Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco

Cisco | MPLS-L3VPN (IGP-IS IS)

Oleh Hasugian Posting Komentar

 


Kita konfigurasi IP address masing-masing router. 

Keterangan

NET Address"
P1:  49.0001. 1921.6800.1001.00
PE1: 49.0001. 1921.6800.10011.00

P2:  49.0001. 1921.6800.1002.00
PE2: 49.0002. 1921.6800.10011.00

-------------------------------
Berikut Konfigurasinya

Router PE1
host PE1
username admin privilege 15 secret lab123

int lo0
ip add    192.168.1.11 255.255.255.255
description " Loopback Interface"
no shu

int gi0/0
description "Link to P2"
ip add 172.16.1.1 255.255.255.0
no shut

line vty 0 4
login local
transport input telnet
end
wr
--------------

Router P1
host P1
username admin privilege 15 secret lab123

int lo0
ip add    192.168.1.1 255.255.255.255
description " Loopback INterface"
no shu

int gi0/1
description "Link to P2"
ip add 172.16.0.1 255.255.255.0
no shut

int gi0/0
description "Link to PE1"
ip add 172.16.1.2 255.255.255.0
no shut

line vty 0 4
login local
transport input telnet
end
--------

Router P2
host P2
username admin privilege 15 secret lab123

int lo0
ip add    192.168.1.2 255.255.255.255
description " Loopback INterface"
no shu

int gi0/1
description "Link to PE2"
ip add 172.16.2.2 255.255.255.0
no shut

int gi0/0
description "Link to P1"
ip add 172.16.0.2 255.255.255.0
no shut

line vty 0 4
login local
transport input telnet
end
----------

Router PE2
host PE2
username admin privilege 15 secret lab123

int lo0
ip add    192.168.1.12 255.255.255.255
description " Loopback Interface"
no shu

int gi0/0
description "Link to P2"
ip add 172.16.2.1 255.255.255.0
no shut

line vty 0 4
login local
transport input telnet
end
------------

TAHAP-2 (KONFIG ROUTING PROTOCOL IS-IS)

Router PE1
int lo0
 ip router isis

int gi0/0
 ip router isis

router isis
 net 49.0001.1921.6800.0011.00
 is-type level-1   
 end

Router P1
int lo0
 ip router isis

int gi0/0
 ip router isis

int gi0/1
 ip router isis
 
router isis
 net 49.0001.1921.6800.0001.00
 end

Router P21
int lo0
 ip router isis

int gi0/0
 ip router isis
 isis circuit-type level-1

int gi0/1
 ip router isis
 isis circuit-type level-2

router isis
 net 49.0001.1921.6800.0002.00
 end

Router PE2
int lo0
 ip router isis

int gi0/0
 ip router isis

router isis
 net 49.0002.1921.6800.0012.00
 is-type level-2

 VERIFIKASI:
# sh isis neighbor
# sh isis database
# sh isis database detail
# sh ip route isis

 

 

Di IS-IS Level-1 router  dia hanaya tau network area-nya saja, dan tidak tau informasi  network di area lain, klo di OSPF seperti stub area. Contoh Router PE1 yg berada diarea 1. Dia hanya mengunakan default route. Berikut dibawah ini contohnya.


 Sedangkan Router PE2 yt area Level-2 dia tau network diarea lain.

 

 

CARA MENGUBHA NILAI METRIK

Misalnya kita ingin mengubah nilai metrik di router PE2 pada interface Gi0/0. Sebelum melakukan perubahan cek dulu metriknya. Ingat defaultnya adalah 10.


 

Lalu lakukan perubahan di ruter PE2

PE2(config)#interface gi0/0
PE2(config-if)#isis metric 25 level-2

 

Catatan: jika ingin menaikin metrik diatas 63 maka  harusmerubah metrik mode wide. Karena mode narrow (default) metrik max 63. Dan jika memasukkan style-metri wide maka harus disemua router, supaya bisa reachable.
##DISEMUA ROUTER##

PE2(config)#router isis

PE2(config-if)#metric-style wide

 

##JIKA INGIN MERUBHA METRIK DI INTERFACE##

PE2(config)#interface gi0/0
PE2(config-if)#isis metric 99 level-2

#atau

PE2(config-if)#isis metric 99 level-1

 

CARA MENGAKTIFKAN ROUTE LEAKING

Artinya sebelumnya ketika kita lakukan sh ip route pada router PE1, maka network yg di PE2 (192.168.1.12) tidak nampil di routing tabel, hanya muncul default route. Jd gmana klo kita ingin network yg PE2 muncul dirouting tabel PE1.


Sebelumnya kita cek, pastikan bahwa network 192.168.12 blm ada.


Lalu tambhakna  konfigurasi ini router P2 (dmana router ini sebagai router ABR) penghubung antara area Level 1 dan Level2.


P2(config)#router isis
P2(config-router)#redistribute isis ip level-2 into level-1 distribute-list 100
P2(config-router)#exit
P2(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any
P2(config)#end
P2#


Verifikasi
#sh run | inc access-list 100

#sh ip route isis


#sh ip route isis

 

 

#sh isis database detail


MENGKATIFKAN MPLS-LDP

Tujuannya supaya loopbacknya reacable menggunakan Label


Router PE1
int gi0/0
mpls ip
end

Router P1

 int gi0/0
 mpls ip
 
int gi0/1
 mpls ip
 end

Router P2

 int gi0/0
 mpls ip
 
int gi0/1
 mpls ip
 end

Router PE2

 int gi0/0
mpls ip
end


Verifikasi:

# sh mpls ldp discovery # (ILDP Neighbor)
# sh mpls ldp binding #(Label Information Based)
# sh mpls forwarding-table #(Label Forwarding Information Based)
# sh ip cef x.x.x.x/prefix detail  #(FIB/ Cek paket lewat)
 

 



 

KONFIGURASI BGPPE1(config)#router bgp 65123
PE1(config-router)#no bgp default ipv4
PE1(config-router)#no bgp default ipv4-unicast
PE1(config-router)#bgp router-id 192.168.1.11
PE1(config-router)#neighbor 192.168.1.12 remote-as 65123
PE1(config-router)#neighbor 192.168.1.12 update-source lo0
PE1(config-router)#
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 192.168.1.12 activate
PE1(config-router-af)#end
PE1# Router PE2
PE2(config)#router bgp 65123
PE2(config-router)#no bgp default ipv4
PE2(config-router)#no bgp default ipv4-unicast
PE2(config-router)#bgp router-id 192.168.1.12
PE2(config-router)#neighbor 192.168.1.11 remote-as 65123
PE2(config-router)#neighbor 192.168.1.11 update-source lo0
PE2(config-router)#
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 192.168.1.11 activate
PE2(config-router-af)#end
PE2#VERIFIKASI
sh bgp-summary
sh bgp all summary
sh bgp neighbor
sh bgp all neighbor 192.168.1.11



 
KONFIGURASI VRFRouter PE1PE1(config)#ip vrf VFR-CE-A
PE1(config-vrf)# rd 192.168.1.11:3001
PE1(config-vrf)# route-target export 65123:3001
PE1(config-vrf)# route-target import 65123:3001
PE1(config-vrf)# exit
PE1(config)#
PE1(config)#int gi0/3
PE1(config-if)# ip vrf forwarding VFR-CE-A
PE1(config-if)# ip add
PE1(config-if)# ip address 10.1.1.1 255.255.255.252
PE1(config-if)# no shut
PE1(config-if)# exi
PE1(config)#
PE1(config)#ip vrf VFR-CE-B
PE1(config-vrf)# rd 192.168.1.11:3002
PE1(config-vrf)# route-target export 65123:3002
PE1(config-vrf)# route-target import 65123:3002
PE1(config-vrf)# exit
PE1(config)#
PE1(config)#int gi0/2
PE1(config-if)# ip vrf forwarding VFR-CE-B
PE1(config-if)# ip add
PE1(config-if)# ip address 10.2.2.1 255.255.255.252
PE1(config-if)# no shut
PE1(config-if)# exi

Router PE2
PE2(config)#ip vrf VFR-CE-A
PE2(config-vrf)# rd 192.168.1.12:3001
PE2(config-vrf)# route-target export 65123:3001
PE2(config-vrf)# route-target import 65123:3001
PE2(config-vrf)# exit
PE2(config)#
PE2(config)#int gi0/3
PE2(config-if)# ip vrf forwarding VFR-CE-A
PE2(config-if)# ip add
PE2(config-if)# ip address 10.1.1.5 255.255.255.252
PE2(config-if)# no shut
PE2(config-if)# exi
PE2(config)#
PE2(config)#ip vrf VFR-CE-B
PE2(config-vrf)# rd 192.168.1.12:3002
PE2(config-vrf)# route-target export 65123:3002
PE2(config-vrf)# route-target import 65123:3002
PE2(config-vrf)# exit
PE2(config)#
PE2(config)#int gi0/2
PE2(config-if)# ip vrf forwarding VFR-CE-B
PE2(config-if)# ip add
PE2(config-if)# ip address 10.2.2.5 255.255.255.252
PE2(config-if)# no shut
PE2(config-if)# exi
PE2(config)#

VERIFIKASI:
sh vrf brief
sh vrf detail
sh run | sec vrf

BERIKUT KONFIGURASI ROUTER-CE

Router CE-A1
host CE-A1
int lo0
 ip add 11.11.11.11 255.255.255.255
 no shut
 exi

int gi0/0
 ip add    10.1.1.2 255.255.255.252
 no shut

#ping 10.1.1.1  !!! ke PE1
--
Router CE-A2
host CE-A2
int lo0
 ip add 22.22.22.22 255.255.255.255
 no shut
 exi

int gi0/0
 ip add    10.1.1.6 255.255.255.252
 no shut

#ping 10.1.1.5  !!! ke PE1
----------
Router CE-B1
host CE-B1
int lo0
 ip add 33.33.33.33 255.255.255.255
 no shut
 exi

int gi0/0
 ip add    10.2.2.2 255.255.255.252
 no shut
--
Router CE-B2
host CE-B2
int lo0
 ip add 44.44.44.44 255.255.255.255
 no shut
 exi

int gi0/0
 ip add    10.2.2.5 255.255.255.252
 no shut

KONFIGURASI OSPF PADA ROUTER (CE-A1, PE1, CE-A2, PE2)

CE-A1
router ospf 10
 network 11.11.11.11 0.0.0.0 are 0
 network 10.1.1.2 0.0.0.0 area 0
 exi
 --
PE1
router ospf 1 vrf VFR-CE-A
 redistribute bgp 65123 subnet
 network 10.1.1.1 0.0.0.0 area 0
 exit

router bgp 65123
 address-family ipv4 vrf VFR-CE-A
 redistribute ospf 1
exi
--------
CE-A2
router ospf 10
 network 22.22.22.22 0.0.0.0 are 0
 network 10.1.1.6 0.0.0.0 area 0
--
PE2
router ospf 1 vrf VRF-CE-A
 redistribute bgp 65123 subnet
 network 10.1.1.5 0.0.0.0 area 0
 end

router bgp 65123
 address-family ipv4 vrf VFR-CE-A
 redistribute ospf 1

SEKARANG MENGAKTIFKAN ROUTER VFR-CE-B1 DAN VFR-CE-B2 DENGAN MENGGUNKAN ROUTING PROTOCOL BGP
Router VRF-CE-B1
router bgp 65432
 bgp router-id 33.33.33.33
 neighbor 10.2.2.1 remote-as 65123
 network 33.33.33.33 mask 255.255.255.255
 network 10.2.2.0 mask 255.255.255.252
 exit
Router VRF-CE-B2
router bgp 65432
 bgp router-id 44.44.44.44
 neighbor 10.2.2.5 remote-as 65123
 network 44.44.44.44 mask 255.255.255.255
 network 10.2.2.4 mask 255.255.255.252
  exit
---------
Router PE1
router bgp 65123
 address-family ipv4 vrf VFR-CE-B
 neighbor 10.2.2.2 remote-as 65432
 neighbor 10.2.2.2 as-override
 network 10.2.2.0 mask 255.255.255.252
 exit

Router PE2
router bgp 65123
 address-family ipv4 vrf VFR-CE-B
 neighbor 10.2.2.6 remote-as 65432
 neighbor 10.2.2.6 as-override
 network 10.2.2.4 mask 255.255.255.252
 exit

VERIFIKASI:
sh bgp all summ
sh ip route vrf VFR-CE-B

Note:
Arti AS-OVERRITE di bgp;
dan apa efeknya jika as-overrite ini:

  



 

Posting Komentar untuk "Cisco | MPLS-L3VPN (IGP-IS IS)"

Posting Komentar