Cisco: BGP Dua Link No Transit: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
Newer edit →
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Created page with "sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html How can you prevent your own BGP AS becoming a transit path? This can be achieved by makin..."
 
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
Line 1: Line 1:
sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html
sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html


How can you prevent your own BGP AS becoming a transit path? This can be achieved by making use of a distribute-list or a prefix-list. However these methods do not scale well as future ip addressing changes or additions require access lists to be revisited.
Mungkinkah kita membuat supaya BGP AS yang kita gunakan tidak menjadi transit path?


  BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2
  BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2


Here are 2 options that scale and do not require revisiting when ip addresses change.
Hal ini dapat dengan mudah dilakukan dengan (1) distribute-list. Cara ini tidak scale dengan mudah jika ip address berubah dikemudian hari karena harus melihat access lists


OPTION 1 - Make use of the no-export community.
Atau dengan (2) prefix-list, cara ini lebih mudah untuk berkembang tanpa perlu melihat jika IP address berubah.
 
 
==OPTION 1 - menggunakan no-export community==
-------------------------------------------------------------
-------------------------------------------------------------


Here i apply the community no-export to ALL incoming bgp routes.
Disini community no-export di berlakukan ke semua ALL incoming bgp routes.


  R1
  R1
Line 21: Line 24:




OPTION 2 – Make use of the filter-list command
==OPTION 2 – menggunakan perintah filter-list==
-----------------------------------------------------------


Here i create an as-path access list and only allow bgp routes originated in the routers own as (AS 101) to be advertised out.
Disini kita membuat as-path access list dan hanya mengijinkan bgp routes originated dari AS asal router (AS 101) yang di advertised out.


  R2
  R2
Line 32: Line 34:
  neigh {ip addrBB2} filter-list 1 out
  neigh {ip addrBB2} filter-list 1 out


Dua perintah di atas digunakan
show ip bgp {ip address} advertise


With both commands i use show ip bgp {ip address} advertise for verification of advertised routes.
untuk memverifikasi advertised routes.




Revision as of 02:26, 1 January 2019

sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html

Mungkinkah kita membuat supaya BGP AS yang kita gunakan tidak menjadi transit path? 

BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2

Hal ini dapat dengan mudah dilakukan dengan (1) distribute-list. Cara ini tidak scale dengan mudah jika ip address berubah dikemudian hari karena harus melihat access lists

Atau dengan (2) prefix-list, cara ini lebih mudah untuk berkembang tanpa perlu melihat jika IP address berubah.


OPTION 1 - menggunakan no-export community

Disini community no-export di berlakukan ke semua ALL incoming bgp routes. 

R1
route-map NOEXPORT
set community no-export  

router bgp 101
neigh {ip addr BB1} route-map NOEXPORT in
neigh {ip addr r2} send-community


OPTION 2 – menggunakan perintah filter-list

Disini kita membuat as-path access list dan hanya mengijinkan bgp routes originated dari AS asal router (AS 101) yang di advertised out. 

R2
ip as-path access-list 1 permit ^$

router bgp 101
neigh {ip addrBB2} filter-list 1 out

Dua perintah di atas digunakan 

show ip bgp {ip address} advertise

untuk memverifikasi advertised routes.



Referensi

Pranala Menarik

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Cisco:_BGP_Dua_Link_No_Transit&oldid=53891"