Monthly Archives: Desember 2011
Video Pembahasan Soal troubleshoot
Seperti yang telah sy sebutkan pada tulisan sebelumnya mengenai soal-soal troubleshoot. Tentu kita butuh jawaban yang tepat dari persoalan tiket-tiket yang telah diberikan itu. Hal tersebut untuk lebih membantu kita dalam mempersiapkan diri melatih pemahaman dan ketelitian dalam troubleshoot, dikarenakan waktunya hanya 2 jam untuk menyelesaikan lebih kurang 10 tiket.
Berikut video-video tutorial/pembahasan masing-masing tiket (total 27 video) :
Pembahasan troubleshoot hari 1 ( 10 video )
Pembahasan troubleshoot hari 2 ( 8 video, tiket 6 ada 2 part )
Pembahasan troubleshoot hari 3 ( 9 video, tiket 3 dan 4 ada 2 part )
Hari 1 tiket 1 :
Hari 1 tiket 2 :
Hari 1 tiket 3 :
Hari 1 tiket 4 :
Hari 1 tiket 5 :
Hari 1 tiket 6 :
Hari1 tiket 7 :
Hari 1 tiket 8 :
Hari 1 tiket 9 :
Hari 1 tiket 10 :
Hari 2 tiket 1 :
Hari 2 tiket 2 :
Hari 2 tiket 4 :
Hari 2 tiket 5 :
Hari 2 tiket 6 :
Part 1 :
Part 2 :
Hari 2 tiket 7 :
Hari 2 tiket 8 :
Hari 3 tiket 1 :
Hari 3 tiket 3 :
Part 1 :
Part 2:
Hari 3 tiket 4 :
Part 1 :
Part 2 :
Hari 3 tiket 5 :
Hari 3 tiket 6 :
Hari 3 tiket 7 :
Hari 3 tiket 8 :
Soal Troubleshoot
Berikut Soal-soal troubleshoot, untuk pembahasan akan dilakukan video tutorial per tiket yang ada di persoalan tiket-tiket di bawah:
TROUBLESHOOT HARI 1 :
TIKET 1 :
Kondisi : R2 tidak bisa ping ke loopback R3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket 2 :
Kondisi : R1 tidak bisa ping ke loopback R3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket 3 :
Kondisi : R3 bisa ping ke loopback R1, hal tesb tidak diperkenankan. R3 semestinya tidak memiliki route mengenai loopback R1.
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket 4 :
Kondisi : R3 tidak bisa ping ke loopback R2.
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket5:
Kondisi : R1 tidak bisa telnet ke 10.10.10.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket6 :
Kondisi : R1 tidak bisa telnet ke 10.10.10.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket 7 :
Kondisi : R3 tidak bisa ping 10.10.10.1 dan R1 tidak bisa ping ke 10.10.10.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket8 :
Kondisi : R2 tidak bisa ping ke 10.10.10.1
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket9 :
Kondisi : R2 tidak bisa ping ke 10.10.10.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket10 :
Kondisi : R4 tidak bisa ping ke 3.3.3.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
TROUBLESHOOT HARI 2 :
Tiket1 :
Kondisi : R1 tidak bisa ping ke 10.10.10.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket2 :
Kondisi : R1 tidak bisa ping ke loopback R3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket3 :
Kondisi : R3 tidak bisa ping ke loopback R1
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket4 :
Kondisi : R1 tidak bisa ping ke loopback R3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket5 :
Kondisi : pastikan semua ip loopback bisa diping dari setiap router
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket6 :
Kondisi : Pastikan R5 bisa load balancing saat mengirim paket ke R4
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket7 :
Kondisi : R3 tidak bisa ping ke loopback R2 dan sebaliknya
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket8 :
Kondisi : Pastikan semua router bisa ping ip loopback router lainnya
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Troubleshoot Hari-3 :
Tiket1 :
Kondisi : Pastikan semua loopback bisa diping dari semua router
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket2 :
Kondisi : R1 tidak bisa ping ke loopback R3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket 3 :
Kondisi : R1 tidak bisa ping ke loopback R4, demikian juga sebaliknya
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket4 :
Kondisi : R4 tidak bisa ping ke loopback R1
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket5 :
Kondisi : R1 tidak bisa ping ke 3.3.3.3
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket6 :
Kondisi : Pastikan semua loopback bisa diping dari semua router
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket7 :
Kondisi : Pastikan semua loopback bisa diping dari semua router
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Tiket8 :
Kondisi : Pastikan semua loopback bisa diping dari semua router
- Permasalahan ada di device mana saja?
- Konfigurasi apa yang salah pada devicenya?
- Bagaimana konfigurasi sebenarnya?
Soal IPv6 :
Soal 1 ipv6 :
Pastikan semua ip loopback bisa diping dari semua router
Soal2 ipv6 :
Tanpa mengkonfigurasikan statik/dynamic routing pada R3, pastikan R3 bisa melakukan ping ke loopback R1
Konfigurasi lab sabtu
Hari sabtu ini merupakan hari terakhir untuk bootcamp ini di cisarua. Hari terakhir ini kami diminta oleh pak dedi gunawan untuk mengerjakan tshoot dan lab seperti layaknya ujian.
Jadi ada 2 jam untuk troubleshoot dan 7 jam untuk lab konfigurasi.
Topologi tshoot :
Berikut soal tshoot nya :
Ticket 1:
R22 can not establish OSPF neighbor with R23 , fix the problem so that OSPF neighbor is up
Ticket 2:
R16 can not telnet host 10.1.1.19 (r19 loopback ) with source loopback 0
Ticket 3:
R17 and R18 can not synchronize ntp from R16
Ticket 4:
get nat tarns output on r22 as given below
Pro Inside global Inside local Outside local Outside global
tcp 172.29.7.12:21474 10.1.1.20:21474 100.10.10.10:23 100.10.10.10:23
tcp 172.29.7.11:43476 10.1.1.20:43476 100.10.10.10:80 100.10.10.10:80
Ticket 5 :
All the PE routers must see the other Pe routers loopback 0 in show ip bgp table with two entries.
Ticket 6 :
Fix the problem so that VPN Site-B can ping each others
Ticket 7 :
Fix the problem so that VPN Site-A can ping each others
Ticket 8 :
10.1.1.4 is a NMS ,ensure if R16 interface s0/0 goes down , R16 still can use loopback send snmp to trap link status
Ticket 9 :
Ensure R20 loopback interface 200.20.20.20 can ping 198.168.14.1 and 198.168.20.1
Ticket 10 :
Ensure R8 can ping R4 loopback 200 CC1E:1000:100::100 without configuring any routing rotocol or static route on r8
Ticket 11 :
ensure r14 can telnet 10.1.1.8 with source loopback 0
Ticket 12 :
Traffic which mark precedence 4 from r11/r12 to r7/r8 need to be change to precedence 5
Ticket 13 :
R11, R12 should take the path R9-R7-R8 to R8 use pbr
Ticket 14 :
DOS attack to R20 lo add 200 ( 200.20.20.20)
Setelah tshoot maka kami juga harus mengerjakan mock lab nya dimana di session ini berlangsung selama lebih kurang 7 jam.
Untuk topologi yang harus kami kerjakan dan soal lab nya ada sbb :
Topologi lab konfigurasi :
Sedangkan soal lab nya :
Multicast
Mengenai Multicast ada beberapa jenis multicast di dunia networking.
Dense Mode
Pada dense mode, router akan mengirimkan/membanjiri trafik multicast ke semua router yang mengaktifkan multicast pada interfacenya.
Jika ada router yang tidak memiliki client yang menginginkan traffic multicast, maka router akan mengirimkan konfirmasi (prune message) agar tidak dikirimi untuk multicast lagi.
Sparse Mode
Pada sparse mode, host harus mengirimkan request terlebih dahulu, baru kemudian akan dikirimi traffic multicast.
Dala sparse mode ada router yang dipilih menjadi RP (Rendezvous Point) sebagai pusat untuk menghubungkan antara multicast source dan router-router yang memiliki host multicast user/client di bawahnya.
Pemilihan RP ada 3 :
- Static RP
- Auto-RP (cisco proprietary)
- BSR
Pada IPv6 hanya ada sparse mode, tidak ada dense mode. Oleh karenanya tidak memungkinkan adanya auto-RP karena auto-RP juga membutuhkan dense-mode untuk kebutuhan pemilihan candidate RP dan Mapping Agent nya.
Untuk lebih mengetahui mengenai sparse mode dan dense mode ini, kita akan mempraktekkannya di lab dengan menggunakan GNS3.
- Sparse Dense Mode – Auto Mode
R1#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
This system is an RP-mapping agent
Group(s) 224.0.0.0/4
RP 1.1.1.1 (?), v2v1
Info source: 1.1.1.1 (?), elected via Auto-RP
Uptime: 00:00:05, expires: 00:02:51
R1# ]
R1(config)#ip pim send-r
R1(config)#ip pim send-rp-ann
R1(config)#ip pim send-rp-announce lo0
% Incomplete command.
R1(config)#ip pim send-rp-announce lo0 sco 255
R1(config)#ip pim send
R1(config)#ip pim send-rp-dis
R1(config)#ip pim send-rp-discovery sco 255
R1(config)#exit
R1#sh i
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
RP 1.1.1.1 (?), v2v1
Info source: 12.12.12.1 (?), elected via Auto-RP
Uptime: 00:03:20, expires: 00:02:34
R2#
R2
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
RP 1.1.1.1 (?), v2v1
Info source: 12.12.12.1 (?), elected via Auto-RP
Uptime: 00:03:20, expires: 00:02:34
- Sparse Mode – Static RP
konfig R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
ip pim sparse-mode
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.23.23.2 255.255.255.0
ip pim sparse-mode
ip ospf 1 area 0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip pim rp-address 2.2.2.2
!
!
!
!
!
Konfig R3
!
ip multicast-routing
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 23.23.23.3 255.255.255.0
ip pim sparse-mode
ip ospf 1 area 0
duplex auto
speed auto
!
!
router ospf 1
log-adjacency-changes
!
no ip http secure-server
ip pim rp-address 2.2.2.2
R1#show ip pim int
Address Interface Ver/ Nbr Query DR DR
Mode Count Intvl Prior
12.12.12.1 FastEthernet0/0 v2/S 1 30 1 12.12.12.2
1.1.1.1 Loopback0 v2/S 0 30 1 1.1.1.1
R1#
R1#sh ip pim rp mapping
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static
RP: 2.2.2.2
R1#
utgoing interface flags: H – Hardware switched, A – Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.0.0.1), 00:47:15/00:02:59, RP 2.2.2.2, flags: SJCL
Incoming interface: FastEthernet0/0, RPF nbr 12.12.12.2
Outgoing interface list:
Loopback0, Forward/Sparse, 00:47:15/00:02:59
(*, 239.0.0.2), 00:47:15/00:02:54, RP 2.2.2.2, flags: SJCL
Incoming interface: FastEthernet0/0, RPF nbr 12.12.12.2
Outgoing interface list:
Loopback0, Forward/Sparse, 00:47:15/00:02:54
(*, 224.0.1.40), 00:57:03/00:02:59, RP 2.2.2.2, flags: SJPCL
Incoming interface: FastEthernet0/0, RPF nbr 12.12.12.2
Outgoing interface list: Null
R2#sh ip pim int
Address Interface Ver/ Nbr Query DR DR
Mode Count Intvl Prior
12.12.12.2 FastEthernet0/0 v2/S 1 30 1 12.12.12.2
23.23.23.2 FastEthernet0/1 v2/S 1 30 1 23.23.23.3
2.2.2.2 Loopback0 v2/S 0 30 1 2.2.2.2
R2#
R3#ping 239.0.0.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.0.0.1, timeout is 2 seconds:
Reply to request 0 from 12.12.12.1, 60 ms
Reply to request 0 from 12.12.12.1, 60 ms
R3#sh ip mroute
IP Multicast Routing Table
Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,
L – Local, P – Pruned, R – RP-bit set, F – Register flag,
T – SPT-bit set, J – Join SPT, M – MSDP created entry,
X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,
U – URD, I – Received Source Specific Host Report,
Z – Multicast Tunnel, z – MDT-data group sender,
Y – Joined MDT-data group, y – Sending to MDT-data group
Outgoing interface flags: H – Hardware switched, A – Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.0.0.1), 00:00:26/stopped, RP 2.2.2.2, flags: SPF
Incoming interface: FastEthernet0/0, RPF nbr 23.23.23.2
Outgoing interface list: Null
(3.3.3.3, 239.0.0.1), 00:00:26/00:03:10, flags: FT
Incoming interface: Loopback0, RPF nbr 0.0.0.0, Registering
Outgoing interface list:
FastEthernet0/0, Forward/Sparse, 00:00:26/00:03:03
(23.23.23.3, 239.0.0.1), 00:00:26/00:02:40, flags: PFT
Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
Outgoing interface list: Null
(*, 224.0.1.40), 00:58:48/00:02:28, RP 2.2.2.2, flags: SJPCL
Incoming interface: FastEthernet0/0, RPF nbr 23.23.23.2
Outgoing interface list: Null
- Dense Mode
konfig R1
!
ip multicast-routing
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip pim dense-mode
ip igmp join-group 239.0.0.1
ip igmp join-group 239.0.0.2
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
ip pim dense-mode
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
Konfig R2
ip multicast-routing
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip pim dense-mode
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
ip pim dense-mode
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.23.23.2 255.255.255.0
ip pim dense-mode
ip ospf 1 area 0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
!
konfig R3
!
!
ip multicast-routing
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip pim dense-mode
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 23.23.23.3 255.255.255.0
ip pim dense-mode
ip ospf 1 area 0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
!
R3#ping 239.0.0.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.0.0.1, timeout is 2 seconds:
Reply to request 0 from 12.12.12.1, 72 ms
Reply to request 0 from 12.12.12.1, 76 ms
R3#ping 239.0.0.2
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.0.0.2, timeout is 2 seconds:
Reply to request 0 from 12.12.12.1, 44 ms
Reply to request 0 from 12.12.12.1, 48 ms
Redistribution
Redistribusi dalam networking ada beberapa jenis baik itu redistribusi ospf ke rip atau sebaliknya maupun redistribusi yang lain.
Untuk 1 titik redistribusi dalam sebuah cloud network tidak akan mengandung resiko, tetapi apabila 2 titik atau lebih akan sangat riskan terhadap network kita, oleh karena itu dalam pengaturan redistribusi harus benar-benar berhati-hati agar tidak terjadi risk yang tinggi dalam network kita seperti loop.
Untuk lab redistribusi ini sy akan membahas yang satu titik saja terlebih dahulu yaitu mutual redistribution, bagaimana konfigurasi dan penerapannya di lab dengan menggunakan gns :
- Mutual Redistribution
R1:
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 13.13.13.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 1.1.1.1 0.0.0.0
network 12.12.12.1 0.0.0.0
network 13.13.13.1 0.0.0.0
no auto-summary
!
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 2.2.2.2 0.0.0.0
network 12.12.12.2 0.0.0.0
network 24.24.24.2 0.0.0.0
no auto-summary
!
R3:
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 13.13.13.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 35.35.35.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 3.3.3.3 0.0.0.0
network 13.13.13.3 0.0.0.0
no auto-summary
!
router ospf 1
log-adjacency-changes
network 35.35.35.3 0.0.0.0 area 0
!
R4:
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 24.24.24.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 46.46.46.4 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 24.24.24.4 0.0.0.0
no auto-summary
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 46.46.46.4 0.0.0.0 area 0
!
R5:
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 56.56.56.5 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 35.35.35.5 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 35.35.35.5 0.0.0.0 area 0
network 56.56.56.5 0.0.0.0 area 0
!
R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
ip address 56.56.56.6 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 46.46.46.6 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network 46.46.46.6 0.0.0.0 area 0
network 56.56.56.6 0.0.0.0 area 0
!
!
Untuk menghindari routing loop, selain dengan merubah nilai administrative distance, kita bisa juga dengan menandai atau route tagging pada setiap network yang di redistribute.
R3:
!
router eigrp 1
redistribute ospf 1 metric 1 1 1 1 1 route-map OSPF-ke-EIGRP
!
router ospf 1
log-adjacency-changes
!
route-map EIGRP-ke-OSPF deny 10
match tag 120
!
route-map EIGRP-ke-OSPF permit 20
set tag 90
!
route-map OSPF-ke-EIGRP deny 10
match tag 90
!
route-map OSPF-ke-EIGRP permit 20
set tag 120
R4:
router eigrp 1
redistribute ospf 1 metric 1 1 1 1 1 route-map OSPF-ke-EIGRP
!
router ospf 1
log-adjacency-changes
!
route-map EIGRP-ke-OSPF deny 10
match tag 120
!
route-map EIGRP-ke-OSPF permit 20
set tag 90
!
route-map OSPF-ke-EIGRP deny 10
match tag 90
!
route-map OSPF-ke-EIGRP permit 20
set tag 120
Cek routing table di R1:
R1#sh ip route 5.5.5.5
Routing entry for 5.5.5.5/32
Known via “eigrp 1″, distance 170, metric 2560051456
Tag 120, type external
Redistributing via eigrp 1
Last update from 12.12.12.2 on FastEthernet0/0, 00:00:08 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 12.12.12.2, 00:00:08 ago, via FastEthernet0/0
Route metric is 2560051456, traffic share count is 1
Total delay is 2010 microseconds, minimum bandwidth is 1 Kbit
Reliability 1/255, minimum MTU 1 bytes
Loading 1/255, Hops 2
Route tag 120
R1#sh ip route 6.6.6.6
Routing entry for 6.6.6.6/32
Known via “eigrp 1″, distance 170, metric 2560025856
Tag 120, type external
Redistributing via eigrp 1
Last update from 13.13.13.3 on FastEthernet0/1, 00:00:30 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:00:30 ago, via FastEthernet0/1
Route metric is 2560025856, traffic share count is 1
Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit
Reliability 1/255, minimum MTU 1 bytes
Loading 1/255, Hops 1
Route tag 120
R6#sh ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via “ospf 1″, distance 110, metric 1
Tag 90, type extern 2, forward metric 10
Last update from 46.46.46.4 on FastEthernet0/1, 00:02:12 ago
Routing Descriptor Blocks:
* 46.46.46.4, from 4.4.4.4, 00:02:12 ago, via FastEthernet0/1
Route metric is 1, traffic share count is 1
Route tag 90
R6#sh ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via “ospf 1″, distance 110, metric 1
Tag 90, type extern 2, forward metric 10
Last update from 46.46.46.4 on FastEthernet0/1, 00:02:46 ago
Routing Descriptor Blocks:
* 46.46.46.4, from 4.4.4.4, 00:02:46 ago, via FastEthernet0/1
Route metric is 1, traffic share count is 1
Route tag 90
NAT
NAT atau Network Address Translation merupakan salah satu fungsi yang bertujuan untuk menghubungkan dua jaringan yang berbeda, dimana NAT ini bisa digunakan sebagai penghubung dari IP private ke IP public.
Berikut beberapa lab yang sy praktekkan di gns :
- Dynamic NAT Overload
Konfigurasi R1
Ip nat pool TES 12.12.12.12 12.12.12.2 prefix-length 24
Ip nat inside source list 1 pool TES overload
Konfigurasi R1
Int lo0
Ip add 10.10.10.2 255.255.255.0 secondary
Ip add 10.10.10.3 255.255.255.0 secondary
Ip add 10.10.10.4 255.255.255.0 secondary
Ip add 10.10.10.5 255.255.255.0 secondary
Ip add 10.10.10.1 255.255.255.0
Ip nat inside
!
Int f0/0
Ip add 12.12.12.1 255.255.255.0
Ip nat outside
!
Ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
Ip nat inside source list 1 interface s1/0 overload
!
Access-list 1 permit 10.10.10.2
Access-list 1 permit 10.10.10.3
Access-list 1 permit 10.10.10.1
Access-list 1 permit 10.10.10.4
Access-list 1 permit 10.10.10.5
- Dynamic Nat (LOAD BALANCING)
Konfigurasi R1
Ip nat pool TES 10.10.10.1 10.10.10.5 prefix-length 24 type rotary
Ip nat inside destination list 1 pool TES
!
Access-list 1 permit 20.20.20.1
- Dynamic NAT (Match Host)
Alokasi bagian host ip local akan sama dengan bagian host ip publik nya
10.10.10.1 – 20.20.20.20.1
10.10.10.2 – 20.20.20.20.2
10.10.10.3 – 20.20.20.20.3
10.10.10.4 – 20.20.20.20.4
10.10.10.5 – 20.20.20.20.5
Konfigurasi di R1
Conf t
Clear ip nat translation *
Ip nat pool TES 20.20.20.1 20.20.20.5 prefix-length 24 type match-host
- Dynamic NAT (Sequence)
Konfigurasi R1
Int lo0
Ip add 10.10.10.2 255.255.255.0 secondary
Ip add 10.10.10.3 255.255.255.0 secondary
Ip add 10.10.10.4 255.255.255.0 secondary
Ip add 10.10.10.5 255.255.255.0 secondary
Ip add 10.10.10.1 255.255.255.0
Ip nat inside
!
Int f0/0
Ip add 12.12.12.1 255.255.255.0
Ip nat outside
!
Ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
Ip nat pool TES 20.20.20.1 20.20.20.5 prefix-length 24
Ip nat inside source list 1 pool TES
!
Access-list 1 permit 10.10.10.2
Access-list 1 permit 10.10.10.3
Access-list 1 permit 10.10.10.1
Access-list 1 permit 10.10.10.4
Access-list 1 permit 10.10.10.5
- NAT STATIC (Extendable)
Konfigurasi R1
Int lo0
Ip add 10.10.10.1 255.255.255.0
Ip nat inside
!
Int f0/0
Ip add 12.12.12.1 255.255.255.0
Ip nat outside
Int f0/1
Ip add 13.13.13.1 255.255.255.0
Ip nat outside
!
Ip nat inside source static 10.10.10.1 20.20.20.1 extendable
Ip nat inside source static 10.10.10.1 30.30.30.1 extendable
Konfigurasi R2
Int f0/0
Ip add 12.12.12.2 255.255.255.0
!
Ip route 20.20.20.0 255.255.255.0 12.12.12.1
Int f0/0
Ip add 13.13.13.3 255.255.255.0
Ip route 30.30.30.0 255.255.255.0 13.13.13.1
- NAT Static (Network to Network)
Hapus dulu konfigurasikan NAT Static sebelumnya
conf t
no ip nat inside source static 10.10.10.1 12.12.12.3
Konfigurasi R1
conf t
Ip nat inside source static network 10.10.10.0 20.20.20.20.0
Konfigurasi R2
di R2 dikonfigurasikan route ke network 20.20.20.0/24 agar bisa mengembalikan paket ping nya
Conf t
Ip route 20.20.20.20.0 255.255.255.0 12.12.12.1
Troubleshooting Lab jumat dan kamis malam
Hari kamis sore semua pelajaran bab demi bab yang sy pelajari dari hari pertama bootcamp CCIE RS ini selesai juga. Mulai kamis malam sy dan rekans-rekans seperjuangan akan mulai melakukan lab secara keseluruhan, jadi bukan hanya frame relay saja atau bgp saja, tapi merupakan gabungan dari keseluruhan pelajaran mengenai CCIE ini.
Untuk kamis malam sy terlebih dahulu mengerjakan troubleshoot, yaitu mencari letak kesalahan dari sebuah konfigurasi dan memperbaikinya. Di ujian real CCIE, ujian ini memakan waktu selama 2 jam, dimana kita harus mengerjakan beberapa soal (tiket), dan harus selesai dalam waktu 2 jam dengan ambang batas nilai, yaitu 80%.
Apabila kita mengambil ujian CCIE RS, dan dalam 2 jam pertama kita merasa ga bisa menyelesaikan 80 % soal, maka kita daripada kita buang-buang waktu mengerjakan lab konfigurasi berikutnya. Kita tinggal datang ke proctor (penilai) dan ngomong, “hi sir, i think i have to go to disneyland, because i have booked the ticket” . 😀
Hal ini lebih baik dilakukan daripada meneruskan lebih kurang 7 jam sia-sia untuk lab konfigurasi.
-
Troubleshooting kamis malam :
soal :
Ticket 1:
There is an issue that prevents R25 to ping R22, Check the issue and provide a solution
to this issue
Ticket 2 :
R22 is NTP Server and R23, R24 NTP Client, but R23 and R24 cannot get right time
from R22.. Check the problem and provide a solution to this problem.
Ticket 3 :
R15 cannot establish OSPF neighborship with R16. Check the problem and provide a solution to this problem.
Ticket 4 :
R18 cannot establish OSPF neighborship with R17. Check the problem and provide a
solution to this problem
Ticket 5 : R20 can not ping the routes in R21 RIP process. Check the problem and provide a solution to this problem.
Ticket 6 :
R9 and R10 want to access R11 go though R8>>R7>>R11, but it is going through R8>>R11,
Check the problem and provide a solution to this problem.
Ticket 7 :
The link between R22 and R3 is PPP and this link have enabled PPP authentication. The link is down, Check the problem and provide a solution to this problem
Ticket 8 :
R4 try to ping R5 With extended parameters with a size of 500 bytes and ip precedence of 5, but ping is not working. Check the problem and provide a solution to this problem.
Ticket 9 :
R22 and R15 are CEs, they learn the routes through MPLS VPN, but they can not ping MPLS VPN routes. Check the problem and provide a solution to this problem.
Ticket 10 :
R7 CE can not ping R15 CE routes, Check the problem and provide a solution to this problem.
Ticket 11 :
R14 can not ping R7, Check the problem and provide a solution to this problem.
Ticket 12 :
On R12 one policy map is configured with ip precedence 1 but we need this policy map to be match ip precedence 5. so make this configuration. Change and check if it working or not.
Ticket 13 :
R5 try to ping R4 with extended parameters with a packet size of 46 byte but ping is not working. Check the problem and provide solution to this problem.
Solusi
1. masalah DHCP , perbesar network range dalam pool di DHCP server
2. timezone nya tidak sama
3. Masalah di Frame Relay Switch
4. masalah di Frame relay switch
5. Masalah di Frame relay switch
6. tambahkan OSPF cost
- Troubleshooting Jumat 1
Soal :
Ticket 1:
The link between R27 and R8 is not in use. Configure your network to ensure that PC from AS300 connection to router 27 need to access the AS100, the traffic should goes over the link from Router R27 to Router R8. use only one command
Ticket2:
Router R7 can not establish ssh connection to router R8 using port 2009 with user cisco and password ccie.
Ticket 3:
The traffic stream from host 10.1.24.1 to host 10.1.1.4 is not receiving critical precedence. Fix the problem so that the stream is marked with the precedence of priority in EIGRP 200, marked with the precedence of network in OSPF area 2 and precedence of critical in OSPF area 0, area 1.
Ticket 4:
On R30, there is a multicast group 224.2.1.1, join into loopbak0, but router 17 can not ping 224.2.1.1.
Ticket 5:
The traffic from R21 to R24 should load balance across link between R22 and R23 .
Ticket 6:
R4 and R6 cant establish OSPF neighborship. Fix the problem.
Ticket 7:
The link between R25 and R24 is not working.
Ticket 8:
R13 and R15 cant establish ospf neighbor.
Ticket 9
R14 is not sending SNMP messages to SNMP server 172.14.14.14 when serial interface status become up or down, fix this problem so that the SNMP message can be sent to the server. send trap message.
Ticket 10:
PC connected to R1 cant ping R4, fix this problem
Ticket 11:
After R2 telnet to R1 with user cisco and password ccie, you can use the show run and config terminal command.
Ticket 12:
Enable Authentication for R8 and R29 with one command.
Ticket 13:
There is a server with ip 1.100.100.100 connect to R18, but can not find this network on R27.
Fix this problem
Ticket 14
R1 and R2 cannot access R4 .
Ticket 15:
R25 cannot receive 10.1.24.1
- Troubleshooting Jumat-2
Soal :
Ticket1.
R22 can not establish ospf neighbor with R23, Fix this problem so that the OSPF-neighbor relationship is up.
Ticket2.
The eigrp relationship between R17 and R19, R18 and R19 are down, fix this problem and ensure the eigrp neighbor relationship is up.
Ticket3.
R17 and R18 cannot synchronize time with NTP server R16, fix this problem so that R17 and R18 can synchronize and authenticate with the NTP server.
Ticket4.
R24 can not reach host 198.168.14.1, fix this problem so that R24 can access it.
Ticket5.
The traffic stream from host 10.1.1.14 to host 10.1.1.7 is not receiving precedence critical, fix this problem so that the traffic stream is marked with precedence critical.
Ticket6
A stream of ICMP packet of 46 bytes each which are sourced from R5 to R4 E0/1 is currently resulting in a 97% success rate, fix this problem so that the ICMP is 100% succeed.
Ticket 7.
Host 10.1.1.11 and host 10.1.1.12 can not go to R8 with path R9-R7-R8, fix this problem and make sure the traffic go through R9-R7-R8.
Ticket 8
The host 171.1.1.1 in VPN site-b can not reach host 171.2.2.2 in VPN site-a, fix this problem so that those two hosts can access each other.
Ticket9.
R15 and R16 can not establish eigrp-neighbor, fix this problem without removing authentication.
Ticket10.
R16 has been getting DoS attacks from R18 and R17 find a way to fix the problem so R16 is protected from DOS attacks
Ticket11
fix a problem between R19 and R16 EIGRP
Ticket12
problem between R14 and R7 with telnet
Ticket13
Pc 171.2.2.2 can not ping 192.168.20.1 in RIP.
QOS dan IP services
QOS kependekan dari Quality of Services.
Untuk qos ini digunakan di operator-operator untuk mengatur packet-packet yang akan melewati router.
Dengan qos bisa ditentukan kualitas delay, jitter, maupun packet drop dari sebuah packet yang melewati router.
Langsung saja kita menuju lab, karena untuk qos ini kita akan lebih memahami dengan mempraktekkannya di lab (biasa yang sy gunakan tetap gns3 🙂 )
- Match IP Precedence
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#class-map QOS0
R1(config-cmap)#match ip precedence 0
R1(config)#class-map QOS1
R1(config-cmap)#match ip precedence 1
R1(config)#class-map QOS2
R1(config-cmap)#match ip precedence 2
R1(config)#class-map QOS3
R1(config-cmap)#match ip precedence 3
R1(config-cmap)#class-map QOS4
R1(config-cmap)#match ip prece 4
R1(config-cmap)#class-map QOS5
R1(config-cmap)#match ip prec 5
R1(config-cmap)#class-map QOS6
R1(config-cmap)#match ip prec 6
R1(config-cmap)#class-map QOS7
R1(config-cmap)#match ip prec 7
R1(config)#policy-map belajar_qos
R1(config-pmap)#class QOS0
R1(config-pmap-c)#class QOS1
R1(config-pmap-c)#class QOS2
R1(config-pmap-c)#class QOS3
R1(config-pmap-c)#class QOS4
R1(config-pmap-c)#class QOS5
R1(config-pmap-c)#class QOS6
R1(config-pmap-c)#class QOS7
R1(config)# int fa0/0
R1(config-if)#service-policy input belajar_qos
Cek ping :
R2#ping 12.12.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/52/80 ms
Cek route table :
R1#sh policy-map interface fa0/0
FastEthernet0/0
Service-policy input: belajar_qos
Class-map: QOS0 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 0
Class-map: QOS1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 1
Class-map: QOS2 (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 2
Class-map: QOS3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 3
Class-map: QOS4 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 4
Class-map: QOS5 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: QOS6 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 6
Class-map: QOS7 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 7
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
- Priority Queue
Topologi yang digunakan masih sama dengan topologi lab sebelumnya.
Ada 4 metode antrian : High, Medium, Normal, Low
Skenario lab nya sbb :
trafik dari lo0 R1 ke lo0 R2 masuk ke LOW Queue
Semua HTTP masuk ke MEDIUM Queue
Semua FTP masuk ke NORMAL Queue
Dan selain diatas masuk ke LOW Queue
Berikut konfigurasinya :
R1(config)#priority-list 1 protocol ip medium tcp 80
R1(config)#priority-list 1 protocol ip normal tcp 21
R1(config)#priority-list 1 default low
R1(config)#ip access-list extended 100
R1(config-ext-nacl)#permit icmp any any echo
R1(config-ext-nacl)#permit icmp any any echo-reply
Cek prioritynya :
R1#sh queueing priority
Current DLCI priority queue configuration:
Current priority queue configuration:
List Queue Args
1 low default
1 low protocol ip list 100
1 medium protocol ip tcp port www
1 normal protocol ip tcp port ftp
Cek telnet :
R1#telnet 12.12.12.2 80 /so lo0
Trying 12.12.12.2, 80 … Open
*Mar 1 01:01:43.307: PQ: FastEthernet0/0: ip (tcp 80) -> medium
*Mar 1 01:01:43.307: PQ: FastEthernet0/0 output (Pk size/Q 60/1)
*Mar 1 01:01:43.363: PQ: FastEthernet0/0: ip (tcp 80) -> medium
*Mar 1 01:01:43.367: PQ: FastEthernet0/0 output (Pk size/Q 60/1)
*Mar 1 01:01:43.371: PQ: FastEthernet0/0: ip (tcp 80) -> medium
*Mar 1 01:01:43.371: PQ: FastEthernet0/0 output (Pk size/Q 60/1)
- RSVP
Masih dengan topologi yang sama seperti sebelumnya.
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#ip rsvp band 64 64
R1(config-if)#ip rsvp sender-host 2.2.2.2 1.1.1.1 tcp 23 65535 10 1
R2(config)#int fa0/0
R2(config-if)#ip rsvp band 64 64
R2(config-if)#ip rsvp sender-host 2.2.2.2 1.1.1.1 tcp 23 65535 ff rate 10 1
R2(config)#ip rsvp reservation-host 2.2.2.2 1.1.1.1 tcp 23 65535 ff rate 10 1
- MQC Bandwidth
Tetap dengan konfigurasi yang sama seperti sebelumnya.
Tambahkan konfigurasinya :
R1(config-if)#service-policy output belajar
R1#sh policy-map interface fa0/0 output
FastEthernet0/0
Service-policy output: belajar
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
Queueing
Output Queue: Conversation 265
Bandwidth 50 (%)
Bandwidth 5000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: TFTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol tftp
Queueing
Output Queue: Conversation 266
Bandwidth 20 (%)
Bandwidth 2000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: DHCP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol dhcp
Queueing
Output Queue: Conversation 267
Bandwidth 1 (%)
Bandwidth 100 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Output Queue: Conversation 268
Bandwidth 1 (%)
Bandwidth 100 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
- LLQ
Masih dengan topologi yang sama dengan sebelumnya.
Konfigurasinya :
R1(config)#class-map match-all TELNET
R1(config-cmap)#match protocol telnet
R1(config)#policy-map QOS
R1(config-pmap)#class TELNET
R1(config-pmap-c)#priority 640
R1#sh policy-map int fa0/0
FastEthernet0/0
Service-policy output: QOS
Class-map: TELNET (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol telnet
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 640 (kbps) Burst 16000 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
- TRAFFIC SHAPPING
Masih menggunakan topologi sebelumnya.
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#traffic-shape rate 64000 8000 0 1000
Cek traffic nya :
R1#sh traffic-shape
Interface Fa0/0
Access Target Byte Sustain Excess Interval Increment Adapt
VC List Rate Limit bits/int bits/int (ms) (bytes) Active
– 64000 1000 8000 0 125 1000 –
- Legacy Commited access Rate
Msh topologi yang sama.
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#rate-limit input 64000 8000 8000 conform-action transmit exceed-action drop
R1#sh int fa0/0 rate-limit
FastEthernet0/0
Input
matches: all traffic
params: 64000 bps, 8000 limit, 8000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 1044696ms ago, current burst: 0 bytes
last cleared 00:00:54 ago, conformed 0 bps, exceeded 0 bps
Cek ping
R1#ping 12.12.12.2 rep 100 si 5000
Type escape sequence to abort.
Sending 100, 5000-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
.!!.!!.!!.!!.!!.!!.
Success rate is 63 percent (12/19), round-trip min/avg/max = 120/137/172 ms
R1#sh int fa0/0 rate-limit
FastEthernet0/0
Input
matches: all traffic
params: 64000 bps, 8000 limit, 8000 extended limit
conformed 56 packets, 71624 bytes; action: transmit
exceeded 16 packets, 20464 bytes; action: drop
last packet: 4700ms ago, current burst: 6924 bytes
last cleared 00:03:37 ago, conformed 2000 bps, exceeded 0 bps
- MQC Policing
Topologi tetap sama.
Konfigurasinya :
R1(config)#policy-map belajar
R1(config-pmap)#class class-default
R1(config-pmap-c)#police cir 64000 bc 8000 be 8000
R1(config-pmap-c-police)#conform-action transmit
R1(config-pmap-c-police)#exceed-action drop
Kita pasang di interface
R1(config)#int fa0/0
R1(config-if)#service-policy input belajar
Cek ping :
R1#ping 12.12.12.2 re 100 si 5000
Type escape sequence to abort.
Sending 100, 5000-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!.!.!.!.!.!.
Success rate is 50 percent (6/12), round-trip min/avg/max = 124/146/168 ms
R1#sh policy-map interface fa0/0
FastEthernet0/0
Service-policy input: LATIHAN
Class-map: class-default (match-any)
53 packets, 61962 bytes
5 minute offered rate 2000 bps, drop rate 2000 bps
Match: any
police:
cir 64000 bps, bc 8000 bytes
conformed 47 packets, 52878 bytes; actions:
transmit
exceeded 6 packets, 9084 bytes; actions:
drop
conformed 7000 bps, exceed 2000 bps
Nah lab-lab di atas mewakili mengenai QOS, berikut beberapa lab mengenai IP Services yang sy praktekkan di gns3 :
- LAB DHCP
Konfigurasinya :
R1(config)#ip dhcp pool cisco
R1(dhcp-config)#network 12.12.12.0 /24
R1(dhcp-config)#default-router 12.12.12.1
R1(dhcp-config)#dns-server 100.100.100.100 200.200.200.200
Jika kita ingin menambahkan masa waktu ip tidak lebih dari 6 hari 5 jam
R1(dhcp-config)#lease 6 5
Misalkan ada printer dengan ip 12.12.12.12 yang akan dipasang dengan mac nya aaaa.bbbb.cccc
R1(config)#ip dhcp pool PRINTER
R1(dhcp-config)#host 12.12.12.12 255.255.255.0
R1(dhcp-config)#hardware-address aaaa.bbbb.cccc
R1(dhcp-config)#default-router 12.12.12.1
R1(config)#ip dhcp ping packets 5
R1(config)#ip dhcp ping timeout 300
- LAB HSRP
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#no sh
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#standby 1 ip 12.12.12.12
R1(config-if)#standby 1 preem
R1(config-if)#standby 1 authentication md5 key-string cisco
R1(config-if)#int se0/0
R1(config-if)#no sh
R1(config-if)#ip add 13.13.13.1
R1(config-if)#router eigrp 1
R1(config-router)#network 0.0.0.0 0.0.0.0
R2(config)#int fa0/0
R2(config-if)#no sh
R2(config-if)#ip addr 12.12.12.2 255.255.255.0
R2(config-if)#stand 1 ip 12.12.12.12
R2(config-if)#standby 1 preem
R2(config-if)#standby 1 prio 110
R2(config-if)#stand 1 auth md5 key-stri cisco
R2(config-if)#int se0/0
R2(config-if)#no sh
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#router eigrp 1
R2(config-router)#net 0.0.0.0 0.0.0.0
R3(config)#int se0/0
R3(config-if)#no sh
R3(config-if)#ip add 13.13.13.3 255.255.255.0
R3(config-if)#int se0/1
R3(config-if)#no sh
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#router eigrp 1
R3(config-router)#net 0.0.0.0 0.0.0.0
R3(config-router)#no au
R3(config-router)#int lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
Cek route :
PC1#traceroute 3.3.3.3 numeric
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 12.12.12.2 44 msec 52 msec 28 msec
2 23.23.23.3 44 msec * 48 msec
R2 di shut
Cek route lagi :
PC1#traceroute 3.3.3.3 numeric
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 12.12.12.1 52 msec 40 msec 32 msec
2 13.13.13.3 68 msec * 52 msec
- HSRP TRACK ROUTE
Konfigurasinya :
R2(config-if)#track 1 ip route 3.3.3.3/32 reac
R2(config-track)#int f0/0
R2(config-if)#standby 1 track 1 decrement 20
Cek grp :
R2#sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 110 P Active local 12.12.12.1 12.12.12.12
Shutdown loopback R3 apakah tracknya jalan atau tidak di R2
R3(config)#int lo0
R2#
*Mar 1 00:28:44.239: %TRACKING-5-STATE: 1 ip route 3.3.3.3/32 reachability Up->Down
R2#
*Mar 1 00:28:45.591: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
Cek grp :
R2#sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 90 P Standby 12.12.12.1 local 12.12.12.12
- HSRP IP SLA
Sebelum dikonfigur hapus dulu track ip nya :
R2(config)#no track 1 ip route 3.3.3.3/32 reac
R2(config)#ip sla monit 1
R2(config-rtr)#typ ech pro ipicm 3.3.3.3
R2(config-rtr-echo)#time 2000
R2(config-rtr-echo)#freq 3
R2(config-rtr-echo)#exit
R2(config)#ip sla monit schedu 1 start-time no li fore
R2(config)#trac 1 rtr 1
Cek grp :
R2#sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 110 P Active local 12.12.12.1 12.12.12.12
Shutdown loopback R3 biar tidak bisa ping 3.3.3.3
Cek grp :
R2#sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 90 P Standby 12.12.12.1 local 12.12.12.12
- HSRP Load Balancing
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#standby 2 ip 12.12.12.11
R1(config-if)#standby 2 preempt
R1(config-if)#standby 2 aut md5 key-string cisco
R1(config-if)#stan 2 prio 110
R2(config)#int fa0/0
R2(config-if)#standby 2 ip 12.12.12.11
R2(config-if)#standby 2 pre
R2(config-if)#stand 2 aut md5 key-s cisco
Cek grp di R1 dan R2 :
R1#sh stand bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Standby 12.12.12.2 local 12.12.12.12
Fa0/0 2 110 P Active local 12.12.12.2 12.12.12.11
R2#sh stand bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 110 P Active local 12.12.12.1 12.12.12.12
Fa0/0 2 100 P Standby 12.12.12.1 local 12.12.12.11
- VRRP
Konfigurasinya :
R1(config)#int fa0/0
R1(config-if)#no sh
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#vrrp 1 ip 12.12.12.12
R1(config-if)#vrrp prio 110
R1(config-if)#vrrp 1 auth md5 key-string cisco
R2(config)#int fa0/0
R2(config-if)#no sh
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#vrrp 1 ip 12.12.12.12
R2(config-if)#vrrp 1 auth md5 key-s cisco
Cek vrrp di R2 :
R2#sh vrrp bri
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 1 100 3609 Y Master 12.12.12.2 12.12.12.12
- VRRP Track Route
Konfigurasinya :
R2(config)#track 10 ip route 3.3.3.3/32 reac
R2(config-track)#int fa0/0
R2(config-if)#vrrp 1 track 10 dec 20
Cek grp :
R2#sh vrrp bri
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 1 100 3609 Y Master 12.12.12.2 12.12.12.12
Shutdown ip 3.3.3.3 di R2, lalu cek grp kembali :
R2#sh vrrp bri
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 1 80 3609 Y Backup 12.12.12.1 12.12.12.12
- GLBP Load Balancing
Konfigurasinya :
R1(config-if)#ip glbp 1 ip 12.12.12.12
R2(config-if)#ip glbp 1 ip 12.12.12.12
Cek glbp sudah ada atau belum :
R1#sh glbp bri
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 1 – 100 Active 12.12.12.12 local 12.12.12.2
Fa0/0 1 1 – Active 0007.b400.0101 local –
Fa0/0 1 2 – Listen 0007.b400.0102 12.12.12.2 –
- Core Dump FTP
Konfigurasinya :
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#Exception dum 2.2.2.2
R1(config)#Ip ftp username cisco
R1(config)#Ip ftp password cisco
R1(config)#Ip ftp passive
R1(config)#Ip ftp source-in lo0
R1(config)#Exception region-size 16384
R1(config)#Exception core ciscodum compress
BGP
Border Gateway Protocol disingkat BGP adalah inti dari protocol routing internet.
Protocol ini yang menjadi backbone dari jaringan Internet dunia. BGP adalah protokol routing inti dari Internet yg digunakan untuk melakukan pertukaran informasi routing antar jaringan.
BGP dijelaskan dalam RFC4271. BGP bekerja dengan cara memetakan sebuah tabel IP network yang menunjuk ke jaringan yg dapat dicapai antar AS (Autonomous System). Hal ini digambarkan sebagai sebuah protocol path vector. BGP tidak menggunakan metrik IGP(Interior Gateway Protocol) tradisional, tapi membuat routing decision berdasarkan path, network policies, dan atau ruleset.
BGP mendukung Class Inter-Domain Routing dan menggunakan route aggregation untuk mengurangi ukuran tabel routing. BGP diciptakan untuk menggantikan protokol routing EGP yang mengijinkan routing secara tersebar sehingga tidak harus mengacu pada satu jaringan backbone saja.
Attribute dari BGP ada beberapa yaitu :
- Weight (tertinggi )
- Local Preference (tertinggi)
- Locally Originated
- AS-Path (terendah)
- Origin (IGP > EGP > ?)
- MED (terendah)
Setelah penjelasan di atas berikut beberapa lab yang terkait dengan BGP, terutama BGP di dunia CCIE RS.
- iBGP Peering
Konfigurasi Dasar :
R1(config)#int fa0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no sh
R1(config-router)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#router bgp 12
R1(config-router)#nei 12.12.12.2 remote-as 12
R1(config-router)#net 1.1.1.1 mask 255.255.255.255
Lakukan konfigurasi yang sama juga untuk router kedua, dengan menggunakan loopback 2.2.2.2/32.
Cek route table :
R1#sh ip bgp sum
BGP router identifier 12.12.12.1, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 748 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
12.12.12.2 4 12 7 7 3 0 0 00:03:27 1
Cek route table :
R1#sh ip bgp
BGP table version is 3, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 12.12.12.2 0 100 0 i
R1#sh ip route bgp
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 12.12.12.2, 00:07:25
Cek ping :
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/47/64 ms
- IBGP Peering – Loopback
Topologi yang digunakan masih sama dengan lab di atas.
command network dan neighbor di router bgp dihapus kemudian tambahkan command berikut :
R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#net 2.0.0.0
R2(config-router)#net 12.0.0.0
R2(config-router)#exit
R2(config)#router bgp 12
R2(config-router)#nei 1.1.1.1 remote 12
R2(config-router)#nei 1.1.1.1 update-source lo0
Lalu tambahkan subnet baru kedalam router bgp :
R2(config-if)#int lo1
R2(config-if)#ip add 22.22.22.22 255.255.255.255
R2(config-if)#no sh
R2(config-if)#router bgp 12
R2(config-router)#net 22.22.22.22 mask 255.255.255.255
Cek ping :
R1#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/59/104 ms
R1#sh ip bgp sum
BGP router identifier 12.12.12.1, local AS number 12
BGP table version is 7, main routing table version 7
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 748 total bytes of memory
BGP activity 4/2 prefixes, 4/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 12 7 7 7 0 0 00:02:07 1
R1#sh ip bgp
BGP table version is 7, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
R1#sh ip route bgp
22.0.0.0/32 is subnetted, 1 subnets
B 22.22.22.22 [200/0] via 2.2.2.2, 00:00:33
- eBGP Peering
konfigurasi untuk eBGP peering :
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#no sh
R2(config-if)#int s0/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#router bgp 12
R2(config-router)#nei 23.23.23.3 remote 3
R2(config-router)#net 2.2.2.2 mask 255.255.255.255
Lakukan hal yang sama pada router R3 dengan menggunakan loopback 3.3.3.3/32.
Cek ping :
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/39/76 ms
Cek route table :
R2#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 772 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
23.23.23.3 4 3 7 7 3 0 0 00:03:42 1
R2#sh ip bgp
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 23.23.23.3 0 0 3 i
- eBGP – Loopback – eBGP Multihop
Topologi yang dipakai sama dengan lab sebelumnya.
konfigurasi berikut :
R2(config)#router eigrp 2
R2(config-router)#net 23.23.23.0 0.0.0.255
R2(config-router)#net 2.2.2.2 0.0.0.0
R2(config)#router bgp 12
R2(config-router)#nei 3.3.3.3 remote-as 3
R2(config-router)#nei 3.3.3.3 update-source lo0
R2(config-router)#nei 3.3.3.3 ebgp-multihop
Lakukan hal yang sama untuk R3 dan tambahkan int lo1 di R2 :
R2(config)#int lo1
R2(config-if)#ip add 22.22.22.22 255.255.255.255
R2(config-if)#no sh
R2(config-if)#router bgp 12
R2(config-router)#net 22.22.22.22 mask 255.255.255.255
Cek ping :
R3#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/30/80 ms
Cek route table :
R3#sh ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 22.22.22.22/32 2.2.2.2 0 0 12 i
*> 33.33.33.33/32 0.0.0.0 0 32768 i
- BGP Next-Hop-Self
Masih sama dengan topologi sebelumnya.
Konfigurasikan iBGP peering antara router R1 dan R2.
cek route table :
R1(config-router)#do sh ip bgp
BGP table version is 4, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
*>i33.33.33.33/32 3.3.3.3 0 100 0 3 i
disini terlihat bahwa ip loopback 1 R3 diterima oleh R1 lewat ip address loopback 0 R3. Hal ini salah karena ip address lo0 R3 seharusnya tidak bisa direach oleh R1.
maka tambahkan command berikut :
R2(config)#router bgp 12
R2(config-router)#nei 1.1.1.1 next-hop-self
Cek route table :
R1(config-router)#do sh ip bgp
BGP table version is 5, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
*>i33.33.33.33/32 2.2.2.2 0 100 0 3 i
Cek ping :
R1(config-router)#do ping 33.33.33.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/116 ms
- BGP Authentication
Masih dengan topologi yang sama seperti sebelumnya.
BGP hanya support autentikasi dengan menggunakan MD5 saja.
Konfigurasinya :
R2(config-router)#router bgp 12
R2(config-router)#nei 1.1.1.1 password 0 RAHASIA
R1(config-router)#router bgp 12
R1(config-router)#nei 2.2.2.2 password 0 RAHASIA
- BGP Route Reflector
Hilangkan konfigurasi next-hop-self dari R3, karena akan dilakukan route reflector.
Konfigurasi di R1, R2 dan R3.
R1(config-router)#router bgp 12
R1(config-router)#nei 2.2.2.2 remote 12
R1(config-router)#nei 2.2.2.2 update lo0
R1(config-router)#nei 2.2.2.2 route-reflector-client
R1(config-router)#nei 3.3.3.3 remote 12
R1(config-router)#nei 3.3.3.3 update lo0
R1(config-router)#nei 3.3.3.3 route-reflector-client
R2(config-router)#router bgp 12
R2(config-router)#nei 1.1.1.1 remote 12
R2(config-router)#nei 1.1.1.1 update lo0
R3(config-router)#router bgp 12
R3(config-router)#nei 1.1.1.1 remote 12
R3(config-router)#nei 1.1.1.1 update lo0
Cek route table :
R1#sh ip bgp sum
BGP router identifier 11.11.11.11, local AS number 12
BGP table version is 4, main routing table version 4
3 network entries using 360 bytes of memory
3 path entries using 156 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 944 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 12 5 7 4 0 0 00:01:12 1
3.3.3.3 4 12 6 7 4 0 0 00:00:35 2
Cek ping :
R1#ping 44.44.44.44
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/138/224 ms
- BGP Confederation
R1, R2,R3,R4 dan R5 menggunakan AS 12, dan R6 menggunakan AS 3.
R1 dan R4 menggunakan AS Confederation 12001, R2 dan R5 menggunakan AS confederation 12002, dan R3 menggunakan AS Confederation 12003.
Konfigurasi R1 :
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
!
interface FastEthernet0/1
ip address 14.14.14.1 255.255.255.0
!
router bgp 12001
bgp log-neighbor-changes
bgp confederation identifier 12
bgp confederation peers 12002
network 1.1.1.1 mask 255.255.255.255
neighbor 12.12.12.2 remote-as 12002
neighbor 14.14.14.4 remote-as 12001
neighbor 14.14.14.4 next-hop-self
Konfigurasi R4 :
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 14.14.14.4 255.255.255.0
!
router bgp 12001
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 12
network 4.4.4.4 mask 255.255.255.255
neighbor 14.14.14.1 remote-as 12001
Konfigurasi R2 :
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
!
interface Serial0/0
ip address 25.25.25.2 255.255.255.0
!
interface FastEthernet0/1
ip address 23.23.23.2 255.255.255.0
!
router bgp 12002
bgp log-neighbor-changes
bgp confederation identifier 12
bgp confederation peers 12001 12003
network 2.2.2.2 mask 255.255.255.255
neighbor 12.12.12.1 remote-as 12001
neighbor 23.23.23.3 remote-as 12003
neighbor 25.25.25.5 remote-as 12002
neighbor 25.25.25.5 next-hop-self
Konfigurasi R5 :
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Serial0/0
ip address 25.25.25.5 255.255.255.0
!
router bgp 12002
bgp log-neighbor-changes
bgp confederation identifier 12
network 5.5.5.5 mask 255.255.255.255
neighbor 25.25.25.2 remote-as 12002
Konfigurasi R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 23.23.23.3 255.255.255.0
!
interface Serial0/0
ip address 36.36.36.3 255.255.255.0
!
router bgp 12003
bgp log-neighbor-changes
bgp confederation identifier 12
bgp confederation peers 12002
network 3.3.3.3 mask 255.255.255.255
neighbor 23.23.23.2 remote-as 12002
neighbor 36.36.36.6 remote-as 3
Konfigurasi R6 :
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Serial0/0
ip address 36.36.36.6 255.255.255.0
!
router bgp 3
network 6.6.6.6 mask 255.255.255.255
neighbor 36.36.36.3 remote-as 12
Cek route table :
R2#sh ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 12.12.12.1 0 100 0 (12001) i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 23.23.23.3 0 100 0 (12003) i
* 4.4.4.4/32 14.14.14.4 0 100 0 (12001) i
*>i5.5.5.5/32 25.25.25.5 0 100 0 i
* 6.6.6.6/32 36.36.36.6 0 100 0 (12003) 3 i
Dari show ip bgp dapat dilihat bahwa 6.6.6.6 masih berstatus unreachable dari R2.
Mari tambahkan route ke 36.36.36.6 dari R2:
ip route 36.36.36.0 255.255.255.0 23.23.23.3
Cek route table :
R2#sh ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 12.12.12.1 0 100 0 (12001) i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 23.23.23.3 0 100 0 (12003) i
* 4.4.4.4/32 14.14.14.4 0 100 0 (12001) i
*>i5.5.5.5/32 25.25.25.5 0 100 0 i
*> 6.6.6.6/32 36.36.36.6 0 100 0 (12003) 3 i
- BGP Atribute (Origin)
Konfigurasinya :
R1 :
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
!
router bgp 100
network 1.1.1.1 mask 255.255.255.255
neighbor 12.12.12.2 remote-as 200
R2 :
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
!
interface Serial0/0
ip address 23.23.23.2 255.255.255.0
!
router bgp 200
network 2.2.2.2 mask 255.255.255.255
redistribute static
neighbor 12.12.12.1 remote-as 100
neighbor 23.23.23.3 remote-as 200
R3 :
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 33.33.33.33 255.255.255.255
!
interface Loopback2
ip address 30.30.30.30 255.255.255.255
!
interface Serial0/0
ip address 23.23.23.3 255.255.255.0
!
router eigrp 1
network 33.33.33.33 0.0.0.0
!
router bgp 200
network 3.3.3.3 mask 255.255.255.255
redistribute eigrp 1
neighbor 23.23.23.2 remote-as 200
Cek route table :
R1#sh ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 12.12.12.2 0 0 200 i
*> 3.3.3.3/32 12.12.12.2 0 200 i
*> 30.30.30.30/32 12.12.12.2 0 0 200 ?
*> 33.33.33.33/32 12.12.12.2 0 200 ?
- BGP Attribute (Community)
Konfigurasikan access list sehingga ip address 11.11.11.11 di R1 tidak diadvertise di R4.
Konfigurasi R1:
R1(config)#access-list 1 permit host 11.11.11.11
R1(config)#route-map NO-EXPORT
R1(config-route-map)#match ip address 1
R1(config-route-map)#set community no-export
R1(config-route-map)#router bgp 123
R1(config-router)#nei 2.2.2.2 route-map NO-EXPORT out
R1(config-router)#nei 2.2.2.2 send-community
Cek route table :
R4#sh ip bgp
BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 24.24.24.2 0 0 123 i
*> 33.33.33.33/32 24.24.24.2 0 123 i
Selanjutnya skenarionya adalah membuat ip 33.33.33.33 di R3 tidak diadvertise lagi di R1, dan R4.
Konfigurasi di R3 :
R3(config)#access-list 1 permit host 33.33.33.33
R3(config)#route-map NO-ADVERTISE
R3(config-route-map)#match ip address 1
R3(config-route-map)#set community no-advertise
R3(config-route-map)#router bgp 123
R3(config-router)#nei 2.2.2.2 route-map NO-ADVERTISE out
R3(config-router)#nei 2.2.2.2 send-community
Cek route table :
R4#sh ip bgp
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 24.24.24.2 0 0 123 i
Cek route table :
R1#sh ip bgp
BGP table version is 6, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
Selanjutnya untuk skenario local AS :
Konfigurasi di R1 :
R1#router bgp 12
bgp confederation identifier 123
network 11.11.11.11 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
Konfigurasi di R2 :
R2#router bgp 12
bgp confederation identifier 123
bgp confederation peers 3
network 22.22.22.22 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 3.3.3.3 remote-as 3
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 24.24.24.4 remote-as 4
Konfigurasi di R3 :
R3#router bgp 3
bgp confederation identifier 123
bgp confederation peers 12
network 33.33.33.33 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
Selanjutnya filter ip address 11.11.11.11 di R1 agar tidak diterima di R3
R1(config)#access-list 1 permit host 11.11.11.11
R1(config)#route-map LOCAL-AS permit 10
R1(config-route-map)#match ip address 1
R1(config-route-map)#set community local-AS
R1(config-route-map)#router bgp 12
R1(config-router)#nei 2.2.2.2 route-map LOCAL-AS out
R1(config-router)#nei 2.2.2.2 send-community
Cek route table :
R3#sh ip bgp
BGP table version is 6, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 2.2.2.2 0 100 0 (12) 4 i
*> 22.22.22.22/32 2.2.2.2 0 100 0 (12) i
*> 33.33.33.33/32 0.0.0.0 0 32768 i
- BGP Peers Group
skenario selanjutnya adalah untuk menghemat jumlah command line yang harus dituliskan ke dalam CLI.
Konfigurasinya :
router bgp 123
nei INTERNAL peer group
nei INTERNAL remote-as 123
nei INTERNAL update-source lo0
nei 2.2.2.2 peer-group INTERNAL
nei 3.3.3.3 peer-group INTERNAL
- BGP Aggregator
Skenario selanjutnya adalah untuk melakukan summary address dari beberapa IP yang ada di show ip route .
Konfigurasinya sbb :
router bgp x
aggregate-address x.x.x.x
Bila dibutuhkan hanya beberapa ip address saja yang ingin dihilangkan maka konfigurasinya sbb :
access-list 1 permit host x.x.x.x
route-map BLOK
match ip address 1
router bgp 4
aggregate-address x.x.x.x suppress-map BLOK
- BGP Local-AS
Konfigurasinya sbb :
router bgp 3
neighbor x.x.x.x local-as yyy
Jika ingin melakukan no prepend local-as konfigurasinya sbb :
neighbor x.x.x.x local-as yyy no-prepend
Jika ingin no prepend dan replace as konfigurasinya sbb :
neighbor x.x.x.x local-as yyy no-prepend replace-as
MPLS
Multiprotocol Label Switching (disingkat menjadi MPLS) adalah teknologi penyampaian paket pada jaringan backbone berkecepatan tinggi. Asas kerjanya menggabungkan beberapa kelebihan dari sistem komunikasi circuit-switched dan packet-switched yang melahirkan teknologi yang lebih baik dari keduanya. Sebelumnya, paket-paket diteruskan dengan protokol routing seperti OSPF, IS-IS, BGP, atau EGP. Protokol routing berada pada lapisan ketiga network OSI, sedangkan MPLS berada di antara lapisan kedua dan ketiga.
Prinsip kerja MPLS ialah menggabungkan kecepatan switching pada layer 2 dengan kemampuan routing dan skalabilitas pada layer 3. Cara kerjanya adalah dengan menyelipkan label di antara header layer 2 dan layer 3 pada paket yang diteruskan. Label dihasilkan oleh Label-Switching Router dimana bertindak sebagai penghubung jaringan MPLS dengan jaringan luar. Label berisi informasi tujuan node selanjutnya kemana paket harus dikirim. Kemudian paket diteruskan ke node berikutnya, di node ini label paket akan dilepas dan diberi label yang baru yang berisi tujuan berikutnya. Paket-paket diteruskan dalam path yang disebut LSP (Label Switching Path).
Komponen MPLS :
- Label Switched Path (LSP): Merupakan jalur yang melalui satu atau serangkaian LSR dimana paket diteruskan oleh label swapping dari satu MPLS node ke MPLS node yang lain.
- Label Switching Router: MPLS node yang mampu meneruskan paket-paket layer-3
- MPLS Edge Node atau Label Edge Router (LER): MPLS node yang menghubungkan sebuah MPLS domain dengan node yang berada diluar MPLS domain
- MPLS Egress Node: MPLS node yang mengatur trafik saat meninggalkan MPLS domain
- MPLS ingress Node: MPLS node yang mengatur trafik saat akan memasuki MPLS domain
- MPLS label: merupakan label yang ditempatkan sebagai MPLS header
- MPLS node: node yang menjalankan MPLS. MPLS node ini sebagai control protokol yang akan meneruskan paket berdasarkan label.
Berikut konfigurasi lab yang sy praktekkan di gns mengacu kepada buku pegangan dari id-networkers.
- MPLS Dasar
Konfigurasi PE1 :
interface Loopback0
ip address 10.10.10.1 255.255.255.255
interface FastEthernet0/0
description ### Link to P Router ###
ip address 192.168.10.1 255.255.255.252
Konfigurasi P:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
interface FastEthernet0/0
description ### Link to PE1 Reouter ###
ip address 192.168.10.2 255.255.255.252
interface FastEthernet0/1
description ### Link to PE2 Reouter ###
ip address 192.168.20.1 255.255.255.252
Konfigurasi PE2:
interface Loopback0
ip address 10.10.10.2 255.255.255.255
interface FastEthernet0/0
description ### Link to P Router ###
ip address 192.168.20.2 255.255.255.252
Agar semua router dalam MPLS bida terkoneksi perlu adanya routing dynamic (IGP) kali ini contoh menggunakan OSPF :
PE1#sh run | s ospf
router ospf 1
router-id 10.10.10.1
log-adjacency-changes
network 10.10.10.1 0.0.0.0 area 0
network 192.168.10.1 0.0.0.0 area 0
P#sh run | s ospf
router ospf 1
log-adjacency-changes
network 10.10.10.10 0.0.0.0 area 0
network 192.168.10.2 0.0.0.0 area 0
network 192.168.20.1 0.0.0.0 area 0
PE2#sh run | s ospf
router ospf 1
router-id 10.10.10.2
log-adjacency-changes
network 10.10.10.2 0.0.0.0 area 0
network 192.168.20.2 0.0.0.0 area 0
Untuk melewatkan informasi routing, vpn, vrf memerlukan MP-BGP di PE 1 dan PE 2 ,
konfigurasinya :
PE1#sh run | s bgp
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.2 remote-as 65000
neighbor 10.10.10.2 update-source Loopback0
no auto-summary
PE2#sh run | s bgp
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 65000
neighbor 10.10.10.1 update-source Loopback0
no auto-summary
Cek status BGP nya :
PE1#sh ip bgp summary | i 10.10.10.2
10.10.10.2 4 65000 37 37 1 0 0 00:34:49 0
BGP sudah establish selanjutnya aktifkan MPLS nya dengan cara :
PE1(config)#mpls ip
PE1(config)#int fa0/0
PE1(config-if)#mpls ip
PE2(config)#mpls ip
PE2(config)#int fa0/0
PE2(config-if)#mpls ip
P(config)#mpls ip
P(config)#int fa0/0
P(config-if)#mpls ip
P(config-if)#int fa0/1
P(config-if)#mpls ip
Untuk melihat status MPLS aktif bisa menggunakan command :
PE1#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.20.0/30 0 Fa0/0 192.168.10.2
17 Pop tag 10.10.10.10/32 0 Fa0/0 192.168.10.2
18 16 10.10.10.2/32 0 Fa0/0 192.168.10.2
PE1#sh mpls ldp discovery
Local LDP Identifier:
10.10.10.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.10.10.10:0
- MPLS VPN
Jadi di lab ini kita akan meletakkan 2 router pelanggan masing-masing (BRI dan BCA) di PE1 dan PE2. Masing-masing router pelanggan ini merupakan customer edge sehingga kita namakan CE.
Konfigur VRF untuk masing-masing pelanggan di PE1 dan PE2 : (disini a adalah BRI dan b adalah BCA)
PE1#sh run | s ip vrf
ip vrf vpn_a
rd 65000:1
route-target export 65000:1
route-target import 65000:1
ip vrf vpn_b
rd 65000:2
route-target export 65000:2
route-target import 65000:2
PE2(config)# ip vrf vpn_a
PE2(config-vrf)# rd 65000:1
PE2(config-vrf)# route-target both 65000:1
PE2(config-vrf)# exit
PE2(config)# ip vrf vpn_b
PE2(config-vrf)# rd 65000:2
PE2(config-vrf)# route-target export 65000:2
PE2(config-vrf)# route-target import 65000:2
*) RD <xxxx:xxx> ini berfungsi untuk identitas dari sebuah vrf dan untuk tiap costumer memlilik RD yang berbeda
*) Route-terget digunakan untuk memanipulasi route yang akan di berikan ke routing tabel dalam vrf
Selanjutnya konfigurasikan IP untuk koneksi ke CEA1,CEA2 dan CEB1,CEB22
PE1#sh run int se0/0
interface Serial0/0
description ### to VPN-A ###
ip vrf forwarding vpn_a
ip address 192.168.0.1 255.255.255.252
clock rate 2000000
end
PE1#sh run int se0/1
interface Serial0/1
description ### to VPN-B ###
ip vrf forwarding vpn_b
ip address 192.168.0.1 255.255.255.252
clock rate 2000000
end
PE2#sh run int se0/0
interface Serial0/0
description ### to VPN-A ###
ip vrf forwarding vpn_a
ip address 192.168.0.5 255.255.255.252
clock rate 2000000
end
PE2#sh run int se0/1
interface Serial0/1
description ### to VPN-B ###
ip vrf forwarding vpn_b
ip address 192.168.0.5 255.255.255.252
clock rate 2000000
end
PE1#sh ip vrf
Name Default RD Interfaces
vpn_a 65000:1 Se0/0
vpn_b 65000:2 Se0/1
PE2#sh ip vrf
Name Default RD Interfaces
vpn_a 65000:1 Se0/0
vpn_b 65000:2 Se0/1
Cek route table :
PE1#sh run | s router bgp
router bgp 65000
!
address-family vpnv4
neighbor 10.10.10.2 activate
neighbor 10.10.10.2 send-community extended
exit-address-family
PE2#sh run | s router bgp
router bgp 65000
!
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 send-community extended
exit-address-family
neighbor 10.10.10.2 send-community extended à default active
- MPLS VPN – PE CE Static Routing
Masih dengan topologi di atas dimana yang dikonfigurasi adalah BRI (CEA1 dan CEA2).
Konfigurasi CEA1:
CEA1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1
CEA1(config)#do sh run int se0/0
interface Serial0/0
ip address 192.168.0.2 255.255.255.252
clock rate 2000000
end
CEA2#conf t
CEA2(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.5
CEA2#sh run int se0/0
interface Serial0/0
ip address 192.168.0.6 255.255.255.252
clock rate 2000000
end
PE nya :
PE1#conf t
PE1(config)#router bgp 65000
PE1(config-router)#address-family ipv4 vrf vpn_a
PE1(config-router-af)#redistribute static
PE1(config-router-af)#redistribute connected
PE2#conf t
PE2(config)# router bgp 65000
PE2(config-router)# address-family ipv4 vrf vpn_a
PE2(config-router-af)# redistribute static
PE2(config-router-af)# redistribute connected
Cek ping :
CEA1#ping 192.168.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/119/148 ms
- MPLS VPN – PE CE RIP
Kalau untuk lab ini kita akan konfigurasi sisi BCA nya (CEB1 dan CEB2).
Konfigurasi CE nya :
CEB1#conf t
CEB1(config)#router rip
CEB1(config-router)#version 2
CEB1(config-router)#net 0.0.0.0
CEB1(config-router)#no auto-summary
interface Loopback0
ip address 1.1.1.1 255.255.255.255
CEB2#conf t
CEB2(config)# router rip
CEB2(config-router)# version 2
CEB2(config-router)# net 0.0.0.0
CEB2(config-router)# no auto-summary
interface Loopback0
ip address 1.1.1.2 255.255.255.255
Selanjutnya konfigur redistribute RIP di PE nya :
PE1(config)#router rip
PE1(config-router)#version 2
PE1(config-router)#address-family ipv4 vrf vpn_b
PE1(config-router-af)#network 192.168.0.0
PE1(config-router-af)#no auto-summary
PE1(config-router-af)#redistribute bgp 65000 metric transparent
PE1(config)#router bgp 65000
PE1(config-router)#addre
PE1(config-router)#address-family ipv4 vrf vpn_b
PE1(config-router-af)#redistribute rip
Cek ping :
CEB2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/133/172 ms
CEB2#sh ip rou
CEB2#sh ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via “rip”, distance 120, metric 2
Redistributing via rip
Last update from 192.168.0.5 on Serial0/0, 00:00:00 ago
Routing Descriptor Blocks:
* 192.168.0.5, from 192.168.0.5, 00:00:00 ago, via Serial0/0
Route metric is 2, traffic share count is 1
- MPLS VPN – PE CE EIGRP Routing
Disini kita akan mengkonfigurasi EIGRP sisi BRI (CEA1 dan CEA2).
Konfigur CE nya :
CEA1#conf t
CEA1(config)#int lo0
CEA1(config-if)#ip address 1.1.1.1 255.255.255.255
CEA1(config)#router eigrp 100
CEA1(config-router)#net 0.0.0.0
CEA1(config-router)#no auto-summary
CEB2#conf t
CEB2(config)# router eigrp 100
CEB2(config-router)# net 0.0.0.0
CEB2(config-router)# no auto-summary
CEB2(config)#int lo0
CEB2(config-if)#ip address 2.2.2.2 255.255.255.255
Selanjutnyakonfigur redistribute RIP di PE nya :
PE1#conf t
PE1(config)#router eigrp 65000
PE1(config-router)#address-family ipv4 vrf vpn_a
PE1(config-router-af)#network 192.168.0.0
PE1(config-router-af)#redistribute bgp 65000 metric 1 1 1 1 1
PE1(config-router-af)#autonomous-system 100
PE1(config)#router bgp 65000
PE1(config-router)#address-family ipv4 vrf vpn_a
PE1(config-router-af)#redistribute eigrp 100
PE2#conf t
PE2(config)# router eigrp 65000
PE2(config-router)# address-family ipv4 vrf vpn_a
PE2(config-router-af)# network 192.168.0.0
PE2(config-router-af)# redistribute bgp 65000 metric 1 1 1 1 1
PE2(config-router-af)# autonomous-system 100
PE2(config-router)# router bgp
PE2(config)# router bgp 65000
PE2(config-router)# address-family ipv4 vrf vpn_a
PE2(config-router-af)# redistribute eigrp 100
cek route table :
CEA2#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/2809856] via 192.168.0.5, 00:00:10, Serial0/0
192.168.0.0/30 is subnetted, 2 subnets
D 192.168.0.0 [90/2681856] via 192.168.0.5, 00:00:10, Serial0/0
CEA2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/121/152 ms
- MPLS VPN – PE CE BGP Routing
Kalau lab ini kita akan mengkonfigurasi BGP routing di sisi BCA (CEB1 dan CEB2).
Konfigur CE nya :
CEB1(config)#int lo0
CEB1(config-if)#ip address 11.11.11.11 255.255.255.255
CEB1(config)#router bgp 111
CEB1(config-router)#neighbor 192.168.0.1 remote-as 65000
CEB1(config-router)#net 11.11.11.11 mask 255.255.255.255
CEB2(config)#int lo0
CEB2(config-if)#ip address 22.22.22.22 255.255.255.255
CEB2(config)#router bgp 111
CEB2(config-router)#neighbor 192.168.0.5 remote-as 65000
CEB2(config-router)#net 22.22.22.22 mask 255.255.255.255
Konfig PE nya :
PE1#conf t
PE1(config)#router bgp 65000
PE1(config-router)#address-family ipv4 vrf vpn_b
PE1(config-router-af)#neighbor 192.168.0.2 remote-as 111
PE1(config-router-af)#neighbor 192.168.0.2 activate
PE1(config-router-af)#neighbor 192.168.0.2 as-override
PE2(config)#router bgp 65000
PE2(config-router)#address-family ipv4 vrf vpn_b
PE2(config-router-af)#neighbor 192.168.0.6 remote-as 111
PE2(config-router-af)#neighbor 192.168.0.6 activate
PE2(config-router-af)#neighbor 192.168.0.6 as-override
Cek ping :
CEB1#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/116/156 ms
CEB1#sh ip bg
CEB1#sh ip bgp
BGP table version is 11, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 192.168.0.1 0 65000 65000 i
r> 192.168.0.0/30 192.168.0.1 0 0 65000 ?
*> 192.168.0.4/30 192.168.0.1 0 65000 ?
- MPLS VPN – PE CE OSPF Routing
Disini kita akan konfigurasi OSPF routing di sisi BRI (CEA1 dan CEA2).
Konfigurasi di CE :
CEA1#sh run | s ospf
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
CEA2#sh run | s ospf
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
Konfigurasi di PE:
PE1#sh run | s router ospf
router ospf 100 vrf vpn_a
log-adjacency-changes
redistribute bgp 65000 subnets
network 192.168.0.1 0.0.0.0 area 0
PE2#sh run | s router ospf
router ospf 100 vrf vpn_a
log-adjacency-changes
redistribute bgp 65000 subnets
network 192.168.0.5 0.0.0.0 area 0
Cek route table :
CEA1#sh ip route ospf
192.168.0.0/30 is subnetted, 2 subnets
O IA 192.168.0.4 [110/11] via 192.168.0.1, 00:02:43, FastEthernet0/0
CEA1#ping 192.168.0.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 124/148/188 ms
- MPLS VPN – PE CE OSPF -Shamlink
Tambahkan IP B2B antara CEA1 – CEA2 :
CEA2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CEA2(config)#int se0/1
CEA2(config-if)#ip add
CEA2(config-if)#ip address 12.12.12.2 255.255.255.0
CEA2(config-if)#no shut
CEA1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CEA1(config)#int se0/1
CEA1(config-if)#ip add
CEA1(config-if)#ip address 12.12.12.1 255.255.255.0
CEA1(config-if)#no shut
Setelah link baru hidup trafic lebih prefer melalui lionk tersebut :
CEA1#sh ip route 192.168.0.5
Routing entry for 192.168.0.4/30
Known via “ospf 1”, distance 110, metric 74, type intra area
Last update from 12.12.12.2 on Serial0/1, 00:02:25 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 192.168.0.6, 00:02:25 ago, via Serial0/1
Route metric is 74, traffic share count is 1
Untuk memanipulasinya di sisi provider ditambahkan OSPF Shamlink dengan konfigurasi :
PE1#sh run int lo200
interface Loopback200
ip vrf forwarding vpn_a
ip address 100.100.100.1 255.255.255.255
end
tambahkan router-id dan area shamlink :
router ospf 100 vrf vpn_a
router-id 100.100.100.1
log-adjacency-changes
area 0 sham-link 100.100.100.1 100.100.100.2
redistribute bgp 65000 subnets
network 192.168.0.1 0.0.0.0 area 0
Redistribute network 100.100.100.x ke bgp :
address-family ipv4 vrf vpn_a
redistribute connected
redistribute ospf 100 vrf vpn_a match internal external 1 external 2
no synchronization
network 100.100.100.1 mask 255.255.255.255
Buat int Loopback :
PE2#sh run int lo200
interface Loopback200
ip vrf forwarding vpn_a
ip address 100.100.100.2 255.255.255.255
end
tambahkan router-id dan area shamlink :
router ospf 100 vrf vpn_a
router-id 100.100.100.22
log-adjacency-changes
area 0 sham-link 100.100.100.2 100.100.100.1
redistribute bgp 65000 subnets
network 192.168.0.5 0.0.0.0 area 0
Redistribute network 100.100.100.x ke bgp :
address-family ipv4 vrf vpn_a
redistribute connected
redistribute ospf 100 vrf vpn_a match internal external 1 external 2
no synchronization
network 100.100.100.12mask 255.255.255.255
Cek route table :
CEA1#sh ip route 192.168.0.6
Routing entry for 192.168.0.4/30
Known via “ospf 1”, distance 110, metric 21, type intra area
Last update from 192.168.0.1 on FastEthernet0/0, 00:05:41 ago
Routing Descriptor Blocks:
* 192.168.0.1, from 192.168.0.6, 00:05:41 ago, via FastEthernet0/0
Route metric is 21, traffic share count is 1
- MPLS VPN – AtoM – Frame Relay
konfigurasinya :
PE1(config)#mpls ldp router-id loopback 0 force
PE1(config)#mpls ldp router-id loopback 0 force
Aktifkan Interface dengan encapsulation Frame relay
PE1(config)#int se2/0
PE1(config-if)#encapsulation frame-relay
PE1(config-if)#frame-relay intf-type dce
PE2(config)#int se2/0
PE2(config-if)#encapsulation frame-relay
PE2(config-if)#frame-relay intf-type dce
Konfigur Frame Relay Swicthing dan buat virtual connection untuk Frame Relay melalui MPLS:
PE2(config)#frame-relay switching
PE2(config)#connect AToMFR serial2/0 201 l2transport
PE2(config-fr-pw-switching)#xconnect 10.10.10.2 1 enca
PE2(config-fr-pw-switching)#xconnect 10.10.10.2 1 encapsulation mpls
PE2(config-fr-pw-switching)#exit
PE1(config)#frame-relay switching
PE1(config)#connect AToMFR serial2/0 102 l2transport
PE1(config-fr-pw-switching)#xconnect 10.10.10.2 1 enca
PE1(config-fr-pw-switching)#xconnect 10.10.10.2 1 encapsulation mpls
PE1(config-fr-pw-switching)#exit
Konfigur Frame Relay Pada Router CE :
CE1:
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
!
interface Serial0/0.1 point-to-point
ip address 12.12.12.1 255.255.255.0
frame-relay interface-dlci 102
CE2:
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
!
interface Serial0/0.1 point-to-point
ip address 12.12.12.2 255.255.255.0
frame-relay interface-dlci 201
Cek route table :
PE1# sh mpls l2transport vc 1
Local intf Local circuit Dest address VC ID Status
————- ——————– ————— ———- ———-
Se2/0 FR DLCI 102 10.10.10.2 1 UP
Cek ping :
CE1#ping 12.12.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/100/124 ms