“Ilmu pengetahuan semakin banyak melahirkan keajaiban. Dongengan leluhur sampai malu tersipu. Tak perlu lagi orang bertapa bertahun untuk dapat bicara dengan seseorang di seberang lautan. Orang Jerman telah memasang kawat laut dari Inggris sampai India! Dan kawat semacam itu membiak berjuluran ke seluruh permukaan bumi. Seluruh dunia kini dapat mengawasi tingkah-laku seseorang. Dan orang dapat mengawasi tingkah-laku seluruh dunia" (Pramoedya Ananta Toer: Bumi Manusia, hal. 316, 1980).
Minggu, 24 April 2011
check ios yang digunakan :)
Hardware Plateform
The first part tells about the hardware Plateform supported by the IOS.
FEATURE SET
This tells about the features supported by the IOS. This is the new and improved naming convention of Cisco IOS, some older version still use letters to describe the features. The “Legacy naming convention” can be quite confusing, so it’s good they decided to change the naming convention. Cisco distributes IOS packages according their features, take a look at the following diagram:
The higher the features set, the more features it has. You can check the features of Cisco IOS image with the tool provided by Cisco.Access the tool at cisco site, and you can search by features, IOS image name, platform, product code, and you can even compare features between images. Great tool you should try.
MEMORY LOCATION and COMPRESSION FORMAT
This tells you from which memory location the IOS and what format of compression it uses. Check the following for the formats:
f-flash
m-RAM
r-ROM
l-the image will be relocated at run time
And these are the compression types:
z-Zip Compression
x-mzip compression
w-”STAC” compression
MAINTENANCE RELEASE and INDIVIDUAL RELEASE
These shows the release version number of the IOS image.
RELEASE
The last part shows whether the image is T Release (new feature release identifier), S (individual release), or XR (modular packages).
You need also consider the amount of DRAM of the device. The higher the version and features of an IOS, the more DRAM you need.
You may wish to investigate the Cisco IOS Software Selector:
http://tools.cisco.com/ITDIT/ISTMAIN/servlet/index
Cisco IOS Upgrade Planner:
http://www.cisco.com/cgi-bin/Softwar....cgi?majorRel=
Cisco Software Advisor:
http://tools.cisco.com/Support/Fusion/FusionHome.do
and the Cisco Software Search Tool:
http://www.cisco.com/cgi-bin/Softwar...h/SWSearch.cgi
MPLS + BGP + As Over-ride
Jika customer membuthkan BGP advertise di sisi mereka, maka dalam MPLS kita akan mengenal istilah OVERRIDE AS:
Gambaran paling bodohnya :)
Cust(CE)BGP-------(BGP AS Override)PE-----P------PE(BGP AS Override)-------BGP(CE)Cust
Berikut konfigurasi CE:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
interface Loopback0
ip address 77.77.77.7 255.255.255.0
!
interface FastEthernet0/0
ip address 100.100.100.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
network 77.77.77.0 mask 255.255.255.0
network 100.100.100.0 mask 255.255.255.0
neighbor 100.100.100.1 remote-as 234
neighbor 100.100.100.1 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Dan konfigurasi PE:
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf ADIRA
rd 200:1
route-target export 200:1
route-target import 200:1
!
ip vrf XL
rd 100:1
route-target export 100:1
route-target import 100:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 23.23.23.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip vrf forwarding XL
ip address 100.100.100.1 255.255.255.0
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip vrf forwarding ADIRA
ip address 200.200.200.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 23.23.23.3 0.0.0.0 area 0
!
router bgp 234
no synchronization
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf XL
redistribute connected
neighbor 100.100.100.7 remote-as 65501
neighbor 100.100.100.7 activate
neighbor 100.100.100.7 as-override
no synchronization
exit-address-family
!
address-family ipv4 vrf ADIRA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
-----------------------------------
R3#sh ip bgp vpnv4 all
BGP table version is 15, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf XL)
*>i10.10.10.0/24 4.4.4.4 0 100 0 ?
*> 77.77.77.0/24 100.100.100.7 0 0 65501 i
*>i99.99.99.0/24 4.4.4.4 0 100 0 65501 i
* 100.100.100.0/24 100.100.100.7 0 0 65501 i
*> 0.0.0.0 0 32768 ?
Route Distinguisher: 200:1 (default for vrf ADIRA)
*>i20.20.20.0/24 4.4.4.4 0 100 0 ?
*> 200.200.200.0 0.0.0.0 0 32768 ?
nemukan prefix dari cust di CE sebrang? hehe :)
jadi AS Override ini digunakan karena BGP prevent looping kalau sebuah AS bertemu AS yang sama kembali. seperti contoh di atas:
AS65501(CE)---->AS234(P)----->AS65501(CE) AS yang sama bertemu dengan AS yg sama kembali (Loop)
Gambaran paling bodohnya :)
Cust(CE)BGP-------(BGP AS Override)PE-----P------PE(BGP AS Override)-------BGP(CE)Cust
Berikut konfigurasi CE:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
interface Loopback0
ip address 77.77.77.7 255.255.255.0
!
interface FastEthernet0/0
ip address 100.100.100.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65501
no synchronization
bgp log-neighbor-changes
network 77.77.77.0 mask 255.255.255.0
network 100.100.100.0 mask 255.255.255.0
neighbor 100.100.100.1 remote-as 234
neighbor 100.100.100.1 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Dan konfigurasi PE:
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf ADIRA
rd 200:1
route-target export 200:1
route-target import 200:1
!
ip vrf XL
rd 100:1
route-target export 100:1
route-target import 100:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 23.23.23.3 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip vrf forwarding XL
ip address 100.100.100.1 255.255.255.0
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip vrf forwarding ADIRA
ip address 200.200.200.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 23.23.23.3 0.0.0.0 area 0
!
router bgp 234
no synchronization
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf XL
redistribute connected
neighbor 100.100.100.7 remote-as 65501
neighbor 100.100.100.7 activate
neighbor 100.100.100.7 as-override
no synchronization
exit-address-family
!
address-family ipv4 vrf ADIRA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
-----------------------------------
R3#sh ip bgp vpnv4 all
BGP table version is 15, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf XL)
*>i10.10.10.0/24 4.4.4.4 0 100 0 ?
*> 77.77.77.0/24 100.100.100.7 0 0 65501 i
*>i99.99.99.0/24 4.4.4.4 0 100 0 65501 i
* 100.100.100.0/24 100.100.100.7 0 0 65501 i
*> 0.0.0.0 0 32768 ?
Route Distinguisher: 200:1 (default for vrf ADIRA)
*>i20.20.20.0/24 4.4.4.4 0 100 0 ?
*> 200.200.200.0 0.0.0.0 0 32768 ?
nemukan prefix dari cust di CE sebrang? hehe :)
jadi AS Override ini digunakan karena BGP prevent looping kalau sebuah AS bertemu AS yang sama kembali. seperti contoh di atas:
AS65501(CE)---->AS234(P)----->AS65501(CE) AS yang sama bertemu dengan AS yg sama kembali (Loop)
MPLS + OSPF + SHAMLINK
Berikut konfigurasi jika ingin menggunakan OSPF disisi cust:
istilah SHAMLINK digunakan jika kita memiliki network ospf cros juga directly connected, maka ospf di CE akan prefer ke Intra-area daripada Inter-area (yg sebelumnya dapet dari MPLS):
Lihat gambar, R1 sebelumnya mendapatkan network 10.45.0.0/24 itu dari ospf MPLS, tetapi setelah di konfigure OSPF area yang sama antara R1 dan R5 maka R1 melihat network 10.45.0.0/24 tidak lagi melalui mpls tetapi melalui R5(ospf yang Intra-area).
Shamlink berfungsi untuk mengubah ini menjadi semula.
contoh tahap-tahap shamplink :
R2(config)#int loop 100
R2(config-if)#ip vrf forwarding Vrf1
R2(config-if)#ip address 11.11.11.2 255.255.255.255
R2(config-if)#router bgp 24
R2(config-router)#address-family ipv4 vrf Vrf1
R2(config-router-af)#network 11.11.11.2 mask 255.255.255.255
R2(config-router-af)#exit
R2(config-router)#router ospf 1 vrf Vrf1
R2(config-router)#area 1 sham-link 11.11.11.2 11.11.11.4 cost 5
R4(config)#int loop 100
R4(config-if)#ip vrf forwarding Vrf1
R4(config-if)#ip address 11.11.11.4 255.255.255.255
R4(config-if)#router bgp 24
R4(config-router)#address-family ipv4 vrf Vrf1
R4(config-router-af)#network 11.11.11.4 mask 255.255.255.255
R4(config-router-af)#exit
R4(config-router)#router ospf 1 vrf Vrf1
R4(config-router)#area 1 sham-link 11.11.11.4 11.11.11.2 cost 5
%OSPF-5-ADJCHG: Process 1, Nbr 10.12.0.2 on OSPF_SL0 from LOADING to FULL, Loading Done
Configuration :
PE1
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback100
ip vrf forwarding BTN
ip address 11.11.11.11 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding BTN
ip address 16.16.16.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding NIAGA
ip address 15.15.15.1 255.255.255.0
speed auto
half-duplex
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 15.15.15.1 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 12 vrf BTN
log-adjacency-changes
area 0 sham-link 11.11.11.11 11.11.11.12
redistribute bgp 12 subnets
network 16.16.16.1 0.0.0.0 area 0
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute ospf 12 vrf BTN match internal external 1 external 2
redistribute rip
no synchronization
network 11.11.11.11 mask 255.255.255.255
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
PE2
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback100
ip vrf forwarding BTN
ip address 11.11.11.12 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding NIAGA
ip address 23.23.23.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding BTN
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 23.23.23.2 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 12 vrf BTN
log-adjacency-changes
area 0 sham-link 11.11.11.12 11.11.11.11
redistribute bgp 12 subnets
network 24.24.24.2 0.0.0.0 area 0
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 24.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute ospf 12 vrf BTN match internal external 1 external 2
redistribute rip
no synchronization
network 11.11.11.12 mask 255.255.255.255
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
di show di CE sebelum pakai Shamlink:
Gateway of last resort is not set
16.0.0.0/24 is subnetted, 1 subnets
C 16.16.16.0 is directly connected, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.24.24.0 [110/20] via 46.46.46.4, 00:06:16, FastEthernet0/1----> melalui intra-area, bukan MPLS
46.0.0.0/24 is subnetted, 1 subnets
C 46.46.46.0 is directly connected, FastEthernet0/1
Gateway of last resort is not set
16.0.0.0/24 is subnetted, 1 subnets
C 16.16.16.0 is directly connected, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.24.24.0 [110/12] via 16.16.16.1, 00:13:59, FastEthernet0/0---> sudah melalui MPLS
11.0.0.0/32 is subnetted, 2 subnets
O E2 11.11.11.11 [110/1] via 16.16.16.1, 00:13:59, FastEthernet0/0
O E2 11.11.11.12 [110/1] via 16.16.16.1, 00:13:59, FastEthernet0/0
46.0.0.0/24 is subnetted, 1 subnets
C 46.46.46.0 is directly connected, FastEthernet0/1
BTN-JAKARTA#
MPLS + EIGRP cust dan PE
CUST(EIGRP)----PE1-----PE2-----CUST(EIGRP)
Berikut konfigurasi jika cust ingin EIGRP advertise antar branch mereka:
Konfigurasi PE1:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding BTN
ip address 16.16.16.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding NIAGA
ip address 15.15.15.1 255.255.255.0
speed auto
half-duplex
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 15.15.15.1 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Konfigurasi PE2:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding NIAGA
ip address 23.23.23.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding BTN
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 23.23.23.2 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 24.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Perhatikan konfigurasi dari PE diatas untuk ROUTER EIGRP,
EIGRP yang digunakan adalah EIGRP berbeda dari EIGRP cust: ????? :)
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 23.23.23.2 0.0.0.0
no auto-summary
autonomous-system 1 =============> Perintah autonomous-system digunakan untuk menandai EIGRP cust ke address family ipv4 vrf NIAGA!!
exit-address-family
Lainnya seperti biasa, mutual redistribute BGP<=>EIGRP.
Jangan gunakan AS yang sama dengan Cust!!!
Berikut konfigurasi jika cust ingin EIGRP advertise antar branch mereka:
Konfigurasi PE1:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding BTN
ip address 16.16.16.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding NIAGA
ip address 15.15.15.1 255.255.255.0
speed auto
half-duplex
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 15.15.15.1 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Konfigurasi PE2:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding NIAGA
ip address 23.23.23.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding BTN
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 23.23.23.2 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 24.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Perhatikan konfigurasi dari PE diatas untuk ROUTER EIGRP,
EIGRP yang digunakan adalah EIGRP berbeda dari EIGRP cust: ????? :)
router eigrp 12
auto-summary
!
address-family ipv4 vrf NIAGA
redistribute bgp 12 metric 1 1 1 1 1
network 23.23.23.2 0.0.0.0
no auto-summary
autonomous-system 1 =============> Perintah autonomous-system digunakan untuk menandai EIGRP cust ke address family ipv4 vrf NIAGA!!
exit-address-family
Lainnya seperti biasa, mutual redistribute BGP<=>EIGRP.
Jangan gunakan AS yang sama dengan Cust!!!
MPLS + RIP customer & PE
Topology untuk MPLS di cust menggunakan RIP:
CUST(rip) CE----------PE1------PE2------CE (CUST(rip)
berikut konfigurasi di PE1:
di PE1:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding BTN
ip address 16.16.16.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding NIAGA
ip address 15.15.15.1 255.255.255.0
speed auto
half-duplex
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Konfigurasi di PE2 :
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding NIAGA
ip address 23.23.23.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding BTN
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 24.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
konfigurasi di cust :
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 16.16.16.6 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 16.0.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Konfigurasi di cust 2:
hostname btn-medan
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 24.24.24.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 24.0.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Kesimpulan :
Lakukan redistribute mutual di kedua routing (bgp <=> MPLS)
di rip dengan metric transparent, dan bgp dengan redistribute rip biasa.
sh ip vrf BTN --> akan muncul loopback dari RIP customer begitu juga di cust.
contoh show di cust:
BTN-JAKARTA#SH IP ROute
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
16.0.0.0/24 is subnetted, 1 subnets
C 16.16.16.0 is directly connected, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
R 24.24.24.0 [120/1] via 16.16.16.1, 00:00:14, FastEthernet0/0 --> rip dari cust sebrangnya.
...LANJUTAN..
CUST(rip) CE----------PE1------PE2------CE (CUST(rip)
berikut konfigurasi di PE1:
di PE1:
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding BTN
ip address 16.16.16.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding NIAGA
ip address 15.15.15.1 255.255.255.0
speed auto
half-duplex
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 16.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Konfigurasi di PE2 :
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BTN
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf NIAGA
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding NIAGA
ip address 23.23.23.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding BTN
ip address 24.24.24.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf BTN
redistribute bgp 12 metric transparent
network 24.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf NIAGA
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BTN
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
mpls ldp router-id Loopback0
!
!
control-plane
konfigurasi di cust :
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 16.16.16.6 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 16.0.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Konfigurasi di cust 2:
hostname btn-medan
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 24.24.24.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 24.0.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
Kesimpulan :
Lakukan redistribute mutual di kedua routing (bgp <=> MPLS)
di rip dengan metric transparent, dan bgp dengan redistribute rip biasa.
sh ip vrf BTN --> akan muncul loopback dari RIP customer begitu juga di cust.
contoh show di cust:
BTN-JAKARTA#SH IP ROute
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
16.0.0.0/24 is subnetted, 1 subnets
C 16.16.16.0 is directly connected, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
R 24.24.24.0 [120/1] via 16.16.16.1, 00:00:14, FastEthernet0/0 --> rip dari cust sebrangnya.
...LANJUTAN..
Sabtu, 23 April 2011
MPLS
Multi Protocol Labeling Switching
P = Provider Edge
PE = Provider Edge
CE = Customer Edge
Topology Sederhana PE PE:
R1#sh mpls interfaces
Interface IP Tunnel Operational
FastEthernet0/0 Yes (ldp) No Yes
R2#sh mpls interfaces
Interface IP Tunnel Operational
FastEthernet0/0 Yes (ldp) No Yes
R1
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BCA
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf BRI
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback11
ip vrf forwarding BRI
ip address 10.10.10.1 255.255.255.255
!
interface Loopback12
ip vrf forwarding BCA
ip address 10.10.10.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf BRI
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BCA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
R2
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BCA
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf BRI
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback11
ip vrf forwarding BRI
ip address 10.10.10.2 255.255.255.255
!
interface Loopback12
ip vrf forwarding BCA
ip address 10.10.10.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf BRI
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BCA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
P = Provider Edge
PE = Provider Edge
CE = Customer Edge
Topology Sederhana PE PE:
R1#sh mpls interfaces
Interface IP Tunnel Operational
FastEthernet0/0 Yes (ldp) No Yes
R2#sh mpls interfaces
Interface IP Tunnel Operational
FastEthernet0/0 Yes (ldp) No Yes
R1
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BCA
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf BRI
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback11
ip vrf forwarding BRI
ip address 10.10.10.1 255.255.255.255
!
interface Loopback12
ip vrf forwarding BCA
ip address 10.10.10.1 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf BRI
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BCA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
R2
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip vrf BCA
rd 12:2
route-target export 12:2
route-target import 12:2
!
ip vrf BRI
rd 12:1
route-target export 12:1
route-target import 12:1
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback11
ip vrf forwarding BRI
ip address 10.10.10.2 255.255.255.255
!
interface Loopback12
ip vrf forwarding BCA
ip address 10.10.10.2 255.255.255.255
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.12.12.2 0.0.0.0 area 0
!
router bgp 12
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf BRI
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf BCA
redistribute connected
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
Jumat, 22 April 2011
BGP
BGP
Saya akan membahas satu persatu semua atribute dari BGP:
Dimulai dari Weight:
How the Best Path Algorithm Works
BGP assigns the first valid path as the current best path. BGP then compares the best path with the next path in the list, until BGP reaches the end of the list of valid paths. This list provides the rules that are used to determine the best path:
Prefer the path with the highest WEIGHT.
Note: WEIGHT is a Cisco-specific parameter. It is local to the router on which it is configured.
Prefer the path with the highest LOCAL_PREF.
Note: A path without LOCAL_PREF is considered to have had the value set with the bgp default local-preference command, or to have a value of 100 by default.
Prefer the path that was locally originated via a network or aggregate BGP subcommand or through redistribution from an IGP.
Local paths that are sourced by the network or redistribute commands are preferred over local aggregates that are sourced by the aggregate-address command.
Prefer the path with the shortest AS_PATH.
Note: Be aware of these items:
This step is skipped if you have configured the bgp bestpath as-path ignore command.
An AS_SET counts as 1, no matter how many ASs are in the set.
The AS_CONFED_SEQUENCE and AS_CONFED_SET are not included in the AS_PATH length.
Prefer the path with the lowest origin type.
Note: IGP is lower than Exterior Gateway Protocol (EGP), and EGP is lower than INCOMPLETE.
Prefer the path with the lowest multi-exit discriminator (MED).
Note: Be aware of these items:
This comparison only occurs if the first (the neighboring) AS is the same in the two paths. Any confederation sub-ASs are ignored.
In other words, MEDs are compared only if the first AS in the AS_SEQUENCE is the same for multiple paths. Any preceding AS_CONFED_SEQUENCE is ignored.
If bgp always-compare-med is enabled, MEDs are compared for all paths.
You must disable this option over the entire AS. Otherwise, routing loops can occur.
If bgp bestpath med-confed is enabled, MEDs are compared for all paths that consist only of AS_CONFED_SEQUENCE.
These paths originated within the local confederation.
THE MED of paths that are received from a neighbor with a MED of 4,294,967,295 is changed before insertion into the BGP table. The MED changes to to 4,294,967,294.
Paths received with no MED are assigned a MED of 0, unless you have enabled bgp bestpath med missing-as-worst .
If you have enabled bgp bestpath med missing-as-worst, the paths are assigned a MED of 4,294,967,294.
The bgp deterministic med command can also influence this step.
Refer to How BGP Routers Use the Multi-Exit Discriminator for Best Path Selection for a demonstration.
Prefer eBGP over iBGP paths.
If bestpath is selected, go to Step 9 (multipath).
Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.
Prefer the path with the lowest IGP metric to the BGP next hop.
Continue, even if bestpath is already selected.
Determine if multiple paths require installation in the routing table for BGP Multipath.
Continue, if bestpath is not yet selected.
When both paths are external, prefer the path that was received first (the oldest one).
This step minimizes route-flap because a newer path does not displace an older one, even if the newer path would be the preferred route based on the next decision criteria (Steps 11, 12, and 13).
Skip this step if any of these items is true:
You have enabled the bgp best path compare-routerid command.
Note: Cisco IOS Software Releases 12.0.11S, 12.0.11SC, 12.0.11S3, 12.1.3, 12.1.3AA, 12.1.3.T, and 12.1.3.E introduced this command.
The router ID is the same for multiple paths because the routes were received from the same router.
There is no current best path.
The current best path can be lost when, for example, the neighbor that offers the path goes down.
Prefer the route that comes from the BGP router with the lowest router ID.
The router ID is the highest IP address on the router, with preference given to loopback addresses. Also, you can use the bgp router-id command to manually set the router ID.
Note: If a path contains route reflector (RR) attributes, the originator ID is substituted for the router ID in the path selection process.
If the originator or router ID is the same for multiple paths, prefer the path with the minimum cluster list length.
This is only present in BGP RR environments. It allows clients to peer with RRs or clients in other clusters. In this scenario, the client must be aware of the RR-specific BGP attribute.
Prefer the path that comes from the lowest neighbor address.
This address is the IP address that is used in the BGP neighbor configuration. The address corresponds to the remote peer that is used in the TCP connection with the local router.
Ada 3 cara / solusi untuk iBGP Agar Fullmesh :
1. Next-hop-self
2. Network command (artinya advertise semua interface)
3. IGP (buat dulu igp di iBGP ) kemudian redistribute igp-nya
iBGP HARUSS :
1.Full Mesh
2.Route-reflector
3.Confederation
Saya akan membahas satu persatu semua atribute dari BGP:
Dimulai dari Weight:
How the Best Path Algorithm Works
BGP assigns the first valid path as the current best path. BGP then compares the best path with the next path in the list, until BGP reaches the end of the list of valid paths. This list provides the rules that are used to determine the best path:
Prefer the path with the highest WEIGHT.
Note: WEIGHT is a Cisco-specific parameter. It is local to the router on which it is configured.
Prefer the path with the highest LOCAL_PREF.
Note: A path without LOCAL_PREF is considered to have had the value set with the bgp default local-preference command, or to have a value of 100 by default.
Prefer the path that was locally originated via a network or aggregate BGP subcommand or through redistribution from an IGP.
Local paths that are sourced by the network or redistribute commands are preferred over local aggregates that are sourced by the aggregate-address command.
Prefer the path with the shortest AS_PATH.
Note: Be aware of these items:
This step is skipped if you have configured the bgp bestpath as-path ignore command.
An AS_SET counts as 1, no matter how many ASs are in the set.
The AS_CONFED_SEQUENCE and AS_CONFED_SET are not included in the AS_PATH length.
Prefer the path with the lowest origin type.
Note: IGP is lower than Exterior Gateway Protocol (EGP), and EGP is lower than INCOMPLETE.
Prefer the path with the lowest multi-exit discriminator (MED).
Note: Be aware of these items:
This comparison only occurs if the first (the neighboring) AS is the same in the two paths. Any confederation sub-ASs are ignored.
In other words, MEDs are compared only if the first AS in the AS_SEQUENCE is the same for multiple paths. Any preceding AS_CONFED_SEQUENCE is ignored.
If bgp always-compare-med is enabled, MEDs are compared for all paths.
You must disable this option over the entire AS. Otherwise, routing loops can occur.
If bgp bestpath med-confed is enabled, MEDs are compared for all paths that consist only of AS_CONFED_SEQUENCE.
These paths originated within the local confederation.
THE MED of paths that are received from a neighbor with a MED of 4,294,967,295 is changed before insertion into the BGP table. The MED changes to to 4,294,967,294.
Paths received with no MED are assigned a MED of 0, unless you have enabled bgp bestpath med missing-as-worst .
If you have enabled bgp bestpath med missing-as-worst, the paths are assigned a MED of 4,294,967,294.
The bgp deterministic med command can also influence this step.
Refer to How BGP Routers Use the Multi-Exit Discriminator for Best Path Selection for a demonstration.
Prefer eBGP over iBGP paths.
If bestpath is selected, go to Step 9 (multipath).
Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.
Prefer the path with the lowest IGP metric to the BGP next hop.
Continue, even if bestpath is already selected.
Determine if multiple paths require installation in the routing table for BGP Multipath.
Continue, if bestpath is not yet selected.
When both paths are external, prefer the path that was received first (the oldest one).
This step minimizes route-flap because a newer path does not displace an older one, even if the newer path would be the preferred route based on the next decision criteria (Steps 11, 12, and 13).
Skip this step if any of these items is true:
You have enabled the bgp best path compare-routerid command.
Note: Cisco IOS Software Releases 12.0.11S, 12.0.11SC, 12.0.11S3, 12.1.3, 12.1.3AA, 12.1.3.T, and 12.1.3.E introduced this command.
The router ID is the same for multiple paths because the routes were received from the same router.
There is no current best path.
The current best path can be lost when, for example, the neighbor that offers the path goes down.
Prefer the route that comes from the BGP router with the lowest router ID.
The router ID is the highest IP address on the router, with preference given to loopback addresses. Also, you can use the bgp router-id command to manually set the router ID.
Note: If a path contains route reflector (RR) attributes, the originator ID is substituted for the router ID in the path selection process.
If the originator or router ID is the same for multiple paths, prefer the path with the minimum cluster list length.
This is only present in BGP RR environments. It allows clients to peer with RRs or clients in other clusters. In this scenario, the client must be aware of the RR-specific BGP attribute.
Prefer the path that comes from the lowest neighbor address.
This address is the IP address that is used in the BGP neighbor configuration. The address corresponds to the remote peer that is used in the TCP connection with the local router.
Ada 3 cara / solusi untuk iBGP Agar Fullmesh :
1. Next-hop-self
2. Network command (artinya advertise semua interface)
3. IGP (buat dulu igp di iBGP ) kemudian redistribute igp-nya
iBGP HARUSS :
1.Full Mesh
2.Route-reflector
3.Confederation
Rabu, 20 April 2011
IPV6 (baca:ipvisix)
Sekilas Tentang IPv6
Perubahan dari IPv4 ke IPv6 pada dasarnya terjadi karena beberapa hal yang dikelompokkan dalam kategori berikut :
1. Kapasitas Perluasan Alamat
IPv6 meningkatkan ukuran dan jumlah alamat yang mampu didukung oleh IPv4 dari 32bit menjadi 128bit. Peningkatan kapasitas alamat ini digunakan untuk mendukung peningkatan hirarki atau kelompok pengalamatan, peningkatan jumlah atau kapasitas alamat yang dapat dialokasikan dan diberikan pada node dan mempermudah konfigurasi alamat pada node sehingga dapat dilakukan secara otomatis. Peningkatan skalabilitas juga dilakukan pada routing multicast dengan meningkatkan cakupan dan jumlah pada alamat multicast. IPv6 ini selain meningkatkan jumlah kapasitas alamat yang dapat dialokasikan pada node juga mengenalkan jenis atau tipe alamat baru, yaitu alamat anycast. Tipe alamat anycast ini didefinisikan dan digunakan untuk mengirimkan paket ke salah satu dari kumpulan node.
2. Penyederhanaan Format Header
Beberapa kolom pada header IPv4 telah dihilangkan atau dapat dibuat sebagai header pilihan. Hal ini digunakan untuk mengurangi biaya pemrosesan hal-hal yang umum pada penanganan paket IPv6 dan membatasi biaya bandwidth pada header IPv6. Dengan demikian, pemerosesan header pada paket IPv6 dapat dilakukan secara efisien.
3. Peningkatan dukungan untuk header pilihan dan header tambahan (Options and extention header)
Perubahan yang terjadi pada header-header IP yaitu dengan adanya pengkodean header Options (pilihan) pada IP dimasukkan agar lebih efisien dalam penerusan paket (packet forwarding), agar tidak terlalu ketat dalam pembatasan panjang header pilihan yang terdapat dalam paket IPv6 dan sangat fleksibel/dimungkinkan untuk mengenalkan header pilihan baru pada masa akan dating.
4. Kemampuan pelabelan aliran paket
Kemampuan atau fitur baru ditambahkan pada IPv6 ini adalah memungkinkan pelabelan paket atau pengklasifikasikan paket yang meminta penanganan khusus, seperti kualitas mutu layanan tertentu (QoS) atau real-time.
5. Autentifikasi dan kemampuan privasi
Kemampuan tambahan untuk mendukung autentifikasi, integritas data dan data penting juga dispesifikasikan dalam alamat IPv6.
2.2. Arsitektur Pengalamatan IPv6
Alamat IPv6 adalah pengindetifikasi sepanjang 128 bit untuk interface dan sekumpulan interface. Ada tuga tipe dari alamat IPv6 :
a. Unicast : Pengidentifikasi untuk interface tunggal. Paket yang dikirimkan ke alamat unocast adalah paket yang dikirimkan ke sebuah interface yang diidentifikasi oleh alamat tersebut.
b. Anycast : Pengidentifikasi untuk sekumpulan interface (umumnya milik node yang berbeda). Paket yang dikirimkan ke alamat anycast adalah paket yang dikirimkan ke salah satu dari sekumpulan interface yang diidentifikasi oleh alamat tersebut (alamat yang paling dekat, mengacu pada pengukuran jarak dari protokol routing).
c. Multicast : pengidentifikasi untuk sekumpulan interface (umumnya milik node yang berbeda). Paket yang dikirimkan ke alamat multicast adalah paket yang dikirimkan ke semua interface yang diidentifikasi oleh alamt tersebut.
Tidak ada alamat broadcast dalam IPv6, fungsi alamat broadcast digantikan oleh alamat multicast.
2.2.1. Model Pengalamatan
Alamat-alamat IPv6 dari semua tipe diberikan pada interface, tidak pada node. Alamat unicast IPv6 mengacu pada interface tunggal. Karena setiap interface milik node tunggal, alamat unicast yang diberikan pada node tersebit juga digunakan untuk mengidentifikasi node tersebut.
Semua interface diharuskan untuk mempunyai setidaknya satu alamat unicast link-lokal. Satu buah interface dapat diberikan atau dialokasikan alamat IPv6 lebih dari satu dengan berbagai macam tipe alamat atau scope. Alamat unicast dengan scope lebih besar dari link-scope tidak diperlukan untuk interface yang tidak digunakan sebagai alamat asal atau tujuan dari paket IPv6. Hal ini kadang-kadang tepat untuk interface point-to-point, atau dalam bentuk link point-to-point, tidak perlu adanya pemberian alamat unicast pada kedua interface tersebut. Ada satu pengecualian pada model pengalamatan ini, yaitu alamat unicast atau sekumpulan ala,at unicast mungkin diberikan ke interface fisik yang banyak jika implementasi tersebut menganggap interface yang banyak tersebut sebagai satu kesatuan interface ketika dihadapkan pada layer internet. Hal ini sangat berguna untuk load-sharing melalui interface fisik yang banyak.
Saat ini IPv6 melanjutkan model IPv4 dimana prefix subnet diasosiasikan dengan satu link (link tunggal). Prefix subnet yang mungkin diberikan pada link yang sama dapat lebih dari satu.
2.2.2. Representasi Teks dari Alamat
Ada tiga jenis bentuk konversional untuk merepresentasikan alamat IPv6 sebagai string teks :
1. Bentuk yang disukai adalah x:x:x:x:x:x:x:x, x adalah nilai heksadesimal dari 8 satuan yang mana setiap satuan terdiri atas 16 bit
Contoh :
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0:0:0:8:800:200C:417A
Catatan :
Tidak perlu menulis permulaan nilai nol dalam setiap kolom (dipisahkan dengan tanda “:”), misalkan 0008 cukup dapat dituli 8 saja. Namun, setidaknya harus ada satu dalam setiap kolom jika semuanya berupa 0.
2. Ada beberapa metode dalam pengalokasian gaya tertentu dari alamat IPv6, hal ini khususnya untuk alamat yang berisi string nol bit yang panjang. Dalam rangka untuk membuat mudah penulisan alamat yang berisi bit nol, special sintaks tersedia untuk memadatkan kumpulan dari tiap-tiap nilai nol sepanjang 16 bit yng berurutan. Tanda “::” hanya dapat tampil sekali dalam sebuah alamat. Tanda “::” juga dapat digunakan untuk memadatkan kumpulan nilai 16 bit yang terdapat pada awal alamat.
Contoh :
1080:0:0:0:8:800:200C:417A alamat unicast
FF01:0:0:0:0:0:0:101 alamat multicast
0:0:0:0:0:0:0:1 alamat loopback
0:0:0:0:0:0:0:0 alamat tak terdefinisi
mungkin direpresentasikan menjadi:
1080::8:800:200C:417A alamat unicast
FF01::101 alamat multicast
::1 alamat loopback
:: alamat tak terdefinisi
3. Bentuk alternative yang kadang-kadang lebih tepat ketika dihadapkan dengan lingkungan gabungan dari IPv4 dan IPv6 adalah x:x:x:x:x:x:d.d.d.d dimana x menandakan nilai heksadesimal dari enam satuan yang masing-masing terdiri atas 16 bit, dan d adalah nilai decimal dari empat satuan yang masing-masing terdiri dari 7 bit (standar representasi IPv4). Contoh :
0:0:0:0:0:0:202.154.63.9
0:0:0:0:0:FFFF:10.122.1.77
atau dalam bentuk dipadatkan :
::202.154.63.9
::FFFF:10.122.1.77
2.2.3. Representasi Teks dari Alamat Prefix
Representasi teks dari alamat prefix sama dengan alamat prefix pada IPv4 yang ditulis dalam notasi CIDR (Classless Inter Domain Routing), alamat prefix IPv6 direpresentasikan degnan notasi berikut:
IPv6-Address/Prefix-length
IPv6-Address adalah alamat IPv6 dengan ketentuan notasi pengalamatan.
Prefix-length adalah nilai decimal yang menspesifikasikan berapa banyak bit yang berurutan disebelah kiri mulai dari awal bit yang termasuk dalam prefix.
Sebagai contoh, berikut ini representasi yang benar dari 60 bit prefix 12AB00000000CD3 (dalam heksa decimal) :
12AB:0000:0000:CD30:0000:0000:0000:0000/60
12AB::CD30:0:0:0:0/60
12AB:0:0:CD30::/60
Berikut ini adalah representasi yang salah dari prefix diatas:
12AB:0:0:CD3/60
menghilangkan nilai nol yang berada di depan tiap kolom, namun tidak mencantumkan nol yang berada di belakang.
12AB::CD30/60
alamat di sebelah kiri “/” jika diperlukan akan menjadi 12AB:0000:0000:0000:0000:0000:0000:CD30
12AB::CD3/60
alamat disebelah kiri “/” jika diperlukan akan menjadi 12AB:0000:0000:0000:0000:0000:0000:CD3
Ketika menulis alamat node dan prefix dari alamat node tersebut, keduanya dapat dikombinasikan sebagai berikut:
Alamat node : 12AB:0:0:CD30:123:4567:89AB:CDEF
Nomer Subnet : 12AB:0:0:CD30::/60
Dapat disingkat sebagai :
12AB:0:0:CD30:123:4567:89AB:CDEF/60
Perubahan dari IPv4 ke IPv6 pada dasarnya terjadi karena beberapa hal yang dikelompokkan dalam kategori berikut :
1. Kapasitas Perluasan Alamat
IPv6 meningkatkan ukuran dan jumlah alamat yang mampu didukung oleh IPv4 dari 32bit menjadi 128bit. Peningkatan kapasitas alamat ini digunakan untuk mendukung peningkatan hirarki atau kelompok pengalamatan, peningkatan jumlah atau kapasitas alamat yang dapat dialokasikan dan diberikan pada node dan mempermudah konfigurasi alamat pada node sehingga dapat dilakukan secara otomatis. Peningkatan skalabilitas juga dilakukan pada routing multicast dengan meningkatkan cakupan dan jumlah pada alamat multicast. IPv6 ini selain meningkatkan jumlah kapasitas alamat yang dapat dialokasikan pada node juga mengenalkan jenis atau tipe alamat baru, yaitu alamat anycast. Tipe alamat anycast ini didefinisikan dan digunakan untuk mengirimkan paket ke salah satu dari kumpulan node.
2. Penyederhanaan Format Header
Beberapa kolom pada header IPv4 telah dihilangkan atau dapat dibuat sebagai header pilihan. Hal ini digunakan untuk mengurangi biaya pemrosesan hal-hal yang umum pada penanganan paket IPv6 dan membatasi biaya bandwidth pada header IPv6. Dengan demikian, pemerosesan header pada paket IPv6 dapat dilakukan secara efisien.
3. Peningkatan dukungan untuk header pilihan dan header tambahan (Options and extention header)
Perubahan yang terjadi pada header-header IP yaitu dengan adanya pengkodean header Options (pilihan) pada IP dimasukkan agar lebih efisien dalam penerusan paket (packet forwarding), agar tidak terlalu ketat dalam pembatasan panjang header pilihan yang terdapat dalam paket IPv6 dan sangat fleksibel/dimungkinkan untuk mengenalkan header pilihan baru pada masa akan dating.
4. Kemampuan pelabelan aliran paket
Kemampuan atau fitur baru ditambahkan pada IPv6 ini adalah memungkinkan pelabelan paket atau pengklasifikasikan paket yang meminta penanganan khusus, seperti kualitas mutu layanan tertentu (QoS) atau real-time.
5. Autentifikasi dan kemampuan privasi
Kemampuan tambahan untuk mendukung autentifikasi, integritas data dan data penting juga dispesifikasikan dalam alamat IPv6.
2.2. Arsitektur Pengalamatan IPv6
Alamat IPv6 adalah pengindetifikasi sepanjang 128 bit untuk interface dan sekumpulan interface. Ada tuga tipe dari alamat IPv6 :
a. Unicast : Pengidentifikasi untuk interface tunggal. Paket yang dikirimkan ke alamat unocast adalah paket yang dikirimkan ke sebuah interface yang diidentifikasi oleh alamat tersebut.
b. Anycast : Pengidentifikasi untuk sekumpulan interface (umumnya milik node yang berbeda). Paket yang dikirimkan ke alamat anycast adalah paket yang dikirimkan ke salah satu dari sekumpulan interface yang diidentifikasi oleh alamat tersebut (alamat yang paling dekat, mengacu pada pengukuran jarak dari protokol routing).
c. Multicast : pengidentifikasi untuk sekumpulan interface (umumnya milik node yang berbeda). Paket yang dikirimkan ke alamat multicast adalah paket yang dikirimkan ke semua interface yang diidentifikasi oleh alamt tersebut.
Tidak ada alamat broadcast dalam IPv6, fungsi alamat broadcast digantikan oleh alamat multicast.
2.2.1. Model Pengalamatan
Alamat-alamat IPv6 dari semua tipe diberikan pada interface, tidak pada node. Alamat unicast IPv6 mengacu pada interface tunggal. Karena setiap interface milik node tunggal, alamat unicast yang diberikan pada node tersebit juga digunakan untuk mengidentifikasi node tersebut.
Semua interface diharuskan untuk mempunyai setidaknya satu alamat unicast link-lokal. Satu buah interface dapat diberikan atau dialokasikan alamat IPv6 lebih dari satu dengan berbagai macam tipe alamat atau scope. Alamat unicast dengan scope lebih besar dari link-scope tidak diperlukan untuk interface yang tidak digunakan sebagai alamat asal atau tujuan dari paket IPv6. Hal ini kadang-kadang tepat untuk interface point-to-point, atau dalam bentuk link point-to-point, tidak perlu adanya pemberian alamat unicast pada kedua interface tersebut. Ada satu pengecualian pada model pengalamatan ini, yaitu alamat unicast atau sekumpulan ala,at unicast mungkin diberikan ke interface fisik yang banyak jika implementasi tersebut menganggap interface yang banyak tersebut sebagai satu kesatuan interface ketika dihadapkan pada layer internet. Hal ini sangat berguna untuk load-sharing melalui interface fisik yang banyak.
Saat ini IPv6 melanjutkan model IPv4 dimana prefix subnet diasosiasikan dengan satu link (link tunggal). Prefix subnet yang mungkin diberikan pada link yang sama dapat lebih dari satu.
2.2.2. Representasi Teks dari Alamat
Ada tiga jenis bentuk konversional untuk merepresentasikan alamat IPv6 sebagai string teks :
1. Bentuk yang disukai adalah x:x:x:x:x:x:x:x, x adalah nilai heksadesimal dari 8 satuan yang mana setiap satuan terdiri atas 16 bit
Contoh :
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0:0:0:8:800:200C:417A
Catatan :
Tidak perlu menulis permulaan nilai nol dalam setiap kolom (dipisahkan dengan tanda “:”), misalkan 0008 cukup dapat dituli 8 saja. Namun, setidaknya harus ada satu dalam setiap kolom jika semuanya berupa 0.
2. Ada beberapa metode dalam pengalokasian gaya tertentu dari alamat IPv6, hal ini khususnya untuk alamat yang berisi string nol bit yang panjang. Dalam rangka untuk membuat mudah penulisan alamat yang berisi bit nol, special sintaks tersedia untuk memadatkan kumpulan dari tiap-tiap nilai nol sepanjang 16 bit yng berurutan. Tanda “::” hanya dapat tampil sekali dalam sebuah alamat. Tanda “::” juga dapat digunakan untuk memadatkan kumpulan nilai 16 bit yang terdapat pada awal alamat.
Contoh :
1080:0:0:0:8:800:200C:417A alamat unicast
FF01:0:0:0:0:0:0:101 alamat multicast
0:0:0:0:0:0:0:1 alamat loopback
0:0:0:0:0:0:0:0 alamat tak terdefinisi
mungkin direpresentasikan menjadi:
1080::8:800:200C:417A alamat unicast
FF01::101 alamat multicast
::1 alamat loopback
:: alamat tak terdefinisi
3. Bentuk alternative yang kadang-kadang lebih tepat ketika dihadapkan dengan lingkungan gabungan dari IPv4 dan IPv6 adalah x:x:x:x:x:x:d.d.d.d dimana x menandakan nilai heksadesimal dari enam satuan yang masing-masing terdiri atas 16 bit, dan d adalah nilai decimal dari empat satuan yang masing-masing terdiri dari 7 bit (standar representasi IPv4). Contoh :
0:0:0:0:0:0:202.154.63.9
0:0:0:0:0:FFFF:10.122.1.77
atau dalam bentuk dipadatkan :
::202.154.63.9
::FFFF:10.122.1.77
2.2.3. Representasi Teks dari Alamat Prefix
Representasi teks dari alamat prefix sama dengan alamat prefix pada IPv4 yang ditulis dalam notasi CIDR (Classless Inter Domain Routing), alamat prefix IPv6 direpresentasikan degnan notasi berikut:
IPv6-Address/Prefix-length
IPv6-Address adalah alamat IPv6 dengan ketentuan notasi pengalamatan.
Prefix-length adalah nilai decimal yang menspesifikasikan berapa banyak bit yang berurutan disebelah kiri mulai dari awal bit yang termasuk dalam prefix.
Sebagai contoh, berikut ini representasi yang benar dari 60 bit prefix 12AB00000000CD3 (dalam heksa decimal) :
12AB:0000:0000:CD30:0000:0000:0000:0000/60
12AB::CD30:0:0:0:0/60
12AB:0:0:CD30::/60
Berikut ini adalah representasi yang salah dari prefix diatas:
12AB:0:0:CD3/60
menghilangkan nilai nol yang berada di depan tiap kolom, namun tidak mencantumkan nol yang berada di belakang.
12AB::CD30/60
alamat di sebelah kiri “/” jika diperlukan akan menjadi 12AB:0000:0000:0000:0000:0000:0000:CD30
12AB::CD3/60
alamat disebelah kiri “/” jika diperlukan akan menjadi 12AB:0000:0000:0000:0000:0000:0000:CD3
Ketika menulis alamat node dan prefix dari alamat node tersebut, keduanya dapat dikombinasikan sebagai berikut:
Alamat node : 12AB:0:0:CD30:123:4567:89AB:CDEF
Nomer Subnet : 12AB:0:0:CD30::/60
Dapat disingkat sebagai :
12AB:0:0:CD30:123:4567:89AB:CDEF/60
Jumat, 15 April 2011
Failover koneksi internet tanpa protocol routing (IP SLA)
Jika anda memiliki 2 jalur internet dengan 2 ISP yang berbeda dan ingin membuat failover untuk kedua koneksi internet tersebut.anda dapat menggunakan IPSLA di bawah ini :
hostname Router
!
ip cef
!####Establish sla monitors for use in tracking objects####!
ip sla monitor 1
type echo protocol ipIcmpEcho 12.34.45.1
threshold 3
frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 23.34.56.1
threshold 3
frequency 5
ip sla monitor schedule 2 life forever start-time now
!
!####Configure Tracking objects (referencing IP SLA monitor’s above)####!
track 101 rtr 1 reachability
!
track 102 rtr 2 reachability
!
!
!
!
!####Configure Interfaces with NAT####!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface s0/0
ip address 12.34.45.2 255.255.255.0
ip nat outside
!
interface s0/1
ip address 23.45.67.2 255.255.255.0
ip nat outside
!
ip classless
!####Configure gateway of last resort with tracking objects####!
ip route 0.0.0.0 0.0.0.0 12.34.45.1 track 101
ip route 0.0.0.0 0.0.0.0 23.45.67.1 track 102
!####Configure NAT statements for most outbound traffic####!
ip nat inside source route-map ISP1 interface s0/0 overload
ip nat inside source route-map ISP2 interface s0/1 overload
!####Configure NAT statements for your mail server####!
!(remember to setup dns for mail on both public IP addresses)!
ip nat inside source static tcp 192.168.1.10 25 12.34.45.2 25 route-map ISP1 extendable
ip nat inside source static tcp 192.168.1.10 25 23.45.67.2 25 route-map ISP2 extendable
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!####Configure route maps for reference in NAT statements####!
route-map ISP2 permit 10
match ip address 10
match interface s0/1
!
route-map ISP1 permit 10
match ip address 10
match interface s0/0
----------------------------------------------------------------------
icmp-echo 4.2.2.2 < 4.2.2.2 is a DNS server that responds to pings out on the internet>
timeout 500 < This is how long to wait for a response from the ping>
frequency 3 < This is the repeat rate for the SLA>
ip sla schedule 1 start-time now life forever < This command says "start SLA 1 now and keep it running forever>
track 1 rtr 1 reachability < This comand creates the track object "1" and monitors the SLA 1>
now for the routing, we need to change the default route and associate it with the tracker
no ip route 0.0.0.0 0.0.0.0 1.1.1.1
and then put it back with the tracking
ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1
Then we need to add our secondary route
ip route 0.0.0.0 0.0.0.0 1.1.1.2 10
ip route 4.2.2.2 255.255.255.255 1.1.1.1 ==> 1.1.1.1 being your primary next hop ip address
Now when the ping to 4.2.2.2 fails the primary route is removed and the secondary route with the higher metric becomes the default.
The route will be reinstated when the connectivity is restored.
>
hostname Router
!
ip cef
!####Establish sla monitors for use in tracking objects####!
ip sla monitor 1
type echo protocol ipIcmpEcho 12.34.45.1
threshold 3
frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 23.34.56.1
threshold 3
frequency 5
ip sla monitor schedule 2 life forever start-time now
!
!####Configure Tracking objects (referencing IP SLA monitor’s above)####!
track 101 rtr 1 reachability
!
track 102 rtr 2 reachability
!
!
!
!
!####Configure Interfaces with NAT####!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface s0/0
ip address 12.34.45.2 255.255.255.0
ip nat outside
!
interface s0/1
ip address 23.45.67.2 255.255.255.0
ip nat outside
!
ip classless
!####Configure gateway of last resort with tracking objects####!
ip route 0.0.0.0 0.0.0.0 12.34.45.1 track 101
ip route 0.0.0.0 0.0.0.0 23.45.67.1 track 102
!####Configure NAT statements for most outbound traffic####!
ip nat inside source route-map ISP1 interface s0/0 overload
ip nat inside source route-map ISP2 interface s0/1 overload
!####Configure NAT statements for your mail server####!
!(remember to setup dns for mail on both public IP addresses)!
ip nat inside source static tcp 192.168.1.10 25 12.34.45.2 25 route-map ISP1 extendable
ip nat inside source static tcp 192.168.1.10 25 23.45.67.2 25 route-map ISP2 extendable
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!####Configure route maps for reference in NAT statements####!
route-map ISP2 permit 10
match ip address 10
match interface s0/1
!
route-map ISP1 permit 10
match ip address 10
match interface s0/0
----------------------------------------------------------------------
icmp-echo 4.2.2.2 < 4.2.2.2 is a DNS server that responds to pings out on the internet>
timeout 500 < This is how long to wait for a response from the ping>
frequency 3 < This is the repeat rate for the SLA>
ip sla schedule 1 start-time now life forever < This command says "start SLA 1 now and keep it running forever>
track 1 rtr 1 reachability < This comand creates the track object "1" and monitors the SLA 1>
now for the routing, we need to change the default route and associate it with the tracker
no ip route 0.0.0.0 0.0.0.0 1.1.1.1
and then put it back with the tracking
ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1
Then we need to add our secondary route
ip route 0.0.0.0 0.0.0.0 1.1.1.2 10
ip route 4.2.2.2 255.255.255.255 1.1.1.1 ==> 1.1.1.1 being your primary next hop ip address
Now when the ping to 4.2.2.2 fails the primary route is removed and the secondary route with the higher metric becomes the default.
The route will be reinstated when the connectivity is restored.
>
Selasa, 12 April 2011
Day 2
RIP (Routing Information protokol)
Merupakan salah satu jenis routing protokol dynamic jenis distance vector,
memiliki max hop count 15 dan 16 di anggap Unreachable.
Merupakan jenis routing classfull, yang artinya tidak mendukung VLSM dan CIDR.
tetapi hal ini sudah di perbaiki di RIP Version2. artinya "tidak mendukung" bahwa RIP akan selalu mengelompokkan subnet kedalam kelompok A,B dan C dengan format defaultnya :
A = 255.0.0.0
B = 255.255.0.0
C = 255.255.255.0
RIP merupakan jenis IGP (Interior Gateway Protocol) yg artinya bahwa jenis routing ini tidak akan digunakan untuk kepentingan di luar network anda.
AD (Administrative Distance) = 120, Broadcast routing table dan kemudian membagi full routing tablenya ke tetangganya yg artinya akan memakan bandwidth lebih.
Passive Interface pada RIP berarti masih menerima update tetapi tidak mengirim.
Classfull, karena update routing table tidak menjediakan query untuk subnetmask.
RIP Version 2
Sudah Multicast = 224.0.0.9 classless.
dengan menambahkan Version 2 di konfigurasi.
EIGRP
Merupakan protokol propetiery Cisco, Update Event-trigger karena hanya mengupdate perubahan network saja, Multicast update ke 224.0.0.10, Belman ford-Algoritma, DUAL (Difussing Update Algorithm) yang artinya akan menyimpan semua jalur kedalam topology table kemudian akan memilih path terkecil untuk digunakan di routing table, jika existing failure kemudian akan segera dan sangat cepat akan di gantikan oleh cadang satu lagi(begitu juga seterusnya akan di hitung kembali cadangan path yg loop free berikutnya dan jika tidak ada maka akan di tanyakan ke tetangganya maka oleh karena itu dinamakan "Diffusing" Update Algorithm.) hal ini di artikan istilah Feasible Distance dan Successor.FD adalah routing table untuk destination yang terbaik (Best Path) dan Succseccor adalah Routing table 'cadangan' yang bisa di pakai jika successor tidak active dan sudah pasti bebas looping.
EIGRP beda dengan IGRP dari cara tingkah laku updatenya, IGRP dengan cara Broadcast sementara EIGRP sudah Multicast, dan IGRP masih mengupdate FULL ROUTING TABLE nya ke neighboornya.
Menggunakan Bandwidth dan Delay sebagai metric nya.
Metric = [BandW +Delay] × 256
Bandwidth diambil dari bandwidth terkecil dalam kbps,dari semua interface keluaran untuk semua network tujuan.
untuk mengubah opsi K1,K2,K3,K4,K5 di gunakan
"metric weights tos k1 k2 k3 k4 k5" ===> tetapi tidak di sarankan untuk di ubah.
Metrik EIGRP lebih besar 256 kali dari IGRP! ini perlu di ketahui jia ingin migrasi dari IGRP ke EIGRP.
Merupakan salah satu jenis routing protokol dynamic jenis distance vector,
memiliki max hop count 15 dan 16 di anggap Unreachable.
Merupakan jenis routing classfull, yang artinya tidak mendukung VLSM dan CIDR.
tetapi hal ini sudah di perbaiki di RIP Version2. artinya "tidak mendukung" bahwa RIP akan selalu mengelompokkan subnet kedalam kelompok A,B dan C dengan format defaultnya :
A = 255.0.0.0
B = 255.255.0.0
C = 255.255.255.0
RIP merupakan jenis IGP (Interior Gateway Protocol) yg artinya bahwa jenis routing ini tidak akan digunakan untuk kepentingan di luar network anda.
AD (Administrative Distance) = 120, Broadcast routing table dan kemudian membagi full routing tablenya ke tetangganya yg artinya akan memakan bandwidth lebih.
Passive Interface pada RIP berarti masih menerima update tetapi tidak mengirim.
Classfull, karena update routing table tidak menjediakan query untuk subnetmask.
RIP Version 2
Sudah Multicast = 224.0.0.9 classless.
dengan menambahkan Version 2 di konfigurasi.
EIGRP
Merupakan protokol propetiery Cisco, Update Event-trigger karena hanya mengupdate perubahan network saja, Multicast update ke 224.0.0.10, Belman ford-Algoritma, DUAL (Difussing Update Algorithm) yang artinya akan menyimpan semua jalur kedalam topology table kemudian akan memilih path terkecil untuk digunakan di routing table, jika existing failure kemudian akan segera dan sangat cepat akan di gantikan oleh cadang satu lagi(begitu juga seterusnya akan di hitung kembali cadangan path yg loop free berikutnya dan jika tidak ada maka akan di tanyakan ke tetangganya maka oleh karena itu dinamakan "Diffusing" Update Algorithm.) hal ini di artikan istilah Feasible Distance dan Successor.FD adalah routing table untuk destination yang terbaik (Best Path) dan Succseccor adalah Routing table 'cadangan' yang bisa di pakai jika successor tidak active dan sudah pasti bebas looping.
EIGRP beda dengan IGRP dari cara tingkah laku updatenya, IGRP dengan cara Broadcast sementara EIGRP sudah Multicast, dan IGRP masih mengupdate FULL ROUTING TABLE nya ke neighboornya.
Menggunakan Bandwidth dan Delay sebagai metric nya.
Metric = [BandW +Delay] × 256
Bandwidth diambil dari bandwidth terkecil dalam kbps,dari semua interface keluaran untuk semua network tujuan.
untuk mengubah opsi K1,K2,K3,K4,K5 di gunakan
"metric weights tos k1 k2 k3 k4 k5" ===> tetapi tidak di sarankan untuk di ubah.
Metrik EIGRP lebih besar 256 kali dari IGRP! ini perlu di ketahui jia ingin migrasi dari IGRP ke EIGRP.
Day 1
Subnetting :
Summarization :
Prefix-list :
ip prefix-list provides the most powerful prefix based filtering mechanism. In addition to access-list functionality, ip prefix-list has prefix length range specification and sequential number specification. You can add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.
If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.
— Command: ip prefix-list name (permit|deny) prefix [le len] [ge len]
— Command: ip prefix-list name seq number (permit|deny) prefix [le len] [ge len]
You can create ip prefix-list using above commands.
seq
seq number can be set either automatically or manually. In the case that sequential numbers are set manually, the user may pick any number less than 4294967295. In the case that sequential number are set automatically, the sequential number will increase by a unit of five (5) per list. If a list with no specified sequential number is created after a list with a specified sequential number, the list will automatically pick the next multiple of five (5) as the list number. For example, if a list with number 2 already exists and a new list with no specified number is created, the next list will be numbered 5. If lists 2 and 7 already exist and a new list with no specified number is created, the new list will be numbered 10.
le
le command specifies prefix length. The prefix list will be applied if the prefix length is less than or equal to the le prefix length.
ge
ge command specifies prefix length. The prefix list will be applied if the prefix length is greater than or equal to the ge prefix length.
Less than or equal to prefix numbers and greater than or equal to prefix numbers can be used together. The order of the le and ge commands does not matter.
If a prefix list with a different sequential number but with the exact same rules as a previous list is created, an error will result. However, in the case that the sequential number and the rules are exactly similar, no error will result.
If a list with the same sequential number as a previous list is created, the new list will overwrite the old list.
Matching of IP Prefix is performed from the smaller sequential number to the larger. The matching will stop once any rule has been applied.
In the case of no le or ge command, the prefix length must match exactly the length specified in the prefix list.
— Command: no ip prefix-list name
ip prefix-list description
ip prefix-list sequential number control
Showing ip prefix-list
Clear counter of ip prefix-list
exact
The route shares the same most-significant bits (described by prefix-length), and prefix-length is equal to the route's prefix length.
longer
The route shares the same most-significant bits (described by prefix-length), and prefix-length is greater than the route's prefix length.
orlonger
The route shares the same most-significant bits (described by prefix-length), and prefix-length is equal to or greater than the route's prefix length.
*http://www.quagga.net/docs/docs-multi/IP-Prefix-List.html
Summarization :
Prefix-list :
ip prefix-list provides the most powerful prefix based filtering mechanism. In addition to access-list functionality, ip prefix-list has prefix length range specification and sequential number specification. You can add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.
If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.
— Command: ip prefix-list name (permit|deny) prefix [le len] [ge len]
— Command: ip prefix-list name seq number (permit|deny) prefix [le len] [ge len]
You can create ip prefix-list using above commands.
seq
seq number can be set either automatically or manually. In the case that sequential numbers are set manually, the user may pick any number less than 4294967295. In the case that sequential number are set automatically, the sequential number will increase by a unit of five (5) per list. If a list with no specified sequential number is created after a list with a specified sequential number, the list will automatically pick the next multiple of five (5) as the list number. For example, if a list with number 2 already exists and a new list with no specified number is created, the next list will be numbered 5. If lists 2 and 7 already exist and a new list with no specified number is created, the new list will be numbered 10.
le
le command specifies prefix length. The prefix list will be applied if the prefix length is less than or equal to the le prefix length.
ge
ge command specifies prefix length. The prefix list will be applied if the prefix length is greater than or equal to the ge prefix length.
Less than or equal to prefix numbers and greater than or equal to prefix numbers can be used together. The order of the le and ge commands does not matter.
If a prefix list with a different sequential number but with the exact same rules as a previous list is created, an error will result. However, in the case that the sequential number and the rules are exactly similar, no error will result.
If a list with the same sequential number as a previous list is created, the new list will overwrite the old list.
Matching of IP Prefix is performed from the smaller sequential number to the larger. The matching will stop once any rule has been applied.
In the case of no le or ge command, the prefix length must match exactly the length specified in the prefix list.
— Command: no ip prefix-list name
ip prefix-list description
ip prefix-list sequential number control
Showing ip prefix-list
Clear counter of ip prefix-list
exact
The route shares the same most-significant bits (described by prefix-length), and prefix-length is equal to the route's prefix length.
longer
The route shares the same most-significant bits (described by prefix-length), and prefix-length is greater than the route's prefix length.
orlonger
The route shares the same most-significant bits (described by prefix-length), and prefix-length is equal to or greater than the route's prefix length.
*http://www.quagga.net/docs/docs-multi/IP-Prefix-List.html
Minggu, 10 April 2011
Administrative distance
Protocol Administrative distance
Directly connected route 0
Static route out an interface 1
Static route to next-hop address 1
EIGRP summary route 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
ODR 160
External EIGRP 170
Internal BGP 200
DHCP-learned 254
Unknown 255
Directly connected route 0
Static route out an interface 1
Static route to next-hop address 1
EIGRP summary route 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
ODR 160
External EIGRP 170
Internal BGP 200
DHCP-learned 254
Unknown 255
Langganan:
Postingan (Atom)