configsantuy: Desember 2020

Jumat, 11 Desember 2020

lab 8, Local AS BGP

BGP Community digunakan untuk menambahka informasi tambahan pada

setiap prefix yang diadvertise ke router tetangga yang menjalankan BGP.

untuk yang sebelumnya cabut kabel antara R3 dan R4 lalu colok kabel dari R2 ke R4 sesuai topologi

terus hapus konfigkan yg sebelumnya

RI R2 R3

(config)#no router bgp 1234

R3(config)#default int f0/1

R3(config)#

R4(config)#

R4(config)#default int f0/0

R4(config)#

R4(config)#default int lo44

R4(config)#no int lo0

R4(config)#no router bgp 4

R4(config)#

R4(config)#no router eigrp 10

konfigurasi ip address di R2 dan R4

R2(config)#int g3/0

R2(config-if)#ip add 24.24.24.2 255.255.255.0

R2(config-if)#no sh

R2(config-if)#ex

R2(config)#

R2(config)#int lo22

R2(config-if)#ip add 22.22.22.22 255.255.255.255

R2(config-if)#

R4(config)#int g3/0

R4(config-if)#ip add 24.24.24.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

R4(config)#

R4(config)#int lo0

R4(config-if)#ip add 4.4.4.4 255.255.255.255

konfigurasi BGP di semua router dan R2 menjadi router reflector server

R1(config)#router bgp 123

R1(config-router)#

R1(config-router)#net 11.11.11.11 mask 255.255.255.255

R1(config-router)#

R1(config-router)#neighbor 2.2.2.2 remote-as 123

R1(config-router)#neighbor 2.2.2.2 update-source Loopback0

R2(config)#

R2(config)#router bgp 123

R2(config-router)#neighbor 1.1.1.1 remote-as 123

R2(config-router)#

R2(config-router)#neighbor 1.1.1.1 up lo0

R2(config-router)#neighbor 1.1.1.1 route-reflector-client

R2(config-router)#neighbor 1.1.1.1 next-hop-self

R2(config-router)#

R2(config-router)#neighbor 3.3.3.3 remote-as 123

R2(config-router)#neighbor 3.3.3.3 update lo0

R2(config-router)#neighbor 3.3.3.3 route-reflector-client

R2(config-router)#neighbor 3.3.3.3 next-hop-self

R2(config-router)#neighbor 24.24.24.4 remote-as 4

R2(config-router)#network 22.22.22.22 mask 255.255.255.255

R3(config)#int lo33

R3(config-if)#ip add 33.33.33.33 255.255.255.255

R3(config-if)#ex

R3(config)#

R3(config)#router bgp 123

R3(config-router)#neighbor 2.2.2.2 remote-as 123

R3(config-router)#neighbor 2.2.2.2 up lo0

R3(config-router)#net 33.33.33.33 mask 255.255.255.255

R3(config-router)#

R4(config)#

R4(config)#router bgp 4

R4(config-router)#neighbor 24.24.24.2 remote-as 123

R4(config-router)#

R4(config-router)#net 4.4.4.4 mask 255.255.255.255

R4(config-router)#ex

cek bgp route di R1 dan R4

R1#sh ip bgp

BGP table version is 6, local router ID is 11.11.11.11

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*> 11.11.11.11/32 0.0.0.0 0 32768 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

*>i33.33.33.33/32 3.3.3.3 0 100 0 i

R4(config)#do show ip bgp

BGP table version is 5, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 11.11.11.11/32 24.24.24.2 0 123 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

*> 33.33.33.33/32 24.24.24.2 0 123 i

next set comunity 'no-export' dI R1 artinya tidak di advertise ke bgp

R1(config)#

R1(config)#access-list 1 permit host 11.11.11.11

R1(config)#route-map NO-EXPORT

R1(config-route-map)#

R1(config-route-map)#match ip address 1

R1(config-route-map)#set community no-export

R1(config-route-map)#router bgp 123

R1(config-router)#

R1(config-router)#neighbor 2.2.2.2 route-map NO-EXPORT out

R1(config-router)#neighbor 2.2.2.2 send-community

cek bgp route di R3 dan R4 pastikan network 11.11.11.11/32 sudah tidak ada

R3(config)#do sh ip bgp

BGP table version is 5, local router ID is 33.33.33.33

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*>i11.11.11.11/32 1.1.1.1 0 100 0 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

*> 33.33.33.33/32 0.0.0.0 0 32768 i

R4(config)#do show ip bgp

BGP table version is 6, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

*> 33.33.33.33/32 24.24.24.2 0 123 i

cek pada prefix terdapat informasi yaitu no-export

R2(config)#do show ip bgp 11.11.11.11

BGP routing table entry for 11.11.11.11/32, version 6

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

to EBGP peer)

Flag: 0x880

Advertised to update-groups:

Local, (Received from a RR-client)

1.1.1.1 (metric 156160) from 1.1.1.1 (11.11.11.11)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: no-export

gantian ke comunity "no-advertise" di R3 (no-export tidak di advertise ke i-bgp/e-bgp)

R3(config)#

R3(config)#access-list 1 permit host 33.33.33.33

R3(config)#route-map NO-ADVERTISE

R3(config-route-map)#

R3(config-route-map)#match ip address 1

R3(config-route-map)#set community no-advertise

R3(config-route-map)#router bgp 123

R3(config-router)#

R3(config-router)#neighbor 2.2.2.2 route-map NO-ADVERTISE out

R3(config-router)#neighbor 2.2.2.2 send-community

R3(config-router)#exit

cek bgp route di R1 dan R4 pastikan bahwa network 33.33.33.33/32 sudah tidak ada

R1(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*> 11.11.11.11/32 0.0.0.0 0 32768 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

R4(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

R2(config)#do show ip bgp 33.33.33.33

BGP routing table entry for 33.33.33.33/32, version 7

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

to any peer)

Flag: 0x880

Not advertised to any peer

Local, (Received from a RR-client)

3.3.3.3 (metric 156160) from 3.3.3.3 (33.33.33.33)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: no-advertise

Kita melihat bahwa “local-AS” di R1 (diadvertise hanya di confederation i BGP

saja).

topologi masih sama tapi untuk topologi logical menjadi seperti di atas kita konfigurasikan BGP confederation di R1 R2 R3

R1(config)#

R1(config)#no router bgp 123

R1(config)#

R1(config)#router bgp 12

R1(config-router)#

R1(config-router)#bgp confederation identifier 123

R1(config-router)#net 11.11.11.11 mask 255.255.255.255

R1(config-router)#neighbor 12.12.12.2 remote-as 12

R1(config-router)#access list 2 permit host 11.11.11.11

R1(config-router)#ex

R1(config)#

R1(config)#route-map LOCAL-AS

R1(config-route-map)#match ip address 2

R1(config-route-map)#set community local-AS

R1(config-route-map)#router bgp 12

R1(config-router)#

R1(config-router)#neighbor 12.12.12.2 route-map LOCAL

R1(config-router)#neighbor 12.12.12.2 route-map LOCAL-AS out

R1(config-router)#neighbor 12.12.12.2 send-community

R2(config)#router bgp 12

R2(config-router)#

R2(config-router)#bgp confederation identifier 123

R2(config-router)#bgp confederation peers 3

R2(config-router)#neighbor 24.24.24.4 remote-as 4

R2(config-router)#neighbor 12.12.12.1 remote-as 12

R2(config-router)#neighbor 12.12.12.1 next-hop-self

R2(config-router)#neighbor 23.23.23.3 remote-as 3

R2(config-router)#neighbor 23.23.23.3 next-hop-self

R2(config-router)#net 22.22.22.22 mask 255.255.255.255

R3(config)#no router bgp 123

R3(config)#router bgp 3

R3(config-router)#

R3(config-router)#bgp confederation identifier 123

R3(config-router)#bgp confederation peers 12

R3(config-router)#neighbor 23.23.23.2 remote-as 12

R3(config-router)#net 33.33.33.33 mask 255.255.255.255

cek bgp di R2 R3 pastikan network 11.11.11.11/32 sudah tidak ada

R2#sh ip bgp

BGP table version is 5, local router ID is 22.22.22.22

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 24.24.24.4 0 0 4 i

*>i11.11.11.11/32 12.12.12.1 0 100 0 i

*> 22.22.22.22/32 0.0.0.0 0 32768 i

*> 33.33.33.33/32 23.23.23.3 0 100 0 (3) i

R3#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 23.23.23.2 0 100 0 (12) 4 i

*> 22.22.22.22/32 23.23.23.2 0 100 0 (12) i

*> 33.33.33.33/32 0.0.0.0 0 32768 i

R2#sh ip bgp 11.11.11.11

BGP routing table entry for 11.11.11.11/32, version 3

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

outside local AS)

Not advertised to any peer

Local

12.12.12.1 from 12.12.12.1 (11.11.11.11)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

Community: local-AS

Kesimpulannya :

• Internet : advertise prefix kemanapun gak ada

• No-advertise : jangan advertise network kemanapun

• No-export : jangan advertise network ke e BGP manapun

• Local AS : jangan advertise network ke luar SUB-AS ( Berlaku untuk BGP

Confederation )

Lab 27. GLBP (Gateway Load Balancing Protocol)

R1 dan R2

default int f0/1

Konfigurasi di R1

R1(config)#int Fa0/1

R1(config-if)#ip address 192.168.12.1 255.255.255.0

R1(config-if)#glbp 1 ip 192.168.12.254

R2(config)#inT Fa0/1

R2(config-if)#ip address 192.168.12.2 255.255.255.0

R2(config-if)#glbp 1 ip 192.168.12.254

Konfigurasi pada PC

PC-1 dan PC-2

PC1> ip 192.168.12.10/24 192.168.12.254

PC2> ip 192.168.12.11/24 192.168.12.254

Verifikasi

R1(config)#do show glbp brief

Interface Grp Fwd Pri State Address Active router Standby

router

Fa0/1 1 - 100 Active 192.168.12.254 local 192.168.12.2

Fa0/1 1 1 - Active 0007.b400.0101 local

Fa0/1 1 2 - Listen 0007.b400.0102 192.168.12.2 -----------------

R2(config-if)#do show glbp brief

Interface Grp Fwd Pri State Address Active router Standby

router

Fa0/1 1 - 100 Standby 192.168.12.254 192.168.12.1

local Fa0/1 1 1 - Listen 0007.b400.0101 192.168.12.1 --------------------

Fa0/1 1 2 - Active 0007.b400.0102 local

COBA DI TRACEROUTE

PC-1

PC1> trace 8.8.8.8

trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop

1 192.168.12.1 40.728 ms 9.179 ms 9.698 ms

2 13.13.13.3 ............39.931 ms

PC-2

PC2> trace 8.8.8.8

trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop

1 192.168.12.2 5.502 ms 10.478 ms 9.250 ms

2 23.23.23.3 41.292 ms

Lab 26. VRRP Load Balancing

PC 1 PC 2

PC1> ip 192.168.12.10/24 192.168.12.254

PC2> ip 192.168.12.11/24 192.168.12.253

R1(config)#interface FastEthernet0/1

R1(config-if)#vrrp 2 ip 192.168.12.253

R2(config)#interface FastEthernet0/1

R2(config-if)#vrrp 2 ip 192.168.12.253

R2(config-if)#vrrp 2 priority 110

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 110 3570 Y Master 192.168.12.1 192.168.12.254

Fa0/1 2 100 3609 Y Backup 192.168.12.2 192.168.12.253

R2(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 100 3609 Y Backup 192.168.12.1 192.168.12.254

Fa0/1 2 110 3570 Y Master 192.168.12.2 192.168.12.253

Lab 25. VRRP With IP SLA

R1(config)#no track 1 ip route 8.8.8.8 255.255.255.255 reachability

R1(config)#ip sla 1

R1(config-ip-sla)#icmp-echo 8.8.8.8 source-interface f0/1

R1(config-ip-sla-echo)#frequency 10

R1(config-ip-sla-echo)#timeout 5000

R1(config-ip-sla-echo)#track 1 ip sla 1 reachability

R1(config)#ip sla schedule 1 start-time now life forever

R1(config)#do show run int f0/1 | i decrement

vrrp 1 track 1 decrement 20

R1(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 110 3570 Y Master 192.168.12.1 192.168.12.254

R3(config)#int lo0

R3(config-if)#shutdown

R3(config-if)#exit

*Feb 3 12:37:17.739: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down

R1(config)#

*Feb 3 12:37:20.871: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup

R1(config)#

R1(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 90 3570 Y Backup 192.168.12.2 192.168.12.254

R2(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 100 3609 YMaster 192.168.12.2 192.168.12.254

R3(config)#int lo0

R3(config-if)#no shutdown

R3(config-if)#exit

*Feb 3 12:41:02.739: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up

R1(config)#

*Feb 3 12:41:05.931: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup ->

Master

R1(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 110 3570 Y Master 192.168.12.1 192.168.12.254

Lab 24. VRRP Track Route

R1(config)#int f0/1

R1(config-if)#no shutdown

R1(config-if)#int fa0/1

R1(config-if)#vrrp 1 track 1 decrement 20

R1(config-if)#track 1 ip route 8.8.8.8/32 reachability

R1(config-if)#exit

Lab 23. VRRP (Virtual Router Redudancy Protocol)

Masih sama seperti yang sebelumnya

R1 dan R2

R1(config)#default int f0/1

PASANG VRRP DI KEDUA ROUTER

R1(config)#interface FastEthernet0/1

R1(config-if)#ip address 192.168.12.1 255.255.255.0

R1(config-if)#vrrp 1 ip 192.168.12.254

R1(config-if)#vrrp 1 priority 110

R1(config-if)#vrrp 1 authentication md5 key-string cisco

R2(config)#interface FastEthernet0/1

R2(config-if)#ip address 192.168.12.2 255.255.255.0

R2(config-if)#vrrp 1 ip 192.168.12.254

R2(config-if)#vrrp 1 authentication md5 key-string cisco

Config di PC

R1 dan R2

PC1> ip 192.168.12.10/24 192.168.12.254

PC2> ip 192.168.12.11/24 192.168.12.254

CEK DENGAN DO SHOW VRRP BRIEF

R1(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 110 3570 Y Master 192.168.12.1 192.168.12.254

R2(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 100 3609 Y Backup 192.168.12.1 192.168.12.254

Shutdown interface f0/1 R1 (Master)

R1(config-if)#sh

R1(config-if)#

*Feb 3 12:22:54.167: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Init

R1(config-if)#

*Feb 3 12:22:54.275: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor

192.168.12.2 (FastEthernet0/1) is down: interface down

R2(config)#

*Feb 3 12:22:54.775: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup -> Master

R2(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 100 3609 YMaster 192.168.12.2 192.168.12.254

R1(config)#do show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1

1 110 3570 Y Init 0.0.0.0 192.168.12.254

Lab 22. HSRP Load Balancing

Konfigurasikan IP Address pada PC

PC-1 dan PC-2

PC1> ip 192.168.12.10/24 192.168.12.254

PC2> ip 192.168.12.11/24 192.168.12.253

Konfigurasikan command ini pada R1

R1(config)#interface FastEthernet0/1

R1(config-if)#standby 2 ip 192.168.12.253

R1(config-if)#standby 2 preempt

R1(config-if)#standby 2 authentication md5 key-string cisco

R1(config-if)#standby 2 priority 110

R2(config)#interface FastEthernet0/1

R2(config-if)#standby 2 ip 192.168.12.253

R2(config-if)#standby 2 preempt

R2(config-if)#standby 2 authentication md5 key-string cisco

Verifikasi

R1 dan R2

R1(config)#do show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 100 P

Standby 192.168.12.2 local 192.168.12.254

Fa0/1 2 110 P Active local 192.168.12.2 192.168.12.253

R2(config-if)#do show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Fa0/1 1 110 P Active local 192.168.12.1 192.168.12.254 Fa0/1 2 100 P

Standby 192.168.12.1 local 192.168.12.253

Lab 21. HSRP – IP SLA

Hapus config sebelumnya

R2(config)#no track 1 ip route 8.8.8.8 255.255.255.255 reachability

R2(config)#ip sla 1

R2(config-ip-sla)#icmp-echo 8.8.8.8 source-interface f0/1

R2(config-ip-sla-echo)#frequency 10

R2(config-ip-sla-echo)#timeout 5000

R2(config-ip-sla-echo)#track 1 ip sla 1

reachability R2(config-track)#exit

R2(config)#ip sla schedule 1 start-time now life forever

* untuk fitur trackingnya sudah dipasang bekas konfigurasi

sebelumnya

cek

R2(config)#do show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1

110 P Active local 192.168.12.1 192.168.12.254

matikan loopback R3 , jadi ip 8.8.8.8 tidak bisa di ping

R3(config)#interface lo0

R3(config-if)#shutdown

R3(config-if)#exit

status tracking menjadi down dari yang sebelumnya up kemudian standby

*Feb 3 12:04:53.907: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down

priority nya menjadi 90 dengan state standby

R2(config)#do show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 90 P

Standby 192.168.12.1 local 192.168.12.254

AKTIFKAN LAGI LOOPBACK DI R3

R3(config)#int lo0

R3(config-if)#no sh

R3(config-if)#ex

R2(config)#

*Feb 3 12:07:18.907: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up

*Feb 312:07:19.459:%HSRP-5-STATECHANGE:FastEthernet0/1Grp1stateStandby

-> Active

berubah menjadi up dan active

prioritynya yaitu 110

R2(config)#do show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 110

P Active local 192.168.12.1 192.168.12.254

configsantuy

Jumat, 11 Desember 2020

lab 8, Local AS BGP

lab 8, Local AS BGP

Lab 27. GLBP (Gateway Load Balancing Protocol)

Lab 27. GLBP (Gateway Load Balancing Protocol)

Lab 26. VRRP Load Balancing

Lab 26. VRRP Load Balancing

Lab 25. VRRP With IP SLA

Lab 25. VRRP With IP SLA

Lab 24. VRRP Track Route

Lab 24. VRRP Track Route

Lab 23. VRRP (Virtual Router Redudancy Protocol)

Lab 23. VRRP (Virtual Router Redudancy Protocol)

Lab 22. HSRP Load Balancing

Lab 22. HSRP Load Balancing

Lab 21. HSRP – IP SLA

Lab 21. HSRP – IP SLA

LAB 1 FORTIGATE BASIC KONFIG

Laporkan Penyalahgunaan

Label