Topologi
Materi
- OSPF
- BGP
- Route Reflector
- EoIP
- VLAN
- PPPoE
- Recrusive Gateway
Tujuan
Menghubungkan semua Router. Keempat Router ditengah menggunakan OSPF untuk mengenali satu sama lain kemudian empat Router itu kita buat tunnel EoIP sehingga seperti membentuk Switch, tiap empat Router memiliki dua cabang Router, kedua Router tersebut dipisahkan dengan VLAN, dua Router cabang tersebut terhubung dengan PPPoE server yaitu Router R1, Antar Router yang terhubung dengan PPPoE pada R1 bertukar informasi menggunakan BGP.
OSPF Backbone
Kita konfigurasi 4 Router yang berada di tengah untuk membuat loopback interface kemudian EoIP tunnel sehingga seperti membentuk SwitchIP Address
R1
/interface bridge add name=lo0 /ip address add address=13.13.13.1/24 interface=ether1 network=13.13.13.0 add address=14.14.14.1/24 interface=ether2 network=14.14.14.0 add address=1.1.1.1 interface=lo0 network=1.1.1.1
R2
/interface bridge add name=lo0 /ip address add address=23.23.23.2/24 interface=ether1 network=23.23.23.0 add address=24.24.24.2/24 interface=ether2 network=24.24.24.0 add address=2.2.2.2 interface=lo0 network=2.2.2.2
R3
/interface bridge add name=lo0 /ip address add address=13.13.13.3/24 interface=ether1 network=13.13.13.0 add address=23.23.23.3/24 interface=ether2 network=23.23.23.0 add address=3.3.3.3 interface=lo0 network=3.3.3.3
R4
/interface bridge add name=lo0 /ip address add address=24.24.24.4/24 interface=ether1 network=24.24.24.0 add address=14.14.14.4/24 interface=ether2 network=14.14.14.0 add address=4.4.4.4 interface=lo0 network=4.4.4.4
Konfigurasi OSPF
R1
//routing ospf instance
set [ find default=yes ] redistribute-bgp=as-type-2 redistribute-connected=\
as-type-2 router-id=1.1.1.1
/routing ospf network
add area=backbone network=13.13.13.0/24
add area=backbone network=14.14.14.0/24
add area=backbone network=1.1.1.1/32
R2
/routing ospf instance set [ find default=yes ] router-id=2.2.2.2 /routing ospf network add area=backbone network=23.23.23.0/24 add area=backbone network=24.24.24.0/24 add area=backbone network=2.2.2.2/32
R3
/routing ospf instance set [ find default=yes ] router-id=3.3.3.3 /routing ospf network add area=backbone network=13.13.13.0/24 add area=backbone network=23.23.23.0/24 add area=backbone network=3.3.3.3/32
R4
/routing ospf instance set [ find default=yes ] router-id=4.4.4.4 /routing ospf network add area=backbone network=24.24.24.0/24 add area=backbone network=14.14.14.0/24 add area=backbone network=4.4.4.4/32
EoIP Tunnel
Buat EoIP tunnel antar Router hingga membentuk 4 tunnel yang saling terhubung antar RouterR1
/interface eoip
add !keepalive mac-address=FE:DD:81:B2:61:7E name=to-r3 remote-address=\
3.3.3.3 tunnel-id=13
add !keepalive mac-address=FE:D3:CD:6A:7A:64 name=to-r4 remote-address=\
4.4.4.4 tunnel-id=14
R2
/interface eoip
add !keepalive mac-address=FE:41:CC:85:C5:31 name=to-r3 remote-address=\
3.3.3.3 tunnel-id=23
add !keepalive mac-address=FE:06:1A:EF:72:F8 name=to-r4 remote-address=\
4.4.4.4 tunnel-id=24
R3
/interface eoip
add !keepalive mac-address=FE:01:7C:D1:0F:24 name=to-r1 remote-address=\
1.1.1.1 tunnel-id=13
add !keepalive mac-address=FE:C5:C2:39:0E:98 name=to-r2 remote-address=\
2.2.2.2 tunnel-id=23
R4
/interface eoip
add !keepalive mac-address=FE:C2:9D:9E:4F:C9 name=to-r1 remote-address=\
1.1.1.1 tunnel-id=14
add !keepalive mac-address=FE:B1:3D:13:EA:94 name=to-r2 remote-address=\
2.2.2.2 tunnel-id=24
VLAN Interface
R1
/interface vlan add interface=to-r3 l2mtu=65531 name=vlan10 vlan-id=10 add interface=to-r4 l2mtu=65531 name=vlan10-r4 vlan-id=10 add interface=to-r3 l2mtu=65531 name=vlan20 vlan-id=20 add interface=to-r4 l2mtu=65531 name=vlan20-r4 vlan-id=20
R2
/interface vlan add interface=to-r3 l2mtu=65531 name=vlan10-r3tr vlan-id=10 add interface=to-r4 l2mtu=65531 name=vlan10-r4tr vlan-id=10 add interface=to-r3 l2mtu=65531 name=vlan20-r3tr vlan-id=20 add interface=to-r4 l2mtu=65531 name=vlan20-r4tr vlan-id=20
R3
/interface vlan add interface=to-r1 l2mtu=65531 name=vlan10-r1tr vlan-id=10 add interface=to-r2 l2mtu=65531 name=vlan10-r2tr vlan-id=10 add interface=to-r1 l2mtu=65531 name=vlan20-r1tr vlan-id=20 add interface=to-r2 l2mtu=65531 name=vlan20-r2tr vlan-id=20
R4
/interface vlan add interface=to-r1 l2mtu=65531 name=vlan10-r1tr vlan-id=10 add interface=to-r2 l2mtu=65531 name=vlan10-r2tr vlan-id=10 add interface=to-r1 l2mtu=65531 name=vlan20-r1tr vlan-id=20 add interface=to-r2 l2mtu=65531 name=vlan20-r2tr vlan-id=20
Bridging
Bridge antara interface fisik dengan Interface VLANR1
/interface bridge add name=vlan10-br add name=vlan20-br /interface bridge port add bridge=vlan10-br interface=ether3 add bridge=vlan10-br interface=vlan10 add bridge=vlan10-br interface=vlan10-r4 add bridge=vlan20-br interface=ether4 add bridge=vlan20-br interface=vlan20 add bridge=vlan20-br interface=vlan20-r4
R2
/interface bridge add name=vlan10-br add name=vlan20-br /interface bridge port add bridge=vlan10-br interface=ether3 add bridge=vlan10-br interface=vlan10-r3tr add bridge=vlan10-br interface=vlan10-r4tr add bridge=vlan20-br interface=ether4 add bridge=vlan20-br interface=vlan20-r3tr add bridge=vlan20-br interface=vlan20-r4tr
R3
/interface bridge add name=vlan10-br add name=vlan20-br /interface bridge port add bridge=vlan10-br interface=ether3 add bridge=vlan10-br interface=vlan10-r1tr add bridge=vlan10-br interface=vlan10-r2tr add bridge=vlan20-br interface=ether4 add bridge=vlan20-br interface=vlan20-r1tr add bridge=vlan20-br interface=vlan20-r2tr
R4
/interface bridge add name=vlan10-br add name=vlan20-br /interface bridge port add bridge=vlan10-br interface=ether3 add bridge=vlan10-br interface=vlan10-r1tr add bridge=vlan10-br interface=vlan10-r2tr add bridge=vlan20-br interface=ether4 add bridge=vlan20-br interface=vlan20-r1tr add bridge=vlan20-br interface=vlan20-r2tr
PPPoE
Router R1 akan menjadi PPPoE server untuk PPPoE client Router, pertama berikan alamat IP pada setiap Interface bridge VLANR1
/ip address add address=10.10.10.1/24 interface=vlan10-br network=10.10.10.0 add address=20.20.20.1/24 interface=vlan20-br network=20.20.20.0Konfigurasi IP Pool
/ip pool add name=pppoe-vlan10 ranges=10.10.10.10-10.10.10.100 add name=pppoe-vlan20 ranges=20.20.20.20-20.20.20.120Konfigurasi username dan password yang akan digunakan PPPoE client untuk terhubung dengan Server
/ppp profile
add local-address=10.10.10.1 name=vlan10-prof remote-address=pppoe-vlan10 \
use-encryption=yes
add
add local-address=20.20.20.1 name=vlan20-prof remote-address=pppoe-vlan20 \
use-encryption=yes
/ppp secret
add name=vlan10 password=vlan10 profile=vlan10-prof service=pppoe
add name=vlan20 password=vlan20 profile=vlan20-prof service=pppoe
Barulah aktifkan PPPoE server pada R1 ini
/interface pppoe-server server
add default-profile=vlan10-prof disabled=no interface=vlan10-br service-name=\
vlan10-pppoe
add default-profile=vlan20-prof disabled=no interface=vlan20-br service-name=\
vlan20-pppoe
BGP & PPPoE Client
Setelah PPPoE server selesai sekarang kita konfigurasi BGP dan PPPoE clientPPPoE Client
Dua Router yang terhubung pada setiap 4 Router ditengah akan kita konfigurasi sebagai PPPoE client untuk terhubung langsung dengan R1R5
/interface bridge
add name=lo0
/ip address
add address=5.5.5.5 interface=lo0 network=5.5.5.5
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1 password=vlan20 \
service-name=vlan20-pppoe user=vlan20
R6
/interface bridge add name=lo0 /ip address add address=6.6.6.6 interface=lo0 network=6.6.6.6 /interface pppoe-client add disabled=no interface=ether1 name=pppoe-out1 password=vlan10 user=vlan10
R7
/interface bridge add name=lo0 /ip address add address=7.7.7.7 interface=lo0 network=7.7.7.7 /interface pppoe-client add disabled=no interface=ether1 name=vlan10 password=vlan10 user=vlan10
R8
/interface bridge add name=lo0 /ip address add address=8.8.8.8 interface=lo0 network=8.8.8.8 /interface pppoe-client add disabled=no interface=ether1 name=vlan10 password=vlan20 user=vlan20
R9
/interface bridge add name=lo0 /ip address add address=9.9.9.9 interface=lo0 network=9.9.9.9 /interface pppoe-client add disabled=no interface=ether1 name=vlan10 password=vlan10 user=vlan10
R10
/interface bridge add name=lo0 /ip address add address=10.10.10.10 interface=lo0 network=10.10.10.10 /interface pppoe-client add disabled=no interface=ether1 name=vlan20 password=vlan20 user=vlan20
R11
/interface bridge add name=lo0 /ip address add address=11.11.11.11 interface=lo0 network=11.11.11.11 /interface pppoe-client add disabled=no interface=ether1 name=vlan10 password=vlan10 user=vlan10
R12
/interface bridge add name=lo0 /ip address add address=12.12.12.12 interface=lo0 network=12.12.12.12 /interface pppoe-client add disabled=no interface=ether1 name=vlan20 password=vlan20 user=vlan20
BGP
R1
Router ini akan menjadi Route Reflector Server dan akan melakukan peering pada Router yang ada di pinggir, selain itu Router ini juga akan melakukan Redistribute dari BGP ke OSPF./routing bgp instance
set default as=1 redistribute-connected=yes redistribute-ospf=yes router-id=\
1.1.1.1
/routing bgp peer
add name=peer1 remote-address=20.20.20.120 remote-as=1 route-reflect=yes
add name=peer2 remote-address=20.20.20.119 remote-as=1 route-reflect=yes
add name=peer3 remote-address=10.10.10.100 remote-as=1 route-reflect=yes
add name=peer4 remote-address=20.20.20.118 remote-as=1 route-reflect=yes
add name=peer5 remote-address=10.10.10.99 remote-as=1 route-reflect=yes
add name=peer6 remote-address=10.10.10.98 remote-as=1 route-reflect=yes
add name=peer7 remote-address=20.20.20.117 remote-as=1 route-reflect=yes
add name=peer8 remote-address=10.10.10.97 remote-as=1 route-reflect=yes
Note alamat IP yang didapatkan dapat berbeda beda karena bersifat dynamic, alamat IP remote-address diatas dapat diganti sesuai alamat IP yang anda dapat, untuk memastikannya kita lihat PPPoE server pada R1 ini
[admin@R1] > ppp active print Flags: R - radius # NAME SERVICE CALLER-ID ADDRESS UPTIME ENCODING 0 vlan20 pppoe 00:51:DE:68:4F:00 20.20.20.120 3h35m6s 1 vlan10 pppoe 00:51:DE:3C:00:00 10.10.10.100 3h33m2s 2 vlan10 pppoe 00:51:DE:A0:A1:00 10.10.10.99 3h30m45s 3 vlan20 pppoe 00:51:DE:5D:38:00 20.20.20.119 3h30m44s 4 vlan10 pppoe 00:51:DE:3C:0F:00 10.10.10.98 3h27m43s 5 vlan20 pppoe 00:51:DE:87:90:00 20.20.20.118 3h25m15s 6 vlan10 pppoe 00:51:DE:5A:23:00 10.10.10.97 3h21m21s 7 vlan20 pppoe 00:51:DE:B6:AF:00 20.20.20.117 3h18m42s
R5, R8, R10, R12 (VLAN 20)
Konfigurasi BGP Peering untuk Router yang berada di VLAN 20/routing bgp instance
set default as=1 redistribute-connected=yes router-id=5.5.5.5
/routing bgp peer
add in-filter=bgp-in-filter name=peer1 remote-address=20.20.20.1 remote-as=1
Note : Ganti Router ID dengan nomor Router masing-masing, misalnya pada R10 diganti menjadi 10.10.10.10
R6, R7, R9, R11 (VLAN 10)
Konfigurasi BGP Peering untuk Router yang berada di VLAN 10/routing bgp instance
set default as=1 redistribute-connected=yes router-id=6.6.6.6
/routing bgp peer
add in-filter=bgp-in-filter name=peer1 remote-address=10.10.10.1 remote-as=1
Filtering
Berikut ini adalah perintah untuk memfilter informasi yang masuk untuk memodifikasi nilai scope dan target scope./routing filter add chain=bgp-in-filter set-scope=10 set-target-scope=20
Konfirmasi
Lihatlah Routing table pada beberapa Router untuk membuktikan apakah konfigurasi sudah berhasil atau belum[admin@R6] > ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADb 1.1.1.1/32 10.10.10.1 200 1 ADb 2.2.2.2/32 10.10.10.1 200 2 ADb 3.3.3.3/32 10.10.10.1 200 3 ADb 4.4.4.4/32 10.10.10.1 200 4 ADb 5.5.5.5/32 20.20.20.120 200 5 ADC 6.6.6.6/32 6.6.6.6 lo0 0 6 ADb 7.7.7.7/32 10.10.10.99 200 7 ADb 8.8.8.8/32 20.20.20.119 200 8 ADb 9.9.9.9/32 10.10.10.98 200 9 ADb 10.10.10.0/24 10.10.10.1 200 10 ADC 10.10.10.1/32 10.10.10.100 pppoe-out1 0 11 ADb 10.10.10.10/32 20.20.20.118 200 12 ADb 10.10.10.97/32 10.10.10.1 200 13 ADb 10.10.10.98/32 10.10.10.1 200 14 ADb 10.10.10.99/32 10.10.10.1 200 15 ADb 10.10.10.100/32 10.10.10.1 200 16 ADb 11.11.11.11/32 10.10.10.97 200 17 ADb 12.12.12.12/32 20.20.20.117 200 18 ADb 13.13.13.0/24 10.10.10.1 200 19 ADb 14.14.14.0/24 10.10.10.1 200 20 ADb 20.20.20.0/24 10.10.10.1 200 21 ADb 20.20.20.1/32 20.20.20.120 200 22 ADb 20.20.20.117/32 10.10.10.1 200 23 ADb 20.20.20.118/32 10.10.10.1 200 24 ADb 20.20.20.119/32 10.10.10.1 200 25 ADb 20.20.20.120/32 10.10.10.1 200 26 ADb 23.23.23.0/24 10.10.10.1 200 27 ADb 24.24.24.0/24 10.10.10.1 200
[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADo 1.1.1.1/32 24.24.24.4 110
23.23.23.3
1 ADC 2.2.2.2/32 2.2.2.2 lo0 0
2 ADo 3.3.3.3/32 23.23.23.3 110
3 ADo 4.4.4.4/32 24.24.24.4 110
4 ADo 5.5.5.5/32 24.24.24.4 110
23.23.23.3
5 ADo 6.6.6.6/32 24.24.24.4 110
23.23.23.3
6 ADo 7.7.7.7/32 24.24.24.4 110
23.23.23.3
7 ADo 8.8.8.8/32 24.24.24.4 110
23.23.23.3
8 ADo 9.9.9.9/32 24.24.24.4 110
23.23.23.3
9 ADo 10.10.10.0/24 24.24.24.4 110
23.23.23.3
10 ADo 10.10.10.1/32 24.24.24.4 110
23.23.23.3
11 ADo 10.10.10.10/32 24.24.24.4 110
23.23.23.3
12 ADo 10.10.10.97/32 24.24.24.4 110
23.23.23.3
13 ADo 10.10.10.98/32 24.24.24.4 110
23.23.23.3
14 ADo 10.10.10.99/32 24.24.24.4 110
23.23.23.3
15 ADo 10.10.10.100/32 24.24.24.4 110
23.23.23.3
16 ADo 11.11.11.11/32 24.24.24.4 110
23.23.23.3
17 ADo 12.12.12.12/32 24.24.24.4 110
23.23.23.3
18 ADo 13.13.13.0/24 23.23.23.3 110
19 ADo 14.14.14.0/24 24.24.24.4 110
20 ADo 20.20.20.0/24 24.24.24.4 110
23.23.23.3
21 ADo 20.20.20.1/32 24.24.24.4 110
23.23.23.3
22 ADo 20.20.20.117/32 24.24.24.4 110
23.23.23.3
23 ADo 20.20.20.118/32 24.24.24.4 110
23.23.23.3
24 ADo 20.20.20.119/32 24.24.24.4 110
23.23.23.3
25 ADo 20.20.20.120/32 24.24.24.4 110
23.23.23.3
26 ADC 23.23.23.0/24 23.23.23.2 ether1 0
27 ADC 24.24.24.0/24 24.24.24.2 ether2 0
Komentar
Posting Komentar