Assalamu'alaikum wr.wb
Pada kesempatan kali ini saya akan memberikan LAB BGP pada juniper. Jadi kira-kira ada 8 point yang akan di bahas pada lab ini, dari konfig awal hingga cara filtering bgp route. Oh iya lab ini cukup bermanfaat jika anda bekerja di network enterprise yang butuh pemahaman akan BGP. Sebagai contoh anda ingin filter atau advertise BGP, maka anda jangan sampai salah melakukan advertise, karena ber-impact pada network global atau internet
Beberapa point konfigurasi pada LAB juniper ini :
1. Konfigurasi Mandatory
2. Konfigurasi Logical System
3. Konfigurasi OSPF
4. Konfigurasi Internal BGP
5. Advertise Route ke dalam BGP
6. Konfigurasi External BGP
7. BGP Next Hop Self
8. Filtering Route BGP
Topologi :
- Topologi
dari draw.io
R1 sebagai ISP dengan AS 200 sedangkan R2 sebagai ISP lain
dengan AS 300 , Kemudian sebuah Company memiliki 3 router, R3 adalah yg facing
langsung dengan ISP, lalu R4 dan R5 adalah internal Router yang harus
mendapatkan routing internet. R3, R4
& R5 nanti nya akan di konfigurasi OSPF dan IBGP sedangkan antar R3 ke R1
dan R3 ke R2 akan di konfigurasi EBGP.
1.
Konfigurasi Mandatory
Konfigurasi R3
root# set system host-name vMX-R3
root# set system time-zone Asia/Jakarta
root# set system authentication-order radius
root# set system authentication-order password
root# set system root-authentication plain-text-password
New password:your_password
Retype new password:your_password
root# set system radius-server 192.168.10.254 secret rahasia123
root# set system radius-server 192.168.10.254 source-address 192.168.10.1
root# set system accounting events login
root# set system accounting events change-log
root# set system accounting events interactive-commands
root# set system accounting destination radius server 192.168.10.254 secret rahasia123
root# set system accounting destination radius server 192.168.10.254 source-address 192.168.10.1
root# set system login user andika class read-only
root# set system services ssh
root# set system services netconf ssh
root# set system syslog user * any emergency
root# set system syslog host 192.168.10.254 daemon info
root# set system syslog file messages any notice
root# set system syslog file messages authorization info
root# set system syslog file interactive-commands interactive-commands any
- Konfigurasi Sub-interfaces
root# set interfaces ge-0/0/0 unit 0 description "Connect to PC"
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.1/24
root# set interfaces ge-0/0/1 vlan-tagging
root# set interfaces ge-0/0/2 vlan-tagging
root# set interfaces ge-0/0/3 vlan-tagging
root# set interfaces ge-0/0/4 vlan-tagging
root# set interfaces ge-0/0/5 vlan-tagging
root# set interfaces ge-0/0/6 vlan-tagging
root# commit
commit complete
[edit]
root@vMX-R3#
2. Konfigurasi logical-system
Lab guide ini akan dibuat logical system beserta interface dan ip address nya sesuai gambar pada paling atas. Create logical-system di masing-masing router.
root# set system host-name vMX-R1
root# set interfaces ge-0/0/1 vlan-tagging
root# set logical-systems R1
root# edit logical-systems R1
root# set interfaces ge-0/0/1 unit 13 vlan-id 13
root# set interfaces ge-0/0/1 unit 13 family inet address 10.13.13.1/24
root# set interfaces lo0 unit 1 family inet address 1.1.1.1/32
root# commit
commit complete
[edit logical-systems R1]
root@vMX-R1#
root# set system host-name vMX-R2
root# set interfaces ge-0/0/2 vlan-tagging
root# set logical-systems R2
root# edit logical-systems R2
root# set interfaces ge-0/0/2 unit 23 vlan-id 23
root# set interfaces ge-0/0/2 unit 23 family inet address 10.23.23.2/24
root# set interfaces lo0 unit 2 family inet address 2.2.2.2/32
root# commit
commit complete
[edit logical-systems R2]
root@vMX-R2#
root@vMX-R3# set logical-systems R3
root@vMX-R3# edit logical-systems R3
root@vMX-R3# set interfaces ge-0/0/3 unit 13 vlan-id 13
root@vMX-R3# set interfaces ge-0/0/3 unit 13 family inet address 10.13.13.3/24
root@vMX-R3# set interfaces ge-0/0/3 unit 23 vlan-id 23
root@vMX-R3# set interfaces ge-0/0/3 unit 23 family inet address 10.23.23.3/24
root@vMX-R3# set interfaces ge-0/0/3 unit 34 vlan-id 34
root@vMX-R3# set interfaces ge-0/0/3 unit 34 family inet address 10.34.34.3/24
root@vMX-R3# set interfaces ge-0/0/3 unit 35 vlan-id 35
root@vMX-R3# set interfaces ge-0/0/3 unit 35 family inet address 10.35.35.3/24
root@vMX-R3# set interfaces lo0 unit 3 family inet address 3.3.3.3/32
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
Konfigurasi R4
root# set system host-name vMX-R4
root# set interfaces ge-0/0/4 vlan-tagging
root# set logical-systems R4
root# edit logical-systems R4
root# set interfaces ge-0/0/4 unit 34 vlan-id 34
root# set interfaces ge-0/0/4 unit 34 family inet address 10.34.34.4/24
root# set interfaces lo0 unit 4 family inet address 4.4.4.4/32
root# commit
commit complete
[edit logical-systems R4]
root@vMX-R4#
root# set system host-name vMX-R5
root# set interfaces ge-0/0/5 vlan-tagging
root# set logical-systems R5
root# edit logical-systems R5
root# set interfaces ge-0/0/5 unit 35 vlan-id 35
root# set interfaces ge-0/0/5 unit 35 family inet address 10.35.35.5/24
root# set interfaces lo0 unit 5 family inet address 5.5.5.5/32
root# commit
commit complete
[edit logical-systems R5]
root@vMX-R5#
3. Konfigurasi OSPF pada R3, R4 & R5
Sebelum anda konfigurasi internal BGP anda perlu enable terlebih dahulu protocol IGP nya seperti OSPF, ISI atau bisa juga menggunakan static route. Dalam lab ini kita menggunakan OSPF.
root@vMX-R3# set protocols ospf area 0.0.0.0 interface ge-0/0/3.34
root@vMX-R3# set protocols ospf area 0.0.0.0 interface ge-0/0/3.35
root@vMX-R3# set protocols ospf area 0.0.0.0 interface lo0.3
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
root@vMX-R4# set protocols ospf area 0.0.0.0 interface ge-0/0/4.34
root@vMX-R4# set protocols ospf area 0.0.0.0 interface lo0.4
root@vMX-R4# commit
commit complete
[edit logical-systems R4]
root@vMX-R4#
root@vMX-R5# set protocols ospf area 0.0.0.0 interface ge-0/0/5.35
root@vMX-R5# set protocols ospf area 0.0.0.0 interface lo0.5
root@vMX-R5# commit
commit complete
[edit logical-systems R5]
root@vMX-R5#
Verifikasi :
root@vMX-R4# run show route protocol ospf logical-system R4
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
3.3.3.3/32 *[OSPF/10] 00:00:25, metric 1
> to 10.34.34.3 via ge-0/0/4.34
5.5.5.5/32 *[OSPF/10] 00:00:01, metric 2
> to 10.34.34.3 via ge-0/0/4.34
10.35.35.0/24 *[OSPF/10] 00:00:01, metric 2
> to 10.34.34.3 via ge-0/0/4.34
224.0.0.5/32 *[OSPF/10] 00:05:45, metric 1
MultiRecv
root@vMX-R5# run show route protocol ospf logical-system R5
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
3.3.3.3/32 *[OSPF/10] 00:01:15, metric 1
> to 10.35.35.3 via ge-0/0/5.35
4.4.4.4/32 *[OSPF/10] 00:01:15, metric 2
> to 10.35.35.3 via ge-0/0/5.35
10.34.34.0/24 *[OSPF/10] 00:01:15, metric 2
> to 10.35.35.3 via ge-0/0/5.35
224.0.0.5/32 *[OSPF/10] 00:04:58, metric 1
MultiRecv
root@vMX-R3# run show route protocol ospf logical-system R3
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[OSPF/10] 00:02:31, metric 1
> to 10.34.34.4 via ge-0/0/3.34
5.5.5.5/32 *[OSPF/10] 00:02:00, metric 1
> to 10.35.35.5 via ge-0/0/3.35
224.0.0.5/32 *[OSPF/10] 00:08:38, metric 1
MultiRecv
root@vMX-R3# run show ospf neighbor logical-system R3
Address Interface State ID Pri Dead
10.34.34.4 ge-0/0/3.34 Full 4.4.4.4 128 31
10.35.35.5 ge-0/0/3.35 Full 5.5.5.5 12 30
4. Konfigurasi Internal BGP pada R3, R4 & R5
Sesuai scenario lab ini, R3, R4 & R5 adalah router dengan AS number yang sama, atau masih dalam satu administrative. Di atas sudah di konfigurasi ospf nya dan sudah full state antara R3, R4 dan R5.
root@vMX-R3# set protocols bgp group IBGP type internal
root@vMX-R3# set protocols bgp group IBGP local-address 3.3.3.3
root@vMX-R3# set protocols bgp group IBGP neighbor 5.5.5.5 peer-as 100
root@vMX-R3# set protocols bgp group IBGP neighbor 4.4.4.4 peer-as 100
root@vMX-R3# set routing-options router-id 3.3.3.3
root@vMX-R3# set routing-options autonomous-system 100
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
root@vMX-R4# set protocols bgp group IBGP type internal
root@vMX-R4# set protocols bgp group IBGP local-address 4.4.4.4
root@vMX-R4# set protocols bgp group IBGP neighbor 3.3.3.3 peer-as 100
root@vMX-R4# set protocols bgp group IBGP neighbor 5.5.5.5 peer-as 100
root@vMX-R4# set routing-options router-id 4.4.4.4
root@vMX-R4# set routing-options autonomous-system 100
root@vMX-R4# commit
commit complete
[edit logical-systems R4]
root@vMX-R4#
root@vMX-R5# set protocols bgp group IBGP type internal
root@vMX-R5# set protocols bgp group IBGP local-address 5.5.5.5
root@vMX-R5# set protocols bgp group IBGP neighbor 3.3.3.3 peer-as 100
root@vMX-R5# set protocols bgp group IBGP neighbor 4.4.4.4 peer-as 100
root@vMX-R5# set routing-options router-id 5.5.5.5
root@vMX-R5# set routing-options autonomous-system 100
root@vMX-R5# commit
commit complete
[edit logical-systems R5]
root@vMX-R5#
Verifikasi :
Pastikan status BGP sudah established dengan melakukan verifikasi melalui command-command berikut :
root@vMX-R3# run show bgp summary logical-system R3
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn S.
4.4.4.4 100 11 10 0 0 4:11 00
5.5.5.5 100 7 6 0 0 2:00 00
root@vMX-R4# run show bgp summary logical-system R4
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
3.3.3.3 100 39 40 0 0 17:04 0/0/0/0 0/0/0/0
5.5.5.5 100 4 4 0 0 18 0/0/0/0 0/0/0/0
root@vMX-R5# run show bgp summary logical-system R5
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
3.3.3.3 100 36 35 0 0 15:05 0/0/0/0 0/0/0/0
4.4.4.4 100 4 2 0 0 24 0/1/1/0 0/0/0/0
root@vMX-R3# run show bgp neighbor 4.4.4.4 logical-system R3
Peer: 4.4.4.4+59197 AS 100 Local: 3.3.3.3+179 AS 100
Group: IBGP Routing-Instance: master
Forwarding routing-instance: master
Type: Internal State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Local Address: 3.3.3.3 Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 4.4.4.4 Local ID: 3.3.3.3 Active Holdtime: 90
root@vMX-R3# run show bgp neighbor 5.5.5.5 logical-system R3
Peer: 5.5.5.5+52395 AS 100 Local: 3.3.3.3+179 AS 100
Group: IBGP Routing-Instance: master
Forwarding routing-instance: master
Type: Internal State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: Cease
Options:
Local Address: 3.3.3.3 Holdtime: 90 Preference: 170
Number of flaps: 0
Error: 'Cease' Sent: 1 Recv: 0
Peer ID: 5.5.5.5 Local ID: 3.3.3.3 Active Holdtime: 90
5. Advertise Route ke dalam BGP
Untuk mendavertise route ke dalam protocol bgp bisa dilakukan dengan meredistribute dari sebuah protocol lain ke dalam protocol bgp. Misal dari protocol direc ( untuk direct connected ) atau ospf ke dalam BGP. Dan supaya redistribute/export bisa jalan maka route/ip tersebut harus aktif atau bisa di reach oleh router yang melakukan redistribute.
root@vMX-R4# set policy-options policy-statement advertise-to-bgp term 1 from protocol direct
root@vMX-R4# set policy-options policy-statement advertise-to-bgp term 1 from route-filter 4.4.4.4/32 exact
root@vMX-R4# set policy-options policy-statement advertise-to-bgp term 1 then accept
root@vMX-R4# set protocols bgp group IBGP export advertise-to-bgp
root@vMX-R4# commit
commit complete
[edit logical-systems R4]
root@vMX-R4#
Verifikasi :
Lakukan verifikasi dengan perintah berikut :
root@vMX-R4# run show route advertising-protocol bgp 3.3.3.3 logical-system R4
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 4.4.4.4/32 Self 100 I
root@vMX-R4# run show route advertising-protocol bgp 5.5.5.5 logical-system R4
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 4.4.4.4/32 Self 100 I
root@vMX-R3# run show route 4.4.4.4 protocol bgp logical-system R3
inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 [BGP/170] 00:08:49, localpref 100, from 4.4.4.4
AS path: I, validation-state: unverified
> to 10.34.34.4 via ge-0/0/3.34
root@vMX-R5# run show route 4.4.4.4 protocol bgp logical-system R5
inet.0: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 [BGP/170] 00:04:42, localpref 100, from 4.4.4.4
AS path: I, validation-state: unverified
> to 10.35.35.3 via ge-0/0/5.35
Anda bisa lihat seperti hasil show route di atas, bahwa 4.4.4.4/32 sudah di terima oleh R3 & R5.
6. Konfigurasi External BGP
Sesuai topology, R3 memiliki external peer ke R1 dan R2. Berikut adalah konfigurasi external BGP pada R3, R1 dan R2.
root@vMX-R3# set protocols bgp group EBGP type external
root@vMX-R3# set protocols bgp group EBGP neighbor 10.13.13.1 description "External Peer ke R1"
root@vMX-R3# set protocols bgp group EBGP neighbor 10.13.13.1 peer-as 200
root@vMX-R3# set protocols bgp group EBGP neighbor 10.23.23.2 description "External Peer ke R2"
root@vMX-R3# set protocols bgp group EBGP neighbor 10.23.23.2 peer-as 300
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
R1 memiliki peer external ke R3 dan R1 memiliki prefix 1.1.1.1/32 untuk di advertise ke external bgp route.
root@vMX-R1# set protocols bgp group EBGP type external
root@vMX-R1# set protocols bgp group EBGP neighbor 10.13.13.3 peer-as 100
root@vMX-R1# set protocols bgp group EBGP local-as 200
root@vMX-R1# set policy-options policy-statement direct-to-bgp term 1 from protocol direct
root@vMX-R1# set policy-options policy-statement direct-to-bgp term 1 from route-filter 1.1.1.1/32 exact
root@vMX-R1# set policy-options policy-statement direct-to-bgp term 1 then accept
root@vMX-R1# set protocols bgp group EBGP export direct-to-bgp
root@vMX-R1# commit
commit complete
[edit logical-systems R1]
root@vMX-R1#
R2 memiliki peer external ke R3 dan R2 memiliki prefix 2.2.2.2/32 untuk di advertise ke external bgp route.
root@vMX-R2# set protocols bgp group EBGP type external
root@vMX-R2# set protocols bgp group EBGP neighbor 10.23.23.3 peer-as 100
root@vMX-R2# set protocols bgp group EBGP local-as 300
root@vMX-R2# set policy-options policy-statement direct-to-bgp term 1 from protocol direct
root@vMX-R2# set policy-options policy-statement direct-to-bgp term 1 from route-filter 2.2.2.2/32 exact
root@vMX-R2# set policy-options policy-statement direct-to-bgp term 1 then accept
root@vMX-R2# set protocols bgp group EBGP export direct-to-bgp
root@vMX-R2# commit
commit complete
[edit logical-systems R2]
root@vMX-R2#
Verifikasi :
Verifikasi anda bisa lakukan seperti anda melakukan verifikasi internal BGP.
root@vMX-R3# run show route protocol bgp 1.1.1.1 logical-system R3
inet.0: 14 destinations, 15 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:01:24, localpref 100
AS path: 200 I, validation-state: unverified
> to 10.13.13.1 via ge-0/0/3.13
root@vMX-R3# run show route protocol bgp 2.2.2.2 logical-system R3
inet.0: 14 destinations, 15 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2.2.2.2/32 *[BGP/170] 00:12:23, localpref 100
AS path: 300 I, validation-state: unverified
> to 10.23.23.2 via ge-0/0/3.23
root@vMX-R3# run show bgp summary logical-system R3
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
3 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn S.
4.4.4.4 100 119 118 0 0 51:58 00
5.5.5.5 100 113 114 0 0 49:47 00
10.13.13.1 200 11 10 0 0 3:18 10
10.23.23.2 300 32 31 0 0 12:54 10
root@vMX-R3# run show bgp neighbor 10.13.13.1 logical-system R3
Peer: 10.13.13.1+57350 AS 200 Local: 10.13.13.3+179 AS 100
Description: External Peer ke R1
Group: EBGP Routing-Instance: master
Forwarding routing-instance: master
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 1.1.1.1 Local ID: 3.3.3.3 Active Holdtime: 90
Keepalive Interval: 30 Group index: 1 Peer index: 1 SNMP index:
I/O Session Thread: bgpio-0 State: Enabled
BFD: disabled, down
Local Interface: ge-0/0/3.13
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
Restart flag received from the peer: Notification
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer does not support LLGR Restarter functionality
Peer supports 4 byte AS extension (peer-as 200)
Peer does not support Addpath
Table inet.0 Bit: 20001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 1
Received prefixes: 1
Accepted prefixes: 1
Suppressed due to damping: 0
Advertised prefixes: 1
Last traffic (seconds): Received 11693 Sent 224 Checked 11693
Input messages: Total 11 Updates 2 Refreshes 0 Octets 286
Output messages: Total 10 Updates 1 Refreshes 0 Octets 227
Output Queue[1]: 0 (inet.0, inet-unicast)
- Advertise Router Internal pada R3 ke dalam External BGP
Advertise Route Internal ke dalam External BGP
root@vMX-R3# set policy-options policy-statement advertise-to-external term 1 from protocol ospf
root@vMX-R3# set policy-options policy-statement advertise-to-external term 1 from route-filter 4.4.4.4/32 exact
root@vMX-R3# set policy-options policy-statement advertise-to-external term 1 from route-filter 5.5.5.5/32 exact
root@vMX-R3# set policy-options policy-statement advertise-to-external term 1 then accept
root@vMX-R3# set policy-options policy-statement advertise-to-external term 2 from protocol direct
root@vMX-R3# set policy-options policy-statement advertise-to-external term 2 from route-filter 10.34.34.0/24 exact
root@vMX-R3# set policy-options policy-statement advertise-to-external term 2 from route-filter 10.35.35.0/24 exact
root@vMX-R3# set policy-options policy-statement advertise-to-external term 2 then accept
root@vMX-R3# set policy-options policy-statement advertise-to-external term other then reject
root@vMX-R3# set protocols bgp group EBGP export advertise-to-external
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
Pada contoh di atas, hanya route yang ada di rule itu saja yang akan di advertise keluar. Pada dasarnya sama caranya kaya advertise Internal BGP maupun External. Cuman beda di peng-aplikasian rule nya, yaitu harus di group External BGP.
Verifikasi :
Anda dapat melakukan perintah run show route pada R1 & R2.
root@vMX-R1# run show route protocol bgp logical-system R1
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:02:33, MED 1, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.13.13.3 via ge-0/0/1.13
5.5.5.5/32 *[BGP/170] 00:02:33, MED 1, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.13.13.3 via ge-0/0/1.13
10.34.34.0/24 *[BGP/170] 00:02:33, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.13.13.3 via ge-0/0/1.13
10.35.35.0/24 *[BGP/170] 00:02:33, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.13.13.3 via ge-0/0/1.13
root@vMX-R2# run show route protocol bgp logical-system R2
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:06:01, MED 1, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.23.23.3 via ge-0/0/2.23
5.5.5.5/32 *[BGP/170] 00:06:01, MED 1, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.23.23.3 via ge-0/0/2.23
10.34.34.0/24 *[BGP/170] 00:06:01, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.23.23.3 via ge-0/0/2.23
10.35.35.0/24 *[BGP/170] 00:06:01, localpref 100
AS path: 100 I, validation-state: unverified
> to 10.23.23.3 via ge-0/0/2.23
7. BGP Next-hop Self
BGP next-hop self adalah solusi untuk router BGP yang tidak facing langsung dengan External BGP. Misal pada case ini adalah R4 dan R5 adalah contoh router yang membutuhkan solusi next-hop self oleh si R3.
Oke, dari bagian sebelumnya anda sudah belajar cara advertise External BGP. Dan karena sekarang sudah saling advertise antara peer R3 ke R1 maupun R3 ke R2. Maka mari kita coba test ping dari Internal router kita dalam hal ini R3, R4 dan R5 bagaimana nanti next-hop self di perlukan.
root@vMX-R3# run ping 1.1.1.1 logical-system R3
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=64 time=3157.245 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=2166.533 ms
root@vMX-R3# run ping 2.2.2.2 logical-system R3
PING 2.2.2.2 (2.2.2.2): 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=7361.013 ms
64 bytes from 2.2.2.2: icmp_seq=1 ttl=64 time=6399.319 ms
root@vMX-R4# run ping 1.1.1.1 logical-system R4
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
root@vMX-R5# run ping 1.1.1.1 logical-system R5
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
Masih belum bisa jika kita test ping dari R4 ataupun R5.
Sekarang coba lakukan verifikasi seperti berikut :
root@vMX-R4# run show route receive-protocol bgp 3.3.3.3 logical-system R4
inet.0: 9 destinations, 9 routes (7 active, 0 holddown, 2 hidden)
Kondisinya ada dua prefix yang di terima, akan tetapi masih hidden network. Sekarang coba tambahin command hidden.
root@vMX-R4# run show route receive-protocol bgp 3.3.3.3 hidden logical-system R4
inet.0: 9 destinations, 9 routes (7 active, 0 holddown, 2 hidden)
Prefix Nexthop MED Lclpref AS path
1.1.1.1/32 10.13.13.1 100 200 I
2.2.2.2/32 10.23.23.2 100 300 I
Jika anda chek dengan command hidden, maka akan terlihat prefix route dari External router. Alasannya ini kenapa hidden karena next-hop untuk mencapai kedua prefix di atas tidak ada dalam route R4 atau R5 dalam hal ini. Jika anda show route 10.13.13.1 atau 10.23.23.2 pada R4 atau R5 anda tidak akan menemukan route nya.
root@vMX-R4# run show route 10.13.13.1 logical-system R4
root@vMX-R5# run show route 10.23.23.2 logical-system R5
Maka untuk solusi case ini, supaya dari Internal router BGP yang tidak facing langsung dengan External AS. Perlu di tambahkan konfigurasi next-hop self pada R3.
root@vMX-R3# set policy-options policy-statement next-hop-self then next-hop self
root@vMX-R3# set protocols bgp group IBGP export next-hop-self
root@vMX-R3# commit
commit complete
[edit logical-systems R3]
root@vMX-R3#
Verifikasi :
Sekarang mari kita verifikasi ulang.
root@vMX-R4# run show route 1.1.1.1 logical-system R4
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:00:34, localpref 100, from 3.3.3.3
AS path: 200 I, validation-state: unverified
> to 10.34.34.3 via ge-0/0/4.34
root@vMX-R4# run show route 2.2.2.2 logical-system R4
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2.2.2.2/32 *[BGP/170] 00:01:04, localpref 100, from 3.3.3.3
AS path: 300 I, validation-state: unverified
> to 10.34.34.3 via ge-0/0/4.34
root@vMX-R4# run show route receive-protocol bgp 3.3.3.3 logical-system R4
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 1.1.1.1/32 3.3.3.3 100 200 I
* 2.2.2.2/32 3.3.3.3 100 300 I
8. Filtering Route BGP
Cara filtering route ( Contoh pada R5 ), supaya tidak terjadi kekeliruan, anda perlu tau lagi konsep import dan export route pada protocol routing juniper, import bisa dikatakan semua yang berkaitan dengan routing yang diterima oleh router itu sendiri, sedangkan export adalah semua yang berkaitan dengan apa yang dikirim oleh router itu sendiri. Mari kita ikuti contoh berikut. Kita mau filter routing yang di terima dari protocol BGP. Misal R5 sudah menerima prefix dari R1 dan R2 seperti berikut ini.
root@vMX-R5# run show route 1.1.1.1 logical-system R5
inet.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:03:41, localpref 100, from 3.3.3.3
AS path: 200 I, validation-state: unverified
> to 10.35.35.3 via ge-0/0/5.35
Kita mau filter prefix 1.1.1.1/32 di atas pada router R5.
root@vMX-R5# set policy-options policy-statement filtering-route term 1 from protocol bgp
root@vMX-R5# set policy-options policy-statement filtering-route term 1 from route-filter 1.1.1.1/32 exact
root@vMX-R5# set policy-options policy-statement filtering-route term 1 then reject
root@vMX-R5# set protocols bgp group IBGP import filtering-route
root@vMX-R5# commit
commit complete
[edit logical-systems R5]
root@vMX-R5#
Verifikasi bisa dilakukan dengan menggunakan show route pada R5 :
root@vMX-R5# run show route 1.1.1.1 logical-system R5
root@vMX-R5# run show route logical-system R5 protocol bgp
inet.0: 9 destinations, 10 routes (8 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
2.2.2.2/32 *[BGP/170] 00:12:48, localpref 100, from 3.3.3.3
AS path: 300 I, validation-state: unverified
> to 10.35.35.3 via ge-0/0/5.35
4.4.4.4/32 [BGP/170] 01:23:25, localpref 100, from 4.4.4.4
AS path: I, validation-state: unverified
> to 10.35.35.3 via ge-0/0/5.35
salt likit
ReplyDeleteheets
canlı sex hattı
https://girisadresi.info/
N1DH
https://saglamproxy.com
ReplyDeletemetin2 proxy
proxy satın al
knight online proxy
mobil proxy satın al
7BT