Pelatihan BGP Sesi II - Lab Export

Pelatihan BGP Topology Sesi II
Topology Pujo Mulyono & Faisal Reza

R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
Topology
R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
R3-Jeruk
[admin@R3-JERUK] > export compact
# may/21/2023 11:24:46 by RouterOS 7.9
# software id =
#
/interface bridge
add name=loopback1
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1-R2-JERUK
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no name=ether5-SWITCH
/disk
set slot1 slot=slot1 type=hardware
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/routing id
add disabled=no id=172.255.255.3 name=loopback1 select-dynamic-id=""
/routing ospf instance
add disabled=no in-filter-chain=in-ospf name=ospf-instance-1 out-filter-chain=out-ospf redistribute=\
connected router-id=loopback1 routing-table=main
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-0
/routing bgp template
set default as=65500 disabled=no output.network=bgp_network router-id=172.255.255.3 routing-table=main
/ip address
add address=192.168.88.1/24 interface=ether5-SWITCH network=192.168.88.0
add address=172.255.255.3 interface=loopback1 network=172.255.255.3
add address=172.51.51.2/30 interface=ether2-R1-JERUK network=172.51.51.0
/ip dhcp-client
add interface=ether1-R2-JERUK
/ip firewall address-list
add address=103.50.50.0/24 list=bgp_network
/ip route
add blackhole disabled=no dst-address=103.50.50.0/24 gateway="" routing-table=main suppress-hw-offload=no
add blackhole disabled=no distance=1 dst-address=103.51.51.0/24 gateway="" pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=10
add blackhole disabled=no distance=1 dst-address=103.50.50.0/23 gateway="" pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=10
/routing bgp connection
add address-families=ip as=65500 disabled=no input.filter=in-iBGP-R1-JERUK local.address=172.255.255.3 \
.role=ibgp-rr name=bgp1-iBGP-R1-JERUK nexthop-choice=force-self output.filter-chain=out-iBGP-R1-JERUK \
.network=bgp_network remote.address=172.255.255.1/32 .as=65500 router-id=172.255.255.3 routing-table=\
main templates=default
add address-families=ip as=65500 disabled=no input.filter=in-iBGP-R2-JERUK local.address=172.255.255.3 \
.role=ibgp-rr name=bgp2-iBGP-R2 nexthop-choice=force-self output.filter-chain=out-iBGP-R2-JERUK \
.network=bgp_network remote.address=172.255.255.2/32 .as=65500 router-id=172.255.255.3 routing-table=\
main templates=default
/routing filter community-list
add communities=65200:100 disabled=no list=TEST-COMM
/routing filter rule
add chain=out-ospf disabled=no rule="accept;"
add chain=in-ospf disabled=no rule="accept;"
add chain=in-iBGP-R1-JERUK disabled=no rule="if(dst==8.8.8.0/24){set bgp-weight 155}"
add chain=in-iBGP-R1-JERUK disabled=no rule="accept;"
add chain=out-iBGP-R1-JERUK disabled=no rule="if(dst==103.50.50.0/24) {accept;}"
add chain=out-iBGP-R1-JERUK disabled=no rule=\
"if(dst in 103.50.50.0/23 && dst-len >=23 && dst-len <=24) {accept;}"
add chain=out-iBGP-R1-JERUK disabled=no rule="reject;\r\
\n"
add chain=in-iBGP-R2-JERUK disabled=yes rule="if(dst==8.8.8.0/24){set bgp-weight 155}"
add chain=in-iBGP-R2-JERUK disabled=yes rule="set bgp-weight 155; accept;"
add chain=in-iBGP-R2-JERUK disabled=no rule="accept;"
add chain=out-iBGP-R2-JERUK disabled=no rule=\
"if(dst in 103.50.50.0/23 && dst-len >=23 && dst-len <=24) {accept;}"
add chain=out-iBGP-R2-JERUK disabled=no rule="reject;\r\
\n"
/routing ospf interface-template
add area=ospf-area-0 disabled=no interfaces=ether2-R1-JERUK networks=172.51.51.0/30
add area=ospf-area-0 disabled=no interfaces=loopback1 networks=172.255.255.3/32 passive
/system identity
set name=R3-JERUK
/system note
set show-at-login=no
/tool romon
set enabled=yes
Topology
R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
[admin@R1-JERUK] > export compact
# may/21/2023 11:25:46 by RouterOS 6.48.6
# software id =
#
#
#
/interface bridge
add name=loopback1
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1-R1-UPSTREAM
set [ find default-name=ether4 ] disable-running-check=no name=ether4-R1-JAMBU
/routing bgp instance
set default as=65500 router-id=172.255.255.1
set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.255.255.1
/ip address
add address=103.10.10.3 interface=ether1-R1-UPSTREAM network=103.10.10.2
add address=103.30.30.2/30 interface=ether4-R1-JAMBU network=103.30.30.0
/ip dhcp-client
add disabled=no interface=ether1-R1-UPSTREAM
/routing bgp network
add disabled=yes network=103.50.50.0/24 synchronize=no
/routing bgp peer
add in-filter=in-UPSTREAM-AS65100 name=peer1-UPSTREAM-AS65100 out-filter=in-UPSTREAM-AS65100 \
remote-address=103.10.10.2 remote-as=65100
add in-filter=in-iBGP-R3 name=peer2-iBGP-R3 nexthop-choice=force-self out-filter=out-iBGP-R3 \
remote-address=172.255.255.3 remote-as=65500 update-source=loopback1
add in-filter=in-JAMBU-AS65300 name=peer3-AS65300-JAMBU out-filter=out-JAMBU-AS65300 remote-address=\
103.30.30.1 remote-as=65300
/routing filter
add action=accept chain=out-UPSTREAM-AS65100 prefix=103.50.50.0/23 prefix-length=23-24 set-bgp-communities=\
17451:669
add action=reject chain=out-UPSTREAM-AS65100
add action=accept chain=in-UPSTREAM-AS65100
add action=accept chain=in-iBGP-R3 prefix=103.50.50.0/23 prefix-length=23-24 set-distance=20
add action=accept chain=out-iBGP-R3
add action=accept chain=out-JAMBU-AS65300 comment="MED 75" disabled=yes prefix=103.50.50.0/23 \
prefix-length=23 set-bgp-med=75
add action=accept chain=out-JAMBU-AS65300 prefix=103.50.50.0/24
add action=discard chain=out-JAMBU-AS65300 disabled=yes set-bgp-med=75
add action=accept chain=out-JAMBU-AS65300 prefix=103.50.51.0/24
add action=discard chain=out-JAMBU-AS65300
add action=accept bgp-communities=65200:100 chain=in-JAMBU-AS65300 set-type=blackhole
/routing ospf network
add area=backbone network=172.51.51.0/30
add area=backbone network=172.255.255.1/32
/system identity
set name=R1-JERUK
/tool romon
set enabled=yes
Topology
R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
/interface bridge
add name=loopback1
/interface ethernet
/disk
/port
set 0 name=serial0
/routing id
add disabled=no id=172.255.255.2 name=loopback1 select-dynamic-id=""
add disabled=no in-filter-chain=in-ospf name=ospf-instance-1 out-filter-chain=out-ospf redistribute=\
connected router-id=loopback1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-0
set default as=65500 disabled=no router-id=172.255.255.2 routing-table=main
/ip address
/ip dhcp-client
add interface=ether1-R3-JERUK
add as=65500 disabled=no input.filter=in-iBGP-R3 local.address=172.255.255.2 .role=ibgp name=\
bgp1-iBGP-R3-JERUK nexthop-choice=force-self output.filter-chain=out-iBGP-R3 remote.address=\
172.255.255.3/32 .as=65500 router-id=172.255.255.2 routing-table=main templates=default
add as=65500 disabled=no input.filter=in-R1-JAMBU-AS65300 local.role=ebgp name=bgp2-R1-JAMBU \
output.filter-chain=out-R1-JAMBU-AS65300 remote.address=103.30.30.253/32 .as=65300 router-id=\
172.255.255.2 routing-table=main templates=default
add chain=out-ospf disabled=no rule="accept;"
add chain=in-ospf disabled=no rule="accept;"
add chain=in-R1-JAMBU-AS65300 disabled=no rule="accept;"
add chain=out-R1-JAMBU-AS65300 disabled=no rule="if(dst in 103.50.50.0/23) {accept}"
add chain=in-iBGP-R3 disabled=no rule="if(dst in 103.50.50.0/23 && dst-len >=23 && dst-len <=24) {accept}"
add chain=in-iBGP-R3 disabled=no rule="accept;\r\
\n"
add chain=out-iBGP-R3 disabled=no rule="set bgp-local-pref 150; accept;\r\
\n"
add chain=out-iBGP-R3 disabled=no rule="if(dst==8.8.8.0/24){set bgp-local-pref 150; accept}"
add chain=out-iBGP-R3 disabled=no rule="accept;"
/routing ospf interface-template
add area=ospf-area-0 disabled=no interfaces=loopback1 networks=172.255.255.2/32 passive
/system identity
set name=R2-JERUK
/system note
/tool romon
set enabled=yes
Topology
R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
/interface ethernet
set [ find default-name=ether2 ] disable-running-check=no name=ether2-INTENET
set [ find default-name=ether5 ] disable-running-check=no name=ether5-R1-APEL
set default as=65100 redistribute-static=yes
/ip address
add address=103.10.10.2 interface=ether1-R1-JERUK network=103.10.10.3
add address=103.10.10.0 interface=ether5-R1-APEL network=103.10.10.1
add address=1.1.1.2/24 interface=ether2-INTENET network=1.1.1.0
add address=9.9.9.9/24 interface=ether2-INTENET network=9.9.9.0
/ip dhcp-client
add disabled=no interface=ether1-R1-JERUK
/ip route
add distance=1 dst-address=8.8.4.4/32 gateway=103.10.10.1
add network=1.1.1.0/24
add network=9.9.9.0/24 synchronize=no
/routing bgp peer
add in-filter=in-APEL-AS65200 name=peer1-APEL-AS65200 out-filter=out-APEL-AS65200 remote-address=\
103.10.10.1 remote-as=65200
add in-filter=in-JERUK-AS65500 name=peer2-R1-JERUK out-filter=out-JERUK-AS65500 remote-address=103.10.10.3 \
remote-as=65500
/routing filter
add action=discard chain=out-APEL-AS65200 disabled=yes
add action=accept bgp-as-path=65200 chain=in-APEL-AS65200
add action=discard chain=in-APEL-AS65200 disabled=yes
add action=accept bgp-as-path=65500 chain=in-JERUK-AS65500
add action=accept bgp-as-path="^\$" chain=out-JERUK-AS65500
add action=accept chain=out-JERUK-AS65500 prefix=103.20.20.0/22 prefix-length=23-24
add action=discard chain=out-JERUK-AS65500 prefix=8.8.4.4 prefix-length=24-32
add action=accept chain=out-JERUK-AS65500 prefix=8.8.8.0/24
add action=reject chain=out-JERUK-AS65500
/system identity
set name=R1-UPSTREAM
/tool romon
set enabled=yes
Topology
R3-Jeruk
R1-Jeruk
R2-Jeruk
R1-Upstream
R1-Apel
R1-Jambu
/interface ethernet
set [ find default-name=ether2 ] disable-running-check=no name=ether2-INTERNET
set [ find default-name=ether5 ] disable-running-check=no name=ether5-R1-UPSTREAM
set default as=65200
/ip address
add address=103.10.10.1 interface=ether5-R1-UPSTREAM network=103.10.10.0
add address=8.8.8.1/2 interface=ether2-INTERNET
/ip dhcp-client
add disabled=no interface=ether1-R1-JAMBU
/routing bgp peer
add in-filter=in-UPSTREAM-AS65100 name=peer1-UPSTREAM-AS65100 out-filter=out-UPSTREAM-AS65100 \
remote-address=103.10.10.0 remote-as=65100 update-source=*0
add in-filter=in-JAMBU-AS65300 name=peer2-JAMBU-AS65200 out-filter=out-JAMBU-AS65300 remote-address=\
103.20.20.2 remote-as=65300 update-source=*0
/routing filter
add action=accept chain=out-UPSTREAM-AS65100 prefix=8.8.8.0/24
add action=accept chain=out-UPSTREAM-AS65100 prefix=103.20.20.0/24 prefix-length=24
add action=discard chain=out-UPSTREAM-AS65100
add action=accept chain=in-UPSTREAM-AS65100 prefix=0.0.0.0/0
add action=discard chain=in-UPSTREAM-AS65100 disabled=yes
add action=accept chain=out-JAMBU-AS65300 set-bgp-communities=65200:100
add action=accept chain=out-JAMBU-AS65300
add action=accept chain=in-JAMBU-AS65300
/system identity
set name=R1-APEL
/tool romon
set enabled=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1-R1-APEL
/disk
/port
set 0 name=serial0
set default as=65300 disabled=no output.network=bgp_network_jambu routing-table=main
/ip address
add address=103.20.20.2/30 interface=ether1-R1-APEL network=103.20.20.0
/ip dhcp-client
add interface=ether1-R1-APEL
/ip firewall address-list
add address=103.30.30.0/24 list=bgp_network_jambu
add as=65300 disabled=no input.filter=in-APEL-AS65200 local.role=ebgp-customer name=bgp1-APEL-AS65200 \
output.filter-chain=out-APEL-AS65200 .network=bgp_network_jambu remote.address=103.20.20.1/32 .as=6520
routing-table=main templates=default
add as=65300 disabled=no input.filter=in-R1-JERUK-AS65500 local.role=ebgp name=bgp2-R1-JERUK-AS65500 \
output.filter-chain=out-R1-JERUK-AS65500 .network=bgp_network_jambu remote.address=103.30.30.2/32 .as=
65500 routing-table=main templates=default
add as=65300 disabled=no input.filter=in-R2-JERUK-AS65500 local.role=ebgp name=bgp3-R2-JERUK-AS65500 \
output.filter-chain=out-R2-JERUK-AS65500 .network=bgp_network_jambu remote.address=103.30.30.254/32 \
.as=65500 routing-table=main templates=default
add chain=in-APEL-AS65200 disabled=no rule="accept;"
add chain=out-APEL-AS65200 disabled=no rule="if(dst==103.30.30.0/24) {accept}"
add chain=out-R2-JERUK-AS65500 disabled=no rule="if(bgp-as-path 65200 && dst==8.8.8.0/24) {accept}"
add chain=out-R2-JERUK-AS65500 disabled=no rule="accept;"
add chain=out-R1-JERUK-AS65500 disabled=no rule="if(bgp-as-path 65200 && dst==8.8.8.0/24) {accept}"
add chain=in-R1-JERUK-AS65500 disabled=no rule="accept;"
add chain=in-R2-JERUK-AS65500 disabled=no rule="accept;"
/system identity
set name=R1-JAMBU
/system note
/tool romon
set enabled=yes
e=bgp1-APEL-AS65200 \
s=103.20.20.1/32 .as=65200 \
p2-R1-JERUK-AS65500 \
dress=103.30.30.2/32 .as=\
p3-R2-JERUK-AS65500 \
dress=103.30.30.254/32 \
.8.0/24) {accept}"
.8.0/24) {accept}"

Pelatihan BGP Sesi II - Lab Export

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pelatihan BGP Sesi II - Lab Export

Uploaded by

Copyright:

Available Formats

Pelatihan BGP Topology Sesi II

Topology Pujo Mulyono & Faisal Reza

You might also like