Professional Documents
Culture Documents
Lab BGP Juniper
Lab BGP Juniper
Introduction:
Key : configure= masuk mode configurasi, commit = untuk mengesekusi dan menyimpan config.
Rollback = memanggil konfigurasi sebelumnya.
Command Line interface Review
Exec mode:
------------Amnesiac (ttyd0)
login: root
Password:
--- JUNOS 7.4R1.7 built 2005-10-21 01:29:55 UTC
root@% cli
root>
Configuration Mode:
-------------------------root> configure
Entering configuration mode
[edit]
root#
Create User root# set system login user lab class super-user authentication plain-text-password
Check configuration
root# show | compare
root# commit check
Save config and execute root# commit
(save for 2 minutes only root# commit confirmed 2 )
(backup config using name conf1 root# save conf1)
Setting hostnamne
lab # set system host-nam e juniper-lab
lab# commit
Rollback
lab# show | compare rollback 1
lab# rollback 1
(noted : rollback no-change lab@juniper-lab# rollback 0)
Show configuration
Simple lab# show or lab > show configuration
continuously lab# show | no-more
match certain word lab > show configuration | match interface
find certain word and later lab > show configuration | find interface
set configuration lab > show configuration | display set
show logging
log system lab > show log messages
log with 100 lines latest lab > show log messages | last 100
log hardware lab > show log chassis
log user lab > show system users
Hierarchial configuration
Entering lab config lab# edit system login user lab
Entering upper config lab# up
Entering top configuration lab# top
B. Initial System configuration
Key : delete= menghapus konfigurasi, load override terminal = copy paste config keseluruhan, load merge
terminal relative= copy paste config sebagian
Remote
Configure R1
lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30
Configure R2
lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.1.2/30
lab# set interfaces fxp1.0 description "to-R3" family inet address 172.168.2.1/30
Configure R3
lab# set interfaces fxp0.0 description "to-R1" family inet address 172.168.2.2/30
How to check
R1 to R2
lab# run ping 172.168.1.2
R2 to R1
lab# run ping 172.168.1.1
R2 to R3
lab# run ping 172.168.2.2
R3 to R2
lab# run ping 172.168.2.1
C. Static Routing
Page 1 of 20
R2
lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan
lab# set protocols ospf area 0 interface fxp1.0 authentication simple-password ciawi
lab# run show ospf neighbor logical-router R2 assure connection is failed
R3
lab# set protocols ospf area 0 interface fxp0.0 authentication simple-password ciawi
lab# run show ospf neighbor logical-router Rx assure connection is success
Applying policy
R1
lab# set routing-options static route 10.10.1.0/24 reject
lab# set routing-options static route 10.10.2.0/24 reject
lab# set routing-options static route 10.10.3.0/24 reject
lab# set routing-options static route 10.10.4.0/24 reject
lab# set routing-options static route 10.10.5.0/24 reject
lab# set policy-options policy-statement rip-export from protocol static
lab# set policy-options policy-statement rip-export then accept
lab# set protocols ospf export ospf-export
lab# run show route protocol ospf assure R3 receive route from R1
F. ISIS Protocol
Linkstate , ISO, ISIS Area, Level 2/L2, Level 1/L1, L1/L2
Configure R1
lab# set protocols ospf area 1 interface fxp0.0
lab# set protocols ospf area 1 interface lo0.0
configure R2
lab# set protocols ospf area 1 interface fxp0.0
lab# set protocols ospf area 0 interface fxp1.0
lab# set protocols ospf area 0 interface lo0.0
Configure R3
lab# set protocols ospf area 0 interface fxp0.0
how to check
lab# run show ospf interface
lab# run show ospf neighbor
lab# run show route
lab# run ping 172.168.1.2 (from
lab# run ping 172.168.1.1 (from
lab# run ping 172.168.2.2 (from
lab# run ping 172.168.2.1 (from
R1
lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8101.00
lab # set protocols isis interface fxp0.0 level 1 disable
lab # set protocols isis interface lo0.0 passive
R2
lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8102.00
lab # set protocols isis interface fxp0.0 level 1 disable
lab # set protocols isis interface fxp1.0 level 1 disable
lab # set protocols isis interface lo0.0 passive
R1)
R2)
R2)
R3)
Applying authentication
R1
lab# set protocols ospf area 1 interface fxp0.0 authentication md5 10 key cibulan
lab# run show ospf neighbor assure connection is failed
R3
lab# set interfaces lo0.0 family iso address 49.0000.0000.19216.8103.00
lab # set protocols isis interface fxp0.0 level 1 disable
lab # set protocols isis interface lo0.0 passive
lab# run show route protocol isis assure R3 receive route from R1
Page 2 of 20
G. IBGP
AS number sama, routing table scalable, Multiservice.
Lab # set
Lab # set
Lab # set
Lab # set
Lab # set
R3
Lab # set
Lab # set
Lab # set
Lab # set
Lab # set
Assure:
Lab # run show bgp summary
Teknik untuk mendukung full mesh dengan membagi suatu domain menjadi beberapa cluster
Step:
1. IGP (ISIS) sudah ada
2. Tentukan area cluster dng ID yang berbeda
3. Antar dan Inter cluster menggunakan IBGP
4. Pastikan PE-SBY-1 dan PE-SMG-1 menerima route bgp dari PE-MDN-1
R3
Lab # set routing-options autonomous-system 65000
Lab # set protocols bgp group ibgp type internal neighbor 192.168.1.2
Lab # set protocols bgp group ibgp local-address 192.168.1.3
10.0.3.1
10.0.3.2
10.0.3.3
10.0.3.4
10.0.6.6
10.0.6.7
10.0.6.8
em1/9
172.16.10.1/30
em3/4
172.16.2.5/30
em1/1
172.16.1.1/30
em2/2
172.16.1.5/30
PE-SBY-1
em1/4
172.16.2.6/30
em1/1
172.16.1.2/30
PE-MDN-1
RR-JKT-1
RR-JKT-2
RR-JKT-3
PE-JKT-4
PE-SBY-1
PE-SMG-1
RR-JKT-3
RR-JKT-1
PE-MDN-1
Assure:
Lab # run show bgp summary
H. EBGP
AS number berbeda, routing table scalable, Multiservice.
Cluster 0.0.0.2
Cluster 0.0.0.1
em2/9
172.16.10.2/30
em3/7
172.16.2.10/30
em2/3
172.16.1.10/30
em3/6
172.16.2.18/30
em1/8
172.16.10.6/30
em1/6
172.16.2.17/30
RR-JKT-2
em2/5
172.16.2.6/30
em2/7
172.16.2.9/30
em1/3
172.16.1.9/30
em2/2
172.16.1.6/30
em2/5
172.16.2.5/30
em3/8
172.16.10.5/30
PE-JKT-4
PE-SMG-1
Cluster 0.0.0.3
R1
Lab # set
Lab # set
Lab # set
Lab # set
Lab # set
R2
PE-MDN-1
-------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.1.2/30;
Page 3 of 20
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.1.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.1/32;
}
family iso {
address 49.0001.0010.0000.0301.00;
}
}
}
}
routing-options {
static {
route 100.100.1.0/24 reject;
route 100.100.2.0/24 reject;
route 100.100.3.0/24 reject;
}
autonomous-system 65212;
}
protocols {
bgp {
export static;
group cluster-0001 {
type internal;
local-address 10.0.3.1;
neighbor 10.0.3.2;
neighbor 10.0.3.3;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
policy-options {
policy-statement static {
from protocol static;
then accept;
}
}
RR-JKT-1
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.1.1/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.1.10/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.2.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.2/32;
}
family iso {
address 49.0001.0010.0000.0302.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0001 {
type internal;
local-address 10.0.3.2;
cluster 0.0.0.1;
neighbor 10.0.3.1;
neighbor 10.0.3.3;
}
group RR {
type internal;
local-address 10.0.3.2;
neighbor 10.0.3.4;
neighbor 10.0.6.6;
}
}
isis {
interface em1.0 {
level 1 disable;
Page 4 of 20
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
policy-options {
policy-statement bgp-vrf {
from protocol bgp;
then accept;
}
}
RR-JKT-2
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.1.9/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.1.6/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.2.18/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.3/32;
}
family iso {
address 49.0001.0010.0000.0303.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0001 {
type internal;
local-address 10.0.3.3;
cluster 0.0.0.1;
neighbor 10.0.3.1;
neighbor 10.0.3.2;
}
group RR {
type internal;
multihop;
local-address 10.0.3.3;
neighbor 10.0.3.4;
neighbor 10.0.6.6;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
RR-JKT-3
------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.2.6/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.10.2/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.2.10/30;
}
family iso;
}
}
Page 5 of 20
lo0 {
unit 0 {
family inet {
address 10.0.3.4/32;
}
family iso {
address 49.0001.0010.0000.0304.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0002 {
type internal;
local-address 10.0.3.4;
cluster 0.0.0.2;
neighbor 10.0.6.7;
}
group RR {
type internal;
multihop;
local-address 10.0.3.4;
neighbor 10.0.3.2;
neighbor 10.0.6.6;
neighbor 10.0.3.3;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
PE-JKT-4
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.2.17/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.9/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.10.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.6/32;
}
family iso {
address 49.0001.0010.0000.0606.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0003 {
type internal;
local-address 10.0.6.6;
cluster 0.0.0.3;
neighbor 10.0.6.8;
}
group RR {
type internal;
multihop;
local-address 10.0.6.6;
neighbor 10.0.3.2;
neighbor 10.0.3.4;
neighbor 10.0.3.3;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
Page 6 of 20
PE-SBY-1
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.10.1/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.7/32;
}
family iso {
address 49.0001.0010.0000.0607.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0002 {
type internal;
local-address 10.0.6.7;
neighbor 10.0.3.4;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
PE-SMG-1
------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.10.6/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.6/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.8/32;
}
family iso {
address 49.0001.0010.0000.0608.00;
}
}
}
}
routing-options {
autonomous-system 65212;
}
protocols {
bgp {
group cluster-0003 {
type internal;
local-address 10.0.6.8;
neighbor 10.0.6.6;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
IBGP Confideration
Teknik untuk mendukung full mesh dengan membagi suatu AS menjadi AS sub-confideration.
Step:
1.
2.
3.
4.
5.
6.
PE-MDN-1
-------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.1.2/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.1.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.1/32;
}
family iso {
address 49.0001.0010.0000.0301.00;
}
}
}
}
routing-options {
static {
route 100.100.1.0/24 reject;
route 100.100.2.0/24 reject;
route 100.100.3.0/24 reject;
}
autonomous-system 65000;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
export static;
group 65000 {
type internal;
local-address 10.0.3.1;
neighbor 10.0.3.2;
neighbor 10.0.3.3;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
policy-options {
policy-statement static {
from protocol static;
then accept;
}
}
RR-JKT-1
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.1.1/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.1.10/30;
}
family iso;
}
}
Page 8 of 20
em3 {
unit 0 {
family inet {
address 172.16.2.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.2/32;
}
family iso {
address 49.0001.0010.0000.0302.00;
}
}
}
}
routing-options {
autonomous-system 65000;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
group 65000 {
type internal;
local-address 10.0.3.2;
neighbor 10.0.3.1;
neighbor 10.0.3.3;
}
group 65212 {
type external;
multihop;
local-address 10.0.3.2;
neighbor 10.0.3.4 {
peer-as 65002;
}
neighbor 10.0.6.6 {
peer-as 65001;
}
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
policy-options {
policy-statement bgp-vrf {
neighbor 10.0.3.4 {
peer-as 65002;
}
neighbor 10.0.6.6 {
peer-as 65001;
}
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
RR-JKT-3
-----------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.2.6/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.10.2/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.2.10/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.3.4/32;
}
family iso {
address 49.0001.0010.0000.0304.00;
}
}
}
}
routing-options {
autonomous-system 65002;
confederation 65212 members [ 65001 65002 65000 ];
}
protocols {
bgp {
group 65002 {
type internal;
neighbor 10.0.6.7;
}
group 65212 {
type external;
multihop;
local-address 10.0.3.4;
neighbor 10.0.3.2 {
peer-as 65000;
}
neighbor 10.0.6.6 {
peer-as 65001;
}
neighbor 10.0.3.3 {
peer-as 65000;
}
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
PE-JKT-4
------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.2.17/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
Page 10 of 20
interface lo0.0 {
level 1 disable;
}
address 172.16.2.9/30;
}
family iso;
}
}
em3 {
unit 0 {
family inet {
address 172.16.10.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.6/32;
}
family iso {
address 49.0001.0010.0000.0606.00;
}
}
}
}
routing-options {
autonomous-system 65001;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
group 65001 {
type internal;
local-address 10.0.6.6;
neighbor 10.0.6.8;
}
group 65212 {
type external;
multihop;
local-address 10.0.6.6;
neighbor 10.0.3.2 {
peer-as 65000;
}
neighbor 10.0.3.4 {
peer-as 65002;
}
neighbor 10.0.3.3 {
peer-as 65000;
}
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface em3.0 {
level 1 disable;
}
}
}
PE-SBY-1
------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.10.1/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.5/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.7/32;
}
family iso {
address 49.0001.0010.0000.0607.00;
}
}
}
}
routing-options {
autonomous-system 65002;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
group 65002 {
type internal;
local-address 10.0.6.7;
neighbor 10.0.3.4;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
Page 11 of 20
}
PE-SMG-1
------------interfaces {
em1 {
unit 0 {
family inet {
address 172.16.10.6/30;
}
family iso;
}
}
em2 {
unit 0 {
family inet {
address 172.16.2.6/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.6.8/32;
}
family iso {
address 49.0001.0010.0000.0608.00;
}
}
}
}
routing-options {
autonomous-system 65001;
confederation 65212 members [ 65000 65001 65002 ];
}
protocols {
bgp {
group 65001 {
type internal;
local-address 10.0.6.8;
neighbor 10.0.6.6;
}
}
isis {
interface em1.0 {
level 1 disable;
}
interface em2.0 {
level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
}
}
Untuk memastikan gunakan
show bgp summary melihat summary bgp
show route receive-protocol bgp (neighbor) melihat route bgp yang diterima dari peer neighbornya
Export-import BGP
Export BGP policy disisi outbound trafik keluar contoh : advertise route via BGP
root@PE-SBY-1# show policy-options
policy-statement bgp-export {
from protocol static;
then accept;
}
root@PE-SBY-1# show protocols
bgp {
group cluster-0002 {
type internal;
local-address 10.0.6.7;
export bgp-export;
neighbor 10.0.3.4;
}
}
Import BGP policy disisi inbound trafik datang contoh: bloking prefix, as path
policy-statement bgp-import {
term 1 {
from {
protocol bgp;
route-filter 150.0.0.0/24 exact;
}
then reject;
}
term last {
then accept;
Page 12 of 20
}
}
fxp1.6/6
172.168.4.1/30
group RR {
type internal;
local-address 10.0.3.2;
import bgp-import;
neighbor 10.0.3.4;
neighbor 10.0.6.6;
}
Fxp4.7/7
172.168.4.5/30
c2
c1
fxp1.2/2
172.168.1.5/30
fxp2.3/3
172.168.1.10/30
untuk memastikan :
how route advertising-protocol bgp (neighbor) extensive
Fxp3.7/7
172.168.4.6/30
AS 1946
AS 1945
Fxp2.6/6
172.168.4.2/30
fxp3.3/3
172.168.1.9/30
t1
fxp2.2/2
172.168.1.6/30
r1
AS 2009
r1
r2
c1
c2
p1
t1
lo0.1 192.168.1.1
lo0.2 192.168.1.2
lo0.3 192.168.1.3
lo0.4192.168.1.4
lo0.5 192.168.1.5
lo0.6 10.10.10.1
fxp2.1/1
172.168.1.2/30
fxp1.1/1
172.168.1.1/30
fxp1.4/4
172.168.2.2/30
fxp2.4/4
172.168.2.1/30
p1
r2
fxp3.5/5
172.168.3.5/30
fxp4.5/5
172.168.3.6/30
AS 1982
Case:
Lewatkan prefix 150/24 dari PE-SBY-1 ke Custom er
PE-MDN-1 tidak boleh menerima prefix 150/24, lakukan filter di RR-JKT-1 dan RR-JKT-2
Pasang community 65111:200 untuk prefix 150/24 di PE-SMG-1 sehingga diterima di Customer.
Customer
LoadbalanceEBGP ada2:
1.
2.
Case:
Load balance antara r2 dng p1
Step1
konfigurasi static route between r2 and p1
pastikan routing sudah load balance dengan menerapkan policy load balance
lab# show policy-options
policy-statement load-balance {
then {
load-balance per-packet;
}
}
lab# show routing-options
static {
route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ];
}
autonomous-system 2009;
forwarding-table {
Page 13 of 20
export load-balance;
}
Pastikan r2 bisa ping ke ip loopback p1
Dan route sudah menunjukkan load balance
lab# run show route
192.168.1.5/32 *[Static/5] 00:23:52
to 172.168.2.1 via fxp1.4
Output Queue[0]: 0
Pa g e 14 of 20
Case:
1. advertise IP loopback c1 shg p1 bisa ping ip tersebut
Protocol OSPF
di c1
lab# show policy-options
policy-statement loopback {
term 1 {
from {
protocol direct;
route-filter 192.168.1.3/32 exact;
}
then accept;
}
term 2 {
then reject;
}
}
lab# show protocols bgp
group 1945 {
type external;
export loopback;
neighbor 172.168.1.9 {
peer-as 2009;
}
}
I. Logical Router
Configure R1
lab# top edit logical-routers R1
lab# set interfaces fxp0 unit 0 description "to-R2" family inet address 172.168.1.1/30
lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.1/32
lab# set protocols ospf area 0 interface fxp0.0
lab# set protocols ospf area 0 interface lo0.0 passive
configure R2
lab# top edit logical-routers R2
lab# set interfaces fxp1 unit 0 description "to-R2" family inet address 172.168.1.2/30
lab# set interfaces lo0 unit 1 description "to-R2" family inet address 192.168.1.2/32
lab# set protocols ospf area 0 interface fxp1.0
lab# set protocols ospf area 0 interface lo0.1 passive
lab # run show ospf neighbor
lab # run show ospf interface
BGP attribute
----------------Origin menunjukkan asal dari suatu source route secara default origin disimbolkan I
Contoh
lab# run show route protocol bgp terse
inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
vlan
A Destination
P Prf Metric 1 Metric 2 Next hop
AS path
* 10.10.10.1/32
B 170
100
>172.168.1.5 1946 I
B 170
100
>172.168.1.10 1945 1946 I
172.168.1.8/30 B 170
100
>172.168.1.10 1945 I
* 172.168.2.0/30 B 170
100
>172.168.1.2 I
* 172.168.3.4/30 B 170
100
>172.168.1.2 I
* 172.168.4.0/30 B 170
100
>172.168.1.10 1945 I
* 192.168.1.3/32 B 170
100
>172.168.1.10 1945 I
Origin bisa dimanipulasi menjadi incomplete, egp dll
Untuk incomplete disimbolkan ?
Pa g e 15 of 20
Di c2
-------policy-statement static {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then {
origin incomplete;
accept;
}
}
term 2 {
then reject;
}
}
Untuk mengubah ke egp spt dibawah ini:
policy-statement static {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then {
origin egp;
accept;
}
}
term 2 {
then reject;
}
}
}
then {
as-path-prepend "1947 1947";
accept;
}
}
term 2 {
then reject;
}
}
Next-hop
IP address yng ditunjuk oleh router untuk menentukan active route
MED ( Multiple Exit Discriminator )
EBGP EBGP
EBGP IBGP
IBGP IBGP
Pa g e 16 of 20
protocol bgp;
route-filter 10.10.10.1/32 exact;
}
then {
local-preference 150;
}
}
then accept;
}
Untuk verifikasi
lab# run show route 10.10.10.1 detail
inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 1 hidden)
10.10.10.1/32 (1 entry, 1 announced)
*BGP Preference: 170/-151
Next-hop reference count: 17
Source: 192.168.1.1
Next hop: 172.168.1.1 via fxp2.1, selected
Protocol next hop: 192.168.1.1
Indirect next hop: 8683198 131072
State: <Active Int Ext>
Local AS: 2009 Peer AS: 2009
Age: 1:28
Metric2: 1
Task: BGP_2009.192.168.1.1+179
Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-Resolve tree 1
AS path: 1946 I
Localpref: 150
Router ID: 192.168.1.1
Multiple Exit Discriminator
---------------------------------
Lampiran
Di r1
interfaces {
fxp1 {
unit 1 {
vlan-id 1;
family inet {
address 172.168.1.1/30;
}
}
}
fxp2 {
unit 2 {
vlan-id 2;
family inet {
address 172.168.1.6/30;
}
}
}
fxp3 {
unit 3 {
vlan-id 3;
family inet {
address 172.168.1.9/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 192.168.1.1/32;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 192.168.1.1;
export resolve;
neighbor 192.168.1.2;
}
group external {
type external;
export direct;
multipath;
neighbor 172.168.1.10 {
peer-as 1945;
}
neighbor 172.168.1.5 {
peer-as 1946;
}
}
}
ospf {
area 0.0.0.0 {
interface fxp1.1;
interface lo0.1;
}
}
}
policy-options {
policy-statement direct {
term 1 {
from {
protocol direct;
route-filter 172.168.1.0/30 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
route-filter 172.168.2.0/30 exact;
route-filter 172.168.3.4/30 exact;
}
then accept;
}
term last {
then reject;
}
}
Pa g e 17 of 20
policy-statement resolve {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
term 2 {
from {
protocol direct;
route-filter 172.168.1.4/30 exact;
}
}
then accept;
}
}
routing-options {
autonomous-system 2009;
}
Di r2
interfaces {
fxp1 {
unit 4 {
vlan-id 4;
family inet {
address 172.168.2.2/30;
}
}
}
fxp2 {
unit 1 {
vlan-id 1;
family inet {
address 172.168.1.2/30;
}
}
}
fxp3 {
unit 5 {
vlan-id 5;
family inet {
address 172.168.3.5/30;
}
}
}
lo0 {
unit 2 {
family inet {
address 192.168.1.2/32;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 192.168.1.2;
export direct;
neighbor 192.168.1.1;
}
group 1982 {
type external;
multihop;
local-address 192.168.1.2;
neighbor 192.168.1.5 {
peer-as 1982;
}
}
}
ospf {
area 0.0.0.0 {
interface lo0.2;
interface fxp2.1;
}
}
}
policy-options {
policy-statement direct {
term 1 {
from {
protocol direct;
route-filter 172.168.2.0/30 exact;
route-filter 172.168.3.4/30 exact;
}
then accept;
}
term last {
then reject;
}
}
policy-statement load-balance {
then {
load-balance per-packet;
}
}
}
routing-options {
static {
route 192.168.1.5/32 next-hop [ 172.168.2.1 172.168.3.6 ];
}
autonomous-system 2009;
forwarding-table {
export load-balance;
}
}
Di p1
interfaces {
fxp2 {
unit 4 {
vlan-id 4;
family inet {
address 172.168.2.1/30;
}
}
}
fxp4 {
unit 5 {
Pa g e 18 of 20
vlan-id 5;
family inet {
address 172.168.3.6/30;
}
}
}
lo0 {
unit 5 {
family inet {
address 192.168.1.5/32;
}
}
}
}
protocols {
bgp {
group 1982 {
type external;
multihop;
local-address 192.168.1.5;
neighbor 192.168.1.2 {
peer-as 2009;
}
}
}
}
routing-options {
static {
route 192.168.1.2/32 next-hop [ 172.168.2.2 172.168.3.5 ];
}
autonomous-system 1982;
}
Di c1
interfaces {
fxp1 {
unit 6 {
vlan-id 6;
family inet {
address 172.168.4.1/30;
}
}
}
fxp4 {
unit 3 {
vlan-id 3;
family inet {
address 172.168.1.10/30;
}
}
}
lo0 {
unit 3 {
family inet {
address 192.168.1.3/32;
}
}
}
}
protocols {
bgp {
group external {
type external;
neighbor 172.168.1.9 {
peer-as 2009;
}
neighbor 172.168.4.2 {
peer-as 1946;
}
}
}
}
policy-options {
policy-statement static {
term 1 {
from {
protocol direct;
route-filter 192.168.1.3/32 exact;
}
then accept;
}
term 2 {
then reject;
}
}
}
routing-options {
autonomous-system 1945;
}
Di c2
interfaces {
fxp1 {
unit 2 {
vlan-id 2;
family inet {
address 172.168.1.5/30;
}
}
}
fxp2 {
unit 6 {
vlan-id 6;
family inet {
address 172.168.4.2/30;
}
}
}
fxp3 {
unit 7 {
vlan-id 7;
family inet {
address 172.168.4.6/30;
}
}
}
lo0 {
unit 4 {
family inet {
Pa g e 19 of 20
address 192.168.1.4/32;
}
}
}
}
protocols {
bgp {
group external {
type external;
export static;
neighbor 172.168.1.6 {
peer-as 2009;
}
}
group 1945 {
type external;
export static1;
neighbor 172.168.4.1 {
peer-as 1945;
}
}
}
}
policy-options {
policy-statement static {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then {
accept;
}
}
term 2 {
then reject;
}
}
policy-statement static1 {
term 1 {
from {
protocol static;
route-filter 10.10.10.1/32 exact;
}
then accept;
}
term 2 {
then reject;
}
}
}
routing-options {
static {
route 10.10.10.1/32 next-hop 172.168.4.5;
}
autonomous-system 1946;
}
unit 7 {
vlan-id 7;
family inet {
address 172.168.4.5/30;
}
}
}
lo0 {
unit 6 {
family inet {
address 10.10.10.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 172.168.4.6;
}
}
interfaces {
fxp4 {
Pa g e 20 of 20