Difference between revisions of "IPv6: Mikrotik: BGP Example"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "Sumber: http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html Enable IPv6 package The network is configured for both IPv4 and IPv6 so enable IPv6 which is disable...")
 
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Sumber: http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html
 
Sumber: http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html
  
Enable IPv6 package
+
==Enable IPv6==
  
The network is configured for both IPv4 and IPv6 so enable IPv6 which is disabled by default.
+
Default IPv6 di disable. Cek melalui,
  
  system package print    
+
/system package print
  Flags: X - disabled  
+
 
  #  NAME                         VERSION             SCHEDULED               
+
Flags: X - disabled  
  0  routeros-mipsbe              6.38.7                                                 
+
  #  NAME                   VERSION                   SCHEDULED               
  1  system                       6.38.7                                                 
+
  0  routeros-x86            6.45beta27                                       
  2 X ipv6                         6.38.7                   
+
  1  system                 6.45beta27                                       
  wireless                      6.38.7                                                 
+
  2 X ipv6                   6.45beta27                                       
  hotspot                      6.38.7                                                 
+
  ups                    6.45beta27                                       
  dhcp                          6.38.7                                                 
+
  wireless                6.45beta27                                       
  6  mpls                         6.38.7                                                 
+
  hotspot                6.45beta27                                       
  7  routing                       6.38.7                                                 
+
  6  mpls                   6.45beta27                                       
  8  ppp                           6.38.7                                                 
+
  7  routing                 6.45beta27                                       
  9   security                     6.38.7                                                 
+
  8  ppp                     6.45beta27                                       
  10   advanced-tools               6.38.
+
  9  dhcp                    6.45beta27                                       
                                                 
+
10   security               6.45beta27                                       
  system package enable 2
+
11   advanced-tools         6.45beta27                                       
 
+
12  dude                    6.45beta27
 +
 
 +
Enable
  
Reset the configuration
+
/system package enable 2
 +
/system reset-configuration no-defaults=yes
  
  system reset-configuration no-defaults=yes
+
Set system identity
 
 
  
System identity
+
/system identity set name=ISP2
  
Add a system identity.
+
==IP addressing==
  
  system identity set name=ISP2
+
Menambahkan IP address ke interface.
 
 
  
IP addressing
+
/interface bridge add name=loopback0
 +
/ip address add address=200.2.2.2/32 interface=loopback0
 +
/ip address add address=199.9.9.22/24 interface=ether1
 +
/ipv6 address add address=2a99:9:9::22/48 interface=ether1
 +
/ip address add address=199.2.2.1/24 interface=ether2
 +
/ipv6 address add address=2a99:2:2::1/48 interface=ether2
  
Add IP Addresses to the interfaces.
+
 +
/ip address print
  
  interface bridge add name=loopback0
+
Flags: X - disabled, I - invalid, D - dynamic  
  ip address add address=200.2.2.2/32 interface=loopback0
+
  #  ADDRESS            NETWORK        INTERFACE                            
  ip address add address=199.9.9.22/24 interface=ether1
+
  0  200.2.2.2/32      200.2.2.2      loopback0                            
  ipv6 address add address=2a99:9:9::22/48 interface=ether1
+
  1  199.9.9.22/24      199.9.9.0      ether1                                
  ip address add address=199.2.2.1/24 interface=ether2
+
  2  199.2.2.1/24      199.2.2.0      ether2  
  ipv6 address add address=2a99:2:2::1/48 interface=ether2
 
 
 
  ip address print
 
  Flags: X - disabled, I - invalid, D - dynamic  
 
  #  ADDRESS            NETWORK        INTERFACE                              
 
  0  200.2.2.2/32      200.2.2.2      loopback0                              
 
  1  199.9.9.22/24      199.9.9.0      ether1                                  
 
  2  199.2.2.1/24      199.2.2.0      ether2
 
 
 
  ipv6 address print
 
  Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 
  #    ADDRESS                                    FROM-POOL INTERFACE  ADVERTISE
 
  0 DL fe80::d6ca:6dff:fee4:16b2/64                          ether4      no     
 
  1 IG 2a99:9:9::22/48                                      ether1      yes     
 
  2 IG 2a99:2:2::1/48                                        ether2      yes
 
 
 
  
BGP Configuration
 
  
  routing bgp instance add name=ASN5222 as=5222 router-id=200.2.2.2
 
  routing bgp network add network=199.2.2.0/24
 
  routing bgp network add network=2a99:2:2::/48
 
 
    
 
    
 +
/ipv6 address print
  
Create BGP ingress Filters
+
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 
+
  #    ADDRESS                                    FROM-... INTERFACE        ADV
Ingress filters are used to filter advertisements into the network. Best practice for ingress filters for all peers are:
+
  0 IG 2a99:9:9::22/48                                      ether1          no
 +
  1 IG 2a99:2:2::1/48                                      ether2          no
 +
  2 DL fe80::c18:64ff:fe7e:e1f1/64                          loopback0        no
  
    Discard receiving ones own prefix
+
==BGP Configuration==
    Discard receiving a default route as we are doing full routing
 
    Discard special purpose address registry entries stated at RFC 6890.
 
  
Chain IN-IXP-IPv4 is an input filter and it discards receiving ones own prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv4 that discards IPv4 Special-Purpose Address Registry Entries stated at RFC 6890.
 
  
  routing filter add chain=IN-IXP-IPv4 prefix=199.2.2.0/24 action=discard
+
/routing bgp instance add name=ASN5222 as=5222 router-id=200.2.2.2
  routing filter add chain=IN-IXP-IPv4 prefix=0.0.0.0/0 action=discard
+
/routing bgp network add network=199.2.2.0/24
  routing filter add chain=IN-IXP-IPv4 action=jump jump-target=IN-RFC-6890-IPv4
+
/routing bgp network add network=2a99:2:2::/48
 
+
/routing bgp peer
  routing filter add chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8 action=discard
+
add name=toISP1 remote-address=192.168.3.1 remote-as=10 address-families=ip,ipv6
  routing filter add chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8 action=discard
+
add name=toISP3 remote-address=192.168.2.2 remote-as=30 address-families=ip,ipv6
  routing filter add chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10 action=discard
+
add name=toISP1 remote-address=2001:192:168:3::1 remote-as=10 address-families=ip,ipv6
  routing filter add chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8 action=discard
+
add name=toISP3 remote-address=2001:192:168:2::2 remote-as=30 address-families=ip,ipv6
  routing filter add chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv4 prefix=255.255.255.255/32 action=discard
 
 
    
 
    
  
Chain IN-IXP-IPv6 is an input filter and it discards receiving ones own IPv6 prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv6 that discards IPv6 Special-Purpose Address Registry Entries stated at RFC 6890.
+
==Buat BGP ingress Filter==
  
  routing filter add chain=IN-IXP-IPv6 prefix=2a99:2:2::/48 action=discard
+
Ingress Filter digunakan untuk memfilter advertisement ke dalam jaringan. Best practice untuk ingress filter untuk semua peer adalah:
  routing filter add chain=IN-IXP-IPv6 prefix=::/0 action=discard
 
  routing filter add chain=IN-IXP-IPv6 action=jump jump-target=IN-RFC-6890-IPv6
 
 
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=::1/128 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=::/128 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=64:ff9b::/96 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=::ffff:0:0/96 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=100::/64 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/23 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/32 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:2::/48 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:db8::/32 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:10::/28 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=2002::/16 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=fc00::/7 action=discard
 
  routing filter add chain=IN-RFC-6890-IPv6 prefix=fe80::/10 action=discard
 
 
 
  
Create BGP egress Filters
+
* Buang jika prefix yang di terima adalah milik sendiri.
 +
* Buang rute default yang kita terima, jika kita melakukan full routing.
 +
* Buang entri address tujuan khusus yang dinyatakan di RFC 6890.
  
Egress filters are used to filter advertisements from the network, limiting it to only advertise the specific local networks. Note the invert-match=yes statement, this instructs the filter to discard all but the prefix specified.
+
Chain IN-IXP-IPv4 adalah sebuah input filter dan dia akan membuang prefix diri sendiri atau route default jika menerima-nya karena kita melakukan full routing. Filter ini akan jump ke chain selanjutnya, yaitu, chain IN-RFC-6890-IPv4 yang akan membuang IPv4 Special-Purpose Address Registry Entries yang di jelaskan di RFC 6890.
  
  routing filter add chain=OUT-IPv4 prefix=199.2.2.0/24 invert-match=yes action=discard
+
routing filter add chain=IN-IXP-IPv4 prefix=199.2.2.0/24 action=discard
  routing filter add chain=OUT-IPv6 prefix=2a99:2:2::/48 invert-match=yes action=discard
+
routing filter add chain=IN-IXP-IPv4 prefix=0.0.0.0/0 action=discard
 +
routing filter add chain=IN-IXP-IPv4 action=jump jump-target=IN-RFC-6890-IPv4
 
    
 
    
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv4 prefix=255.255.255.255/32 action=discard
 +
 +
Chain IN-IXP-IPv6 adalah input filter dan dia akan membuang prefix diri sendiri atau route default jika menerima-nya karena kita melakukan full routing. Filter ini akan jump ke chain selanjutnya, yaitu, chain IN-RFC-6890-IPv6 yang akan membuang IPv6 Special-Purpose Address Registry Entries yang di jelaskan di RFC 6890.
 +
 +
routing filter add chain=IN-IXP-IPv6 prefix=2a99:2:2::/48 action=discard
 +
routing filter add chain=IN-IXP-IPv6 prefix=::/0 action=discard
 +
routing filter add chain=IN-IXP-IPv6 action=jump jump-target=IN-RFC-6890-IPv6
 +
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=::1/128 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=::/128 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=64:ff9b::/96 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=::ffff:0:0/96 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=100::/64 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/23 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/32 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:2::/48 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:db8::/32 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:10::/28 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=2002::/16 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=fc00::/7 action=discard
 +
routing filter add chain=IN-RFC-6890-IPv6 prefix=fe80::/10 action=discard
  
Add BGP Peers
+
==Buat BGP egress Filter==
  
Create the peer links to the other BGP peers for IPv4 and IPv6. Note that IPv4 family is the default and for IPv6 the family must be specified.
+
Egress filter digunakan untuk mem-filter advertisement dari jaringan kita, membatasi agar hanya meng-advertise jaringan lokal yang spesifik. Parameter invert-match=yes , ini menginstruksikan filter agar membuang semua kecuali prefix yang kita inginkan.
  
  routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=199.9.9.1 in-filter=IN-IXP-IPv4 out-filter=OUT-IPv4
+
routing filter add chain=OUT-IPv4 prefix=199.2.2.0/24 invert-match=yes action=discard
  routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=2a99:9:9::1 address-families=ipv6 in-filter=IN-IXP-IPv6 out-filter=OUT-IPv6
+
routing filter add chain=OUT-IPv6 prefix=2a99:2:2::/48 invert-match=yes action=discard
 
 
  
 +
==Tambahkan BGP Peer==
  
 +
BUat peer link ke BGP peer lainnya untuk IPv4 dan IPv6. Catatan keluarga IPv4 family secara default akan di sebarkan BGP, sementara keluarga IPv6 harus di ditulis eksplisit.
  
 +
routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=199.9.9.1 in-filter=IN-IXP-IPv4 out-filter=OUT-IPv4
  
 +
routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=2a99:9:9::1 address-families=ipv6 in-filter=IN-IXP-IPv6 out-filter=OUT-IPv6
  
 
==Referensi==
 
==Referensi==
Line 147: Line 147:
 
* [[TCP/IP: Advanced Routing]]
 
* [[TCP/IP: Advanced Routing]]
 
* [[Quagga]]
 
* [[Quagga]]
 +
* [[VyOS]]
 
* [[Mikrotik]]
 
* [[Mikrotik]]
 
* [[Cisco]]
 
* [[Cisco]]
 
* [[Juniper]]
 
* [[Juniper]]
* [[BIRD: Routing]]
+
* [[BIRD1]]
 +
* [[BIRD2]]
 
* [[IPv6]]
 
* [[IPv6]]
 +
  
 
* [[TCP/IP: Advanced Routing]]
 
* [[TCP/IP: Advanced Routing]]
 
* [[IPv6: Advanced Routing]]
 
* [[IPv6: Advanced Routing]]
 
* [[IPv6: Quagga]]
 
* [[IPv6: Quagga]]
 +
* [[IPv6: VyOS]]
 
* [[IPv6: Mikrotik]]
 
* [[IPv6: Mikrotik]]
 
* [[IPv6: Cisco]]
 
* [[IPv6: Cisco]]
 
* [[IPv6: Juniper]]
 
* [[IPv6: Juniper]]
* [[IPv6: BIRD: Routing]]
+
* [[IPv6: BIRD1]]
 +
* [[IPv6: BIRD2]]
 
* [[IPv6]]
 
* [[IPv6]]

Latest revision as of 09:30, 5 April 2019

Sumber: http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html

Enable IPv6

Default IPv6 di disable. Cek melalui,

/system package print
Flags: X - disabled 
 #   NAME                    VERSION                    SCHEDULED              
 0   routeros-x86            6.45beta27                                        
 1   system                  6.45beta27                                        
 2 X ipv6                    6.45beta27                                        
 3   ups                     6.45beta27                                        
 4   wireless                6.45beta27                                        
 5   hotspot                 6.45beta27                                        
 6   mpls                    6.45beta27                                        
 7   routing                 6.45beta27                                        
 8   ppp                     6.45beta27                                        
 9   dhcp                    6.45beta27                                        
10   security                6.45beta27                                        
11   advanced-tools          6.45beta27                                        
12   dude                    6.45beta27 

Enable

/system package enable 2
/system reset-configuration no-defaults=yes

Set system identity

/system identity set name=ISP2

IP addressing

Menambahkan IP address ke interface.

/interface bridge add name=loopback0
/ip address add address=200.2.2.2/32 interface=loopback0
/ip address add address=199.9.9.22/24 interface=ether1
/ipv6 address add address=2a99:9:9::22/48 interface=ether1
/ip address add address=199.2.2.1/24 interface=ether2
/ipv6 address add address=2a99:2:2::1/48 interface=ether2


/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                              
 0   200.2.2.2/32       200.2.2.2       loopback0                              
 1   199.9.9.22/24      199.9.9.0       ether1                                 
 2   199.2.2.1/24       199.2.2.0       ether2 


/ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-... INTERFACE        ADV
 0 IG 2a99:9:9::22/48                                      ether1           no 
 1 IG 2a99:2:2::1/48                                       ether2           no 
 2 DL fe80::c18:64ff:fe7e:e1f1/64                          loopback0        no

BGP Configuration

/routing bgp instance add name=ASN5222 as=5222 router-id=200.2.2.2
/routing bgp network add network=199.2.2.0/24 
/routing bgp network add network=2a99:2:2::/48
/routing bgp peer
add name=toISP1 remote-address=192.168.3.1 remote-as=10 address-families=ip,ipv6
add name=toISP3 remote-address=192.168.2.2 remote-as=30 address-families=ip,ipv6
add name=toISP1 remote-address=2001:192:168:3::1 remote-as=10 address-families=ip,ipv6
add name=toISP3 remote-address=2001:192:168:2::2 remote-as=30 address-families=ip,ipv6
 

Buat BGP ingress Filter

Ingress Filter digunakan untuk memfilter advertisement ke dalam jaringan. Best practice untuk ingress filter untuk semua peer adalah:

  • Buang jika prefix yang di terima adalah milik sendiri.
  • Buang rute default yang kita terima, jika kita melakukan full routing.
  • Buang entri address tujuan khusus yang dinyatakan di RFC 6890.

Chain IN-IXP-IPv4 adalah sebuah input filter dan dia akan membuang prefix diri sendiri atau route default jika menerima-nya karena kita melakukan full routing. Filter ini akan jump ke chain selanjutnya, yaitu, chain IN-RFC-6890-IPv4 yang akan membuang IPv4 Special-Purpose Address Registry Entries yang di jelaskan di RFC 6890.

routing filter add chain=IN-IXP-IPv4 prefix=199.2.2.0/24 action=discard
routing filter add chain=IN-IXP-IPv4 prefix=0.0.0.0/0 action=discard
routing filter add chain=IN-IXP-IPv4 action=jump jump-target=IN-RFC-6890-IPv4
 
routing filter add chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4 action=discard
routing filter add chain=IN-RFC-6890-IPv4 prefix=255.255.255.255/32 action=discard

Chain IN-IXP-IPv6 adalah input filter dan dia akan membuang prefix diri sendiri atau route default jika menerima-nya karena kita melakukan full routing. Filter ini akan jump ke chain selanjutnya, yaitu, chain IN-RFC-6890-IPv6 yang akan membuang IPv6 Special-Purpose Address Registry Entries yang di jelaskan di RFC 6890.

routing filter add chain=IN-IXP-IPv6 prefix=2a99:2:2::/48 action=discard
routing filter add chain=IN-IXP-IPv6 prefix=::/0 action=discard
routing filter add chain=IN-IXP-IPv6 action=jump jump-target=IN-RFC-6890-IPv6

routing filter add chain=IN-RFC-6890-IPv6 prefix=::1/128 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=::/128 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=64:ff9b::/96 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=::ffff:0:0/96 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=100::/64 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/23 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/32 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:2::/48 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:db8::/32 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:10::/28 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=2002::/16 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=fc00::/7 action=discard
routing filter add chain=IN-RFC-6890-IPv6 prefix=fe80::/10 action=discard

Buat BGP egress Filter

Egress filter digunakan untuk mem-filter advertisement dari jaringan kita, membatasi agar hanya meng-advertise jaringan lokal yang spesifik. Parameter invert-match=yes , ini menginstruksikan filter agar membuang semua kecuali prefix yang kita inginkan.

routing filter add chain=OUT-IPv4 prefix=199.2.2.0/24 invert-match=yes action=discard
routing filter add chain=OUT-IPv6 prefix=2a99:2:2::/48 invert-match=yes action=discard

Tambahkan BGP Peer

BUat peer link ke BGP peer lainnya untuk IPv4 dan IPv6. Catatan keluarga IPv4 family secara default akan di sebarkan BGP, sementara keluarga IPv6 harus di ditulis eksplisit.

routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=199.9.9.1 in-filter=IN-IXP-IPv4 out-filter=OUT-IPv4
routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=2a99:9:9::1 address-families=ipv6 in-filter=IN-IXP-IPv6 out-filter=OUT-IPv6

Referensi

Pranala Menarik