Tag: BGP

Router BGP OpenIXP (NiCE) DOWN

Sekitar pukul 20:42 hari Jumat 12 Januari 2018, dapat broadcast bahwa router BGP OpenIXP di Gedung Cyber (Cisco 7609) terjadi pemutusan jaringan dikarenakan adanya penambahan konfigurasi filtering untuk port 5678 yang merupakan port untuk Mikrotik Network Discovery Protocol (MNDP), mungkin saking banyaknya user yang pakai perangkat mikorik untuk terhubung ke Router NiCE ini dan lupa ataupun sengaja mengaktifkan fitur ip neighbors (MNDP) ini sehingga menyebabkan kenaikan load cpu yang cukup significant. 

MNDP ini memungkinkan untuk mencari perangkat lawan yang sama-sama support MNDP atau CDP (Cisco Discovery Protocol) ataupun LLDP di L2 broadcast domain.

Broadcast info tersebut diakhiri dengan pesan berikut :

Mohon untuk disampaikan ke rekan-rekan yang menggunakan mikrotik untuk men disable Network Discovey Protocol dan menonaktifkan aplikasi “The DUDE” pada jaringannya masing-masing

MikroTik Neighbour Discovery Protocol Setup

Submenu level : /ip neighbor discovery

Property Description

name (read-onlyname)- interface name for reference
discover (yes | no; default: yes) – defines if discover is enabled or disabled

Example

To disable MNDP protocol on Public interface:

[admin@MikroTik] ip neighbor discovery> set Public discover=no
[admin@MikroTik] ip neighbor discovery> print
  # NAME      DISCOVER
  0 Public    no
  1 Local     yes

Listing the Discovered Neighbours

Submenu level : /ip neighbor

Property Description

interface (read-onlyname) – local interface the neighbor is connected to
address (read-onlyaddress) – IP address of the neighbor router
mac-address (read-onlymac-address) – MAC-address of the neighbor router
identity (read-onlystring) – identity of the neighbour router
version (read-onlystring) – router version of the neighbour router
unpack (read-only: none | simple | compress-headers | compress-all) – identifies if the interface of the neighbour router is unpacking ‘Packed Packets’

Example

To view the table of discovered neighbours:

[admin@MikroTik] ip neighbor> print
  # INTERFACE ADDRESS         MAC-ADDRESS       IDENTITY   VERSION
  0 eth100... 10.5.2.100      00:04:EA:C6:0E:6F HP_10.5... Revisio...
  1 jevg_v... 10.5.1.1        00:40:96:58:20:14 0040965... Cisco 3...
  2 local_... 10.5.5.50       00:40:63:C1:23:C4 10.5.7.1   2.7rc4
  3 local_... 10.5.5.51       00:E0:C5:6E:23:25 GW_10.5... 2.7rc4
[admin@MikroTik] ip neighbor> print detail
  0 interface=eth100-temp address=10.5.2.100 mac-address=00:04:EA:C6:0E:6F
    identity="HP_10.5.2.100 Basement(0004ea-c60e40)" platform="HP 2524"
    version="Revision F.02.11 /sw/code/build/info(f00)" unpack=none age=12s

  1 interface=jevg_vlan2 address=10.5.1.1 mac-address=00:40:96:58:20:14
    identity="004096582014platform="AIR-BR350"
    version="Cisco 350 Series Bridge 11.21" unpack=none age=34s

  2 interface=local_vlan5 address=10.5.5.50 mac-address=00:40:63:C1:23:C4
    identity="10.5.7.1" platform="MikroTik" version="2.7rc4" unpack=none
    age=48s

  3 interface=local_vlan5 address=10.5.5.51 mac-address=00:E0:C5:6E:23:25
    identity="GW_10.5.51.1" platform="MikroTik" version="2.7rc4" unpack=none
    age=45s

[admin@MikroTik] ip neighbor>

As you can see, not only MikroTik RouterOS routers were discovered, but HP Procurve 2524 switch and Cisco 350 Series Wireless Bridge

 

Sumber.

Load balancing BGP dengan satu ASN

Untuk menunjang link BGP lebih aman, ada baiknya dengan menambahkan redundant link jadi ketika salah satu link untuk peer bgp down link lainnya masih bisa backup.

Berikut contoh load balancing bgp dengan satu ASN

load-balancing single asn

dari ilustrasi topologi diatas, customer memiliki 2 link untuk peer bgp yang memiliki jalur yang berbeda, misalnya satu link dengan Fibre Optic dan satunya dengan Radio. Karena ada 2 peer ip untuk satu ASN untuk mempersingkat di konfigurasi bgp diperlukan ip loopback sebagai neighbor nya. eBGP (external BGP) by default requires two Cisco IOS routers to be directly connected to each other in order to establish a neighbor adjacency. When the BGP neighbor is more than one hop away, the TTL will decrement to 0 and it will be discarded. Karena neighbor yang digunakan adalah ip loopback dimana router customer untuk menjangkau loopback tersebut melewati 2 hoop maka konfigurasi neighbornya menjadi ebgp-multihop 2 dan neighbornya diset update-source Loopback x.

Continue reading “Load balancing BGP dengan satu ASN”

Konfigurasi Dasar BGP dengan Default Route

BGP Default Route.JPG

Artikel ini akan membahas tentang konfigurasi dasar eBGP single provider dengan default route.

WAN IP : 182.1.2.0/30 (mask 255.255.255.252)
LAN IP : 10.1.2.0/24  10.1.3.0/24 10.1.4.0/24
Receiving Route : Default route
ASN : Provider (AS100) and Customer (AS1010)

Konfigurasi Router Provider :

interface Loopback0
 description Test Internet
 ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
 description *** Link to Customer AS1010 ***
 ip address 182.1.2.1 255.255.255.252
 duplex auto
 speed auto

router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 182.1.2.2 remote-as 1010 
 neighbor 182.1.2.2 version 4
 neighbor 182.1.2.2 default-originate 
 neighbor 182.1.2.2 soft-reconfiguration inbound
 neighbor 182.1.2.2 prefix-list ip-customer-AS1010 in
 no auto-summary

ip prefix-list ip-customer-AS1010 description Prefix Customer AS1010
ip prefix-list ip-customer-AS1010 seq 10 permit 10.1.2.0/24
ip prefix-list ip-customer-AS1010 seq 15 permit 10.1.3.0/24
ip prefix-list ip-customer-AS1010 seq 20 permit 10.1.4.0/24

Konfigurasi Router Customer :

interface FastEthernet0/0
 description *** Link to Provider AS100 ***
 ip address 182.1.2.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description *** Link to Internal ***
 ip address 10.1.3.1 255.255.255.0 secondary
 ip address 10.1.4.1 255.255.255.0 secondary
 ip address 10.1.2.1 255.255.255.0
 duplex auto
 speed auto

router bgp 1010
 no synchronization
 bgp log-neighbor-changes
 network 10.1.2.0 mask 255.255.255.0
 network 10.1.3.0 mask 255.255.255.0
 network 10.1.4.0 mask 255.255.255.0
 neighbor 182.1.2.1 remote-as 100
 neighbor 182.1.2.1 version 4
 neighbor 182.1.2.1 soft-reconfiguration inbound
 neighbor 182.1.2.1 prefix-list ip-customer out
 no auto-summary

ip prefix-list ip-customer description IP yg di advertise ke Provider
ip prefix-list ip-customer seq 10 permit 10.1.2.0/24
ip prefix-list ip-customer seq 15 permit 10.1.3.0/24
ip prefix-list ip-customer seq 20 permit 10.1.4.0/24

Cek PC untuk akses ke 8.8.8.8 (test internet)

PC1> show ip

NAME : PC1[1]
IP/MASK : 10.1.2.2/24
GATEWAY : 10.1.2.1

PC1> ping 8.8.8.8 
84 bytes from 8.8.8.8 icmp_seq=1 ttl=254 time=16.001 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=21.001 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=28.002 ms
84 bytes from 8.8.8.8 icmp_seq=4 ttl=254 time=17.001 ms
84 bytes from 8.8.8.8 icmp_seq=5 ttl=254 time=46.002 ms

Cek Router Provider :

Provider#show ip bgp summary 
BGP router identifier 182.1.2.1, local AS number 100
BGP table version is 8, main routing table version 8
3 network entries using 351 bytes of memory
3 path entries using 156 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 779 total bytes of memory
BGP activity 5/2 prefixes, 5/2 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
182.1.2.2 4 1010 65 62 8 0 0 00:40:23 3

*** Cek IP yg di advertise dari customer ***

Provider#sh ip bgp neighbors 182.1.2.2 received-routes 
BGP table version is 8, local router ID is 182.1.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
 r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

 Network Next Hop Metric LocPrf Weight Path
*> 10.1.2.0/24 182.1.2.2 0 0 1010 i
*> 10.1.3.0/24 182.1.2.2 0 0 1010 i
*> 10.1.4.0/24 182.1.2.2 0 0 1010 i

Total number of prefixes 3

*** Cek IP yang di advertise ke customer ***

Provider#sh ip bgp neighbors 182.1.2.2 advertised-routes 
BGP table version is 8, local router ID is 182.1.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
 r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Originating default network 0.0.0.0

 Network Next Hop Metric LocPrf Weight Path

Total number of prefixes 0

Cek Router Customer :

Customer#show ip bgp neighbors 182.1.2.1 routes 
BGP table version is 13, local router ID is 182.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
 r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

 Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 182.1.2.1 0 0 100 i

Total number of prefixes 1

Sekian Konfigurasi Dasar BGP dengan Default Route, jika ada yang ditanyakan perintah config diatas silahkan ngobrol di komentar 🙂

Sumber : showipbgp