bgp-exit-1 set-bgp-local-pref=90 set-bgp-med=70 set-bgp-weight=80
add chain=bgp-exit-2 set-bgp-local-pref=150 set-bgp-med=130 set-bgp-weight=\
120
R6
/routing filter add chain=bgp-in-scope set-scope=20 set-target-scope=40Setelah itu lihat Routing table pada R5 apakah atribut sudah berubah
[admin@R5] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=1.1.1.1/32 gateway=45.45.45.4
gateway-status=45.45.45.4 reachable via ether2 distance=20 scope=40
target-scope=10 bgp-as-path="1234" bgp-weight=120 bgp-local-pref=150
bgp-med=130 bgp-origin=incomplete received-from=peer2
1 Db dst-address=1.1.1.1/32 gateway=35.35.35.3
gateway-status=35.35.35.3 reachable via ether1 distance=20 scope=40
target-scope=10 bgp-as-path="1234" bgp-weight=80 bgp-local-pref=90
bgp-med=70 bgp-origin=incomplete received-from=peer1
2 ADb dst-address=2.2.2.2/32 gateway=45.45.45.4
gateway-status=45.45.45.4 reachable via ether2 distance=20 scope=40
target-scope=10 bgp-as-path="1234" bgp-weight=120 bgp-local-pref=150
bgp-med=130 bgp-origin=incomplete received-from=peer2
3 Db dst-address=2.2.2.2/32 gateway=35.35.35.3
gateway-status=35.35.35.3 reachable via ether1 distance=20 scope=40
target-scope=10 bgp-as-path="1234" bgp-weight=80 bgp-local-pref=90
bgp-med=70 bgp-origin=incomplete received-from=peer1
-- [Q quit|D dump|down]
Sudah terlihat bahwa informasi yang didapat sudah diubah nilai atributnya, yang nilainya paling besar akan dipilih sebagai jalur utama untuk menuju rute tersebut, sedangkan yang lainnya merupakan cadangan.
Konfigurasi AS 78 (R7, R8, R9, R10)
Pada AS ini terdapat 4 Router, dua Router sebagai Route Reflector server yang bersifat Redudant, pada AS ini juga terhubung dengan salah satu AS dengan dua jalur yang berbeda (Multihoming), kita juga akan melakukan filter terhadap informasi dari kedua jalur tersebut untuk mengubah nilai atribut BGP.IP Address
Berikan terlebih dahulu alamat IP pada setiap interface RouterR7
/interface bridge add name=lo0 /ip address add address=27.27.27.7/24 interface=ether1 network=27.27.27.0 add address=71.71.71.7/24 interface=ether2 network=71.71.71.0 add address=79.79.79.7/24 interface=ether3 network=79.79.79.0 add address=78.78.78.7/24 interface=ether4 network=78.78.78.0 add address=7.7.7.7 interface=lo0 network=7.7.7.7
R8
/interface bridge add name=lo0 /ip address add address=78.78.78.8/24 interface=ether4 network=78.78.78.0 add address=18.18.18.8/24 interface=ether1 network=18.18.18.0 add address=81.81.81.8/24 interface=ether2 network=81.81.81.0 add address=89.89.89.8/24 interface=ether3 network=89.89.89.0 add address=8.8.8.8 interface=lo0 network=8.8.8.8
R9
/interface bridge add name=lo0 /ip address add address=79.79.79.9/24 interface=ether1 network=79.79.79.0 add address=89.89.89.9/24 interface=ether2 network=89.89.89.0 add address=90.90.90.90 interface=lo0 network=90.90.90.90
R10
/interface bridge add name=lo0 /ip address add address=81.81.81.10/24 interface=ether2 network=81.81.81.0 add address=71.71.71.10/24 interface=ether1 network=71.71.71.0 add address=100.100.100.100 interface=lo0 network=100.100.100.100
Konfigurasi BGP
R7
/routing bgp instance
set default disabled=yes
add as=78 cluster-id=7.7.7.7 name=lab-bgp out-filter=bgp-out \
redistribute-connected=yes router-id=7.7.7.7
/routing bgp peer
add in-filter=bgp-in-attr instance=lab-bgp name=peer1 remote-address=\
27.27.27.2 remote-as=1234
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
71.71.71.10 remote-as=78 route-reflect=yes
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 remote-address=\
79.79.79.9 remote-as=78 route-reflect=yes
add in-filter=bgp-in-filter instance=lab-bgp name=peer4 remote-address=\
78.78.78.8 remote-as=78
R8
/routing bgp instance
set default disabled=yes
add as=78 cluster-id=8.8.8.8 name=lab-bgp out-filter=bgp-out \
redistribute-connected=yes router-id=8.8.8.8
/routing bgp peer
add in-filter=bgp-in-attr instance=lab-bgp name=peer1 remote-address=\
18.18.18.1 remote-as=1234
add in-filter=bgp-in-filter instance=lab-bgp name=peer2 remote-address=\
78.78.78.7 remote-as=78
add in-filter=bgp-in-filter instance=lab-bgp name=peer3 remote-address=\
81.81.81.10 remote-as=78 route-reflect=yes
add in-filter=bgp-in-filter instance=lab-bgp name=peer4 remote-address=\
89.89.89.9 remote-as=78 route-reflect=yes
R9
/routing bgp instance
set default disabled=yes
add as=78 name=lab-bgp out-filter=bgp-out redistribute-connected=yes \
router-id=9.9.9.9
/routing bgp peer
add in-filter=bgp-in-scope instance=lab-bgp name=peer1 out-filter=bgp-out \
remote-address=79.79.79.7 remote-as=78
add in-filter=bgp-in-scope instance=lab-bgp name=peer2 out-filter=bgp-out \
remote-address=89.89.89.8 remote-as=78
R10
/routing bgp instance
set default disabled=yes
add as=78 name=lab-bgp out-filter=bgp-out redistribute-connected=yes \
router-id=10.10.10.10
/routing bgp peer
add in-filter=bgp-in-scope instance=lab-bgp name=peer1 remote-address=\
71.71.71.7 remote-as=78
add in-filter=bgp-in-scope instance=lab-bgp name=peer2 remote-address=\
81.81.81.8 remote-as=78
Filtering
Informasi yang masuk dari R7 akan diset local-pref, med, weight dengan nilai 100, sedangkan yang masuk dari R8 akan di set dengan nilai 120. untuk R9 dan R10 hanya akan mengubah nilai scope dan target scope.R7
/routing filter
add chain=bgp-in-filter set-scope=10 set-target-scope=100
add chain=bgp-in-attr set-bgp-local-pref=100 set-bgp-med=100 set-bgp-weight=\
100
add action=discard chain=bgp-in-filter prefix=27.27.27.0/24
add action=discard chain=bgp-in-filter prefix=71.71.71.0/24
add action=discard chain=bgp-in-filter prefix=79.79.79.0/24
add action=discard chain=bgp-in-filter prefix=78.78.78.0/24
add action=discard chain=bgp-in-filter prefix=7.7.7.7
R8
/routing filter
add action=discard chain=bgp-in-filter prefix=78.78.78.0/24
add action=discard chain=bgp-in-filter prefix=18.18.18.0/24
add action=discard chain=bgp-in-filter prefix=81.81.81.0/24
add action=discard chain=bgp-in-filter prefix=89.89.89.0/24
add chain=bgp-in-filter set-scope=20 set-target-scope=40
add chain=bgp-in-attr set-bgp-local-pref=120 set-bgp-med=120 set-bgp-weight=\
120
R9
/routing filter add chain=bgp-in-scope set-scope=20 set-target-scope=40
/routing filter add chain=bgp-in-scope set-scope=20 set-target-scope=40Setelah semuanya selesai coba kita lihat Routing table salah satu Router.
[admin@R10] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=1.1.1.1/32 gateway=18.18.18.1
gateway-status=18.18.18.1 recursive via 81.81.81.8 ether2
distance=200 scope=20 target-scope=40 bgp-as-path="1234"
bgp-local-pref=120 bgp-med=120 bgp-origin=incomplete
received-from=peer2
1 Db dst-address=1.1.1.1/32 gateway=27.27.27.2
gateway-status=27.27.27.2 recursive via 71.71.71.7 ether1
distance=200 scope=20 target-scope=40 bgp-as-path="1234"
bgp-local-pref=100 bgp-med=100 bgp-origin=incomplete
received-from=peer1
2 ADb dst-address=2.2.2.2/32 gateway=18.18.18.1
gateway-status=18.18.18.1 recursive via 81.81.81.8 ether2
distance=200 scope=20 target-scope=40 bgp-as-path="1234"
bgp-local-pref=120 bgp-med=120 bgp-origin=incomplete
received-from=peer2
3 Db dst-address=2.2.2.2/32 gateway=27.27.27.2
gateway-status=27.27.27.2 recursive via 71.71.71.7 ether1
-- [Q quit|D dump|down]
Terlihat rute yang memiliki nilai atribut 120 akan dipilih sebagai jalur utama yang datangnya dari R8, sedangkan yang lainnya hanya sebagai cadangan saja. kita bisa cek jalur yang dilewati dengan traceroute dari ujung ke ujung
[admin@R10] > tool traceroute 60.60.60.60 # ADDRESS LOSS SENT LAST AVG BEST WORST 1 81.81.81.8 0% 39 1.8ms 2.1 0.8 22.8 2 18.18.18.1 0% 39 1.4ms 5.9 1.2 153.9 3 14.14.14.4 0% 39 12.2ms 3.7 2 21.5 4 45.45.45.5 0% 39 3.4ms 5.6 2.4 61.6 5 60.60.60.60 0% 39 4.5ms 5.4 2.7 20.2 -- [Q quit|D dump|C-z continue]
Komentar
Posting Komentar