Sunday, 29 January 2017

Lab. 20 Superlab Mikrotik

Assalamualaikum,

Pada kali ini saya akan membahas superlab yang sudah saya buat yang masih berisi mengenai materi routing dimana sebelumnya saya sudah memposting superlab buatan saya dan mengenai materi routing juga yaitu pada postingan Lab. 19 Superlab Mikrotik. Oke langsung saja, berikut topologi yang akan saya gunakan pada superlab kali ini.


Dan materi yang akan dibahas pada superlab kali ini adalah sebagai berikut.
  1. Routing BGP 
  2. BGP Confederation
  3. BGP Multihoming 
  4. Route Filtering 
  5. BGP Max Prefix 
  6. BGP Default Originate
Konfigurasi 

Pertama tama, tentunya lakukan konfigurasi ip address terlebih dahulu kepada setiap interface yang ada pada router. Namun untuk menghemat halaman posting, sekalian aja konfigurasi BGP Instance sama BGP Peer ya hehehe

Konfigurasi R1

[admin@R1] > /ip address
add address=19.19.19.1/16 disabled=no interface=ether1 network=19.19.0.0
add address=10.10.10.1/16 disabled=no interface=ether2 network=10.10.0.0
add address=12.12.12.1/24 disabled=no interface=ether3 network=12.12.12.0
add address=13.13.13.1/24 disabled=no interface=ether4 network=13.13.13.0
add address=1.0.0.1/32 disabled=no interface=lo1 network=1.0.0.1
[admin@R1] > /routing bgp instance
set default as=500 client-to-client-reflection=yes cluster-id=1.0.0.1 redistribute-connected=yes router-id=1.0.0.1
[admin@R1] > /routing bgp peer
add default-originate=always instance=default name=peer1 nexthop-choice=force-self remote-address=12.12.12.2 remote-as=100 route-reflect=yes
add default-originate=always instance=default name=peer2 nexthop-choice=force-self remote-address=13.13.13.3 remote-as=100 route-reflect=yes
[admin@R1] > /routing bgp network
add disabled=no network=12.12.12.0/24 synchronize=yes
add disabled=no network=13.13.13.0/24 synchronize=yes
Konfigurasi R2

[admin@R2] > /ip address
add address=12.12.12.2/24 disabled=no interface=ether1 network=12.12.12.0
add address=25.25.25.2/24 disabled=no interface=ether3 network=25.25.25.0
add address=26.26.26.2/24 disabled=no interface=ether4 network=26.26.26.0
add address=24.24.24.2/24 disabled=no interface=ether2 network=24.24.24.0
add address=1.0.0.2/32 disabled=no interface=lo1 network=1.0.0.2
[admin@R2] > /routing bgp instance
set default as=100 client-to-client-reflection=yes cluster-id=1.0.0.2 redistribute-connected=yes router-id=1.0.0.2
[admin@R2] > /routing bgp peer
add default-originate=always instance=default name=peer1 nexthop-choice=force-self remote-address=25.25.25.5 remote-as=200 route-reflect=yes
add default-originate=always instance=default name=peer2 nexthop-choice=force-self remote-address=26.26.26.6 remote-as=200 route-reflect=yes
add default-originate=always instance=default name=peer3 nexthop-choice=force-self remote-address=24.24.24.4 remote-as=300
add instance=default name=peer4 nexthop-choice=force-self remote-address=12.12.12.1 remote-as=500
[admin@R2] > /routing bgp network
add disabled=no network=25.25.25.0/24 synchronize=yes
add disabled=no network=26.26.26.0/24 synchronize=yes
add disabled=no network=12.12.12.0/24 synchronize=yes
add disabled=no network=24.24.24.0/24 synchronize=yes
Konfigurasi R3
[admin@R3] > /ip address
add address=13.13.13.3/24 disabled=no interface=ether1 network=13.13.13.0
add address=34.34.34.3/24 disabled=no interface=ether2 network=34.34.34.0
add address=37.37.37.3/24 disabled=no interface=ether3 network=37.37.37.0
add address=38.38.38.3/24 disabled=no interface=ether4 network=38.38.38.0
add address=1.0.0.3/32 disabled=no interface=lo1 network=1.0.0.3
[admin@R3] > /routing bgp instance
set default as=100 client-to-client-reflection=yes cluster-id=1.0.0.3 redistribute-connected=yes router-id=1.0.0.3
[admin@R3] > /routing bgp peer
add instance=default name=peer1 nexthop-choice=force-self remote-address=13.13.13.1 remote-as=500
add default-originate=always instance=default name=peer2 nexthop-choice=force-self remote-address=37.37.37.7 remote-as=400 route-reflect=yes
add default-originate=always instance=default name=peer3 nexthop-choice=force-self remote-address=38.38.38.8 remote-as=400 route-reflect=yes
add instance=default name=peer4 nexthop-choice=force-self remote-address=34.34.34.4 remote-as=300
[admin@R3] > /routing bgp network
add disabled=no network=13.13.13.0/24 synchronize=yes
add disabled=no network=34.34.34.0/24 synchronize=yes
add disabled=no network=37.37.37.0/24 synchronize=yes
add disabled=no network=38.38.38.0/24 synchronize=yes
Konfigurasi R4
[admin@R4] > /ip address
add address=24.24.24.4/24 disabled=no interface=ether1 network=24.24.24.0
add address=34.34.34.4/24 disabled=no interface=ether2 network=34.34.34.0
add address=11.0.4.4/24 disabled=no interface=ether3 network=11.0.4.0
add address=1.0.0.4/32 disabled=no interface=lo1 network=1.0.0.4
[admin@R4] > /routing bgp instance
set default as=300 client-to-client-reflection=yes cluster-id=1.0.0.4 redistribute-connected=yes router-id=1.0.0.4
[admin@R4] > /routing bgp peer
add instance=default name=peer1 nexthop-choice=force-self remote-address=24.24.24.2 remote-as=100
add instance=default name=peer2 nexthop-choice=force-self remote-address=34.34.34.3 remote-as=100
add default-originate=always name=peer3 nexthop-choice=force-self remote-address=11.0.4.11 remote-as=300 route-reflect=yes
[admin@R4] > /routing bgp network
add disabled=no network=24.24.24.0/24 synchronize=yes
add disabled=no network=34.34.34.0/24 synchronize=yes
add disabled=no network=11.0.4.0/24 synchronize=yes
Konfigurasi R5

[admin@R5] > /ip address
add address=25.25.25.5/24 disabled=no interface=ether1 network=25.25.25.0
add address=59.59.59.5/24 disabled=no interface=ether3 network=59.59.59.0
add address=56.56.56.5/24 disabled=no interface=ether2 network=56.56.56.0
add address=1.0.0.5/32 disabled=no interface=lo1 network=1.0.0.5
[admin@R5] > /routing bgp instance
set default as=5 client-to-client-reflection=yes cluster-id=1.0.0.5 confederation=200 confederation-peers=6,9 redistribute-connected=yes router-id=1.0.0.5
[admin@R5] > /routing bgp peer
add default-originate=always instance=default name=peer1 nexthop-choice=force-self remote-address=59.59.59.9 remote-as=9 route-reflect=yes
add default-originate=always instance=default name=peer2 remote-address=56.56.56.6 remote-as=6 rroute-reflect=yes
add instance=default name=peer3 remote-address=25.25.25.2 remote-as=100
[admin@R5] > /routing bgp network
add disabled=no network=59.59.59.0/24 synchronize=yes
add disabled=no network=56.56.56.0/24 synchronize=yes
add disabled=no network=25.25.25.0/24 synchronize=yes
Konfigurasi R6

[admin@R6] > /ip address
add address=26.26.26.6/24 disabled=no interface=ether1 network=26.26.26.0
add address=10.0.6.6/24 disabled=no interface=ether3 network=10.0.6.0
add address=56.56.56.6/24 disabled=no interface=ether2 network=56.56.56.0
add address=1.0.0.6/32 disabled=no interface=lo1 network=1.0.0.6
[admin@R6] > /routing bgp instance
set default as=6 client-to-client-reflection=yes cluster-id=1.0.0.6 confederation=200 confederation-peers=5,10 redistribute-connected=yes router-id=1.0.0.6
[admin@R6] > /routing bgp peer
add instance=default name=peer1 nexthop-choice=force-self remote-address=56.56.56.5 remote-as=5 route-reflect=yes
add default-originate=always instance=default multihop=no name=peer2 nexthop-choice=force-self remote-address=10.0.6.10 remote-as=10 route-reflect=yes
add instance=default name=peer3 nexthop-choice=force-self remote-address=26.26.26.2 remote-as=100
[admin@R6] > /routing bgp network
add disabled=no network=10.0.6.0/24 synchronize=yes
add disabled=no network=26.26.26.0/24 synchronize=yes
add disabled=no network=56.56.56.0/24 synchronize=yes
Konfigurasi R7

[admin@R7] > /ip address
add address=37.37.37.7/24 disabled=no interface=ether1 network=37.37.37.0
add address=78.78.78.7/24 disabled=no interface=ether2 network=78.78.78.0
add address=12.0.7.7/24 disabled=no interface=ether3 network=12.0.7.0
add address=1.0.0.7/32 disabled=no interface=lo1 network=1.0.0.7
[admin@R7] > /routing bgp instance
set default as=400 client-to-client-reflection=yes cluster-id=1.0.0.7 redistribute-connected=yes router-id=1.0.0.7
[admin@R7] > /routing bgp peer
add instance=default name=peer1 nexthop-choice=force-self remote-address=37.37.37.3 remote-as=100
add instance=default name=peer2 nexthop-choice=force-self remote-address=78.78.78.8 remote-as=400 route-reflect=yes
add default-originate=always instance=default name=peer3 nexthop-choice=force-self remote-address=12.0.7.12 remote-as=400 route-reflect=yes
[admin@R7] > /routing bgp network
add disabled=no network=37.37.37.0/24 synchronize=yes
add disabled=no network=12.0.7.0/24 synchronize=yes
add disabled=no network=78.78.78.0/24 synchronize=yes
Konfigurasi R8
[admin@R8] > /ip address
add address=38.38.38.8/24 disabled=no interface=ether1 network=38.38.38.0
add address=78.78.78.8/24 disabled=no interface=ether2 network=78.78.78.0
add address=13.0.8.8/24 disabled=no interface=ether3 network=13.0.8.0
add address=1.0.0.8/32 disabled=no interface=lo1 network=1.0.0.8
[admin@R8] > /routing bgp instance
set default as=400 client-to-client-reflection=yes cluster-id=1.0.0.8 redistribute-connected=yes router-id=1.0.0.8
[admin@R8] > /routing bgp peer
add instance=default name=peer1 nexthop-choice=force-self remote-address=38.38.38.3 remote-as=100
add instance=default name=peer2 remote-address=78.78.78.7 remote-as=400 route-reflect=yes
add default-originate=always instance=default name=peer3 nexthop-choice=force-self remote-address=13.0.8.13 remote-as=400 route-reflect=yes
[admin@R8] > /routing bgp network
add disabled=no network=78.78.78.0/24 synchronize=yes
add disabled=no network=13.0.8.0/24 synchronize=yes
add disabled=no network=38.38.38.0/24 synchronize=yes
Konfigurasi R9
[admin@R9] > /ip address
add address=59.59.59.9/24 disabled=no interface=ether1 network=59.59.59.0
[admin@R9] > /routing bgp instance
set default as=9 client-to-client-reflection=yes cluster-id=1.0.0.9 confederation=200 confederation-peers=5 redistribute-connected=yes router-id=1.0.0.9
[admin@R9] > /routing bgp peer
add instance=default name=peer1 remote-address=59.59.59.5 remote-as=5
[admin@R9] > /routing bgp network
add disabled=no network=59.59.59.0/24 synchronize=yes
Konfigurasi R10
[admin@R10] > /ip address
add address=10.0.6.10/24 disabled=no interface=ether1 network=10.0.6.0
[admin@R10] > /routing bgp instance
set default as=10 client-to-client-reflection=yes cluster-id=1.0.0.10 confederation=200 confederation-peers=6 redistribute-connected=yes router-id=1.0.0.10
[admin@R10] > /routing bgp peer
add instance=default multihop=no name=peer1 remote-address=10.0.6.6 remote-as=6
[admin@R10] > /routing bgp network
add disabled=no network=10.0.6.0/24 synchronize=yes
Konfigurasi R11
[admin@R11] > /ip address
add address=11.0.4.11/24 disabled=no interface=ether1 network=11.0.4.0
[admin@R11] > /routing bgp instance
set default as=300 client-to-client-reflection=yes cluster-id=1.0.0.11 redistribute-connected=yes router-id=1.0.0.11
[admin@R11] > /routing bgp peer
add instance=default name=peer1 remote-address=11.0.4.4 remote-as=300
[admin@R11] > /routing bgp network
add disabled=no network=11.0.4.0/24 synchronize=yes
Konfigurasi R12

[admin@R12] > /ip address
add address=12.0.7.12/24 disabled=no interface=ether1 network=12.0.7.0
[admin@R12] > /routing bgp instance
set default as=400 client-to-client-reflection=yes cluster-id=1.0.0.12 redistribute-connected=yes router-id=1.0.0.12
[admin@R12] > /routing bgp peer
add instance=default name=peer1 remote-address=12.0.7.7 remote-as=400
[admin@R12] > /routing bgp network
add disabled=no network=12.0.7.0/24 synchronize=yes
Konfigurasi R13

[admin@R13] > /ip address
add address=13.0.8.13/24 disabled=no interface=ether1 network=13.0.8.0
[admin@R13] > /routing bgp instance
set default as=400 client-to-client-reflection=yes cluster-id=1.0.0.13 redistribute-connected=yes router-id=1.0.0.13
[admin@R13] > /routing bgp peer
add instance=default  name=peer1 remote-address=13.0.8.8 remote-as=400
[admin@R13] > /routing bgp network
add disabled=no network=13.0.8.0/24 synchronize=yes
Oke setelah melakukan konfigurasi routing BGP yang cukup panjang dan melelahkan wkwk selanjutnya adalah melakukan konfigurasi route filtering pada R2, R3, dan R4 agar router local tidak mendapatkan routing yang menumpuk melainkan menggunakan default route yang sudah diberikan oleh R2, R3, dan R4 ketika konfigurasi BGP Peer tadi.
[admin@RX] > /routing filter
add action=discard chain=bgp-out disabled=no invert-match=no prefix-length=16-32 
Setelah itu konfigurasi peer pada setiap router agar menerapkan route filter yang sudah kita buat tadi.
[admin@R2] > /routing bgp peer
set peer1 out-filter=bgp-out
set peer2 out-filter=bgp-out
[admin@R3] > /routing bgp peer
set peer1 out-filter=bgp-out
[admin@R4] > /routing bgp peer
set peer1 out-filter=bgp-out
set peer2 out-filter=bgp-out
Lalu lakukan verifikasi pada salah satu router bahwa route sudah berkurang.
[admin@R9] > ip route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                                        59.59.59.5               20
 1 ADb  1.0.0.5/32                                      59.59.59.5               20
 2 ADb  1.0.0.6/32                                      59.59.59.5               20
 3 ADb  10.0.6.0/24                                    59.59.59.5               20
 4 ADb  25.25.25.0/24                                59.59.59
27 ADb  dst-address=59.59.59.0/24 gateway=25.25.25.5 gateway-status=25.25.25.5 reachable via  ether3 distance=20 scope=40 target-scope=10 bgp-as-path="200"
        bgp-origin=igp received-from=peer1

28  Db  dst-address=59.59.59.0/24 gateway=26.26.26.6 gateway-status=26.26.26.6 reachable via  ether4 distance=20 scope=40 target-scope=10 bgp-as-path="200"
        bgp-origin=igp received-from=peer2
Terlihat bahwa routing table yang tadinya ada banyak kini telah berkurang. Selanjutnya kita akan memanipulasi jalur. Coba lakukan traceroute terlebih dahulu dari R11 menuju R2.
[admin@R11] > tool traceroute 12.12.12.2
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 11.0.4.4                                1ms   1ms   1ms
 2 12.12.12.2                              2ms   3ms   1ms
Terlihat bahwa nexthop yang dilewati hanya ada 2. Lalu coba kita pindah jalurnya melewati jalur yang lainnya.
[admin@R4] > /routing filter
add action=accept chain=bgp-prep disabled=yes invert-match=no prefix=12.12.12.0/24 set-bgp-prepend=1 set-bgp-prepend-path=10,20
Setelah itu definisikan in filter pada bgp peer dengan in-filter menggunakan chain yang sudah kita buat tadi.
[admin@R4] > /routing bgp peer
set peer1 in-filter=bgp-prep
Lalu lakukan verifikasi traceroute kembali.
[admin@R11] > tool traceroute 12.12.12.2
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 11.0.4.4                                1ms   1ms   1ms
 2 34.34.34.3                              1ms   1ms   1ms
 3 13.13.13.1                              2ms   2ms   3ms
 4 12.12.12.2                              3ms   2ms   2ms
Setelah itu maka akan terlihat bahwa jalur yang digunakan telah berbeda. Selanjutnya kita membatasi prefix yang dapat diperbolehkan masuk ke dalam sebuah router. Sebelumnya lakukan verifikasi terlebih dahulu.
 [admin@R4] > routing bgp peer print status
Flags: X - disabled, E - established
 0 E name="peer1" instance=default remote-address=24.24.24.2 remote-as=100 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=255
      in-filter=bgp-prep out-filter=yes address-families=ip default-originate=never remove-private-as=no as-override=no passive=no
     use-bfd=no remote-id=1.0.0.2 local-address=24.24.24.4 uptime=5h2m53s prefix-count=15 updates-sent=72 updates-received=130 withdrawn-sent=3 withdrawn-received=0
     remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

 1 E name="peer2" instance=default remote-address=34.34.34.3 remote-as=100 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=255
      in-filter=yes out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
     remote-id=1.0.0.3 local-address=34.34.34.4 uptime=5h2m52s prefix-count=14 updates-sent=44 updates-received=113 withdrawn-sent=4 withdrawn-received=0
     remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

 2 E name="peer3" instance=default remote-address=11.0.4.11 remote-as=300 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=yes hold-time=3m ttl=255
     in-filter="" out-filter="" address-families=ip default-originate=always remove-private-as=no as-override=no passive=no use-bfd=no remote-id=1.0.0.11
     local-address=11.0.4.4 uptime=6h35m50s prefix-count=1 updates-sent=102 updates-received=9 withdrawn-sent=20 withdrawn-received=0 remote-hold-time=3m
     used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established
Terlihat diatas bahwa pada peer1 terdapat 15 prefix yang masuk ke dia, kemudian pada peer2 terdapat 14 prefix yang masuk ke dia, dan pada peer 3 terdapat 1 prefix yang masuk. Lalu kali ini kita akan mengkonfigurasi maximum prefix yang dapat masuk ke dia. Lalu apa yang terjadi jika prefix yang masuk melebihi limit tersebut? Mari kita lihat. Konfigurasi max-prefix-limit pada salah satu peer. Saya akan memilih peer1 dengan max-prefix-limit 10.
[admin@R4] > routing bgp peer print status
Flags: X - disabled, E - established
 0 E name="peer1" instance=default remote-address=24.24.24.2 remote-as=100 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=255
     in-filter=bgp-prep out-filter=yes address-families=ip default-originate=never remove-private-as=no as-override=no passive=no
     use-bfd=no remote-id=1.0.0.2 local-address=24.24.24.4 uptime=5h2m53s prefix-count=15 updates-sent=72 updates-received=130 withdrawn-sent=3 withdrawn-received=0
     remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

 1 E name="peer2" instance=default remote-address=34.34.34.3 remote-as=100 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m ttl=255
     in-filter=yes out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
     remote-id=1.0.0.3 local-address=34.34.34.4 uptime=5h2m52s prefix-count=14 updates-sent=44 updates-received=113 withdrawn-sent=4 withdrawn-received=0
     remote-hold-time=3m used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

 2 E name="peer3" instance=default remote-address=11.0.4.11 remote-as=300 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=yes hold-time=3m ttl=255
     in-filter="" out-filter="" address-families=ip default-originate=always remove-private-as=no as-override=no passive=no use-bfd=no remote-id=1.0.0.11
     local-address=11.0.4.4 uptime=6h35m50s prefix-count=1 updates-sent=102 updates-received=9 withdrawn-sent=20 withdrawn-received=0 remote-hold-time=3m
     used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established
[admin@R4] > routing bgp peer set numbers=0 max-prefix-limit=10
[admin@R4] > routing bgp peer print
Flags: X - disabled, E - established
 #   INSTANCE      REMOTE-ADDRESS REMOTE-AS 
 0   default              24.24.24.2                100       
 1 E default             34.34.34.3                100       
 2 E default             11.0.4.11                  300  
Maka akan terlihat bahwa status established yang ada pada peer1 akan hilang dikarenakan sudah melebihi prefix yang telah di tentukan oleh R4. Selanjutnya kita akan membuat seluruh perangkat terhubung ke internet. Kali ini saya akan menggunakan 2 ISP dimana 1 ISP sebagai cadangan, dan 1 lagi menjadi jalur utama. Saya akan menggunakan konsep fail over menggunakan static route.
[admin@R1] > /ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=19.19.19.4
add disabled=no distance=1 dst-address=1.0.0.5/32 gateway=12.12.12.2
Lalu lakukan verifikasi tabel routing.
[admin@R1] > ip route print detail where dst-address=0.0.0.0/0
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 0 A S  dst-address=0.0.0.0/0 gateway=19.19.19.4 gateway-status=19.19.19.4 reachable via  ether1 check-gateway=ping distance=1 scope=30 target-scope=10

 1   S  dst-address=0.0.0.0/0 gateway=10.10.10.4 gateway-status=10.10.10.4 reachable via  ether2 distance=2 scope=30 target-scope=10
Maka akan terlihat salah satu link yang aktif dan satu lagi tidak aktif. Untuk menjadikan seluruh router dapat terkoneksi ke internet, tambahkan firewall dan dns.
[admin@RX] > /ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=(interface internet)
[admin@RX] > /ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
 Lalu lakukan verifikasi pada router local bahwa sudah terhubung ke internet.
[admin@R12] > ping google.com
HOST                                     SIZE TTL TIME  STATUS
74.125.200.100                             56  38 45ms
74.125.200.100                             56  38 46ms
74.125.200.100                             56  38 44ms
    sent=3 received=3 packet-loss=0% min-rtt=44ms avg-rtt=45ms max-rtt=46ms
Dan selesai.

Terimakasih, Wassalamualaikum. 

Share this