Konfigurasi BGP with Filtering Routes

Posted: October 26, 2009 in Cisco

Lagi belajar BGP,, buat konfigurasi basic BGP dengan default routing. Dimana gw pake emulator gns3. Disini router yang gue pake ada 3, yaitu 2 router sebagai ISP dan 1 router untuk pelanggan ..Ceritanya sich gietu.. he.he..he…Berikut diagram BGP seperti dibawah ini...Lanjut

Screenshot-GNS3 - -home-widodo-Learning By Doing-Cisco-BGP with Static Route.net
Skenario :

1. Masing2 router punya AS Number,, dan punya interface loopback
2. R2 ceritanya pelanggan , dan R4 – R5 : router ISP
3. Pada router BGP, network yang diadvertise yaitu ip network interface loopback

Konfigurasi R2 (Pelanggan) :

interface Loopback0
ip address 192.192.168.1 255.255.255.0
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.172.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.10.10.1 255.255.255.252
duplex auto
speed auto
!

router bgp 500
no synchronization
bgp log-neighbor-changes
network 192.168.10.0
network 192.168.168.0
neighbor 10.10.10.2 remote-as 600
neighbor 172.172.1.2 remote-as 700

AS R2: 500, karena router pelanggan (R2) connect ke 2 router ISP. Maka di dalam router BGP R2 ada remote-as 2 router ISP tersebut. Sedangkan di sisi masing-masing router ISP hanya ada 1 remote-as, yaitu
AS R2 : 500

Konfigurasi Router 4 (ISP-1)

interface Loopback0
ip address 20.10.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.10.10.2 255.255.255.252
duplex auto
speed auto
!
router bgp 600
no synchronization
bgp log-neighbor-changes
network 20.10.1.0 mask 255.255.255.0
neighbor 10.10.10.1 remote-as 500

Konfigurasi Router5 (ISP-2)

interface Loopback0
ip address 172.16.5.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.172.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
router bgp 700
no synchronization
bgp log-neighbor-changes
network 172.16.5.0 mask 255.255.255.0
neighbor 172.172.1.1 remote-as 500

Saatnya Testing he.he..e

1. Ping interface loopback router R4 & R5 dari R2
Ping R2 — > R4

router-2#ping 20.10.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.10.1.1, timeout is 2 seconds:
!!!!!

Ping R2 — > R5

router-2#ping 172.16.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/9/20 ms

Coba lihat ip route R2,,

router-2#sh ip route

20.0.0.0/24 is subnetted, 1 subnets
B 20.10.1.0 [20/0] via 10.10.10.2, 00:46:20
C 192.168.10.0/24 is directly connected, Loopback1
172.172.0.0/30 is subnetted, 1 subnets
C 172.172.1.0 is directly connected, FastEthernet0/0
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.5.0 [20/0] via 172.172.1.2, 00:46:20
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet1/0
C 192.192.168.0/24 is directly connected, Loopback0

Perhatikan simbol huruf “B”, itu merupakan BGP. Bisa terlihat dari R2 tenyata sdh connect BGP dengan interface loopback dari R4 & R5

ok confignya sdh selesai,, sekarang coba kita pasang filtering routes pada R2. Filtering Routes ini dimaksudkan agar network didalam R2 tidak diadvertise/broadcast ke R4&R5. Kasarnya biar networknya ga dilihat sama Router R4 dan R5..he.eh..e

Coba kita perhatikan di R4 , cek dengan sh ip route

router-4#sh ip route
20.0.0.0/24 is subnetted, 1 subnets
C 20.10.1.0 is directly connected, Loopback0
B 192.168.10.0/24 [20/0] via 10.10.10.1, 00:00:45
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.5.0 [20/0] via 10.10.10.1, 00:01:16
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet1/0

Perhatikan huruf B,, terlihat 192.168.10.0/24 adalan interface loopback R2, dan 1721.6.5.0 adalah interface loopback R5.

Coba Cek R5,, sh ip route jga..

router-5#sh ip route
Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
B 20.10.1.0 [20/0] via 172.172.1.1, 00:03:19
B 192.168.10.0/24 [20/0] via 172.172.1.1, 00:03:18
172.172.0.0/30 is subnetted, 1 subnets
C 172.172.1.0 is directly connected, FastEthernet0/0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.5.0 is directly connected, Loopback0

Ternyata sebaliknya, R5 mendapat network broadcast dari R2 dan R4..

Ok langsung saja,, buat filtering di R2. Langkahnya :
1. Buat access list, ini untuk interface loopback R2 saja. Digedein aja networknya …

router-2(config)#access-list 1 permit 192.168.0.0 0.0.1.255

2. Kemudian, buang atau keluarkan network neighbor R4 dan R5.

router-2(config-router)#neighbor 172.172.1.2 distribute-list 1 out
router-2(config-router)#neighbor 10.10.10.2 distribute-list 1 out

Coba lihat efeknya,,,coba clear dulu bgp masing2 ketiga router tersebut, dengan command :
R2 :

router-2#clear bgp *
router-2#
*Mar 1 01:34:08.795: %BGP-5-ADJCHANGE: neighbor 10.10.10.2 Down User reset
*Mar 1 01:34:08.795: %BGP-5-ADJCHANGE: neighbor 172.172.1.2 Down User reset

R4 :
router-4#clear bgp all 500
*Mar 1 02:20:40.735: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Down User reset
*Mar 1 02:20:44.039: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up

R5 :
router-5#clear bgp all 500
*Mar 1 02:00:50.115: %BGP-5-ADJCHANGE: neighbor 172.172.1.1 Down User reset
*Mar 1 02:00:52.579: %BGP-5-ADJCHANGE: neighbor 172.172.1.1 Up

Lihat lagi, apakah network R2 masih ada di R4 dan R5…

cek di R4 :
router-4#sh ip route

Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
C 20.10.1.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet1/0

Hore,, sdh ga ada huruf “B” nya.. berati sukses filtering routesnya…he.he.h.e

Next,, R5 :

router-5#sh ip route
Gateway of last resort is not set

172.172.0.0/30 is subnetted, 1 subnets
C 172.172.1.0 is directly connected, FastEthernet0/0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.5.0 is directly connected, Loopback0

Alhamdulillah,, bisa juga maen BGP dg filtering routes.. Tapi ini masih se-UPIL…wakakkaakak
Belanda masih jauh bos,,,,,

<!–more-

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s