Archive for the ‘Mikrotik’ Category
[junOS] Filter prefix length ospf
Biasanya tidak semua prefix mau di terima kita, misalnya ada ip2 private yg tidak mau kita terima routenya.
Pada case ini misal kita mau filter prefix 20.21.22.0/24 , kita lihat dulu route sebelumnya.
ebenz@enterprise# run show route | match 20.21.22.
20.21.22.0/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.4/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.8/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.12/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.16/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.20/30 *[OSPF/150] 00:00:53, metric 21, tag 0
[edit]
ebenz@enterprise#
simple config untuk mem-filter ip di ospf ;
ebenz@enterprise# edit policy-options policy-statement ospf-filter
[edit policy-options policy-statement ospf-filter]
ebenz@enterprise# set term filter-private from neighbor 172.16.0.204
ebenz@enterprise# set term filter-private from route-filter 20.21.22.0/24 orlonger
ebenz@enterprise# set term filter-private then reject
ebenz@enterprise# set term else then accept
ebenz@enterprise# show
term filter-private {
from {
neighbor 172.16.0.204;
route-filter 20.21.22.0/24 orlonger;
}
then reject;
}
term else {
then accept;
}
[edit policy-options policy-statement ospf-filter]
kemudian import statment pada protocol ospf
ebenz@enterprise# edit protocols ospf
[edit protocols ospf]
ebenz@enterprise# set import ospf-filter
[edit protocols ospf]
ebenz@enterprise# show
import ospf-filter;
area 0.0.0.1 {
interface fe-0/0/0.0 {
hello-interval 10;
neighbor 172.16.0.204;
neighbor 172.16.0.200;
}
}
[edit protocols ospf]
ebenz@enterprise# commit
commit complete
[edit protocols ospf]
ebenz@enterprise# run clear ospf neighbor
[edit protocols ospf]
ebenz@enterprise# run show route | match 20.21.22.
[edit protocols ospf]
sudah hilang 
coba kita show route
ebenz@enterprise# top
[edit]
ebenz@enterprise# exit
Exiting configuration mode
ebenz@enterprise> show route
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:56, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
30.31.32.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
[OSPF basic] junOS – quagga – mikrotik
Melanjutkan OSPF quagga <> mikrotik mumpung lagi ada perangkat (thx bang maman), kita tambahkan lagi neigbhor baru dengan perangkat juniper j2300 series dalam satu network.
quagga
/ \
/ \
junOS Mikrotik
- config IP dan protocols ospf di junOS
login: ebenz
Password:
— JUNOS 8.3R1.5 built 2007-04-13 22:22:33 UTC
ebenz@enterprise>
ebenz@enterprise# set interfaces fe-0/0/0 unit 0 family inet address 172.16.0.201/28
ebenz@enterprise# edit interfaces
[edit interfaces]
ebenz@enterprise# show
fe-0/0/0 {
description WAN;
unit 0 {
family inet {
address 172.16.0.201/28;
}
}
}
[edit interfaces]
ebenz@enterprise# set protocols ospf area 0.0.0.1 interface fe-0/0/0.0 hello-interval 10
note, untuk neigbhor bisa juga tidak diset
ebenz@enterprise# edit protocols
[edit protocols]
ebenz@enterprise# show
ospf {
area 0.0.0.1 {
interface fe-0/0/0.0 {
hello-interval 10;
neighbor 172.16.0.204;
neighbor 172.16.0.200;
}
}
}
[edit protocols]
ebenz@enterprise# commit
commit complete
[edit protocols]
ebenz@enterprise#
- check status ospf
ebenz@enterprise# up
[edit]
ebenz@enterprise# exit
Exiting configuration mode
ebenz@enterprise> show ospf neighbor
Address Interface State ID Pri Dead
172.16.0.204 fe-0/0/0.0 Full 172.16.0.204 1 39
172.16.0.200 fe-0/0/0.0 Full 172.16.0.200 0 38
check route check route
ebenz@enterprise> show route
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:24:48, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
20.21.22.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.20/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.20/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.24/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.28/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.32/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
169.254.0.0/16 *[OSPF/150] 00:24:48, metric 20, tag 0
> to 172.16.0.200 via fe-0/0/0.0
172.16.0.192/28 *[Direct/0] 23:41:13
> via fe-0/0/0.0
172.16.0.201/32 *[Local/0] 23:41:13
Local via fe-0/0/0.0
192.168.99.0/24 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
202.53.253.0/27 *[OSPF/150] 00:24:48, metric 20, tag 0
> to 172.16.0.200 via fe-0/0/0.0
224.0.0.5/32 *[OSPF/10] 01:41:03, metric 1
MultiRecv
ebenz@enterprise# run show route 0.0.0.0
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:30:37, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
[edit protocols ospf area 0.0.0.1]
check route di quagga
Router# sh ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – ISIS, B – BGP, > – selected route, * – FIB route
O>* 20.21.22.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.20/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.20/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.24/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.28/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.32/30 [110/30] via 172.16.0.204, eth0, 01:06:21
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
O 172.16.0.192/28 [110/10] is directly connected, eth0, 03:51:53
C>* 172.16.0.192/28 is directly connected, eth0
O>* 192.168.99.0/24 [110/30] via 172.16.0.204, eth0, 01:06:21
Basic configurasi OSPF Quagga vs Mikrotik
Basic configure untuk ospf di quagga (asumsi zebra, ospfd sudah terinstall)
quangga1 (172.16.0.200/28) —— (172.16.0.204/28)Mikrotik
- config IP address di zebra
[ebenz@ebenz ~]$ telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Hello, this is Quagga (version 0.98.3).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
Router> en
Password:
Router#
Router# conf t
Router(config)# int eth0
Router(config-if)# ip ad
Router(config-if)# ip address 172.16.0.200/28
Router#
- config router ospf (ospfd)
ospfd# conf t
ospfd(config)# router ospf
ospfd(config-router)# ospf router-id 172.16.0.200
ospfd(config-router)# redistribute kernel
ospfd(config-router)# redistribute connected
ospfd(config-router)# redistribute static
ospfd(config-router)# network 172.16.0.192/28 area 0.0.0.1
ospfd(config-router)# default-information originate always
ospfd(config-router)# end
- Setting IP address Mikrotik
[admin@MikroTik] > ip address add address=172.16.0.204/28 interface=Backbone
- config routing ospf Mikrotik
[admin@MikroTik] > routing ospf set router-id=172.16.0.204
[admin@MikroTik] > routing ospf set distribute-default=never (note, neigbhor sudah aktif)
[admin@MikroTik] > routing ospf set redistribute-connected=as-type-2
[admin@MikroTik] > routing ospf set redistribute-static=as-type-2
- config area & network
[admin@MikroTik] > routing ospf area add area-id=0.0.0.1 name=area1
[admin@MikroTik] > routing ospf network add network=172.16.0.192/28 area=area1
secara basic dan default setting ospf di quangga dan mikrotik sudah selesai, tingal kita lihat statusnya
di Mikrotik dan quangga
Mikrotik ;
[admin@MikroTik] > routing ospf neighbor print
router-id=172.16.0.200 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
ups, sepertinya belum full. Check debug ospf pada log ;
[admin@MikroTik] routing> /log print
13:08:01 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:01 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:04 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:04 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:05 ospf,debug Hello sent to 224.0.0.5 via[eth1:172.16.0.204]
13:08:07 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:07 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:10 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:10 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:13 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:13 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
dari hasil log ada ketidak cocokan hellointerval antara quangga dan Mikrotik.
Check default hellointerval di quangga dan sesuaikan sesuai informasi log yaitu 10
ospfd# conf t
ospfd(config)# int eth0
ospfd(config-if)# ip ospf hello-interval 10
ospfd(config-if)# end
before quangga;
ospfd# sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
before mikrotik;
router-id=172.16.0.204 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
After quangga;
ospfd# sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
172.16.0.204 1 Full/DR 00:00:39 172.16.0.204 eth0:172.16.0.200 0 0 0
After Mikrotik;
[admin@MikroTik] > routing ospf neighbor print
router-id=172.16.0.200 address=172.16.0.200 priority=0 state=”Full” state-changes=5 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
router-id=172.16.0.204 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
check route di quangga
Router# sh ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – ISIS, B – BGP, > – selected route, * – FIB route
O>* 20.21.22.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.20/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.20/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.24/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.28/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.32/30 [110/20] via 172.16.0.204, eth0, 00:05:12
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
O 172.16.0.192/28 [110/10] is directly connected, eth0, 01:57:17
C>* 172.16.0.192/28 is directly connected, eth0
O>* 192.168.99.0/24 [110/20] via 172.16.0.204, eth0, 00:05:12
Trunking switch Adtran & Mikrotik
VLAN-SWITCH#sh ver
ADTRAN, Inc. OS version 13.10.00
Checksum: 2054C82B, built on Tue Dec 04 13:40:18 2007
Upgrade key: 68a2fe5412a6c447084e1a4d4873d7ff
Boot ROM version 12.02.00
Checksum: C440, built on: Fri May 12 15:14:02 2006
Copyright (c) 1999-2006, ADTRAN, Inc.
Platform: NetVanta 1224ST, part number 1200504L1
Serial number G15C5195
Flash: 8388608 bytes DRAM: 16777215 bytes
VLAN-SWITCH uptime is 1 days, 2 hours, 13 minutes, 24 seconds
System returned to ROM by Hard Reset
Current system image file is “NV1224A-13-10-00.biz”
Primary boot system image file is “NV1224A-13-10-00.biz”
Backup boot system image file is “9200500-2A1202.biz”
Primary system configuration file is “startup-config”
VLAN-SWITCH#sh run int eth 0/24
Building configuration…
!
!
interface eth 0/24
description TRUNK-MIKROTIK
speed 100
no shutdown
switchport mode trunk
!
end
VLAN-SWITCH#sh run in eth 0/20
Building configuration…
!
!
interface eth 0/20
no shutdown
switchport access vlan 2
!
end
==============================================
Mikrotik Config
==============================================
[admin@MikroTik] > interface print
Flags: X – disabled, R – running, D – dynamic, S – slave
# NAME TYPE MTU
0 R ISP-PTP ether 1500
2 R DMZ ether 1500
3 R ADTRAN-TRUNK ether 1500
5 R vlan2 vlan 1500
[admin@MikroTik] > interface vlan print
Flags: X – disabled, R – running, S – slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan2 1500 enabled 2 ADTRAN-TRUNK
[admin@MikroTik] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.2.1.1/24 10.2.1.0 10.2.1.255 vlan2
[admin@MikroTik] > ip dhcp-server print
Flags: X – disabled, I – invalid
# NAME INT… RELAY ADDRESS-POOL LEASE-TIME ADD
0 dhcp1 vlan2 dhcp_pool2 1d
salam,
Ervin Taufik
Bursts
Bursts
Bursts are used to allow higher data rates for a short period of time. Every 1/16 part of the burst-time, the router calculates the average data rate of each class over the last burst-time seconds. If this average data rate is less than burst-threshold, burst is enabled and the actual data rate reaches burst-limit bps, otherwise the actual data rate falls to max-limit or limit-at.
Let us consider that we have a setup, where max-limit=256000, burst-time=8, burst-threshold=192000 and burst-limit=512000. When a user is starting to download a file via HTTP, we can observe such a situation:
At the beginning the average data rate over the last 8 seconds is 0bps because before applying the queue rule no traffic was passed, using this rule. Since this average data rate is less than burst-threshold (192kbps), burst is allowed. After the first second, the average data rate is (0+0+0+0+0+0+0+512)/8=64kbps, which is under burst-threshold. After the second second, average data rate is (0+0+0+0+0+0+512+512)/8=128kbps. After the third second comes the breakpoint when the average data rate becomes larger than burst-threshold. At this moment burst is disabled and the current data rate falls down to max-limit (256kbps).
http://www.mikrotik.com/testdocs/ros/2.9/root/queue.php
IP Universal Mikrotik 2.9
Merasa kehilangan IP Universal di versi 2.9?
Actually default Hotspot Mikrotik versi 2.9 sudah enable ip universal.
Jadi tidak perlus setting IP universal atau yang sering dikenal dengan nama “Zero Config”.
Tapi kadang Zero Config sering menimbulkan kendala, misalnya antar pengguna hotspot memerlukan sharing file, karena setiap IP di NAT ke IP lain otomatis sharing file tidak akan pernah terjadi. Untuk menghilangkan / disable IP universal di Mikrotik versi 2.9 memang tidak ada menu tapi kita bisa meng non aktifkan melalui IP pool yang ada di profile user diset “none”
[admin@HOTSPOT] > ip hotspot user profile set ip address-pool=none
Dgn demikian ip client yang didapat dari DHCP / static tidak akan di NAT menjadi IP lain.
rgs,
Ervin Taufik
ervin andriana taufik
