My Life, My Adventure: Memisahkan gateway traffic Local dan International

Teknik lainnya utk memisahkan traffic data local/IIX dan International adalah dengan menggunakan mark-routing

Misal untuk traffic International dilewatkan melalui gateway 203.89.24.65 sedangkan traffic local Indonesia di lewatkan melalui gateway 203.89.24.177.

contoh konfigurasi IP address router user pada interface yang terhubung ke router Datautama

/ ip address
add address=203.89.24.66/27 network=203.89.24.64 broadcast=203.89.24.95 \
    interface=ether1 comment="ip point to point utk traffic lnternational" \
    disabled=no
add address=203.89.24.178/30 network=203.89.24.176 broadcast=203.89.24.179 \
    interface=ether1 comment="ip point to point utk traffic local" disabled=no

Pertama masukkan daftar ip blok dari router NICE ke /ip firewall address-list seperti berikut:

/ ip firewall address-list
add list=nice address=58.65.240.0/23 comment="" disabled=no
add list=nice address=58.65.242.0/23 comment="" disabled=no
add list=nice address=58.65.244.0/23 comment="" disabled=no
add list=nice address=58.65.246.0/23 comment="" disabled=no
add list=nice address=58.145.174.0/24 comment="" disabled=no
add list=nice address=58.147.184.0/24 comment="" disabled=no
add list=nice address=58.147.185.0/24 comment="" disabled=no
dst…

untuk mendapatkan script diatas dapat melalui URL berikut:

http://www.datautama.net.id/harijanto/mikrotik/ip_firewall_address_list_nice.php

Kemudian tandai packet data yang menuju local Indonesia

/ ip firewall mangle
add chain=postrouting dst-address-list=nice action=mark-routing \
new-routing-mark=nice passthrough=yes comment="" disabled=no

Selanjutnya buat ip route berikut

/ ip route
add dst-address=0.0.0.0/0 gateway=203.89.24.65 scope=255 target-scope=10 \
comment="traffic selain local Indonesia" disabled=no
add dst-address=0.0.0.0/0 gateway=203.89.24.177 scope=255 target-scope=10 \
routing-mark=nice comment="traffic local Indonesia" disabled=no

Dengan demikian maka jika ke jaringan local Indonesia akan melalui 203.89.24.177 sedangkan untuk ke International melalui 203.89.24.65, sehingga jika interfacenya dipisah diantara router user dengan router datautama dapat diberi dua mikrotik sebagai bridge utk melimit traffic International maupun local secara terpisah.

Hasil traceroute ke www.plasa.com

C:\Documents and Settings\user>tracert www.plasa.com

Tracing route to www.plasa.com [202.134.0.12]
over a maximum of 30 hops:

1    <1 ms    <1 ms    <1 ms 192.168.2.1
2    <1 ms    <1 ms    <1 ms ip-24-177.datautama.net.id [203.89.24.177]
3    16 ms    25 ms    12 ms ip-24-1.datautama.net.id [203.89.24.1]
4    25 ms    25 ms    15 ms telkomnet.openixp.net [218.100.27.179]
5    21 ms    23 ms    19 ms 202.134.2.148
6    12 ms     9 ms    12 ms web.plasa.com [202.134.0.12]
7    10 ms    12 ms    28 ms web.plasa.com [202.134.0.12]
8    11 ms    17 ms    12 ms web.plasa.com [202.134.0.12]

Trace complete.

Hasil traceroute ke www.yahoo.com

C:\Documents and Settings\user>tracert www.yahoo.com

Tracing route to www.yahoo-ht2.akadns.net [209.131.36.158]
over a maximum of 30 hops:

1    <1 ms    <1 ms    <1 ms 192.168.2.1
2    <1 ms    <1 ms    <1 ms ip-24-65.datautama.net.id [203.89.24.65]
3    15 ms    25 ms    10 ms ip-24-1.datautama.net.id [203.89.24.1]
4    12 ms    12 ms    15 ms 202.59.203.241
5    10 ms    14 ms    10 ms 202.153.90.89
6    94 ms    99 ms    71 ms 202.153.90.225
7   110 ms   204 ms   225 ms 208.30.197.53
8     *      140 ms   125 ms sl-bb20-hk-14-0.sprintlink.net [203.222.38.37]
9     *      163 ms   161 ms sl-bb20-tok-15-0.sprintlink.net [203.222.33.88]

10   318 ms   245 ms   241 ms sl-bb21-sea-8-2.sprintlink.net [144.232.20.50]
11   305 ms   260 ms   222 ms sl-bb20-sea-15-0.sprintlink.net [144.232.6.89]
12   218 ms   216 ms   228 ms so-3-0-0.gar1.Seattle1.Level3.net [209.0.227.133
]
13   226 ms   225 ms   313 ms ae-1-53.mp1.Seattle1.Level3.net [4.68.105.65]
14   237 ms   232 ms   239 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218]
15   230 ms   235 ms   238 ms ae-23-54.car3.SanJose1.Level3.net [4.68.123.109]

16   232 ms   241 ms   365 ms 4.71.112.14
17   230 ms   238 ms   233 ms g-1-0-0-p171.msr2.sp1.yahoo.com [216.115.107.87]

18   345 ms   314 ms   258 ms UNKNOWN-209-131-32-23.yahoo.com [209.131.32.23]

19   311 ms   261 ms   235 ms f1.www.vip.sp1.yahoo.com [209.131.36.158]

Trace complete.

Sedangkan disisi cisco router datautama dapat diseting seperti berikut:

interface FastEthernet0/1

description Interface yang point to point dengan International

ip policy route-map from-int-to-user

duplex auto

speed auto

interface FastEthernet1/1

description Interface yang point to point dengan IDC

ip policy route-map from-nice-to-user

duplex auto

speed auto

access-list 120 remark traffic dari luar ke user

access-list 120 permit ip any 203.89.26.0 0.0.0.255

route-map from-nice-to-user permit 10

match ip address 120

set ip next-hop 203.89.24.178

route-map from-int-to-user permit 10

match ip address 120

set ip next-hop 203.89.24.66

Jika ingin lebih baik maka di sisi user harus menggunakan router bgp, utk memisahkan traffic user menggunakan BGP akan dijabarkan pada artikel berikutnya.

Selamat mencoba.

My Life, My Adventure

Saturday, November 18, 2006

Memisahkan gateway traffic Local dan International

No comments:

About Me