lab 8, Local AS BGP

BGP Community digunakan untuk menambahka informasi tambahan pada

setiap prefix yang diadvertise ke router tetangga yang menjalankan BGP.

untuk yang sebelumnya cabut kabel antara R3 dan R4 lalu colok kabel dari R2 ke R4 sesuai topologi

terus hapus konfigkan yg sebelumnya

RI R2 R3

(config)#no router bgp 1234

R3(config)#default int f0/1

R3(config)#

R4(config)#

R4(config)#default int f0/0

R4(config)#

R4(config)#default int lo44

R4(config)#no int lo0

R4(config)#no router bgp 4

R4(config)#

R4(config)#no router eigrp 10

konfigurasi ip address di R2 dan R4

R2(config)#int g3/0

R2(config-if)#ip add 24.24.24.2 255.255.255.0

R2(config-if)#no sh

R2(config-if)#ex

R2(config)#

R2(config)#int lo22

R2(config-if)#ip add 22.22.22.22 255.255.255.255

R2(config-if)#

R4(config)#int g3/0

R4(config-if)#ip add 24.24.24.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

R4(config)#

R4(config)#int lo0

R4(config-if)#ip add 4.4.4.4 255.255.255.255

konfigurasi BGP di semua router dan R2 menjadi router reflector server

R1(config)#router bgp 123

R1(config-router)#

R1(config-router)#net 11.11.11.11 mask 255.255.255.255

R1(config-router)#

R1(config-router)#neighbor 2.2.2.2 remote-as 123

R1(config-router)#neighbor 2.2.2.2 update-source Loopback0

R2(config)#

R2(config)#router bgp 123

R2(config-router)#neighbor 1.1.1.1 remote-as 123

R2(config-router)#

R2(config-router)#neighbor 1.1.1.1 up lo0

R2(config-router)#neighbor 1.1.1.1 route-reflector-client

R2(config-router)#neighbor 1.1.1.1 next-hop-self

R2(config-router)#

R2(config-router)#neighbor 3.3.3.3 remote-as 123

R2(config-router)#neighbor 3.3.3.3 update lo0

R2(config-router)#neighbor 3.3.3.3 route-reflector-client

R2(config-router)#neighbor 3.3.3.3 next-hop-self

R2(config-router)#neighbor 24.24.24.4 remote-as 4

R2(config-router)#network 22.22.22.22 mask 255.255.255.255

R3(config)#int lo33

R3(config-if)#ip add 33.33.33.33 255.255.255.255

R3(config-if)#ex

R3(config)#

R3(config)#router bgp 123

R3(config-router)#neighbor 2.2.2.2 remote-as 123

R3(config-router)#neighbor 2.2.2.2 up lo0

R3(config-router)#net 33.33.33.33 mask 255.255.255.255

R3(config-router)#

R4(config)#

R4(config)#router bgp 4

R4(config-router)#neighbor 24.24.24.2 remote-as 123

R4(config-router)#

R4(config-router)#net 4.4.4.4 mask 255.255.255.255

R4(config-router)#ex

cek bgp route di R1 dan R4

R1#sh ip bgp

BGP table version is 6, local router ID is 11.11.11.11

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*> 11.11.11.11/32 0.0.0.0 0 32768 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

*>i33.33.33.33/32 3.3.3.3 0 100 0 i

R4(config)#do show ip bgp

BGP table version is 5, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 11.11.11.11/32 24.24.24.2 0 123 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

*> 33.33.33.33/32 24.24.24.2 0 123 i

next set comunity 'no-export' dI R1 artinya tidak di advertise ke bgp

R1(config)#

R1(config)#access-list 1 permit host 11.11.11.11

R1(config)#route-map NO-EXPORT

R1(config-route-map)#

R1(config-route-map)#match ip address 1

R1(config-route-map)#set community no-export

R1(config-route-map)#router bgp 123

R1(config-router)#

R1(config-router)#neighbor 2.2.2.2 route-map NO-EXPORT out

R1(config-router)#neighbor 2.2.2.2 send-community

cek bgp route di R3 dan R4 pastikan network 11.11.11.11/32 sudah tidak ada

R3(config)#do sh ip bgp

BGP table version is 5, local router ID is 33.33.33.33

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*>i11.11.11.11/32 1.1.1.1 0 100 0 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

*> 33.33.33.33/32 0.0.0.0 0 32768 i

R4(config)#do show ip bgp

BGP table version is 6, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

*> 33.33.33.33/32 24.24.24.2 0 123 i

cek pada prefix terdapat informasi yaitu no-export

R2(config)#do show ip bgp 11.11.11.11

BGP routing table entry for 11.11.11.11/32, version 6

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

to EBGP peer)

Flag: 0x880

Advertised to update-groups:

Local, (Received from a RR-client)

1.1.1.1 (metric 156160) from 1.1.1.1 (11.11.11.11)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: no-export

gantian ke comunity "no-advertise" di R3 (no-export tidak di advertise ke i-bgp/e-bgp)

R3(config)#

R3(config)#access-list 1 permit host 33.33.33.33

R3(config)#route-map NO-ADVERTISE

R3(config-route-map)#

R3(config-route-map)#match ip address 1

R3(config-route-map)#set community no-advertise

R3(config-route-map)#router bgp 123

R3(config-router)#

R3(config-router)#neighbor 2.2.2.2 route-map NO-ADVERTISE out

R3(config-router)#neighbor 2.2.2.2 send-community

R3(config-router)#exit

cek bgp route di R1 dan R4 pastikan bahwa network 33.33.33.33/32 sudah tidak ada

R1(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path

*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i

*> 11.11.11.11/32 0.0.0.0 0 32768 i

*>i22.22.22.22/32 2.2.2.2 0 100 0 i

R4(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i

*> 22.22.22.22/32 24.24.24.2 0 0 123 i

R2(config)#do show ip bgp 33.33.33.33

BGP routing table entry for 33.33.33.33/32, version 7

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

to any peer)

Flag: 0x880

Not advertised to any peer

Local, (Received from a RR-client)

3.3.3.3 (metric 156160) from 3.3.3.3 (33.33.33.33)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: no-advertise

Kita melihat bahwa “local-AS” di R1 (diadvertise hanya di confederation i BGP

saja).

topologi masih sama tapi untuk topologi logical menjadi seperti di atas kita konfigurasikan BGP confederation di R1 R2 R3

R1(config)#

R1(config)#no router bgp 123

R1(config)#

R1(config)#router bgp 12

R1(config-router)#

R1(config-router)#bgp confederation identifier 123

R1(config-router)#net 11.11.11.11 mask 255.255.255.255

R1(config-router)#neighbor 12.12.12.2 remote-as 12

R1(config-router)#access list 2 permit host 11.11.11.11

R1(config-router)#ex

R1(config)#

R1(config)#route-map LOCAL-AS

R1(config-route-map)#match ip address 2

R1(config-route-map)#set community local-AS

R1(config-route-map)#router bgp 12

R1(config-router)#

R1(config-router)#neighbor 12.12.12.2 route-map LOCAL

R1(config-router)#neighbor 12.12.12.2 route-map LOCAL-AS out

R1(config-router)#neighbor 12.12.12.2 send-community

R2(config)#router bgp 12

R2(config-router)#

R2(config-router)#bgp confederation identifier 123

R2(config-router)#bgp confederation peers 3

R2(config-router)#neighbor 24.24.24.4 remote-as 4

R2(config-router)#neighbor 12.12.12.1 remote-as 12

R2(config-router)#neighbor 12.12.12.1 next-hop-self

R2(config-router)#neighbor 23.23.23.3 remote-as 3

R2(config-router)#neighbor 23.23.23.3 next-hop-self

R2(config-router)#net 22.22.22.22 mask 255.255.255.255

R3(config)#no router bgp 123

R3(config)#router bgp 3

R3(config-router)#

R3(config-router)#bgp confederation identifier 123

R3(config-router)#bgp confederation peers 12

R3(config-router)#neighbor 23.23.23.2 remote-as 12

R3(config-router)#net 33.33.33.33 mask 255.255.255.255

cek bgp di R2 R3 pastikan network 11.11.11.11/32 sudah tidak ada

R2#sh ip bgp

BGP table version is 5, local router ID is 22.22.22.22

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 24.24.24.4 0 0 4 i

*>i11.11.11.11/32 12.12.12.1 0 100 0 i

*> 22.22.22.22/32 0.0.0.0 0 32768 i

*> 33.33.33.33/32 23.23.23.3 0 100 0 (3) i

R3#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 23.23.23.2 0 100 0 (12) 4 i

*> 22.22.22.22/32 23.23.23.2 0 100 0 (12) i

*> 33.33.33.33/32 0.0.0.0 0 32768 i

R2#sh ip bgp 11.11.11.11

BGP routing table entry for 11.11.11.11/32, version 3

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised

outside local AS)

Not advertised to any peer

Local

12.12.12.1 from 12.12.12.1 (11.11.11.11)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

Community: local-AS

Kesimpulannya :

• Internet : advertise prefix kemanapun gak ada

• No-advertise : jangan advertise network kemanapun

• No-export : jangan advertise network ke e BGP manapun

• Local AS : jangan advertise network ke luar SUB-AS ( Berlaku untuk BGP

Confederation )

configsantuy

Jumat, 11 Desember 2020

lab 8, Local AS BGP

lab 8, Local AS BGP

Tidak ada komentar:

Posting Komentar

LAB 1 FORTIGATE BASIC KONFIG

Laporkan Penyalahgunaan

Label