Cisco - PBR ( Policy Based Routing )
Kali ini kita nge-lab mengenai PBR. Policy Based Routing atau PBR merupakan salah satu route selection yang digunakan untuk mengizinkan atau penentuan jalur secara manual diluar dari tabel routing yang sudah dikalkulasi oleh dynamic route.
Contoh secara default source ke destination akan memilih jalur ke destination berdsarkan jalur terpendek yt jalur terbaik (best-path) semisal trafik dari area DC 10.87.50.xx/24, 10.87.100.xx/24 adn 10.87.200.xx/24 menujua rea DRC 10.89.xx.xx akan memilih jalur dari SW-SF-01 --> BTR-CS-01 lalu direct ke HYW-CS-01-->HYW-SW-01 sampe ke tujuan.
Contoh secara default source ke destination akan memilih jalur ke destination berdsarkan jalur terpendek yt jalur terbaik (best-path) semisal trafik dari area DC 10.87.50.xx/24, 10.87.100.xx/24 adn 10.87.200.xx/24 menujua rea DRC 10.89.xx.xx akan memilih jalur dari SW-SF-01 --> BTR-CS-01 lalu direct ke HYW-CS-01-->HYW-SW-01 sampe ke tujuan.
Dengan alasan tertentu kita ingin trafik dari: 10.87.50.xx/24 menuju ke 10.89.100.11 dan 10.89.200.11 jalurnya melewati swith DWDM yt BTR-DWDM-1 dan HYW-DWDM-1.
Maka sebelum kita konfig PBR nya kita terlabeih dahulu konfig masing device:
1. IP address interface
2. Routing OSPF
3. Interface Vlan di Segmen production yt swith ServerFarm (SF-01 dam HYW-SW-01)
2. Routing OSPF
3. Interface Vlan di Segmen production yt swith ServerFarm (SF-01 dam HYW-SW-01)
Konfig dimasing-masing perangkat.
hostname BTR-SF-01
interface GigabitEthernet0/0
description LINK-to-BTR-CS-01
no switchport
ip address 10.1.1.1 255.255.255.252
ip ospf network point-to-point
ip ospf 1 area 0
negotiation auto
!
interface Vlan50
ip address 10.87.50.253 255.255.255.0
standby 1 ip 10.87.50.1
standby 1 priority 110
standby 1 preempt
ip ospf 1 area 0
no shutdown
!
interface Vlan100
ip address 10.87.100.253 255.255.255.0
standby 1 ip 10.87.100.1
standby 1 priority 110
standby 1 preempt
ip ospf 1 area 0
no shutdown
!
interface Vlan200
ip address 10.87.200.253 255.255.255.0
standby 1 ip 10.87.200.1
standby 1 priority 110
standby 1 preempt
ip ospf 1 area 0
no shutdown
!
router ospf 1
interface gi0/1
switchport mode access
switchport access vlan 50
nos hut
exit
interface gi0/2
switchport mode access
switchport access vlan 100
nos hut
exit
hostname BTR-CS-01
interface Loopback0ip address 192.168.255.1 255.255.255.255
!
interface GigabitEthernet0/0
description LINK-to-BTR_SF-01
ip address 10.1.1.2 255.255.255.252
ip ospf network point-to-point
ip ospf 1 area 0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description LINK-to-BTR-DWDM-01
ip address 10.3.3.2 255.255.255.252
ip ospf network point-to-point
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description LINK-TO-HYW-CS-01
ip address 10.2.2.2 255.255.255.252
ip ospf network point-to-point
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 1
network 192.168.255.1 0.0.0.0 area 0
exit
hostname BTR-DWDM-01
!interface GigabitEthernet0/0
description LINK-TO-BTR-CS-01
ip address 10.3.3.1 255.255.255.252
ip policy route-map PBR_DWDM
ip ospf network point-to-point
ip ospf 3 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description LINK HYW-DWDM-01
ip address 12.12.12.1 255.255.255.252
ip ospf network point-to-point
ip ospf 3 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 3
hostname HYW-CS-01
interface GigabitEthernet0/0description LINK-BTR-CS-01
ip address 10.2.2.1 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.11.11.2 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description LINK-TO-HYW-DWDM-01
ip address 10.33.33.2 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 2
!
hostname HYW-DWDM-01
interface Loopback0ip address 192.168.255.4 255.255.255.255
!
interface GigabitEthernet0/0
description LINK-BTR-DWDM-01
ip address 12.12.12.2 255.255.255.252
ip ospf network point-to-point
ip ospf 3 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description LINK-TO-HYW-FS-01
ip address 10.33.33.1 255.255.255.252
ip ospf network point-to-point
ip ospf 3 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 3
network 192.168.255.4 0.0.0.0 area 0
!
hostname HYW-CS-01
interface GigabitEthernet0/0description LINK-BTR-CS-01
ip address 10.2.2.1 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.11.11.2 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description LINK-TO-HYW-DWDM-01
ip address 10.33.33.2 255.255.255.252
ip ospf network point-to-point
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 2
!
interface gi0/0
switchport mode access
switchport access vlan 50
nos hut
exit
interface gi0/2
switchport mode access
switchport access vlan 100
nos hut
exit
interface gi0/3
switchport mode access
switchport access vlan 200
nos hut
exit
Setelah semua dikonfig pastikan sudah reachable, lakukan verifikasi dengan ping dan tarce antr DC dengan DR.
Lalu kita konfig PBR di router BTR-CS-01 dan BTR-DWDM-01
BTR-CS-01. Yg mana dari 10.87.50.xx/24 menuju 10.89.100.11 dan 10.89.200.11 akan melewati router DWDM. Berkut commandya
BTR-CS-01
ip access-list extended ACL_PBR_NAS
permit ip 10.87.50.0 0.0.0.255 host 10.89.200.11
permit ip 10.87.50.0 0.0.0.255 host 10.89.100.11
exit
!
route-map PBR_NAS permit 10
match ip address ACL_PBR_NAS
set ip next-hop 10.3.3.1
!
interface GigabitEthernet0/0
description LINK-to-BTR_SF-01
ip address 10.1.1.2 255.255.255.252
ip policy route-map PBR_NAS
ip ospf network point-to-point
ip ospf 1 area 0
exit
BTR-DWDM-01
ip access-list extended ACL_PBR_NAS
permit ip 10.87.50.0 0.0.0.255 host 10.89.200.11
permit ip 10.87.50.0 0.0.0.255 host 10.89.100.11
!
route-map PBR_DWDM permit 10
match ip address ACL_PBR_NAS
set ip next-hop 12.12.12.2
!
interface GigabitEthernet0/0
description LINK-TO-BTR-CS-01
ip address 10.3.3.1 255.255.255.252
ip policy route-map PBR_DWDM
ip ospf network point-to-point
ip ospf 3 area 0
exit
BTR-CS-01
ip access-list extended ACL_PBR_NAS
permit ip 10.87.50.0 0.0.0.255 host 10.89.200.11
permit ip 10.87.50.0 0.0.0.255 host 10.89.100.11
exit
!
route-map PBR_NAS permit 10
match ip address ACL_PBR_NAS
set ip next-hop 10.3.3.1
!
interface GigabitEthernet0/0
description LINK-to-BTR_SF-01
ip address 10.1.1.2 255.255.255.252
ip policy route-map PBR_NAS
ip ospf network point-to-point
ip ospf 1 area 0
exit
BTR-DWDM-01
ip access-list extended ACL_PBR_NAS
permit ip 10.87.50.0 0.0.0.255 host 10.89.200.11
permit ip 10.87.50.0 0.0.0.255 host 10.89.100.11
!
route-map PBR_DWDM permit 10
match ip address ACL_PBR_NAS
set ip next-hop 12.12.12.2
!
interface GigabitEthernet0/0
description LINK-TO-BTR-CS-01
ip address 10.3.3.1 255.255.255.252
ip policy route-map PBR_DWDM
ip ospf network point-to-point
ip ospf 3 area 0
exit
Verifkasi:
pastikan trafik sdh melewati router DWDM
Sukses...!!! Done
Posting Komentar untuk "Cisco - PBR ( Policy Based Routing )"