Lab 20. BGP Multiholming (2 ISP / Non Stub Network)

Assalamu'alaikum Warohmatullahi Wabarokatuh.
Jika kita menggunakan 2 ISP yang berbeda AS dan Peering dengan keduanya kita tidak bisa menggunakan AS private lagi. Kita harus registrasi ke APNIC untuk mendapatkan AS internet dan Blok IP Publik
Pada lab kali ini kita akan mempelajari BGP Load sharing menggunakan 2 provider berbeda
Untuk topologinya seperti ini:

Pada BGP multihome non stub network yang paling penting adalah apakah AS kita boleh dijadikan AS transit oleh kedua AS milik ISP lain atau tidak?
Konfigurasi R1

[admin@MikroTik] > system identity set name=R1
[admin@R1] > ip ad ad ad 12.12.12.1/24 interface=ether1
[admin@R1] > ip ad ad ad 14.14.14.1/24 interface=ether2
[admin@R1] > routing bgp instance set default as=100 redistribute-connected=yes
[admin@R1] > routing bgp peer add name=peer1 remote-address=12.12.12.2 remote-as=200
[admin@R1] > routing bgp peer add name=peer2 remote-address=14.14.14.4 remote-as=400

Konfigurasi R2

[admin@MikroTik] > system identity set name=R2
[admin@R2] > ip ad ad ad 12.12.12.2/24 interface=ether1
[admin@R2] > ip ad ad ad 23.23.23.2/24 interface=ether2
[admin@R2] > routing bgp instance set default as=200 redistribute-connected=yes
[admin@R2] > routing bgp peer add name=peer1 remote-address=12.12.12.1 remote-as=100
[admin@R2] > routing bgp peer add name=peer2 remote-address=23.23.23.3 remote-as=300

Konfigurasi R3

[admin@MikroTik] > system identity set name=R3
[admin@R3] > ip ad ad ad 23.23.23.3/24 interface=ether1
[admin@R3] > ip ad ad ad 24.24.24.3/24 interface=ether2
[admin@R3] > routing bgp instance set default as=300 redistribute-connected=yes
[admin@R3] > routing bgp peer add name=peer1 remote-address=23.23.23.2 remote-as=200
[admin@R3] > routing bgp peer add name=peer2 remote-address=34.34.34.4 remote-as=400

Konfigurasi R4

[admin@MikroTik] > system identity set name=R4
[admin@R4] > ip ad ad ad 34.34.34.4/24 interface=ether1
[admin@R4] > ip ad ad ad 14.14.14.4/24 interface=ether2
[admin@R4] > interface bridge add name=bridge1
[admin@R4] > ip ad ad ad 4.4.4.4/32 interface=bridge1
[admin@R4] > routing bgp instance set default as=400 redistribute-connected=yes
[admin@R4] > routing bgp peer add name=peer1 remote-address=34.34.34.3 remote-as=300
[admin@R4] > routing bgp peer add name=peer2 remote-address=14.14.14.1 remote-as=100

Buat 2 bridge sebagai loopcak di R2

[admin@R2] > interface bridge add name=bridge1
[admin@R2] > interface bridge add name=bridge2
[admin@R2] > ip ad ad ad 2.2.2.2/32 interface=bridge1
[admin@R2] > ip ad ad ad 22.22.22.22/32 interface=bridge2

Advertise kan network loopback :

[admin@R2] > routing bgp network add network=2.2.2.2/32 synchronize=no
[admin@R2] > routing bgp network add network=22.22.22.22/32 synchronize=no

Pasang filter pada kedua arah BGP Peering

[admin@R2] > routing bgp peer set peer1 in-filter=ISP1-in out-filter=ISP1-out
[admin@R2] > routing bgp peer set peer2 in-filter=ISP2-in out-filter=ISP2-out

Main backup Link
Apabila AS kita tidak boleh menjadi AS transit maka konfigurasi routing filternya seperti ini
Out going filters ke arah ISP1:
Accept our network

[admin@R2] > routing filter add chain=ISP1-out prefix=2.2.2.2/32 action=accept
[admin@R2] > routing filter add chain=ISP1-out prefix=22.22.22.22/32 action=accept
Discard the rest
[admin@R2] > routing filter add chain=ISP1-out action=discard
Accept our network and prepend AS path three times
[admin@R2] > routing filter add chain=ISP2-out prefix=2.2.2.2/32 action=accept set-bgp-prepend=3
[admin@R2] > routing filter add chain=ISP2-out prefix=22.22.22.22/32 action=accept set-bgp-prepend=3
Discard the rest
[admin@R2] > routing filter add chain=ISP2-out action=discard

kita juga tidak membutuhkan route apapun dari kedua ISP sebab digunakan default route untuk mengarahkan traffik ke internet maka tambahkan rules filtering berikut :

[admin@R2] > routing filter add chain=ISP1-in action=discard
[admin@R2] > routing filter add chain=ISP2-in action=discard

Denan asumsi main link kita adalag R3 dibuatlah route static dengan distance yang berbeda :

[admin@R2] > ip route add dst-address=4.4.4.4/32 gateway=12.12.12.1 check-gateway=ping
[admin@R2] > ip route add dst-address=4.4.4.4/32 gateway=23.23.23.3 distance=30

Pengecekan

[admin@R2] > tool traceroute 4.4.4.4 src-address=2.2.2.2
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS
1 12.12.12.1 0% 13 0.9ms 0.9 0.8 1 0.1
2 4.4.4.4 0% 13 1.5ms 1.5 1.1 2.7 0.4

[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADC 2.2.2.2/32 2.2.2.2 bridge1 0
1 A S 4.4.4.4/32
12.12.12.1 1
2 S 4.4.4.4/32 23.23.23.3 30
3 ADC 12.12.12.0/24 12.12.12.2 ether1 0
4 ADC 22.22.22.22/32 22.22.22.22 bridge2 0
5 ADC 23.23.23.0/24 23.23.23.2 ether2 0

Apabila kita menggunakan main backup pastinya kurang efektif karena ada link yang tidak dipakai sama sekali (just backup)untuk memanfaatkan 2 link sekaligus dalam BGP non-stub yaitu dengan Load Sharing
Out going filter kearah ISP1:

[admin@R2] > routing filter add chain=ISP1-out prefix=2.2.2.2/32 action=accept
[admin@R2] > routing filter add chain=ISP1-out prefix=22.22.22.22/32 action=accept set-bgp-prepend=3
[admin@R2] > routing filter add chain=ISP1-out action=discard

Out going filters ke ISP2 :

[admin@R2] > routing filter add chain=ISP2-out prefix=2.2.2.2/32 action=accept
[admin@R2] > routing filter add chain=ISP2-out prefix=22.22.22.22/32 action=accept set-bgp-prepend=3
[admin@R2] > routing filter add chain=ISP2-out action=discard

Test traceroute dari R2 ke R4 dengan src address 2.2.2.2 dan 22.22.22.22 liahat apa yang terjadi apakah tiap traceroute dari src-address ip nya berbeda?
Alhamdulillah postingan kali ini telah selesai, jika artikel ini terasa bermanfaat silahkan bisa di share dengan menekan salah satu button dibawah ini.

Wassalamu'alaikum ...

TKJ BERSATU

Lab 20. BGP Multiholming (2 ISP / Non Stub Network)

Share this :

Unknown

0 Komentar

Penulisan markup di komentar