MPLS & L3VPN FILTER KOMPLEK

Pada lab ini kita akan mempelajari lab MPLS dan L3VPN FILTER KOMPLEK
topologinya masih sama dengan topologi sebelumnya, baik itu konfigurasi
ip address ataupun CORE MPLSnya, konfigurasi yang berbeda yaitu pada
R2-PE dan R4-PE yang menuju R1-CAR2, R5-CAR4 dan R6-CBR6.

Konfigurasi VPN
R2-PE dan R1-CAR2 Menggunakan OSPF 100
R4-PE dan R5-CAR4 Mengunakan EIGRP 100
R4-PE dan R6-CBR6 Menggunakan eBGP AS 6

Berikut ini konfigurasi CORE MPLS pada R2-PE

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 23.23.23.2 255.255.255.0
mpls ip
!

mpls label protocol ldp
mpls ldp router-id Loopback0 force
!

router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 23.23.23.2 0.0.0.0 area 0
!

router bgp 234
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!

Selanjutnya Konfigurasi VPN di R2-PE yang menuju R1-CAR2, pada hal ini
membuat vrf RD dan Route Target mengekspor network R1-CAR2 agar terhubung
dengan R5-CAR2 dan R6-CBR6

ip vrf car2
rd 1:10
route-target export 1:105
route-target import 1:105
route-target import 1:600
!

Bikin IP Address untuk menuju R1-CAR2 menggunakan VPN

interface Ethernet0/1
ip vrf forwarding car2
ip address 12.12.12.2 255.255.255.0
!

Kemudian Advertise ke OSPF 100 dan Redistribute MP-BGP ke OSPF mengguanakan VPN

router ospf 100 vrf car2
redistribute bgp 234 subnets
network 12.12.12.2 0.0.0.0 area 0
!

Kemudian Redistribute OSPF ke MP-BGP 234 menggunakan VPN

router bgp 234
address-family ipv4 vrf car2
redistribute ospf 100
exit-address-family
!

Konfigurasi di R1-CAR2 yang terhubng ke R2-PE

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!

interface Ethernet0/0
ip address 12.12.12.1 255.255.255.0
!

Advertise ke OSPF 100

router ospf 100
network 1.1.1.1 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!

Berikut ini Konfigurasi Core MPLS pada R3-P

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 23.23.23.3 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip address 34.34.34.3 255.255.255.0
mpls ip

mpls label protocol ldp
mpls ldp router-id Loopback0 force
!

router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 23.23.23.3 0.0.0.0 area 0
network 34.34.34.3 0.0.0.0 area 0
!

Berkut ini Konfigurasi Core MPLS pada R4-PE

interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 34.34.34.4 255.255.255.0
mpls ip
!

mpls label protocol ldp
mpls ldp router-id Loopback0 force
!

router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 34.34.34.4 0.0.0.0 area 0
!

router bgp 234
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 234
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!

Kemudian Konfigurasi

Selanjutnya Konfigurasi VPN di R4-PE yang menuju R5-CAR4 dan R6-CBR6, pada hal
ini membuat vrf RD dan Route Target, mengekspor network R5-CAR4 agar terhubung
dengan R1-CAR2 dan R6-CBR6 terhubung dengan R1-CAR2 dan R5-CAR4.

ip vrf car4
rd 1:20
route-target export 1:105
route-target import 1:105
route-target import 1:600
!
ip vrf cbr6
rd 1:60
route-target export 1:600
route-target import 1:600
route-target import 1:105
!

Kemudian Bikin IP Address yang menuju R5-CAR4 dan R6-CBR6 menggunakan VPN

interface Ethernet0/1
ip vrf forwarding car4
ip address 45.45.45.4 255.255.255.0
!
interface Ethernet0/2
ip vrf forwarding cbr6
ip address 46.46.46.4 255.255.255.0
!

Kemudian IP Address yang menuju R5-CAR4 advertise ke EIGRP 100 menggunkan VPN
serta redistribute MP-BGP 234 ke EIGRP 100 menggunkana VPN

router eigrp 100
address-family ipv4 vrf car4 autonomous-system 100
network 45.45.45.4 0.0.0.0
exit-address-family
!
address-family ipv4 vrf cbr6 autonomous-system 100
redistribute bgp 234 metric 1 1 1 1 1
exit-address-family
!

selanjutnya Redistribute EIGRP ke MP-BGP Mengunakan VPN

router bgp 234
address-family ipv4 vrf car4
redistribute eigrp 100
exit-address-family
!

setelah EIGRP selesai di konfigurasi selanjutnya EBGP di R4-PE dengan AS 234
menuju R6-CBR dengan AS 6

router bgp 234
address-family ipv4 vrf cbr6
neighbor 46.46.46.6 remote-as 6
neighbor 46.46.46.6 activate
exit-address-family
!

Selanjutnya konfigurasi Di R5-CAR4

interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
ip address 45.45.45.5 255.255.255.0
!

Advertise ke EIGRP 100
router eigrp 100
network 5.5.5.5 0.0.0.0
network 45.45.45.5 0.0.0.0
!

Kemdian Konfigurasi Di R6-CBR6

interface Loopback0
ip address 6.6.6.6 255.255.255.255
!

interface Ethernet0/0
ip address 46.46.46.6 255.255.255.0
!

Advertise ke BGP 6
router bgp 6
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 46.46.46.4 remote-as 234
!

Selanjutnya Verifikasi di R1-CAR2

R1-CAR2#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 12.12.12.2, 00:01:40, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.6.6.6 [110/1] via 12.12.12.2, 00:01:40, Ethernet0/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.45.45.0 [110/1] via 12.12.12.2, 00:01:40, Ethernet0/0

Terlihat pada routing table ospf di R1-CAR2 terbaca dengan R5-CAR4 dan R6-CBR

Verifikasi di R5-CAR4

R5-CAR4#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/2560025856] via 45.45.45.4, 00:00:35, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
D EX 6.6.6.6 [170/2560025856] via 45.45.45.4, 00:00:35, Ethernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D EX 12.12.12.0 [170/2560025856] via 45.45.45.4, 00:00:35, Ethernet0/0

Terlihat Pada routing tabel EIGRP di R5-CAR4 bahwa R5-CAR4 terhubng ke R1-CAR2
dan R6-CBR6

Verifikasi di R6-CBR6

R6#sh ip bgp
BGP table version is 6, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 46.46.46.4 0 234 ?
*> 5.5.5.5/32 46.46.46.4 0 234 ?
*> 6.6.6.6/32 0.0.0.0 0 32768 i
*> 12.12.12.0/24 46.46.46.4 0 234 ?
*> 45.45.45.0/24 46.46.46.4 0 234 ?
R6#

Terlihat Pada routing tabel BGP di R6-CBR bahwa R6-CBR terhbung ke R1-CAR2
dan R5-CAR4

Sampai sini Konfigurasi VPN
R2-PE dan R1-CAR2 Menggunakan OSPF 100
R4-PE dan R5-CAR4 Mengunakan EIGRP 100
R4-PE dan R6-CBR6 Menggunakan eBGP AS 6

Telah sukses selanjutnya kita yaitu filtering, pada lab ini filtering komplek
artinya kita akan memfilter berdasarkan route-target pada vrf dan route map
pada vrf, sehingga benar benar komplek.

sebelumnya hapus dulu route target import 1:600 di vrf car2 pada R2-PE
hapus dulu route target import 1:600 di vrf car4 pada R4-PE
hapus dulu route target import 1:600 di vrf cbr6 pada R4-PE

hal ini karena
R4-PE dan R2-PE agar saling tukar informasi menggunakan route-target
export dan import 1:105, sehingga R4-PE yang terhubng ke R5-CAR4 masih bisa
membaca R1-CAR2 dan sebaliknya, namun R6-CBR6 tidak bisa tukar informasi
dengan R1-CAR2 dan R5-CAR4

berikut hasil verifikasi di R1-CAR2 R5-CAR4 dan R6-CBR6

R1-CAR2#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 12.12.12.2, 03:43:30, Ethernet0/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.45.45.0 [110/1] via 12.12.12.2, 03:43:30, Ethernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O E2 55.55.55.55 [110/1] via 12.12.12.2, 00:17:40, Ethernet0/0
R1-CAR2#

R5-CAR4#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/2560025856] via 45.45.45.4, 00:00:16, Ethernet0/0
11.0.0.0/32 is subnetted, 1 subnets
D EX 11.11.11.11 [170/2560025856] via 45.45.45.4, 00:00:16, Ethernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D EX 12.12.12.0 [170/2560025856] via 45.45.45.4, 00:00:16, Ethernet0/0
R5-CAR4#

R6(config)#do sh ip bgp
BGP table version is 17, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 6.6.6.6/32 0.0.0.0 0 32768 i
*> 66.66.66.66/32 0.0.0.0 0 32768 i
R6(config)#

Kemudian langkah selanjutnya adalah konfigurasikan R6-CBR6 dan R5-CAR4 agar
bisa saling tukar informasi routing.

Bikin route-target yang baru yaitu 1:506 antara R5-CAR4 dan R6-CBR6

R4-PE(config)#ip vrf car4
R4-PE(config-vrf)#route-target both 1:506
R4-PE(config-vrf)#exit
R4-PE(config)#ip vrf cbr6
R4-PE(config-vrf)#route-target both 1:506
R4-PE(config-vrf)#exit

Berikut Verfikasi di R5-CAR4 dan R6-CBR6

R5-CAR4#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/2560025856] via 45.45.45.4, 00:10:11, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
D EX 6.6.6.6 [170/2560025856] via 45.45.45.4, 00:00:55, Ethernet0/0
11.0.0.0/32 is subnetted, 1 subnets
D EX 11.11.11.11 [170/2560025856] via 45.45.45.4, 00:10:11, Ethernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D EX 12.12.12.0 [170/2560025856] via 45.45.45.4, 00:10:11, Ethernet0/0
66.0.0.0/32 is subnetted, 1 subnets
D EX 66.66.66.66 [170/2560025856] via 45.45.45.4, 00:00:55, Ethernet0/0
R5-CAR4#

R6(config)#do sh ip bgp
BGP table version is 20, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 46.46.46.4 0 234 ?
*> 6.6.6.6/32 0.0.0.0 0 32768 i
*> 45.45.45.0/24 46.46.46.4 0 234 ?
*> 55.55.55.55/32 46.46.46.4 0 234 ?
*> 66.66.66.66/32 0.0.0.0 0 32768 i
R6(config)#

Terlihat pada masing masing tabel routing R6-CBR6 dapat tukar informasi dengan
R5-CAR4, dan R5-CAR4 dapat tukar infomarsi dengan R1-CAR2 dan R6-CBR6

R4-PE#sh ip bgp vpnv4 vrf car4 5.5.5.5 | i RT
Extended Community: RT:1:105 RT:1:506 Cost:pre-bestpath:128:409600

Terlihat bahwa car4 menggunakan 2 route target yaitu 1:105 dan 1:506

selanjutnya Filtering Menggunakan Route Map

pada lab ini, kita akan konfigurasikan R1-CAR2 boleh memanage R6-CBR6 dan
R5-CAR4, namun R5-CAR4 dan R6-CBR6 tidak boleh melihat ip loopback yang baru
dari masing masing router lain.

Bikin IP Address Loopback yang di R1-CAR2, R5-CAR4 dan R6-CBR6

di R1-CAR2
interface Loopback1
ip address 11.11.11.11 255.255.255.255
!

Advertise ke OSPF 100
router ospf 100
network 1.1.1.1 0.0.0.0 area 0
network 11.11.11.11 0.0.0.0 area 0
network 12.12.12.1 0.0.0.0 area 0
!

di R5-CAR4
interface Loopback1
ip address 55.55.55.55 255.255.255.255
!

Advertise ke EIGRP 100

router eigrp 100
network 5.5.5.5 0.0.0.0
network 45.45.45.5 0.0.0.0
network 55.55.55.55 0.0.0.0
!

di R6-CBR6
interface Loopback1
ip address 66.66.66.66 255.255.255.255
!

Advertise ke BGP

router bgp 6
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
network 66.66.66.66 mask 255.255.255.255
neighbor 46.46.46.4 remote-as 234
!

Kemudian Bikin IP Prefix List untuk mengijinkan hanya IP Loopback R5-CAR4
dan R6-CBR6 yang boleh masuk pada R4-PE dan pasang route mapnya pada vrf
car4 dan cbr6

ip prefix-list TEST seq 5 permit 55.55.55.55/32
ip prefix-list TEST seq 10 permit 66.66.66.66/32
!
route-map MON permit 10
match ip address prefix-list TEST
set extcommunity rt 1:156
!

hapus route target export dan import 1:506 di vrf car4 dan cbr6 pada R4-PE

kemudian pasang route-target export 1:156 di vrf car4 an cbr6

R4-PE(config-vrf)#ip vrf car4
R4-PE(config-vrf)#route-target export 1:156
R4-PE(config-vrf)#ip vrf cbr6
R4-PE(config-vrf)#route-target export 1:156

kemudian pasang route-target import 1:156 di R1-CAR2

R2-PE(config)#ip vrf car2
R2-PE(config-vrf)#route-target import 1:156
R2-PE(config-vrf)#exit

Kedua konfigurasi di atas bermaksud untuk memberitahukan network di R4-PE
khususnya vrf car4 dan vrf cbr6 kepada R1-CAR2, kemudian R1-CAR2 memasukan
informasi yang berasal dari vrf car4 dan cbr6

berikut verifikasi di R1-CAR2

R1-CAR2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 12.12.12.2, 00:49:30, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.6.6.6 [110/1] via 12.12.12.2, 00:08:31, Ethernet0/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback1
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, Ethernet0/0
L 12.12.12.1/32 is directly connected, Ethernet0/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.45.45.0 [110/1] via 12.12.12.2, 00:49:30, Ethernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O E2 55.55.55.55 [110/1] via 12.12.12.2, 00:49:30, Ethernet0/0
66.0.0.0/32 is subnetted, 1 subnets
O E2 66.66.66.66 [110/1] via 12.12.12.2, 00:08:31, Ethernet0/0

Terlihat pada tabel routing di R1-CAR2 terhubung ke R5-CAR4 dan R6-CBR6

hapus dulu route-target import 1:105 agar R5-CAR4 tidak mengetahui R1-CAR2

R4-PE(config)#ip vrf car4
R4-PE(config-vrf)#no route-target import 1:105

verifikasi di R5-CAR4

R5-CAR4#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

R5-CAR4#

Terlihat pada routing tabel eigrp di R5-CAR4 tidak adanya network R1-CAR2
ataupun R6-CBR6

Verifikasi di R6-CBR6

6#sh ip bgp
BGP table version is 9, local router ID is 66.66.66.66
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 6.6.6.6/32 0.0.0.0 0 32768 i
*> 66.66.66.66/32 0.0.0.0 0 32768 i
R6#

Terlihat pada tabel routing bgp di R6-CBR6 tidak adanya network dari router
lain, hanya menampilkan network yang ada di routernya sendiri.

Alhamdulillah sampai sini, lab MPLS & VPN Filter Komplek telah berhasil
di konfigurasi, Mantabbb mas brooo...

Salam Ngoprek

Sunda Ngoprek

About Me

Tukang Ngoprek

Label

Arsip Blog

Leave a Reply