BGP merupakan routing protocol unik dan cara kerjanya sangat berbeda dengan protokol IGP lainnya, karna BGP akan melihat berbagai macam atributnya terlebih dahulu sebelum menentukan best path. Di catetan kali ini kita gak akan membahas cara kerja BGP ataupun atributenya, tapi akan langsung membahas manipulasi routingnya menggunakan salah satu atribut BGP yaitu AS-PATH.
Topologi yang digunakan seperti dibawah ini.
- Point to Point Branch to Provider 1 : 10.10.10.8/30
- Point to Point Branch to Provider 2 : 10.10.10.12/30
Dari skenario diatas apabila dari perspektif Branch apabila network 192.168.4.0/24 ingin menuju ke network destination 192.168.1.0/24, 192.168.10.0/24, ataupun 192.168.100.0/24 di HQ maka secara bestpath yang dipilih akan melalui Provider-1 via 10.10.10.9
Kenapa melalui 10.10.10.9? Singkatnya behaviour E-BGP ketika memilih best-path ialah akan melihat AS-Path terpendek, namun apabila jumlah AS-Path nya sama maka ia akan melihat router-id terendah. Di topologi diatas Provider-1 memiliki IP Address terendah yg kemudian menjadi router-id router Provider-1 sehingga bestpath yang dipilih ialah melalui Provider-1.
Bagaimana apabila kita ingin memanipulasi segmen diatas agar best-path nya melalui 10.10.10.13? Ya kita bisa memanipulasi total AS-Path atau melakukan prepend AS-Path dari router HQ. Kenapa dari router HQ? Cara ini biasanya dilakukan untuk organisasi yang memiliki branch yang banyak sehingga melakukan manipulasi routing dari HQ adalah cara paling mudah.
Gunakan command dibawah ini dibawah ini di Router-HQ dan Router-Branch (agar trafik simetrik) dengan contoh sintaks sbb.
1. Buat Route Map dengan Sintaks Dibawah ini.
route-map <route-map-name> permit 10
set as-path prepend <local-as-path> <local-as-path> <local-as-path> <local-as-path>
route-map <route-map-name> permit 20
2. Masukan Route Map kedalam BGP Neighbor yang ingin di Prepend AS-PATH nya.
router bgp <our-as-path>
neighbor x.x.x.x route-map <route-map-name> out
Apabila dicermati lagi langkah yang kita lakukan diatas ialah memberi tahu Provider-1 dari HQ bahwa AS-PATH melalui link Provider-1 itu lebih jauh daripada melalui Provider-2. Logikanya ialah dengan melakukan prepend AS-Path.
Sekarang coba verifikasi dengan command sh ip route dan sh ip bgp.
Dari hasil verifikasi diatas bisa dilihat apabila dari branch ingin menuju ke prefix 192.168.1.0/24. 192.168.10.0/24 dan 192.168.100.0/24 di HQ maka best pathnya melalui provider-2 (10.10.10.13 kotak merah), dan jika dilihat dikotak hijau apabila dari cabang ingin menuju prefix 192.168.1.0/24. 192.168.10.0/24 dan 192.168.100.0/24 di HQ apabila melalui provider-1 akan lebih jauh karna AS-PATHnya lebih banyak (65512 65511 65511 65511 65511 65511).
Untuk konfigurasi lebih lengkapnya seperti dibawah ini yah.
HQ-Router
HQ#show run
Building configuration...
Current configuration : 1936 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface Loopback2
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/0
description to-R2
ip address 10.10.10.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description to-R3
ip address 10.10.10.5 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
description to-R5
ip address 10.10.10.17 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65511
no synchronization
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.10.0
network 192.168.100.0
neighbor 10.10.10.2 remote-as 65512
neighbor 10.10.10.2 soft-reconfiguration inbound
neighbor 10.10.10.2 route-map ADVERTISE-TO-BRANCH out
neighbor 10.10.10.6 remote-as 65513
neighbor 10.10.10.6 soft-reconfiguration inbound
neighbor 10.10.10.18 remote-as 65515
neighbor 10.10.10.18 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
route-map ADVERTISE-TO-BRANCH permit 10
set as-path prepend 65511 65511 65511 65511
!
route-map ADVERTISE-TO-BRANCH permit 20
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Provider-1
Provider-1#show run
Building configuration...
Current configuration : 1471 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Provider-1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
description to-R1
ip address 10.10.10.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description to-R4
ip address 10.10.10.9 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65512
no synchronization
bgp log-neighbor-changes
network 192.168.2.0
neighbor 10.10.10.1 remote-as 65511
neighbor 10.10.10.1 soft-reconfiguration inbound
neighbor 10.10.10.10 remote-as 65514
neighbor 10.10.10.10 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Provider-2
Provider-2#show run
Building configuration...
Current configuration : 1472 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Provider-2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
description to-R1
ip address 10.10.10.6 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description to-R4
ip address 10.10.10.13 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65513
no synchronization
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.10.10.5 remote-as 65511
neighbor 10.10.10.5 soft-reconfiguration inbound
neighbor 10.10.10.14 remote-as 65514
neighbor 10.10.10.14 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Branch Router
Branch#show run
Building configuration...
Current configuration : 1469 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Branch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
!
interface FastEthernet0/0
description to-R2
ip address 10.10.10.10 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description to-R3
ip address 10.10.10.14 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65514
no synchronization
bgp log-neighbor-changes
network 192.168.4.0
neighbor 10.10.10.9 remote-as 65512
neighbor 10.10.10.9 soft-reconfiguration inbound
neighbor 10.10.10.9 route-map ADVERTISE-TO-HQ out
neighbor 10.10.10.9 route-map ADVERTISE-TO-HQ out
neighbor 10.10.10.13 remote-as 65513
neighbor 10.10.10.13 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
route-map ADVERTISE-TO-HQ permit 10
set as-path prepend 65514 65514 65514 65514
!
route-map ADVERTISE-TO-HQ permit 20
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Bagaimana apabila hanya segmen tertentu saja yang ingin dibelokan? Misal dari topologi diatas segment 192.168.1.0/24 lewat provider 1, sedangkat segmen 192.168.10.0/24 & 192.168.100.0/24 lewat provider 2? Ya jawabannya kita masih tetap bisa memanipulasi traffiknya menggunakan AS-Path prepend hanya saja di filter menggunakan Prefix-List.
Contohnya dengan tambahan command seperti dibawah ini.
1. Buat route-map baru dengan tambahan prefix-list segmen di router HQ
ip prefix-list VIA-PROVIDER1 seq 1 permit 192.168.1.0/24
route-map VIA-PE-1 permit 30
match ip address prefix-list VIA-PROVIDER1
set as-path prepend 65511 65511 65511 65511
route-map VIA-PE-1 permit 40
2. Lalu hapus route-map yang ke arah 10.10.10.2, ganti dengan ke arah 10.10.10.6
no neighbor 10.10.10.2 route-map ADVERTISE-TO-BRANCH outneighbor 10.10.10.6 route-map VIA-PROVIDER1 out
3. Jangan lupa hapus juga route-map di cabang
no neighbor 10.10.10.9 route-map ADVERTISE-TO-HQ out
4. Jangan lupa verifikasi
Gunakan command show ip bgp summary, show ip bgp x.x.x.x, dsb
NOTES
- Langkah diatas akan sangat efektif apabila dilakukan di network dengan desain E-BGP karna sifat-sifatnya tersebut yang melihat AS-Path sebagai best path
- Apabila di I-BGP biasanya manipulasi akan dilakukan dengan memanipulasi metrik IGP nya atau bisa juga dengan menggunakan atribut BGP lainnya seperti MED, dsb.
- Sebenarnya langkah prepend AS-Path bisa dilakukan di HQ saja tapi kenapa ditambahkan di Branch ialah agar traffiknya simetrik. Pergi lewat Provider-2 pulang pun lewat Provider-2.
- Dalam case terakhir, apabila kita ingin membelokan traffik dari prefix tertentu maka biasanya akan terjadi simetrik routing, solusinya biasa bisa menggunakan Source NAT pada interface yang keluar melalui link tersebut sehingga trafik bisa menjadi simetrik.
Sekian catatan kali ini, apabila ada yang salah menurut pembaca yang lebih paham mungkin bisa dikoreksi. Semoga bermanfaat...
A great post without doubt. The information shared is of top quality which has to get appreciated at all levels. Well done keep up the good work. I will provide you some more information like this.
ReplyDeleteCross-platform Apps in Delhi NCR.
IOS App Development in Delhi NCR
Android App Development in Delhi NCR
Amazing Blog! Do you want the best iOS application for your business? InstaaCoders is an award winning company that provides the best iOS App Development in Delhi. We have decades of experience in building the best iOS app development services. We have developed, successfully delivered over 1000+ projects till date.
ReplyDeletePerde modelleri
ReplyDeleteNUMARA ONAY
türk telekom mobil ödeme bozdurma
nft nasıl alınır
ankara evden eve nakliyat
trafik sigortası
dedektör
web site kurmak
ASK ROMANLARİ
ataşehir arçelik klima servisi
ReplyDeletekartal arçelik klima servisi
ümraniye arçelik klima servisi
üsküdar samsung klima servisi
üsküdar mitsubishi klima servisi
pendik vestel klima servisi
pendik bosch klima servisi
tuzla samsung klima servisi
tuzla mitsubishi klima servisi