Building Enterprise Linux MPLS Virtual WAN
24
Building Enterprise Linux MPLS Virtual WAN Virtual Wide Area Networking Wide Area Networking adalah suatu area luas (kota / wilayah) yang berbeda geografis yang saling terhubung satu dengan lain dalam suatu topologi jaringan komputer. Pada artikel ini kita akan membahas mengenai Virtual WAN (Virtual Wide Area Networking), yang bertujuan menghubungkan beberapa subnet wilayah, kota ataupun kantor perusahaan menjadi satu topologi. Subnet yang akan kita hubungkan menggunakan alamat IP Private 192.xxx.xxx.xxx yang tidak dikenal oleh internet. Jadi Virtual WAN lebih ditujukan untuk pemakaian pribadi (personal atau corporate). Hubungan antar subnet mirip dengan internet atau WAN, pengguna dapat langsung melakukan sharing data antar komputer beda subnet, printer dan pemanfaatan aplikasi. Gambar dibawah ini merupakan contoh topologi subnet kantor surabaya, madiun dan ponorogo, kita akan menggabungkan menjadi satu topologi Virtual WAN menggunakan kombinasi OpenVPN dan BGP Routing Protocol. BGP Inside OpenVPN Diagram dibawah ini menunjukkan pemanfaatan teknologi Tunneling VPN (garis biru) untuk membawa BGP routing protocol yang menghubungkan jaringan antar subnet. Setiap AS Number (ASN) dihubungkan oleh jalur tunnel VPN, paket data routing BGP yang melintas selalu dibungkus (encapsulation) dan di enkripsi (encryption), sehingga meningkatkan keamanan komunikasi data antar subnet.
-
Upload
yahya-nursalim -
Category
Documents
-
view
345 -
download
4
Transcript of Building Enterprise Linux MPLS Virtual WAN
Building Enterprise Linux MPLS Virtual WAN
Virtual Wide Area Networking
Wide Area Networking adalah suatu area luas (kota / wilayah) yang berbeda geografis yang saling terhubung satu dengan lain dalam suatu topologi jaringan komputer. Pada artikel ini kita akan membahas mengenai Virtual WAN (Virtual Wide Area Networking), yang bertujuan menghubungkan beberapa subnet wilayah, kota ataupun kantor perusahaan menjadi satu topologi. Subnet yang akan kita hubungkan menggunakan alamat IP Private 192.xxx.xxx.xxx yang tidak dikenal oleh internet. Jadi Virtual WAN lebih ditujukan untuk pemakaian pribadi (personal atau corporate). Hubungan antar subnet mirip dengan internet atau WAN, pengguna dapat langsung melakukan sharing data antar komputer beda subnet, printer dan pemanfaatan aplikasi. Gambar dibawah ini merupakan contoh topologi subnet kantor surabaya, madiun dan ponorogo, kita akan menggabungkan menjadi satu topologi Virtual WAN menggunakan kombinasi OpenVPN dan BGP Routing
Protocol.
BGP Inside OpenVPN
Diagram dibawah ini menunjukkan pemanfaatan teknologi Tunneling VPN (garis biru) untuk membawa BGP routing protocol yang menghubungkan jaringan antar subnet. Setiap AS Number (ASN) dihubungkan oleh jalur tunnel VPN, paket data routing BGP yang melintas selalu dibungkus (encapsulation) dan di enkripsi (encryption), sehingga meningkatkan keamanan komunikasi data antar subnet.
Informasi AS Number
Madiun = ASN 1003
Ponorogo = ASN 1002
Surabaya = ASN 1001
Topologi Lengkap Virtual WAN
Gambar dibawah ini menunjukkan penggabungan topologi antar subnet dengan diagram BGP routing inside OpenVPN. Setiap perangkat PC Router Linux terpasang aplikasi OpenVPN dan Quagga Routing Daemon, hanya saja pada kantor surabaya router kita fungsikan sebagai OpenVPN Server dan harus memakai IP Publik Statis. Koneksi kantor madiun maupun ponorogo bisa memakai koneksi IP dinamis dan kita fungsikan sebagai VPN Client. Berikut ini data koneksi setiap PC Router.
Kantor Surabaya
Koneksi Internet : Dedicated Leased Line 512kbps – 1Mbps
IP Publik : 122.200.52.41
Subnet LAN : 192.168.0.0/24
IP VPN : 10.8.1.1
ASN : 1001
Kantor Madiun
Koneksi Internet : Telkom Speedy Unlimited
IP Telkom Speedy : 125.22.156.45 (IP dinamis)
Subnet LAN : 192.168.10.0/24
IP VPN : 10.8.1.3
ASN : 1003
Kantor Ponorogo
Koneksi Internet : FastNet First Media
IP FastNet : 122.34.200.70 (IP dinamis)
Subnet LAN : 192.168.1.0/24
IP VPN : 10.8.1.4
ASN : 1002
Konfigurasi Virtual WAN
PC Router Kantor Surabaya
vim /etc/openvpn/server.conf (OpenVPN Server)
dev tap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
vim /etc/quagga/daemons
zebra = yes
bgpd = yes
ospfd = no
ospf6d = no
ripd = no
ripngd = no
isisd = no
vim /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon"
bgpd_options=" --daemon"
ospfd_options=" --daemon"
ospf6d_options="--daemon -A ::1"
ripd_options=" --daemon"
ripngd_options="--daemon -A ::1"
isisd_options=" --daemon -A 127.0.0.1"
vim /etc/quagga/bgpd.conf
hostname bgpd
password zebra
enable password ardelindo
log stdout
router bgp 1001
bgp router-id 10.8.1.1
network 122.200.50.0/24
network 192.168.0.0/24
neighbor 10.8.1.3 remote-as 1003
neighbor 10.8.1.4 remote-as 1002
line vty
#############################
##TEST KONFIGURASI
##KANTOR SURABAYA
#############################
Router> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 122.200.52.1, eth1
C>* 10.8.1.0/24 is directly connected, tap0
C>* 122.200.52.0/25 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.0.0/24 is directly connected, eth3
K>* 192.168.0.218/32 via 10.8.1.2, tap0
B>* 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 03:29:27
B>* 192.168.10.0/24 [20/0] via 10.8.1.3, tap0, 15:03:25
bgpd> show ip bgp neighbors
BGP neighbor is 10.8.1.3, remote AS 1003, local AS 1001, external link
BGP version 4, remote router ID 10.8.1.3
BGP state = Established, up for 15:05:21
Last read 00:00:21, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 10 2
Notifications: 3 5
Updates: 15 5
Keepalives: 1521 1512
Route Refresh: 0 0
Capability: 0 0
Total: 1549 1524
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
1 accepted prefixes
Connections established 5; dropped 3
Last reset 1d00h58m, due to BGP Notification send
Local host: 10.8.1.1, Local port: 179
Foreign host: 10.8.1.3, Foreign port: 42912
Nexthop: 10.8.1.1
Nexthop global: fe80::2ff:79ff:fe7c:31a8
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
BGP neighbor is 10.8.1.4, remote AS 1002, local AS 1001, external link
BGP version 4, remote router ID 10.8.1.4
BGP state = Established, up for 03:31:24
Last read 00:00:25, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 5 2
Notifications: 1 2
Updates: 14 4
Keepalives: 1516 1509
Route Refresh: 0 0
Capability: 0 0
Total: 1536 1517
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
1 accepted prefixes
Connections established 4; dropped 2
Last reset 03:31:38, due to BGP Notification received
Local host: 10.8.1.1, Local port: 43853
Foreign host: 10.8.1.4, Foreign port: 179
Nexthop: 10.8.1.1
Nexthop global: fe80::2ff:79ff:fe7c:31a8
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
bgpd> show ip bgp summary
BGP router identifier 10.8.1.1, local AS number 1001
RIB entries 7, using 448 bytes of memory
Peers 2, using 5024 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.3 4 1003 1524 1549 0 0 0 15:06:00 1
10.8.1.4 4 1002 1518 1537 0 0 0 03:32:03 1
Total number of neighbors 2
PC Router Kantor Madiun
vim /etc/openvpn/client.conf (VPN Client)
client
dev tap
proto udp
remote 122.200.52.41 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert madiun.crt
key madiun.key
comp-lzo
verb 3
vim /etc/quagga/daemons
zebra = yes
bgpd = yes
ospfd = no
ospf6d = no
ripd = no
ripngd = no
isisd = no
vim /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon"
bgpd_options=" --daemon"
ospfd_options=" --daemon"
ospf6d_options="--daemon -A ::1"
ripd_options=" --daemon"
ripngd_options="--daemon -A ::1"
isisd_options=" --daemon -A 127.0.0.1"
vim /etc/quagga/bgpd.conf
hostname bgpd
password zebra
enable password ardelindo
log stdout
router bgp 1003
bgp router-id 10.8.1.3
network 192.168.10.0/24
neighbor 10.8.1.1 remote-as 1001
line vty
#############################
##TEST KONFIGURASI
##KANTOR MADIUN
#############################
Router> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.1.1, eth1
O 10.8.1.0/24 [110/10] is directly connected, tap0, 1d00h34m
C>* 10.8.1.0/24 is directly connected, tap0
B>* 122.200.50.0/24 [20/0] via 10.8.1.1, tap0, 14:29:07
C>* 127.0.0.0/8 is directly connected, lo
B>* 192.168.0.0/24 [20/0] via 10.8.1.1, tap0, 14:29:07
B 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 02:54:53
C>* 192.168.1.0/24 is directly connected, eth1
O 192.168.10.0/24 [110/10] is directly connected, eth2, 1d00h34m
C>* 192.168.10.0/24 is directly connected, eth2
bgpd> show ip bgp summary
BGP router identifier 10.8.1.3, local AS number 1003
RIB entries 7, using 448 bytes of memory
Peers 1, using 2512 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.1 4 1001 1484 1499 0 0 0 14:32:29 3
Total number of neighbors 1
bgpd> show ip bgp neighbors
BGP neighbor is 10.8.1.1, remote AS 1001, local AS 1003, external link
BGP version 4, remote router ID 10.8.1.1
BGP state = Established, up for 14:33:09
Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 7 3
Notifications: 7 0
Updates: 4 12
Keepalives: 1482 1469
Route Refresh: 0 0
Capability: 0 0
Total: 1500 1484
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
3 accepted prefixes
Connections established 4; dropped 0
Last reset never
Local host: 10.8.1.3, Local port: 42912
Foreign host: 10.8.1.1, Foreign port: 179
Nexthop: 10.8.1.3
Nexthop global: fe80::2ff:9dff:fecd:a17b
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
bgpd> show ip bgp summary
BGP router identifier 10.8.1.3, local AS number 1003
RIB entries 7, using 448 bytes of memory
Peers 1, using 2512 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.1 4 1001 1519 1534 0 0 0 15:07:23 3
Total number of neighbors 1
Test Koneksi Virtual WAN Kantor Surabaya
Sekarang kita test dari komputer klien kantor surabaya ke kantor madiun.
root@budi:~# ping 192.168.10.92
PING 192.168.10.92 (192.168.10.92) 56(84) bytes of data.
64 bytes from 192.168.10.92: icmp_seq=1 ttl=62 time=384 ms
64 bytes from 192.168.10.92: icmp_seq=2 ttl=62 time=49.0 ms
64 bytes from 192.168.10.92: icmp_seq=3 ttl=62 time=62.3 ms
64 bytes from 192.168.10.92: icmp_seq=4 ttl=62 time=39.3 ms
64 bytes from 192.168.10.92: icmp_seq=5 ttl=62 time=45.2 ms
^C
--- 192.168.10.92 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 39.318/116.054/384.335/134.354 ms
root@budi:~#
root@budi:~# traceroute 192.168.10.92
traceroute to 192.168.10.92 (192.168.10.92), 30 hops max, 60 byte packets
1 192.168.0.71 (192.168.0.71) 0.252 ms 0.199 ms 0.195 ms
2 10.8.1.3 (10.8.1.3) 1301.948 ms 1314.478 ms 1342.800 ms (IP VPN)
3 192.168.10.92 (192.168.10.92) 1375.937 ms 1396.767 ms 1413.436 ms
Tracemap Cheops
Dari tracemap aplikasi cheops dapat kita lihat bahwa routing dari IP 192.168.0.253 ke 192.168.10.92 melalui IP VPN 10.8.1.3 kantor madiun.
MPLS Virtual WAN Mobile Internet Broadband Access
Pada blog sebelumnya kita membahas konfigurasi MPLS Virtual WAN, dengan memanfaatkan VPN bridging dan Routing BGP. Sekarang kita membahas akses MPLS Virtual WAN melalui mobile internet broadband access (Ex: Smart Telecom Internet Unlimited 153kbps), untuk menghubungi komputer yang berada di subnet ardelindo (192.168.0.0/24), ruang pelatihan (192.168.3.0/24) dan customer (192.168.1.0/24). Datacenter customer dan ardelindo datacenter adalah storage penyimpanan data terpusat, jadi saya bisa setiap saat mengambil file yang diperlukan agar bisa dikerjakan dirumah. Kedua saya juga bisa melakukan remote maintenance walaupun sedang berada diluar kantor.
Lokasi saya berada di perumahan bukit rivaria sawangan - depok, yang saya gunakan Personal Computer rakitan, terhubung langsung ke HP nokia 2865 melalui kabel DKU-2. Device ppp0 adalah perangkat yang dibuat linux otomatis saat kita terhubung ke jaringan Smart Telecom Internet Unlimited. Alamat IP VPN adaah sebagai berikut:
Rumah Sawangan root@ubuntu:~# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.10.54.194 P-t-P:10.17.4.12 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1 RX packets:4284 errors:1 dropped:0 overruns:0 frame:0 TX packets:4492 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:1615893 (1.5 MiB) TX bytes:612388 (598.0 KiB) Kantor Ardelindo root@aples-desktop:~# ifconfig tap0 tap0 Link encap:Ethernet HWaddr 00:ff:1c:6b:97:d1 inet addr:10.8.1.1 Bcast:10.8.1.255 Mask:255.255.255.0 inet6 addr: fe80::2ff:1cff:fe6b:97d1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:762478 errors:0 dropped:0 overruns:0 frame:0 TX packets:844504 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:71179776 (67.8 MB) TX bytes:77438801 (73.8 MB) Customer ABCDE root@ubuntu:~# ifconfig tap0 tap0 Link encap:Ethernet HWaddr 00:ff:c7:6f:74:d5
inet addr:10.8.1.4 Bcast:10.8.1.255 Mask:255.255.255.0 inet6 addr: fe80::2ff:c7ff:fe6f:74d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:103107 errors:0 dropped:0 overruns:0 frame:0 TX packets:55442 errors:0 dropped:99 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7824984 (7.4 MB) TX bytes:4262522 (4.0 MB)
Pengujian koneksi Setelah semua terhubung ke jaringan VPN, kita lakukan test koneksi dengan ICMP melalui PC Desktop rumah sawangan. root@ubuntu:~# ping 10.8.1.1 PING 10.8.1.1 (10.8.1.1) 56(84) bytes of data. 64 bytes from 10.8.1.1: icmp_seq=2 ttl=64 time=527 ms 64 bytes from 10.8.1.1: icmp_seq=3 ttl=64 time=543 ms 64 bytes from 10.8.1.1: icmp_seq=4 ttl=64 time=559 ms --- 10.8.1.1 ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 3007ms rtt min/avg/max/mdev = 527.763/543.808/559.862/13.118 ms root@ubuntu:~# ping 10.8.1.4 PING 10.8.1.4 (10.8.1.4) 56(84) bytes of data. 64 bytes from 10.8.1.4: icmp_seq=3 ttl=64 time=585 ms 64 bytes from 10.8.1.4: icmp_seq=4 ttl=64 time=586 ms 64 bytes from 10.8.1.4: icmp_seq=6 ttl=64 time=606 ms --- 10.8.1.4 ping statistics --- 6 packets transmitted, 3 received, 50% packet loss, time 5010ms rtt min/avg/max/mdev = 585.956/593.302/606.980/9.720 ms
dari hasil diatas kita lihat bahwa semua sudah terhubung dengan jaringan VPN. Konfigurasi Routing BGP Nah sekarang kita lakukan konfigurasi routing BGP untuk menghubungkan subnet kantor ardelindo, ruang pelatihan dan customer. Dalam contoh ini saya hanya perlihatkan settingan BGP nya, untuk keterangan lebih detail lihat di tutorial MPLS Virtual WAN. Kantor Ardelindo root@ubuntu:~# telnet 10.8.1.1 bgpd bgpd> enable bgpd# configure terminal bgpd(config)# show running-config router bgp 1001 bgp router-id 10.8.1.1 network 10.8.1.0/24 network 122.200.50.0/24 network 192.168.0.0/24 neighbor 10.8.1.4 remote-as 1005 neighbor 10.8.1.13 remote-as 1008 neighbor 192.168.0.90 remote-as 1001 neighbor 192.168.0.253 remote-as 1001
Customer ABCDE root@ubuntu:~# telnet 10.8.1.4 bgpd bgpd# show running-config router bgp 1005 bgp router-id 10.8.1.4 network 192.168.1.0/24 neighbor 10.8.1.1 remote-as 1001 neighbor 10.8.1.13 remote-as 1008 Rumah Sawangan root@ubuntu:~# telnet 127.0.0.1 bgpd bgpd# show running-config router bgp 1008 bgp router-id 10.8.1.13 neighbor 10.8.1.1 remote-as 1001 neighbor 10.8.1.4 remote-as 1005 Routing Table BGP Kemudian setelah terhubung kita lihat routing table melalui zebra dan bgpd. Rumah Sawangan root@ubuntu:~# telnet 127.0.0.1 zebra Router> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 is directly connected, ppp0 B 10.8.1.0/24 [20/0] via 10.8.1.1 inactive, 01:26:21 C>* 10.8.1.0/24 is directly connected, tap0 C>* 10.17.4.12/32 is directly connected, ppp0 B>* 122.200.50.0/24 [20/0] via 10.8.1.1, tap0, 01:26:21 C>* 127.0.0.0/8 is directly connected, lo K * 169.254.0.0/16 is directly connected, eth0 inactive B>* 192.168.0.0/24 [20/0] via 10.8.1.1, tap0, 01:26:21 B>* 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 01:24:26 S>* 192.168.1.99/32 [1/0] via 10.8.1.4, tap0 S>* 192.168.1.100/32 [1/0] via 10.8.1.4, tap0 Interface tap0 : perangkat VPN bridging root@ubuntu:~# telnet 127.0.0.1 bgpd bgpd> show ip bgp BGP table version is 0, local router ID is 10.8.1.13 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.8.1.0/24 10.8.1.1 0 0 1001 i *> 122.200.50.0/24 10.8.1.1 0 0 1001 i *> 192.168.0.0 10.8.1.1 0 0 1001 i *> 192.168.1.0 10.8.1.4 0 0 1005 i *> 192.168.6.0 10.8.1.2 0 1001 1003 i *> 192.168.10.0 10.8.1.2 0 1001 1003 i Total number of prefixes 6 bgpd> show ip bgp neighbors BGP neighbor is 10.8.1.1, remote AS 1001, local AS 1008, external link BGP version 4, remote router ID 10.8.1.1 BGP state = Established, up for 01:18:43 Last read 00:00:43, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received
Received 179 messages, 0 notifications, 0 in queue Sent 180 messages, 1 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast Community attribute sent to this neighbor(both) 7 accepted prefixes bgpd> show ip bgp summary BGP router identifier 10.8.1.13, local AS number 1008 3 BGP AS-PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.8.1.1 4 1001 181 183 0 0 0 01:20:39 7 10.8.1.4 4 1005 176 188 0 0 0 01:21:32 1 Total number of neighbors 2
root@ubuntu:~# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.99 10.8.1.4 255.255.255.255 UGH 0 0 0 tap0 192.168.1.100 10.8.1.4 255.255.255.255 UGH 0 0 0 tap0 10.17.4.12 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.6.0 10.8.1.2 255.255.255.0 UG 0 0 0 tap0 192.168.4.0 10.8.1.1 255.255.255.0 UG 0 0 0 tap0 122.200.50.0 10.8.1.1 255.255.255.0 UG 0 0 0 tap0 192.168.3.0 10.8.1.1 255.255.255.0 UG 0 0 0 tap0 192.168.0.0 10.8.1.1 255.255.255.0 UG 0 0 0 tap0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 192.168.10.0 10.8.1.2 255.255.255.0 UG 0 0 0 tap0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 Interface tap0 : perangkat VPN bridging Kantor Ardelindo root@ubuntu:~# telnet 10.8.1.1 zebra Router> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 122.200.52.1, eth1 C>* 10.8.1.0/24 is directly connected, tap0 C>* 10.8.10.0/24 is directly connected, tap1 C>* 122.200.52.0/25 is directly connected, eth1 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.0.0/24 is directly connected, eth3 K>* 192.168.0.63/32 via 10.8.1.5, tap0 K>* 192.168.0.218/32 via 10.8.1.5, tap0 B>* 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 01:25:44 S>* 192.168.1.99/32 [1/0] via 10.8.1.4, tap0 S>* 192.168.1.100/32 [1/0] via 10.8.1.4, tap0 root@ubuntu:~# telnet 10.8.1.1 bgpd bgpd> show ip bgp BGP table version is 0, local router ID is 10.8.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.8.1.0/24 0.0.0.0 0 32768 i *> 122.200.50.0/24 0.0.0.0 0 32768 i *> 192.168.0.0 0.0.0.0 0 32768 i *> 192.168.1.0 10.8.1.13 0 1008 1005 i *>i192.168.3.0 192.168.0.253 0 100 0 i *>i192.168.4.0 192.168.0.253 0 100 0 i *> 192.168.6.0 10.8.1.2 0 0 1003 i *> 192.168.10.0 10.8.1.2 0 0 1003 i Total number of prefixes 8 bgpd> show ip bgp summary BGP router identifier 10.8.1.1, local AS number 1001 RIB entries 15, using 960 bytes of memory Peers 8, using 20 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.8.1.2 4 1003 1915 1970 0 0 0 1d02h09m 2 10.8.1.4 4 1005 7162 7391 0 0 0 2d12h46m Idle 10.8.1.12 4 1007 82 121 0 0 0 5d03h37m Active 10.8.1.13 4 1008 1237 1387 0 0 0 01:24:49 1 192.168.0.90 4 1001 148 153 0 0 0 2d05h02m Active 192.168.0.253 4 1001 2894 2942 0 0 0 00:07:48 2 Total number of neighbors 6 Customer ABCDE root@ubuntu:~# telnet 10.8.1.4 zebra Router> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.0.2, eth3 B 10.8.1.0/24 [20/0] via 10.8.1.1 inactive, 01:27:16 C>* 10.8.1.0/24 is directly connected, tap0 B>* 122.200.50.0/24 [20/0] via 10.8.1.1, tap0, 01:27:16 C>* 127.0.0.0/8 is directly connected, lo K>* 169.254.0.0/16 is directly connected, eth1 B 192.168.0.0/24 [20/0] via 10.8.1.1, tap0, 01:27:16 C>* 192.168.0.0/24 is directly connected, eth3 S>* 192.168.0.71/32 [1/0] via 10.8.1.2, tap0 S>* 192.168.0.253/32 [1/0] via 10.8.1.2, tap0 C>* 192.168.1.0/24 is directly connected, eth1 root@ubuntu:~# telnet 10.8.1.4 bgpd bgpd> show ip bgp BGP table version is 0, local router ID is 10.8.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.8.1.0/24 10.8.1.13 0 1008 1001 i *> 122.200.50.0/24 10.8.1.13 0 1008 1001 i *> 192.168.0.0 10.8.1.13 0 1008 1001 i *> 192.168.1.0 0.0.0.0 0 32768 i *> 192.168.3.0 10.8.1.13 0 1008 1001 i *> 192.168.4.0 10.8.1.13 0 1008 1001 i *> 192.168.6.0 10.8.1.13 0 1008 1001 1003 i *> 192.168.10.0 10.8.1.13 0 1008 1001 1003 i Total number of prefixes 8
bgpd> show ip bgp summary BGP router identifier 10.8.1.4, local AS number 1005 RIB entries 15, using 960 bytes of memory Peers 3, using 7536 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.8.1.1 4 1001 5868 7357 0 0 0 2d12h52m Idle 10.8.1.13 4 1008 693 712 0 0 0 01:31:35 7 Total number of neighbors 2 Pengujian koneksi antar subnet Dari hasil routing diatas bisa kita simpulkan sekarang semua subnet sudah terhubung. Untuk meyakinkan kita lakukan test ICMP dari PC rumah sawangan ke setiap server yang ada pada gambar topologi diatas.
Ke Kantor Ardelindo root@ubuntu:~# ping 192.168.0.71 (Ardelindo Datacenter) PING 192.168.0.71 (192.168.0.71) 56(84) bytes of data. 64 bytes from 192.168.0.71: icmp_seq=2 ttl=64 time=509 ms 64 bytes from 192.168.0.71: icmp_seq=4 ttl=64 time=609 ms 64 bytes from 192.168.0.71: icmp_seq=5 ttl=64 time=530 ms root@ubuntu:~# ping 192.168.0.3 (Ardelindo IP Phone) PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=63 time=1130 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=63 time=685 ms 64 bytes from 192.168.0.3: icmp_seq=3 ttl=63 time=681 ms Ke Customer ABCDE root@ubuntu:~# ping 192.168.1.100 (Datacenter) PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data. 64 bytes from 192.168.1.100: icmp_seq=1 ttl=63 time=585 ms 64 bytes from 192.168.1.100: icmp_seq=2 ttl=63 time=628 ms 64 bytes from 192.168.1.100: icmp_seq=3 ttl=63 time=606 ms root@ubuntu:~# ping 192.168.1.102 (Application Server) PING 192.168.1.102 (192.168.1.102) 56(84) bytes of data. 64 bytes from 192.168.1.102: icmp_seq=1 ttl=63 time=643 ms 64 bytes from 192.168.1.102: icmp_seq=2 ttl=63 time=601 ms 64 bytes from 192.168.1.102: icmp_seq=3 ttl=63 time=1398 ms root@ubuntu:~# ping 192.168.1.99 (Webmail) PING 192.168.1.99 (192.168.1.99) 56(84) bytes of data. 64 bytes from 192.168.1.99: icmp_seq=1 ttl=64 time=572 ms 64 bytes from 192.168.1.99: icmp_seq=2 ttl=64 time=589 ms 64 bytes from 192.168.1.99: icmp_seq=3 ttl=64 time=625 ms root@ubuntu:~# ping 192.168.1.103 (Backup Server) PING 192.168.1.103 (192.168.1.103) 56(84) bytes of data. 64 bytes from 192.168.1.103: icmp_seq=1 ttl=63 time=801 ms 64 bytes from 192.168.1.103: icmp_seq=2 ttl=63 time=685 ms 64 bytes from 192.168.1.103: icmp_seq=3 ttl=63 time=644 ms 64 bytes from 192.168.1.103: icmp_seq=4 ttl=63 time=843 ms
Akses Ardelindo dan Customer ABCDE
Sekarang kita lakukan akses secara nyata menggunakan nautilus untuk mengambil data yang ada di ardelindo dan customer, serta melakukan akses webmail secara lokal.
Koneksi ke Ardelindo Datacenter
Koneksi Ke Ardelindo Hotspot Management
Koneksi Ke Customer ABCDE
