Konfigurasi BGP Pada Juniper

Hallo gans, ini mau tak share sedikit cara konfigurasi BGP pada juniper. Lab ini adalah lab yang pernah saya share waktu training di KASKUS office. Nah berikut beberapa point yang sy simulasikan pada lab kali ini.

  1. Konfigurasi mandatory
  2. Konfigurasi Logical system
  3. Konfigurasi OSPF
  4. Konfigurasi IBGP
  5. Cara Advertise Route ke dalam BGP
  6. Konfigurasi External BGP
  7. BGP Next hop self
  8. Cara Filtering route pada BGP

Jadi kira2 ada 8 point yg akan di bahas pada lab ini, dari konfig awal hingga cara filtering bgp route. Ohy lab ini cukup bermanfaat jika anda bekerja di network enterprise yang butuh pemahaman akan BGP. Sbg contoh anda ingin filter atau advertise BGP, maka anda jangan sampai salah melakukan advertise, karena ber-impact pada  network global atau internet 🙂

Ok langsung saja silakan perhatikan topology berikut ini:

Nah, jadi ada router R1 sbg ISP dengan AS200 dan R2 sbg ISP lain dengan AS300. Kemudian sebuah Company memiliki 3 router, R3 adalah yg facing langsung dng ISP, lalu R4 dan R5 adalah internal Router yang harus mendapatkan routing internet juga nantinya.  R3,R4,R5 nanti nya akan di konfigurasi OSPF dan IBGP lalu antar R3ke R1 dan R3 ke R3 akan di konfigurasi EBGP.

1. Konfigurasi Mandatory

set system host-name vMX-C
set system time-zone Asia/Jakarta
set system authentication-order radius
set system authentication-order password
set system root-authentication plain-text-password
New password:your_password
Retype new password:your_password
set system radius-server 192.168.10.254 secret “your_secretkey"
set system radius-server 192.168.10.254 source-address 192.168.10.1
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination radius server 192.168.10.254 secret “your_secretkey"
set system accounting destination radius server 192.168.10.254 source-address 192.168.10.1
set system login user test1 class read-only
set system services ssh
set system services netconf ssh
set system syslog user * any emergency
set system syslog host 192.168.10.254 daemon info
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
IP management:
set interfaces ge-0/0/0 unit 0 description "Connect to PC"
set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.1/24
Sub-interface:
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/5 vlan-tagging
set interfaces ge-0/0/6 vlan-tagging

2. Konfigurasi Logical System

Pada lab guide ini akan dibuat logical system beserta interface dan ip address nya sesuai gambar pada paling atas.

edit logical-systems R1
set interfaces ge-0/0/1 unit 13 vlan-id 13 
set interfaces ge-0/0/1 unit 13 family inet address 10.13.13.1/24
set interfaces lo0.1 family inet address 1.1.1.1/32
top

Lanjut create logical-system R2

edit logical-systems R2
set interfaces ge-0/0/2 unit 23 vlan-id 23
set interfaces ge-0/0/2 unit 23 family inet address 10.23.23.2/24
set interfaces lo0 unit 2 family inet address 2.2.2.2/32top

Lanjut create logical-system R3

edit logical-systems R3
set interfaces ge-0/0/3 unit 13 vlan-id 13
set interfaces ge-0/0/3 unit 13 family inet address 10.13.13.3/24
set interfaces ge-0/0/3 unit 23 vlan-id 23
set interfaces ge-0/0/3 unit 23 family inet address 10.23.23.3/24
set interfaces ge-0/0/3 unit 34 vlan-id 34
set interfaces ge-0/0/3 unit 34 family inet address 10.34.34.3/24
set interfaces ge-0/0/3 unit 35 vlan-id 35
set interfaces ge-0/0/3 unit 35 family inet address 10.35.35.3/24
set interfaces lo0 unit 3 family inet address 3.3.3.3/32
top

Lanjut create logical-system R4

edit logical-systems R4
set interfaces ge-0/0/4 unit 34 vlan-id 34
set interfaces ge-0/0/4 unit 34 family inet address 10.34.34.4/24
set interfaces lo0 unit 4 family inet address 4.4.4.4/32

3. Konfigurasi OSPF  pada R3, R4, R5.

Sebelum anda konfigurasi internal BGP anda perlu enable terlebih dahulu protocol IGP nya seperti OSPF, ISIS atau bisa juga menggunakan static route. Dalam lab ini kita menggunakan OSPF.

top
edit logical-systems R3 
set protocols ospf area 0.0.0.0 interface ge-0/0/3.34
set protocols ospf area 0.0.0.0 interface ge-0/0/3.35
set protocols ospf area 0.0.0.0 interface lo0.3

top
edit logical-systems R4
set protocols ospf area 0.0.0.0 interface ge-0/0/4.34
set protocols ospf area 0.0.0.0 interface lo0.4

top
edit logical-systems R5
set protocols ospf area 0.0.0.0 interface ge-0/0/5.35
set protocols ospf area 0.0.0.0 interface lo0.5
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 100

top
commit

Verifikasi,

Pastikan state ospf nya sudah Full ya.

root@vMX-C> show route protocol ospf logical-system R4

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

3.3.3.3/32         *[OSPF/10] 00:44:48, metric 1
                    > to 10.34.34.3 via ge-0/0/4.34
5.5.5.5/32         *[OSPF/10] 00:44:48, metric 2
                    > to 10.34.34.3 via ge-0/0/4.34
10.35.35.0/24      *[OSPF/10] 00:44:48, metric 2
                    > to 10.34.34.3 via ge-0/0/4.34
224.0.0.5/32       *[OSPF/10] 00:49:57, metric 1
                      MultiRecv

root@vMX-C> show route protocol ospf logical-system R5

inet.0: 8 destinations, 9 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

3.3.3.3/32         *[OSPF/10] 00:45:05, metric 1
                    > to 10.35.35.3 via ge-0/0/5.35
4.4.4.4/32         *[OSPF/10] 00:44:56, metric 2
                    > to 10.35.35.3 via ge-0/0/5.35
10.34.34.0/24      *[OSPF/10] 00:44:56, metric 2
                    > to 10.35.35.3 via ge-0/0/5.35
224.0.0.5/32       *[OSPF/10] 00:50:06, metric 1
                      MultiRecv

root@vMX-C> show route protocol ospf logical-system R3

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32         *[OSPF/10] 00:45:00, metric 1
                    > to 10.34.34.4 via ge-0/0/3.34
5.5.5.5/32         *[OSPF/10] 00:45:08, metric 1
                    > to 10.35.35.5 via ge-0/0/3.35
224.0.0.5/32       *[OSPF/10] 00:50:09, metric 1

root@vMX-C> show ospf neighbor logical-system R3
Address          Interface              State     ID               Pri  Dead
10.34.34.4       ge-0/0/3.34            Full      4.4.4.4          128    32
10.35.35.5       ge-0/0/3.35            Full      5.5.5.5          128    39

4. Konfigurasi Internal BGP (IBGP) pada R3,R4,R5

Sesuai scenario lab ini, R3, R4, R5 adalah router dengan satu AS number yg sama, atau masih dalam satu administrative. Di atas sudah di konfigurasi ospf nya dan sudah full state antara R3, R4 dan R5.

top
edit logical-systems R3 protocols bgp group IBGP
set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 3.3.3.3
set protocols bgp group IBGP neighbor 5.5.5.5 peer-as 100
set protocols bgp group IBGP neighbor 4.4.4.4 peer-as 100
set routing-options router-id 3.3.3.3
set routing-options autonomous-system 100


top
edit logical-systems R4 protocols bgp group IBGP
set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 4.4.4.4
set protocols bgp group IBGP neighbor 3.3.3.3 peer-as 100
set protocols bgp group IBGP neighbor 5.5.5.5 peer-as 100
set routing-options router-id 4.4.4.4
set routing-options autonomous-system 100


top
edit logical-systems R5 protocols bgp group IBGP
set protocols bgp group IBGP type internal
set protocols bgp group IBGP local-address 5.5.5.5
set protocols bgp group IBGP neighbor 3.3.3.3 peer-as 100
set protocols bgp group IBGP neighbor 4.4.4.4 peer-as 100
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 100
top
commit

Verifikasi

Pastikan status bgp sudah established dng melakukan verifikasi melalui command-command berikut:

 

show bgp summary logical-system R3
show bgp summary logical-system R4
show bgp summary logical-system R5
show bgp neighbor 4.4.4.4 logical-system R3
show bgp neighbor 5.5.5.5 logical-system R3

5. Cara Advertise Route ke dalam BGP

Untuk mengadvertise route ke dalam protocol bgp bisa dilakukan dengan meredistribute  dari sebuah protocol lain ke dalam protocol bgp. Misal dari protocol direct (untuk direct connected), atau ospf ke dalam BGP. Dan supaya redistribute/export bisa jalan maka route/ip tersebut harus aktif atau bisa di reach oleh router yang melakukan redistribute

top
edit logical-systems R4
set policy-options policy-statement advrts-to-bgp term 1 from protocol direct
set policy-options policy-statement advrts-to-bgp term 1 from route-filter 4.4.4.4/32 exact
set policy-options policy-statement advrts-to-bgp term 1 then accept

top
edit logical-systems R4 protocols bgp group IBGP
set export advrts-to-bgp

top
commit

Verifikasi

Lakukan verifikasi menggunakan perintah berikut

root@vMX-C> show route advertising-protocol bgp 3.3.3.3 logical-system R4

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 4.4.4.4/32              Self                         100        I

root@vMX-C> show route advertising-protocol bgp 5.5.5.5 logical-system R4

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 4.4.4.4/32              Self                         100        I

Atau bisa dilakukan dengan perintah show route pada router R3 dan R5

root@vMX-C> show route 4.4.4.4 protocol bgp logical-system R3

inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32          [BGP/170] 00:32:11, localpref 100, from 4.4.4.4
                      AS path: I, validation-state: unverified
                    > to 10.34.34.4 via ge-0/0/3.34

root@vMX-C> show route 4.4.4.4 protocol bgp logical-system R5

inet.0: 10 destinations, 12 routes (9 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32          [BGP/170] 00:31:58, localpref 100, from 4.4.4.4
                      AS path: I, validation-state: unverified
                    > to 10.35.35.3 via ge-0/0/5.35

Anda bisa lihat sperti hasil show route di atas, bahwa 4.4.4.4/32 sudah di terima oleh R3 dan R5. Nah mungkin anda bisa mencoba adv route dari R3 atau R5, silakan mencoba.

6. Konfigurasi External BGP

Sesuai topology, R3 memiliki external peer ke R1 dan R2. Berikut adalah konfigurasi external BGP pada R3, R1 dan R2

edit logical-systems R3 protocols bgp group EBGP
set protocols bgp group EBGP type external
set protocols bgp group EBGP neighbor 10.13.13.1 description "External Peer ke R1"
set protocols bgp group EBGP neighbor 10.13.13.1 peer-as 200
set protocols bgp group EBGP neighbor 10.23.23.2 description "External Peer ke R2"
set protocols bgp group EBGP neighbor 10.23.23.2 peer-as 300

BGP external pada R1

R1 memiliki peer external ke R3 dan R1 memiliki prefix 1.1.1.1/32 untuk di advertise ke external bgp route.

top
edit logical-systems R1
set protocols bgp group EBGP type external
set protocols bgp group EBGP neighbor 10.13.13.3 peer-as 100

set policy-options policy-statement direct-to-bgp term 1 from protocol direct
set policy-options policy-statement direct-to-bgp term 1 from route-filter 1.1.1.1/32 exact
set policy-options policy-statement direct-to-bgp term 1 then accept

set protocols bgp group EBGP export direct-to-bgp

BGP external pada R2

R2 memiliki peer external ke R3 dan R2 memiliki prefix 2.2.2.2/32 untuk di advertise ke external bgp route.

top
edit logical-systems R2
set protocols bgp group EBGP type external
set protocols bgp group EBGP neighbor 10.23.23.3 peer-as 100

set policy-options policy-statement direct-to-bgp term 1 from protocol direct
set policy-options policy-statement direct-to-bgp term 1 from route-filter 2.2.2.2/32 exact
set policy-options policy-statement direct-to-bgp term 1 then accept

set protocols bgp group EBGP export direct-to-bgp

Verfikasi anda bisa lakukan sperti anda melakukan verfikasi internal BGP.

root@vMX-C> show route protocol bgp 1.1.1.1 logical-system R3

inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[BGP/170] 00:01:16, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 10.13.13.1 via ge-0/0/3.13

root@vMX-C> show route protocol bgp 2.2.2.2 logical-system R3

inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.2/32         *[BGP/170] 00:01:22, localpref 100
                      AS path: 300 I, validation-state: unverified
                    > to 10.23.23.2 via ge-0/0/3.23

root@vMX-C> show bgp summary logical-system R3
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
                       5          3          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
4.4.4.4                 100        195        201       0       2        2:37 0/1/1/0              0/0/0/0
5.5.5.5                 100        188        194       0       2        2:33 1/2/2/0              0/0/0/0
10.13.13.1              200          9          9       0       2        2:33 1/1/1/0              0/0/0/0
10.23.23.2              300         10         10       0       3        2:34 1/1/1/0              0/0/0/0

root@vMX-C> show bgp neighbor 10.13.13.1 logical-system R3
Peer: 10.13.13.1+60399 AS 200  Local: 10.13.13.3+179 AS 100
  Description: External Peer ke R1
  Type: External    State: Established    Flags: 
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: Cease
  Options: 
  Holdtime: 90 Preference: 170
  Number of flaps: 2
  Last flap event: Stop
  Error: 'Hold Timer Expired Error' Sent: 0 Recv: 1
  Error: 'Cease' Sent: 1 Recv: 0
  Peer ID: 1.1.1.1         Local ID: 3.3.3.3           Active Holdtime: 90
  Keepalive Interval: 30         Group index: 1    Peer index: 1
  BFD: disabled, down
  Local Interface: ge-0/0/3.13
  NLRI for restart configured on peer: inet-unicast
  NLRI advertised by peer: inet-unicast
  NLRI for this session: inet-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  NLRI that restart is negotiated for: inet-unicast
  NLRI of received end-of-rib markers: inet-unicast
  NLRI of all end-of-rib markers sent: inet-unicast
  Peer supports 4 byte AS extension (peer-as 200)
  Peer does not support Addpath
  Table inet.0 Bit: 10001
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              1
    Received prefixes:            1
    Accepted prefixes:            1
    Suppressed due to damping:    0
    Advertised prefixes:          2
  Last traffic (seconds): Received 19   Sent 5    Checked 31
  Input messages:  Total 11     Updates 2       Refreshes 0     Octets 282
  Output messages: Total 11     Updates 2       Refreshes 0     Octets 334
  Output Queue[0]: 0

Mengadvertise Route Internal R3 ke dalam External BGP.

Advertise Route Internal ke dalam External BGP

top
edit logical-systems R3
set policy-options policy-statement adv-to-external term 1 from protocol ospf
set policy-options policy-statement adv-to-external term 1 from route-filter 4.4.4.4/32 exact
set policy-options policy-statement adv-to-external term 1 from route-filter 5.5.5.5/32 exact
set policy-options policy-statement adv-to-external term 1 then accept
set policy-options policy-statement adv-to-external term 2 from protocol direct
set policy-options policy-statement adv-to-external term 2 from route-filter 10.34.34.0/24 exact
set policy-options policy-statement adv-to-external term 2 from route-filter 10.35.35.0/24 exact
set policy-options policy-statement adv-to-external term 2 then accept
set policy-options policy-statement adv-to-external term other then reject

Apply policy:
set protocols bgp group EBGP export adv-to-external

Pada contoh di atas, hanya route yg ada di rule itu saja yg akan di advertise keluar. Pada dasarnya sama caranya kayak advertise internal bgp maupun external. cuman beda di pen-aplikasian rule nya, yaitu harus di group External BGP.

Verifikasi:

Anda bisa show route pada R1 dan R2

root@vMX-C> show route protocol bgp logical-system R1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32         *[BGP/170] 00:04:05, MED 1, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.13.13.3 via ge-0/0/1.13
5.5.5.5/32         *[BGP/170] 00:04:05, MED 1, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.13.13.3 via ge-0/0/1.13
10.34.34.0/24      *[BGP/170] 00:04:05, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.13.13.3 via ge-0/0/1.13
10.35.35.0/24      *[BGP/170] 00:04:05, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.13.13.3 via ge-0/0/1.13

root@vMX-C> show route protocol bgp logical-system R2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32         *[BGP/170] 00:04:27, MED 1, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.23.23.3 via ge-0/0/2.23
5.5.5.5/32         *[BGP/170] 00:04:27, MED 1, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.23.23.3 via ge-0/0/2.23
10.34.34.0/24      *[BGP/170] 00:04:27, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.23.23.3 via ge-0/0/2.23
10.35.35.0/24      *[BGP/170] 00:04:27, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 10.23.23.3 via ge-0/0/2.23

7. BGP Next-hop Self

BGP next-hop self adalah solusi untuk router BGP yg tidak facing langsung dengan external bgp. misal pada case ini adalah R4 dan R5 adalah contoh router yg membutuhkan solusi next-hop self oleh si R3.

Ok, dari bagian sblumnya anda sudha belajar cara advertise external BGP.  Dan karena skrng sudah saling advertise antara peer R3 ke R1 maupun R3 ke R2. Maka mari kita coba test ping dari Internal router kita dalam hal ini R3, R4 dan R5 bagaimana nanti next hop self di perlukan.

root@vMX-C> ping 1.1.1.1 logical-system R3
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=64 time=4.207 ms

root@vMX-C> ping 2.2.2.2 logical-system R3
PING 2.2.2.2 (2.2.2.2): 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=4.042 ms


Sekarang coba ping dari R4

root@vMX-C> ping 1.1.1.1 logical-system R4
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

root@vMX-C> ping 1.1.1.1 logical-system R4
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

Masih blum bisa jika kita test ping dari R4 ataupun R5.

Sekarang coba lakukan verifikasi seperti berikut:

root@vMX-C> show route receive-protocol bgp 3.3.3.3 logical-system R4

inet.0: 10 destinations, 11 routes (8 active, 0 holddown, 2 hidden)

Kondisinya ada dua prefix yg di terima, akan teteapi masih hidden network. Skrg coba tambahin command hidden

root@vMX-C> show route receive-protocol bgp 3.3.3.3 hidden logical-system R4

inet.0: 10 destinations, 11 routes (8 active, 0 holddown, 2 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  1.1.1.1/32              10.13.13.1                   100        200 I
  2.2.2.2/32              10.23.23.2                   100        300 I

Jika anda cek dengan command hidden, maka akan terlihat prefix route dari external router. Alasanya ini kenapa hidden karena next-hop untuk mencapai kedua prefix di atas tidak ada dalam route R4 atau R5 dalam hal ini. Jika anda show route 10.13.13.1 atau 10.23.23.2 pada R4 atau R5 anda tidak akan menemukan route nya.

root@vMX-C> show route 10.13.13.1 logical-system R4
root@vMX-C> show route 10.13.13.1 logical-system R5

Maka untuk solusi case ini, supaya dari internal router BGP yg tidak facing langsung dengan external AS. Perlu di tambahkan konfigurasi bgp next-hop self pada R3.

top
set policy-options policy-statement next-hop-self then next-hop self
set protocols bgp group IBGP export next-hop-self

Sekarang mari kita verfikasi ulang

root@vMX-C> show route 1.1.1.1 logical-system R4

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[BGP/170] 00:01:00, localpref 100, from 3.3.3.3
                      AS path: 200 I, validation-state: unverified
                    > to 10.34.34.3 via ge-0/0/4.34

root@vMX-C> show route 2.2.2.2 logical-system R4

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.2/32         *[BGP/170] 00:01:16, localpref 100, from 3.3.3.3
                      AS path: 300 I, validation-state: unverified
                    > to 10.34.34.3 via ge-0/0/4.34

root@vMX-C> show route receive-protocol bgp 3.3.3.3 logical-system R4

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 1.1.1.1/32              3.3.3.3                      100        200 I
* 2.2.2.2/32              3.3.3.3                      100        300 I

Coba anda perhatikan di atas, skrng next-hop nya adalah R3. Silakan lakukan test ping dari R4 dan R5

8. Filtering Route BGP

Cara filtering route (Contoh pada R5), supaya tidak terjadi kekeliruan, anda perlu tau lagi konsep import dan export route pada protocol routing juniper, import bisa dikatakan semua yg berkaitan dengan routing yg diterima oleh router itu sendiri, sedangkan export adalah semua yg berkaitan dengan apa yg dikrim oleh router itu snediri. Mari kita ikuti contoh berikut. Kita mau filter routing yg di terima dari protocol BGP. Misal R5 sudah menerima prefix dari R1 dan R2 sperti berikut ini.

root@vMX-C# run show route 1.1.1.1 logical-system R5

inet.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[BGP/170] 00:05:27, localpref 100, from 3.3.3.3
                      AS path: 200 I, validation-state: unverified
                    > to 10.35.35.3 via ge-0/0/5.35

kita mau filter prefix 1.1.1.1/32 di atas pada router R5.

set policy-options policy-statement filtering-route term 1 from protocol bgp
set policy-options policy-statement filtering-route term 1 from route-filter 1.1.1.1/32 exact
set policy-options policy-statement filtering-route term 1 then reject

Apply filter route:
set protocols bgp group IBGP import filtering-route

Verifikasi bisa dilakukan dengan menggunakan show route pada R5:

root@vMX-C# run show route 1.1.1.1 logical-system R5

root@vMX-C# run show route logical-system R5 protocol bgp

inet.0: 10 destinations, 12 routes (9 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.2/32         *[BGP/170] 00:09:15, localpref 100, from 3.3.3.3
                      AS path: 300 I, validation-state: unverified
                    > to 10.35.35.3 via ge-0/0/5.35
4.4.4.4/32          [BGP/170] 00:49:11, localpref 100, from 4.4.4.4
                      AS path: I, validation-state: unverified
                    > to 10.35.35.3 via ge-0/0/5.35

 

About the author
Bunyamin

Routecloud Networks

Information about Server, Linux and Computer Network.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Routecloud Networks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.