Fungsi community ?

Konfigurasi community ?
10.17.100.0/24

10.17.101.0/24

00001010. 00010001. 01100100. 00000000

00001010. 00010001. 01100101. 00000000

10.16.0.0/12

76543210

128 64 32 16 8 4 2 1

Aggregate
AS-Path with Regular Expression
MED
Local Preference
 1. Community
2. Aggregate
3. As Path
4. MED
5. Local Preference

Implementing Policy in Nokia Environment

Routing Policy

Regions of interest = Wilayah yang memiliki kesamaan / dikelola oleh satu administrasi yang sama.Bisa
jadi sebuah Negara / Kota / area dalam sebuah kota, dapat juga sebagai layanan bisnis seperti ISP, atau
perusahaan lain.

Section 1 : Planning the AS and BGP deployment

Section 2 : Policy implementation and tools

Section 3 : Policy with prefix-lists

Section 4 : Policy using communities

Section 5 : Advertising aggregate

Section 6 : AS-Path Policy

Section 7 : Policy using MED

Section 8 : Policy using local preference

The need for Policy

- Policy is used to change BGP default behavior

- Policy drivers are based on various factors, including :
 Finance
 Politics
 SLAs
 Security
- Policy may be used to :
 Redistribute routes between protocols
 Filter advertised routes
 Filter received routes
 Modify advertised routes
 Modify received routes
- Export policies can be used to:
 Bring non BGP prefixes into BGP NLRI and/or
 Modify / filter NLRI/PATH to others BGP peers
- Import policies can be used to modify / filter NLRI/Path information from other BGP peer.

Kebutuhan akan Policy

1. Mengubah default behavior dari BGP

2. Policy dibuat karena beberapa factor, diantaranya :
- Finance, Politik, SLA, dan keamanan
3. Policy dapat digunakan untuk
 Meredistribusi routes antar routing protocol
 Filter advertised routes
 Filter received routes
 Modify advertised routes
 Modify received routes
4. Export policy dapat digunakan untuk :
  Membawa prefix non-BGP ke dalam BGP NLRI dan atau
 Modifikasi / filter NLRI/PATH ke BGP peer yang lain.
5. Import policy dapat digunakan untuk modifikasi / filter NLRI/PATH information dari peer BGP
yang lain.

Engineering a Solution

1. Careful planning is essential when implementing policies that affect packet flow or routing
updates
2. The addition of a new policy can disrupt existing traffic flows
 In general, export policy affects ingress traffic, and vice versa.
3. Before configuring and applying a route policy :
 Understand the new policy definition
 Establish a baseline of existing traffic flows
 Check the configuration for the presence of existing policies
- If there are existing policies, understand their purpose before attempting configuration
changes.
 Develop an overall plan and strategy to accomplish your intended routing actions.

Section 2 : Policy implementation and tools

Section objectives :

- Describe steps to implement policy in SR OS

- Describe common policy requirements
- List the basic policies associated with the eBGP export policies
- List the basic policies associated with the eBGP import policies
- List possible match criteria from context
- List possible match criteria to context
- List and describe the possible policy actions
- Link several policies together, using enhanced SR OS policy options.

Describe steps to implement policy in SR OS

The need for Policy

- Policy is used to change BGP default behavior

- Policy drivers are based on various factors, including :
 Finance
 Politics
 SLAs
 Security
- Policy may be used to :
  Redistribute routes between protocols
 Filter advertised routes
 Filter received routes
 Modify advertised routes
 Modify received routes
- Export policies can be used to:
 Bring non BGP prefixes into BGP NLRI and/or
 Modify / filter NLRI/PATH to others BGP peers
- Import policies can be used to modify / filter NLRI/Path information from other BGP peer.

Using as-set or not at R1

Verification on R7

Using as-set
Without as-set
As-path to match
R1 – received route

u*>i 192.169.10.8/29  suriah

u*>i 192.166.10.8/29  indo

u*>i 192.160.0.0/11  agg

u*>i 10.65.100.0/24  Singapore

u*>i 10.64.0.0/12  agg

R3 – received route

u*>i 10.16.0.0/12  agg

u*>i 10.16.10.9/32  R9

u*>i 10.17.100.0/24  England

u*>i 10.17.101.0/24  spain

u*>i 168.18.1.0/30  R9 (to-R11)

u*>i 168.18.4.0/30  R9 (to-R10)

u*>i 192.168.2.8/29  Japan

u*>i 192.168.2.24/29  Korea

u*>i 192.168.10.8/29 arab

u*>i 192.168.10.24/29  qatar

Prefix lists :

At R6 :

*A:R6# configure router policy-options

*A:R6>config>router>policy-options# begin

*A:R6>config>router>policy-options# prefix-list "client-web-service"

*A:R6>config>router>policy-options>prefix-list$ prefix 10.18.100.0/24 exact

*A:R6>config>router>policy-options>prefix-list$ exit

*A:R6>config>router>policy-options# prefix-list "client-sosmed"

*A:R6>config>router>policy-options>prefix-list$ prefix 192.161.3.8/29

*A:R6>config>router>policy-options>prefix-list$ exit

*A:R6>config>router>policy-options# commit

*A:R6>config>router>policy-options# exit

Verification policy

*A:R6# show router policy prefix-list "client-sosmed"

prefix 192.161.3.8/29 exact

*A:R6# show router policy prefix-list "client-web-service"

prefix 10.18.100.0/24 exact

Bisa di ping
Tdk bisa ping