Difference between revisions of "IPv6: Mikrotik: BGP Example"

Sumber: http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html

Enable IPv6

Default IPv6 di disable. Cek melalui,

/system package print

 Flags: X - disabled 
  #   NAME                          VERSION              SCHEDULED              
  0   routeros-mipsbe               6.38.7                                                  
  1   system                        6.38.7                                                  
  2 X ipv6                          6.38.7                     
  3   wireless                      6.38.7                                                  
  4   hotspot                       6.38.7                                                  
  5   dhcp                          6.38.7                                                  
  6   mpls                          6.38.7                                                  
  7   routing                       6.38.7                                                  
  8   ppp                           6.38.7                                                  
  9   security                      6.38.7                                                  
 10   advanced-tools                6.38.7  

Enable

/system package enable 2
 

Reset

/system reset-configuration no-defaults=yes

Set system identity

/system identity set name=ISP2
 

IP addressing

Add IP Addresses to the interfaces.

/interface bridge add name=loopback0
/ip address add address=200.2.2.2/32 interface=loopback0
/ip address add address=199.9.9.22/24 interface=ether1
/ipv6 address add address=2a99:9:9::22/48 interface=ether1
/ip address add address=199.2.2.1/24 interface=ether2
/ipv6 address add address=2a99:2:2::1/48 interface=ether2
 
/ip address print

 Flags: X - disabled, I - invalid, D - dynamic 
  #   ADDRESS            NETWORK         INTERFACE                                
  0   200.2.2.2/32       200.2.2.2       loopback0                                
  1   199.9.9.22/24      199.9.9.0       ether1                                   
  2   199.2.2.1/24       199.2.2.0       ether2
 
/ipv6 address print

 Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
  #    ADDRESS                                     FROM-POOL INTERFACE   ADVERTISE
  0 DL fe80::d6ca:6dff:fee4:16b2/64                          ether4      no       
  1 IG 2a99:9:9::22/48                                       ether1      yes      
  2 IG 2a99:2:2::1/48                                        ether2      yes 
 

BGP Configuration

/routing bgp instance add name=ASN5222 as=5222 router-id=200.2.2.2
/routing bgp network add network=199.2.2.0/24 
/routing bgp network add network=2a99:2:2::/48
/routing bgp peer
add name=toISP1 remote-address=192.168.3.1 remote-as=10 address-families=ip,ipv6
add name=toISP3 remote-address=192.168.2.2 remote-as=30 address-families=ip,ipv6
add name=toISP1 remote-address=2001:192:168:3::1 remote-as=10 address-families=ip,ipv6
add name=toISP3 remote-address=2001:192:168:2::2 remote-as=30 address-families=ip,ipv6
 

Buat BGP ingress Filter

Ingress filters are used to filter advertisements into the network. Best practice for ingress filters for all peers are:

   Discard receiving ones own prefix
   Discard receiving a default route as we are doing full routing
   Discard special purpose address registry entries stated at RFC 6890. 

Chain IN-IXP-IPv4 is an input filter and it discards receiving ones own prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv4 that discards IPv4 Special-Purpose Address Registry Entries stated at RFC 6890.

 routing filter add chain=IN-IXP-IPv4 prefix=199.2.2.0/24 action=discard
 routing filter add chain=IN-IXP-IPv4 prefix=0.0.0.0/0 action=discard
 routing filter add chain=IN-IXP-IPv4 action=jump jump-target=IN-RFC-6890-IPv4
 
 routing filter add chain=IN-RFC-6890-IPv4 prefix=0.0.0.0/8 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=10.0.0.0/8 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=100.64.0.0/10 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=127.0.0.0/8 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=169.254.0.0/16 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=172.16.0.0/12 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=192.0.2.0/24 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=192.88.99.0/24 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=192.168.0.0/16 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=198.18.0.0/15 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=198.51.100.0/24 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=203.0.113.0/24 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=240.0.0.0/4 action=discard
 routing filter add chain=IN-RFC-6890-IPv4 prefix=255.255.255.255/32 action=discard
 

Chain IN-IXP-IPv6 is an input filter and it discards receiving ones own IPv6 prefix or a default route as full routing is taking place. This filter jumps to a further chain IN-RFC-6890-IPv6 that discards IPv6 Special-Purpose Address Registry Entries stated at RFC 6890.

 routing filter add chain=IN-IXP-IPv6 prefix=2a99:2:2::/48 action=discard
 routing filter add chain=IN-IXP-IPv6 prefix=::/0 action=discard
 routing filter add chain=IN-IXP-IPv6 action=jump jump-target=IN-RFC-6890-IPv6
 
 routing filter add chain=IN-RFC-6890-IPv6 prefix=::1/128 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=::/128 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=64:ff9b::/96 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=::ffff:0:0/96 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=100::/64 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/23 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2001::/32 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:2::/48 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:db8::/32 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2001:10::/28 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=2002::/16 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=fc00::/7 action=discard
 routing filter add chain=IN-RFC-6890-IPv6 prefix=fe80::/10 action=discard
 

Buat BGP egress Filters

Egress filters are used to filter advertisements from the network, limiting it to only advertise the specific local networks. Note the invert-match=yes statement, this instructs the filter to discard all but the prefix specified.

 routing filter add chain=OUT-IPv4 prefix=199.2.2.0/24 invert-match=yes action=discard
 routing filter add chain=OUT-IPv6 prefix=2a99:2:2::/48 invert-match=yes action=discard
 

Tambahkan BGP Peer

Create the peer links to the other BGP peers for IPv4 and IPv6. Note that IPv4 family is the default and for IPv6 the family must be specified.

 routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=199.9.9.1 in-filter=IN-IXP-IPv4 out-filter=OUT-IPv4
 routing bgp peer add name=ixp instance=ASN5222 remote-as=5999 remote-address=2a99:9:9::1 address-families=ipv6 in-filter=IN-IXP-IPv6 out-filter=OUT-IPv6
 

Referensi

• http://www.obriain.com/mikrotik/mikrotik-ISP2-configuration.html

Pranala Menarik

• TCP/IP: Advanced Routing
• Quagga
• VyOS
• Mikrotik
• Cisco
• Juniper
• BIRD1
• BIRD2
• IPv6

• TCP/IP: Advanced Routing
• IPv6: Advanced Routing
• IPv6: Quagga
• IPv6: VyOS
• IPv6: Mikrotik
• IPv6: Cisco
• IPv6: Juniper
• IPv6: BIRD1
• IPv6: BIRD2
• IPv6