Thursday, March 19, 2015

Simulasi Network Routing BGP dengan Cisco dan Mikrotik

Tugas baru dari kantor, mengkoneksikan user-user yang menggunakan BGP melalui MPLS. Weleh, berat banget ini. Sebelum ke arah simulasi MPLS, dengan inisiatif sendiri, mensimulasikan BGP terlebih dahulu, agar lebih mengerti.

Udah masuk ilmu yang berat ini...
Siap-siap aja ente pusing...
Network Simulasi BGP


Apa itu BGP Border Gateway Protocol) ?
Dari terjemahan katanya, harusnya anda sudah bisa membayangkannya. Border = sisi batas, gateway = pintu gerbang. Bisa terbayanglah jadinya apa itu BGP. BGP adalah protocol untuk menghubungkan antar network yang besar. Antar ISP, antar negara, dsbnya.
Simulasi dengan GNS3, network seperti pada gambar, buat sendiri... Ada tambahan mikrotiknya juga. Ndak tau nantinya bisa connect atau tidak, yang penting buat aja dulu design networknya.

IP addressnya di dalam tabel.
Router
F0/0
F0/1
F1/0
Loopback0
R01
172.16.1.2/30

101.101.101.1/24

R02
172.16.2.2/30

102.102.102.1/24

R03
172.16.3.2/30

103.103.103.1/24

R04
172.16.4.2/30

104.104.104.1/24

R05
172.16.5.2/30

105.105.105.1/24

BGP111
172.16.1.1/30
172.16.2.1/30
10.12.12.1/30
1.1.1.1/32
BGP222
10.12.12.2/30
10.23.23.2/30
172.16.3.1/30
2.2.2.2/32
BGP333
10.23.23.1/30 (e0)
172.16.4.1/30 (e1)
172.16.5.1/30 (e2)



Setting semua router (R01, R02, R03, R04, R05) IP address dan routingnya seperti pada tabel. Contohnya seperti konfigurasi di bawah ini.
R01#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
R01(config)#inter fa0/0
R01(config-if)#desc ##CONNECT-TO-ISP-BGP111##
R01(config-if)#ip addre 172.16.1.2 255.255.255.252
R01(config-if)#no shut
R01(config-if)#inter fa1/0
R01(config-if)#desc ##CONNECT-TO-LAN-CLIENT##
R01(config-if)#ip addres 101.101.101.1 255.255.255.0
R01(config-if)#no shut
R01(config-if)#exit
R01(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1
R01(config)#do wr
Building configuration...
[OK]

Lanjutkan dengan mengkonfigurasi IP address dan routing static, di 3 buah router ISP.
Router ISP-BGP111
ISP-BGP111#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
ISP-BGP111(config)#inter fa0/0
ISP-BGP111(config-if)#desc ##CONNECT-TO-R01##
ISP-BGP111(config-if)#ip address 172.16.1.1 255.255.255.252
ISP-BGP111(config-if)#no shut
ISP-BGP111(config-if)#inter fa0/1
ISP-BGP111(config-if)#desc ##CONNECT-TO-R02##
ISP-BGP111(config-if)#ip address 172.16.2.1 255.255.255.252
ISP-BGP111(config-if)#no shut
ISP-BGP111(config-if)#inter fa1/0
ISP-BGP111(config-if)#desc ##CONNECT-TO-ISP-BGP222##
ISP-BGP111(config-if)#ip address 10.12.12.1 255.255.255.252
ISP-BGP111(config-if)#no shut
ISP-BGP111(config-if)#inter loopback 0
ISP-BGP111(config-if)#ip address 1.1.1.1 255.255.255.255
ISP-BGP111(config-if)#no shut
ISP-BGP111(config-if)#exit
ISP-BGP111(config)#ip route 101.101.101.0 255.255.255.0 172.16.1.2
ISP-BGP111(config)#ip route 102.102.102.0 255.255.255.0 172.16.2.2
ISP-BGP111(config)#do wr
Building configuration...
[OK]
ISP-BGP111(config)#

Router ISP-BGP222
ISP-BGP222#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
ISP-BGP222(config)#inter fa0/0
ISP-BGP222(config-if)#desc ##CONNECT-TO-ISP-BGP111##
ISP-BGP222(config-if)#ip address 10.12.12.2 255.255.255.252
ISP-BGP222(config-if)#no shut
ISP-BGP222(config-if)#inter fa0/1
ISP-BGP222(config-if)#desc ##CONNECT-TO-ISP-BGP333##
ISP-BGP222(config-if)#ip address 10.23.23.2 255.255.255.252
ISP-BGP222(config-if)#no shut
ISP-BGP222(config-if)#inter fa1/0
ISP-BGP222(config-if)#desc ##CONNECT-TO-R03##
ISP-BGP222(config-if)#ip addres 172.16.3.1 255.255.255.252
ISP-BGP222(config-if)#no shut
ISP-BGP222(config-if)#inter loopback0
ISP-BGP222(config-if)#ip address 2.2.2.2 255.255.255.255
ISP-BGP222(config-if)#no shut
ISP-BGP222(config-if)#exit
ISP-BGP222(config)#ip route 103.103.103.0 255.255.255.0 172.16.3.2
ISP-BGP222(config)#do wr
Warning: Attempting to overwrite an NVRAM configuration previously written
by a different version of the system image.
Overwrite the previous NVRAM configuration?[confirm]
Building configuration...
[OK]
ISP-BGP222(config)#

Mikrotik ISP-BGP333
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default \
    disabled=no full-duplex=yes name="ether1 (E0)" speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default \
    disabled=no full-duplex=yes name="ether2 (E1)" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default \
    disabled=no full-duplex=yes name="ether3 (E2)" speed=100Mbps
/ip address
add address=10.23.23.1/30 disabled=no interface="ether1 (E0)" network=\
    10.23.23.0
add address=172.16.4.1/30 disabled=no interface="ether2 (E1)" network=\
    172.16.4.0
add address=172.16.5.1/30 disabled=no interface="ether3 (E2)" network=\
    172.16.5.0
/ip route
add disabled=no distance=1 dst-address=104.104.104.0/24 gateway=172.16.4.2 \
    scope=30 target-scope=10
add disabled=no distance=1 dst-address=105.105.105.0/24 gateway=172.16.5.2 \
    scope=30 target-scope=10

Clients / Users
Setting semua IP address untuk semua users. Kemudian lakukan test ping ke arah gateway. Seharusnya juga bisa di-ping IP lainnya yang masih dalam 1 router. Misalnya dari PC2.
PC2> ip 102.102.102.2/24 102.102.102.1
Checking for duplicate address...
PC1 : 102.102.102.2 255.255.255.0 gateway 102.102.102.1

PC2> ping 102.102.102.1
84 bytes from 102.102.102.1 icmp_seq=1 ttl=255 time=19.002 ms
84 bytes from 102.102.102.1 icmp_seq=2 ttl=255 time=21.503 ms
84 bytes from 102.102.102.1 icmp_seq=3 ttl=255 time=22.503 ms
84 bytes from 102.102.102.1 icmp_seq=4 ttl=255 time=26.004 ms
84 bytes from 102.102.102.1 icmp_seq=5 ttl=255 time=0.500 ms

PC2> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=55.507 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=40.005 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=40.505 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=57.007 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=42.005 ms

PC2> ping 101.101.101.2
101.101.101.2 icmp_seq=1 timeout
84 bytes from 101.101.101.2 icmp_seq=2 ttl=61 time=47.006 ms
84 bytes from 101.101.101.2 icmp_seq=3 ttl=61 time=45.006 ms
84 bytes from 101.101.101.2 icmp_seq=4 ttl=61 time=50.007 ms
84 bytes from 101.101.101.2 icmp_seq=5 ttl=61 time=43.005 ms

Berhasil ping ke gateway, dan ke IP address yang masih dalam satu router. Tapi ke IP lain, di router yang berbeda, masih tidak bisa ping. Agar bisa ping/connect, mari kita tambahkan routing dynamicnya, yaitu BGP.

Setting BGP.
Setting BGP-nya ini masih sederhana. Yang terpenting kan tahu dulu konfigurasi dasar mensetting BGP. Jika sudah bisa yang dasar ini, selanjutnya... terserah anda...
Router ISP-BGP111
ISP-BGP111#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
ISP-BGP111(config)#router bgp 111
ISP-BGP111(config-router)#neighbor 10.12.12.2 remote-as 222
ISP-BGP111(config-router)#bgp log-neighbor-changes
ISP-BGP111(config-router)#no auto-summary
ISP-BGP111(config-router)#no synchronization
ISP-BGP111(config-router)#network 101.101.101.0 mask 255.255.255.0
ISP-BGP111(config-router)#networ 102.102.102.0 mask 255.255.255.0
ISP-BGP111(config-router)#network 1.1.1.1 mask 255.255.255.255
ISP-BGP111(config-router)#exit
ISP-BGP111(config)#exit
ISP-BGP111#wr

Router ISP-BGP222
ISP-BGP222#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
ISP-BGP222(config)#router bgp 222
ISP-BGP222(config-router)#bgp log-neighbor-changes
ISP-BGP222(config-router)#no synchronization
ISP-BGP222(config-router)#neighbor 10.12.12.1 remote-as 111
ISP-BGP222(config-router)#neighbor 10.23.23.1 remote-as 333
ISP-BGP222(config-router)#network 103.103.103.0 mask 255.255.255.0
ISP-BGP222(config-router)#exit
ISP-BGP222(config)#exit
ISP-BGP222#wr
Building configuration...

Pada Cisco, akan ada message/log yang menandakan BGP up, seperti ini,
*Mar  1 01:08:47.349: %BGP-5-ADJCHANGE: neighbor 10.12.12.1 Up

Mikrotik ISP-BGP333
/routing bgp instance
add as=333 disabled=no ignore-as-path-len=no \
    name="bgp 333" redistribute-connected=no redistribute-ospf=\
    redistribute-rip=no redistribute-static=no \
    router-id=3.3.3.3 routing-table=""
/routing bgp network
add disabled=no network=104.104.104.0/24 synchronize=no
add disabled=no network=105.105.105.0/24 synchronize=no
/routing bgp peer
add address-families=ip as-override=no disabled=no \
    hold-time=3m instance="bgp 333" multihop=no name=peer1 \
    nexthop-choice=default passive=no remote-address=10.23.23.2 \
    remote-as=222 remove-private-as=no route-reflect=no ttl=\
    default use-bfd=yes

Pada Mikrotik, untuk melihat status BGP, cek di bagian BGP Peer Status. Jika berhasil akan ada status established, seperti gambar di bawah ini.
Mikrotik - BGP Peer Status

Dan pada bagian ip route list, akan muncul routing tablenya.
Mikrotik - IP Route List

Status BGP dan Test Ping
Beberapa command yang penting untuk melihat status BGP adalah “show ip bgp summary” dan “show ip bgp neighbor”.
ISP-BGP222#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 222
BGP table version is 11, main routing table version 11
6 network entries using 702 bytes of memory
6 path entries using 312 bytes of memory
4/3 BGP path/bestpath attribute entries using 496 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1558 total bytes of memory
BGP activity 6/0 prefixes, 8/2 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.12.12.1      4   111      29      33       11    0    0 00:22:34        3
10.23.23.1      4   333      27      37       11    0    0 00:13:55        2

ISP-BGP222#sh ip bgp neig
BGP neighbor is 10.12.12.1,  remote AS 111, external link
  BGP version 4, remote router ID 1.1.1.1
  BGP state = Established, up for 00:24:55
  Last read 00:00:54, last write 00:00:54, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                7          3
    Keepalives:            27         27
    Route Refresh:          0          0
    Total:                 35         31
-------deleted--------

Lihat juga routingnya, dengan command yang seperti biasanya, “show ip route”
ISP-BGP222# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     102.0.0.0/24 is subnetted, 1 subnets
B       102.102.102.0 [20/0] via 10.12.12.1, 00:05:10
     1.0.0.0/32 is subnetted, 1 subnets
B       1.1.1.1 [20/0] via 10.12.12.1, 00:04:40
     103.0.0.0/24 is subnetted, 1 subnets
S       103.103.103.0 [1/0] via 172.16.3.2
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
     101.0.0.0/24 is subnetted, 1 subnets
B       101.101.101.0 [20/0] via 10.12.12.1, 00:25:52
     172.16.0.0/30 is subnetted, 1 subnets
C       172.16.3.0 is directly connected, FastEthernet1/0
     10.0.0.0/30 is subnetted, 2 subnets
C       10.23.23.0 is directly connected, FastEthernet0/1
C       10.12.12.0 is directly connected, FastEthernet0/0
     104.0.0.0/24 is subnetted, 1 subnets
B       104.104.104.0 [20/0] via 10.23.23.1, 00:07:41
     105.0.0.0/24 is subnetted, 1 subnets
B       105.105.105.0 [20/0] via 10.23.23.1, 00:07:41

Terakhir test ping. Seharusnya sudah bisa ping/connect ke semua IP address. Misalnya dari PC5.
PC5> ping 101.101.101.1
84 bytes from 101.101.101.1 icmp_seq=1 ttl=251 time=88.511 ms
84 bytes from 101.101.101.1 icmp_seq=2 ttl=251 time=53.007 ms
84 bytes from 101.101.101.1 icmp_seq=3 ttl=251 time=72.009 ms
84 bytes from 101.101.101.1 icmp_seq=4 ttl=251 time=78.510 ms
84 bytes from 101.101.101.1 icmp_seq=5 ttl=251 time=53.007 ms

PC5> ping 101.101.101.2
101.101.101.2 icmp_seq=1 timeout
101.101.101.2 icmp_seq=2 timeout
84 bytes from 101.101.101.2 icmp_seq=3 ttl=59 time=61.507 ms
84 bytes from 101.101.101.2 icmp_seq=4 ttl=59 time=34.004 ms
84 bytes from 101.101.101.2 icmp_seq=5 ttl=59 time=68.509 ms

Cuma segitu doank...? gampang ternyata BGP itu...
Ini masih yang sederhana. Secara real mungkin tidak ada seperti ini. Tapi akan lebih complex lagi. Jadi bersiaplah, untuk postingan berikutnya...

O Tidaaaakkk... padahal saya tadi cuma becanda bilang gampang...
Hhehehehe...

No comments:

Post a Comment