• No results found

Lab Bgp Juniper

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lab Bgp Juniper"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Page 1 of 20 A. Introduction:

Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. Rollback = memanggil konfigurasi sebelumnya.

Command Line interface Review Exec mode:

--- Amnesiac (ttyd0) login: root Password:

--- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC root@% cli

root>

Configuration Mode: --- root> configure

Entering configuration mode [edit]

root#

Create User à root# set system login user lab class super-user authentication plain-text-password Check configuration à root# show | compare

root# commit check Save config and execute à root# commit

(save for 2 minutes only à root# commit confirmed 2 ) (backup config using name conf1 à root# save conf1)

Setting hostnamne à lab # set system host-nam e juniper-lab lab# commit

Rollback à lab# show | compare rollback 1

lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0)

Show configuration

Simple à lab# show or lab > show configuration

continuously à lab# show | no-more

match certain word à lab > show configuration | match interface find certain word and later à lab > show configuration | find interface set configuration à lab > show configuration | display set

show logging

log system à lab > show log messages

log with 100 lines latest à lab > show log messages | last 100 log hardware à lab > show log chassis

log user à lab > show system users Hierarchial configuration

Entering lab config à lab# edit system login user lab Entering upper config à lab# up

Entering top configuration à lab# top B. Initial System configuration

Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge terminal relative= copy paste config sebagian

lab# delete

This will delete the entire configuration

Delete everything under this level? [yes,no] (no) yes lab# load override terminal

copy paste configuration here finished using enter and ctrl+d keys lab# load merge terminal relative copy paste configuration here finished using enter and ctrl+d keys lab# commit check

lab# commit

lab# run show interfaces terse

Interface Admin Link Proto Local Remote dsc up up fxp0 up up fxp0.0 up up inet 192.168.1.123/24 fxp1 up up fxp1.1 up up inet 172.168.1.1/30 fxp1.2 up up inet 172.168.2.1/30 fxp2 up up fxp2.1 up up inet 172.168.1.2/30 fxp2.2 up up inet 172.168.2.2/30 fxp3 up up fxp4 up up fxp4.1 up up inet 10.10.10.1/30 Configure R1

lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 Configure R2

lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 Configure R3

lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 How to check

R1 to R2

lab# run ping 172.168.1.2 rapid count 1000 R2 to R1

lab# run ping 172.168.1.1 rapid count 1000 R2 to R3

lab# run ping 172.168.2.2 rapid count 1000 R3 to R2

lab# run ping 172.168.2.1 rapid count 1000

noted: assure that there isn’t connectivity between R1 and R3 C. Static Routing

(2)

Page 2 of 20 Routing permanent, manual, metric/preference=5, mengenal source dan gateway.

Key : next-hop: gateway untuk network. Configure R1

lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 Configure R3

lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 How to check on R1

lab# run ping 172.168.1.1 lab# run ping 172.168.2.2 lab# run show route E. OSPF Protocol

Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area

Configure R1

lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0

configure R2

lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.0 Configure R3

lab# set protocols ospf area 0 interface fxp0.0 how to check

lab# run show ospf interface lab# run show ospf neighbor lab# run show route

lab# run ping 172.168.1.2 (from R1) lab# run ping 172.168.1.1 (from R2) lab# run ping 172.168.2.2 (from R2) lab# run ping 172.168.2.1 (from R3) Applying authentication

R1

lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed

R2

lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router R2 à assure connection is failed R3

lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router Rx à assure connection is success Applying policy

R1

lab# set routing-options static route 10.10.1.0/24 reject lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject

lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export

lab# run show route protocol ospf à assure R3 receive route from R1

F. ISIS Protocol

Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2

R1

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface lo0.0 passive R2

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface fxp1.0 level 1 disable lab # set protocols isis interface lo0.0 passive R3

lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab # set protocols isis interface fxp0.0 level 1 disable

lab # set protocols isis interface lo0.0 passive

(3)

Page 3 of 20 G. IBGP

AS number sama, routing table scalable, Multiservice.

R1

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 Lab # set protocols bgp group ibgp neighbor 192.168.1.3

Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3

Lab # set routing-options autonomous-system 65000

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure:

Lab # run show bgp summary

H. EBGP

AS number berbeda, routing table scalable, Multiservice.

R1

Lab # set routing-options autonomous-system 65001 Lab # set protocols bgp group ibgp peer-as 65002 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2

Lab # set routing-options autonomous-system 65002 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003

Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3

Lab # set routing-options autonomous-system 65003 Lab # set protocols bgp group ibgp multihop

Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp peer-as 65002

Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure:

Lab # run show bgp summary

IBGP Route Reflection

Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Step:

1. IGP (ISIS) sudah ada

2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP

4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1

RR-JKT-1 RR-JKT-2 PE-JKT-4 RR-JKT-3 PE-SBY-1 PE-SMG-1 PE-MDN-1 em1/1 172.16.1.2/30 em1/1 172.16.1.1/30 em2/2 172.16.1.5/30 em2/2 172.16.1.6/30 em1/3 172.16.1.9/30 em2/3 172.16.1.10/30 em3/4 172.16.2.5/30 em1/4 172.16.2.6/30 em3/6 172.16.2.18/30 em1/6 172.16.2.17/30 em3/7 172.16.2.10/30 em2/7 172.16.2.9/30 em3/8 172.16.10.5/30 em1/8 172.16.10.6/30 em2/5 172.16.2.6/30 em2/5 172.16.2.5/30 em1/9 172.16.10.1/30 em2/9 172.16.10.2/30 PE-MDN-1 10.0.3.1 RR-JKT-1 10.0.3.2 RR-JKT-2 10.0.3.3 RR-JKT-3 10.0.3.4 PE-JKT-4 10.0.6.6 PE-SBY-1 10.0.6.7 PE-SMG-1 10.0.6.8 Cluster 0.0.0.1 Cluster 0.0.0.2 Cluster 0.0.0.3 PE-MDN-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30;

(4)

Page 4 of 20 } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65212; } protocols { bgp { export static; group cluster-0001 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.2; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.3; } group RR { type internal; local-address 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable;

(5)

Page 5 of 20 } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.3; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.2; } group RR { type internal; multihop; local-address 10.0.3.3; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } }

(6)

Page 6 of 20 lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.3.4; cluster 0.0.0.2; neighbor 10.0.6.7; } group RR { type internal; multihop; local-address 10.0.3.4; neighbor 10.0.3.2; neighbor 10.0.6.6; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.6; cluster 0.0.0.3; neighbor 10.0.6.8; } group RR { type internal; multihop; local-address 10.0.6.6; neighbor 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

(7)

Page 7 of 20 PE-SBY-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SMG-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

IBGP Confideration

Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. Step:

1. IGP sudah ada (ISIS)

2. Tentukan AS primary misal 65212 3. Tentukan AS confideration ditiap domain 4. Dalam satu domain harus menggunakan IBGP

(8)

Page 8 of 20 6. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1

PE-MDN-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } }

(9)

Page 9 of 20 em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.2; neighbor 10.0.3.1; neighbor 10.0.3.3; } group 65212 { type external; multihop; local-address 10.0.3.2; neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 --- interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 65003 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.3; neighbor 10.0.3.1; neighbor 10.0.3.2; } group 65212 { type external; multihop; local-address 10.0.3.3;

(10)

Page 10 of 20 neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65001 65002 65000 ]; } protocols { bgp { group 65002 { type internal; neighbor 10.0.6.7; } group 65212 { type external; multihop; local-address 10.0.3.4; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.6.6 { peer-as 65001; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 --- interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet {

(11)

Page 11 of 20 address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.6; neighbor 10.0.6.8; } group 65212 { type external; multihop; local-address 10.0.6.6; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SBY-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } }

(12)

Page 12 of 20 } PE-SMG-1 --- interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }

Untuk memastikan gunakan

show bgp summary  melihat summary bgp

show route receive-protocol bgp (neighbor)  melihat route bgp yang diterima dari peer neighbornya

show route protocol bgp  melihat semua route bgp

Export-import BGP

Export BGP  policy disisi outbound  trafik keluar contoh : advertise route via BGP root@PE-SBY-1# show policy-options

policy-statement bgp-export { from protocol static; then accept; }

root@PE-SBY-1# show protocols bgp { group cluster-0002 { type internal; local-address 10.0.6.7; export bgp-export; neighbor 10.0.3.4; } }

Import BGP  policy disisi inbound trafik datang contoh: bloking prefix, as path policy-statement bgp-import { term 1 { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then reject; } term last { then accept;

(13)

Page 13 of 20 } } group RR { type internal; local-address 10.0.3.2; import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; } } Install Community bgp

Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24

root@PE-SMG-1# show policy-options policy-statement community { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then { community add c-65111:200; accept; } } community c-65111:200 members 65111:200; untuk memastikan :

how route advertising-protocol bgp (neighbor) extensive

Case:

Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er

PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer.

Customer r1 r2 c1 c2 p1 fxp1.1/1 172.168.1.1/30 fxp2.1/1 172.168.1.2/30 fxp2.2/2 172.168.1.6/30 fxp1.2/2 172.168.1.5/30 fxp3.3/3 172.168.1.9/30 fxp2.3/3 172.168.1.10/30 fxp1.4/4 172.168.2.2/30 fxp2.4/4 172.168.2.1/30 fxp3.5/5 172.168.3.5/30 172.168.3.6/30fxp4.5/5 r1 lo0.1 192.168.1.1 r2 lo0.2 192.168.1.2 c1 lo0.3 192.168.1.3 c2 lo0.4192.168.1.4 p1 lo0.5 192.168.1.5 t1 lo0.6 10.10.10.1 AS 1945 AS 1982 AS 2009 t1 fxp1.6/6 172.168.4.1/30 Fxp2.6/6 172.168.4.2/30 Fxp4.7/7 172.168.4.5/30 Fxp3.7/7 172.168.4.6/30 AS 1946

Load balance EBGP ada 2:

1. Multihop based on local address 2. Multipath  based on Link layer Case:

Load balance antara r2 dng p1 Step1

konfigurasi static route between r2 and p1

pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options

policy-statement load-balance { then {

load-balance per-packet; }

}

lab# show routing-options static {

route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; }

autonomous-system 2009;

(14)

Pa g e 14 of 20

export load-balance;

}

Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance lab# run show route

192.168.1.5/32 *[Static/5] 00:23:52 to 172.168.2.1 via fxp1.4

 to 172.168.3.6 via fxp3.5

lab# run show route forwarding-table

192.168.1.5/32 user 1 ulst 131070 2 172.168.2.1 ucst 495 2 fxp1.4 172.168.3.6 ucst 490 2 fxp3.5

Step 2

Konfigurasi multihop di P1 dan r2 Di P1

lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } Di r2

lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } Untuk verifikasi:

lab# run show bgp neighbor 192.168.1.5 logical-router r2 Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Type: External State: Established Flags: <ImportEval Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None

Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh>

Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Number of flaps: 0

Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0

NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001

RIB State: BGP restart is complete Send state: in sync

Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0

Last traffic (seconds): Received 23 Sent 23 Checked 23

Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 23 Updates 0 Refreshes 0 Octets 463

Output Queue[0]: 0

Load balance antara r1 dng c1 dan c2 Konfigurasi di c1

lab# show protocols bgp group 1945 { type external; neighbor 172.168.1.9 { peer-as 2009; } } Konfigurasi di c2 lab# show protocols bgp group external { type external; neighbor 172.168.1.6 { peer-as 2009; } }

Konfigurasi di r1 dng menggunakan multipath lab# show protocols bgp

group external { type external; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } }

lab# run show bgp neighbor 172.168.1.5

Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 Type: External State: Established Flags: <Sync>

Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None

Options: <Preference HoldTime PeerAS Multipath Refresh>

Holdtime: 90 Preference: 170 Number of flaps: 0

Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 1

Local Interface: fxp2.2 NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001

RIB State: BGP restart is complete Send state: in sync

Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0

Last traffic (seconds): Received 10 Sent 10 Checked 10 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121

(15)

Pa g e 15 of 20 Modifiying BGP attribute

Case:

1. advertise IP loopback c1 shg p1 bisa ping ip tersebut di c1

lab# show policy-options

policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } }

lab# show protocols bgp group 1945 { type external; export loopback; neighbor 172.168.1.9 { peer-as 2009; } }

I. Logical Router

vlan

 Sub interface dari interface

Configure logical router R1  lab@lab # set logical-routers R1 Entering config logical-router  lab@lab # edit logical-routers r1

For example on OSPF configuration Protocol OSPF

Configure R1

lab# top edit logical-routers R1

lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 lab# set protocols ospf area 0 interface fxp0.0

lab# set protocols ospf area 0 interface lo0.0 passive

configure R2

lab# top edit logical-routers R2

lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0

lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor

lab # run show ospf interface

BGP attribute ---

Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh

lab# run show route protocol bgp terse

inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Origin bisa dimanipulasi menjadi incomplete, egp dll

(16)

Pa g e 16 of 20 Di c2 --- policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin incomplete; accept; } } term 2 { then reject; } }

Untuk mengubah ke egp spt dibawah ini: policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin egp; accept; } } term 2 { then reject; } }

Hasilnya bisa dilihat di r1

lab# run show route protocol bgp terse logical-router r1 inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I As-path

Jalur yang telah dipilih oleh suatu route didalam BGP Di c2 policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { as-path-prepend "1947 1947"; accept; } } term 2 { then reject; } }

lab# run show route protocol bgp terse logical-router r1

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I

* 172.168.3.4/30 B 170 100 >172.168.1.2 I Pastikan jalur route sudah benar melalui c1 dari p1 lab# run traceroute 10.10.10.1

traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms Next-hop

IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator ) 

EBGP – EBGP EBGP – IBGP IBGP – IBGP

Local preference  hanya terjadi di IBGP

Contoh ubah local preference untuk route 10.10.10.1 di local as policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } then accept; } term 3 { from {

(17)

Pa g e 17 of 20 protocol bgp; route-filter 10.10.10.1/32 exact; } then { local-preference 150; } } then accept; } Untuk verifikasi

lab# run show route 10.10.10.1 detail

inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) 10.10.10.1/32 (1 entry, 1 announced)

*BGP Preference: 170/-151 Next-hop reference count: 17 Source: 192.168.1.1

Next hop: 172.168.1.1 via fxp2.1, selected Protocol next hop: 192.168.1.1

Indirect next hop: 8683198 131072 State: <Active Int Ext>

Local AS: 2009 Peer AS: 2009 Age: 1:28 Metric2: 1

Task: BGP_2009.192.168.1.1+179

Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 AS path: 1946 I

Localpref: 150 Router ID: 192.168.1.1 Multiple Exit Discriminator ---

Community route yang telah di tag misal 65000:1100

Lampiran Di r1 interfaces { fxp1 { unit 1 { vlan-id 1; family inet { address 172.168.1.1/30; } } } fxp2 { unit 2 { vlan-id 2; family inet { address 172.168.1.6/30; } } } fxp3 { unit 3 { vlan-id 3; family inet { address 172.168.1.9/30; } } } lo0 { unit 1 { family inet { address 192.168.1.1/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.1; export resolve; neighbor 192.168.1.2; } group external { type external; export direct; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } } ospf { area 0.0.0.0 { interface fxp1.1; interface lo0.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.1.0/30 exact; } then accept; } term 2 { from { protocol bgp; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } }

(18)

Pa g e 18 of 20 policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } } then accept; } } routing-options { autonomous-system 2009; } Di r2 interfaces { fxp1 { unit 4 { vlan-id 4; family inet { address 172.168.2.2/30; } } } fxp2 { unit 1 { vlan-id 1; family inet { address 172.168.1.2/30; } } } fxp3 { unit 5 { vlan-id 5; family inet { address 172.168.3.5/30; } } } lo0 { unit 2 { family inet { address 192.168.1.2/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.2; export direct; neighbor 192.168.1.1; } group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } } ospf { area 0.0.0.0 { interface lo0.2; interface fxp2.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } } policy-statement load-balance { then { load-balance per-packet; } } } routing-options { static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { export load-balance; } } Di p1 interfaces { fxp2 { unit 4 { vlan-id 4; family inet { address 172.168.2.1/30; } } } fxp4 { unit 5 {

(19)

Pa g e 19 of 20 vlan-id 5; family inet { address 172.168.3.6/30; } } } lo0 { unit 5 { family inet { address 192.168.1.5/32; } } } } protocols { bgp { group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } } } routing-options { static { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; } autonomous-system 1982; } Di c1 interfaces { fxp1 { unit 6 { vlan-id 6; family inet { address 172.168.4.1/30; } } } fxp4 { unit 3 { vlan-id 3; family inet { address 172.168.1.10/30; } } } lo0 { unit 3 { family inet { address 192.168.1.3/32; } } } } protocols { bgp { group external { type external; neighbor 172.168.1.9 { peer-as 2009; } neighbor 172.168.4.2 { peer-as 1946; } } } } policy-options { policy-statement static { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } } routing-options { autonomous-system 1945; } Di c2 interfaces { fxp1 { unit 2 { vlan-id 2; family inet { address 172.168.1.5/30; } } } fxp2 { unit 6 { vlan-id 6; family inet { address 172.168.4.2/30; } } } fxp3 { unit 7 { vlan-id 7; family inet { address 172.168.4.6/30; } } } lo0 { unit 4 { family inet {

(20)

Pa g e 20 of 20 address 192.168.1.4/32; } } } } protocols { bgp { group external { type external; export static; neighbor 172.168.1.6 { peer-as 2009; } } group 1945 { type external; export static1; neighbor 172.168.4.1 { peer-as 1945; } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; } interfaces { fxp4 { unit 7 { vlan-id 7; family inet { address 172.168.4.5/30; } } } lo0 { unit 6 { family inet { address 10.10.10.1/32; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.168.4.6; } }

References

Download now ( PDF - 20 Page - 226.87 KB )

Related documents