BGP INE documentation.
-> Exterior Gateway Protocol
-advertise learn and choose best path inside.
-used by ISP to exchange routing information between themselves
enterprise use bgp to exchange routing info with 1 or more isp
====================================
OSPF EIGRP / IGP -> 4000 route mulai ga kuat.
IGP:
EIGRP - DUAL ( SUCCESOR , FEASIBLE SUCCESSOR )
OSPF - SPF algorithm.
distance
hop count
cost
install on routing table
+ bisa s/d 4 equal path cost load balancing
----------------
BGP - robust best-path algorithm
- check different attributes for path determination.
best route installed on routing table!
===================================
core router butuh tau semua routingannya!
12000 subnet in my network!
==================================
similarities bgp and igp (ospf & eigrp )
- need form adjacencies
- need to advertise prefix
- advertise next hop for those prefix
disimilarities
- neighbor ip address may not be on common subnet
- BGP USE TCP port 179 between neighbors. IGP do not use tcp
==================================
BGP advertised prefix / length = NLRI ( network layer reachability information )
IGP - lebih ke fast convergence , best path determination ( efficient route )
BG
P - scalability ( carry load > 1000 routes !! )
BGP use path vector logic ( similar to distance vector )
=================================
iBGP & eBGP
ada yg bisa dilakukan di iBGP yang tidak bisa dilakukan di eBGP, begitu juga sebaliknya.
same AS = iBGP
different AS = eBGP
AS number harus unique.
dapet dari ISP biasanya.
#router bgp 65350
^ klo di router tetangga juga 65350 tandanya IBGP.
=================================
bgp AS_PATH -- berbeda antara ibgp dan ebgp.
BGP- EVERYTHING IS UNICAST!
=================================
SP-1 SP-2 SP-3
ebgp
AS 1000 ----- AS2000 AS3000
R1 R3-R4-R5 R7
eigrp ibgp
R2 R6
R3-R4-R5 : IBGP
r3 ga harus terhubung directly ke r5 untuk formed adjacencies ibgp.
network-x di R1 ---> eigrp ke R2
diinject ke ebgp ke AS 2000 di R3 ( ebgp update )
send update keluar AS number lain hrs punya as-path
R2 as-path = 1000
R3-R4-R5 harus mempertahankan as-path buat network x
R3 as-path = 1000
R5 buat advertise network x ke external peer R6 harus ganti as-path sesuai as-pathnya
R5 as-path = 2000 1000
R6 advertise IBGP ke R7 as-pathnya sama
R6 as-path = 2000 1000
================================
contoh as path:
x.x.x.x/24 23 4000 56 702
x.x.x.x/24 = route sampe ke local
23 = as number 1
4000 = as number 2
56 = as number 3
702 = as number 4
=============================
intinya pas advertise:
ibgp harus sama as-pathnya ( dipertahankan )
ebgp harus add as-path AS number local
============================
public AS di internet:
1- 64495
private AS:
65512 - 65534
reserved AS ( ga bisa dipake ):
0
54496 -65511
65535
===========================
scenario 1 dikasih public ip.
SP ---- AS 2000
R1
|
|
|
COMPANY A ----- AS
R2 , R3, R4, R5, R6
R2
ip route 0.0.0.0 0.0.0.0 R1
misal dikasih ip range 200.200.200.x/24 -> disubnet ke network local.
yg advertise ke internet tanggung jawab sisi bagian SP.
as number 2000 advertise 200.200.200.x keluar.
=========================
scenario 2 bikin bgp peer.
- ambil 1 private AS number. trus bikin bgp peer ke router ISP.
SP ---- AS 2000
R1
|
|
|
COMPANY A ----- AS
R2 , R3, R4, R5, R6
R2 ---- AS 65512
dari ISP nanti bakal nyatet private AS si customer.
ketika berhubungan dengan ISP lainnya AS number private
si customer bakal di strip.
=======================
klo ada 2 SP di customer.
butuh beli AS number.
=========================
16 bit AS -> ccnp topic
32 bit AS -> ccie topic
=========================
eBGP neighborship
1. form neighborship
2. exchange topology info
3. run best-path algorithm
- form neighborship using port 179 TCP
- eBGP neighbors assumed to be directly connected. ( bisa via igp routenya )
eBGP neighborship requirement
- local bgp as number must match neighbor router as number
- peer must be reachable via IGP route
- bgp router id 2 router must not be same
- authentication md5 must pass ( if configured )
========================
**configure eBGP neighbors
#router bgp [asn]
neighbor [ip-address] remote-as [remote-asn]
** configure router-ID
#bgp router-id x.x.x.x
^ klo ga diconfig by default bakal ngambil highest loopback ip address.
^ klo ga config loopback, bakal ngambil highest ip address interface.
** configure BGP authentication ( harus diconfigure di 2 router bersangkutan )
#neighbor [neighbor-ip] [password-key]
ex:
conf t
router bgp 2
neighbor 1.1.1.1 password 0 cisco123
^ 0 maksudnya kita masukin dalam bentuk normal text yg nanti di encrypt ke md5
^ bisa dibikin 7 tp masukin password cisco123nya dalam bentuk md5
conf t
router bgp 1
neighbor 1.1.1.2 password 0 cisco123
** verify command
#show ip bgp neighbor !! cari BGP state = established
=======================
ReplyDeleteThank you for sharing the information.
Fortinet Certified Partner
Certified Paloalto Partner