Difference between revisions of "Cisco: BGP Dua Link No Transit"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html How can you prevent your own BGP AS becoming a transit path? This can be achieved by makin...")
 
Line 1: Line 1:
 
sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html
 
sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html
  
How can you prevent your own BGP AS becoming a transit path? This can be achieved by making use of a distribute-list or a prefix-list. However these methods do not scale well as future ip addressing changes or additions require access lists to be revisited.
+
Mungkinkah kita membuat supaya BGP AS yang kita gunakan tidak menjadi transit path?
  
 
  BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2
 
  BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2
  
Here are 2 options that scale and do not require revisiting when ip addresses change.
+
Hal ini dapat dengan mudah dilakukan dengan (1) distribute-list. Cara ini tidak scale dengan mudah jika ip address berubah dikemudian hari karena harus melihat access lists
  
OPTION 1 - Make use of the no-export community.
+
Atau dengan (2) prefix-list, cara ini lebih mudah untuk berkembang tanpa perlu melihat jika IP address berubah.
 +
 
 +
 
 +
==OPTION 1 - menggunakan no-export community==
 
-------------------------------------------------------------
 
-------------------------------------------------------------
  
Here i apply the community no-export to ALL incoming bgp routes.
+
Disini community no-export di berlakukan ke semua ALL incoming bgp routes.
  
 
  R1
 
  R1
Line 21: Line 24:
  
  
OPTION 2 – Make use of the filter-list command
+
==OPTION 2 – menggunakan perintah filter-list==
-----------------------------------------------------------
 
  
Here i create an as-path access list and only allow bgp routes originated in the routers own as (AS 101) to be advertised out.
+
Disini kita membuat as-path access list dan hanya mengijinkan bgp routes originated dari AS asal router (AS 101) yang di advertised out.
  
 
  R2
 
  R2
Line 32: Line 34:
 
  neigh {ip addrBB2} filter-list 1 out
 
  neigh {ip addrBB2} filter-list 1 out
  
 +
Dua perintah di atas digunakan
 +
 +
show ip bgp {ip address} advertise
  
With both commands i use show ip bgp {ip address} advertise for verification of advertised routes.
+
untuk memverifikasi advertised routes.
  
  

Revision as of 09:26, 1 January 2019

sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html

Mungkinkah kita membuat supaya BGP AS yang kita gunakan tidak menjadi transit path?

BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2

Hal ini dapat dengan mudah dilakukan dengan (1) distribute-list. Cara ini tidak scale dengan mudah jika ip address berubah dikemudian hari karena harus melihat access lists

Atau dengan (2) prefix-list, cara ini lebih mudah untuk berkembang tanpa perlu melihat jika IP address berubah.


OPTION 1 - menggunakan no-export community


Disini community no-export di berlakukan ke semua ALL incoming bgp routes.

R1
route-map NOEXPORT
set community no-export  

router bgp 101
neigh {ip addr BB1} route-map NOEXPORT in
neigh {ip addr r2} send-community


OPTION 2 – menggunakan perintah filter-list

Disini kita membuat as-path access list dan hanya mengijinkan bgp routes originated dari AS asal router (AS 101) yang di advertised out.

R2
ip as-path access-list 1 permit ^$

router bgp 101
neigh {ip addrBB2} filter-list 1 out

Dua perintah di atas digunakan

show ip bgp {ip address} advertise

untuk memverifikasi advertised routes.



Referensi

Pranala Menarik