Lab Bgp Juniper
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Lab Bgp Juniper as PDF for free.
More details
- Words: 5,698
- Pages: 20
A. Introduction: Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. Rollback = memanggil konfigurasi sebelumnya. Command Line interface Review Exec mode: ------------Amnesiac (ttyd0) login: root Password: --- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC root@% cli root> Configuration Mode: -------------------------root> configure Entering configuration mode [edit] root# Create User à root# set system login user lab class super-user authentication plain-text-password Check configuration à root# show | compare root# commit check Save config and execute à root# commit (save for 2 minutes only à root# commit confirmed 2 ) (backup config using name conf1 à root# save conf1) Setting hostnamne à lab # set system host-nam e juniper-lab lab# commit Rollback à lab# show | compare rollback 1 lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0) Show configuration Simple à lab# show or lab > show configuration continuously à lab# show | no-more match certain word à lab > show configuration | match interface find certain word and later à lab > show configuration | find interface set configuration à lab > show configuration | display set
show logging log system à lab > show log messages log with 100 lines latest à lab > show log messages | last 100 log hardware à lab > show log chassis log user à lab > show system users Hierarchial configuration Entering lab config à lab# edit system login user lab Entering upper config à lab# up Entering top configuration à lab# top B. Initial System configuration Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge terminal relative= copy paste config sebagian
Delete everything under this level? [yes,no] (no) yes lab# load override terminal copy paste configuration here finished using enter and ctrl+d keys lab# load merge terminal relative copy paste configuration here finished using enter and ctrl+d keys lab# commit check lab# commit lab# run show interfaces terse Interface Admin Link Proto Local dsc up up fxp0 up up fxp0.0 up up inet 192.168.1.123/24 fxp1 up up fxp1.1 up up inet 172.168.1.1/30 fxp1.2 up up inet 172.168.2.1/30 fxp2 up up fxp2.1 up up inet 172.168.1.2/30 fxp2.2 up up inet 172.168.2.2/30 fxp3 up up fxp4 up up fxp4.1 up up inet 10.10.10.1/30
Remote
Configure R1 lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 Configure R2 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 Configure R3 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 How to check R1 to R2 lab# run ping 172.168.1.2 R2 to R1 lab# run ping 172.168.1.1 R2 to R3 lab# run ping 172.168.2.2 R3 to R2 lab# run ping 172.168.2.1
rapid count 1000 rapid count 1000 rapid count 1000 rapid count 1000
noted: assure that there isn’t connectivity between R1 and R3 lab# delete This will delete the entire configuration
C. Static Routing Page 1 of 20
Routing permanent, manual, metric/preference=5, mengenal source dan gateway. Key : next-hop: gateway untuk network. Configure R1 lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 Configure R3 lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 How to check on R1 lab# run ping 172.168.1.1 lab# run ping 172.168.2.2 lab# run show route E. OSPF Protocol Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area
R2 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router R2 à assure connection is failed R3 lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router Rx à assure connection is success Applying policy R1 lab# set routing-options static route 10.10.1.0/24 reject lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export lab# run show route protocol ospf à assure R3 receive route from R1
F. ISIS Protocol Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2
Configure R1 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0
configure R2 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.0 Configure R3 lab# set protocols ospf area 0 interface fxp0.0 how to check lab# run show ospf interface lab# run show ospf neighbor lab# run show route lab# run ping 172.168.1.2 (from lab# run ping 172.168.1.1 (from lab# run ping 172.168.2.2 (from lab# run ping 172.168.2.1 (from
R1 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive R2 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface fxp1.0 level 1 disable lab # set protocols isis interface lo0.0 passive
R1) R2) R2) R3)
Applying authentication R1 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed
R3 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive lab# run show route protocol isis à assure R3 receive route from R1
Page 2 of 20
G. IBGP AS number sama, routing table scalable, Multiservice.
Lab # set Lab # set Lab # set Lab # set Lab # set
routing-options autonomous-system 65002 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003 protocols bgp group ibgp local-address 192.168.1.2
R3 Lab # set Lab # set Lab # set Lab # set Lab # set
routing-options autonomous-system 65003 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.2 protocols bgp group ibgp peer-as 65002 protocols bgp group ibgp local-address 192.168.1.3
Assure: Lab # run show bgp summary
IBGP Route Reflection R1 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2 Lab # set Lab # set Lab # set Lab # set
Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Step: 1. IGP (ISIS) sudah ada 2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP 4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
routing-options autonomous-system 65000 protocols bgp group ibgp type internal neighbor 192.168.1.1 protocols bgp group ibgp neighbor 192.168.1.3 protocols bgp group ibgp local-address 192.168.1.2
R3 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.3
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.6.6 10.0.6.7 10.0.6.8
em1/9 172.16.10.1/30
em3/4 172.16.2.5/30
em1/1 172.16.1.1/30 em2/2 172.16.1.5/30
PE-SBY-1
em1/4 172.16.2.6/30
em1/1 172.16.1.2/30
PE-MDN-1 RR-JKT-1 RR-JKT-2 RR-JKT-3 PE-JKT-4 PE-SBY-1 PE-SMG-1
RR-JKT-3
RR-JKT-1
PE-MDN-1
Assure: Lab # run show bgp summary
H. EBGP AS number berbeda, routing table scalable, Multiservice.
Cluster 0.0.0.2
Cluster 0.0.0.1
em2/9 172.16.10.2/30 em3/7 172.16.2.10/30
em2/3 172.16.1.10/30
em3/6 172.16.2.18/30
em1/8 172.16.10.6/30
em1/6 172.16.2.17/30
RR-JKT-2
em2/5 172.16.2.6/30
em2/7 172.16.2.9/30
em1/3 172.16.1.9/30 em2/2 172.16.1.6/30
em2/5 172.16.2.5/30
em3/8 172.16.10.5/30
PE-JKT-4
PE-SMG-1
Cluster 0.0.0.3 R1 Lab # set Lab # set Lab # set Lab # set Lab # set R2
routing-options autonomous-system 65001 protocols bgp group ibgp peer-as 65002 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.2 protocols bgp group ibgp local-address 192.168.1.1
PE-MDN-1 -------------interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; Page 3 of 20
} family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65212; } protocols { bgp { export static; group cluster-0001 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } }
RR-JKT-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.2; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.3; } group RR { type internal; local-address 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; Page 4 of 20
} interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65212; }
protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.3; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.2; } group RR { type internal; multihop; local-address 10.0.3.3; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 ------------interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } Page 5 of 20
lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.3.4; cluster 0.0.0.2; neighbor 10.0.6.7; } group RR { type internal; multihop; local-address 10.0.3.4; neighbor 10.0.3.2; neighbor 10.0.6.6; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 -----------interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 {
family inet { address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.6; cluster 0.0.0.3; neighbor 10.0.6.8; } group RR { type internal; multihop; local-address 10.0.6.6; neighbor 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } Page 6 of 20
PE-SBY-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SMG-1 ------------interfaces { em1 { unit 0 {
family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }
IBGP Confideration Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. Step: 1. 2. 3. 4. 5.
IGP sudah ada (ISIS) Tentukan AS primary misal 65212 Tentukan AS confideration ditiap domain Dalam satu domain harus menggunakan IBGP Antar domain harus logical full mesh dng menggunakan EBGP Page 7 of 20
6.
Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
PE-MDN-1 -------------interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } }
} } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } Page 8 of 20
em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.2; neighbor 10.0.3.1; neighbor 10.0.3.3; } group 65212 { type external; multihop; local-address 10.0.3.2; neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf {
from protocol bgp; then accept; } } RR-JKT-2 ------------interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 65003 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.3; neighbor 10.0.3.1; neighbor 10.0.3.2; } group 65212 { type external; multihop; local-address 10.0.3.3; Page 9 of 20
neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 -----------interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; }
} } } routing-options { autonomous-system 65002; confederation 65212 members [ 65001 65002 65000 ]; } protocols { bgp { group 65002 { type internal; neighbor 10.0.6.7; } group 65212 { type external; multihop; local-address 10.0.3.4; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.6.6 { peer-as 65001; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }
PE-JKT-4 ------------interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet { Page 10 of 20
interface lo0.0 { level 1 disable; }
address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.6; neighbor 10.0.6.8; } group 65212 { type external; multihop; local-address 10.0.6.6; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; }
} } PE-SBY-1 ------------interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } Page 11 of 20
} PE-SMG-1 ------------interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } Untuk memastikan gunakan show bgp summary melihat summary bgp show route receive-protocol bgp (neighbor) melihat route bgp yang diterima dari peer neighbornya
show route protocol bgp melihat semua route bgp
Export-import BGP
Export BGP policy disisi outbound trafik keluar contoh : advertise route via BGP root@PE-SBY-1# show policy-options policy-statement bgp-export { from protocol static; then accept; } root@PE-SBY-1# show protocols bgp { group cluster-0002 { type internal; local-address 10.0.6.7; export bgp-export; neighbor 10.0.3.4; } } Import BGP policy disisi inbound trafik datang contoh: bloking prefix, as path policy-statement bgp-import { term 1 { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then reject; } term last { then accept; Page 12 of 20
} }
fxp1.6/6 172.168.4.1/30
group RR { type internal; local-address 10.0.3.2; import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; }
Fxp4.7/7 172.168.4.5/30
c2
c1
fxp1.2/2 172.168.1.5/30
fxp2.3/3 172.168.1.10/30
Install Community bgp Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24
untuk memastikan : how route advertising-protocol bgp (neighbor) extensive
Fxp3.7/7 172.168.4.6/30
AS 1946
AS 1945
}
root@PE-SMG-1# show policy-options policy-statement community { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then { community add c-65111:200; accept; } } community c-65111:200 members 65111:200;
Fxp2.6/6 172.168.4.2/30
fxp3.3/3 172.168.1.9/30
t1
fxp2.2/2 172.168.1.6/30
r1
AS 2009 r1 r2 c1 c2 p1 t1
lo0.1 192.168.1.1 lo0.2 192.168.1.2 lo0.3 192.168.1.3 lo0.4192.168.1.4 lo0.5 192.168.1.5 lo0.6 10.10.10.1
fxp2.1/1 172.168.1.2/30
fxp1.1/1 172.168.1.1/30
fxp1.4/4 172.168.2.2/30
fxp2.4/4 172.168.2.1/30
p1
r2 fxp3.5/5 172.168.3.5/30
fxp4.5/5 172.168.3.6/30
AS 1982 Case: Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer.
Customer
LoadbalanceEBGP ada2: 1. 2.
Multihop based on local address Multipath based on Link layer
Case: Load balance antara r2 dng p1 Step1 konfigurasi static route between r2 and p1 pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options policy-statement load-balance { then { load-balance per-packet; } } lab# show routing-options static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { Page 13 of 20
export load-balance; } Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance lab# run show route 192.168.1.5/32 *[Static/5] 00:23:52 to 172.168.2.1 via fxp1.4 to 172.168.3.6 via fxp3.5 lab# run show route forwarding-table 192.168.1.5/32 user 1 ulst 131070 2 172.168.2.1 ucst 495 2 fxp1.4 172.168.3.6 ucst 490 2 fxp3.5 Step 2 Konfigurasi multihop di P1 dan r2 Di P1 lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } Di r2 lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } Untuk verifikasi: lab# run show bgp neighbor 192.168.1.5 logical-router r2 Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Type: External State: Established Flags: Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh> Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Number of flaps: 0 Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0 NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0 Last traffic (seconds): Received 23 Sent 23 Checked 23 Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 23 Updates 0 Refreshes 0 Octets 463
Output Queue[0]: 0
Load balance antara r1 dng c1 dan c2 Konfigurasi di c1 lab# show protocols bgp group 1945 { type external; neighbor 172.168.1.9 { peer-as 2009; } } Konfigurasi di c2 lab# show protocols bgp group external { type external; neighbor 172.168.1.6 { peer-as 2009; } } Konfigurasi di r1 dng menggunakan multipath lab# show protocols bgp group external { type external; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } lab# run show bgp neighbor 172.168.1.5 Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 Type: External State: Established Flags: <Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: Holdtime: 90 Preference: 170 Number of flaps: 0 Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 1 Local Interface: fxp2.2 NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Advertised prefixes: 0 Last traffic (seconds): Received 10 Sent 10 Checked 10 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121 Output Queue[0]: 0
Pa g e 14 of 20
Modifiying BGP attribute
For example on OSPF configuration
Case: 1. advertise IP loopback c1 shg p1 bisa ping ip tersebut
Protocol OSPF
di c1 lab# show policy-options policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } lab# show protocols bgp group 1945 { type external; export loopback; neighbor 172.168.1.9 { peer-as 2009; } }
I. Logical Router
Configure R1 lab# top edit logical-routers R1 lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 lab# set protocols ospf area 0 interface fxp0.0 lab# set protocols ospf area 0 interface lo0.0 passive
configure R2 lab# top edit logical-routers R2 lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor lab # run show ospf interface
BGP attribute ----------------Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh lab# run show route protocol bgp terse inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
vlan
Sub interface dari interface
Configure logical router R1 lab@lab # set logical-routers R1 Entering config logical-router lab@lab # edit logical-routers r1
A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Origin bisa dimanipulasi menjadi incomplete, egp dll Untuk incomplete disimbolkan ?
Pa g e 15 of 20
Di c2 -------policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin incomplete; accept; } } term 2 { then reject; } } Untuk mengubah ke egp spt dibawah ini: policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin egp; accept; } } term 2 { then reject; } }
Hasilnya bisa dilihat di r1 lab# run show route protocol bgp terse logical-router r1 inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I As-path Jalur yang telah dipilih oleh suatu route didalam BGP Di c2 policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact;
} then { as-path-prepend "1947 1947"; accept; } } term 2 { then reject; } }
lab# run show route protocol bgp terse logical-router r1 inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I Pastikan jalur route sudah benar melalui c1 dari p1 lab# run traceroute 10.10.10.1 traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms
Next-hop IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator ) EBGP – EBGP EBGP – IBGP IBGP – IBGP
Local preference hanya terjadi di IBGP Contoh ubah local preference untuk route 10.10.10.1 di local as policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } then accept; } term 3 { from {
Pa g e 16 of 20
protocol bgp; route-filter 10.10.10.1/32 exact; } then { local-preference 150; } } then accept; } Untuk verifikasi lab# run show route 10.10.10.1 detail inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) 10.10.10.1/32 (1 entry, 1 announced) *BGP Preference: 170/-151 Next-hop reference count: 17 Source: 192.168.1.1 Next hop: 172.168.1.1 via fxp2.1, selected Protocol next hop: 192.168.1.1 Indirect next hop: 8683198 131072 State: Local AS: 2009 Peer AS: 2009 Age: 1:28 Metric2: 1 Task: BGP_2009.192.168.1.1+179 Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 AS path: 1946 I Localpref: 150 Router ID: 192.168.1.1 Multiple Exit Discriminator ---------------------------------
Community route yang telah di tag misal 65000:1100
Lampiran Di r1 interfaces { fxp1 { unit 1 { vlan-id 1; family inet { address 172.168.1.1/30; } } } fxp2 { unit 2 { vlan-id 2; family inet { address 172.168.1.6/30; } } } fxp3 { unit 3 { vlan-id 3; family inet {
address 172.168.1.9/30; } } } lo0 { unit 1 { family inet { address 192.168.1.1/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.1; export resolve; neighbor 192.168.1.2; } group external { type external; export direct; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } } ospf { area 0.0.0.0 { interface fxp1.1; interface lo0.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.1.0/30 exact; } then accept; } term 2 { from { protocol bgp; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } }
Pa g e 17 of 20
policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } } then accept; } } routing-options { autonomous-system 2009; } Di r2 interfaces { fxp1 { unit 4 { vlan-id 4; family inet { address 172.168.2.2/30; } } } fxp2 { unit 1 { vlan-id 1; family inet { address 172.168.1.2/30; } } } fxp3 { unit 5 { vlan-id 5; family inet { address 172.168.3.5/30; } } } lo0 { unit 2 { family inet { address 192.168.1.2/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.2; export direct;
neighbor 192.168.1.1; } group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } } ospf { area 0.0.0.0 { interface lo0.2; interface fxp2.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } } policy-statement load-balance { then { load-balance per-packet; } } } routing-options { static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { export load-balance; } } Di p1 interfaces { fxp2 { unit 4 { vlan-id 4; family inet { address 172.168.2.1/30; } } } fxp4 { unit 5 {
Pa g e 18 of 20
vlan-id 5; family inet { address 172.168.3.6/30; } } } lo0 { unit 5 { family inet { address 192.168.1.5/32; } } } } protocols { bgp { group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } } } routing-options { static { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; } autonomous-system 1982; }
Di c1 interfaces { fxp1 { unit 6 { vlan-id 6; family inet { address 172.168.4.1/30; } } } fxp4 { unit 3 { vlan-id 3; family inet { address 172.168.1.10/30; } } } lo0 { unit 3 { family inet { address 192.168.1.3/32; } } } }
protocols { bgp { group external { type external; neighbor 172.168.1.9 { peer-as 2009; } neighbor 172.168.4.2 { peer-as 1946; } } } } policy-options { policy-statement static { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } } routing-options { autonomous-system 1945; } Di c2 interfaces { fxp1 { unit 2 { vlan-id 2; family inet { address 172.168.1.5/30; } } } fxp2 { unit 6 { vlan-id 6; family inet { address 172.168.4.2/30; } } } fxp3 { unit 7 { vlan-id 7; family inet { address 172.168.4.6/30; } } } lo0 { unit 4 { family inet {
Pa g e 19 of 20
address 192.168.1.4/32; } } } } protocols { bgp { group external { type external; export static; neighbor 172.168.1.6 { peer-as 2009; } } group 1945 { type external; export static1; neighbor 172.168.4.1 { peer-as 1945; } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; }
unit 7 { vlan-id 7; family inet { address 172.168.4.5/30; } } } lo0 { unit 6 { family inet { address 10.10.10.1/32; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.168.4.6; } }
interfaces { fxp4 {
Pa g e 20 of 20
show logging log system à lab > show log messages log with 100 lines latest à lab > show log messages | last 100 log hardware à lab > show log chassis log user à lab > show system users Hierarchial configuration Entering lab config à lab# edit system login user lab Entering upper config à lab# up Entering top configuration à lab# top B. Initial System configuration Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge terminal relative= copy paste config sebagian
Delete everything under this level? [yes,no] (no) yes lab# load override terminal copy paste configuration here finished using enter and ctrl+d keys lab# load merge terminal relative copy paste configuration here finished using enter and ctrl+d keys lab# commit check lab# commit lab# run show interfaces terse Interface Admin Link Proto Local dsc up up fxp0 up up fxp0.0 up up inet 192.168.1.123/24 fxp1 up up fxp1.1 up up inet 172.168.1.1/30 fxp1.2 up up inet 172.168.2.1/30 fxp2 up up fxp2.1 up up inet 172.168.1.2/30 fxp2.2 up up inet 172.168.2.2/30 fxp3 up up fxp4 up up fxp4.1 up up inet 10.10.10.1/30
Remote
Configure R1 lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 Configure R2 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 Configure R3 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 How to check R1 to R2 lab# run ping 172.168.1.2 R2 to R1 lab# run ping 172.168.1.1 R2 to R3 lab# run ping 172.168.2.2 R3 to R2 lab# run ping 172.168.2.1
rapid count 1000 rapid count 1000 rapid count 1000 rapid count 1000
noted: assure that there isn’t connectivity between R1 and R3 lab# delete This will delete the entire configuration
C. Static Routing Page 1 of 20
Routing permanent, manual, metric/preference=5, mengenal source dan gateway. Key : next-hop: gateway untuk network. Configure R1 lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 Configure R3 lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 How to check on R1 lab# run ping 172.168.1.1 lab# run ping 172.168.2.2 lab# run show route E. OSPF Protocol Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area
R2 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router R2 à assure connection is failed R3 lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi lab# run show ospf neighbor logical-router Rx à assure connection is success Applying policy R1 lab# set routing-options static route 10.10.1.0/24 reject lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export lab# run show route protocol ospf à assure R3 receive route from R1
F. ISIS Protocol Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2
Configure R1 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0
configure R2 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.0 Configure R3 lab# set protocols ospf area 0 interface fxp0.0 how to check lab# run show ospf interface lab# run show ospf neighbor lab# run show route lab# run ping 172.168.1.2 (from lab# run ping 172.168.1.1 (from lab# run ping 172.168.2.2 (from lab# run ping 172.168.2.1 (from
R1 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive R2 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface fxp1.0 level 1 disable lab # set protocols isis interface lo0.0 passive
R1) R2) R2) R3)
Applying authentication R1 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed
R3 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive lab# run show route protocol isis à assure R3 receive route from R1
Page 2 of 20
G. IBGP AS number sama, routing table scalable, Multiservice.
Lab # set Lab # set Lab # set Lab # set Lab # set
routing-options autonomous-system 65002 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003 protocols bgp group ibgp local-address 192.168.1.2
R3 Lab # set Lab # set Lab # set Lab # set Lab # set
routing-options autonomous-system 65003 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.2 protocols bgp group ibgp peer-as 65002 protocols bgp group ibgp local-address 192.168.1.3
Assure: Lab # run show bgp summary
IBGP Route Reflection R1 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.1 R2 Lab # set Lab # set Lab # set Lab # set
Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Step: 1. IGP (ISIS) sudah ada 2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP 4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
routing-options autonomous-system 65000 protocols bgp group ibgp type internal neighbor 192.168.1.1 protocols bgp group ibgp neighbor 192.168.1.3 protocols bgp group ibgp local-address 192.168.1.2
R3 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp local-address 192.168.1.3
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.6.6 10.0.6.7 10.0.6.8
em1/9 172.16.10.1/30
em3/4 172.16.2.5/30
em1/1 172.16.1.1/30 em2/2 172.16.1.5/30
PE-SBY-1
em1/4 172.16.2.6/30
em1/1 172.16.1.2/30
PE-MDN-1 RR-JKT-1 RR-JKT-2 RR-JKT-3 PE-JKT-4 PE-SBY-1 PE-SMG-1
RR-JKT-3
RR-JKT-1
PE-MDN-1
Assure: Lab # run show bgp summary
H. EBGP AS number berbeda, routing table scalable, Multiservice.
Cluster 0.0.0.2
Cluster 0.0.0.1
em2/9 172.16.10.2/30 em3/7 172.16.2.10/30
em2/3 172.16.1.10/30
em3/6 172.16.2.18/30
em1/8 172.16.10.6/30
em1/6 172.16.2.17/30
RR-JKT-2
em2/5 172.16.2.6/30
em2/7 172.16.2.9/30
em1/3 172.16.1.9/30 em2/2 172.16.1.6/30
em2/5 172.16.2.5/30
em3/8 172.16.10.5/30
PE-JKT-4
PE-SMG-1
Cluster 0.0.0.3 R1 Lab # set Lab # set Lab # set Lab # set Lab # set R2
routing-options autonomous-system 65001 protocols bgp group ibgp peer-as 65002 protocols bgp group ibgp multihop protocols bgp group ibgp type internal neighbor 192.168.1.2 protocols bgp group ibgp local-address 192.168.1.1
PE-MDN-1 -------------interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; Page 3 of 20
} family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } } } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65212; } protocols { bgp { export static; group cluster-0001 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } }
RR-JKT-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.2; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.3; } group RR { type internal; local-address 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; Page 4 of 20
} interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf { from protocol bgp; then accept; } } RR-JKT-2 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65212; }
protocols { bgp { group cluster-0001 { type internal; local-address 10.0.3.3; cluster 0.0.0.1; neighbor 10.0.3.1; neighbor 10.0.3.2; } group RR { type internal; multihop; local-address 10.0.3.3; neighbor 10.0.3.4; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 ------------interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } Page 5 of 20
lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.3.4; cluster 0.0.0.2; neighbor 10.0.6.7; } group RR { type internal; multihop; local-address 10.0.3.4; neighbor 10.0.3.2; neighbor 10.0.6.6; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-JKT-4 -----------interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 {
family inet { address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.6; cluster 0.0.0.3; neighbor 10.0.6.8; } group RR { type internal; multihop; local-address 10.0.6.6; neighbor 10.0.3.2; neighbor 10.0.3.4; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } Page 6 of 20
PE-SBY-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } PE-SMG-1 ------------interfaces { em1 { unit 0 {
family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65212; } protocols { bgp { group cluster-0003 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }
IBGP Confideration Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. Step: 1. 2. 3. 4. 5.
IGP sudah ada (ISIS) Tentukan AS primary misal 65212 Tentukan AS confideration ditiap domain Dalam satu domain harus menggunakan IBGP Antar domain harus logical full mesh dng menggunakan EBGP Page 7 of 20
6.
Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
PE-MDN-1 -------------interfaces { em1 { unit 0 { family inet { address 172.16.1.2/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.1/32; } family iso { address 49.0001.0010.0000.0301.00; } }
} } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement static { from protocol static; then accept; } } RR-JKT-1 -----------interfaces { em1 { unit 0 { family inet { address 172.16.1.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.10/30; } family iso; } } Page 8 of 20
em3 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.2/32; } family iso { address 49.0001.0010.0000.0302.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.2; neighbor 10.0.3.1; neighbor 10.0.3.3; } group 65212 { type external; multihop; local-address 10.0.3.2; neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } policy-options { policy-statement bgp-vrf {
from protocol bgp; then accept; } } RR-JKT-2 ------------interfaces { em1 { unit 0 { family inet { address 172.16.1.9/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.1.6/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.18/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.3/32; } family iso { address 49.0001.0010.0000.0303.00; } } } } routing-options { autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 65003 ]; } protocols { bgp { group 65000 { type internal; local-address 10.0.3.3; neighbor 10.0.3.1; neighbor 10.0.3.2; } group 65212 { type external; multihop; local-address 10.0.3.3; Page 9 of 20
neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.6.6 { peer-as 65001; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } RR-JKT-3 -----------interfaces { em1 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.10.2/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.2.10/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.3.4/32; } family iso { address 49.0001.0010.0000.0304.00; }
} } } routing-options { autonomous-system 65002; confederation 65212 members [ 65001 65002 65000 ]; } protocols { bgp { group 65002 { type internal; neighbor 10.0.6.7; } group 65212 { type external; multihop; local-address 10.0.3.4; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.6.6 { peer-as 65001; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } }
PE-JKT-4 ------------interfaces { em1 { unit 0 { family inet { address 172.16.2.17/30; } family iso; } } em2 { unit 0 { family inet { Page 10 of 20
interface lo0.0 { level 1 disable; }
address 172.16.2.9/30; } family iso; } } em3 { unit 0 { family inet { address 172.16.10.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.6/32; } family iso { address 49.0001.0010.0000.0606.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.6; neighbor 10.0.6.8; } group 65212 { type external; multihop; local-address 10.0.6.6; neighbor 10.0.3.2 { peer-as 65000; } neighbor 10.0.3.4 { peer-as 65002; } neighbor 10.0.3.3 { peer-as 65000; } } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface em3.0 { level 1 disable; }
} } PE-SBY-1 ------------interfaces { em1 { unit 0 { family inet { address 172.16.10.1/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.5/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.7/32; } family iso { address 49.0001.0010.0000.0607.00; } } } } routing-options { autonomous-system 65002; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65002 { type internal; local-address 10.0.6.7; neighbor 10.0.3.4; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } Page 11 of 20
} PE-SMG-1 ------------interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { group 65001 { type internal; local-address 10.0.6.8; neighbor 10.0.6.6; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } } Untuk memastikan gunakan show bgp summary melihat summary bgp show route receive-protocol bgp (neighbor) melihat route bgp yang diterima dari peer neighbornya
show route protocol bgp melihat semua route bgp
Export-import BGP
Export BGP policy disisi outbound trafik keluar contoh : advertise route via BGP root@PE-SBY-1# show policy-options policy-statement bgp-export { from protocol static; then accept; } root@PE-SBY-1# show protocols bgp { group cluster-0002 { type internal; local-address 10.0.6.7; export bgp-export; neighbor 10.0.3.4; } } Import BGP policy disisi inbound trafik datang contoh: bloking prefix, as path policy-statement bgp-import { term 1 { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then reject; } term last { then accept; Page 12 of 20
} }
fxp1.6/6 172.168.4.1/30
group RR { type internal; local-address 10.0.3.2; import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; }
Fxp4.7/7 172.168.4.5/30
c2
c1
fxp1.2/2 172.168.1.5/30
fxp2.3/3 172.168.1.10/30
Install Community bgp Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24
untuk memastikan : how route advertising-protocol bgp (neighbor) extensive
Fxp3.7/7 172.168.4.6/30
AS 1946
AS 1945
}
root@PE-SMG-1# show policy-options policy-statement community { from { protocol bgp; route-filter 150.0.0.0/24 exact; } then { community add c-65111:200; accept; } } community c-65111:200 members 65111:200;
Fxp2.6/6 172.168.4.2/30
fxp3.3/3 172.168.1.9/30
t1
fxp2.2/2 172.168.1.6/30
r1
AS 2009 r1 r2 c1 c2 p1 t1
lo0.1 192.168.1.1 lo0.2 192.168.1.2 lo0.3 192.168.1.3 lo0.4192.168.1.4 lo0.5 192.168.1.5 lo0.6 10.10.10.1
fxp2.1/1 172.168.1.2/30
fxp1.1/1 172.168.1.1/30
fxp1.4/4 172.168.2.2/30
fxp2.4/4 172.168.2.1/30
p1
r2 fxp3.5/5 172.168.3.5/30
fxp4.5/5 172.168.3.6/30
AS 1982 Case: Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer.
Customer
LoadbalanceEBGP ada2: 1. 2.
Multihop based on local address Multipath based on Link layer
Case: Load balance antara r2 dng p1 Step1 konfigurasi static route between r2 and p1 pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options policy-statement load-balance { then { load-balance per-packet; } } lab# show routing-options static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { Page 13 of 20
export load-balance; } Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance lab# run show route 192.168.1.5/32 *[Static/5] 00:23:52 to 172.168.2.1 via fxp1.4 to 172.168.3.6 via fxp3.5 lab# run show route forwarding-table 192.168.1.5/32 user 1 ulst 131070 2 172.168.2.1 ucst 495 2 fxp1.4 172.168.3.6 ucst 490 2 fxp3.5 Step 2 Konfigurasi multihop di P1 dan r2 Di P1 lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } Di r2 lab# show protocols bgp group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } Untuk verifikasi: lab# run show bgp neighbor 192.168.1.5 logical-router r2 Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Type: External State: Established Flags:
Output Queue[0]: 0
Load balance antara r1 dng c1 dan c2 Konfigurasi di c1 lab# show protocols bgp group 1945 { type external; neighbor 172.168.1.9 { peer-as 2009; } } Konfigurasi di c2 lab# show protocols bgp group external { type external; neighbor 172.168.1.6 { peer-as 2009; } } Konfigurasi di r1 dng menggunakan multipath lab# show protocols bgp group external { type external; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } lab# run show bgp neighbor 172.168.1.5 Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 Type: External State: Established Flags: <Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options:
Pa g e 14 of 20
Modifiying BGP attribute
For example on OSPF configuration
Case: 1. advertise IP loopback c1 shg p1 bisa ping ip tersebut
Protocol OSPF
di c1 lab# show policy-options policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } lab# show protocols bgp group 1945 { type external; export loopback; neighbor 172.168.1.9 { peer-as 2009; } }
I. Logical Router
Configure R1 lab# top edit logical-routers R1 lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 lab# set protocols ospf area 0 interface fxp0.0 lab# set protocols ospf area 0 interface lo0.0 passive
configure R2 lab# top edit logical-routers R2 lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor lab # run show ospf interface
BGP attribute ----------------Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh lab# run show route protocol bgp terse inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
vlan
Sub interface dari interface
Configure logical router R1 lab@lab # set logical-routers R1 Entering config logical-router lab@lab # edit logical-routers r1
A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Origin bisa dimanipulasi menjadi incomplete, egp dll Untuk incomplete disimbolkan ?
Pa g e 15 of 20
Di c2 -------policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin incomplete; accept; } } term 2 { then reject; } } Untuk mengubah ke egp spt dibawah ini: policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { origin egp; accept; } } term 2 { then reject; } }
Hasilnya bisa dilihat di r1 lab# run show route protocol bgp terse logical-router r1 inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I As-path Jalur yang telah dipilih oleh suatu route didalam BGP Di c2 policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact;
} then { as-path-prepend "1947 1947"; accept; } } term 2 { then reject; } }
lab# run show route protocol bgp terse logical-router r1 inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I Pastikan jalur route sudah benar melalui c1 dari p1 lab# run traceroute 10.10.10.1 traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms
Next-hop IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator ) EBGP – EBGP EBGP – IBGP IBGP – IBGP
Local preference hanya terjadi di IBGP Contoh ubah local preference untuk route 10.10.10.1 di local as policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } then accept; } term 3 { from {
Pa g e 16 of 20
protocol bgp; route-filter 10.10.10.1/32 exact; } then { local-preference 150; } } then accept; } Untuk verifikasi lab# run show route 10.10.10.1 detail inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) 10.10.10.1/32 (1 entry, 1 announced) *BGP Preference: 170/-151 Next-hop reference count: 17 Source: 192.168.1.1 Next hop: 172.168.1.1 via fxp2.1, selected Protocol next hop: 192.168.1.1 Indirect next hop: 8683198 131072 State:
Community route yang telah di tag misal 65000:1100
Lampiran Di r1 interfaces { fxp1 { unit 1 { vlan-id 1; family inet { address 172.168.1.1/30; } } } fxp2 { unit 2 { vlan-id 2; family inet { address 172.168.1.6/30; } } } fxp3 { unit 3 { vlan-id 3; family inet {
address 172.168.1.9/30; } } } lo0 { unit 1 { family inet { address 192.168.1.1/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.1; export resolve; neighbor 192.168.1.2; } group external { type external; export direct; multipath; neighbor 172.168.1.10 { peer-as 1945; } neighbor 172.168.1.5 { peer-as 1946; } } } ospf { area 0.0.0.0 { interface fxp1.1; interface lo0.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.1.0/30 exact; } then accept; } term 2 { from { protocol bgp; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } }
Pa g e 17 of 20
policy-statement resolve { term 1 { from protocol bgp; then { next-hop self; } } term 2 { from { protocol direct; route-filter 172.168.1.4/30 exact; } } then accept; } } routing-options { autonomous-system 2009; } Di r2 interfaces { fxp1 { unit 4 { vlan-id 4; family inet { address 172.168.2.2/30; } } } fxp2 { unit 1 { vlan-id 1; family inet { address 172.168.1.2/30; } } } fxp3 { unit 5 { vlan-id 5; family inet { address 172.168.3.5/30; } } } lo0 { unit 2 { family inet { address 192.168.1.2/32; } } } } protocols { bgp { group internal { type internal; local-address 192.168.1.2; export direct;
neighbor 192.168.1.1; } group 1982 { type external; multihop; local-address 192.168.1.2; neighbor 192.168.1.5 { peer-as 1982; } } } ospf { area 0.0.0.0 { interface lo0.2; interface fxp2.1; } } } policy-options { policy-statement direct { term 1 { from { protocol direct; route-filter 172.168.2.0/30 exact; route-filter 172.168.3.4/30 exact; } then accept; } term last { then reject; } } policy-statement load-balance { then { load-balance per-packet; } } } routing-options { static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { export load-balance; } } Di p1 interfaces { fxp2 { unit 4 { vlan-id 4; family inet { address 172.168.2.1/30; } } } fxp4 { unit 5 {
Pa g e 18 of 20
vlan-id 5; family inet { address 172.168.3.6/30; } } } lo0 { unit 5 { family inet { address 192.168.1.5/32; } } } } protocols { bgp { group 1982 { type external; multihop; local-address 192.168.1.5; neighbor 192.168.1.2 { peer-as 2009; } } } } routing-options { static { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; } autonomous-system 1982; }
Di c1 interfaces { fxp1 { unit 6 { vlan-id 6; family inet { address 172.168.4.1/30; } } } fxp4 { unit 3 { vlan-id 3; family inet { address 172.168.1.10/30; } } } lo0 { unit 3 { family inet { address 192.168.1.3/32; } } } }
protocols { bgp { group external { type external; neighbor 172.168.1.9 { peer-as 2009; } neighbor 172.168.4.2 { peer-as 1946; } } } } policy-options { policy-statement static { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } } routing-options { autonomous-system 1945; } Di c2 interfaces { fxp1 { unit 2 { vlan-id 2; family inet { address 172.168.1.5/30; } } } fxp2 { unit 6 { vlan-id 6; family inet { address 172.168.4.2/30; } } } fxp3 { unit 7 { vlan-id 7; family inet { address 172.168.4.6/30; } } } lo0 { unit 4 { family inet {
Pa g e 19 of 20
address 192.168.1.4/32; } } } } protocols { bgp { group external { type external; export static; neighbor 172.168.1.6 { peer-as 2009; } } group 1945 { type external; export static1; neighbor 172.168.4.1 { peer-as 1945; } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; }
unit 7 { vlan-id 7; family inet { address 172.168.4.5/30; } } } lo0 { unit 6 { family inet { address 10.10.10.1/32; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.168.4.6; } }
interfaces { fxp4 {
Pa g e 20 of 20
Related Documents
Lab Bgp Juniper
July 2020 0
Lab Bgp Cisco
July 2020 1
Bgp
December 2019 123
Bgp
June 2020 85
Bgp
May 2020 101