Mikrotik 7: BGP Sedehana

From OnnoWiki
Jump to navigation Jump to search
Bgp-multihoming.png

Sambungan 

ISP1:
eth0  --> ISP3 eth0
eth1  --> ISP2 eth1

ISP2
eth0  --> ISP3 eth1
eth1  --> ISP1 eth1

ISP3
eth0  --> ISP1 eth0
eth1  --> ISP2 eth0



Ada tiga (3) ISP

ISP1: 

IP 192.168.1.1/24 menuju ISP3
IP 192.168.3.1/24 menuju ISP2
AS 10
IP 10.100.100.0/24
IP 10.100.200.0/24

ISP2 

IP 192.168.2.1/24 - menuju ISP3
IP 192.168.3.2/24 - menuju ISP1
AS 20
IP 10.10.10.0/24
IP 10.10.20.0/24

ISP3 (kita) 

IP 192.168.1.2/24 - menuju ISP1
IP 192.168.2.2/24 - menuju ISP2
AS 30
IP 10.1.1.0/24
IP 10.1.2.0/24


Berikut konfigurasi **MikroTik RouterOS v7** yang rapi untuk **ISP1, ISP2, ISP3** sesuai topologi pada file: ISP1 AS10, ISP2 AS20, ISP3 AS30; masing-masing punya dua koneksi BGP dan dua network lokal.

Prinsip filter sederhana:

  • **Input filter:** `accept;` semua route dari peer.
  • **Output filter:** hanya advertise network lokal sendiri.
  • **Tidak perlu blackhole route** karena network lokal sudah ada sebagai *connected route* dari `ether3` dan `ether4`.


ISP1 — AS 10

# =========================
# ISP1 - RouterOS v7
# AS 10
# =========================

# IP address
/ip address
add interface=ether1 address=192.168.1.1/24 comment="to ISP3"
add interface=ether2 address=192.168.3.1/24 comment="to ISP2"
add interface=ether3 address=10.100.100.1/24 comment="LAN 10.100.100.0/24"
add interface=ether4 address=10.100.200.1/24 comment="LAN 10.100.200.0/24"

# BGP local AS
/routing bgp template
set default as=10

# BGP connections
/routing bgp connection
add name=toISP3 remote.address=192.168.1.2 remote.as=30 local.role=ebgp templates=default
add name=toISP2 remote.address=192.168.3.2 remote.as=20 local.role=ebgp templates=default

# Advertised local networks
/ip firewall address-list
add list=bgp-networks address=10.100.100.0/24
add list=bgp-networks address=10.100.200.0/24

# Simple input filters: accept all received routes
/routing filter rule
add chain=isp2-in rule="accept;"
add chain=isp3-in rule="accept;"

# Simple output filters: advertise only ISP1 local prefixes
/routing filter rule
add chain=isp2-out rule="if (dst in 10.100.100.0/24) { accept; }"
add chain=isp2-out rule="if (dst in 10.100.200.0/24) { accept; }"
add chain=isp2-out rule="reject;"

add chain=isp3-out rule="if (dst in 10.100.100.0/24) { accept; }"
add chain=isp3-out rule="if (dst in 10.100.200.0/24) { accept; }"
add chain=isp3-out rule="reject;"

# Apply filters and advertised networks
/routing bgp connection
set toISP2 output.network=bgp-networks input.filter=isp2-in output.filter-chain=isp2-out
set toISP3 output.network=bgp-networks input.filter=isp3-in output.filter-chain=isp3-out


ISP2 — AS 20

# =========================
# ISP2 - RouterOS v7
# AS 20
# =========================

# IP address
/ip address
add interface=ether1 address=192.168.2.1/24 comment="to ISP3"
add interface=ether2 address=192.168.3.2/24 comment="to ISP1"
add interface=ether3 address=10.10.10.1/24 comment="LAN 10.10.10.0/24"
add interface=ether4 address=10.10.20.1/24 comment="LAN 10.10.20.0/24"

# BGP local AS
/routing bgp template
set default as=20

# BGP connections
/routing bgp connection
add name=toISP1 remote.address=192.168.3.1 remote.as=10 local.role=ebgp templates=default
add name=toISP3 remote.address=192.168.2.2 remote.as=30 local.role=ebgp templates=default

# Advertised local networks
/ip firewall address-list
add list=bgp-networks address=10.10.10.0/24
add list=bgp-networks address=10.10.20.0/24

# Simple input filters: accept all received routes
/routing filter rule
add chain=isp1-in rule="accept;"
add chain=isp3-in rule="accept;"

# Simple output filters: advertise only ISP2 local prefixes
/routing filter rule
add chain=isp1-out rule="if (dst in 10.10.10.0/24) { accept; }"
add chain=isp1-out rule="if (dst in 10.10.20.0/24) { accept; }"
add chain=isp1-out rule="reject;"

add chain=isp3-out rule="if (dst in 10.10.10.0/24) { accept; }"
add chain=isp3-out rule="if (dst in 10.10.20.0/24) { accept; }"
add chain=isp3-out rule="reject;"

# Apply filters and advertised networks
/routing bgp connection
set toISP1 output.network=bgp-networks input.filter=isp1-in output.filter-chain=isp1-out
set toISP3 output.network=bgp-networks input.filter=isp3-in output.filter-chain=isp3-out


ISP3 — AS 30

# =========================
# ISP3 - RouterOS v7
# AS 30
# =========================

# IP address
/ip address
add interface=ether1 address=192.168.1.2/24 comment="to ISP1"
add interface=ether2 address=192.168.2.2/24 comment="to ISP2"
add interface=ether3 address=10.1.1.1/24 comment="LAN 10.1.1.0/24"
add interface=ether4 address=10.1.2.1/24 comment="LAN 10.1.2.0/24"

# BGP local AS
/routing bgp template
set default as=30

# BGP connections
/routing bgp connection
add name=toISP1 remote.address=192.168.1.1 remote.as=10 local.role=ebgp templates=default
add name=toISP2 remote.address=192.168.2.1 remote.as=20 local.role=ebgp templates=default

# Advertised local networks
/ip firewall address-list
add list=bgp-networks address=10.1.1.0/24
add list=bgp-networks address=10.1.2.0/24

# Simple input filters: accept all received routes
/routing filter rule
add chain=isp1-in rule="accept;"
add chain=isp2-in rule="accept;"

# Simple output filters: advertise only ISP3 local prefixes
/routing filter rule
add chain=isp1-out rule="if (dst in 10.1.1.0/24) { accept; }"
add chain=isp1-out rule="if (dst in 10.1.2.0/24) { accept; }"
add chain=isp1-out rule="reject;"

add chain=isp2-out rule="if (dst in 10.1.1.0/24) { accept; }"
add chain=isp2-out rule="if (dst in 10.1.2.0/24) { accept; }"
add chain=isp2-out rule="reject;"

# Apply filters and advertised networks
/routing bgp connection
set toISP1 output.network=bgp-networks input.filter=isp1-in output.filter-chain=isp1-out
set toISP2 output.network=bgp-networks input.filter=isp2-in output.filter-chain=isp2-out


Command pengecekan

Jalankan di masing-masing router: 


/routing bgp session print

Harus muncul flag: 

E

Artinya **established**.

Cek route BGP yang diterima: 

/ip route print where bgp


atau: 

/routing route print where bgp


Cek filter: 

/routing filter rule print

Cek advertised address-list: 

/ip firewall address-list print where list=bgp-networks


Catatan penting

Kalau muncul: 

failure: already have such address


artinya IP tersebut sudah ada. Tidak perlu ditambahkan ulang.

Kalau muncul: 

failure: already have such entry


artinya address-list sudah ada. Tidak perlu ditambahkan ulang.

Kalau muncul: 

no such item


biasanya karena nama connection salah. Gunakan: 

/routing bgp connection print

Lalu pastikan perintah `set` memakai nama yang benar, misalnya: 

set toISP1 ...
set toISP2 ...
set toISP3 ...

bukan: 

set isp1 ...
set isp2 ...
set isp3 ...
Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Mikrotik_7:_BGP_Sedehana&oldid=73557"