AS adalah sekumpulan router yang biasanya masih dalam satu kontrol yang memiliki sistem routing yang serupa. AS diidentifikasikan dalam 16-bit number 0-65535 dimana :
Range 1-64511 digunakan untuk internet
Range 64512-65535 untuk private
Dimana AS private tidak boleh ada di routing table BGP internet maka dari itu kita harus me remove nya di AS yang menjembatani antara AS private dengan AS Internet. Dan itu akan kita pelajari kali ini bagaimana caranya agar AS number tidak di distribusikan di internet.
Untuk topologinya seperti ini :
Konfigurasi R1
[admin@R1] > sys id set nam R1
[admin@R1] > ip ad ad ad 12.12.12.1/24 interface=ether1
[admin@R1] > ip ad ad ad 14.14.14.1/24 interface=ether2
[admin@R1] > ip ad ad ad 13.13.13.1/24 interface=ether3
[admin@R1] > routing bgp instance set default as=130 redistribute-connected=yes
[admin@R1]> routing bgp peer add name=peer1 remote-address=12.12.12.2 remote-as=65500
[admin@R1]> routing bgp peer add name=peer2 remote-address=13.13.13.3 remote-as=130 nexthop-choice=force-self
[admin@R1]> routing bgp peer add name=peer2 remote-address=14.14.14.4 remote-as=400
Konfigurasi R2[admin@R1] > ip ad ad ad 12.12.12.1/24 interface=ether1
[admin@R1] > ip ad ad ad 14.14.14.1/24 interface=ether2
[admin@R1] > ip ad ad ad 13.13.13.1/24 interface=ether3
[admin@R1] > routing bgp instance set default as=130 redistribute-connected=yes
[admin@R1]> routing bgp peer add name=peer1 remote-address=12.12.12.2 remote-as=65500
[admin@R1]> routing bgp peer add name=peer2 remote-address=13.13.13.3 remote-as=130 nexthop-choice=force-self
[admin@R1]> routing bgp peer add name=peer2 remote-address=14.14.14.4 remote-as=400
[admin@MikroTik] > sys id set nam R2
[admin@R2] > int br ad nam bridge1
[admin@R2] > ip ad ad ad 12.12.12.2/24 interface=ether1
[admin@R2] > ip ad ad ad 23.23.23.2/24 interface=ether2
[admin@R2] > ip ad ad ad 2.2.2.2/32 interface=bridge1
[admin@R2] > routing bgp instance set default as=65500 redistribute-connected=yes
[admin@R2] > routing bgp peer add name=peer1 remote-address=12.12.12.1 remote-as=130 out-filter=med150-out
[admin@R2] > routing bgp peer add name=peer2 remote-address=23.23.23.3 remote-as=130 out-filter=med100-out
Konfigurasi R3[admin@R2] > int br ad nam bridge1
[admin@R2] > ip ad ad ad 12.12.12.2/24 interface=ether1
[admin@R2] > ip ad ad ad 23.23.23.2/24 interface=ether2
[admin@R2] > ip ad ad ad 2.2.2.2/32 interface=bridge1
[admin@R2] > routing bgp instance set default as=65500 redistribute-connected=yes
[admin@R2] > routing bgp peer add name=peer1 remote-address=12.12.12.1 remote-as=130 out-filter=med150-out
[admin@R2] > routing bgp peer add name=peer2 remote-address=23.23.23.3 remote-as=130 out-filter=med100-out
[admin@MikroTik] > sys id set name=R3
[admin@R3] > ip ad ad ad 23.23.23.3/24 interface=ether1
[admin@R3] > ip ad ad ad 34.34.34.3/24 interface=ether2
[admin@R3] > ip ad ad ad 13.13.13.3/24 interface=ether3
[admin@R3] > routing bgp instance set default as=130 redistribute-connected=yes
[admin@R3] > routing bgp peer add name=peer1 remote-address=13.13.13.1 remote-as=130 nexthop-choice=force-self
[admin@R3] > routing bgp peer add name=peer2 remote-address=23.23.23.2 remote-as=65500
[admin@R3] > routing bgp peer add name=peer2 remote-address=34.34.34.4 remote-as=400
Konfigurasi R4[admin@R3] > ip ad ad ad 23.23.23.3/24 interface=ether1
[admin@R3] > ip ad ad ad 34.34.34.3/24 interface=ether2
[admin@R3] > ip ad ad ad 13.13.13.3/24 interface=ether3
[admin@R3] > routing bgp instance set default as=130 redistribute-connected=yes
[admin@R3] > routing bgp peer add name=peer1 remote-address=13.13.13.1 remote-as=130 nexthop-choice=force-self
[admin@R3] > routing bgp peer add name=peer2 remote-address=23.23.23.2 remote-as=65500
[admin@R3] > routing bgp peer add name=peer2 remote-address=34.34.34.4 remote-as=400
[admin@MikroTik] > sys id set nam R4
[admin@R4] > ip ad ad ad 34.34.34.4/24 interface=ether1
[admin@R4] > ip ad ad ad 14.14.14.4/24 interface=ether2
[admin@R4] > routing bgp instance set default as=400 redistribute-connected=yes
[admin@R4] > routing bgp peer add name=peer1 remote-address=34.34.34.3 remote-as=130
[admin@R4] > routing bgp peer add name=peer2 remote-address=14.14.14.1 remote-as=130
[admin@R4] > ip ad ad ad 34.34.34.4/24 interface=ether1
[admin@R4] > ip ad ad ad 14.14.14.4/24 interface=ether2
[admin@R4] > routing bgp instance set default as=400 redistribute-connected=yes
[admin@R4] > routing bgp peer add name=peer1 remote-address=34.34.34.3 remote-as=130
[admin@R4] > routing bgp peer add name=peer2 remote-address=14.14.14.1 remote-as=130
Sekarang coba cek routing table di R4 ke network 2.2.2.2/32
[admin@R4] > ip route print detail where dst-address=2.2.2.2/32
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=2.2.2.2/32 gateway=14.14.14.1 gateway-status=14.14.14.1 reachable via ether2 distance=20 scope=40 target-scope=10
bgp-as-path="130,65500" bgp-origin=incomplete received-from=peer2
1 Db dst-address=2.2.2.2/32 gateway=34.34.34.3 gateway-status=34.34.34.3 reachable via ether1 distance=20 scope=40 target-scope=10
bgp-as-path="130,65500" bgp-origin=incomplete received-from=peer1
Bisa kita lihat AS private 65500 muncul di table routing R4. Untuk menghapusnya kita harus konfig remove-private-as di BGP Peering yang mengadvertisenya yaitu di R1 dan R3 yang di peer ke AS 400.Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=2.2.2.2/32 gateway=14.14.14.1 gateway-status=14.14.14.1 reachable via ether2 distance=20 scope=40 target-scope=10
bgp-as-path="130,65500" bgp-origin=incomplete received-from=peer2
1 Db dst-address=2.2.2.2/32 gateway=34.34.34.3 gateway-status=34.34.34.3 reachable via ether1 distance=20 scope=40 target-scope=10
bgp-as-path="130,65500" bgp-origin=incomplete received-from=peer1
Pertama kita lihat dulu BGP Peer di R1 untuk mengetahui nomor berapa peer yang terhubung ke AS 400 :
[admin@R1] > routing bgp peer print detail
Flags: X - disabled, E - established
0 E name="peer1" instance=default remote-address=12.12.12.2 remote-as=65500 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
1 E name="peer2" instance=default remote-address=13.13.13.3 remote-as=130 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
2 E name="peer2" instance=default remote-address=14.14.14.4 remote-as=400 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
Setelah kita tahu nomor berapa peernya seperti diatas bisa kita lihat yaitu peer no 2 sekarang kita tambahkan perintah berikut :
[admin@R1] > routing bgp peer set numbers=2 remove-private-as=yes
Begitupun pada R3 lakukan hal yang sama :
[admin@R3] > routing bgp peer print detail
Flags: X - disabled, E - established
0 E name="peer1" instance=default remote-address=13.13.13.1 remote-as=130 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
1 E name="peer2" instance=default remote-address=23.23.23.2 remote-as=65500 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
2 E name="peer2" instance=default remote-address=34.34.34.4 remote-as=400 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
[admin@R3] > routing bgp peer set numbers=2 remove-private-as=yes
sekarang kita cek lagi apakah AS private masih ada di R4 atau tidak ada :
[admin@R4] > ip route print detail where dst-address=2.2.2.2/32
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=2.2.2.2/32 gateway=14.14.14.1 gateway-status=14.14.14.1 reachable via ether2 distance=20 scope=40 target-scope=10 bgp-as-path="130"
bgp-origin=incomplete received-from=peer2
1 Db dst-address=2.2.2.2/32 gateway=34.34.34.3 gateway-status=34.34.34.3 reachable via ether1 distance=20 scope=40 target-scope=10 bgp-as-path="130"
bgp-origin=incomplete received-from=peer1
AS pun telah menghilang dari routing table R4.Alhamdulillah postingan kali ini telah selesai, jika artikel ini terasa bermanfaat silahkan bisa di share dengan menekan salah satu button dibawah ini.Flags: X - disabled, E - established
0 E name="peer1" instance=default remote-address=12.12.12.2 remote-as=65500 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
1 E name="peer2" instance=default remote-address=13.13.13.3 remote-as=130 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
2 E name="peer2" instance=default remote-address=14.14.14.4 remote-as=400 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
Setelah kita tahu nomor berapa peernya seperti diatas bisa kita lihat yaitu peer no 2 sekarang kita tambahkan perintah berikut :
[admin@R1] > routing bgp peer set numbers=2 remove-private-as=yes
Begitupun pada R3 lakukan hal yang sama :
[admin@R3] > routing bgp peer print detail
Flags: X - disabled, E - established
0 E name="peer1" instance=default remote-address=13.13.13.1 remote-as=130 tcp-md5-key="" nexthop-choice=force-self multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
1 E name="peer2" instance=default remote-address=23.23.23.2 remote-as=65500 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
2 E name="peer2" instance=default remote-address=34.34.34.4 remote-as=400 tcp-md5-key="" nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no
[admin@R3] > routing bgp peer set numbers=2 remove-private-as=yes
sekarang kita cek lagi apakah AS private masih ada di R4 atau tidak ada :
[admin@R4] > ip route print detail where dst-address=2.2.2.2/32
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADb dst-address=2.2.2.2/32 gateway=14.14.14.1 gateway-status=14.14.14.1 reachable via ether2 distance=20 scope=40 target-scope=10 bgp-as-path="130"
bgp-origin=incomplete received-from=peer2
1 Db dst-address=2.2.2.2/32 gateway=34.34.34.3 gateway-status=34.34.34.3 reachable via ether1 distance=20 scope=40 target-scope=10 bgp-as-path="130"
bgp-origin=incomplete received-from=peer1
Wassalamu'alaikum ...
0 Komentar
Penulisan markup di komentar