• No results found

Lab Bgp Juniper

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lab Bgp Juniper"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Page 1 of 20 A. Introduction:

Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. Rollback = memanggil konfigurasi sebelumnya.

Command Line interface Review Exec mode:

--- Amnesiac (ttyd0) login: root Password:

--- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC root@% cli

root>

Configuration Mode: --- root> configure

Entering configuration mode [edit]

root#

Create User à root# set system login user lab class super-user authentication plain-text-password Check configuration à root# show | compare

root# commit check Save config and execute à root# commit

(save for 2 minutes only à root# commit confirmed 2 ) (backup config using name conf1 à root# save conf1)

Setting hostnamne à lab # set system host-nam e juniper-lab lab# commit

Rollback à lab# show | compare rollback 1

lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0)

Show configuration

Simple à lab# show or lab > show configuration

continuously à lab# show | no-more

match certain word à lab > show configuration | match interface find certain word and later à lab > show configuration | find interface set configuration à lab > show configuration | display set

show logging

log system à lab > show log messages

log with 100 lines latest à lab > show log messages | last 100 log hardware à lab > show log chassis

log user à lab > show system users Hierarchial configuration

Entering lab config à lab# edit system login user lab Entering upper config à lab# up

Entering top configuration à lab# top B. Initial System configuration

Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge terminal relative= copy paste config sebagian

lab# delete

This will delete the entire configuration

Delete everything under this level? [yes,no] (no) yes lab# load override terminal

copy paste configuration here finished using enter and ctrl+d keys lab# load merge terminal relative copy paste configuration here finished using enter and ctrl+d keys lab# commit check

lab# commit

lab# run show interfaces terse

Interface Admin Link Proto Local Remote dsc up up fxp0 up up fxp0.0 up up inet 192.168.1.123/24 fxp1 up up fxp1.1 up up inet 172.168.1.1/30 fxp1.2 up up inet 172.168.2.1/30 fxp2 up up fxp2.1 up up inet 172.168.1.2/30 fxp2.2 up up inet 172.168.2.2/30 fxp3 up up fxp4 up up fxp4.1 up up inet 10.10.10.1/30 Configure R1

lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 Configure R2

lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 Configure R3

lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 How to check

R1 to R2

lab# run ping 172.168.1.2 rapid count 1000 R2 to R1

lab# run ping 172.168.1.1 rapid count 1000 R2 to R3

lab# run ping 172.168.2.2 rapid count 1000 R3 to R2

lab# run ping 172.168.2.1 rapid count 1000

noted: assure that there isn’t connectivity between R1 and R3 C. Static Routing

(2)

Page 2 of 20 Routing permanent, manual, metric/preference=5, mengenal source dan gateway.

Key : next-hop: gateway untuk network. Configure R1

lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 Configure R3

lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 How to check on R1

lab# run ping 172.168.1.1 lab# run ping 172.168.2.2 lab# run show route E. OSPF Protocol

Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area

Configure R1

lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0

configure R2

lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.0 Configure R3

lab# set protocols ospf area 0 interface fxp0.0 how to check

lab# run show ospf interface lab# run show ospf neighbor lab# run show route

lab# run ping 172.168.1.2 (from R1) lab# run ping 172.168.1.1 (from R2) lab# run ping 172.168.2.2 (from R2) lab# run ping 172.168.2.1 (from R3) Applying authentication

R1

lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed

R2

lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router R2 à assure connection is failed R3

lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router Rx à assure connection is success Applying policy

R1

lab# set routing-options static route 10.10.1.0/24 reject lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject

lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export

lab# run show route protocol ospf à assure R3 receive route from R1

F. ISIS Protocol

Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2

R1

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface lo0.0 passive R2

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface fxp1.0 level 1 disable lab # set protocols isis interface lo0.0 passive R3

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface lo0.0 passive

(3)

Page 3 of 20 G. IBGP

AS number sama, routing table scalable, Multiservice.

R1

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 Lab # set protocols bgp group ibgp neighbor 192.168.1.3

Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure:

Lab # run show bgp summary

H. EBGP

AS number berbeda, routing table scalable, Multiservice.

R1

Lab # set routing-options autonomous-system 65001 Lab # set protocols bgp group ibgp peer-as 65002 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2

Lab # set routing-options autonomous-system 65002 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003

Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3

Lab # set routing-options autonomous-system 65003 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp peer-as 65002

Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure:

Lab # run show bgp summary

IBGP Route Reflection

Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Step:

1. IGP (ISIS) sudah ada

2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP

4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1

RR-JKT-1 RR-JKT-2 PE-JKT-4 RR-JKT-3 PE-SBY-1 PE-SMG-1 PE-MDN-1 em1/1 172.16.1.2/30 em1/1 172.16.1.1/30 em2/2 172.16.1.5/30 em2/2 172.16.1.6/30 em1/3 172.16.1.9/30 em2/3 172.16.1.10/30 em3/4 172.16.2.5/30 em1/4 172.16.2.6/30 em3/6 172.16.2.18/30 em1/6 172.16.2.17/30 em3/7 172.16.2.10/30 em2/7 172.16.2.9/30 em3/8 172.16.10.5/30 em1/8 172.16.10.6/30 em2/5 172.16.2.6/30 em2/5 172.16.2.5/30 em1/9 172.16.10.1/30 em2/9 172.16.10.2/30 PE-MDN-1 10.0.3.1 RR-JKT-1 10.0.3.2 RR-JKT-2 10.0.3.3 RR-JKT-3 10.0.3.4 PE-JKT-4 10.0.6.6 PE-SBY-1 10.0.6.7 PE-SMG-1 10.0.6.8 Cluster 0.0.0.1 Cluster 0.0.0.2 Cluster 0.0.0.3 PE-MDN-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30;

(4)

Page 4 of 20 } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65212; } protocols { bgp { export static; group cluster-0001 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.2; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.3; } group RR { type internal; local-address 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable;

(5)

Page 5 of 20 } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.3; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.2; } group RR { type internal; multihop; local-address 10.0.3.3; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } }

(6)

Page 6 of 20 lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.3.4; cluster 0.0.0.2; neighbor 10.0.6.7; } group RR { type internal; multihop; local-address 10.0.3.4; neighbor 10.0.3.2; neighbor 10.0.6.6; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.6; cluster 0.0.0.3; neighbor 10.0.6.8; } group RR { type internal; multihop; local-address 10.0.6.6; neighbor 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

(7)

Page 7 of 20 PE-SBY-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SMG-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

IBGP Confideration

Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. Step:

1. IGP sudah ada (ISIS)

2. Tentukan AS primary misal 65212 3. Tentukan AS confideration ditiap domain 4. Dalam satu domain harus menggunakan IBGP

(8)

Page 8 of 20 6. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1

PE-MDN-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } }

(9)

Page 9 of 20 em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.2; neighbor 10.0.3.1; neighbor 10.0.3.3; } group 65212 { type external; multihop; local-address 10.0.3.2; neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 65003 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.3; neighbor 10.0.3.1; neighbor 10.0.3.2; } group 65212 { type external; multihop; local-address 10.0.3.3;

(10)

Page 10 of 20 neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65001 65002 65000 ]; } protocols { bgp { group 65002 { type internal; neighbor 10.0.6.7; } group 65212 { type external; multihop; local-address 10.0.3.4; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.6.6 { peer-as 65001; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet {

(11)

Page 11 of 20 address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.6; neighbor 10.0.6.8; } group 65212 { type external; multihop; local-address 10.0.6.6; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SBY-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } }

(12)

Page 12 of 20 } PE-SMG-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

Untuk memastikan gunakan

show bgp summary  melihat summary bgp

show route receive-protocol bgp (neighbor)  melihat route bgp yang diterima dari peer neighbornya

show route protocol bgp  melihat semua route bgp

Export-import BGP

Export BGP  policy disisi outbound  trafik keluar contoh : advertise route via BGP root@PE-SBY-1# show policy-options

policy-statement bgp-export { from protocol static; then accept; }

root@PE-SBY-1# show protocols bgp { group cluster-0002 { type internal; local-address 10.0.6.7; export bgp-export; neighbor 10.0.3.4; } }

Import BGP  policy disisi inbound trafik datang contoh: bloking prefix, as path policy-statement bgp-import { term 1 { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then reject; } term last { then accept;

(13)

Page 13 of 20 } } group RR { type internal; local-address 10.0.3.2; import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; } } Install Community bgp

Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24

root@PE-SMG-1# show policy-options policy-statement community { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then { community add c-65111:200; accept; } } community c-65111:200 members 65111:200; untuk memastikan :

how route advertising-protocol bgp (neighbor) extensive

Case:

Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er

PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer.

Customer r1 r2 c1 c2 p1 fxp1.1/1 172.168.1.1/30 fxp2.1/1 172.168.1.2/30 fxp2.2/2 172.168.1.6/30 fxp1.2/2 172.168.1.5/30 fxp3.3/3 172.168.1.9/30 fxp2.3/3 172.168.1.10/30 fxp1.4/4 172.168.2.2/30 fxp2.4/4 172.168.2.1/30 fxp3.5/5 172.168.3.5/30 172.168.3.6/30fxp4.5/5 r1 lo0.1 192.168.1.1 r2 lo0.2 192.168.1.2 c1 lo0.3 192.168.1.3 c2 lo0.4192.168.1.4 p1 lo0.5 192.168.1.5 t1 lo0.6 10.10.10.1 AS 1945 AS 1982 AS 2009 t1 fxp1.6/6 172.168.4.1/30 Fxp2.6/6 172.168.4.2/30 Fxp4.7/7 172.168.4.5/30 Fxp3.7/7 172.168.4.6/30 AS 1946

Load balance EBGP ada 2:

1. Multihop based on local address 2. Multipath  based on Link layer Case:

Load balance antara r2 dng p1 Step1

konfigurasi static route between r2 and p1

pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options

policy-statement load-balance { then {

load-balance per-packet; }

}

lab# show routing-options static {

route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; }

autonomous-system 2009;

(14)

Pa g e 14 of 20

export load-balance;

}

Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance lab# run show route

192.168.1.5/32 *[Static/5] 00:23:52 to 172.168.2.1 via fxp1.4

 to 172.168.3.6 via fxp3.5

lab# run show route forwarding-table

192.168.1.5/32 user 1 ulst 131070 2 172.168.2.1 ucst 495 2 fxp1.4 172.168.3.6 ucst 490 2 fxp3.5

Step 2

Konfigurasi multihop di P1 dan r2 Di P1

lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } Di r2

lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } Untuk verifikasi:

lab# run show bgp neighbor 192.168.1.5 logical-router r2 Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Type: External State: Established Flags: <ImportEval Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None

Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh>

Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Number of flaps: 0

Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0

NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001

RIB State: BGP restart is complete Send state: in sync

Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0

Last traffic (seconds): Received 23 Sent 23 Checked 23

Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 23 Updates 0 Refreshes 0 Octets 463

Output Queue[0]: 0

Load balance antara r1 dng c1 dan c2 Konfigurasi di c1

lab# show protocols bgp group 1945 { type external; neighbor 172.168.1.9 { peer-as 2009; } } Konfigurasi di c2 lab# show protocols bgp group external { type external; neighbor 172.168.1.6 { peer-as 2009; } }

Konfigurasi di r1 dng menggunakan multipath lab# show protocols bgp

group external { type external; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } }

lab# run show bgp neighbor 172.168.1.5

Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 Type: External State: Established Flags: <Sync>

Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None

Options: <Preference HoldTime PeerAS Multipath Refresh>

Holdtime: 90 Preference: 170 Number of flaps: 0

Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 1

Local Interface: fxp2.2 NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001

RIB State: BGP restart is complete Send state: in sync

Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0

Last traffic (seconds): Received 10 Sent 10 Checked 10 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121

(15)

Pa g e 15 of 20 Modifiying BGP attribute

Case:

1. advertise IP loopback c1 shg p1 bisa ping ip tersebut di c1

lab# show policy-options

policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } }

lab# show protocols bgp group 1945 { type external; export loopback; neighbor 172.168.1.9 { peer-as 2009; } }

I. Logical Router

vlan

 Sub interface dari interface

Configure logical router R1  lab@lab # set logical-routers R1 Entering config logical-router  lab@lab # edit logical-routers r1

For example on OSPF configuration Protocol OSPF

Configure R1

lab# top edit logical-routers R1

lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 lab# set protocols ospf area 0 interface fxp0.0

lab# set protocols ospf area 0 interface lo0.0 passive

configure R2

lab# top edit logical-routers R2

lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0

lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor

lab # run show ospf interface

BGP attribute ---

Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh

lab# run show route protocol bgp terse

inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Origin bisa dimanipulasi menjadi incomplete, egp dll

(16)

Pa g e 16 of 20 Di c2 --- policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin incomplete; accept; } } term 2 { then reject; } }

Untuk mengubah ke egp spt dibawah ini: policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin egp; accept; } } term 2 { then reject; } }

Hasilnya bisa dilihat di r1

lab# run show route protocol bgp terse logical-router r1 inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I As-path

Jalur yang telah dipilih oleh suatu route didalam BGP Di c2 policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { as-path-prepend "1947 1947"; accept; } } term 2 { then reject; } }

lab# run show route protocol bgp terse logical-router r1

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I

* 172.168.3.4/30 B 170 100 >172.168.1.2 I Pastikan jalur route sudah benar melalui c1 dari p1 lab# run traceroute 10.10.10.1

traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms Next-hop

IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator ) 

EBGP – EBGP EBGP – IBGP IBGP – IBGP

Local preference  hanya terjadi di IBGP

Contoh ubah local preference untuk route 10.10.10.1 di local as policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } then accept; } term 3 { from {

(17)

Pa g e 17 of 20 protocol bgp; route-filter 10.10.10.1/32 exact; } then { local-preference 150; } } then accept; } Untuk verifikasi

lab# run show route 10.10.10.1 detail

inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) 10.10.10.1/32 (1 entry, 1 announced)

*BGP Preference: 170/-151 Next-hop reference count: 17 Source: 192.168.1.1

Next hop: 172.168.1.1 via fxp2.1, selected Protocol next hop: 192.168.1.1

Indirect next hop: 8683198 131072 State: <Active Int Ext>

Local AS: 2009 Peer AS: 2009 Age: 1:28 Metric2: 1

Task: BGP_2009.192.168.1.1+179

Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 AS path: 1946 I

Localpref: 150 Router ID: 192.168.1.1 Multiple Exit Discriminator ---

Community route yang telah di tag misal 65000:1100

Lampiran Di r1 interfaces { fxp1 { unit 1 { vlan-id 1; family inet { address 172.168.1.1/30; } } } fxp2 { unit 2 { vlan-id 2; family inet { address 172.168.1.6/30; } } } fxp3 { unit 3 { vlan-id 3; family inet { address 172.168.1.9/30; } } } lo0 { unit 1 { family inet { address 192.168.1.1/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.1; export resolve; neighbor 192.168.1.2; } group external { type external; export direct; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } } ospf { area 0.0.0.0 { interface fxp1.1; interface lo0.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.1.0/30 exact; } then accept; } term 2 { from { protocol bgp; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } }

(18)

Pa g e 18 of 20 policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } } then accept; } } routing-options { autonomous-system 2009; } Di r2 interfaces { fxp1 { unit 4 { vlan-id 4; family inet { address 172.168.2.2/30; } } } fxp2 { unit 1 { vlan-id 1; family inet { address 172.168.1.2/30; } } } fxp3 { unit 5 { vlan-id 5; family inet { address 172.168.3.5/30; } } } lo0 { unit 2 { family inet { address 192.168.1.2/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.2; export direct; neighbor 192.168.1.1; } group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } } ospf { area 0.0.0.0 { interface lo0.2; interface fxp2.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } } policy-statement load-balance { then { load-balance per-packet; } } } routing-options { static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { export load-balance; } } Di p1 interfaces { fxp2 { unit 4 { vlan-id 4; family inet { address 172.168.2.1/30; } } } fxp4 { unit 5 {

(19)

Pa g e 19 of 20 vlan-id 5; family inet { address 172.168.3.6/30; } } } lo0 { unit 5 { family inet { address 192.168.1.5/32; } } } } protocols { bgp { group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } } } routing-options { static { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; } autonomous-system 1982; } Di c1 interfaces { fxp1 { unit 6 { vlan-id 6; family inet { address 172.168.4.1/30; } } } fxp4 { unit 3 { vlan-id 3; family inet { address 172.168.1.10/30; } } } lo0 { unit 3 { family inet { address 192.168.1.3/32; } } } } protocols { bgp { group external { type external; neighbor 172.168.1.9 { peer-as 2009; } neighbor 172.168.4.2 { peer-as 1946; } } } } policy-options { policy-statement static { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } } routing-options { autonomous-system 1945; } Di c2 interfaces { fxp1 { unit 2 { vlan-id 2; family inet { address 172.168.1.5/30; } } } fxp2 { unit 6 { vlan-id 6; family inet { address 172.168.4.2/30; } } } fxp3 { unit 7 { vlan-id 7; family inet { address 172.168.4.6/30; } } } lo0 { unit 4 { family inet {

(20)

Pa g e 20 of 20 address 192.168.1.4/32; } } } } protocols { bgp { group external { type external; export static; neighbor 172.168.1.6 { peer-as 2009; } } group 1945 { type external; export static1; neighbor 172.168.4.1 { peer-as 1945; } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; } interfaces { fxp4 { unit 7 { vlan-id 7; family inet { address 172.168.4.5/30; } } } lo0 { unit 6 { family inet { address 10.10.10.1/32; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.168.4.6; } }

References

Download now ( PDF - 20 Page - 226.87 KB )

Related documents

Transforming Parking Garages Into Affordable Housing

This built project also provides as a precedent an additional possibility of building on top of existing parking garages to increase density of residential units on site, which

HALF HOLLOW HILLS HIGH SCHOOL WEST

 Student Insights is sponsoring this scholarship program which is offering $6,000 in scholarships to high school seniors who plan to attend a four-year college,

On generalization of ⊕-cofinitely supplemented modules

A module M is called ⊕-cofinitely radical supplemented (according to [8], generalized ⊕-cofinitely supplemented) if every cofinite submodule of M has a Rad-supplement that is a

Ion selectivity of graphene nanopores

Without the surface charge on the graphene membrane, the reversal potential and selectivity drop rapidly for pores larger than 1 nm, but the simulation including the surface

Cattle farmers’ preferences for Disease Free Zones: A choice experiment analysis in Kenya

A relative ranking of the attributes on the basis of the WTP values shows farmers’ order of preferences as: training; market information and contract;

UL SYSTEM PRESENTATION UNIVERSITY OF LOUISIANA AT LAFAYETTE RAMESH KOLLURU AUGUST 22, 2014

• Incentivize federal R&amp;D expenditures; • Research Salary Incentive Program; • Enhance industry R&amp;D funding.  Goal: Stimulate and support 10 spin-offs and

Statistics, Big Data and Data Science!?

But the benefit to the data analyst has been limited, because the knowledge among computer scien4sts about how to think of and approach the analysis of data is limited, just as

MODERN APPRENTICESHIP

• meet the needs of the employer and apprentice. A sample Training Plan is provided at Appendix 3 of this document, however, for those Modern Apprentices funded by SDS area office