Friday, December 8, 2017

Konfigurasi Per-VRF Assignment BGP Router-ID pada Topologi Router On The Stick

Catetan ini ane buat karna kebetulan lagi nyusun environment untuk POC SD-WAN, tapi karna keterbatasan jumlah router makanya diakalin dengan menggunakan konfigurasi VRF assignment pada topologi router on the stick. 

Pain point kenapa teknik ini digunakan karna dalam kondisi normal satu router hanya bisa menggunakan satu AS Number ketika menggunakan BGP, sehingga ada teknik lain agar satu router seolah-olah bisa membawa informasi routing dari 2 AS Number dan 2 lokasi berbeda.

Topologi pada GNS3 yang digunakan kira-kira seperti dibawah ini.

NOTES
  • Switch yang ditengah ialah router image 3725 yang difungsikan sebagai switch dengan menggunakan modul switch NM-16ESW.
  • Tips paling penting selalu cek VLAN Database di Router yang dijadikan SWITCH tersebut karna apabila VLAN nya menghilang maka interkoneksi akan putus, BGP tidak UP, dsb.

Skenarionya kira-kira ialah HQ akan terhubung dengan BR1 & BR2 melewati MPLS dengan logical topologinya kira-kira seperti dibawah ini.

Apabila dilihat dari fisikal topologi yang dibuat di GNS3 pada gambar pertama maka Router ISP-PE akan berfungsi sebagai Router-On-Stick dan Router yang ditengah akan berfungsi sebagai switch. 

Langsung saja untuk konfigurasinya ialah seperti dibawah ini.

SWITCH ROUTER
CENTRAL-SWITCH#terminal length 0
CENTRAL-SWITCH#sh run
Building configuration...

Current configuration : 1586 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CENTRAL-SWITCH
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 switchport mode trunk
!
interface FastEthernet1/1
 switchport access vlan 11
!
interface FastEthernet1/2
 switchport access vlan 12
!
interface FastEthernet1/3
 switchport access vlan 21
!
interface FastEthernet1/4
 switchport access vlan 22
!
interface FastEthernet1/5
 switchport access vlan 31
!
interface FastEthernet1/6
 switchport access vlan 32
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


ISP-PE ROUTER
ISP-PE#show run
Building configuration...

 Current configuration : 3078 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP-PE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf MPLS1
 rd 100:1
!
ip vrf MPLS2
 rd 200:2
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.11
 description HQ-TO-MPLS1
 encapsulation dot1Q 11
 ip vrf forwarding MPLS1
 ip address 172.16.1.1 255.255.255.252
!
interface FastEthernet0/0.12
 description HQ-TO-MPLS2
 encapsulation dot1Q 12
 ip vrf forwarding MPLS2
 ip address 172.16.2.1 255.255.255.252
!
interface FastEthernet0/0.21
 description MPLS1-TO-BISP-PE
 encapsulation dot1Q 21
 ip address 172.16.21.1 255.255.255.252
!
interface FastEthernet0/0.22
 description MPLS2-TO-BISP-PE
 encapsulation dot1Q 22
 ip vrf forwarding MPLS2
 ip address 172.16.22.1 255.255.255.252
!
interface FastEthernet0/0.31
 description MPLS1-TO-BR2
 encapsulation dot1Q 31
 ip vrf forwarding MPLS1
 ip address 172.16.31.1 255.255.255.252
!
interface FastEthernet0/0.32
 description MPLS2-TO-BR2
 encapsulation dot1Q 32
 ip vrf forwarding MPLS2
 ip address 172.16.32.1 255.255.255.252
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router bgp 1
 bgp router-id 1.1.1.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf MPLS2
  redistribute connected
  neighbor 172.16.2.2 remote-as 65001
  neighbor 172.16.2.2 local-as 200 no-prepend replace-as
  neighbor 172.16.2.2 activate
  neighbor 172.16.22.2 remote-as 65002
  neighbor 172.16.22.2 local-as 200 no-prepend replace-as
  neighbor 172.16.22.2 activate
  neighbor 172.16.32.2 remote-as 65003
  neighbor 172.16.32.2 local-as 200 no-prepend replace-as
  neighbor 172.16.32.2 activate
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf MPLS1
  redistribute connected
  neighbor 172.16.1.2 remote-as 65001
  neighbor 172.16.1.2 local-as 100 no-prepend replace-as
  neighbor 172.16.1.2 activate
  neighbor 172.16.21.2 remote-as 65002
  neighbor 172.16.21.2 local-as 100 no-prepend replace-as
  neighbor 172.16.21.2 activate
  neighbor 172.16.31.2 remote-as 65003
  neighbor 172.16.31.2 local-as 100 no-prepend replace-as
  neighbor 172.16.31.2 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


HQ-ROUTER
HQ#sh run
Building configuration...

Current configuration : 1544 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
 ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
 description TO-MPLS1
 ip address 172.16.1.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description TO-MPLS2
 ip address 172.16.2.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 network 192.168.1.0
 network 192.168.2.0
 neighbor 172.16.1.1 remote-as 100
 neighbor 172.16.1.1 soft-reconfiguration inbound
 neighbor 172.16.2.1 remote-as 200
 neighbor 172.16.2.1 soft-reconfiguration inbound
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


BR1-ROUTER
BR1#sh run
Building configuration...

Current configuration : 1474 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 192.168.210.1 255.255.255.0
!
interface FastEthernet0/0
 description TO-MPLS1
 ip address 172.16.21.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description TO-MPLS2
 ip address 172.16.22.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router bgp 65002
 no synchronization
 bgp log-neighbor-changes
 network 192.168.210.0
 neighbor 172.16.21.1 remote-as 100
 neighbor 172.16.21.1 soft-reconfiguration inbound
 neighbor 172.16.22.1 remote-as 200
 neighbor 172.16.22.1 soft-reconfiguration inbound
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


BR2-ROUTER
BR2#show run
Building configuration...

Current configuration : 1474 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BR2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 192.168.220.1 255.255.255.0
!
interface FastEthernet0/0
 description TO-MPLS1
 ip address 172.16.31.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description TO-MPLS2
 ip address 172.16.32.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 network 192.168.220.0
 neighbor 172.16.31.1 remote-as 100
 neighbor 172.16.31.1 soft-reconfiguration inbound
 neighbor 172.16.32.1 remote-as 200
 neighbor 172.16.32.1 soft-reconfiguration inbound
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end



VERIFIKASI















































Dari hasil verifikasi dengan menggunakan command show ip bgp, show ip bgp summary, dan show ip route diatas, kita bisa lihat bahwa seluruh bagian corporate HQ, BR1 dan BR2 sudah mendapatkan routing sesuai topologi yang direncakan.

Sekarang kita liat di Router ISP-PE.













Wew gak ada apa-apa disana, kenapa?

Karna untuk melihat routing vrf verifikasi yang digunakan ialah command dibawah ini.
  • show ip vrf
  • show ip vrf detail
  • show ip bgp vpn4 unicast vrf <nama-vrf>
  • show ip bgp vpn4 all






















Dari hasil command show vrf dan show vrf detail diatas kita bisa mengetahui informasi bahwa di dalam Router ISP-PE ada vrf apa saja dan dipasang di interface mana.

Lalu untuk verifikasi routing gunakan command seperti gambar dibawah ini.












Lalu bisa juga memverifikasi routing per-vrf spesifik ke nama vrf nya.















Selesai semoga bermanfaat..
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)