1. Topologi Lab
- Gunakan pengalamatan IP standard IDN (Dari kiri R1,R2,R3,R4,R5)
- Konfigurasikan OSPF pada MPLS core (PE1,P,PE2)
- Konfigurasikan LDP antara core MPLS, loopback0 menjadi LDP router-id nya
- Konfigurasikan MP-BGP antar PE dengan AS 234.
- Konfigurasikan VRF (Virtual Routin Forwarding) di interface PE yang menuju ke CE
- Konfigurasikan default route d1 CE, di PE juga dikonfig static route menuju loopback CE
- Redistribute kan static route ke BGP di dalam PE
- Pastikan route dari CE2 muncul di CE1 dan sebaliknya.
IDN-PE1(config)#router ospf 1
IDN-PE1(config-router)#net 23.23.23.2 0.0.0.0 a 0
IDN-PE1(config-router)#net 2.2.2.2 0.0.0.0 a 0
IDN-PE1(config-router)#router-id 2.2.2.2
IDN-P(config)#router ospf 1
IDN-P(config-router)#router-id 3.3.3.3
IDN-P(config-router)#net 23.23.23.3 0.0.0.0 a 0
IDN-P(config-router)#net 34.34.34.3 0.0.0.0 a 0
IDN-P(config-router)#net 3.3.3.3 0.0.0.0 a 0
IDN-PE2(config)#router ospf 1
IDN-PE2(config-router)#router-id 4.4.4.4
IDN-PE2(config-router)#net 4.4.4.4 0.0.0.0 a 0
IDN-PE2(config-router)#net 34.34.34.4 0.0.0.0 a 0
Lalu kita konfigurasikan LDP diantara core router, lo0 menjadi router-id nya, label yang digunakan menggunakan rentang :
- IDN-PE1 : 200 - 299
- IDN-P : 300 - 399
- IDN-PE2 : 400 - 499
IDN-PE1(config)#mpls ldp router-id lo0
IDN-PE1(config)#mpls label range 200 299
IDN-P(config)#mpls label pro ldp
IDN-P(config)#mpls ldp rou l0
IDN-P(config)#mpls lab ran 300 399
IDN-PE2(config)#mpls lab prot ldp
IDN-PE2(config)#mpls ldp rou l0
IDN-PE2(config)#mpls lab ran 400 499
Kita setting interface mpls di mpls core router
IDN-PE1(config)#int f0/0
IDN-PE1(config-if)#mpls ip
IDN-P(config)#int f0/0
IDN-P(config-if)#mpls ip
IDN-P(config-if)#int f0/1
IDN-P(config-if)#mpls ip
IDN-PE2(config)#int f0/0
IDN-PE2(config-if)#mpls ip
Konfigurasikan MP-BGP di router PE. Jangan bolehkan BGP peer berbagi informasi routing ipv4 by default. BGP peering menggunakan vpnv4.
IDN-PE1(config)#router bgp 234
IDN-PE1(config-router)#no bgp default ipv4-unicast
IDN-PE1(config-router)#nei 4.4.4.4 remote-as 234
IDN-PE1(config-router)#nei 4.4.4.4 up l0
IDN-PE1(config-router)#address-family vpnv4
IDN-PE1(config-router-af)#nei 4.4.4.4 activate
IDN-PE2(config)#router bgp 234
IDN-PE2(config-router)#no bgp default ipv4-unicast
IDN-PE2(config-router)#nei 2.2.2.2 remote-as 234
IDN-PE2(config-router)#nei 2.2.2.2 up l0
IDN-PE2(config-router)#address-family vpnv4
IDN-PE2(config-router-af)#nei 2.2.2.2 activate
Verifikasi
IDN-PE2(config-router-af)#do sh ip bgp vpnv4 all sum | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 234 3 3 0 0 0 00:00:14 0
IDN-P(config-if)#do sh ip bgp sum
% BGP not active
Sekarang, konfigurasikan vrf di interface PE yang menuju ke CE.
IDN-PE1(config)#ip vrf IDN-PE1
IDN-PE1(config-vrf)#rd 1:10
IDN-PE1(config-vrf)#route-target both 1:100
IDN-PE1(config-vrf)#int f0/0
IDN-PE1(config-if)#ip vrf forwarding IDN-PE1
% Interface FastEthernet0/0 IP address 12.12.12.2 removed due to enabling VRF IDN-PE1
IDN-PE1(config-if)#ip add 12.12.12.2 255.255.255.0
IDN-PE2(config)#ip vrf IDN-PE2
IDN-PE2(config-vrf)#rd 1:20
IDN-PE2(config-vrf)#route-target both 1:100
IDN-PE2(config-vrf)#int f0/1
IDN-PE2(config-if)#ip vrf forwarding IDN-PE2
% Interface FastEthernet0/1 IP address 45.45.45.4 removed due to enabling VRF IDN-PE2
IDN-PE2(config-if)#ip add 45.45.45.4 255.255.255.0
Tapi ingat bahwa route-target merupakan BGP extended community yang diattach ke alamat VPNV4, dan community tidak dikirim kecuali kita konfigurasi agar mau mengirim.
IDN-PE1(config)#router bgp 234
IDN-PE1(config-router)#address-family vpnv4 unicast
IDN-PE1(config-router-af)#nei 4.4.4.4 send-community extended
IDN-PE2(config-if)#router bgp 234
IDN-PE2(config-router)#address-family vpnv4 unicast
IDN-PE2(config-router-af)#nei 2.2.2.2 send-community extended
Verifikasi : Cek koneksi antar PE dan CE. Lakukan ping dengan menggunakan keyword vrf
IDN-PE1(config)#do ping vrf IDN-PE1 12.12.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/72/172 ms
IDN-PE2(config)#do ping vrf IDN-PE2 45.45.45.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 45.45.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/67/124 ms
Konfigurasikan static default route di CE.
IDN-CE1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2
IDN-CE2(config)#ip route 0.0.0.0 0.0.0.0 45.45.45.4
Konfigurasikan static route di PE menuju ip loopback CE menggunakan keyword vrf.
IDN-PE1(config)#ip route vrf IDN-PE1 1.1.1.1 255.255.255.255 12.12.12.1
IDN-PE2(config)#ip route vrf IDN-PE2 5.5.5.5 255.255.255.255 45.45.45.5
Langkah terakhir, redistribusikan static route ke dalam BGP
IDN-PE1(config)#do sh run | s bgp
router bgp 234
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf IDN-PE1
no synchronization
exit-address-family
IDN-PE1(config)#router bgp 234
IDN-PE1(config-router)#address-family ipv4 vrf IDN-PE1
IDN-PE1(config-router-af)#redistribute static
IDN-PE1(config-router-af)#redistribute connected
IDN-PE2(config)#router bgp 234
IDN-PE2(config-router)#address-family ipv4 vrf IDN-PE2
IDN-PE2(config-router-af)#redistribute static
IDN-PE2(config-router-af)#redistribute connected
Verifikasi
IDN-PE1#sh ip route vrf IDN-PE1 | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 [1/0] via 12.12.12.1
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 4.4.4.4, 00:01:49
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, FastEthernet0/0
Sekarang coba lakukan ping loopback dari CE1 ke CE2.
0 komentar:
Posting Komentar