Cisco | BGP - (no-export, no-advertise)
1. NO-EXPORT adalah melarang pendistribusian prefix ke eBGP. Untuk menjaga routing hanya pada AS yang telah ditentukan. Pada lab ini adalah bagaimana supaya network 6.6.6.6/32 tidak akan muncul di R1,R4 dan R5. Maka caranya dalah dengan mengatifkan set commmunity NO-EXPORT di R6.
Lakun perintah ini di R5
1. Skenario-1 (Router R3 dan R6 satu AS)
Router R6
access-list 1 permit host 6.6.6.6
route-map NO-EXPORT
match ip address 1
set community no-export additive
exi
router bgp 20
neighbor 21.21.21.2 route-map NO-EXPORT out
neighbor 21.21.21.2 send-community
exi
do cle ip bg *
neighbor 21.21.21.2 route-map NO-EXPORT out
neighbor 21.21.21.2 send-community
exi
do cle ip bg *
Verifikasi:
-----------------------------------------------------------------------
Skenario-2
Karena Router R1 dengan R2, R3 beda AS number, maka Network 1.1.1.1/32 tidak akan diteruskan ke AS 40, Sedangkan di AS 20 masih muncul.
Konfig di router R1
access-list 1 permit 1.1.1.1 255.255.255.255
route-map NO-EXPORT permit 1
set community no-export additive
exi
router bgp 10
neighbor 10.10.10.2 route-map NO-EXPORT out
neighbor 10.10.10.2 send-community
neighbor 11.11.11.2 route-map NO-EXPORT out
neighbor 11.11.11.2 send-community
exi
do cle ip bg *
Verifikasi:
2. NO-ADVERTISE adalah melarang distribusi routing ke peer manapun baik eBGP maupun iBGP. Untuk topologi sama saja dengan yang diast, dan lkukan perintah konfigurasi ini di R6 danverifikasi hasinya di R3 dan R1.
Skenario-1
Skenario-1
access-list 1 permit host 66.66.66.66
route-map NO-ADVERTISE
match ip address 1
set community no-advertise additive
exI
router bgp 20
neighbor 21.21.21.2 route-map NO-ADVERTISE out
neighbor 21.21.21.2 send-community
exi
do cle ip bg *
Skenario-2
Router R3
Router R3
access-list 1 permit host 66.66.66.66
!
!
route-map NO-ADVERTISE permit 1
match ip address 1
set community no-advertise additive
ex
!
!
router bgp 20
neighbor 21.21.21.1 route-map NO-ADVERTISE in
neighbor 21.21.21.1 send-community
exi
!
!
do cle ip bg *
VERIFIKASI:
----------------------------------------------
Skenario 4 (no-export)
Skenario 4 (no-export)
Tujuan sekanrio 4 ini kita ingin network 170.0.0.0/25 dan 180.0.0.0/27 tidak akan ditersukan ke AS-123 dan AS-40. Kita asumsikab bahwa BGP sdh jalan normal.
Konfig di RouterR-EXT
access-list 1 deny 180.0.0.0 0.0.0.127
access-list 1 deny 190.0.0.0 0.0.0.31
access-list 1 permit any
route-map NO-EXPORT
match ip address 1
set community no-export additive
exi
router bgp 60
bgp log-neighbor-changes
neighbor 172.16.0.1 remote-as 123
neighbor 172.16.10.1 remote-as 123
address-family ipv4
network 150.0.0.0 mask 255.255.255.0
network 160.0.0.0 mask 255.255.255.0
network 170.0.0.0 mask 255.255.255.128
network 180.0.0.0 mask 255.255.255.224
network 190.0.0.0 mask 255.255.255.0
redistribute static
neighbor 172.16.0.1 activate
neighbor 172.16.0.1 send-community
neighbor 172.16.0.1 default-originate
neighbor 172.16.0.1 soft-reconfiguration inbound
neighbor 172.16.0.1 route-map NO-EXPORT out
no neighbor 172.16.10.1 activate
default-information originate
exit-address-family
access-list 1 deny 190.0.0.0 0.0.0.31
access-list 1 permit any
route-map NO-EXPORT
match ip address 1
set community no-export additive
exi
router bgp 60
bgp log-neighbor-changes
neighbor 172.16.0.1 remote-as 123
neighbor 172.16.10.1 remote-as 123
address-family ipv4
network 150.0.0.0 mask 255.255.255.0
network 160.0.0.0 mask 255.255.255.0
network 170.0.0.0 mask 255.255.255.128
network 180.0.0.0 mask 255.255.255.224
network 190.0.0.0 mask 255.255.255.0
redistribute static
neighbor 172.16.0.1 activate
neighbor 172.16.0.1 send-community
neighbor 172.16.0.1 default-originate
neighbor 172.16.0.1 soft-reconfiguration inbound
neighbor 172.16.0.1 route-map NO-EXPORT out
no neighbor 172.16.10.1 activate
default-information originate
exit-address-family
Konfig di RR_2
router bgp 123
bgp router-id 200.200.200.200
bgp cluster-id 123
bgp log-neighbor-changes
neighbor iBGP peer-group
neighbor iBGP remote-as 123
neighbor iBGP update-source Loopback0
neighbor 2.2.2.2 peer-group iBGP
neighbor 4.4.4.4 peer-group iBGP
neighbor 100.100.100.100 remote-as 123
neighbor 100.100.100.100 update-source Loopback0
neighbor 172.16.0.2 remote-as 60
!
address-family ipv4
neighbor iBGP route-reflector-client
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 100.100.100.100 activate
neighbor 172.16.0.2 activate
neighbor 172.16.0.2 soft-reconfiguration inbound
exit-address-family
bgp router-id 200.200.200.200
bgp cluster-id 123
bgp log-neighbor-changes
neighbor iBGP peer-group
neighbor iBGP remote-as 123
neighbor iBGP update-source Loopback0
neighbor 2.2.2.2 peer-group iBGP
neighbor 4.4.4.4 peer-group iBGP
neighbor 100.100.100.100 remote-as 123
neighbor 100.100.100.100 update-source Loopback0
neighbor 172.16.0.2 remote-as 60
!
address-family ipv4
neighbor iBGP route-reflector-client
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 100.100.100.100 activate
neighbor 172.16.0.2 activate
neighbor 172.16.0.2 soft-reconfiguration inbound
exit-address-family
Verifikasi
Perhatikan bahwa network 170.0.0.0/25 dan 180.0.0.0/27 tidak muncul lg di routing tabel R6 dan RR_2.
Perhatikan bahwa network 170.0.0.0/25 dan 180.0.0.0/27 tidak muncul lg di routing tabel R6 dan RR_2.
Success...!!!
Posting Komentar untuk "Cisco | BGP - (no-export, no-advertise)"