Scribd
Upload
2K views

Lab BGP Juniper

The document provides instructions for configuring routing protocols on Juniper routers including: 1. Static routing is configured between routers R1-R2 and R2-R3 to establish connectivity. 2. OSPF routing protocol is configured between routers R1-R2 in area 1 and R2-R3 in area 0. Authentication is enabled on interfaces. 3. Route filtering is applied on R1 to reject routes to subnets and export OSPF routes to establish selective routing.

Uploaded by

cru55er
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
2K views

Lab BGP Juniper

The document provides instructions for configuring routing protocols on Juniper routers including: 1. Static routing is configured between routers R1-R2 and R2-R3 to establish connectivity. 2. OSPF routing protocol is configured between routers R1-R2 in area 1 and R2-R3 in area 0. Authentication is enabled on interfaces. 3. Route filtering is applied on R1 to reject routes to subnets and export OSPF routes to establish selective routing.

Uploaded by

cru55er
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

A. Introduction: Delete everything under this level?

[yes,no] (no) yes


lab# load override terminal
Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config. copy paste configuration here
Rollback = memanggil konfigurasi sebelumnya. finished using enter and ctrl+d keys
lab# load merge terminal relative
Command Line interface Review copy paste configuration here
Exec mode: finished using enter and ctrl+d keys
------------- lab# commit check
Amnesiac (ttyd0) lab# commit
login: root
Password: lab# run show interfaces terse
--- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC Interface Admin Link Proto Local Remote
root@% cli dsc up up
root> fxp0 up up
fxp0.0 up up inet 192.168.1.123/24
Configuration Mode: fxp1 up up
-------------------------- fxp1.1 up up inet 172.168.1.1/30
root> configure fxp1.2 up up inet 172.168.2.1/30
Entering configuration mode fxp2 up up
fxp2.1 up up inet 172.168.1.2/30
[edit] fxp2.2 up up inet 172.168.2.2/30
root# fxp3 up up
fxp4 up up
Create User à root# set system login user lab class super-user authentication plain-text-password fxp4.1 up up inet 10.10.10.1/30
Check configuration à root# show | compare
root# commit check
Save config and execute à root# commit
(save for 2 minutes only à root# commit confirmed 2 )
(backup config using name conf1 à root# save conf1)
Setting hostnamne à lab # set system host-nam e juniper-lab
lab# commit
Rollback à lab# show | compare rollback 1
lab# rollback 1 (noted : rollback no-change àlab@juniper-lab# rollback 0)

Show configuration
Simple à lab# show or lab > show configuration
continuously à lab# show | no-more
match certain word à lab > show configuration | match interface Configure R1
find certain word and later à lab > show configuration | find interface lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30
set configuration à lab > show configuration | display set
Configure R2
lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30
show logging lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30
log system à lab > show log messages
log with 100 lines latest à lab > show log messages | last 100 Configure R3
log hardware à lab > show log chassis lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30
log user à lab > show system users
How to check
Hierarchial configuration R1 to R2
Entering lab config à lab# edit system login user lab lab# run ping 172.168.1.2 rapid count 1000
Entering upper config à lab# up R2 to R1
Entering top configuration à lab# top lab# run ping 172.168.1.1 rapid count 1000
R2 to R3
B. Initial System configuration lab# run ping 172.168.2.2 rapid count 1000
R3 to R2
Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge lab# run ping 172.168.2.1 rapid count 1000
terminal relative= copy paste config sebagian
noted: assure that there isn’t connectivity between R1 and R3
lab# delete
This will delete the entire configuration C. Static Routing
Page 1 of 20
R2
Routing permanent, manual, metric/preference=5, mengenal source dan gateway. lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan
lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi
Key : next-hop: gateway untuk network. lab# run show ospf neighbor logical-router R2 à assure connection is failed
Configure R1
lab# set routing-options static route 172.168.2.0/30 next-hop 172.168.1.2 R3
lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi
Configure R3
lab# set routing-options static route 172.168.1.0/30 next-hop 172.168.2.1 lab# run show ospf neighbor logical-router Rx à assure connection is success

How to check on R1 Applying policy


lab# run ping 172.168.1.1 R1
lab# run ping 172.168.2.2 lab# set routing-options static route 10.10.1.0/24 reject
lab# run show route lab# set routing-options static route 10.10.2.0/24 reject
lab# set routing-options static route 10.10.3.0/24 reject
E. OSPF Protocol lab# set routing-options static route 10.10.4.0/24 reject
lab# set routing-options static route 10.10.5.0/24 reject
Linkstate protocol, Cost (10^8/bandwith), LSA, OSPF Area lab# set policy-options policy-statement rip-export from protocol static
lab# set policy-options policy-statement rip-export then accept
lab# set protocols ospf export ospf-export

lab# run show route protocol ospf à assure R3 receive route from R1

F. ISIS Protocol
Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2

Configure R1
lab# set protocols ospf area 1 interface fxp0.0
lab# set protocols ospf area 1 interface lo0.0

configure R2
lab# set protocols ospf area 1 interface fxp0.0
lab# set protocols ospf area 0 interface fxp1.0 R1
lab# set protocols ospf area 0 interface lo0.0 lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00
lab # set protocols isis interface fxp0.0 level 1 disable
Configure R3 lab # set protocols isis interface lo0.0 passive
lab# set protocols ospf area 0 interface fxp0.0
R2
how to check lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00
lab# run show ospf interface lab # set protocols isis interface fxp0.0 level 1 disable
lab# run show ospf neighbor lab # set protocols isis interface fxp1.0 level 1 disable
lab# run show route lab # set protocols isis interface lo0.0 passive
lab# run ping 172.168.1.2 (from R1)
lab# run ping 172.168.1.1 (from R2) R3
lab# run ping 172.168.2.2 (from R2) lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00
lab# run ping 172.168.2.1 (from R3) lab # set protocols isis interface fxp0.0 level 1 disable
lab # set protocols isis interface lo0.0 passive
Applying authentication
R1 lab# run show route protocol isis à assure R3 receive route from R1
lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan
lab# run show ospf neighbor à assure connection is failed
Page 2 of 20
Lab # set routing-options autonomous-system 65002
G. IBGP Lab # set protocols bgp group ibgp multihop
AS number sama, routing table scalable, Multiservice. Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 peer-as 65001
Lab # set protocols bgp group ibgp neighbor 192.168.1.3 peer-as 65003
Lab # set protocols bgp group ibgp local-address 192.168.1.2

R3
Lab # set routing-options autonomous-system 65003
Lab # set protocols bgp group ibgp multihop
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2
Lab # set protocols bgp group ibgp peer-as 65002
Lab # set protocols bgp group ibgp local-address 192.168.1.3

Assure:
Lab # run show bgp summary

IBGP Route Reflection


R1 Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster
Lab # set routing-options autonomous-system 65000 Step:
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 1. IGP (ISIS) sudah ada
Lab # set protocols bgp group ibgp local-address 192.168.1.1 2. Tentukan area cluster dng ID yang berbeda
3. Antar dan Inter cluster menggunakan IBGP
R2 4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
Lab # set routing-options autonomous-system 65000
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.1 Cluster 0.0.0.2
Cluster 0.0.0.1
Lab # set protocols bgp group ibgp neighbor 192.168.1.3
Lab # set protocols bgp group ibgp local-address 192.168.1.2

PE-MDN-1 RR-JKT-1 RR-JKT-3 PE-SBY-1


R3
Lab # set routing-options autonomous-system 65000 em1/9
em1/1 em1/4
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 172.16.1.2/30 172.16.2.6/30 172.16.10.1/30
Lab # set protocols bgp group ibgp local-address 192.168.1.3 em1/1 em3/4 em2/9
172.16.1.1/30 172.16.2.5/30 172.16.10.2/30
Assure: em2/2 em2/3 em3/7
172.16.1.5/30 172.16.2.10/30 em2/5
Lab # run show bgp summary 172.16.1.10/30
172.16.2.5/30

H. EBGP
AS number berbeda, routing table scalable, Multiservice. PE-MDN-1 10.0.3.1
RR-JKT-1 10.0.3.2 em1/3 em2/7 em2/5
RR-JKT-2 10.0.3.3 172.16.1.9/30 172.16.2.9/30 172.16.2.6/30
RR-JKT-3 10.0.3.4
em3/6
PE-JKT-4 10.0.6.6 em1/8
em2/2 172.16.2.18/30
PE-SBY-1 10.0.6.7 172.16.10.6/30
PE-SMG-1 10.0.6.8 172.16.1.6/30
em1/6 em3/8
172.16.2.17/30 172.16.10.5/30

RR-JKT-2 PE-JKT-4 PE-SMG-1

Cluster 0.0.0.3
R1
Lab # set routing-options autonomous-system 65001
Lab # set protocols bgp group ibgp peer-as 65002 PE-MDN-1
Lab # set protocols bgp group ibgp multihop --------------
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2 interfaces {
Lab # set protocols bgp group ibgp local-address 192.168.1.1 em1 {
unit 0 {
R2 family inet {
address 172.16.1.2/30;
Page 3 of 20
} RR-JKT-1
family iso; ------------
} interfaces {
} em1 {
em2 { unit 0 {
unit 0 { family inet {
family inet { address 172.16.1.1/30;
address 172.16.1.5/30; }
} family iso;
family iso; }
} }
} em2 {
lo0 { unit 0 {
unit 0 { family inet {
family inet { address 172.16.1.10/30;
address 10.0.3.1/32; }
} family iso;
family iso { }
address 49.0001.0010.0000.0301.00; }
} em3 {
} unit 0 {
} family inet {
} address 172.16.2.5/30;
routing-options { }
static { family iso;
route 100.100.1.0/24 reject; }
route 100.100.2.0/24 reject; }
route 100.100.3.0/24 reject; lo0 {
} unit 0 {
autonomous-system 65212; family inet {
} address 10.0.3.2/32;
protocols { }
bgp { family iso {
export static; address 49.0001.0010.0000.0302.00;
group cluster-0001 { }
type internal; }
local-address 10.0.3.1; }
neighbor 10.0.3.2; }
neighbor 10.0.3.3; routing-options {
} autonomous-system 65212;
} }
isis { protocols {
interface em1.0 { bgp {
level 1 disable; group cluster-0001 {
} type internal;
interface em2.0 { local-address 10.0.3.2;
level 1 disable; cluster 0.0.0.1;
} neighbor 10.0.3.1;
interface lo0.0 { neighbor 10.0.3.3;
level 1 disable; }
} group RR {
} type internal;
} local-address 10.0.3.2;
policy-options { neighbor 10.0.3.4;
policy-statement static { neighbor 10.0.6.6;
from protocol static; }
then accept; }
} isis {
} interface em1.0 {
level 1 disable;
Page 4 of 20
} protocols {
interface em2.0 { bgp {
level 1 disable; group cluster-0001 {
} type internal;
interface em3.0 { local-address 10.0.3.3;
level 1 disable; cluster 0.0.0.1;
} neighbor 10.0.3.1;
interface lo0.0 { neighbor 10.0.3.2;
level 1 disable; }
} group RR {
} type internal;
} multihop;
policy-options { local-address 10.0.3.3;
policy-statement bgp-vrf { neighbor 10.0.3.4;
from protocol bgp; neighbor 10.0.6.6;
then accept; }
} }
} isis {
interface em1.0 {
RR-JKT-2 level 1 disable;
------------ }
interfaces { interface em2.0 {
em1 { level 1 disable;
unit 0 { }
family inet { interface em3.0 {
address 172.16.1.9/30; level 1 disable;
} }
family iso; interface lo0.0 {
} level 1 disable;
} }
em2 { }
unit 0 { }
family inet {
address 172.16.1.6/30; RR-JKT-3
} -------------
family iso; interfaces {
} em1 {
} unit 0 {
em3 { family inet {
unit 0 { address 172.16.2.6/30;
family inet { }
address 172.16.2.18/30; family iso;
} }
family iso; }
} em2 {
} unit 0 {
lo0 { family inet {
unit 0 { address 172.16.10.2/30;
family inet { }
address 10.0.3.3/32; family iso;
} }
family iso { }
address 49.0001.0010.0000.0303.00; em3 {
} unit 0 {
} family inet {
} address 172.16.2.10/30;
} }
routing-options { family iso;
autonomous-system 65212; }
} }
Page 5 of 20
lo0 { family inet {
unit 0 { address 172.16.2.9/30;
family inet { }
address 10.0.3.4/32; family iso;
} }
family iso { }
address 49.0001.0010.0000.0304.00; em3 {
} unit 0 {
} family inet {
} address 172.16.10.5/30;
} }
routing-options { family iso;
autonomous-system 65212; }
} }
protocols { lo0 {
bgp { unit 0 {
group cluster-0002 { family inet {
type internal; address 10.0.6.6/32;
local-address 10.0.3.4; }
cluster 0.0.0.2; family iso {
neighbor 10.0.6.7; address 49.0001.0010.0000.0606.00;
} }
group RR { }
type internal; }
multihop; }
local-address 10.0.3.4; routing-options {
neighbor 10.0.3.2; autonomous-system 65212;
neighbor 10.0.6.6; }
neighbor 10.0.3.3; protocols {
} bgp {
} group cluster-0003 {
isis { type internal;
interface em1.0 { local-address 10.0.6.6;
level 1 disable; cluster 0.0.0.3;
} neighbor 10.0.6.8;
interface em2.0 { }
level 1 disable; group RR {
} type internal;
interface em3.0 { multihop;
level 1 disable; local-address 10.0.6.6;
} neighbor 10.0.3.2;
interface lo0.0 { neighbor 10.0.3.4;
level 1 disable; neighbor 10.0.3.3;
} }
} }
} isis {
interface em1.0 {
PE-JKT-4 level 1 disable;
------------ }
interfaces { interface em2.0 {
em1 { level 1 disable;
unit 0 { }
family inet { interface em3.0 {
address 172.16.2.17/30; level 1 disable;
} }
family iso; interface lo0.0 {
} level 1 disable;
} }
em2 { }
unit 0 { }
Page 6 of 20
family inet {
PE-SBY-1 address 172.16.10.6/30;
------------ }
interfaces { family iso;
em1 { }
unit 0 { }
family inet { em2 {
address 172.16.10.1/30; unit 0 {
} family inet {
family iso; address 172.16.2.6/30;
} }
} family iso;
em2 { }
unit 0 { }
family inet { lo0 {
address 172.16.2.5/30; unit 0 {
} family inet {
family iso; address 10.0.6.8/32;
} }
} family iso {
lo0 { address 49.0001.0010.0000.0608.00;
unit 0 { }
family inet { }
address 10.0.6.7/32; }
} }
family iso { routing-options {
address 49.0001.0010.0000.0607.00; autonomous-system 65212;
} }
} protocols {
} bgp {
} group cluster-0003 {
routing-options { type internal;
autonomous-system 65212; local-address 10.0.6.8;
} neighbor 10.0.6.6;
protocols { }
bgp { }
group cluster-0002 { isis {
type internal; interface em1.0 {
local-address 10.0.6.7; level 1 disable;
neighbor 10.0.3.4; }
} interface em2.0 {
} level 1 disable;
isis { }
interface em1.0 { interface lo0.0 {
level 1 disable; level 1 disable;
} }
interface em2.0 { }
level 1 disable; }
}
interface lo0.0 {
level 1 disable;
} IBGP Confideration
} Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration.
}
Step:
PE-SMG-1 1. IGP sudah ada (ISIS)
------------- 2. Tentukan AS primary misal 65212
interfaces { 3. Tentukan AS confideration ditiap domain
em1 { 4. Dalam satu domain harus menggunakan IBGP
unit 0 { 5. Antar domain harus logical full mesh dng menggunakan EBGP

Page 7 of 20
6. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1 }
}
routing-options {
static {
route 100.100.1.0/24 reject;
route 100.100.2.0/24 reject;
route 100.100.3.0/24 reject;
}
autonomous-system 65000;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
export static;
group 65000 {
type internal;
local-address 10.0.3.1;
neighbor 10.0.3.2;
neighbor 10.0.3.3;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
PE-MDN-1
}
--------------
policy-options {
interfaces {
policy-statement static {
em1 {
from protocol static;
unit 0 {
then accept;
family inet {
}
address 172.16.1.2/30;
}
}
family iso;
RR-JKT-1
}
------------
}
em2 {
interfaces {
unit 0 {
em1 {
family inet {
unit 0 {
address 172.16.1.5/30;
family inet {
}
address 172.16.1.1/30;
family iso;
}
}
family iso;
}
}
lo0 {
}
unit 0 {
em2 {
family inet {
unit 0 {
address 10.0.3.1/32;
family inet {
}
address 172.16.1.10/30;
family iso {
}
address 49.0001.0010.0000.0301.00;
family iso;
}
}
}
}
Page 8 of 20
em3 { from protocol bgp;
unit 0 { then accept;
family inet { }
address 172.16.2.5/30; }
}
family iso; RR-JKT-2
} -------------
}
lo0 { interfaces {
unit 0 { em1 {
family inet { unit 0 {
address 10.0.3.2/32; family inet {
} address 172.16.1.9/30;
family iso { }
address 49.0001.0010.0000.0302.00; family iso;
} }
} }
} em2 {
} unit 0 {
routing-options { family inet {
autonomous-system 65000; address 172.16.1.6/30;
confederation 65212 members [ 65000 65001 65002 ]; }
} family iso;
protocols { }
bgp { }
group 65000 { em3 {
type internal; unit 0 {
local-address 10.0.3.2; family inet {
neighbor 10.0.3.1; address 172.16.2.18/30;
neighbor 10.0.3.3; }
} family iso;
group 65212 { }
type external; }
multihop; lo0 {
local-address 10.0.3.2; unit 0 {
neighbor 10.0.3.4 { family inet {
peer-as 65002; address 10.0.3.3/32;
} }
neighbor 10.0.6.6 { family iso {
peer-as 65001; address 49.0001.0010.0000.0303.00;
} }
} }
} }
isis { }
interface em1.0 { routing-options {
level 1 disable; autonomous-system 65000;
} confederation 65212 members [ 65000 65001 65002 65003 ];
interface em2.0 { }
level 1 disable; protocols {
} bgp {
interface em3.0 { group 65000 {
level 1 disable; type internal;
} local-address 10.0.3.3;
interface lo0.0 { neighbor 10.0.3.1;
level 1 disable; neighbor 10.0.3.2;
} }
} group 65212 {
} type external;
policy-options { multihop;
policy-statement bgp-vrf { local-address 10.0.3.3;
Page 9 of 20
neighbor 10.0.3.4 { }
peer-as 65002; }
} }
neighbor 10.0.6.6 { routing-options {
peer-as 65001; autonomous-system 65002;
} confederation 65212 members [ 65001 65002 65000 ];
} }
} protocols {
isis { bgp {
interface em1.0 { group 65002 {
level 1 disable; type internal;
} neighbor 10.0.6.7;
interface em2.0 { }
level 1 disable; group 65212 {
} type external;
interface em3.0 { multihop;
level 1 disable; local-address 10.0.3.4;
} neighbor 10.0.3.2 {
interface lo0.0 { peer-as 65000;
level 1 disable; }
} neighbor 10.0.6.6 {
} peer-as 65001;
} }
neighbor 10.0.3.3 {
RR-JKT-3 peer-as 65000;
------------ }
}
interfaces { }
em1 { isis {
unit 0 { interface em1.0 {
family inet { level 1 disable;
address 172.16.2.6/30; }
} interface em2.0 {
family iso; level 1 disable;
} }
} interface em3.0 {
em2 { level 1 disable;
unit 0 { }
family inet { interface lo0.0 {
address 172.16.10.2/30; level 1 disable;
} }
family iso; }
} }
}
em3 {
unit 0 { PE-JKT-4
family inet { -------------
address 172.16.2.10/30;
} interfaces {
family iso; em1 {
} unit 0 {
} family inet {
lo0 { address 172.16.2.17/30;
unit 0 { }
family inet { family iso;
address 10.0.3.4/32; }
} }
family iso { em2 {
address 49.0001.0010.0000.0304.00; unit 0 {
} family inet {
Page 10 of 20
address 172.16.2.9/30; interface lo0.0 {
} level 1 disable;
family iso; }
} }
} }
em3 {
unit 0 { PE-SBY-1
family inet { -------------
address 172.16.10.5/30;
} interfaces {
family iso; em1 {
} unit 0 {
} family inet {
lo0 { address 172.16.10.1/30;
unit 0 { }
family inet { family iso;
address 10.0.6.6/32; }
} }
family iso { em2 {
address 49.0001.0010.0000.0606.00; unit 0 {
} family inet {
} address 172.16.2.5/30;
} }
} family iso;
routing-options { }
autonomous-system 65001; }
confederation 65212 members [ 65000 65001 65002 ]; lo0 {
} unit 0 {
protocols { family inet {
bgp { address 10.0.6.7/32;
group 65001 { }
type internal; family iso {
local-address 10.0.6.6; address 49.0001.0010.0000.0607.00;
neighbor 10.0.6.8; }
} }
group 65212 { }
type external; }
multihop; routing-options {
local-address 10.0.6.6; autonomous-system 65002;
neighbor 10.0.3.2 { confederation 65212 members [ 65000 65001 65002 ];
peer-as 65000; }
} protocols {
neighbor 10.0.3.4 { bgp {
peer-as 65002; group 65002 {
} type internal;
neighbor 10.0.3.3 { local-address 10.0.6.7;
peer-as 65000; neighbor 10.0.3.4;
} }
} }
} isis {
isis { interface em1.0 {
interface em1.0 { level 1 disable;
level 1 disable; }
} interface em2.0 {
interface em2.0 { level 1 disable;
level 1 disable; }
} interface lo0.0 {
interface em3.0 { level 1 disable;
level 1 disable; }
} }
Page 11 of 20
} show route protocol bgp  melihat semua route bgp

PE-SMG-1
------------- Export-import BGP
interfaces {
em1 {
unit 0 {
family inet {
address 172.16.10.6/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.6/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.8/32;
}
family iso {
address 49.0001.0010.0000.0608.00;
}
}
}
}
routing-options {
autonomous-system 65001;
confederation 65212 members [ 65000 65001 65002 ]; Export BGP  policy disisi outbound  trafik keluar contoh : advertise route via BGP
} root@PE-SBY-1# show policy-options
protocols { policy-statement bgp-export {
bgp { from protocol static;
group 65001 { then accept;
type internal; }
local-address 10.0.6.8; root@PE-SBY-1# show protocols
neighbor 10.0.6.6; bgp {
} group cluster-0002 {
} type internal;
isis { local-address 10.0.6.7;
interface em1.0 { export bgp-export;
level 1 disable; neighbor 10.0.3.4;
} }
interface em2.0 { }
level 1 disable; Import BGP  policy disisi inbound trafik datang contoh: bloking prefix, as path
} policy-statement bgp-import {
interface lo0.0 { term 1 {
level 1 disable; from {
} protocol bgp;
} route-filter 150.0.0.0/24 exact;
} }
then reject;
Untuk memastikan gunakan }
show bgp summary  melihat summary bgp term last {
show route receive-protocol bgp (neighbor)  melihat route bgp yang diterima dari peer neighbornya then accept;
Page 12 of 20
}
} fxp1.6/6 Fxp2.6/6 Fxp3.7/7 Fxp4.7/7
172.168.4.1/30 172.168.4.2/30 172.168.4.6/30 172.168.4.5/30
group RR { AS 1946
type internal; AS 1945
local-address 10.0.3.2; c1 c2
import bgp-import;
neighbor 10.0.3.4;
neighbor 10.0.6.6; fxp1.2/2
} fxp2.3/3
172.168.1.5/30
t1
} 172.168.1.10/30

Install Community bgp


Community merupakan attribute BGP yang digunakan untuk memanage route berdasarkan ID contoh
65111:200 mempunyai prefix 150/24 fxp3.3/3 fxp2.2/2
172.168.1.9/30 172.168.1.6/30
root@PE-SMG-1# show policy-options
policy-statement community { r1
from {
protocol bgp;
route-filter 150.0.0.0/24 exact; fxp1.1/1
} AS 2009 172.168.1.1/30
then {
community add c-65111:200;
r1 lo0.1 192.168.1.1
accept; fxp2.1/1
}
r2 lo0.2 192.168.1.2 fxp1.4/4 fxp2.4/4
172.168.1.2/30
} c1 lo0.3 192.168.1.3 172.168.2.2/30 172.168.2.1/30
community c-65111:200 members 65111:200; c2 lo0.4192.168.1.4
p1 lo0.5 192.168.1.5 r2 p1
untuk memastikan : t1 lo0.6 10.10.10.1 fxp3.5/5 fxp4.5/5
how route advertising-protocol bgp (neighbor) extensive 172.168.3.5/30 172.168.3.6/30
AS 1982
Case:
Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er
PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2 LoadbalanceEBGP ada2:
Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer. 1. Multihop based on local address
2. Multipath  based on Link layer

Customer Case:
Load balance antara r2 dng p1

Step1

konfigurasi static route between r2 and p1


pastikan routing sudah load balance dengan menerapkan policy load balance

lab# show policy-options


policy-statement load-balance {
then {
load-balance per-packet;
}
}
lab# show routing-options
static {
route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ];
}
autonomous-system 2009;
forwarding-table {
Page 13 of 20
export load-balance; Output Queue[0]: 0
}
Pastikan r2 bisa ping ke ip loopback p1
Dan route sudah menunjukkan load balance Load balance antara r1 dng c1 dan c2
lab# run show route Konfigurasi di c1
192.168.1.5/32 *[Static/5] 00:23:52 lab# show protocols bgp
to 172.168.2.1 via fxp1.4 group 1945 {
 to 172.168.3.6 via fxp3.5 type external;
neighbor 172.168.1.9 {
lab# run show route forwarding-table peer-as 2009;
192.168.1.5/32 user 1 ulst 131070 2 }
172.168.2.1 ucst 495 2 fxp1.4 }
172.168.3.6 ucst 490 2 fxp3.5 Konfigurasi di c2
Step 2 lab# show protocols bgp
Konfigurasi multihop di P1 dan r2 group external {
Di P1 type external;
lab# show protocols bgp neighbor 172.168.1.6 {
group 1982 { peer-as 2009;
type external; }
multihop; }
local-address 192.168.1.5;
neighbor 192.168.1.2 { Konfigurasi di r1 dng menggunakan multipath
peer-as 2009;
} lab# show protocols bgp
} group external {
Di r2 type external;
lab# show protocols bgp multipath;
group 1982 { neighbor 172.168.1.10 {
type external; peer-as 1945;
multihop; }
local-address 192.168.1.2; neighbor 172.168.1.5 {
neighbor 192.168.1.5 { peer-as 1946;
peer-as 1982; }
} }
}
lab# run show bgp neighbor 172.168.1.5
Untuk verifikasi: Peer: 172.168.1.5+179 AS 1945 Local: 172.168.1.6+3545 AS 2009
lab# run show bgp neighbor 192.168.1.5 logical-router r2 Type: External State: Established Flags: <Sync>
Peer: 192.168.1.5+2236 AS 1982 Local: 192.168.1.2+179 AS 2009 Last State: OpenConfirm Last Event: RecvKeepAlive
Type: External State: Established Flags: <ImportEval Sync> Last Error: None
Last State: OpenConfirm Last Event: RecvKeepAlive Options: <Preference HoldTime PeerAS Multipath Refresh>
Last Error: None Holdtime: 90 Preference: 170
Options: <Multihop Preference LocalAddress HoldTime PeerAS Refresh> Number of flaps: 0
Local Address: 192.168.1.2 Holdtime: 90 Preference: 170 Peer ID: 192.168.1.4 Local ID: 192.168.1.1 Active Holdtime: 90
Number of flaps: 0 Keepalive Interval: 30 Peer index: 1
Peer ID: 192.168.1.5 Local ID: 192.168.1.2 Active Holdtime: 90 Local Interface: fxp2.2
Keepalive Interval: 30 Peer index: 0 NLRI advertised by peer: inet-unicast
NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast
NLRI for this session: inet-unicast Peer supports Refresh capability (2)
Peer supports Refresh capability (2) Table inet.0 Bit: 10001
Table inet.0 Bit: 10001 RIB State: BGP restart is complete
RIB State: BGP restart is complete Send state: in sync
Send state: in sync Active prefixes: 0
Active prefixes: 0 Received prefixes: 0
Received prefixes: 0 Suppressed due to damping: 0
Suppressed due to damping: 0 Advertised prefixes: 0
Advertised prefixes: 0 Last traffic (seconds): Received 10 Sent 10 Checked 10
Last traffic (seconds): Received 23 Sent 23 Checked 23 Input messages: Total 4 Updates 0 Refreshes 0 Octets 76
Input messages: Total 22 Updates 0 Refreshes 0 Octets 444 Output messages: Total 5 Updates 0 Refreshes 0 Octets 121
Output messages: Total 23 Updates 0 Refreshes 0 Octets 463 Output Queue[0]: 0
Pa g e 14 of 20
Modifiying BGP attribute For example on OSPF configuration

Case: Protocol OSPF


1. advertise IP loopback c1 shg p1 bisa ping ip tersebut

di c1
lab# show policy-options
policy-statement loopback {
term 1 {
from {
protocol direct;
route-filter 192.168.1.3/32 exact;
}
then accept;
}
term 2 {
then reject;
}
}
lab# show protocols bgp Configure R1
group 1945 { lab# top edit logical-routers R1
type external; lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30
export loopback; lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32
neighbor 172.168.1.9 { lab# set protocols ospf area 0 interface fxp0.0
peer-as 2009; lab# set protocols ospf area 0 interface lo0.0 passive
}
}
configure R2
lab# top edit logical-routers R2
I. Logical Router lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30
lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32
lab# set protocols ospf area 0 interface fxp1.0
lab# set protocols ospf area 0 interface lo0.1 passive

lab # run show ospf neighbor


lab # run show ospf interface

BGP attribute
-----------------
Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I
Contoh
lab# run show route protocol bgp terse

inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path


* 10.10.10.1/32 B 170 100 >172.168.1.5 1946 I
B 170 100 >172.168.1.10 1945 1946 I
172.168.1.8/30 B 170 100 >172.168.1.10 1945 I
* 172.168.2.0/30 B 170 100 >172.168.1.2 I
* 172.168.3.4/30 B 170 100 >172.168.1.2 I
vlan * 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I
 Sub interface dari interface * 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I

Configure logical router R1  lab@lab # set logical-routers R1 Origin bisa dimanipulasi menjadi incomplete, egp dll
Entering config logical-router  lab@lab # edit logical-routers r1 Untuk incomplete disimbolkan ?
Pa g e 15 of 20
Di c2 }
-------- then {
policy-statement static { as-path-prepend "1947 1947";
term 1 { accept;
from { }
protocol static; }
route-filter 10.10.10.1/32 exact; term 2 {
} then reject;
then { }
origin incomplete; }
accept;
}
} lab# run show route protocol bgp terse logical-router r1
term 2 {
then reject; inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
} + = Active Route, - = Last Active, * = Both
}
A Destination P Prf Metric 1 Metric 2 Next hop AS path
Untuk mengubah ke egp spt dibawah ini: * 10.10.10.1/32 B 170 100 >172.168.1.10 1945 1946 I
B 170 100 >172.168.1.5 1947 1947 1946 I
policy-statement static { * 172.168.2.0/30 B 170 100 >172.168.1.2 I
term 1 { * 172.168.3.4/30 B 170 100 >172.168.1.2 I
from {
protocol static; Pastikan jalur route sudah benar melalui c1 dari p1
route-filter 10.10.10.1/32 exact; lab# run traceroute 10.10.10.1
} traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 40 byte packets
then { 1 172.168.2.2 (172.168.2.2) 1.981 ms 1.441 ms 1.032 ms
origin egp; 2 172.168.1.1 (172.168.1.1) 1.175 ms 1.134 ms 1.102 ms
accept; 3 172.168.1.10 (172.168.1.10) 1.398 ms 1.493 ms 0.989 ms
} 4 172.168.4.2 (172.168.4.2) 1.210 ms 1.507 ms 4.401 ms
} 5 10.10.10.1 (10.10.10.1) 1.573 ms 2.391 ms 1.526 ms
term 2 {
then reject;
} Next-hop
} IP address yng ditunjuk oleh router untuk menentukan active route

MED ( Multiple Exit Discriminator ) 


Hasilnya bisa dilihat di r1 EBGP – EBGP
lab# run show route protocol bgp terse logical-router r1 EBGP – IBGP
IBGP – IBGP
inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both Local preference  hanya terjadi di IBGP
Contoh ubah local preference untuk route 10.10.10.1 di local as
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 10.10.10.1/32 B 170 100 >172.168.1.5 1946 ? policy-statement resolve {
B 170 100 >172.168.1.10 1945 1946 I term 1 {
172.168.1.8/30 B 170 100 >172.168.1.10 1945 I from protocol bgp;
* 172.168.2.0/30 B 170 100 >172.168.1.2 I then {
* 172.168.3.4/30 B 170 100 >172.168.1.2 I next-hop self;
* 172.168.4.0/30 B 170 100 >172.168.1.10 1945 I }
* 192.168.1.3/32 B 170 100 >172.168.1.10 1945 I }
term 2 {
As-path from {
Jalur yang telah dipilih oleh suatu route didalam BGP protocol direct;
Di c2 route-filter 172.168.1.4/30 exact;
policy-statement static { }
term 1 { then accept;
from { }
protocol static; term 3 {
route-filter 10.10.10.1/32 exact; from {
Pa g e 16 of 20
protocol bgp; address 172.168.1.9/30;
route-filter 10.10.10.1/32 exact; }
} }
then { }
local-preference 150; lo0 {
} unit 1 {
} family inet {
then accept; address 192.168.1.1/32;
} }
}
Untuk verifikasi }
lab# run show route 10.10.10.1 detail }
protocols {
inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden) bgp {
10.10.10.1/32 (1 entry, 1 announced) group internal {
*BGP Preference: 170/-151 type internal;
Next-hop reference count: 17 local-address 192.168.1.1;
Source: 192.168.1.1 export resolve;
Next hop: 172.168.1.1 via fxp2.1, selected neighbor 192.168.1.2;
Protocol next hop: 192.168.1.1 }
Indirect next hop: 8683198 131072 group external {
State: <Active Int Ext> type external;
Local AS: 2009 Peer AS: 2009 export direct;
Age: 1:28 Metric2: 1 multipath;
Task: BGP_2009.192.168.1.1+179 neighbor 172.168.1.10 {
Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1 peer-as 1945;
AS path: 1946 I }
Localpref: 150 neighbor 172.168.1.5 {
Router ID: 192.168.1.1 peer-as 1946;
}
Multiple Exit Discriminator }
--------------------------------- }
ospf {
area 0.0.0.0 {
Community route yang telah di tag misal 65000:1100 interface fxp1.1;
interface lo0.1;
}
Lampiran }
Di r1 }
interfaces { policy-options {
fxp1 { policy-statement direct {
unit 1 { term 1 {
vlan-id 1; from {
family inet { protocol direct;
address 172.168.1.1/30; route-filter 172.168.1.0/30 exact;
} }
} then accept;
} }
fxp2 { term 2 {
unit 2 { from {
vlan-id 2; protocol bgp;
family inet { route-filter 172.168.2.0/30 exact;
address 172.168.1.6/30; route-filter 172.168.3.4/30 exact;
} }
} then accept;
} }
fxp3 { term last {
unit 3 { then reject;
vlan-id 3; }
family inet { }
Pa g e 17 of 20
policy-statement resolve { neighbor 192.168.1.1;
term 1 { }
from protocol bgp; group 1982 {
then { type external;
next-hop self; multihop;
} local-address 192.168.1.2;
} neighbor 192.168.1.5 {
term 2 { peer-as 1982;
from { }
protocol direct; }
route-filter 172.168.1.4/30 exact; }
} ospf {
} area 0.0.0.0 {
then accept; interface lo0.2;
} interface fxp2.1;
} }
routing-options { }
autonomous-system 2009; }
} policy-options {
policy-statement direct {
Di r2 term 1 {
interfaces { from {
fxp1 { protocol direct;
unit 4 { route-filter 172.168.2.0/30 exact;
vlan-id 4; route-filter 172.168.3.4/30 exact;
family inet { }
address 172.168.2.2/30; then accept;
} }
} term last {
} then reject;
fxp2 { }
unit 1 { }
vlan-id 1; policy-statement load-balance {
family inet { then {
address 172.168.1.2/30; load-balance per-packet;
} }
} }
} }
fxp3 { routing-options {
unit 5 { static {
vlan-id 5; route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ];
family inet { }
address 172.168.3.5/30; autonomous-system 2009;
} forwarding-table {
} export load-balance;
} }
lo0 { }
unit 2 {
family inet { Di p1
address 192.168.1.2/32; interfaces {
} fxp2 {
} unit 4 {
} vlan-id 4;
} family inet {
protocols { address 172.168.2.1/30;
bgp { }
group internal { }
type internal; }
local-address 192.168.1.2; fxp4 {
export direct; unit 5 {
Pa g e 18 of 20
vlan-id 5; protocols {
family inet { bgp {
address 172.168.3.6/30; group external {
} type external;
} neighbor 172.168.1.9 {
} peer-as 2009;
lo0 { }
unit 5 { neighbor 172.168.4.2 {
family inet { peer-as 1946;
address 192.168.1.5/32; }
} }
} }
} }
} policy-options {
protocols { policy-statement static {
bgp { term 1 {
group 1982 { from {
type external; protocol direct;
multihop; route-filter 192.168.1.3/32 exact;
local-address 192.168.1.5; }
neighbor 192.168.1.2 { then accept;
peer-as 2009; }
} term 2 {
} then reject;
} }
} }
routing-options { }
static { routing-options {
route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ]; autonomous-system 1945;
} }
autonomous-system 1982;
} Di c2
interfaces {
fxp1 {
Di c1 unit 2 {
interfaces { vlan-id 2;
fxp1 { family inet {
unit 6 { address 172.168.1.5/30;
vlan-id 6; }
family inet { }
address 172.168.4.1/30; }
} fxp2 {
} unit 6 {
} vlan-id 6;
fxp4 { family inet {
unit 3 { address 172.168.4.2/30;
vlan-id 3; }
family inet { }
address 172.168.1.10/30; }
} fxp3 {
} unit 7 {
} vlan-id 7;
lo0 { family inet {
unit 3 { address 172.168.4.6/30;
family inet { }
address 192.168.1.3/32; }
} }
} lo0 {
} unit 4 {
} family inet {
Pa g e 19 of 20
address 192.168.1.4/32; unit 7 {
} vlan-id 7;
} family inet {
} address 172.168.4.5/30;
} }
protocols { }
bgp { }
group external { lo0 {
type external; unit 6 {
export static; family inet {
neighbor 172.168.1.6 { address 10.10.10.1/32;
peer-as 2009; }
} }
} }
group 1945 { }
type external; routing-options {
export static1; static {
neighbor 172.168.4.1 { route 0.0.0.0/0 next-hop 172.168.4.6;
peer-as 1945; }
} }
}
}
}
policy-options {
policy-statement static {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then {
accept;
}
}
term 2 {
then reject;
}
}
policy-statement static1 {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then accept;
}
term 2 {
then reject;
}
}
}
routing-options {
static {
route 10.10.10.1/32 next-hop 172.168.4.5;
}
autonomous-system 1946;
}

interfaces {
fxp4 {
Pa g e 20 of 20

You might also like