Lompat ke konten Lompat ke sidebar Lompat ke footer

Webinar Basic BGP Implementation and Case Study on Mikrotik

Webinar Basic BGP Implementation and Case Study dilaksanakan pada Senin, 26 April 2021. Pada webinar ini kita membahas:

Webinar Basic BGP Implementation and Case Study on Mikrotik

Slide yang saya gunakan di webinar tersebut bisa diunduh di: Basic BGP Implementation on MikroTik.pdf

Berikut adalah topologi lab pada webinar tersebut (klik gambar untuk lebih jelas). Akan tetapi fokus kita hanya ke AS 4000 dan AS 7000 karena AS lain anggap saja dimanage oleh provider terkait.

Dan berikut ini adalah konfigurasi yang harus dijalankan terlebih dahulu sebelum memulai lab.

PRECONFIG

AS-30 (Amazon)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Global1
set [ find default-name=ether2 ] name=ether2-Amazon

/routing bgp instance
set default as=30 out-filter=bgp-out router-id=200.3.3.1

/ip address
add address=200.3.3.1/24 interface=ether2-Amazon network=200.3.3.0
add address=200.1.1.6/30 interface=ether1-Global1 network=200.1.1.4
add address=200.3.0.1/22 interface=loopback network=200.3.0.0

/routing bgp network
add network=200.3.0.0/22

/routing bgp peer
add in-filter=Global1-in name=to-Global1 out-filter=Global1-out remote-address=200.1.1.5 remote-as=10

/routing filter
add action=accept chain=bgp-out prefix=200.3.0.0/22 prefix-length=22
add action=discard chain=bgp-out

/system identity
set name=AS-30-Amazon

AS-10 (Global1)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Amazon
set [ find default-name=ether2 ] name=ether2-Local1
set [ find default-name=ether3 ] name=ether3-IDN-Cloud
set [ find default-name=ether4 ] name=ether4-Global2

/routing bgp instance
set default as=10 out-filter=bgp-out router-id=200.1.1.1

/ip address
add address=200.1.1.5/30 interface=ether1-Amazon network=200.1.1.4
add address=200.1.1.9/30 interface=ether4-Global2 network=200.1.1.8
add address=200.1.1.17/30 interface=ether2-Local1 network=200.1.1.16
add address=200.1.1.13/30 interface=ether3-IDN-Cloud network=200.1.1.12
add address=200.1.1.1/24 interface=loopback network=200.1.1.0

/routing bgp network
add network=200.1.1.0/24

/routing bgp peer
add in-filter=Amazon-in name=to-Amazon out-filter=Amazon-out remote-address=200.1.1.6 remote-as=30 remove-private-as=yes
add in-filter=Local1-in name=to-Local1 out-filter=Local1-out remote-address=200.1.1.18 remote-as=1000 remove-private-as=yes
add in-filter=IDN-Cloud-in name=to-IDN-Cloud out-filter=IDN-Cloud-out remote-address=200.1.1.14 remote-as=4000 remove-private-as=yes
add in-filter=Global2-in name=to-Global2 out-filter=Global2-out remote-address=200.1.1.10 remote-as=20 remove-private-as=yes

/routing filter
add chain=IDN-Cloud-in disabled=yes set-bgp-communities=10:101
add action=discard bgp-communities=10:101 chain=Local1-out disabled=yes
add chain=Local1-in disabled=yes set-bgp-communities=10:101

/system identity
set name=AS-10-Global1

AS-20 (Global2)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Local2
set [ find default-name=ether2 ] name=ether2-Global1
set [ find default-name=ether3 ] name=ether3-IDN-Cloud

/routing bgp instance
set default as=20 out-filter=bgp-out router-id=200.2.2.1

/ip address
add address=200.1.1.10/30 interface=ether2-Global1 network=200.1.1.8
add address=200.2.2.9/30 interface=ether1-Local2 network=200.2.2.8
add address=200.2.2.5/30 interface=ether3-IDN-Cloud network=200.2.2.4
add address=200.2.2.1/24 interface=loopback network=200.2.2.0

/routing bgp network
add network=200.2.2.0/24

/routing bgp peer
add in-filter=Local2-in name=to-Local2 out-filter=Local2-out remote-address=200.2.2.10 remote-as=2000 remove-private-as=yes
add in-filter=Global1-in name=to-Global1 out-filter=Global1-out remote-address=200.1.1.9 remote-as=10 remove-private-as=yes
add in-filter=IDN-Cloud-in name=to-IDN-Cloud out-filter=IDN-Cloud-out remote-address=200.2.2.6 remote-as=4000 remove-private-as=yes

/system identity
set name=AS-20-Global2

AS-1000 (Local1-R1)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Global1
set [ find default-name=ether2 ] name=ether2-R2-local
set [ find default-name=ether3 ] name=ether3-R2-global

/routing bgp instance
set default as=1000 out-filter=bgp-out router-id=100.1.1.1

/ip address
add address=200.1.1.18/30 interface=ether1-Global1 network=200.1.1.16
add address=10.10.0.1 interface=ether2-R2-local network=10.10.0.2
add address=10.20.0.1 interface=ether3-R2-global network=10.20.0.2
add address=100.1.1.1/24 interface=loopback network=100.1.1.0

/ip firewall address-list
add address=10.0.0.0/8 list=Private

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-Global1 src-address-list=Private

/routing bgp network
add network=100.1.1.0/24 synchronize=no

/routing bgp peer
add in-filter=Global1-in name=to-Global1 out-filter=Global1-out remote-address=200.1.1.17 remote-as=10 remove-private-as=yes
add in-filter=R2-local-in name=to-R2-local out-filter=R2-local-out remote-address=10.10.0.2 remote-as=1000 remove-private-as=yes
add in-filter=R2-global-in name=to-R2-global nexthop-choice=force-self out-filter=R2-global-out remote-address=10.20.0.2 remote-as=1000 remove-private-as=yes

/routing filter
add action=discard chain=bgp-out prefix-length=!8-24
add chain=R2-local-in set-bgp-communities=1000:101
add action=discard chain=R2-global-in set-bgp-communities=1000:102
add chain=Global1-in set-bgp-communities=1000:102
add action=discard bgp-communities=1000:102 chain=Global1-out set-bgp-communities=""
add action=discard bgp-communities=1000:102 chain=R2-local-out
add action=discard bgp-communities=1000:101 chain=R2-global-out

/system identity
set name=AS-1000-Local1-R1

AS-1000 (Local1-R2)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-IIX
set [ find default-name=ether2 ] name=ether2-R1-local
set [ find default-name=ether3 ] name=ether3-R1-global
set [ find default-name=ether4 ] name=ether4-IDN-Office

/interface vlan
add interface=ether4-IDN-Office name=vlan101-local vlan-id=101
add interface=ether4-IDN-Office name=vlan102-global vlan-id=102

/routing bgp instance
set default as=1000 out-filter=bgp-out router-id=100.1.1.2

/ip address
add address=100.3.3.6/30 interface=ether1-IIX network=100.3.3.4
add address=10.101.0.1/30 interface=vlan101-local network=10.101.0.0
add address=10.102.0.1/30 interface=vlan102-global network=10.102.0.0
add address=10.10.0.2 interface=ether2-R1-local network=10.10.0.1
add address=10.20.0.2 interface=ether3-R1-global network=10.20.0.1
add address=100.1.1.2 interface=ether1-IIX network=100.1.1.2

/ip firewall address-list
add address=10.102.0.0/24 list=IDN-Office
add address=10.101.0.0/24 list=IDN-Office

/ip firewall nat
add action=masquerade chain=srcnat src-address-list=IDN-Office

/routing bgp peer
add in-filter=R1-global-in name=to-R1-global out-filter=R1-global-out remote-address=10.20.0.1 remote-as=1000 remove-private-as=yes
add in-filter=R1-local-in name=to-R1-local nexthop-choice=force-self out-filter=R1-local-out remote-address=10.10.0.1 remote-as=1000 remove-private-as=yes
add in-filter=IDN-Office-local-in name=to-IDN-Office-lokal out-filter=IDN-Office-local-out remote-address=10.101.0.2 remote-as=7000 remove-private-as=yes
add in-filter=IDN-Office-global-in name=to-IDN-Office-global out-filter=IDN-Office-global-out remote-address=10.102.0.2 remote-as=7000 remove-private-as=yes
add in-filter=IIX-in name=to-IIX out-filter=IIX-out remote-address=100.3.3.5 remote-as=3000 remove-private-as=yes

/routing filter
add action=discard chain=bgp-out prefix-length=!8-24
add chain=R1-local-in set-bgp-communities=1000:101
add chain=R1-global-in set-bgp-communities=1000:102
add action=discard bgp-communities=1000:102 chain=R1-local-out set-bgp-communities=""
add chain=IIX-in set-bgp-communities=1000:101
add action=discard bgp-communities=1000:102 chain=IIX-out set-bgp-communities=""
add action=accept bgp-communities="" chain=IIX-out set-bgp-communities=""
add chain=IDN-Office-local-in set-bgp-communities=1000:101
add action=discard bgp-communities=1000:102 chain=IDN-Office-local-out set-bgp-communities=""
add action=accept bgp-communities="" chain=IDN-Office-local-out set-bgp-communities=""
add action=discard bgp-communities=1000:101 chain=R1-global-out
add action=discard bgp-communities=1000:101 chain=IDN-Office-global-out set-bgp-communities=""
add action=accept bgp-communities="" chain=R1-local-out set-bgp-communities=""
add action=accept chain=IDN-Office-global-out disabled=yes
add action=discard chain=IDN-Office-global-in

/system identity
set name=AS-1000-Local1-R2

AS-2000 (Local2)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Global2
set [ find default-name=ether2 ] name=ether2-IIX
set [ find default-name=ether4 ] name=ether4-IDN-Cloud
set [ find default-name=ether5 ] name=ether5-IDN-Office

/interface vlan
add interface=ether5-IDN-Office name=vlan201-IDN-Office-local vlan-id=201
add interface=ether5-IDN-Office name=vlan202-IDN-Office-global vlan-id=202

/routing bgp instance
set default as=2000 out-filter=bgp-out router-id=100.2.2.1

/ip address
add address=200.2.2.10/30 interface=ether1-Global2 network=200.2.2.8
add address=100.2.2.5/30 interface=ether4-IDN-Cloud network=100.2.2.4
add address=100.3.3.10/30 interface=ether2-IIX network=100.3.3.8
add address=100.2.2.9/30 interface=vlan201-IDN-Office-local network=100.2.2.8
add address=100.2.2.13/30 interface=vlan202-IDN-Office-global network=100.2.2.12
add address=100.2.2.1/24 interface=loopback network=100.2.2.0

/routing bgp network
add network=100.2.2.0/24
add network=8.8.8.0/26 synchronize=no
add network=192.168.0.0/20 synchronize=no

/routing bgp peer
add in-filter=Global2-in name=to-Global2 out-filter=Global2-out remote-address=200.2.2.9 remote-as=20 remove-private-as=yes
add in-filter=IIX-in name=to-IIX out-filter=IIX-out remote-address=100.3.3.9 remote-as=3000 remove-private-as=yes
add in-filter=IDN-Cloud-in name=to-IDN-Cloud out-filter=IDN-Cloud-out remote-address=100.2.2.6 remote-as=4000 remove-private-as=yes
add default-originate=always in-filter=IDN-Office-local-in name=to-IDN-Office-local out-filter=IDN-Office-local-out remote-address=100.2.2.10 remote-as=7000 remove-private-as=yes
add default-originate=always in-filter=IDN-Office-global-in name=to-IDN-Office-global out-filter=IDN-Office-global-out remote-address=100.2.2.14 remote-as=7000 remove-private-as=yes

/routing filter
add chain=Global2-in set-bgp-communities=2000:102
add action=discard chain=Global2-out prefix=192.168.0.0/20
add action=discard chain=Global2-out prefix=8.8.8.0/26
add chain=IDN-Cloud-in set-bgp-communities=2000:101
add action=discard bgp-communities=2000:102 chain=IDN-Cloud-out
add action=discard chain=IDN-Cloud-out prefix=192.168.0.0/20
add action=discard chain=IDN-Cloud-out prefix=8.8.8.0/26
add chain=IIX-in set-bgp-communities=2000:101
add action=discard bgp-communities=2000:102 chain=IIX-out
add action=discard chain=IIX-out prefix=192.168.0.0/20
add action=discard chain=IIX-out prefix=8.8.8.0/26
add action=discard chain=IDN-Office-global-in
add action=discard chain=IDN-Office-global-out prefix=100.2.2.0/24 prefix-length=24
add action=discard bgp-communities=2000:101 chain=IDN-Office-global-out set-bgp-communities=""
add action=discard chain=IDN-Office-global-out prefix=192.168.0.0/20
add action=discard chain=IDN-Office-global-out prefix=8.8.8.0/26
add action=accept chain=IDN-Office-local-in prefix=100.7.7.0/24 prefix-length=24
add action=discard chain=IDN-Office-local-in
add action=accept chain=IDN-Office-local-out prefix=8.8.8.0/26 prefix-length=26
add action=accept chain=IDN-Office-local-out prefix=192.168.0.0/20 prefix-length=20-24
add action=discard bgp-communities=2000:102 chain=IDN-Office-local-out set-bgp-communities=""

/system identity
set name=AS-2000-Local2

AS-3000 (IIX)

/interface bridge
add name=loopback

/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP-Local1
set [ find default-name=ether2 ] name=ether2-IDN-Cloud
set [ find default-name=ether4 ] name=ether4-ISP-Local2
set [ find default-name=ether5 ] name=ether5-Rogue

/routing bgp instance
set default as=3000 out-filter=bgp-out router-id=100.3.3.1

/ip address
add address=100.3.3.5/30 interface=ether1-ISP-Local1 network=100.3.3.4
add address=100.3.3.13/30 interface=ether2-IDN-Cloud network=100.3.3.12
add address=100.3.3.9/30 interface=ether4-ISP-Local2 network=100.3.3.8
add address=100.3.3.1/24 interface=loopback network=100.3.3.0

/routing bgp network
add network=100.3.3.0/24

/routing bgp peer
add in-filter=Local1-in name=to-Local1 out-filter=Local1-out remote-address=100.3.3.6 remote-as=1000 remove-private-as=yes
add in-filter=IDN-Cloud-in name=to-IDN-Cloud out-filter=IDN-Cloud-out remote-address=100.3.3.14 remote-as=4000
add in-filter=Local2-in name=to-Local2 out-filter=Local2-out remote-address=100.3.3.10 remote-as=2000

/routing filter
add action=discard chain=bgp-out prefix-length=!8-24

/system identity
set name=AS-3000-IIX

AS-4000 (IDN-Cloud)

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Global1
set [ find default-name=ether2 ] name=ether2-IIX
set [ find default-name=ether3 ] name=ether3-DC
set [ find default-name=ether4 ] name=ether4-Local2
set [ find default-name=ether5 ] name=ether5-Global2

/routing bgp instance
set default as=4000 out-filter=bgp-out router-id=100.4.4.1

/ip address
add address=200.1.1.14/30 interface=ether1-Global1 network=200.1.1.12
add address=100.3.3.14/30 interface=ether2-IIX network=100.3.3.12
add address=100.4.4.1/24 interface=ether3-DC network=100.4.4.0
add address=100.2.2.6/30 interface=ether4-Local2 network=100.2.2.4
add address=200.2.2.6/30 interface=ether5-Global2 network=200.2.2.4

/routing bgp network
add network=100.4.4.0/24

/routing bgp peer
add in-filter=Global1-in name=to-Global1 out-filter=Global1-out remote-address=200.1.1.13 remote-as=10 remove-private-as=yes
add in-filter=Global2-in name=to-Global2 out-filter=Global2-out remote-address=200.2.2.5 remote-as=20 remove-private-as=yes
add in-filter=IIX-in name=to-IIX out-filter=IIX-out remote-address=100.3.3.13 remote-as=3000 remove-private-as=yes
add in-filter=Local2-in name=to-Local2 out-filter=Local2-out remote-address=100.2.2.5 remote-as=2000 remove-private-as=yes

/routing filter
add action=accept chain=bgp-out prefix=100.4.4.0/24
add action=discard chain=bgp-out

/system identity
set name=AS-4000-IDN-Cloud

AS-7000 (IDN-Office)

/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP1
set [ find default-name=ether2 ] name=ether2-ISP2
set [ find default-name=ether3 ] name=ether3-LAN

/interface vlan
add interface=ether1-ISP1 name=vlan101-isp1-local vlan-id=101
add interface=ether1-ISP1 name=vlan102-isp1-global vlan-id=102
add interface=ether2-ISP2 name=vlan201-isp2-local vlan-id=201
add interface=ether2-ISP2 name=vlan202-isp2-global vlan-id=202

/ip address
add address=10.101.0.2/30 interface=vlan101-isp1-local network=10.101.0.0
add address=10.102.0.2/30 interface=vlan102-isp1-global network=10.102.0.0
add address=100.2.2.10/30 interface=vlan201-isp2-local network=100.2.2.8
add address=100.2.2.14/30 interface=vlan202-isp2-global network=100.2.2.12
add address=100.7.7.1/24 interface=ether3-LAN network=100.7.7.0

/system identity
set name=AS-7000-IDN-Office

Nah, berikut ini adalah konfigurasinya untuk masing-masing case.

Case 1: BGP Multihoming

Objective:

  • Peering ke 2 upstream dan setiap upstream terdapat 2 vlan untuk memisahkan prefix internasional (global) dan prefix indonesia (lokal).

AS 7000 (IDN-Office)

/routing bgp instance
set default as=7000 out-filter=bgp-out router-id=100.7.7.1

/routing bgp peer
add in-filter=ISP1-local-in name=to-ISP1-local out-filter=\
ISP1-local-out remote-address=10.101.0.1 remote-as=1000
add in-filter=ISP1-global-in name=to-ISP1-global out-filter=\
ISP1-global-out remote-address=10.102.0.1 remote-as=1000
add in-filter=ISP2-local-in name=to-ISP2-local out-filter=\
ISP2-local-out remote-address=100.2.2.9 remote-as=2000
add in-filter=ISP2-global-in name=to-ISP2-global out-filter=\
ISP2-global-out remote-address=100.2.2.13 remote-as=2000

/routing bgp network
add network=100.7.7.0/24

Case 2: Route Filtering

Objective:
Implementasi route filter.

  1. in-filter: Filter default route (jika tidak diperlukan).
  2. in-filter: Filter prefix yang memiliki prefix-length (subnetmask) lebih besar dari /24.
  3. in-filter: Filter IP Bogons (Reserved IP).
  4. in-filter: Filter prefix yang kita miliki.
  5. out-filter: Hanya advertise prefix kita sendiri, kecuali AS kita sebagai transit AS.

AS 7000 (IDN-Office)

/routing filter
add action=accept chain=bgp-out prefix=100.7.7.0/24 prefix-length=24
add action=discard chain=bgp-out

/routing filter
add action=discard chain=ISP1-local-in prefix=0.0.0.0/0
add action=discard chain=ISP1-local-in prefix-length=!0-24
add action=discard chain=ISP1-local-in prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-local-in prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-local-in prefix=100.64.0.0/10 prefix-length=10-32
add action=discard chain=ISP1-local-in prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-local-in prefix=169.254.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-local-in prefix=172.16.0.0/12 prefix-length=12-32
add action=discard chain=ISP1-local-in prefix=192.0.0.0/24 prefix-length=24-32
add action=discard chain=ISP1-local-in prefix=192.0.2.0/24 prefix-length=24-32
add action=discard chain=ISP1-local-in prefix=192.88.99.0/24 prefix-length=24-32
add action=discard chain=ISP1-local-in prefix=192.168.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-local-in prefix=198.18.0.0/15 prefix-length=15-32
add action=discard chain=ISP1-local-in prefix=198.51.100.0/24 prefix-length=24-32
add action=discard chain=ISP1-local-in prefix=203.0.113.0/24 prefix-length=24-32
add action=discard chain=ISP1-local-in prefix=224.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP1-local-in prefix=240.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP1-local-in prefix=255.255.255.255/32
add action=discard chain=ISP1-local-in prefix=100.7.7.0/24 prefix-length=24
add action=discard chain=ISP1-global-in prefix=0.0.0.0/0
add action=discard chain=ISP1-global-in prefix-length=!0-24
add action=discard chain=ISP1-global-in prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-global-in prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-global-in prefix=100.64.0.0/10 prefix-length=10-32
add action=discard chain=ISP1-global-in prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP1-global-in prefix=169.254.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-global-in prefix=172.16.0.0/12 prefix-length=12-32
add action=discard chain=ISP1-global-in prefix=192.0.0.0/24 prefix-length=24-32
add action=discard chain=ISP1-global-in prefix=192.0.2.0/24 prefix-length=24-32
add action=discard chain=ISP1-global-in prefix=192.88.99.0/24 prefix-length=24-32
add action=discard chain=ISP1-global-in prefix=192.168.0.0/16 prefix-length=16-32
add action=discard chain=ISP1-global-in prefix=198.18.0.0/15 prefix-length=15-32
add action=discard chain=ISP1-global-in prefix=198.51.100.0/24 prefix-length=24-32
add action=discard chain=ISP1-global-in prefix=203.0.113.0/24 prefix-length=24-32
add action=discard chain=ISP1-global-in prefix=224.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP1-global-in prefix=240.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP1-global-in prefix=255.255.255.255/32
add action=discard chain=ISP1-global-in prefix=100.7.7.0/24 prefix-length=24
add action=discard chain=ISP2-local-in prefix=0.0.0.0/0
add action=discard chain=ISP2-local-in prefix-length=!0-24
add action=discard chain=ISP2-local-in prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-local-in prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-local-in prefix=100.64.0.0/10 prefix-length=10-32
add action=discard chain=ISP2-local-in prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-local-in prefix=169.254.0.0/16 prefix-length=16-32
add action=discard chain=ISP2-local-in prefix=172.16.0.0/12 prefix-length=12-32
add action=discard chain=ISP2-local-in prefix=192.0.0.0/24 prefix-length=24-32
add action=discard chain=ISP2-local-in prefix=192.0.2.0/24 prefix-length=24-32
add action=discard chain=ISP2-local-in prefix=192.88.99.0/24 prefix-length=24-32
add action=discard chain=ISP2-local-in prefix=192.168.0.0/16 prefix-length=16-32
add action=discard chain=ISP2-local-in prefix=198.18.0.0/15 prefix-length=15-32
add action=discard chain=ISP2-local-in prefix=198.51.100.0/24 prefix-length=24-32
add action=discard chain=ISP2-local-in prefix=203.0.113.0/24 prefix-length=24-32
add action=discard chain=ISP2-local-in prefix=224.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP2-local-in prefix=240.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP2-local-in prefix=255.255.255.255/32
add action=discard chain=ISP2-local-in prefix=100.7.7.0/24 prefix-length=24
add action=discard chain=ISP2-global-in prefix=0.0.0.0/0
add action=discard chain=ISP2-global-in prefix-length=!0-24
add action=discard chain=ISP2-global-in prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-global-in prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-global-in prefix=100.64.0.0/10 prefix-length=10-32
add action=discard chain=ISP2-global-in prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=ISP2-global-in prefix=169.254.0.0/16 prefix-length=16-32
add action=discard chain=ISP2-global-in prefix=172.16.0.0/12 prefix-length=12-32
add action=discard chain=ISP2-global-in prefix=192.0.0.0/24 prefix-length=24-32
add action=discard chain=ISP2-global-in prefix=192.0.2.0/24 prefix-length=24-32
add action=discard chain=ISP2-global-in prefix=192.88.99.0/24 prefix-length=24-32
add action=discard chain=ISP2-global-in prefix=192.168.0.0/16 prefix-length=16-32
add action=discard chain=ISP2-global-in prefix=198.18.0.0/15 prefix-length=15-32
add action=discard chain=ISP2-global-in prefix=198.51.100.0/24 prefix-length=24-32
add action=discard chain=ISP2-global-in prefix=203.0.113.0/24 prefix-length=24-32
add action=discard chain=ISP2-global-in prefix=224.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP2-global-in prefix=240.0.0.0/4 prefix-length=4-32
add action=discard chain=ISP2-global-in prefix=255.255.255.255/32
add action=discard chain=ISP2-global-in prefix=100.7.7.0/24 prefix-length=24

Case 3: Re-route Path Selection

Objective:
Re-route prefix dari AS 30 (Amazon) agar lewat ISP Local2.

AS 7000 (IDN-Office)

/routing filter
add bgp-as-path="_30\$" chain=ISP2-global-in comment="Set weight prefix AS 30 to 100" disabled=yes set-bgp-weight=100

Case 4: Asymmetric Routing

Objective:
Pada IDN-Cloud,

  1. Traffic upload dilewatkan ke Global1 (internasional) dan IIX (lokal).
  2. Traffic download dilewatkan melalui Global2 (internasional) dan ISP-Local2 (lokal).

AS 4000 (IDN-Cloud)

/routing filter
add action=accept chain=bgp-out prefix=100.4.4.0/24
add action=discard chain=bgp-out
add chain=Global1-out comment="Prepend 15 Global1" set-bgp-prepend=15
add chain=IIX-out comment="Prepend 5 IIX" set-bgp-prepend=5
add chain=Global1-in comment="Set weight 500 Global1" set-bgp-weight=500
add chain=IIX-in comment="Set weight 500 IIX" set-bgp-weight=500

Oke, demikian untuk konfig labnya. Jika kamu ingin belajar lebih lanjut tentang BGP dan atributnya, bisa belajar melalui Modul Mikrotik MTCINE BGP: Konsep BGP dan Implementasi BGP Attributes.

Tags: studi kasus bgp, bgp use case, bgp mikrotik, bgp attribute, bgp weight mikrotik, bgp as path prepend mikrotik, bgp asyimmetric routing, route filtering bgp, bgp security.