Wide Area Networking adalah suatu area luas (kota / wilayah) yang berbeda geografis yang saling terhubung satu dengan lain dalam suatu topologi jaringan komputer. Pada artikel ini kita akan membahas mengenai Virtual WAN (Virtual Wide Area Networking), yang bertujuan menghubungkan beberapa subnet wilayah, kota ataupun kantor perusahaan menjadi satu topologi. Subnet yang akan kita hubungkan menggunakan alamat IP Private 192.xxx.xxx.xxx yang tidak dikenal oleh internet. Jadi Virtual WAN lebih ditujukan untuk pemakaian pribadi (personal atau corporate). Hubungan antar subnet mirip dengan internet atau WAN, pengguna dapat langsung melakukan sharing data antar komputer beda subnet, printer dan pemanfaatan aplikasi. Gambar dibawah ini merupakan contoh topologi subnet kantor surabaya, madiun dan ponorogo, kita akan menggabungkan menjadi satu topologi Virtual WAN menggunakan kombinasi OpenVPN dan BGP Routing Protocol.
BGP Inside OpenVPN
Diagram dibawah ini menunjukkan pemanfaatan teknologi Tunneling VPN (garis biru) untuk membawa BGP routing protocol yang menghubungkan jaringan antar subnet. Setiap AS Number (ASN) dihubungkan oleh jalur tunnel VPN, paket data routing BGP yang melintas selalu dibungkus (encapsulation) dan di enkripsi (encryption), sehingga meningkatkan keamanan komunikasi data antar subnet.
Informasi AS Number
Madiun = ASN 1003
Ponorogo = ASN 1002
Surabaya = ASN 1001
Topologi Lengkap Virtual WAN
Gambar dibawah ini menunjukkan penggabungan topologi antar subnet dengan diagram BGP routing inside OpenVPN. Setiap perangkat PC Router Linux terpasang aplikasi OpenVPN dan Quagga Routing Daemon, hanya saja pada kantor surabaya router kita fungsikan sebagai OpenVPN Server dan harus memakai IP Publik Statis. Koneksi kantor madiun maupun ponorogo bisa memakai koneksi IP dinamis dan kita fungsikan sebagai VPN Client. Berikut ini data koneksi setiap PC Router.
Kantor Surabaya
Koneksi Internet : Dedicated Leased Line 512kbps – 1Mbps
IP Publik : 122.200.52.41
Subnet LAN : 192.168.0.0/24
IP VPN : 10.8.1.1
ASN : 1001
Kantor Madiun
Koneksi Internet : Telkom Speedy Unlimited
IP Telkom Speedy : 125.22.156.45 (IP dinamis)
Subnet LAN : 192.168.10.0/24
IP VPN : 10.8.1.3
ASN : 1003
Kantor Ponorogo
Koneksi Internet : FastNet First Media
IP FastNet : 122.34.200.70 (IP dinamis)
Subnet LAN : 192.168.1.0/24
IP VPN : 10.8.1.4
ASN : 1002
Konfigurasi Virtual WAN
PC Router Kantor Surabaya
vim /etc/openvpn/server.conf (OpenVPN Server)
dev tap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
vim /etc/quagga/daemons
zebra = yes
bgpd = yes
ospfd = no
ospf6d = no
ripd = no
ripngd = no
isisd = no
vim /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon"
bgpd_options=" --daemon"
ospfd_options=" --daemon"
ospf6d_options="--daemon -A ::1"
ripd_options=" --daemon"
ripngd_options="--daemon -A ::1"
isisd_options=" --daemon -A 127.0.0.1"
vim /etc/quagga/bgpd.conf
hostname bgpd
password zebra
enable password ardelindo
log stdout
router bgp 1001
bgp router-id 10.8.1.1
network 122.200.50.0/24
network 192.168.0.0/24
neighbor 10.8.1.3 remote-as 1003
neighbor 10.8.1.4 remote-as 1002
line vty
#############################
##TEST KONFIGURASI
##KANTOR SURABAYA
#############################
Router> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 122.200.52.1, eth1
C>* 10.8.1.0/24 is directly connected, tap0
C>* 122.200.52.0/25 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.0.0/24 is directly connected, eth3
K>* 192.168.0.218/32 via 10.8.1.2, tap0
B>* 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 03:29:27
B>* 192.168.10.0/24 [20/0] via 10.8.1.3, tap0, 15:03:25
bgpd> show ip bgp neighbors
BGP neighbor is 10.8.1.3, remote AS 1003, local AS 1001, external link
BGP version 4, remote router ID 10.8.1.3
BGP state = Established, up for 15:05:21
Last read 00:00:21, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 10 2
Notifications: 3 5
Updates: 15 5
Keepalives: 1521 1512
Route Refresh: 0 0
Capability: 0 0
Total: 1549 1524
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
1 accepted prefixes
Connections established 5; dropped 3
Last reset 1d00h58m, due to BGP Notification send
Local host: 10.8.1.1, Local port: 179
Foreign host: 10.8.1.3, Foreign port: 42912
Nexthop: 10.8.1.1
Nexthop global: fe80::2ff:79ff:fe7c:31a8
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
BGP neighbor is 10.8.1.4, remote AS 1002, local AS 1001, external link
BGP version 4, remote router ID 10.8.1.4
BGP state = Established, up for 03:31:24
Last read 00:00:25, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 5 2
Notifications: 1 2
Updates: 14 4
Keepalives: 1516 1509
Route Refresh: 0 0
Capability: 0 0
Total: 1536 1517
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
1 accepted prefixes
Connections established 4; dropped 2
Last reset 03:31:38, due to BGP Notification received
Local host: 10.8.1.1, Local port: 43853
Foreign host: 10.8.1.4, Foreign port: 179
Nexthop: 10.8.1.1
Nexthop global: fe80::2ff:79ff:fe7c:31a8
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
bgpd> show ip bgp summary
BGP router identifier 10.8.1.1, local AS number 1001
RIB entries 7, using 448 bytes of memory
Peers 2, using 5024 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.3 4 1003 1524 1549 0 0 0 15:06:00 1
10.8.1.4 4 1002 1518 1537 0 0 0 03:32:03 1
Total number of neighbors 2
PC Router Kantor Madiun
vim /etc/openvpn/client.conf (VPN Client)
client
dev tap
proto udp
remote 122.200.52.41 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert madiun.crt
key madiun.key
comp-lzo
verb 3
vim /etc/quagga/daemons
zebra = yes
bgpd = yes
ospfd = no
ospf6d = no
ripd = no
ripngd = no
isisd = no
vim /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon"
bgpd_options=" --daemon"
ospfd_options=" --daemon"
ospf6d_options="--daemon -A ::1"
ripd_options=" --daemon"
ripngd_options="--daemon -A ::1"
isisd_options=" --daemon -A 127.0.0.1"
vim /etc/quagga/bgpd.conf
hostname bgpd
password zebra
enable password ardelindo
log stdout
router bgp 1003
bgp router-id 10.8.1.3
network 192.168.10.0/24
neighbor 10.8.1.1 remote-as 1001
line vty
#############################
##TEST KONFIGURASI
##KANTOR MADIUN
#############################
Router> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.1.1, eth1
O 10.8.1.0/24 [110/10] is directly connected, tap0, 1d00h34m
C>* 10.8.1.0/24 is directly connected, tap0
B>* 122.200.50.0/24 [20/0] via 10.8.1.1, tap0, 14:29:07
C>* 127.0.0.0/8 is directly connected, lo
B>* 192.168.0.0/24 [20/0] via 10.8.1.1, tap0, 14:29:07
B 192.168.1.0/24 [20/0] via 10.8.1.4, tap0, 02:54:53
C>* 192.168.1.0/24 is directly connected, eth1
O 192.168.10.0/24 [110/10] is directly connected, eth2, 1d00h34m
C>* 192.168.10.0/24 is directly connected, eth2
bgpd> show ip bgp summary
BGP router identifier 10.8.1.3, local AS number 1003
RIB entries 7, using 448 bytes of memory
Peers 1, using 2512 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.1 4 1001 1484 1499 0 0 0 14:32:29 3
Total number of neighbors 1
bgpd> show ip bgp neighbors
BGP neighbor is 10.8.1.1, remote AS 1001, local AS 1003, external link
BGP version 4, remote router ID 10.8.1.1
BGP state = Established, up for 14:33:09
Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 7 3
Notifications: 7 0
Updates: 4 12
Keepalives: 1482 1469
Route Refresh: 0 0
Capability: 0 0
Total: 1500 1484
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
3 accepted prefixes
Connections established 4; dropped 0
Last reset never
Local host: 10.8.1.3, Local port: 42912
Foreign host: 10.8.1.1, Foreign port: 179
Nexthop: 10.8.1.3
Nexthop global: fe80::2ff:9dff:fecd:a17b
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
bgpd> show ip bgp summary
BGP router identifier 10.8.1.3, local AS number 1003
RIB entries 7, using 448 bytes of memory
Peers 1, using 2512 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.8.1.1 4 1001 1519 1534 0 0 0 15:07:23 3
Total number of neighbors 1
Test Koneksi Virtual WAN Kantor Surabaya
Sekarang kita test dari komputer klien kantor surabaya ke kantor madiun.
root@budi:~# ping 192.168.10.92
PING 192.168.10.92 (192.168.10.92) 56(84) bytes of data.
64 bytes from 192.168.10.92: icmp_seq=1 ttl=62 time=384 ms
64 bytes from 192.168.10.92: icmp_seq=2 ttl=62 time=49.0 ms
64 bytes from 192.168.10.92: icmp_seq=3 ttl=62 time=62.3 ms
64 bytes from 192.168.10.92: icmp_seq=4 ttl=62 time=39.3 ms
64 bytes from 192.168.10.92: icmp_seq=5 ttl=62 time=45.2 ms
^C
--- 192.168.10.92 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 39.318/116.054/384.335/134.354 ms
root@budi:~#
root@budi:~# traceroute 192.168.10.92
traceroute to 192.168.10.92 (192.168.10.92), 30 hops max, 60 byte packets
1 192.168.0.71 (192.168.0.71) 0.252 ms 0.199 ms 0.195 ms
2 10.8.1.3 (10.8.1.3) 1301.948 ms 1314.478 ms 1342.800 ms (IP VPN)
3 192.168.10.92 (192.168.10.92) 1375.937 ms 1396.767 ms 1413.436 ms
Tracemap Cheops
Dari tracemap aplikasi cheops dapat kita lihat bahwa routing dari IP 192.168.0.253 ke 192.168.10.92 melalui IP VPN 10.8.1.3 kantor madiun.
Tidak ada komentar:
Posting Komentar