SlideShare a Scribd company logo

23769377 lab-bgp-juniper

C
cavang_3004

The document provides instructions for configuring routing protocols on Juniper routers including static routing, OSPF, IS-IS, IBGP, EBGP, and route reflection. It discusses configuring interfaces, routing tables, authentication, and policies. Example configurations are provided for static routing between routers R1-R3, OSPF routing between areas on routers R1-R3, IS-IS routing between routers R1-R2-R3, IBGP routing in an AS between routers R1-R2-R3, and EBGP routing between route reflectors in different clusters. The document is intended as a lab guide for hands-on configuration of routing protocols on Juniper routers.

1 of 20
Download to read offline
A. Introduction: Delete everything under this level? [yes,no] (no) yes lab# load override terminal Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. copy paste configuration here Rollback = memanggil konfigurasi sebelumnya. finished using enter and ctrl+d keys lab# load merge terminal relative Command Line interface Review copy paste configuration here Exec mode: finished using enter and ctrl+d keys ------------- lab# commit check Amnesiac (ttyd0) lab# commit login: root Password: lab# run show interfaces terse --- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC Interface Admin Link Proto Local Remote root@% cli dsc up up root> fxp0 up up fxp0.0 up up inet 192.168.1.123/24 Configuration Mode: fxp1 up up -------------------------- fxp1.1 up up inet 172.168.1.1/30 root> configure fxp1.2 up up inet 172.168.2.1/30 Entering configuration mode fxp2 up up fxp2.1 up up inet 172.168.1.2/30 [edit] fxp2.2 up up inet 172.168.2.2/30 root# fxp3 up up fxp4 up up Create User à root# set system login user lab class super-user authentication plain-text-password fxp4.1 up up inet 10.10.10.1/30 Check configuration à root# show | compare root# commit check Save config and execute à root# commit (save for 2 minutes only à root# commit confirmed 2 ) (backup config using name conf1 à root# save conf1) Setting hostnamne à lab # set system host-nam e juniper-lab lab# commit Rollback à lab# show | compare rollback 1 lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0) Show configuration Simple à lab# show or lab > show configuration continuously à lab# show | no-more match certain word à lab > show configuration | match interface Configure R1 find certain word and later à lab > show configuration | find interface lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 set configuration à lab > show configuration | display set Configure R2 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 show logging lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 log system à lab > show log messages log with 100 lines latest à lab > show log messages | last 100 Configure R3 log hardware à lab > show log chassis lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 log user à lab > show system users How to check Hierarchial configuration R1 to R2 Entering lab config à lab# edit system login user lab lab# run ping 172.168.1.2 rapid count 1000 Entering upper config à lab# up R2 to R1 Entering top configuration à lab# top lab# run ping 172.168.1.1 rapid count 1000 R2 to R3 B. Initial System configuration lab# run ping 172.168.2.2 rapid count 1000 R3 to R2 Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge lab# run ping 172.168.2.1 rapid count 1000 terminal relative= copy paste config sebagian noted: assure that there isn’t connectivity between R1 and R3 lab# delete This will delete the entire configuration C. Static Routing Page 1 of 20
R2 Routing permanent, manual, metric/preference=5, mengenal source dan gateway. lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi Key : next-hop: gateway untuk network. lab# run show ospf neighbor logical-router R2 à assure connection is failed Configure R1 lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 R3 lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi Configure R3 lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 lab# run show ospf neighbor logical-router Rx à assure connection is success How to check on R1 Applying policy lab# run ping 172.168.1.1 R1 lab# run ping 172.168.2.2 lab# set routing-options static route 10.10.1.0/24 reject lab# run show route lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject E. OSPF Protocol lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export lab# run show route protocol ospf à assure R3 receive route from R1 F. ISIS Protocol Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2 Configure R1 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0 configure R2 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 R1 lab# set protocols ospf area 0 interface lo0.0 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable Configure R3 lab # set protocols isis interface lo0.0 passive lab# set protocols ospf area 0 interface fxp0.0 R2 how to check lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab# run show ospf interface lab # set protocols isis interface fxp0.0 level 1 disable lab# run show ospf neighbor lab # set protocols isis interface fxp1.0 level 1 disable lab# run show route lab # set protocols isis interface lo0.0 passive lab# run ping 172.168.1.2 (from R1) lab# run ping 172.168.1.1 (from R2) R3 lab# run ping 172.168.2.2 (from R2) lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab# run ping 172.168.2.1 (from R3) lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive Applying authentication R1 lab# run show route protocol isis à assure R3 receive route from R1 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed Page 2 of 20
Lab # set routing-options autonomous-system 65002 G. IBGP Lab # set protocols bgp group ibgp multihop AS number sama, routing table scalable, Multiservice. Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003 Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3 Lab # set routing-options autonomous-system 65003 Lab # set protocols bgp group ibgp multihop Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp peer-as 65002 Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure: Lab # run show bgp summary IBGP Route Reflection R1 Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Lab # set routing-options autonomous-system 65000 Step: Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 1. IGP (ISIS) sudah ada Lab # set protocols bgp group ibgp local-address 192.168.1.1 2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP R2 4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 Cluster 0.0.0.2 Cluster 0.0.0.1 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 Lab # set protocols bgp group ibgp local-address 192.168.1.2 PE-MDN-1 RR-JKT-1 RR-JKT-3 PE-SBY-1 R3 Lab # set routing-options autonomous-system 65000 em1/9 em1/1 em1/4 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 172.16.1.2/30 172.16.2.6/30 172.16.10.1/30 Lab # set protocols bgp group ibgp local-address 192.168.1.3 em1/1 em3/4 em2/9 172.16.1.1/30 172.16.2.5/30 172.16.10.2/30 Assure: em2/2 em2/3 em3/7 172.16.1.5/30 172.16.2.10/30 em2/5 Lab # run show bgp summary 172.16.1.10/30 172.16.2.5/30 H. EBGP AS number berbeda, routing table scalable, Multiservice. PE-MDN-1 10.0.3.1 RR-JKT-1 10.0.3.2 em1/3 em2/7 em2/5 RR-JKT-2 10.0.3.3 172.16.1.9/30 172.16.2.9/30 172.16.2.6/30 RR-JKT-3 10.0.3.4 em3/6 PE-JKT-4 10.0.6.6 em1/8 em2/2 172.16.2.18/30 PE-SBY-1 10.0.6.7 172.16.10.6/30 PE-SMG-1 10.0.6.8 172.16.1.6/30 em1/6 em3/8 172.16.2.17/30 172.16.10.5/30 RR-JKT-2 PE-JKT-4 PE-SMG-1 Cluster 0.0.0.3 R1 Lab # set routing-options autonomous-system 65001 Lab # set protocols bgp group ibgp peer-as 65002 PE-MDN-1 Lab # set protocols bgp group ibgp multihop -------------- Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 interfaces { Lab # set protocols bgp group ibgp local-address 192.168.1.1 em1 { unit 0 { R2 family inet { address 172.16.1.2/30; Page 3 of 20
} RR-JKT-1 family iso; ------------ } interfaces { } em1 { em2 { unit 0 { unit 0 { family inet { family inet { address 172.16.1.1/30; address 172.16.1.5/30; } } family iso; family iso; } } } } em2 { lo0 { unit 0 { unit 0 { family inet { family inet { address 172.16.1.10/30; address 10.0.3.1/32; } } family iso; family iso { } address 49.0001.0010.0000.0301.00; } } em3 { } unit 0 { } family inet { } address 172.16.2.5/30; routing-options { } static { family iso; route 100.100.1.0/24 reject; } route 100.100.2.0/24 reject; } route 100.100.3.0/24 reject; lo0 { } unit 0 { autonomous-system 65212; family inet { } address 10.0.3.2/32; protocols { } bgp { family iso { export static; address 49.0001.0010.0000.0302.00; group cluster-0001 { } type internal; } local-address 10.0.3.1; } neighbor 10.0.3.2; } neighbor 10.0.3.3; routing-options { } autonomous-system 65212; } } isis { protocols { interface em1.0 { bgp { level 1 disable; group cluster-0001 { } type internal; interface em2.0 { local-address 10.0.3.2; level 1 disable; cluster 0.0.0.1; } neighbor 10.0.3.1; interface lo0.0 { neighbor 10.0.3.3; level 1 disable; } } group RR { } type internal; } local-address 10.0.3.2; policy-options { neighbor 10.0.3.4; policy-statement static { neighbor 10.0.6.6; from protocol static; } then accept; } } isis { } interface em1.0 { level 1 disable; Page 4 of 20
} protocols { interface em2.0 { bgp { level 1 disable; group cluster-0001 { } type internal; interface em3.0 { local-address 10.0.3.3; level 1 disable; cluster 0.0.0.1; } neighbor 10.0.3.1; interface lo0.0 { neighbor 10.0.3.2; level 1 disable; } } group RR { } type internal; } multihop; policy-options { local-address 10.0.3.3; policy-statement bgp-vrf { neighbor 10.0.3.4; from protocol bgp; neighbor 10.0.6.6; then accept; } } } } isis { interface em1.0 { RR-JKT-2 level 1 disable; ------------ } interfaces { interface em2.0 { em1 { level 1 disable; unit 0 { } family inet { interface em3.0 { address 172.16.1.9/30; level 1 disable; } } family iso; interface lo0.0 { } level 1 disable; } } em2 { } unit 0 { } family inet { address 172.16.1.6/30; RR-JKT-3 } ------------- family iso; interfaces { } em1 { } unit 0 { em3 { family inet { unit 0 { address 172.16.2.6/30; family inet { } address 172.16.2.18/30; family iso; } } family iso; } } em2 { } unit 0 { lo0 { family inet { unit 0 { address 172.16.10.2/30; family inet { } address 10.0.3.3/32; family iso; } } family iso { } address 49.0001.0010.0000.0303.00; em3 { } unit 0 { } family inet { } address 172.16.2.10/30; } } routing-options { family iso; autonomous-system 65212; } } } Page 5 of 20
lo0 { family inet { unit 0 { address 172.16.2.9/30; family inet { } address 10.0.3.4/32; family iso; } } family iso { } address 49.0001.0010.0000.0304.00; em3 { } unit 0 { } family inet { } address 172.16.10.5/30; } } routing-options { family iso; autonomous-system 65212; } } } protocols { lo0 { bgp { unit 0 { group cluster-0002 { family inet { type internal; address 10.0.6.6/32; local-address 10.0.3.4; } cluster 0.0.0.2; family iso { neighbor 10.0.6.7; address 49.0001.0010.0000.0606.00; } } group RR { } type internal; } multihop; } local-address 10.0.3.4; routing-options { neighbor 10.0.3.2; autonomous-system 65212; neighbor 10.0.6.6; } neighbor 10.0.3.3; protocols { } bgp { } group cluster-0003 { isis { type internal; interface em1.0 { local-address 10.0.6.6; level 1 disable; cluster 0.0.0.3; } neighbor 10.0.6.8; interface em2.0 { } level 1 disable; group RR { } type internal; interface em3.0 { multihop; level 1 disable; local-address 10.0.6.6; } neighbor 10.0.3.2; interface lo0.0 { neighbor 10.0.3.4; level 1 disable; neighbor 10.0.3.3; } } } } } isis { interface em1.0 { PE-JKT-4 level 1 disable; ------------ } interfaces { interface em2.0 { em1 { level 1 disable; unit 0 { } family inet { interface em3.0 { address 172.16.2.17/30; level 1 disable; } } family iso; interface lo0.0 { } level 1 disable; } } em2 { } unit 0 { } Page 6 of 20
family inet { PE-SBY-1 address 172.16.10.6/30; ------------ } interfaces { family iso; em1 { } unit 0 { } family inet { em2 { address 172.16.10.1/30; unit 0 { } family inet { family iso; address 172.16.2.6/30; } } } family iso; em2 { } unit 0 { } family inet { lo0 { address 172.16.2.5/30; unit 0 { } family inet { family iso; address 10.0.6.8/32; } } } family iso { lo0 { address 49.0001.0010.0000.0608.00; unit 0 { } family inet { } address 10.0.6.7/32; } } } family iso { routing-options { address 49.0001.0010.0000.0607.00; autonomous-system 65212; } } } protocols { } bgp { } group cluster-0003 { routing-options { type internal; autonomous-system 65212; local-address 10.0.6.8; } neighbor 10.0.6.6; protocols { } bgp { } group cluster-0002 { isis { type internal; interface em1.0 { local-address 10.0.6.7; level 1 disable; neighbor 10.0.3.4; } } interface em2.0 { } level 1 disable; isis { } interface em1.0 { interface lo0.0 { level 1 disable; level 1 disable; } } interface em2.0 { } level 1 disable; } } interface lo0.0 { level 1 disable; } IBGP Confideration } Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. } Step: PE-SMG-1 1. IGP sudah ada (ISIS) ------------- 2. Tentukan AS primary misal 65212 interfaces { 3. Tentukan AS confideration ditiap domain em1 { 4. Dalam satu domain harus menggunakan IBGP unit 0 { 5. Antar domain harus logical full mesh dng menggunakan EBGP Page 7 of 20
6. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1 } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } PE-MDN-1 } -------------- policy-options { interfaces { policy-statement static { em1 { from protocol static; unit 0 { then accept; family inet { } address 172.16.1.2/30; } } family iso; RR-JKT-1 } ------------ } em2 { interfaces { unit 0 { em1 { family inet { unit 0 { address 172.16.1.5/30; family inet { } address 172.16.1.1/30; family iso; } } family iso; } } lo0 { } unit 0 { em2 { family inet { unit 0 { address 10.0.3.1/32; family inet { } address 172.16.1.10/30; family iso { } address 49.0001.0010.0000.0301.00; family iso; } } } } Page 8 of 20
em3 { from protocol bgp; unit 0 { then accept; family inet { } address 172.16.2.5/30; } } family iso; RR-JKT-2 } ------------- } lo0 { interfaces { unit 0 { em1 { family inet { unit 0 { address 10.0.3.2/32; family inet { } address 172.16.1.9/30; family iso { } address 49.0001.0010.0000.0302.00; family iso; } } } } } em2 { } unit 0 { routing-options { family inet { autonomous-system 65000; address 172.16.1.6/30; confederation 65212 members [ 65000 65001 65002 ]; } } family iso; protocols { } bgp { } group 65000 { em3 { type internal; unit 0 { local-address 10.0.3.2; family inet { neighbor 10.0.3.1; address 172.16.2.18/30; neighbor 10.0.3.3; } } family iso; group 65212 { } type external; } multihop; lo0 { local-address 10.0.3.2; unit 0 { neighbor 10.0.3.4 { family inet { peer-as 65002; address 10.0.3.3/32; } } neighbor 10.0.6.6 { family iso { peer-as 65001; address 49.0001.0010.0000.0303.00; } } } } } } isis { } interface em1.0 { routing-options { level 1 disable; autonomous-system 65000; } confederation 65212 members [ 65000 65001 65002 65003 ]; interface em2.0 { } level 1 disable; protocols { } bgp { interface em3.0 { group 65000 { level 1 disable; type internal; } local-address 10.0.3.3; interface lo0.0 { neighbor 10.0.3.1; level 1 disable; neighbor 10.0.3.2; } } } group 65212 { } type external; policy-options { multihop; policy-statement bgp-vrf { local-address 10.0.3.3; Page 9 of 20
neighbor 10.0.3.4 { } peer-as 65002; } } } neighbor 10.0.6.6 { routing-options { peer-as 65001; autonomous-system 65002; } confederation 65212 members [ 65001 65002 65000 ]; } } } protocols { isis { bgp { interface em1.0 { group 65002 { level 1 disable; type internal; } neighbor 10.0.6.7; interface em2.0 { } level 1 disable; group 65212 { } type external; interface em3.0 { multihop; level 1 disable; local-address 10.0.3.4; } neighbor 10.0.3.2 { interface lo0.0 { peer-as 65000; level 1 disable; } } neighbor 10.0.6.6 { } peer-as 65001; } } neighbor 10.0.3.3 { RR-JKT-3 peer-as 65000; ------------ } } interfaces { } em1 { isis { unit 0 { interface em1.0 { family inet { level 1 disable; address 172.16.2.6/30; } } interface em2.0 { family iso; level 1 disable; } } } interface em3.0 { em2 { level 1 disable; unit 0 { } family inet { interface lo0.0 { address 172.16.10.2/30; level 1 disable; } } family iso; } } } } em3 { unit 0 { PE-JKT-4 family inet { ------------- address 172.16.2.10/30; } interfaces { family iso; em1 { } unit 0 { } family inet { lo0 { address 172.16.2.17/30; unit 0 { } family inet { family iso; address 10.0.3.4/32; } } } family iso { em2 { address 49.0001.0010.0000.0304.00; unit 0 { } family inet { Page 10 of 20
address 172.16.2.9/30; interface lo0.0 { } level 1 disable; family iso; } } } } } em3 { unit 0 { PE-SBY-1 family inet { ------------- address 172.16.10.5/30; } interfaces { family iso; em1 { } unit 0 { } family inet { lo0 { address 172.16.10.1/30; unit 0 { } family inet { family iso; address 10.0.6.6/32; } } } family iso { em2 { address 49.0001.0010.0000.0606.00; unit 0 { } family inet { } address 172.16.2.5/30; } } } family iso; routing-options { } autonomous-system 65001; } confederation 65212 members [ 65000 65001 65002 ]; lo0 { } unit 0 { protocols { family inet { bgp { address 10.0.6.7/32; group 65001 { } type internal; family iso { local-address 10.0.6.6; address 49.0001.0010.0000.0607.00; neighbor 10.0.6.8; } } } group 65212 { } type external; } multihop; routing-options { local-address 10.0.6.6; autonomous-system 65002; neighbor 10.0.3.2 { confederation 65212 members [ 65000 65001 65002 ]; peer-as 65000; } } protocols { neighbor 10.0.3.4 { bgp { peer-as 65002; group 65002 { } type internal; neighbor 10.0.3.3 { local-address 10.0.6.7; peer-as 65000; neighbor 10.0.3.4; } } } } } isis { isis { interface em1.0 { interface em1.0 { level 1 disable; level 1 disable; } } interface em2.0 { interface em2.0 { level 1 disable; level 1 disable; } } interface lo0.0 { interface em3.0 { level 1 disable; level 1 disable; } } } Page 11 of 20
} show route protocol bgp  melihat semua route bgp PE-SMG-1 ------------- Export-import BGP interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; Export BGP  policy disisi outbound  trafik keluar contoh : advertise route via BGP } root@PE-SBY-1# show policy-options protocols { policy-statement bgp-export { bgp { from protocol static; group 65001 { then accept; type internal; } local-address 10.0.6.8; root@PE-SBY-1# show protocols neighbor 10.0.6.6; bgp { } group cluster-0002 { } type internal; isis { local-address 10.0.6.7; interface em1.0 { export bgp-export; level 1 disable; neighbor 10.0.3.4; } } interface em2.0 { } level 1 disable; Import BGP  policy disisi inbound trafik datang contoh: bloking prefix, as path } policy-statement bgp-import { interface lo0.0 { term 1 { level 1 disable; from { } protocol bgp; } route-filter 150.0.0.0/24 exact; } } then reject; Untuk memastikan gunakan } show bgp summary  melihat summary bgp term last { show route receive-protocol bgp (neighbor)  melihat route bgp yang diterima dari peer neighbornya then accept; Page 12 of 20
} } fxp1.6/6 Fxp2.6/6 Fxp3.7/7 Fxp4.7/7 172.168.4.1/30 172.168.4.2/30 172.168.4.6/30 172.168.4.5/30 group RR { AS 1946 type internal; AS 1945 local-address 10.0.3.2; c1 c2 import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; fxp1.2/2 } fxp2.3/3 172.168.1.5/30 t1 } 172.168.1.10/30 Install Community bgp Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24 fxp3.3/3 fxp2.2/2 172.168.1.9/30 172.168.1.6/30 root@PE-SMG-1# show policy-options policy-statement community { r1 from { protocol bgp; route-filter 150.0.0.0/24 exact; fxp1.1/1 } AS 2009 172.168.1.1/30 then { community add c-65111:200; r1 lo0.1 192.168.1.1 accept; fxp2.1/1 } r2 lo0.2 192.168.1.2 fxp1.4/4 fxp2.4/4 172.168.1.2/30 } c1 lo0.3 192.168.1.3 172.168.2.2/30 172.168.2.1/30 community c-65111:200 members 65111:200; c2 lo0.4192.168.1.4 p1 lo0.5 192.168.1.5 r2 p1 untuk memastikan : t1 lo0.6 10.10.10.1 fxp3.5/5 fxp4.5/5 how route advertising-protocol bgp (neighbor) extensive 172.168.3.5/30 172.168.3.6/30 AS 1982 Case: Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Lo db la eEBG a a2: a a nc P d Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer. 1. Multihop based on local address 2. Multipath  based on Link layer Customer Case: Load balance antara r2 dng p1 Step1 konfigurasi static route between r2 and p1 pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options policy-statement load-balance { then { load-balance per-packet; } } lab# show routing-options static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { Page 13 of 20
export load-balance; Output Queue[0]: 0 } Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance Load balance antara r1 dng c1 dan c2 lab# run show route Konfigurasi di c1 192.168.1.5/32 *[Static/5] 00:23:52 lab# show protocols bgp to 172.168.2.1 via fxp1.4 group 1945 {  to 172.168.3.6 via fxp3.5 type external; neighbor 172.168.1.9 { lab# run show route forwarding-table peer-as 2009; 192.168.1.5/32 user 1 ulst 131070 2 } 172.168.2.1 ucst 495 2 fxp1.4 } 172.168.3.6 ucst 490 2 fxp3.5 Konfigurasi di c2 Step 2 lab# show protocols bgp Konfigurasi multihop di P1 dan r2 group external { Di P1 type external; lab# show protocols bgp neighbor 172.168.1.6 { group 1982 { peer-as 2009; type external; } multihop; } local-address 192.168.1.5; neighbor 192.168.1.2 { Konfigurasi di r1 dng menggunakan multipath peer-as 2009; } lab# show protocols bgp } group external { Di r2 type external; lab# show protocols bgp multipath; group 1982 { neighbor 172.168.1.10 { type external; peer-as 1945; multihop; } local-address 192.168.1.2; neighbor 172.168.1.5 { neighbor 192.168.1.5 { peer-as 1946; peer-as 1982; } } } } lab# run show bgp neighbor 172.168.1.5 Untuk verifikasi: Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 lab# run show bgp neighbor 192.168.1.5 logical-router r2 Type: External State: Established Flags: <Sync> Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Last State: OpenConfirm Last Event: RecvKeepAlive Type: External State: Established Flags: <ImportEval Sync> Last Error: None Last State: OpenConfirm Last Event: RecvKeepAlive Options: <Preference HoldTime PeerAS Multipath Refresh> Last Error: None Holdtime: 90 Preference: 170 Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh> Number of flaps: 0 Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90 Number of flaps: 0 Keepalive Interval: 30 Peer index: 1 Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Local Interface: fxp2.2 Keepalive Interval: 30 Peer index: 0 NLRI advertised by peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Peer supports Refresh capability (2) Table inet.0 Bit: 10001 Table inet.0 Bit: 10001 RIB State: BGP restart is complete RIB State: BGP restart is complete Send state: in sync Send state: in sync Active prefixes: 0 Active prefixes: 0 Received prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Suppressed due to damping: 0 Advertised prefixes: 0 Advertised prefixes: 0 Last traffic (seconds): Received 10 Sent 10 Checked 10 Last traffic (seconds): Received 23 Sent 23 Checked 23 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76 Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121 Output messages: Total 23 Updates 0 Refreshes 0 Octets 463 Output Queue[0]: 0 Pa g e 14 of 20
Modifiying BGP attribute For example on OSPF configuration Case: Protocol OSPF 1. advertise IP loopback c1 shg p1 bisa ping ip tersebut di c1 lab# show policy-options policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } lab# show protocols bgp Configure R1 group 1945 { lab# top edit logical-routers R1 type external; lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 export loopback; lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 neighbor 172.168.1.9 { lab# set protocols ospf area 0 interface fxp0.0 peer-as 2009; lab# set protocols ospf area 0 interface lo0.0 passive } } configure R2 lab# top edit logical-routers R2 I. Lo ic l Ro r g a ute lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor lab # run show ospf interface BGP attribute ----------------- Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh lab# run show route protocol bgp terse inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I vlan * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I  Sub interface dari interface * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Configure logical router R1  lab@lab # set logical-routers R1 Origin bisa dimanipulasi menjadi incomplete, egp dll Entering config logical-router  lab@lab # edit logical-routers r1 Untuk incomplete disimbolkan ? Pa g e 15 of 20
Di c2 } -------- then { policy-statement static { as-path-prepend "1947 1947"; term 1 { accept; from { } protocol static; } route-filter 10.10.10.1/32 exact; term 2 { } then reject; then { } origin incomplete; } accept; } } lab# run show route protocol bgp terse logical-router r1 term 2 { then reject; inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) } + = Active Route, - = Last Active, * = Both } A Destination P Prf Metric 1 Metric 2 Next hop AS path Untuk mengubah ke egp spt dibawah ini: * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I policy-statement static { * 172.168.2.0/30 B 170 100 >172.168.1.2 I term 1 { * 172.168.3.4/30 B 170 100 >172.168.1.2 I from { protocol static; Pastikan jalur route sudah benar melalui c1 dari p1 route-filter 10.10.10.1/32 exact; lab# run traceroute 10.10.10.1 } traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets then { 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms origin egp; 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms accept; 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms } 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms } 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms term 2 { then reject; } Next-hop } IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator )  Hasilnya bisa dilihat di r1 EBGP – EBGP lab# run show route protocol bgp terse logical-router r1 EBGP – IBGP IBGP – IBGP inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both Local preference  hanya terjadi di IBGP Contoh ubah local preference untuk route 10.10.10.1 di local as A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? policy-statement resolve { B 170 100 >172.168.1.10 1945 1946 I term 1 { 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I from protocol bgp; * 172.168.2.0/30 B 170 100 >172.168.1.2 I then { * 172.168.3.4/30 B 170 100 >172.168.1.2 I next-hop self; * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I } * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I } term 2 { As-path from { Jalur yang telah dipilih oleh suatu route didalam BGP protocol direct; Di c2 route-filter 172.168.1.4/30 exact; policy-statement static { } term 1 { then accept; from { } protocol static; term 3 { route-filter 10.10.10.1/32 exact; from { Pa g e 16 of 20
protocol bgp; address 172.168.1.9/30; route-filter 10.10.10.1/32 exact; } } } then { } local-preference 150; lo0 { } unit 1 { } family inet { then accept; address 192.168.1.1/32; } } } Untuk verifikasi } lab# run show route 10.10.10.1 detail } protocols { inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) bgp { 10.10.10.1/32 (1 entry, 1 announced) group internal { *BGP Preference: 170/-151 type internal; Next-hop reference count: 17 local-address 192.168.1.1; Source: 192.168.1.1 export resolve; Next hop: 172.168.1.1 via fxp2.1, selected neighbor 192.168.1.2; Protocol next hop: 192.168.1.1 } Indirect next hop: 8683198 131072 group external { State: <Active Int Ext> type external; Local AS: 2009 Peer AS: 2009 export direct; Age: 1:28 Metric2: 1 multipath; Task: BGP_2009.192.168.1.1+179 neighbor 172.168.1.10 { Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 peer-as 1945; AS path: 1946 I } Localpref: 150 neighbor 172.168.1.5 { Router ID: 192.168.1.1 peer-as 1946; } Multiple Exit Discriminator } --------------------------------- } ospf { area 0.0.0.0 { Community route yang telah di tag misal 65000:1100 interface fxp1.1; interface lo0.1; } Lampiran } Di r1 } interfaces { policy-options { fxp1 { policy-statement direct { unit 1 { term 1 { vlan-id 1; from { family inet { protocol direct; address 172.168.1.1/30; route-filter 172.168.1.0/30 exact; } } } then accept; } } fxp2 { term 2 { unit 2 { from { vlan-id 2; protocol bgp; family inet { route-filter 172.168.2.0/30 exact; address 172.168.1.6/30; route-filter 172.168.3.4/30 exact; } } } then accept; } } fxp3 { term last { unit 3 { then reject; vlan-id 3; } family inet { } Pa g e 17 of 20
policy-statement resolve { neighbor 192.168.1.1; term 1 { } from protocol bgp; group 1982 { then { type external; next-hop self; multihop; } local-address 192.168.1.2; } neighbor 192.168.1.5 { term 2 { peer-as 1982; from { } protocol direct; } route-filter 172.168.1.4/30 exact; } } ospf { } area 0.0.0.0 { then accept; interface lo0.2; } interface fxp2.1; } } routing-options { } autonomous-system 2009; } } policy-options { policy-statement direct { Di r2 term 1 { interfaces { from { fxp1 { protocol direct; unit 4 { route-filter 172.168.2.0/30 exact; vlan-id 4; route-filter 172.168.3.4/30 exact; family inet { } address 172.168.2.2/30; then accept; } } } term last { } then reject; fxp2 { } unit 1 { } vlan-id 1; policy-statement load-balance { family inet { then { address 172.168.1.2/30; load-balance per-packet; } } } } } } fxp3 { routing-options { unit 5 { static { vlan-id 5; route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; family inet { } address 172.168.3.5/30; autonomous-system 2009; } forwarding-table { } export load-balance; } } lo0 { } unit 2 { family inet { Di p1 address 192.168.1.2/32; interfaces { } fxp2 { } unit 4 { } vlan-id 4; } family inet { protocols { address 172.168.2.1/30; bgp { } group internal { } type internal; } local-address 192.168.1.2; fxp4 { export direct; unit 5 { Pa g e 18 of 20
vlan-id 5; protocols { family inet { bgp { address 172.168.3.6/30; group external { } type external; } neighbor 172.168.1.9 { } peer-as 2009; lo0 { } unit 5 { neighbor 172.168.4.2 { family inet { peer-as 1946; address 192.168.1.5/32; } } } } } } } } policy-options { protocols { policy-statement static { bgp { term 1 { group 1982 { from { type external; protocol direct; multihop; route-filter 192.168.1.3/32 exact; local-address 192.168.1.5; } neighbor 192.168.1.2 { then accept; peer-as 2009; } } term 2 { } then reject; } } } } routing-options { } static { routing-options { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; autonomous-system 1945; } } autonomous-system 1982; } Di c2 interfaces { fxp1 { Di c1 unit 2 { interfaces { vlan-id 2; fxp1 { family inet { unit 6 { address 172.168.1.5/30; vlan-id 6; } family inet { } address 172.168.4.1/30; } } fxp2 { } unit 6 { } vlan-id 6; fxp4 { family inet { unit 3 { address 172.168.4.2/30; vlan-id 3; } family inet { } address 172.168.1.10/30; } } fxp3 { } unit 7 { } vlan-id 7; lo0 { family inet { unit 3 { address 172.168.4.6/30; family inet { } address 192.168.1.3/32; } } } } lo0 { } unit 4 { } family inet { Pa g e 19 of 20
address 192.168.1.4/32; unit 7 { } vlan-id 7; } family inet { } address 172.168.4.5/30; } } protocols { } bgp { } group external { lo0 { type external; unit 6 { export static; family inet { neighbor 172.168.1.6 { address 10.10.10.1/32; peer-as 2009; } } } } } group 1945 { } type external; routing-options { export static1; static { neighbor 172.168.4.1 { route 0.0.0.0/0 next-hop 172.168.4.6; peer-as 1945; } } } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; } interfaces { fxp4 { Pa g e 20 of 20

Recommended

Zoning in command line
Zoning in command lineZoning in command line
Zoning in command lineSudhakar Reddy
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiNetwax Lab
 
Git-podstawy
Git-podstawyGit-podstawy
Git-podstawytymon Tobolski
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationHamed Moghaddam
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route FilteringNetwax Lab
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnarobertoxe
 

Recommended

Zoning in command line
Zoning in command lineZoning in command line
Zoning in command lineSudhakar Reddy
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiNetwax Lab
 
Git-podstawy
Git-podstawyGit-podstawy
Git-podstawytymon Tobolski
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationHamed Moghaddam
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route FilteringNetwax Lab
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnarobertoxe
 
Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configurationVasilis Nikitaras
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
Athenticated smaba server config with open vpn
Athenticated smaba server config with open vpnAthenticated smaba server config with open vpn
Athenticated smaba server config with open vpnChanaka Lasantha
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheetGuntaka Reddy
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiNetwax Lab
 
Ccna commands
Ccna commandsCcna commands
Ccna commandsHajji Mboowa Yahaya
 
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 3105 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31legasu zemene
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
Ciso 4 ospf
Ciso 4 ospfCiso 4 ospf
Ciso 4 ospfmyciokas
 
Amos command
Amos commandAmos command
Amos commandHossein Abbasi
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules exampleschinkshady
 
12 yum
12 yum12 yum
12 yumjosemanuelacostarendon
 
Ccna command
Ccna commandCcna command
Ccna commandSiddhartha Rajbhatt
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commandsAreej Khasawneh
 
Ciso ospf
Ciso ospfCiso ospf
Ciso ospfmyciokas
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
dokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptxdokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptxRueiYuZeng
 
cisco ccna cheat_sheet
cisco ccna cheat_sheetcisco ccna cheat_sheet
cisco ccna cheat_sheetGuntaka Reddy
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco CommandsFredrick Hall
 
Cisco config
Cisco configCisco config
Cisco configshoaib2004
 
Cisco config
Cisco configCisco config
Cisco config97148881557
 

More Related Content

What's hot

Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configurationVasilis Nikitaras
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
Athenticated smaba server config with open vpn
Athenticated smaba server config with open vpnAthenticated smaba server config with open vpn
Athenticated smaba server config with open vpnChanaka Lasantha
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiNetwax Lab
 
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 3105 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31legasu zemene
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
Ciso 4 ospf
Ciso 4 ospfCiso 4 ospf
Ciso 4 ospfmyciokas
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules exampleschinkshady
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commandsAreej Khasawneh
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 

What's hot (17)

Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configuration
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
 
Athenticated smaba server config with open vpn
Athenticated smaba server config with open vpnAthenticated smaba server config with open vpn
Athenticated smaba server config with open vpn
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configuration
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
 
Ccna commands
Ccna commandsCcna commands
Ccna commands
 
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 3105 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&amp;t8000 acl configuration (v1.00.30) 31
 
Unit 1
Unit 1Unit 1
Unit 1
 
Ciso 4 ospf
Ciso 4 ospfCiso 4 ospf
Ciso 4 ospf
 
Amos command
Amos commandAmos command
Amos command
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
12 yum
12 yum12 yum
12 yum
 
Ccna command
Ccna commandCcna command
Ccna command
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commands
 
Ciso ospf
Ciso ospfCiso ospf
Ciso ospf
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 

Similar to 23769377 lab-bgp-juniper

dokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptxdokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptxRueiYuZeng
 
cisco ccna cheat_sheet
cisco ccna cheat_sheetcisco ccna cheat_sheet
cisco ccna cheat_sheetGuntaka Reddy
 
Centos failover link
Centos failover link Centos failover link
Centos failover link Ediga Watson
 
Aula04 - configuração da topologia ppp - resolvido
Aula04 - configuração da topologia ppp - resolvidoAula04 - configuração da topologia ppp - resolvido
Aula04 - configuração da topologia ppp - resolvidoCarlos Veiga
 
第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco IosF.l. Yu
 
CCNA_LAB_MANUAL_part1.pptx
CCNA_LAB_MANUAL_part1.pptxCCNA_LAB_MANUAL_part1.pptx
CCNA_LAB_MANUAL_part1.pptxSanathKumarV3
 
General lab documentation~cisco router configuration
General lab documentation~cisco router configurationGeneral lab documentation~cisco router configuration
General lab documentation~cisco router configurationsayedatif
 
Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco DJENNA AMIR
 
Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Arz Sy
 
DENOG9 - Automating Juniper Devices with Ansible
DENOG9 - Automating Juniper Devices with AnsibleDENOG9 - Automating Juniper Devices with Ansible
DENOG9 - Automating Juniper Devices with Ansiblesipgate
 
NSClient++ Workshop: 01 Introduction
NSClient++ Workshop: 01 IntroductionNSClient++ Workshop: 01 Introduction
NSClient++ Workshop: 01 IntroductionMichael Medin
 
Trik singkat STATIC ROUTING via cli Packet Tracer
Trik singkat STATIC ROUTING via cli Packet Tracer Trik singkat STATIC ROUTING via cli Packet Tracer
Trik singkat STATIC ROUTING via cli Packet Tracer Selamet Hariadi
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config97148881557
 
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...Lary Onyeka
 

Similar to 23769377 lab-bgp-juniper (20)

dokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptxdokumen.tips_edu51ctocom-edu51ctocom (1).pptx
dokumen.tips_edu51ctocom-edu51ctocom (1).pptx
 
cisco ccna cheat_sheet
cisco ccna cheat_sheetcisco ccna cheat_sheet
cisco ccna cheat_sheet
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco Commands
 
Cisco config
Cisco configCisco config
Cisco config
 
Cisco config
Cisco configCisco config
Cisco config
 
Cisco config
Cisco configCisco config
Cisco config
 
test
testtest
test
 
Centos failover link
Centos failover link Centos failover link
Centos failover link
 
Aula04 - configuração da topologia ppp - resolvido
Aula04 - configuração da topologia ppp - resolvidoAula04 - configuração da topologia ppp - resolvido
Aula04 - configuração da topologia ppp - resolvido
 
第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios
 
CCNA_LAB_MANUAL_part1.pptx
CCNA_LAB_MANUAL_part1.pptxCCNA_LAB_MANUAL_part1.pptx
CCNA_LAB_MANUAL_part1.pptx
 
General lab documentation~cisco router configuration
General lab documentation~cisco router configurationGeneral lab documentation~cisco router configuration
General lab documentation~cisco router configuration
 
Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco
 
Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer)
 
DENOG9 - Automating Juniper Devices with Ansible
DENOG9 - Automating Juniper Devices with AnsibleDENOG9 - Automating Juniper Devices with Ansible
DENOG9 - Automating Juniper Devices with Ansible
 
NSClient++ Workshop: 01 Introduction
NSClient++ Workshop: 01 IntroductionNSClient++ Workshop: 01 Introduction
NSClient++ Workshop: 01 Introduction
 
Trik singkat STATIC ROUTING via cli Packet Tracer
Trik singkat STATIC ROUTING via cli Packet Tracer Trik singkat STATIC ROUTING via cli Packet Tracer
Trik singkat STATIC ROUTING via cli Packet Tracer
 
Configuración del dial peer
Configuración del dial peer Configuración del dial peer
Configuración del dial peer
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config
 
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
 

23769377 lab-bgp-juniper

  • 1. A. Introduction: Delete everything under this level? [yes,no] (no) yes lab# load override terminal Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. copy paste configuration here Rollback = memanggil konfigurasi sebelumnya. finished using enter and ctrl+d keys lab# load merge terminal relative Command Line interface Review copy paste configuration here Exec mode: finished using enter and ctrl+d keys ------------- lab# commit check Amnesiac (ttyd0) lab# commit login: root Password: lab# run show interfaces terse --- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC Interface Admin Link Proto Local Remote root@% cli dsc up up root> fxp0 up up fxp0.0 up up inet 192.168.1.123/24 Configuration Mode: fxp1 up up -------------------------- fxp1.1 up up inet 172.168.1.1/30 root> configure fxp1.2 up up inet 172.168.2.1/30 Entering configuration mode fxp2 up up fxp2.1 up up inet 172.168.1.2/30 [edit] fxp2.2 up up inet 172.168.2.2/30 root# fxp3 up up fxp4 up up Create User à root# set system login user lab class super-user authentication plain-text-password fxp4.1 up up inet 10.10.10.1/30 Check configuration à root# show | compare root# commit check Save config and execute à root# commit (save for 2 minutes only à root# commit confirmed 2 ) (backup config using name conf1 à root# save conf1) Setting hostnamne à lab # set system host-nam e juniper-lab lab# commit Rollback à lab# show | compare rollback 1 lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0) Show configuration Simple à lab# show or lab > show configuration continuously à lab# show | no-more match certain word à lab > show configuration | match interface Configure R1 find certain word and later à lab > show configuration | find interface lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 set configuration à lab > show configuration | display set Configure R2 lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30 show logging lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30 log system à lab > show log messages log with 100 lines latest à lab > show log messages | last 100 Configure R3 log hardware à lab > show log chassis lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30 log user à lab > show system users How to check Hierarchial configuration R1 to R2 Entering lab config à lab# edit system login user lab lab# run ping 172.168.1.2 rapid count 1000 Entering upper config à lab# up R2 to R1 Entering top configuration à lab# top lab# run ping 172.168.1.1 rapid count 1000 R2 to R3 B. Initial System configuration lab# run ping 172.168.2.2 rapid count 1000 R3 to R2 Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge lab# run ping 172.168.2.1 rapid count 1000 terminal relative= copy paste config sebagian noted: assure that there isn’t connectivity between R1 and R3 lab# delete This will delete the entire configuration C. Static Routing Page 1 of 20
  • 2. R2 Routing permanent, manual, metric/preference=5, mengenal source dan gateway. lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi Key : next-hop: gateway untuk network. lab# run show ospf neighbor logical-router R2 à assure connection is failed Configure R1 lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 R3 lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi Configure R3 lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 lab# run show ospf neighbor logical-router Rx à assure connection is success How to check on R1 Applying policy lab# run ping 172.168.1.1 R1 lab# run ping 172.168.2.2 lab# set routing-options static route 10.10.1.0/24 reject lab# run show route lab# set routing-options static route 10.10.2.0/24 reject lab# set routing-options static route 10.10.3.0/24 reject E. OSPF Protocol lab# set routing-options static route 10.10.4.0/24 reject lab# set routing-options static route 10.10.5.0/24 reject Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area lab# set policy-options policy-statement rip-export from protocol static lab# set policy-options policy-statement rip-export then accept lab# set protocols ospf export ospf-export lab# run show route protocol ospf à assure R3 receive route from R1 F. ISIS Protocol Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2 Configure R1 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 1 interface lo0.0 configure R2 lab# set protocols ospf area 1 interface fxp0.0 lab# set protocols ospf area 0 interface fxp1.0 R1 lab# set protocols ospf area 0 interface lo0.0 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00 lab # set protocols isis interface fxp0.0 level 1 disable Configure R3 lab # set protocols isis interface lo0.0 passive lab# set protocols ospf area 0 interface fxp0.0 R2 how to check lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00 lab# run show ospf interface lab # set protocols isis interface fxp0.0 level 1 disable lab# run show ospf neighbor lab # set protocols isis interface fxp1.0 level 1 disable lab# run show route lab # set protocols isis interface lo0.0 passive lab# run ping 172.168.1.2 (from R1) lab# run ping 172.168.1.1 (from R2) R3 lab# run ping 172.168.2.2 (from R2) lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00 lab# run ping 172.168.2.1 (from R3) lab # set protocols isis interface fxp0.0 level 1 disable lab # set protocols isis interface lo0.0 passive Applying authentication R1 lab# run show route protocol isis à assure R3 receive route from R1 lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan lab# run show ospf neighbor à assure connection is failed Page 2 of 20
  • 3. Lab # set routing-options autonomous-system 65002 G. IBGP Lab # set protocols bgp group ibgp multihop AS number sama, routing table scalable, Multiservice. Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003 Lab # set protocols bgp group ibgp local-address 192.168.1.2 R3 Lab # set routing-options autonomous-system 65003 Lab # set protocols bgp group ibgp multihop Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 Lab # set protocols bgp group ibgp peer-as 65002 Lab # set protocols bgp group ibgp local-address 192.168.1.3 Assure: Lab # run show bgp summary IBGP Route Reflection R1 Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster Lab # set routing-options autonomous-system 65000 Step: Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 1. IGP (ISIS) sudah ada Lab # set protocols bgp group ibgp local-address 192.168.1.1 2. Tentukan area cluster dng ID yang berbeda 3. Antar dan Inter cluster menggunakan IBGP R2 4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1 Lab # set routing-options autonomous-system 65000 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 Cluster 0.0.0.2 Cluster 0.0.0.1 Lab # set protocols bgp group ibgp neighbor 192.168.1.3 Lab # set protocols bgp group ibgp local-address 192.168.1.2 PE-MDN-1 RR-JKT-1 RR-JKT-3 PE-SBY-1 R3 Lab # set routing-options autonomous-system 65000 em1/9 em1/1 em1/4 Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 172.16.1.2/30 172.16.2.6/30 172.16.10.1/30 Lab # set protocols bgp group ibgp local-address 192.168.1.3 em1/1 em3/4 em2/9 172.16.1.1/30 172.16.2.5/30 172.16.10.2/30 Assure: em2/2 em2/3 em3/7 172.16.1.5/30 172.16.2.10/30 em2/5 Lab # run show bgp summary 172.16.1.10/30 172.16.2.5/30 H. EBGP AS number berbeda, routing table scalable, Multiservice. PE-MDN-1 10.0.3.1 RR-JKT-1 10.0.3.2 em1/3 em2/7 em2/5 RR-JKT-2 10.0.3.3 172.16.1.9/30 172.16.2.9/30 172.16.2.6/30 RR-JKT-3 10.0.3.4 em3/6 PE-JKT-4 10.0.6.6 em1/8 em2/2 172.16.2.18/30 PE-SBY-1 10.0.6.7 172.16.10.6/30 PE-SMG-1 10.0.6.8 172.16.1.6/30 em1/6 em3/8 172.16.2.17/30 172.16.10.5/30 RR-JKT-2 PE-JKT-4 PE-SMG-1 Cluster 0.0.0.3 R1 Lab # set routing-options autonomous-system 65001 Lab # set protocols bgp group ibgp peer-as 65002 PE-MDN-1 Lab # set protocols bgp group ibgp multihop -------------- Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 interfaces { Lab # set protocols bgp group ibgp local-address 192.168.1.1 em1 { unit 0 { R2 family inet { address 172.16.1.2/30; Page 3 of 20
  • 4. } RR-JKT-1 family iso; ------------ } interfaces { } em1 { em2 { unit 0 { unit 0 { family inet { family inet { address 172.16.1.1/30; address 172.16.1.5/30; } } family iso; family iso; } } } } em2 { lo0 { unit 0 { unit 0 { family inet { family inet { address 172.16.1.10/30; address 10.0.3.1/32; } } family iso; family iso { } address 49.0001.0010.0000.0301.00; } } em3 { } unit 0 { } family inet { } address 172.16.2.5/30; routing-options { } static { family iso; route 100.100.1.0/24 reject; } route 100.100.2.0/24 reject; } route 100.100.3.0/24 reject; lo0 { } unit 0 { autonomous-system 65212; family inet { } address 10.0.3.2/32; protocols { } bgp { family iso { export static; address 49.0001.0010.0000.0302.00; group cluster-0001 { } type internal; } local-address 10.0.3.1; } neighbor 10.0.3.2; } neighbor 10.0.3.3; routing-options { } autonomous-system 65212; } } isis { protocols { interface em1.0 { bgp { level 1 disable; group cluster-0001 { } type internal; interface em2.0 { local-address 10.0.3.2; level 1 disable; cluster 0.0.0.1; } neighbor 10.0.3.1; interface lo0.0 { neighbor 10.0.3.3; level 1 disable; } } group RR { } type internal; } local-address 10.0.3.2; policy-options { neighbor 10.0.3.4; policy-statement static { neighbor 10.0.6.6; from protocol static; } then accept; } } isis { } interface em1.0 { level 1 disable; Page 4 of 20
  • 5. } protocols { interface em2.0 { bgp { level 1 disable; group cluster-0001 { } type internal; interface em3.0 { local-address 10.0.3.3; level 1 disable; cluster 0.0.0.1; } neighbor 10.0.3.1; interface lo0.0 { neighbor 10.0.3.2; level 1 disable; } } group RR { } type internal; } multihop; policy-options { local-address 10.0.3.3; policy-statement bgp-vrf { neighbor 10.0.3.4; from protocol bgp; neighbor 10.0.6.6; then accept; } } } } isis { interface em1.0 { RR-JKT-2 level 1 disable; ------------ } interfaces { interface em2.0 { em1 { level 1 disable; unit 0 { } family inet { interface em3.0 { address 172.16.1.9/30; level 1 disable; } } family iso; interface lo0.0 { } level 1 disable; } } em2 { } unit 0 { } family inet { address 172.16.1.6/30; RR-JKT-3 } ------------- family iso; interfaces { } em1 { } unit 0 { em3 { family inet { unit 0 { address 172.16.2.6/30; family inet { } address 172.16.2.18/30; family iso; } } family iso; } } em2 { } unit 0 { lo0 { family inet { unit 0 { address 172.16.10.2/30; family inet { } address 10.0.3.3/32; family iso; } } family iso { } address 49.0001.0010.0000.0303.00; em3 { } unit 0 { } family inet { } address 172.16.2.10/30; } } routing-options { family iso; autonomous-system 65212; } } } Page 5 of 20
  • 6. lo0 { family inet { unit 0 { address 172.16.2.9/30; family inet { } address 10.0.3.4/32; family iso; } } family iso { } address 49.0001.0010.0000.0304.00; em3 { } unit 0 { } family inet { } address 172.16.10.5/30; } } routing-options { family iso; autonomous-system 65212; } } } protocols { lo0 { bgp { unit 0 { group cluster-0002 { family inet { type internal; address 10.0.6.6/32; local-address 10.0.3.4; } cluster 0.0.0.2; family iso { neighbor 10.0.6.7; address 49.0001.0010.0000.0606.00; } } group RR { } type internal; } multihop; } local-address 10.0.3.4; routing-options { neighbor 10.0.3.2; autonomous-system 65212; neighbor 10.0.6.6; } neighbor 10.0.3.3; protocols { } bgp { } group cluster-0003 { isis { type internal; interface em1.0 { local-address 10.0.6.6; level 1 disable; cluster 0.0.0.3; } neighbor 10.0.6.8; interface em2.0 { } level 1 disable; group RR { } type internal; interface em3.0 { multihop; level 1 disable; local-address 10.0.6.6; } neighbor 10.0.3.2; interface lo0.0 { neighbor 10.0.3.4; level 1 disable; neighbor 10.0.3.3; } } } } } isis { interface em1.0 { PE-JKT-4 level 1 disable; ------------ } interfaces { interface em2.0 { em1 { level 1 disable; unit 0 { } family inet { interface em3.0 { address 172.16.2.17/30; level 1 disable; } } family iso; interface lo0.0 { } level 1 disable; } } em2 { } unit 0 { } Page 6 of 20
  • 7. family inet { PE-SBY-1 address 172.16.10.6/30; ------------ } interfaces { family iso; em1 { } unit 0 { } family inet { em2 { address 172.16.10.1/30; unit 0 { } family inet { family iso; address 172.16.2.6/30; } } } family iso; em2 { } unit 0 { } family inet { lo0 { address 172.16.2.5/30; unit 0 { } family inet { family iso; address 10.0.6.8/32; } } } family iso { lo0 { address 49.0001.0010.0000.0608.00; unit 0 { } family inet { } address 10.0.6.7/32; } } } family iso { routing-options { address 49.0001.0010.0000.0607.00; autonomous-system 65212; } } } protocols { } bgp { } group cluster-0003 { routing-options { type internal; autonomous-system 65212; local-address 10.0.6.8; } neighbor 10.0.6.6; protocols { } bgp { } group cluster-0002 { isis { type internal; interface em1.0 { local-address 10.0.6.7; level 1 disable; neighbor 10.0.3.4; } } interface em2.0 { } level 1 disable; isis { } interface em1.0 { interface lo0.0 { level 1 disable; level 1 disable; } } interface em2.0 { } level 1 disable; } } interface lo0.0 { level 1 disable; } IBGP Confideration } Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration. } Step: PE-SMG-1 1. IGP sudah ada (ISIS) ------------- 2. Tentukan AS primary misal 65212 interfaces { 3. Tentukan AS confideration ditiap domain em1 { 4. Dalam satu domain harus menggunakan IBGP unit 0 { 5. Antar domain harus logical full mesh dng menggunakan EBGP Page 7 of 20
  • 8. 6. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1 } } routing-options { static { route 100.100.1.0/24 reject; route 100.100.2.0/24 reject; route 100.100.3.0/24 reject; } autonomous-system 65000; confederation 65212 members [ 65000 65001 65002 ]; } protocols { bgp { export static; group 65000 { type internal; local-address 10.0.3.1; neighbor 10.0.3.2; neighbor 10.0.3.3; } } isis { interface em1.0 { level 1 disable; } interface em2.0 { level 1 disable; } interface lo0.0 { level 1 disable; } } PE-MDN-1 } -------------- policy-options { interfaces { policy-statement static { em1 { from protocol static; unit 0 { then accept; family inet { } address 172.16.1.2/30; } } family iso; RR-JKT-1 } ------------ } em2 { interfaces { unit 0 { em1 { family inet { unit 0 { address 172.16.1.5/30; family inet { } address 172.16.1.1/30; family iso; } } family iso; } } lo0 { } unit 0 { em2 { family inet { unit 0 { address 10.0.3.1/32; family inet { } address 172.16.1.10/30; family iso { } address 49.0001.0010.0000.0301.00; family iso; } } } } Page 8 of 20
  • 9. em3 { from protocol bgp; unit 0 { then accept; family inet { } address 172.16.2.5/30; } } family iso; RR-JKT-2 } ------------- } lo0 { interfaces { unit 0 { em1 { family inet { unit 0 { address 10.0.3.2/32; family inet { } address 172.16.1.9/30; family iso { } address 49.0001.0010.0000.0302.00; family iso; } } } } } em2 { } unit 0 { routing-options { family inet { autonomous-system 65000; address 172.16.1.6/30; confederation 65212 members [ 65000 65001 65002 ]; } } family iso; protocols { } bgp { } group 65000 { em3 { type internal; unit 0 { local-address 10.0.3.2; family inet { neighbor 10.0.3.1; address 172.16.2.18/30; neighbor 10.0.3.3; } } family iso; group 65212 { } type external; } multihop; lo0 { local-address 10.0.3.2; unit 0 { neighbor 10.0.3.4 { family inet { peer-as 65002; address 10.0.3.3/32; } } neighbor 10.0.6.6 { family iso { peer-as 65001; address 49.0001.0010.0000.0303.00; } } } } } } isis { } interface em1.0 { routing-options { level 1 disable; autonomous-system 65000; } confederation 65212 members [ 65000 65001 65002 65003 ]; interface em2.0 { } level 1 disable; protocols { } bgp { interface em3.0 { group 65000 { level 1 disable; type internal; } local-address 10.0.3.3; interface lo0.0 { neighbor 10.0.3.1; level 1 disable; neighbor 10.0.3.2; } } } group 65212 { } type external; policy-options { multihop; policy-statement bgp-vrf { local-address 10.0.3.3; Page 9 of 20
  • 10. neighbor 10.0.3.4 { } peer-as 65002; } } } neighbor 10.0.6.6 { routing-options { peer-as 65001; autonomous-system 65002; } confederation 65212 members [ 65001 65002 65000 ]; } } } protocols { isis { bgp { interface em1.0 { group 65002 { level 1 disable; type internal; } neighbor 10.0.6.7; interface em2.0 { } level 1 disable; group 65212 { } type external; interface em3.0 { multihop; level 1 disable; local-address 10.0.3.4; } neighbor 10.0.3.2 { interface lo0.0 { peer-as 65000; level 1 disable; } } neighbor 10.0.6.6 { } peer-as 65001; } } neighbor 10.0.3.3 { RR-JKT-3 peer-as 65000; ------------ } } interfaces { } em1 { isis { unit 0 { interface em1.0 { family inet { level 1 disable; address 172.16.2.6/30; } } interface em2.0 { family iso; level 1 disable; } } } interface em3.0 { em2 { level 1 disable; unit 0 { } family inet { interface lo0.0 { address 172.16.10.2/30; level 1 disable; } } family iso; } } } } em3 { unit 0 { PE-JKT-4 family inet { ------------- address 172.16.2.10/30; } interfaces { family iso; em1 { } unit 0 { } family inet { lo0 { address 172.16.2.17/30; unit 0 { } family inet { family iso; address 10.0.3.4/32; } } } family iso { em2 { address 49.0001.0010.0000.0304.00; unit 0 { } family inet { Page 10 of 20
  • 11. address 172.16.2.9/30; interface lo0.0 { } level 1 disable; family iso; } } } } } em3 { unit 0 { PE-SBY-1 family inet { ------------- address 172.16.10.5/30; } interfaces { family iso; em1 { } unit 0 { } family inet { lo0 { address 172.16.10.1/30; unit 0 { } family inet { family iso; address 10.0.6.6/32; } } } family iso { em2 { address 49.0001.0010.0000.0606.00; unit 0 { } family inet { } address 172.16.2.5/30; } } } family iso; routing-options { } autonomous-system 65001; } confederation 65212 members [ 65000 65001 65002 ]; lo0 { } unit 0 { protocols { family inet { bgp { address 10.0.6.7/32; group 65001 { } type internal; family iso { local-address 10.0.6.6; address 49.0001.0010.0000.0607.00; neighbor 10.0.6.8; } } } group 65212 { } type external; } multihop; routing-options { local-address 10.0.6.6; autonomous-system 65002; neighbor 10.0.3.2 { confederation 65212 members [ 65000 65001 65002 ]; peer-as 65000; } } protocols { neighbor 10.0.3.4 { bgp { peer-as 65002; group 65002 { } type internal; neighbor 10.0.3.3 { local-address 10.0.6.7; peer-as 65000; neighbor 10.0.3.4; } } } } } isis { isis { interface em1.0 { interface em1.0 { level 1 disable; level 1 disable; } } interface em2.0 { interface em2.0 { level 1 disable; level 1 disable; } } interface lo0.0 { interface em3.0 { level 1 disable; level 1 disable; } } } Page 11 of 20
  • 12. } show route protocol bgp  melihat semua route bgp PE-SMG-1 ------------- Export-import BGP interfaces { em1 { unit 0 { family inet { address 172.16.10.6/30; } family iso; } } em2 { unit 0 { family inet { address 172.16.2.6/30; } family iso; } } lo0 { unit 0 { family inet { address 10.0.6.8/32; } family iso { address 49.0001.0010.0000.0608.00; } } } } routing-options { autonomous-system 65001; confederation 65212 members [ 65000 65001 65002 ]; Export BGP  policy disisi outbound  trafik keluar contoh : advertise route via BGP } root@PE-SBY-1# show policy-options protocols { policy-statement bgp-export { bgp { from protocol static; group 65001 { then accept; type internal; } local-address 10.0.6.8; root@PE-SBY-1# show protocols neighbor 10.0.6.6; bgp { } group cluster-0002 { } type internal; isis { local-address 10.0.6.7; interface em1.0 { export bgp-export; level 1 disable; neighbor 10.0.3.4; } } interface em2.0 { } level 1 disable; Import BGP  policy disisi inbound trafik datang contoh: bloking prefix, as path } policy-statement bgp-import { interface lo0.0 { term 1 { level 1 disable; from { } protocol bgp; } route-filter 150.0.0.0/24 exact; } } then reject; Untuk memastikan gunakan } show bgp summary  melihat summary bgp term last { show route receive-protocol bgp (neighbor)  melihat route bgp yang diterima dari peer neighbornya then accept; Page 12 of 20
  • 13. } } fxp1.6/6 Fxp2.6/6 Fxp3.7/7 Fxp4.7/7 172.168.4.1/30 172.168.4.2/30 172.168.4.6/30 172.168.4.5/30 group RR { AS 1946 type internal; AS 1945 local-address 10.0.3.2; c1 c2 import bgp-import; neighbor 10.0.3.4; neighbor 10.0.6.6; fxp1.2/2 } fxp2.3/3 172.168.1.5/30 t1 } 172.168.1.10/30 Install Community bgp Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh 65111:200 mempunyai prefix 150/24 fxp3.3/3 fxp2.2/2 172.168.1.9/30 172.168.1.6/30 root@PE-SMG-1# show policy-options policy-statement community { r1 from { protocol bgp; route-filter 150.0.0.0/24 exact; fxp1.1/1 } AS 2009 172.168.1.1/30 then { community add c-65111:200; r1 lo0.1 192.168.1.1 accept; fxp2.1/1 } r2 lo0.2 192.168.1.2 fxp1.4/4 fxp2.4/4 172.168.1.2/30 } c1 lo0.3 192.168.1.3 172.168.2.2/30 172.168.2.1/30 community c-65111:200 members 65111:200; c2 lo0.4192.168.1.4 p1 lo0.5 192.168.1.5 r2 p1 untuk memastikan : t1 lo0.6 10.10.10.1 fxp3.5/5 fxp4.5/5 how route advertising-protocol bgp (neighbor) extensive 172.168.3.5/30 172.168.3.6/30 AS 1982 Case: Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 Lo db la eEBG a a2: a a nc P d Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer. 1. Multihop based on local address 2. Multipath  based on Link layer Customer Case: Load balance antara r2 dng p1 Step1 konfigurasi static route between r2 and p1 pastikan routing sudah load balance dengan menerapkan policy load balance lab# show policy-options policy-statement load-balance { then { load-balance per-packet; } } lab# show routing-options static { route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; } autonomous-system 2009; forwarding-table { Page 13 of 20
  • 14. export load-balance; Output Queue[0]: 0 } Pastikan r2 bisa ping ke ip loopback p1 Dan route sudah menunjukkan load balance Load balance antara r1 dng c1 dan c2 lab# run show route Konfigurasi di c1 192.168.1.5/32 *[Static/5] 00:23:52 lab# show protocols bgp to 172.168.2.1 via fxp1.4 group 1945 {  to 172.168.3.6 via fxp3.5 type external; neighbor 172.168.1.9 { lab# run show route forwarding-table peer-as 2009; 192.168.1.5/32 user 1 ulst 131070 2 } 172.168.2.1 ucst 495 2 fxp1.4 } 172.168.3.6 ucst 490 2 fxp3.5 Konfigurasi di c2 Step 2 lab# show protocols bgp Konfigurasi multihop di P1 dan r2 group external { Di P1 type external; lab# show protocols bgp neighbor 172.168.1.6 { group 1982 { peer-as 2009; type external; } multihop; } local-address 192.168.1.5; neighbor 192.168.1.2 { Konfigurasi di r1 dng menggunakan multipath peer-as 2009; } lab# show protocols bgp } group external { Di r2 type external; lab# show protocols bgp multipath; group 1982 { neighbor 172.168.1.10 { type external; peer-as 1945; multihop; } local-address 192.168.1.2; neighbor 172.168.1.5 { neighbor 192.168.1.5 { peer-as 1946; peer-as 1982; } } } } lab# run show bgp neighbor 172.168.1.5 Untuk verifikasi: Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009 lab# run show bgp neighbor 192.168.1.5 logical-router r2 Type: External State: Established Flags: <Sync> Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Last State: OpenConfirm Last Event: RecvKeepAlive Type: External State: Established Flags: <ImportEval Sync> Last Error: None Last State: OpenConfirm Last Event: RecvKeepAlive Options: <Preference HoldTime PeerAS Multipath Refresh> Last Error: None Holdtime: 90 Preference: 170 Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh> Number of flaps: 0 Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90 Number of flaps: 0 Keepalive Interval: 30 Peer index: 1 Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Local Interface: fxp2.2 Keepalive Interval: 30 Peer index: 0 NLRI advertised by peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Peer supports Refresh capability (2) Table inet.0 Bit: 10001 Table inet.0 Bit: 10001 RIB State: BGP restart is complete RIB State: BGP restart is complete Send state: in sync Send state: in sync Active prefixes: 0 Active prefixes: 0 Received prefixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Suppressed due to damping: 0 Advertised prefixes: 0 Advertised prefixes: 0 Last traffic (seconds): Received 10 Sent 10 Checked 10 Last traffic (seconds): Received 23 Sent 23 Checked 23 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76 Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121 Output messages: Total 23 Updates 0 Refreshes 0 Octets 463 Output Queue[0]: 0 Pa g e 14 of 20
  • 15. Modifiying BGP attribute For example on OSPF configuration Case: Protocol OSPF 1. advertise IP loopback c1 shg p1 bisa ping ip tersebut di c1 lab# show policy-options policy-statement loopback { term 1 { from { protocol direct; route-filter 192.168.1.3/32 exact; } then accept; } term 2 { then reject; } } lab# show protocols bgp Configure R1 group 1945 { lab# top edit logical-routers R1 type external; lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30 export loopback; lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32 neighbor 172.168.1.9 { lab# set protocols ospf area 0 interface fxp0.0 peer-as 2009; lab# set protocols ospf area 0 interface lo0.0 passive } } configure R2 lab# top edit logical-routers R2 I. Lo ic l Ro r g a ute lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30 lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32 lab# set protocols ospf area 0 interface fxp1.0 lab# set protocols ospf area 0 interface lo0.1 passive lab # run show ospf neighbor lab # run show ospf interface BGP attribute ----------------- Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I Contoh lab# run show route protocol bgp terse inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I B 170 100 >172.168.1.10 1945 1946 I 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I * 172.168.2.0/30 B 170 100 >172.168.1.2 I * 172.168.3.4/30 B 170 100 >172.168.1.2 I vlan * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I  Sub interface dari interface * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I Configure logical router R1  lab@lab # set logical-routers R1 Origin bisa dimanipulasi menjadi incomplete, egp dll Entering config logical-router  lab@lab # edit logical-routers r1 Untuk incomplete disimbolkan ? Pa g e 15 of 20
  • 16. Di c2 } -------- then { policy-statement static { as-path-prepend "1947 1947"; term 1 { accept; from { } protocol static; } route-filter 10.10.10.1/32 exact; term 2 { } then reject; then { } origin incomplete; } accept; } } lab# run show route protocol bgp terse logical-router r1 term 2 { then reject; inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) } + = Active Route, - = Last Active, * = Both } A Destination P Prf Metric 1 Metric 2 Next hop AS path Untuk mengubah ke egp spt dibawah ini: * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I B 170 100 >172.168.1.5 1947 1947 1946 I policy-statement static { * 172.168.2.0/30 B 170 100 >172.168.1.2 I term 1 { * 172.168.3.4/30 B 170 100 >172.168.1.2 I from { protocol static; Pastikan jalur route sudah benar melalui c1 dari p1 route-filter 10.10.10.1/32 exact; lab# run traceroute 10.10.10.1 } traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets then { 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms origin egp; 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms accept; 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms } 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms } 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms term 2 { then reject; } Next-hop } IP address yng ditunjuk oleh router untuk menentukan active route MED ( Multiple Exit Discriminator )  Hasilnya bisa dilihat di r1 EBGP – EBGP lab# run show route protocol bgp terse logical-router r1 EBGP – IBGP IBGP – IBGP inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both Local preference  hanya terjadi di IBGP Contoh ubah local preference untuk route 10.10.10.1 di local as A Destination P Prf Metric 1 Metric 2 Next hop AS path * 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? policy-statement resolve { B 170 100 >172.168.1.10 1945 1946 I term 1 { 172.168.1.8/30 B 170 100 >172.168.1.10 1945 I from protocol bgp; * 172.168.2.0/30 B 170 100 >172.168.1.2 I then { * 172.168.3.4/30 B 170 100 >172.168.1.2 I next-hop self; * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I } * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I } term 2 { As-path from { Jalur yang telah dipilih oleh suatu route didalam BGP protocol direct; Di c2 route-filter 172.168.1.4/30 exact; policy-statement static { } term 1 { then accept; from { } protocol static; term 3 { route-filter 10.10.10.1/32 exact; from { Pa g e 16 of 20
  • 17. protocol bgp; address 172.168.1.9/30; route-filter 10.10.10.1/32 exact; } } } then { } local-preference 150; lo0 { } unit 1 { } family inet { then accept; address 192.168.1.1/32; } } } Untuk verifikasi } lab# run show route 10.10.10.1 detail } protocols { inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) bgp { 10.10.10.1/32 (1 entry, 1 announced) group internal { *BGP Preference: 170/-151 type internal; Next-hop reference count: 17 local-address 192.168.1.1; Source: 192.168.1.1 export resolve; Next hop: 172.168.1.1 via fxp2.1, selected neighbor 192.168.1.2; Protocol next hop: 192.168.1.1 } Indirect next hop: 8683198 131072 group external { State: <Active Int Ext> type external; Local AS: 2009 Peer AS: 2009 export direct; Age: 1:28 Metric2: 1 multipath; Task: BGP_2009.192.168.1.1+179 neighbor 172.168.1.10 { Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 peer-as 1945; AS path: 1946 I } Localpref: 150 neighbor 172.168.1.5 { Router ID: 192.168.1.1 peer-as 1946; } Multiple Exit Discriminator } --------------------------------- } ospf { area 0.0.0.0 { Community route yang telah di tag misal 65000:1100 interface fxp1.1; interface lo0.1; } Lampiran } Di r1 } interfaces { policy-options { fxp1 { policy-statement direct { unit 1 { term 1 { vlan-id 1; from { family inet { protocol direct; address 172.168.1.1/30; route-filter 172.168.1.0/30 exact; } } } then accept; } } fxp2 { term 2 { unit 2 { from { vlan-id 2; protocol bgp; family inet { route-filter 172.168.2.0/30 exact; address 172.168.1.6/30; route-filter 172.168.3.4/30 exact; } } } then accept; } } fxp3 { term last { unit 3 { then reject; vlan-id 3; } family inet { } Pa g e 17 of 20
  • 18. policy-statement resolve { neighbor 192.168.1.1; term 1 { } from protocol bgp; group 1982 { then { type external; next-hop self; multihop; } local-address 192.168.1.2; } neighbor 192.168.1.5 { term 2 { peer-as 1982; from { } protocol direct; } route-filter 172.168.1.4/30 exact; } } ospf { } area 0.0.0.0 { then accept; interface lo0.2; } interface fxp2.1; } } routing-options { } autonomous-system 2009; } } policy-options { policy-statement direct { Di r2 term 1 { interfaces { from { fxp1 { protocol direct; unit 4 { route-filter 172.168.2.0/30 exact; vlan-id 4; route-filter 172.168.3.4/30 exact; family inet { } address 172.168.2.2/30; then accept; } } } term last { } then reject; fxp2 { } unit 1 { } vlan-id 1; policy-statement load-balance { family inet { then { address 172.168.1.2/30; load-balance per-packet; } } } } } } fxp3 { routing-options { unit 5 { static { vlan-id 5; route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ]; family inet { } address 172.168.3.5/30; autonomous-system 2009; } forwarding-table { } export load-balance; } } lo0 { } unit 2 { family inet { Di p1 address 192.168.1.2/32; interfaces { } fxp2 { } unit 4 { } vlan-id 4; } family inet { protocols { address 172.168.2.1/30; bgp { } group internal { } type internal; } local-address 192.168.1.2; fxp4 { export direct; unit 5 { Pa g e 18 of 20
  • 19. vlan-id 5; protocols { family inet { bgp { address 172.168.3.6/30; group external { } type external; } neighbor 172.168.1.9 { } peer-as 2009; lo0 { } unit 5 { neighbor 172.168.4.2 { family inet { peer-as 1946; address 192.168.1.5/32; } } } } } } } } policy-options { protocols { policy-statement static { bgp { term 1 { group 1982 { from { type external; protocol direct; multihop; route-filter 192.168.1.3/32 exact; local-address 192.168.1.5; } neighbor 192.168.1.2 { then accept; peer-as 2009; } } term 2 { } then reject; } } } } routing-options { } static { routing-options { route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; autonomous-system 1945; } } autonomous-system 1982; } Di c2 interfaces { fxp1 { Di c1 unit 2 { interfaces { vlan-id 2; fxp1 { family inet { unit 6 { address 172.168.1.5/30; vlan-id 6; } family inet { } address 172.168.4.1/30; } } fxp2 { } unit 6 { } vlan-id 6; fxp4 { family inet { unit 3 { address 172.168.4.2/30; vlan-id 3; } family inet { } address 172.168.1.10/30; } } fxp3 { } unit 7 { } vlan-id 7; lo0 { family inet { unit 3 { address 172.168.4.6/30; family inet { } address 192.168.1.3/32; } } } } lo0 { } unit 4 { } family inet { Pa g e 19 of 20
  • 20. address 192.168.1.4/32; unit 7 { } vlan-id 7; } family inet { } address 172.168.4.5/30; } } protocols { } bgp { } group external { lo0 { type external; unit 6 { export static; family inet { neighbor 172.168.1.6 { address 10.10.10.1/32; peer-as 2009; } } } } } group 1945 { } type external; routing-options { export static1; static { neighbor 172.168.4.1 { route 0.0.0.0/0 next-hop 172.168.4.6; peer-as 1945; } } } } } } policy-options { policy-statement static { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then { accept; } } term 2 { then reject; } } policy-statement static1 { term 1 { from { protocol static; route-filter 10.10.10.1/32 exact; } then accept; } term 2 { then reject; } } } routing-options { static { route 10.10.10.1/32 next-hop 172.168.4.5; } autonomous-system 1946; } interfaces { fxp4 { Pa g e 20 of 20