tag:blogger.com,1999:blog-46508005939258717092024-03-13T22:08:29.497+07:00Internet Network TroubleshootThis blog content Internet and Network Troubleshoot guide, tips and trick based on my experience from day to day activities as Network AdministratorHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.comBlogger92125tag:blogger.com,1999:blog-4650800593925871709.post-59668643559675346862011-08-24T16:06:00.008+07:002011-08-24T17:05:10.488+07:00ACK Time Out and Distance for Sectoral AP / PTMP<div><span style="text-decoration: underline;">S</span>ekedar info untuk Access Point dengan antena Sectoral khususnya UBNT Family ada yang berpendapat di forum luar sbb:
<br /><div><div><div>
<br /><span style="font-size:85%;">Auto ACK is having way too many problems. Set everything to manual.
<br />
<br />Set the AP to 10% greater than the farthest client's actual distance.
<br />Set the stations to 10% greater than distance back to the AP.
<br />
<br />HOWEVER...I'm beginning to think that 10% number shouldn't be written in stone. I had one station with a 40% CCQ jump to 100% CCQ when I increased ACK from 10% to 15%. And it dropped down to around 40% when I set the ACK back to 10%. </span>
<br />
<br /><a href="http://208.68.95.4/forum/showthread.php?t=15162">http://208.68.95.4/forum/showthread.php?t=15162
<br /></a>
<br />apa itu ACK Time Out? bisa baca-baca di :
<br />
<br /><a href="http://www.air-stream.org.au/ACK_Timeouts">http://www.air-stream.org.au/ACK_Timeouts</a>
<br /></div>
<br /><div>Kenapa jangan auto? ini penjelasannya:</div><span style="font-size:85%;">
<br />For AP configuration you want to disable auto ACK because it would be readjusting for every client on the fly which I bet would waste CPU and possibly allow the AP to miss a few packets.
<br />
<br />For clients, which should be the same ACK since your AP does not move, auto ACK should be OK. Since hopefully you have waaaaaay more clients than APs, most of your configs should be auto ack, thus it is the default option.
<br />
<br />For point to point shots what I have done is enable auto ack, let the link go for a bit, then observe the main screen to see what value it settles into. Then I disable auto ack and put that value plus 10% in there as a static value. I only do this because I figure it would be more CPU efficient if the AP does not have to perform the ack finding code execution.
<br />
<br />In theory, the link should be faster since the main bottleneck for these units when used as a backbone is CPU from what I read. The less CPU you use means the more you have available to pass packets I assume. I have not taken the time to confirm this however. I just think it sounds good on paper. </span>
<br />
<br /><a href="http://www.ubnt.com/forum/showpost.php?p=45051&postcount=2">http://www.ubnt.com/forum/showpost.php?p=45051&postcount=2</a>
<br />
<br />Nah jadi sebagai contoh di salah satu sectoral yang menggunakan ubnt rocket saya bisa lihat melalui aplikasi yang Ok banget dari ubnt = <a href="http://www.ubnt.com/wiki/AirControl#Installation">AirControl </a>bisa dilihat jarak terjauh dari client yang terhubung ke Access Point tsb.
<br />
<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH79QKtNr95AH76a0iCeOgijcLCj-TXyUh1rs9_u-Hhv81XLLYWBnMiaT2l5-UNrHCgtgW0dskIj0XKYmqn5JGfZ3KgGlWJcJbSvzk7nHs-ZHqV015bN9YquX6vzhe5YWXC2-gO0lf6C4/s1600/aircontrols2.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 162px;" id="BLOGGER_PHOTO_ID_5644357123335279122" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH79QKtNr95AH76a0iCeOgijcLCj-TXyUh1rs9_u-Hhv81XLLYWBnMiaT2l5-UNrHCgtgW0dskIj0XKYmqn5JGfZ3KgGlWJcJbSvzk7nHs-ZHqV015bN9YquX6vzhe5YWXC2-gO0lf6C4/s320/aircontrols2.PNG" border="0" /></a>
<br /><div style="text-align: center;">contoh web interface pake java aircontrol
<br />
<br /><div style="text-align: left;">Dari client terjauh menurut forum diatas tambahkan 15% dari jarak client terjauh jadi dalam contoh ini 1400meter + 1400meter * 15% = 1610meter di contoh ini saya jadikan 1miles ~ 1,7Km
<br />
<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh2e3_b6U5WggQGlH2DK8PMOtZsn4Gh1ONlq5p2nR-TNbKciyJUjoiaQDi9XOZPa0R1wetXQNwg24kWwjMqiksjKJHgnf6I3oN21YN-0bJ4_EnYZwcfDvZS0BUqnXoXzYbjdz3An65HWw/s1600/ack-distance-rocket.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 162px;" id="BLOGGER_PHOTO_ID_5644357131111054898" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh2e3_b6U5WggQGlH2DK8PMOtZsn4Gh1ONlq5p2nR-TNbKciyJUjoiaQDi9XOZPa0R1wetXQNwg24kWwjMqiksjKJHgnf6I3oN21YN-0bJ4_EnYZwcfDvZS0BUqnXoXzYbjdz3An65HWw/s320/ack-distance-rocket.PNG" border="0" /></a>
<br />Hasilnya bisa dilihat di Tab Main
<br /></div></div>
<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj27P35EBuTs2Yrhyhfk5pmxcsD2jQ3f-ixRVSa_OqZ7hGw3BzVxn1T5K-lTBkvwjj-hYnWVMRTdQBD8rIQyf2yZxRMcK-pknKhteOP8M_sO6gEbZoAXw5LpoWtAqbXu67jGA-RsxIK6Dg/s1600/main-status.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 245px;" id="BLOGGER_PHOTO_ID_5644357134790166386" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj27P35EBuTs2Yrhyhfk5pmxcsD2jQ3f-ixRVSa_OqZ7hGw3BzVxn1T5K-lTBkvwjj-hYnWVMRTdQBD8rIQyf2yZxRMcK-pknKhteOP8M_sO6gEbZoAXw5LpoWtAqbXu67jGA-RsxIK6Dg/s320/main-status.PNG" border="0" /></a>
<br />
<br />Diharapkan dengan tidak menggunakan auto-ACK tetapi ACK mengikuti parameter jarak/Distance CCQ station-station yang terhubung ke Access Point bisa lebih stabil
<br />
<br />Nah teori ini harus di buktikan dalam 1-2 hari kedepan , karena belum diuji :)
<br />
<br />oh ya satu lagi dengan menggunakan AirControl maka setiap radio UBNT bisa di atur jadwal rebootnya agar memory UBNT tidak jenuh , selain itu configurasi nya juga bisa di backup secara berkala secara otomatis, untuk menggunakan AirControl tinggal download install di Ms.Windows yang sudah ada Java Virtual Machine nya lalu tinggal dibuka pake web browser .
<br />
<br />AirControl ini ya semacam Dude kalau di Mikrotik kurang-lebih begitu ada mapnya juga
<br />
<br />
<br />
<br />
<br /><div>
<br />
<br /></div></div></div></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-72290208591919882902011-04-14T18:12:00.001+07:002011-04-14T18:14:01.307+07:00Visio Shape for Mikrotik and Ubnt<a href="http://h1x.com/mt/Mikrotik-Visio.zip">http://h1x.com/mt/Mikrotik-Visio.zip<br /></a><br /><a href="http://www.ubnt.com/downloads/UBNT-visio-shapes.zip">http://www.ubnt.com/downloads/UBNT-visio-shapes.zip</a><br /><br />download and extract to My Document/My ShapesHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-90337710953525394082011-04-09T08:31:00.002+07:002011-04-09T08:33:46.401+07:00Yahoo Messenger address-list for MikrotikReference:<br /><a href="http://forums.miranda-im.org/showthread.php?2810-Problem-connecting-to-Yahoo-Messenger-server">http://forums.miranda-im.org/showthread.php?2810-Problem-connecting-to-Yahoo-Messenger-server<br /></a><br /><br />C:\Users\Harijanto>nslookup scsc.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.101<br /> 98.136.48.67<br /> 98.136.48.111<br /> 98.136.48.79<br /> 98.136.48.80<br /> 98.136.48.141<br /> 98.136.48.102<br /> 98.136.48.100<br />Aliases: scsc.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scs.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.67<br /> 98.136.48.79<br /> 98.136.48.110<br /> 98.136.48.112<br /> 98.136.48.107<br /> 98.136.48.80<br /> 98.136.48.108<br /> 98.136.48.74<br />Aliases: scs.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsa.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.78<br /> 98.136.48.70<br /> 98.136.48.67<br /> 98.136.48.107<br /> 98.136.48.114<br /> 98.136.48.80<br /> 98.136.48.104<br /> 98.136.48.81<br />Aliases: scsa.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsb.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Name: scsb.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsc.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.111<br /> 98.136.48.81<br /> 98.136.48.77<br /> 98.136.48.102<br /> 98.136.48.116<br /> 98.136.48.70<br /> 98.136.48.76<br /> 98.136.48.110<br />Aliases: scsc.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto><br /><br />/ ip firewall address-list<br />add list=yahoo-messenger address=98.136.48.119 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.102 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.101 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.67 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.111 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.79 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.80 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.141 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.100 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.110 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.112 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.107 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.108 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.74 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.70 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.114 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.104 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.81 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.77 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.116 comment="" disabled=noHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-72955054301014414372011-03-20T18:44:00.004+07:002011-03-20T18:57:03.382+07:00Good Reference when you need migrate your cpanel server to new one<a href="http://www.webhostinguniverse.com/tutorials/migratecpanel.htm">http://www.webhostinguniverse.com/tutorials/migratecpanel.htm</a><br /><br /><a href="http://www.crucialp.com/resources/tutorials/dedicated-server/how-to-install-installing-fantastico-cpanel-whm.php">http://www.crucialp.com/resources/tutorials/dedicated-server/how-to-install-installing-fantastico-cpanel-whm.php</a><br /><br /><a href="http://forum.likg.org.ua/server-side-actions/cphulkd-management-t94.html">http://forum.likg.org.ua/server-side-actions/cphulkd-management-t94.html</a><br /><a href="http://forums.cpanel.net/f5/change-ttl-multiple-dns-zones-76580.html"><br />http://forums.cpanel.net/f5/change-ttl-multiple-dns-zones-76580.html</a><br /><br /><a href="http://linuxproblem.org/art_9.html">http://linuxproblem.org/art_9.html</a><br /><br />and this is my tips:<br /><br />1. when install cpanel dnsonly with new OS like Centos 5.5 I modify the file:<br /><br /><span style="font-size:85%;">more /etc/sysconfig/named<br /># BIND named process options<br /># ~~~~~~~~~~~~~~~~~~~~~~~~~~<br /># Currently, you can use the following options:<br />#<br /># ROOTDIR="/some/where" -- will run named in a chroot environment.<br /># you must set up the chroot environment<br /># (install the bind-chroot package) before<br /># doing this.<br />#<br /># OPTIONS="whatever" -- These additional options will be passed to named<br /># at startup. Don't add -t here, use ROOTDIR instead.<br />#<br /># ENABLE_ZONE_WRITE=yes -- If SELinux is disabled, then allow named to write<br /># its zone files and create files in its $ROOTDIR/var/named<br /># directory, necessary for DDNS and slave zone transfers.<br /># Slave zones should reside in the $ROOTDIR/var/named/slaves<br /># directory, in which case you would not need to enable zone<br /># writes. If SELinux is enabled, you must use only the<br /># 'named_write_master_zones' variable to enable zone writes.<br />#<br /># ENABLE_SDB=yes -- This enables use of 'named_sdb', which has support<br /># -- for the ldap, pgsql and dir zone database backends<br /># -- compiled in, to be used instead of named.<br />#<br /># DISABLE_NAMED_DBUS=[1y]-- If NetworkManager is enabled in any runlevel, then<br /># the initscript will by default enable named's D-BUS<br /># support with the named -D option. This setting disables<br /># this behavior.<br />#<br /># KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG)<br />ENABLE_ZONE_WRITE=yes<br />OPTIONS="-4"</span><br /><br />and because cpanel not using bind-chroot so better you remove bind-chroot with command:<br /><br />yum remove bind-chrootHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-4105915464461124952011-02-26T19:57:00.005+07:002011-02-26T21:38:09.012+07:00Bonding Two ADSL<!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>IN</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} </style> <![endif]--> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Because I must wait 1-2 months to upgrade my Intercity Leased Line (LL) between Indonesia Internet Exchange (IIX) locate in Cyber Building, South Jakarta with my remote site with distance 266km so i try using Mikrotik Interface Bonding Solution, and it works.<br /><br />So this is the configuration for Mikrotik Router locate in remote site:<br /><br />I used two ADSL connection<br /><br />/interface pppoe-client<br />add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \<br /> dial-on-demand=no disabled=no interface=ether1_adsl1 max-mru=1480 max-mtu=\<br /> 1480 mrru=disabled name=telkom1 password=123456 profile=pppoe \<br /> service-name="" use-peer-dns=no user=adsl1@telkom.net<br />add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \<br /> dial-on-demand=no disabled=no interface=ether3_adsl2 max-mru=1480 max-mtu=\<br /> 1480 mrru=disabled name=telkom2 password=123456 profile=pppoe \<br /> service-name="" use-peer-dns=no user=adsl2@telkom.net<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">password=123456 , this is just example you must using your own password</span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">user=adsl1@telkom.net, this is just example you must using your own user</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">[Me@RemoteSite] /ip address print detail<br />Flags: X - disabled, I - invalid, D - dynamic<br /> 0 ;;; BONDING PDA1 D3<br /> address=1.2.3.62/30 network=1.2.3.60<br /> interface=BONDING_PDA1_D3_EOIP actual-interface=BONDING_PDA1_D3_EOIP<br /><br />5 D address=1.2.255.218/32 network=1.2.255.1 interface=telkom2<br /> actual-interface=telkom2<br /><br /> 6 D address=1.2.251.170/32 network=1.2.250.1 interface=telkom1<br /> actual-interface=telkom1<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">address=1.2.3.63/30 , this is point-to-point ip address between bonding interface jakarta with remote site</span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">address=1.2.255.218/32 and address=1.2.250.170/32, this is ip address from ADSL provider, this is good because between telkom1 and telkom2 using different gateway and network so we can create different routing statick for two eoip connection for each ADSL </span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/ip route<br />add check-gateway=ping comment="DEFAULT GATEWAY via BONDING RO JAKARTA" \<br /> disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.2.3.61 scope=30 \<br /> target-scope=10<br />add comment="ROUTING To LOOPBACK1 RO JAKARTA via ADSL 1" \<br /> disabled=no distance=1 dst-address=1.2.3.38/32 gateway=1.2.250.1 \<br /> scope=30 target-scope=10<br />add comment="ROUTING To LOOPBACK2 RO JAKARTA via ADSL 2" \<br /> disabled=no distance=1 dst-address=1.2.3.41/32 gateway=1.2.255.1 \<br /> scope=30 target-scope=10<br />add comment="DNS ADSL1" disabled=no distance=1 dst-address=202.134.0.155/32 \<br /> gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10<br />add comment="DNS ADSL2" disabled=no distance=1 dst-address=202.134.1.10/32 \<br /> gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">LOOPBACK1 and LOOPBACK2 is the ip address on lobridge1 and lobridge2 interface at Jakarta Router, just to make sure each eoip interface have their remote-address</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">/interface eoip<br />add arp=enabled comment="remote address 1.2.3.38 ip loopback rb1000 jkt" \<br /> disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\<br /> EOIP_PDA1_D3_4793 remote-address=1.2.3.38 tunnel-id=4793<br />add arp=enabled comment="remote address 1.2.3.41 ip loopback rb1000 jkt" \<br /> disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\<br /> EOIP_PDA1_D3_7814 remote-address=1.2.3.41 tunnel-id=7814<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">I using two EOIP interface , each EOIP connected using ADSL to Jakarta Router, because my Jakarta Router directly connected to IIX so from Jakarta Router to RemoteSite Router connected through IIX to ADSL provider</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/interface bonding<br />add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.61 disabled=no \<br /> down-delay=0ms lacp-rate=30secs link-monitoring=arp mii-interval=100ms \<br /> mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP primary=none slaves=\<br /> EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 transmit-hash-policy=layer-2 up-delay=\<br /> 0ms<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">arp-ip-targets=1.2.3.61, this is ip monitoring on Jakarta Router </span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">mode=balance-rr, this is bonding mode i used, balance-rr its mean the data will tx and rx using round-robin and give balance and fail-over between slave interface</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">I using NAT to masquerade all traffic out through Bonding interface to make sure the src-address from my remote-site is replace with IP 1.2.3.62<br /><br />/ip firewall nat<br />add action=masquerade chain=srcnat comment="NAT via BONDING" disabled=no \<br /> out-interface=BONDING_PDA1_D3_EOIP<br /><br /><br />And this is configuration for Mikrotik Router locate in Jakarta:<br /><br />/interface bridge<br />add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \<br /> comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \<br /> mtu=1500 name=lobridge1 priority=0x8000 protocol-mode=none \<br /> transmit-hold-count=6<br />add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \<br /> comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \<br /> mtu=1500 name=lobridge2 priority=0x8000 protocol-mode=none \<br /> transmit-hold-count=6<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">lobridge interface using for ip loopback for remote-address eoip from RemoteSite</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/interface eoip<br />add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\<br /> 02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_4793 remote-address=\<br /> 1.2.251.170 tunnel-id=4793<br />add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\<br /> 02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_7814 remote-address=\<br /> 1.2.255.218 tunnel-id=7814<br /><br /><br />/interface bonding<br />add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.62 comment="" \<br /> disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \<br /> mii-interval=100ms mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP \<br /> primary=none slaves=EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 \<br /> transmit-hash-policy=layer-2 up-delay=0s<br /><br /><br />[Me@Jakarta] > /ip address print<br />Flags: X - disabled, I - invalid, D - dynamic<br />1 ;;; IIX BGP Peering<br /> 1.2.3.22/30 1.2.3.20 1.2.3.23 ether2_OIXP <br />5 ;;; IP Loopback1<br /> 1.2.3.38/32 1.2.3.38 1.2.3.38 lobridge1 <br />6 ;;; IP Loopback2<br /> 1.2.3.41/32 1.2.3.41 1.2.3.41 lobridge2 <br />11 ;;; BONDING<br /> 1.2.3.61/30 1.2.3.60 1.2.3.63 BONDING_PDA1_D3_EOIP <br /><br /><br />Note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Jakarta Router directly connected to IIX so routing table from Jakarta to ADSL at RemoteSite is through IIX and the routing table is using BGP protocol between Jakarta Router to IIX Router</span></li></ol> <p class="MsoNormal"> </p> <br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6zej-BjH7jJ35G5d05z4P8LM2pFUj10C5MLgR6ikOJWAStGY-dLs0QzNOMuIg8qwhYDgu0KHUGfhWxkfFLKt5mJvoy51L3Gu53TO9IIRUoMHmgd9FIicqczR_WhrRNWA4_WLkU6wN5UQ/s1600/bonding-traffic.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 123px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6zej-BjH7jJ35G5d05z4P8LM2pFUj10C5MLgR6ikOJWAStGY-dLs0QzNOMuIg8qwhYDgu0KHUGfhWxkfFLKt5mJvoy51L3Gu53TO9IIRUoMHmgd9FIicqczR_WhrRNWA4_WLkU6wN5UQ/s320/bonding-traffic.png" alt="" id="BLOGGER_PHOTO_ID_5578007362888536802" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA82lxtHvoBaGe6s9s9jovFDYl64LNG70Kr7T_Nfs-KxScwk1zaSwKZoS8hlDab59Akvq64QVsoa1vfvflBxHrQCK3vboHqfjfqrcpccbxpNh_gfVIU6L8YXfn3J_TwR75d7URuS0uzN0/s1600/bonding-traffic.png"><br /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCP3X_hMCDCXuPLa2idmegeYodLpCbmUnMtScDTYYEFvwMgPe6Z-yWlSXBZAi-cr77o-gF_QW8Z7sikOXBchF4L3rcv6J6zHYSwXzC1fO3vPQE-XDw0CtMTxsSH4KoWEJwt7DEad92H5Y/s1600/mrtg-bonding.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 206px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCP3X_hMCDCXuPLa2idmegeYodLpCbmUnMtScDTYYEFvwMgPe6Z-yWlSXBZAi-cr77o-gF_QW8Z7sikOXBchF4L3rcv6J6zHYSwXzC1fO3vPQE-XDw0CtMTxsSH4KoWEJwt7DEad92H5Y/s320/mrtg-bonding.png" alt="" id="BLOGGER_PHOTO_ID_5578005368641816562" border="0" /></a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-51924698290397789062011-02-25T16:33:00.010+07:002011-03-02T12:20:41.074+07:00Youtube IP Address and how to manipulate Youtube routing in Mikrotik RouterIf you have more then one ISP you can manipulate routing for Youtube traffic to ISP with the best download rate for Youtube content<br /><br />/ip firewall address-list<br />add address=74.125.0.0/16 comment=Google disabled=no list=youtube<br />add address=114.112.182.156 comment=TuDou disabled=no list=youtube<br />add address=221.12.89.120 comment=TuDou disabled=no list=youtube<br />add address=64.15.112.0/20 comment=YouTube disabled=no list=youtube<br />add address=64.15.120.0/21 comment=YouTube disabled=no list=youtube<br />add address=208.65.152.0/22 comment=YouTube disabled=no list=youtube<br />add address=208.117.224.0/19 comment=YouTube disabled=no list=youtube<br />add address=209.85.128.0/17 comment=Google disabled=no list=youtube<br /><br /><br />/ip firewall mangle<br />add action=mark-routing chain=prerouting \<br />comment="Routing Mark Youtube" disabled=no \<br />dst-address-list=youtube new-routing-mark=youtube passthrough=no<br /><br />correction:<br />because if you mangle routing-mark all protocol and you have email server inside your network the email from gmail will failed to received so better you just mangle routing-mark for protocol tcp dst-port 80, like this:<br /><br />/ip firewall mangle<br />add action=mark-routing chain=prerouting comment="Routing Mark Youtube" \<br /> disabled=no dst-address-list=youtube dst-port=80 new-routing-mark=\<br /> youtube passthrough=no protocol=tcp<br /><br />/ip route<br />add comment="Routing Youtube" disabled=no dst-address=0.0.0.0/0 \<br />gateway=1.2.3.4 routing-mark=youtube<br /><br />/ip firewall nat<br />add action=masquerade chain=srcnat \<br />comment="NAT Youtube via ISP Youtube" \<br />disabled=no out-interface=INTERFACE_TO_ISP_YOUTUBE<br /><br /><br />Note:<br /><ol><li>gateway=1.2.3.4, you must using your ISP gateway for Youtube traffic depend on your choice whic one of your ISP is best for Youtube traffic</li><li>out-interface=INTERFACE_TO_ISP_YOUTUBE, change to your ISP interface at your mikrotik router</li></ol><br />To avoid problem if your ISP for Youtube down you can copy-paste this script to mikrotik terminal:<br /><br />/system script<br />add name=check_youtube policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\<br /> :if ( [/ping 1.2.3.4 count=1]=1) do={\r\<br /> \n:log info \"Youtube Up\";\r\<br /> \n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\<br /> t \$i disable=no};\r\<br /> \n/tool e-mail send to=\"your@email.net\" subject=([/system ident\<br /> ity get name] . \" Youtube Up \" . [/system clock get date]) body=\"Youtub\<br /> e Routing Mark Enable\";\r\<br /> \n} else={\r\<br /> \n:log info \"Youtube Down\";\r\<br /> \n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\<br /> t \$i disable=yes};\r\<br /> \n/tool e-mail send to=\"your@email.net\" subject=([/system ident\<br /> ity get name] . \" Youtube Down \" . [/system clock get date]) body=\"Yout\<br /> ube Routing Mark Disable\";\r\<br /> \n}"<br /><br />and activate this script from Netwatch<br /><br />/tool netwatch<br />add comment="Youtube Check" disabled=no down-script=check_youtube host=\<br /> 1.2.3.4 interval=1m timeout=25ms up-script=check_youtube<br /><br /><br /><br />Source:<br /><a href="http://www.robtex.com/as/as36561.html#bgp">http://www.robtex.com/as/as36561.html#bgp</a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-90734135476812374402011-02-24T15:21:00.006+07:002011-02-24T15:38:29.468+07:00Jika Paket Data Tidak mau jalan lewat tunnel<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-SmxtKpKz4dudVKvnJR3ocSjnm-4SLmR0AN0eY4pNq0zN8FlDYy9o02VZc4zNvKE3Nx1dbJ67XV4jyGOAlmQR9DvckN08wK6e09546-Lvq55d-SvDbTQYePdHajSz02yOd6NGnTJa38/s1600/esham-forward-mangle-in-eoip-action.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-SmxtKpKz4dudVKvnJR3ocSjnm-4SLmR0AN0eY4pNq0zN8FlDYy9o02VZc4zNvKE3Nx1dbJ67XV4jyGOAlmQR9DvckN08wK6e09546-Lvq55d-SvDbTQYePdHajSz02yOd6NGnTJa38/s320/esham-forward-mangle-in-eoip-action.png" alt="" id="BLOGGER_PHOTO_ID_5577171390127232306" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdrZjx7N2uYywPKXkawJzUspgUxnc4EEBNcsB1T0voJ9SLM_UNuIwO1DupmtU4vkVHeVSy6-XkP9s9xBSb8aOpld00kNn5msI6PTYoORsVjoknoOHF9CxlasdLc7azgL8bZQwx-5aDtEg/s1600/esham-forward-mangle-in-eoip-advance.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdrZjx7N2uYywPKXkawJzUspgUxnc4EEBNcsB1T0voJ9SLM_UNuIwO1DupmtU4vkVHeVSy6-XkP9s9xBSb8aOpld00kNn5msI6PTYoORsVjoknoOHF9CxlasdLc7azgL8bZQwx-5aDtEg/s320/esham-forward-mangle-in-eoip-advance.png" alt="" id="BLOGGER_PHOTO_ID_5577171273218618450" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXyExWH_6tKN7UQ8DFPadOtsDjz4q1SchIrqY0JI4kdYhqwVeQeZFdUrVTv3tTwqZ8j4NTDPCCg0URhMLalhBtFGkt_dwe37d2vLgWtS2uLYCJGDHrgty0wSNbNG_M6cp4SJPzButjta4/s1600/esham-forward-mangle-in-eoip-general.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXyExWH_6tKN7UQ8DFPadOtsDjz4q1SchIrqY0JI4kdYhqwVeQeZFdUrVTv3tTwqZ8j4NTDPCCg0URhMLalhBtFGkt_dwe37d2vLgWtS2uLYCJGDHrgty0wSNbNG_M6cp4SJPzButjta4/s320/esham-forward-mangle-in-eoip-general.png" alt="" id="BLOGGER_PHOTO_ID_5577171269024422658" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqMWzO6Mit74iN9Voftgczi5PxOM0hbkGWhF18nUzWdBMuPlGpcqx3E3zbbb-UiMletTQcHikMvyxk7oAy8CNhy5u1Vrf5vujP5OE3xgufcyLAcGTK6hY1-cFgm86xIW8AURtll9LRql4/s1600/esham-forward-mangle-out-eoip-action.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqMWzO6Mit74iN9Voftgczi5PxOM0hbkGWhF18nUzWdBMuPlGpcqx3E3zbbb-UiMletTQcHikMvyxk7oAy8CNhy5u1Vrf5vujP5OE3xgufcyLAcGTK6hY1-cFgm86xIW8AURtll9LRql4/s320/esham-forward-mangle-out-eoip-action.png" alt="" id="BLOGGER_PHOTO_ID_5577171266656998434" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFYy52epN0-zpzBe79wxtpS3zSy46lINkKnKwhCBRmbj0J6dbxsf4uClotPa7EYC4jqYSqavgswJI8KvO21b-FnQzQzFJ97JCcN-y6-ryLZgTZhuKNC1FPxKgdVNaPkHxlEuua8x0HP-4/s1600/esham-forward-mangle-out-eoip-advance.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFYy52epN0-zpzBe79wxtpS3zSy46lINkKnKwhCBRmbj0J6dbxsf4uClotPa7EYC4jqYSqavgswJI8KvO21b-FnQzQzFJ97JCcN-y6-ryLZgTZhuKNC1FPxKgdVNaPkHxlEuua8x0HP-4/s320/esham-forward-mangle-out-eoip-advance.png" alt="" id="BLOGGER_PHOTO_ID_5577171258176535442" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUchMxjILFI3UN788gc_W9G5H7J7zdrikXATV7DvKybWPB4QrIZm16rb8uhS5NSBwrplHB7RgDwlojIg-cygaufWsdGPbb5PMdy4D3yzNMs_B1C_RcPlrM-ulQOO60UIVtYISzY426uBA/s1600/esham-forward-mangle-out-eoip-general.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUchMxjILFI3UN788gc_W9G5H7J7zdrikXATV7DvKybWPB4QrIZm16rb8uhS5NSBwrplHB7RgDwlojIg-cygaufWsdGPbb5PMdy4D3yzNMs_B1C_RcPlrM-ulQOO60UIVtYISzY426uBA/s320/esham-forward-mangle-out-eoip-general.png" alt="" id="BLOGGER_PHOTO_ID_5577171255385958338" border="0" /></a><br />Kadang kala pengiriman data via tunnel mengalami kendala khususnya paket-paket TCP, jika anda menghadapi masalah tersebut jangan pusing solusinya adalah buat mangle di chain forward utk tcp syn action change mss clamp to pmtu, tujuannya agar tunnel tersebut bisa mengatur parameter MTU (Maximum Transfer Unit) yang mungkin berbeda diantara end-point tersebutHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-80373854396059647252010-11-06T17:57:00.010+07:002010-11-06T18:56:42.440+07:00Cek IP Akamai yang ada di daftar NICESemakin hari semakin banyak ISP Indonesia yang dipercaya Akamai untuk meng-cache konten-konten akamai , permasalahan timbul karena ISP seperti Idola/Lintas Arta, Telkom, Indosat dll mengadvertise blok IP Akamai Server mereka ke OpenIXP/IIX sehingga daftar nice.rsc juga akan menyertakan blok IP Akamai sebagai prefix lokal Indonesia padahal traffic Akamai yang di host di ISP Indonesia tsb tidak selalu dapat di download dari OpenIXP/IIX biasanya hanya outgoing routingnya saja via OpenIXP/IIX tetapi incoming routingnya tetap melalui pipa International kecuali para pelanggan Speedy atau Firstmedia "mungkin" mereka dapat mendownload konten Akamai secara khusus dari jaringan Speedy / Firstmedia .<br /><br />berikut bukti akamai Idola/LintasArta di download melalui interface international sedangkan outgoingnya melalui interface lokal dan prefix 202.152.0.0/19 terdaftar di address-list = nice<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY-msPfuzuILEEXfXBs9p5gHLEpGLLXFyJ8j7eyzGgNLOzCe_I-K0PFAaIKiB9FSje4XR5vtxG_JRo_xbTbpw6fYLUAhG8K7J0NCUeXKo3Ar-Bu1WLEgfWpoaZpuqO4wZCW6cdJaruHIU/s1600/akamai-idola.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 228px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY-msPfuzuILEEXfXBs9p5gHLEpGLLXFyJ8j7eyzGgNLOzCe_I-K0PFAaIKiB9FSje4XR5vtxG_JRo_xbTbpw6fYLUAhG8K7J0NCUeXKo3Ar-Bu1WLEgfWpoaZpuqO4wZCW6cdJaruHIU/s320/akamai-idola.PNG" alt="" id="BLOGGER_PHOTO_ID_5536403778989637954" border="0" /></a><br /><div><br /></div><div>Permasalahan ini sudah pernah saya tulis juga dalam artikel blog saya terdahulu: <a href="http://inetshoot.blogspot.com/2008/11/pemisahan-traffic-ke-ip-akamai-indosat.html">http://inetshoot.blogspot.com/2008/11/pemisahan-traffic-ke-ip-akamai-indosat.html</a> , dimana kerancuan prefix Akamai di nice.rsc akan mengakibatkan limitasi bandwidth lokal dan international bisa tidak sesuai pada para pengguna mikrotik yang memanfaatkan nice.rsc</div><div><br /></div><div>sehingga akan terjadi traffic international akan dianggap iix sehingga bandwidth International akan selalu mentok terpakai karena biasanya limitasi untuk iix akan lebih longgar / lebih besar bandwidthnya padahal umumnya bandwidth International yang di dapat lebih kecil dari pada bandwidth lokal Indonesia.</div><div><br /></div><div>Untuk itu saya coba menangkap IP Akamai Server yang di advertise oleh ISP Indonesia di OpenIXP/IIX agar para pengguna nice.rsc bisa lebih lanjut mengkondisikan agar traffic Akamai tidak tercampur dengan mangle / queue traffic IIX, atau bisa jadi dikembangkan untuk memanipulasi agar traffic Akamai tsb di redirect ke proxy yang terhubung langsung dengan speedy atau firstmedia hehehe peace....</div><div><br /></div><div>Langka1:</div><div>Buat /ip firewall layer7-protocol<br /></div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBDTVCghpSTF0bXxOEGEpXIGfjEx5zvE3jvYQTIcZOFsDuIv-iJLEakkhZKbPnwRgS7m0z2BcLQCOftLh6jZGe-n7Y0AIIRerRFCmWy8eT0Z-P4y8cg-zp_HabgbLxS8Ab8S1aFs7qwaM/s1600/layer7-akamai.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 206px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBDTVCghpSTF0bXxOEGEpXIGfjEx5zvE3jvYQTIcZOFsDuIv-iJLEakkhZKbPnwRgS7m0z2BcLQCOftLh6jZGe-n7Y0AIIRerRFCmWy8eT0Z-P4y8cg-zp_HabgbLxS8Ab8S1aFs7qwaM/s320/layer7-akamai.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397340478291074" border="0" /></a></div><div><br /></div><div>Langka2:</div><div>Buat /ip firewall filter forward</div><div><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxPdAFmxVD5YE0OyQRr1Ha9K2runLRQc872LmOewvGRSmHYXQ60LyORdh2Se6UUOCIBfUIJwmIWydrMyDYHwjCyMfvMMmGYK1oWEdlM7H_F97_lDm0RRaUoLdgNjQOPTYRNFIVv1o4ZrQ/s1600/filter-akamai1.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 217px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxPdAFmxVD5YE0OyQRr1Ha9K2runLRQc872LmOewvGRSmHYXQ60LyORdh2Se6UUOCIBfUIJwmIWydrMyDYHwjCyMfvMMmGYK1oWEdlM7H_F97_lDm0RRaUoLdgNjQOPTYRNFIVv1o4ZrQ/s320/filter-akamai1.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397346081586946" border="0" /></a><br /></div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc1ylowMoCDz5OS1eKs_KdUj-UgjlJD7DJNOyGYqFA77zjM-VU384RUF-sfuBzlacgGknNRp7F84f_mB3bLHwRSSNiQskb6vRCuVqvWtRfz_vMXmOYBuLTx-8mx6hLogdPAqDaaXCHicc/s1600/filter-akamai2.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 220px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc1ylowMoCDz5OS1eKs_KdUj-UgjlJD7DJNOyGYqFA77zjM-VU384RUF-sfuBzlacgGknNRp7F84f_mB3bLHwRSSNiQskb6vRCuVqvWtRfz_vMXmOYBuLTx-8mx6hLogdPAqDaaXCHicc/s320/filter-akamai2.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397345144794034" border="0" /></a></div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxwLX3M6TRe3ceTfQctf1jSG4ZxOb7PUdxMdcR6jpffzgQSjDnlulR0zEfLC6FTyNqZHMkR42IA-UVKY5LfHFJFriYg4lmekNfHp4V-ks2uFoTj1iA6pYBwe3VGISdNJYDwief8RIMjYE/s1600/filter-akamai3.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 222px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxwLX3M6TRe3ceTfQctf1jSG4ZxOb7PUdxMdcR6jpffzgQSjDnlulR0zEfLC6FTyNqZHMkR42IA-UVKY5LfHFJFriYg4lmekNfHp4V-ks2uFoTj1iA6pYBwe3VGISdNJYDwief8RIMjYE/s320/filter-akamai3.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397353244597458" border="0" /></a></div><div><br /></div><div>Hasilnya akan terdapat pada address-list = "akamai-indonesia"</div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeNpSp4BOXSQE5FBXlbyOg8fYzIaPq4yqiYyTuWLw-oMI6afaQN8PlPtrbgfHErXEMtcPzXHsZ3mT3Bpzg59OMHSnNgVfjFaEU8fDgvQ-FluNsu52Wfw00FlEdph1fIo358tVjw1ZExbk/s1600/akamai-address-list.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeNpSp4BOXSQE5FBXlbyOg8fYzIaPq4yqiYyTuWLw-oMI6afaQN8PlPtrbgfHErXEMtcPzXHsZ3mT3Bpzg59OMHSnNgVfjFaEU8fDgvQ-FluNsu52Wfw00FlEdph1fIo358tVjw1ZExbk/s320/akamai-address-list.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397356290974466" border="0" /></a></div><div><br /></div><div><br /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com8tag:blogger.com,1999:blog-4650800593925871709.post-6677578360247959722010-10-31T17:52:00.004+07:002010-10-31T18:00:13.413+07:00Petunjuk singkat menjadikan gmail sebagai smtp outlookSeringkali anda harus bepergian ke berbagai tempat dan pada waktu akan mengirim email menggunakan email client seperti outlook kesulitan mengakses smtp, karena sebagian besar smtp dibatasi aksesnya hanya untuk jaringan internal perusahaan atau intranet atau hanya dapat diakses melalui jaringan ISP yang digunakan di kantor<br /><p class="MsoNormal">Salah satu solusi praktis bagi anda yang sering bepergian adalah menjadikan smtp.gmail.com untuk outoging smtp di outlook agar tidak perlu melakukan perubahan konfigurasi smtp jika notebook dibawa ke tempat manapun selama ada akses Internet dan smtp.gmail.com port 587 di izinkan oleh firewall hotspot atau router dimana anda terkoneksi dengan Internet.<br /></p> <p class="MsoNormal">Petunjuk dari google dapat di lihat pada url berikut untuk outlook 2003</p> <p class="MsoNormal"><a href="http://mail.google.com/support/bin/answer.py?answer=75291">http://mail.google.com/support/bin/answer.py?answer=75291</a></p> <p class="MsoNormal">smtp.gmail.com bisa digunakan untuk outgoing mail server (smtp) semua mailbox yang kita miliki dengan klik “More Settings” pada account yang akan kita set , lalu pada tab “Outgoing Server” ceklist “My outgoing server (SMTP) requires authenctication” dan pilih “Log on using” masukkan username gmail yang anda daftarkan di gmail dan masukkan password gmail anda , agar tidak selalu meminta passwrod ceklist “Remember password”<br /></p><p class="MsoNormal">Gambar dibawah adalah tampilan outlook 2007 tetapi harusnya tidak jauh berbeda dengan outlook 2003<br /></p> <p class="MsoNormal"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7asPX2QJCFApqEHPYR1nE27JXJHjcGo0ZzzKmtKJKvb_0uBLV4fykvGf5KLcBLRTZhmEMiYmsRf-uch8F_wqSNa6waB9UrUQ8yALz3jOfsOFmvguyS-nKn_iBjLphdu0eaG3y596emyU/s1600/outlook1.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7asPX2QJCFApqEHPYR1nE27JXJHjcGo0ZzzKmtKJKvb_0uBLV4fykvGf5KLcBLRTZhmEMiYmsRf-uch8F_wqSNa6waB9UrUQ8yALz3jOfsOFmvguyS-nKn_iBjLphdu0eaG3y596emyU/s320/outlook1.PNG" alt="" id="BLOGGER_PHOTO_ID_5534162803185603922" border="0" /></a></p><p class="MsoNormal"><br /></p> <p class="MsoNormal">Pada tab “Advanced” set “Outgoing server (SMTP) dengan port: 587” dan pilih “Use the following type of encrypted connection = TLS” lalu Klik “OK”</p> <p class="MsoNormal"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPUv8tVKo6HZ0b1l9KOKExaLXlLXikSzk18nlz3P4W3jSpFx-R4kdNtisx2b6DlkdEpw0vyzg1T3DQFeqb0HJUTDA2QDmvG6CrN6y7LpPi4tNEtkC4me8-VjT46XNfVZIH6sg-2B8Tmjc/s1600/outlook2.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPUv8tVKo6HZ0b1l9KOKExaLXlLXikSzk18nlz3P4W3jSpFx-R4kdNtisx2b6DlkdEpw0vyzg1T3DQFeqb0HJUTDA2QDmvG6CrN6y7LpPi4tNEtkC4me8-VjT46XNfVZIH6sg-2B8Tmjc/s320/outlook2.PNG" alt="" id="BLOGGER_PHOTO_ID_5534162807577177186" border="0" /></a></p> <p class="MsoNormal">Dengan demikian maka notebook anda bisa mengirim email menggunakan SMTP : smtp.gmail.com dimanapun bisa mengakses Internet.</p>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-21925867647866221982010-10-07T18:26:00.008+07:002010-10-07T19:20:25.136+07:00Langkah langkah upgrade firmware Switch Procurve 2650Berikut adalah langkah-langkah untuk uprgrade firmware switch HP Procurve 2650<br /><br />Untuk melakukan upgrade firmware siapkan:<br /><br />1. Kabel konsol<br />2. USB to Serial untuk notebook baru sudah tidak menyediakan port serial<br />3. Kabel UTP untuk proses upload / download OS dari ke switch<br />4. TFTP Server bisa di download dari solarwind:<a href="http://www.solarwinds.com/register/registration.aspx?program=52&c=70150000000CcH2&INTCMP=ILC-TFTP_Top_DL"> http://www.solarwinds.com/register/registration.aspx?program=52&c=70150000000CcH2&INTCMP=ILC-TFTP_Top_DL<br /></a>5. Download putty.exe untuk telnet, ssh dan serial koneksi : <a href="http://www.putty.org/">http://www.putty.org/</a><br /><br /><span style="font-weight: bold;">Langkah1</span><br /><br />Download firmware switch dari:<br /><br /><a href="http://h10144.www1.hp.com/customercare/support/software/summarypages/h-j4900-c.htm">http://h10144.www1.hp.com/customercare/support/software/summarypages/h-j4900-c.htm<br /></a><br />simpan di direktori misal :<br /><br />C:\Users\Harijanto\Downloads\2600-Software-H1083\<br /><br /><span style="font-weight: bold;">Langkah2</span><br /><br />Jika switch belum di konfigure IP nya pasang kabel konsol + usb to serial , lalu gunakan aplikasi hyperterminal atau putty.exe , jangan lupa nyalakan switchnya juga.<br /><br />Untuk mengetahui di COM berapa kabel serial tersebut terpasang caranya cek di device-manager , cara paling praktis klik kanan di my computer lalu pilih manage<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKVrXz6nTvRR7TGZKs7IdStXAgkwSjxWc3Icw3cdeqGLE8zWYzfTpKl2zchyphenhyphenZXaghNNy7d_Qh_Foc-ovF790e-fQ-o643yWCpRZXTqN8LiGpwHkc2YHI2mMmnYikK_AN9w5TkMiu1JAqw/s1600/howto-uprade-procurve-firmware-1.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKVrXz6nTvRR7TGZKs7IdStXAgkwSjxWc3Icw3cdeqGLE8zWYzfTpKl2zchyphenhyphenZXaghNNy7d_Qh_Foc-ovF790e-fQ-o643yWCpRZXTqN8LiGpwHkc2YHI2mMmnYikK_AN9w5TkMiu1JAqw/s320/howto-uprade-procurve-firmware-1.png" alt="" id="BLOGGER_PHOTO_ID_5525265400425972274" border="0" /></a><br />di contoh ini usb to serial di com13<br /><br />setelah mengetahui di com berapa jalankan program putty.exe<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1tHOXRH6ZAsr58L5fDoBSUZEi0IW-3H8w7YftYTb8ErjXvpyOzaYpbZZ4wtEKTC1ixYbM7XuisK5hG4rSneDYc3iJ2jg0l4CXPiKHk_Bs7fKT63Io6o-5-nrVAcuudDomNEPXKF_G6A/s1600/howto-uprade-procurve-firmware-2.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1tHOXRH6ZAsr58L5fDoBSUZEi0IW-3H8w7YftYTb8ErjXvpyOzaYpbZZ4wtEKTC1ixYbM7XuisK5hG4rSneDYc3iJ2jg0l4CXPiKHk_Bs7fKT63Io6o-5-nrVAcuudDomNEPXKF_G6A/s320/howto-uprade-procurve-firmware-2.png" alt="" id="BLOGGER_PHOTO_ID_5525265407377020338" border="0" /></a><br />pilih serial dan ketik com13 lalu klik Open<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgISfjEy_X_EJCReQa_YlBysI1l_qJfllD8aSo3zC88FlKZkyeT5P0ZrhRHqAKZkyv5M_vofq2FPbqTxfkApQ0l8_aZEFWSmZbJXziZdGqi8auyJWhhv585p91QMKNZYdmVfec7ScC-8ms/s1600/howto-uprade-procurve-firmware-3.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgISfjEy_X_EJCReQa_YlBysI1l_qJfllD8aSo3zC88FlKZkyeT5P0ZrhRHqAKZkyv5M_vofq2FPbqTxfkApQ0l8_aZEFWSmZbJXziZdGqi8auyJWhhv585p91QMKNZYdmVfec7ScC-8ms/s320/howto-uprade-procurve-firmware-3.png" alt="" id="BLOGGER_PHOTO_ID_5525265415238002114" border="0" /></a><br />enter -> enter maka putty akan mendetek kecepatan baud-ratenya kalau sudah bisa komunikasi makan akan muncul CLI dari switch procurve tersebut<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_lfNGtmRrsaFLW9G8h2ce_BQ9EOLJh2TJo5D-MqO2lKV74G81kNR9X4FknbWGTg8mCt8rho-HDtNczfijjHULf8ONvBhzzMNwA_wU6D7sKpLxeRl10TUyoYisfYwQzpNUeHcpRdiKTNQ/s1600/howto-uprade-procurve-firmware-4.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_lfNGtmRrsaFLW9G8h2ce_BQ9EOLJh2TJo5D-MqO2lKV74G81kNR9X4FknbWGTg8mCt8rho-HDtNczfijjHULf8ONvBhzzMNwA_wU6D7sKpLxeRl10TUyoYisfYwQzpNUeHcpRdiKTNQ/s320/howto-uprade-procurve-firmware-4.png" alt="" id="BLOGGER_PHOTO_ID_5525265419491921698" border="0" /></a><br />ketik : sh run<br />maka akan muncul konfigurasi switch tersebut, di contoh ini switch belum di beri IP statik , untuk itu setup ip statik di vlan1 caranya ketik:<br /><br />config t<br />vlan1<br />ip address 192.168.0.1 255.255.255.0<br /><br />untuk menyimpan konfigurasi ketik:<br /><br />write mem<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1IJ2YW0g1JoCwYwrKQlzp0QtlnUrbQlzNP1QPYwXQxRorVt92yEoI_mkaaK2R6MSkvSjv87BT7eWj4121n_9AqSyPGUGyatbk-9d5PKQSBKTAuQLmMii1KkkTNE6-f24Gz3w5q1u8F4/s1600/howto-uprade-procurve-firmware-5.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1IJ2YW0g1JoCwYwrKQlzp0QtlnUrbQlzNP1QPYwXQxRorVt92yEoI_mkaaK2R6MSkvSjv87BT7eWj4121n_9AqSyPGUGyatbk-9d5PKQSBKTAuQLmMii1KkkTNE6-f24Gz3w5q1u8F4/s320/howto-uprade-procurve-firmware-5.png" alt="" id="BLOGGER_PHOTO_ID_5525265422806011026" border="0" /></a><br /><span style="font-weight: bold;">Langkah 3</span><br /><br />kemudian set ip 192.168.0.2 mask 255.255.255.0 di interface ethernet pada notebook seperti berikut ini:<br /><br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7S46RgFq40YaEcFtmDXUowBLljSGSJcnhGvM-zfpmyxS3MQlsdXMOVDn3pXBfslLKejCg52Xl0Tme_H6hsnBYZstFfosIVDQbkIzVVzwMAAz3OhEOgBv7CLQuBgm_2ep5WtCDKl-k5sM/s1600/howto-uprade-procurve-firmware-6.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7S46RgFq40YaEcFtmDXUowBLljSGSJcnhGvM-zfpmyxS3MQlsdXMOVDn3pXBfslLKejCg52Xl0Tme_H6hsnBYZstFfosIVDQbkIzVVzwMAAz3OhEOgBv7CLQuBgm_2ep5WtCDKl-k5sM/s320/howto-uprade-procurve-firmware-6.png" alt="" id="BLOGGER_PHOTO_ID_5525265949066850098" border="0" /></a><br />setelah notebook diset ip 192.168.0.2 netmask 255.255.255.0 maka harusnya dari notebook sudah bisa ping ke 192.168.0.1<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3QUGQ_oSGUj5DWIYAlSJa492iJMTnw9wGHo6pmyoSFWlVdpOle0AotMpo2Q023tPJMKGls-0TNv0QnI2dankj2WKfJCSGulsMU46ZI0FiSMwBSVQ7kM_pa6-U2rhi9_-BXYvh24DdL_w/s1600/howto-uprade-procurve-firmware-7.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3QUGQ_oSGUj5DWIYAlSJa492iJMTnw9wGHo6pmyoSFWlVdpOle0AotMpo2Q023tPJMKGls-0TNv0QnI2dankj2WKfJCSGulsMU46ZI0FiSMwBSVQ7kM_pa6-U2rhi9_-BXYvh24DdL_w/s320/howto-uprade-procurve-firmware-7.png" alt="" id="BLOGGER_PHOTO_ID_5525265954668627586" border="0" /></a><br /><span style="font-weight: bold;">Langkah 4</span><br /><br />lalu aktfikan tftp solarwind , arahkan direktori ke path dimana file firmware / os switch berada dengan cara klik file->configure->storage klik browse arahkan ke direktori dimana file firmware / os berada kalau sudah klik OK<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT19r4y3DELvEeCQxkp3SHRZpddYCrG9Vh8HXGcogLNGKvazPYxw7xGObnw6dPxr-sM1d77lWS_Gy-bICL2BMQFyTof0kHWvdUpkMSIip8kGVnPRfqB2-0WTzq3IgV-35ZUR9ID5uvoQM/s1600/howto-uprade-procurve-firmware-8.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT19r4y3DELvEeCQxkp3SHRZpddYCrG9Vh8HXGcogLNGKvazPYxw7xGObnw6dPxr-sM1d77lWS_Gy-bICL2BMQFyTof0kHWvdUpkMSIip8kGVnPRfqB2-0WTzq3IgV-35ZUR9ID5uvoQM/s320/howto-uprade-procurve-firmware-8.png" alt="" id="BLOGGER_PHOTO_ID_5525265958594689106" border="0" /></a><br />jangan lupa klik "Start" agar tftp server dijalankan<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnEAaQWjAvZrp7qnklAM3BaETyZuEYOrckA4y0Ar1B1gufyxZRUgYwdnGQaS7HAAmQm_dMkA0ocwmUWengnssO5BzwJzADMua2mbowHOg3YILN2S7w0UTZkRJmdKoJYj373SAFPXC5hIA/s1600/howto-uprade-procurve-firmware-9.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnEAaQWjAvZrp7qnklAM3BaETyZuEYOrckA4y0Ar1B1gufyxZRUgYwdnGQaS7HAAmQm_dMkA0ocwmUWengnssO5BzwJzADMua2mbowHOg3YILN2S7w0UTZkRJmdKoJYj373SAFPXC5hIA/s320/howto-uprade-procurve-firmware-9.png" alt="" id="BLOGGER_PHOTO_ID_5525265962392904402" border="0" /></a><br /><span style="font-weight: bold;">Langkah 5</span><br /><br />di konsole putty ketik: menu maka akan muncul menu dan pilih "Download OS"<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjco2s6Phsj0bzY3sQ0ReiGQUx4bijFIDIL0DbLwAasbG291Tc6JRJ2VWtuB9HuSwTD2OYm4eAgBWFZc2Gt7BYWRSYcuw0nxucPUU5bRBRuoJVCN3jqGmozbWjcJqeXw84zUaw4PTMj88c/s1600/howto-uprade-procurve-firmware-10.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjco2s6Phsj0bzY3sQ0ReiGQUx4bijFIDIL0DbLwAasbG291Tc6JRJ2VWtuB9HuSwTD2OYm4eAgBWFZc2Gt7BYWRSYcuw0nxucPUU5bRBRuoJVCN3jqGmozbWjcJqeXw84zUaw4PTMj88c/s320/howto-uprade-procurve-firmware-10.png" alt="" id="BLOGGER_PHOTO_ID_5525265968251745634" border="0" /></a><br />masukkan ip tftp server dalam contoh ini: 192.168.0.2 dan nama file dalam contoh ini: H_10_83.swi , kemudian pilih execute<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWAMr5HmeTs58tWemJz81M_nN8vyp3JsSYG-ke5Sxn6pqYgHVXaODbkhxrYlHDPeHqpskqk-5ZD48yw78lpMoBQMnf6d4mR3Ma25nDH-bDwgJP1tgQD6GQurvdHCE8fMR0h88G4EAFYH8/s1600/howto-uprade-procurve-firmware-11.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWAMr5HmeTs58tWemJz81M_nN8vyp3JsSYG-ke5Sxn6pqYgHVXaODbkhxrYlHDPeHqpskqk-5ZD48yw78lpMoBQMnf6d4mR3Ma25nDH-bDwgJP1tgQD6GQurvdHCE8fMR0h88G4EAFYH8/s320/howto-uprade-procurve-firmware-11.png" alt="" id="BLOGGER_PHOTO_ID_5525266301693611810" border="0" /></a><br />jika semua benar maka proses download os akan dilaksanakan<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4_8f_Y4fUjeLELM4eDCgfgqMIuNOBlElMvb5xoUJAEPpgE5HhxIFh1ghxhdSn-QS_VKsYI3_4cq7BkmNG0BEP8wCU8azzhTKFyFu7V1hxv9W6Dr1o9oVyogsSfNGiedrtaoKDGVrM2OI/s1600/howto-uprade-procurve-firmware-12.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4_8f_Y4fUjeLELM4eDCgfgqMIuNOBlElMvb5xoUJAEPpgE5HhxIFh1ghxhdSn-QS_VKsYI3_4cq7BkmNG0BEP8wCU8azzhTKFyFu7V1hxv9W6Dr1o9oVyogsSfNGiedrtaoKDGVrM2OI/s320/howto-uprade-procurve-firmware-12.png" alt="" id="BLOGGER_PHOTO_ID_5525266310379689410" border="0" /></a><br />Jika sudah selesai maka akan ada pesan sbb:<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmbfn0Hk8leFJCN5ba86qa6vsAcaobOseHHRsoToFDSu6mz0Ec00QJBRur55opGxc_yHj8hEM-P3iw2d-fWUQLGZncnWniq4NNO44N1IMpQsbFEE8pcGW1D8yZ0vTdzWnnrKJVgM9k8UU/s1600/howto-uprade-procurve-firmware-14.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmbfn0Hk8leFJCN5ba86qa6vsAcaobOseHHRsoToFDSu6mz0Ec00QJBRur55opGxc_yHj8hEM-P3iw2d-fWUQLGZncnWniq4NNO44N1IMpQsbFEE8pcGW1D8yZ0vTdzWnnrKJVgM9k8UU/s320/howto-uprade-procurve-firmware-14.png" alt="" id="BLOGGER_PHOTO_ID_5525266321267487202" border="0" /></a><br />selanjutnya switch harus di reboot, jika tidak boot otomatis ketik: boot, maka switch akan melakukan proses reboot<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUtsA8NDAXbYCZi2zuLeEIQv27YYgLGnM_wDuemHvyRvz4NLD-7Q4mQdT0mBWiAfvG0vlMZiYU2CQ028dwn0n_RfH35Aup-VyIhlcFbZ9435x84NI9ROyxUSxAbGTS1pMAwvTa4gJy5D0/s1600/howto-uprade-procurve-firmware-15.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUtsA8NDAXbYCZi2zuLeEIQv27YYgLGnM_wDuemHvyRvz4NLD-7Q4mQdT0mBWiAfvG0vlMZiYU2CQ028dwn0n_RfH35Aup-VyIhlcFbZ9435x84NI9ROyxUSxAbGTS1pMAwvTa4gJy5D0/s320/howto-uprade-procurve-firmware-15.png" alt="" id="BLOGGER_PHOTO_ID_5525266326940171122" border="0" /></a><br />dan jika sudah berhasil maka kalau di : sh run , maka tampilannya aka sbb:<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO-bFnwF1mK_GWVN_7z0sAyUmzzlPU8ErvdGo9nxaVDEa1okFBNArqrMA_06UQ89xhdwUYwqGBBASGnQj1qxVfwSwP4nUFuLttBEeV-hqcW4BXr9BNyiljoPiL_1ZijYrgAk25MZVNn9Q/s1600/howto-uprade-procurve-firmware-16.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO-bFnwF1mK_GWVN_7z0sAyUmzzlPU8ErvdGo9nxaVDEa1okFBNArqrMA_06UQ89xhdwUYwqGBBASGnQj1qxVfwSwP4nUFuLttBEeV-hqcW4BXr9BNyiljoPiL_1ZijYrgAk25MZVNn9Q/s320/howto-uprade-procurve-firmware-16.png" alt="" id="BLOGGER_PHOTO_ID_5525266702427578370" border="0" /></a><br />di sini bisa dilihat bahwa firmware/os switch sudah menggunakan versi baru yang tadi di download<br /><br />Selamat mencobaHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-60892832656593039242010-09-10T12:37:00.002+07:002010-09-10T12:55:41.691+07:00Perbedaan Pseudo Bridge dengan WDSSetelah mencari-cari penjelasan pseudobridge vs WDS akhirnya kutemukan artikel ini:<br /><br /><a href="http://forum.mikrotik.com/viewtopic.php?f=13&t=41165">http://forum.mikrotik.com/viewtopic.php?f=13&t=41165<br /></a><br />psudo only allows one active mac address to be behind the client.<br /><br />so if you have a CPE with a customers router or single PC behind it, it works great. If the customer plugs in a switch and tries to hook up two computers that try to get online, it won't work as expected for them, and only one device at a time can receive packets.<br /><br />Additionally it has less overhead than WDS, and reconnects to the AP faster in the event of a disconnect (WDS has to connect once regular, probe the AP to determine if WDS is supported, then reconnect as a WDS connection), Plus the option of turning off default forwarding on the AP works (To accomplish the same when using WDS you have to get creative and use a bunch of bridge rules).<br /><br />For a backhaul, you should really avoid using WDS (or psudobridge), you should be using regular station and bridge mode, with no other devices connected, and then routing the data across a /30 subnet, preferably using OSPF (and a redundant path available), but static routing can be used if necessary.<br /><br />Thanks Brian:<br /><span class="postbody">-Brian<br /><br /><a href="http://www.thehostingnews.com/" class="postlink">http://www.thehostingnews.com</a><br />gawkwire.com<br />sailingit.com<br /><br />Penjelasannya kurang lebih sbb:<br /><br />Kalau pake pseudo bridge hanya satu mac-address yang bisa aktif dibelakang access-point-client (APC) , alias di sisi router distribusi yang arp-tablenya hanya bisa kenal satu mac-address router sisi clientnya (semoga ngerti yang saya maksud)<br /><br />jadi kalau Client Permissive Equipment (CPE) hanya dihubungkan ke satu router client menggunakan pseudobridge akan sangat bagus, tapi kalau CPE dihubungkan ke switch lalu ada lebih dari satu komputer maka hanya salah satu komputer saja yang arp nya masuk di arp-table router ISP , jadi kalau clientnya gak punya router dari CPE langsung ke switch lalu masuk beberapa komputer sisi APC harus dijadiin station-wds<br /><br />Tapi dijelaskan oleh Brian, bahwa pseudobridge overheadnya lebih kecil dari WDS, alias lebih efisien dibanding WDS , dan pseodobridge kalau disconnect , connect lagi ke AP nya lebih cepat dibanding WDS.<br /><br />Untuk backhaul kata Brian, sebaiknya menghindari pakai WDS tapi pakai mode station dan bridge biasa lalu lakukan routing per /30 subnet bisa pakai ospf atau static routing.<br /><br />Semoga penjelasan ini bermanfaat<br /><br />Salam<br />Harijanto P.<br />http://htsolusi.net<br />http://pt-pda.net<br /><br /><br /></span>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-2630523775099481042010-09-08T09:12:00.004+07:002010-09-08T09:28:08.798+07:00Bridging Pada Ubiquiti RocketBaru-baru ini saya mencoba produk ubiquiti rocket yang digunakan sebagai bridging antar BTS, maklum masih newbie dengan produk ini jadi belum paham benar karakternya.<br /><br />Kasus yang saya hadapi:<br /><br />Untuk menghubungkan satu router mikrotik ke router mikrotik lainnya melalui ubiquiti rocket saya harus membuat eoip-tunnel agar ospf antar router berfungsi dengan baik, entah mengapa harus menggunakan eoip-tunnel kalau menggunakan dynamic routing ospf karena kalau ping ptp dan static routing bisa berfungsi<br /><br />kalau dari hasil baca-baca wiki ubiquiti sbb:<br /><a href="http://www.ubnt.com/wiki/How_to_bridge_internet_connections">http://www.ubnt.com/wiki/How_to_bridge_internet_connections</a><br /><br />Sepertinya antar ubiquiti rocket harus menggunakan access-point wds dengan station wds kalau ingin menjalankan transparent bridge, kalau dari hasil pengamatan antara ubiquiti rocket yang menggunakan wds dan tidak di tabel arp yang ada di router mikrotik jelas kalau ubiquiti rocket yang menggunakan wds arp tablenya antara ap-wds, station-wds dan router mikrotik mac-addressnya masing-masing terpisah sedangkan kalau ubiquiti rocket yang non wds arp tablenya antara ap, station dan router mikrotik mac-address station dan router sama-sama menggunakan mac-address ubiquiti jadi seperti mac clonning pada radio senao , arp tablenya bisa dilihat pada gambar berikut:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiys-J2zV2AErm3Hzq9LsT6KKjzooI2SWNTZzxDaiXDf8DIlqIREmmXbEMN2y1smdRaB23TAHEeLt7w65vUrCqVpXr677BoKrJwspRvyGqhkTqfZ8O8VZAnx5YiP7spg384jSOgfgX86HM/s1600/mac-ubnt-station-station-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 80px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiys-J2zV2AErm3Hzq9LsT6KKjzooI2SWNTZzxDaiXDf8DIlqIREmmXbEMN2y1smdRaB23TAHEeLt7w65vUrCqVpXr677BoKrJwspRvyGqhkTqfZ8O8VZAnx5YiP7spg384jSOgfgX86HM/s320/mac-ubnt-station-station-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362954744079570" border="0" /></a><br />berikut adalah screen capture ubiquiti rocket dengan ap-wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-wznx55b_pBpq9GlERj7axJYwU9lKfnE8zRTBDLV4ACir3YXwHZm4ZmsCtx9_zk_GkHOVhofj64onrVYFmICLdvtwYjKLzJdm3iUvLZxP6vqooEQLpXXhgWNxpLVCBtdkOzBQV5gWouY/s1600/ubng-ap-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 152px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-wznx55b_pBpq9GlERj7axJYwU9lKfnE8zRTBDLV4ACir3YXwHZm4ZmsCtx9_zk_GkHOVhofj64onrVYFmICLdvtwYjKLzJdm3iUvLZxP6vqooEQLpXXhgWNxpLVCBtdkOzBQV5gWouY/s320/ubng-ap-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362968187642322" border="0" /></a><br /><br />berikut adalah screen capture ubiquiti rocket dengan station-wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3iDq0NhgkifFKFyG3gM4Ic3H-GLoNRuvJcjuhLV1rD4pdpjTFNDcal967Ju4WvhosfyxRmEKEGKmt5BRI1KeEQt9NcE8z2qmwSuWXIKmMG2a0k_gRHV_Cg-lPSzjRXMxZRjQbyS1NjXs/s1600/ubng-station-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3iDq0NhgkifFKFyG3gM4Ic3H-GLoNRuvJcjuhLV1rD4pdpjTFNDcal967Ju4WvhosfyxRmEKEGKmt5BRI1KeEQt9NcE8z2qmwSuWXIKmMG2a0k_gRHV_Cg-lPSzjRXMxZRjQbyS1NjXs/s320/ubng-station-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362978598094450" border="0" /></a><br /><br />berikut adalah screen capture ubiquiti dengan ap non wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisdDxJuRHuzTBGdS6M29X7dQ0jCsKn5O3R8oWM9jiPeT-TdFSAWkN1ibasPOZgbChUTGYUSi5JeUDQ9aOm9pvk4fpBX4NNsZfbW4XPlGg7_fjMlIKeXtMAKM1hOodhPESEErZSGzd6xro/s1600/ubnt-ap.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisdDxJuRHuzTBGdS6M29X7dQ0jCsKn5O3R8oWM9jiPeT-TdFSAWkN1ibasPOZgbChUTGYUSi5JeUDQ9aOm9pvk4fpBX4NNsZfbW4XPlGg7_fjMlIKeXtMAKM1hOodhPESEErZSGzd6xro/s320/ubnt-ap.png" alt="" id="BLOGGER_PHOTO_ID_5514362988786801826" border="0" /></a><br />berikut adalah screen capture ubiquiti dengan station non wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6ELlGC64mprtKAgvg7NCqP02b6P8raVIUdxH1ItQE4anT46-r4OkISZ9SBzAGQzPFdF0WSJxJzEwOHw6Wgb1NJ8IcpE87YWOaZFmYx4rJk-Bs6lJSEO6tZdKA_F7rd2LpmYZiYvkNfA8/s1600/ubnt-station.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6ELlGC64mprtKAgvg7NCqP02b6P8raVIUdxH1ItQE4anT46-r4OkISZ9SBzAGQzPFdF0WSJxJzEwOHw6Wgb1NJ8IcpE87YWOaZFmYx4rJk-Bs6lJSEO6tZdKA_F7rd2LpmYZiYvkNfA8/s320/ubnt-station.png" alt="" id="BLOGGER_PHOTO_ID_5514363004782942786" border="0" /></a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-57018803744062320452010-08-20T00:44:00.004+07:002010-08-20T01:03:49.442+07:00RSTP Bridge failover layer2 menggunakan Mikrotik<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvXgdoJxU_bYzhsF5C9A87z5yK3XnmE3FpQSenLmvoxOGlSH5WbvxV5-ebfCNNLSvPflLUSa9RZhJjLOYZ_OwsK1LyUxAJUwaaZ8zkC5eXsrVY3vXZUZ4BVXaBMUGG2w0azRT1_afnv3I/s1600/IMG00215-20100820-0025.jpg"><br /></a>Hari ini saya kedatangan kawan lama , seperti biasa dia minta bantuan ngoprek Mikrotik<br />masalahnhya dia ingin memasang server penyaring spam virus dll dalam mode bridge tetapi kalau suatu saat server penyaring tsb bermasalah maka traffic harus di bypass melalui port lainnya<br /><br />kurang lebih topologinya spt ini:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9a9s7ufHGySff9ZwyVplrCausO2U2ZDyRXkp08nwtu68W7cjNvA0-DqSAuEaYdJeskyV-lpBXRi65o4ijTBy600QJtkJ2h9nPM-pgv8JZHGOdrhE_LWRLjPyScm-fbLKtB5-NjCLkN_w/s1600/topologi.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 109px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9a9s7ufHGySff9ZwyVplrCausO2U2ZDyRXkp08nwtu68W7cjNvA0-DqSAuEaYdJeskyV-lpBXRi65o4ijTBy600QJtkJ2h9nPM-pgv8JZHGOdrhE_LWRLjPyScm-fbLKtB5-NjCLkN_w/s320/topologi.jpg" alt="" id="BLOGGER_PHOTO_ID_5507179542725369602" border="0" /></a><br />Jadi semisal link ether2 putus maka data akan mengalir melalui ether1 , sedangkan jika link ether1 putus data akan mengalir melalui ether2, jika kedua link tidak putus maka data akan mengalir melalui ether1 menggunakan mekanisme RSTP: <a href="http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge">http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge</a><br /><br />dalam percobaan ini saya menggunakan RB750G yang terdiri dari RSTP-A dan RSTP-B, dimana RSTP-A pada ether3 terhubung langsung dengan router / koneksi Internet sedangkan RSTP-B terhubung dengan notebook<br /><br />Berikut adalah foto RSTP-A<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJpCtcPT-fO6kbCnwB3BMeHoQDvdQnnMg3-wmwP52p0A_2RaHqz3DSDN8yU676-n0p2UxLfi7XYb9tWUsSf-Hdv13OixsK0q9W4V-BaRGZkqykaxaALfvVzrKWO4BdgqACGCqc-iPEk8E/s1600/IMG00214-20100820-0024.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJpCtcPT-fO6kbCnwB3BMeHoQDvdQnnMg3-wmwP52p0A_2RaHqz3DSDN8yU676-n0p2UxLfi7XYb9tWUsSf-Hdv13OixsK0q9W4V-BaRGZkqykaxaALfvVzrKWO4BdgqACGCqc-iPEk8E/s320/IMG00214-20100820-0024.jpg" alt="" id="BLOGGER_PHOTO_ID_5507181073719270738" border="0" /></a><br />Berikut adalah foto RSTP-B<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvXgdoJxU_bYzhsF5C9A87z5yK3XnmE3FpQSenLmvoxOGlSH5WbvxV5-ebfCNNLSvPflLUSa9RZhJjLOYZ_OwsK1LyUxAJUwaaZ8zkC5eXsrVY3vXZUZ4BVXaBMUGG2w0azRT1_afnv3I/s1600/IMG00215-20100820-0025.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvXgdoJxU_bYzhsF5C9A87z5yK3XnmE3FpQSenLmvoxOGlSH5WbvxV5-ebfCNNLSvPflLUSa9RZhJjLOYZ_OwsK1LyUxAJUwaaZ8zkC5eXsrVY3vXZUZ4BVXaBMUGG2w0azRT1_afnv3I/s320/IMG00215-20100820-0025.jpg" alt="" id="BLOGGER_PHOTO_ID_5507181083185133458" border="0" /></a><br />Pada RSTP-A Konfigurasi bisa dilihat sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgraJDcmOVoidsr7CjHw48oxxGDVdahP0P53Ko5voM7KQ19-43_2JeQiQxrVKAJjSLRibi2G3IpocjYeKNaPT6gRf_m7I_xlwkiiwcq5L4aXE3UwTCRyUG44nyxhezdway2yccqluycZEU/s1600/RSTP-A.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgraJDcmOVoidsr7CjHw48oxxGDVdahP0P53Ko5voM7KQ19-43_2JeQiQxrVKAJjSLRibi2G3IpocjYeKNaPT6gRf_m7I_xlwkiiwcq5L4aXE3UwTCRyUG44nyxhezdway2yccqluycZEU/s320/RSTP-A.png" alt="" id="BLOGGER_PHOTO_ID_5507179548058035218" border="0" /></a><br />Pada RSTP-B konfigurasi bisa dilihat sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWijcYxeGpsSmuMTjZtCbBnnMimPkjb-w8LqYv9ZqApkZgVxdFoA_Zy00jkPAuH8-fDYgkduHmiBCkDp4IMZbXOexvtwjTv6K8jWV6k43GFyG3ueN53HZt3Tg6aGcFLCJwLxEWhQ91CdA/s1600/RSTP-B.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWijcYxeGpsSmuMTjZtCbBnnMimPkjb-w8LqYv9ZqApkZgVxdFoA_Zy00jkPAuH8-fDYgkduHmiBCkDp4IMZbXOexvtwjTv6K8jWV6k43GFyG3ueN53HZt3Tg6aGcFLCJwLxEWhQ91CdA/s320/RSTP-B.png" alt="" id="BLOGGER_PHOTO_ID_5507179551105042418" border="0" /></a><br />Yang membedakannya hanya pada :<br /><br />[admin@RSTP-B] /interface bridge port> /interface bridge port set path-cost=20 interface=ether2<br /><br />jadi di RSTP-A dan RSTP-B untuk interface=ether2 path-cost dibuat 20 sedangkan ether1 path-cost = 10<br /><br />sehingga pada keadaan normal data akan dialirkan melalui ether1 ke ether3 melalui bridge<br /><br />untuk uji coba saya lakukan ping ke dns google 8.8.8.8 dari notebook lalu salah satu kabel misal ether1 saya cabut maka data akan mengalir lewat ether2<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguLUABOLmk9ETyxP7Z4819diFabIkZryREfIR9Qjyqqj8wsD6U__BtdbVGMJhgTgq9Eev11ZhtCUYpbHWHpNm7RgpR1z7ZKn0IWmsZ-nt54SRU7y-9AUXDT3g0ew7Y5NJAa9Wo5RNzCUY/s1600/RSTP-B-ETHER2-PLUG.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguLUABOLmk9ETyxP7Z4819diFabIkZryREfIR9Qjyqqj8wsD6U__BtdbVGMJhgTgq9Eev11ZhtCUYpbHWHpNm7RgpR1z7ZKn0IWmsZ-nt54SRU7y-9AUXDT3g0ew7Y5NJAa9Wo5RNzCUY/s320/RSTP-B-ETHER2-PLUG.png" alt="" id="BLOGGER_PHOTO_ID_5507179562789848754" border="0" /></a><br />dan ketika kabel ether1 di pasang lagi maka data akan kembali melalui ether1<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcrdXKsZuF1lLu4uGy7CH3UhflaxxMgF7mj2wzghvI8dyc8Ch8576TrB07LfvzpbkkE6qZOphLSQPJPp-UkCDqGFTR8QGfLmX5B1z7MBEmuRRqTLYotj_-Hxblt24tK7RuHcMbwCn2Jg8/s1600/RSTP-B-ETHER2-UNPLUG.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcrdXKsZuF1lLu4uGy7CH3UhflaxxMgF7mj2wzghvI8dyc8Ch8576TrB07LfvzpbkkE6qZOphLSQPJPp-UkCDqGFTR8QGfLmX5B1z7MBEmuRRqTLYotj_-Hxblt24tK7RuHcMbwCn2Jg8/s320/RSTP-B-ETHER2-UNPLUG.png" alt="" id="BLOGGER_PHOTO_ID_5507179561185022962" border="0" /></a><br />atau sebaliknya<br /><br />jadi kesimpulannya dua RB750G tersebut bisa menjadi bridge RSTP yang menjadi solusi fail-over layer2 yang ekonomis dan praktisHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com3tag:blogger.com,1999:blog-4650800593925871709.post-70816758638779494322010-06-21T23:26:00.008+07:002010-06-21T23:52:08.202+07:00Analisa Paket Data Game Point Blank pada waktu melakukan Patch dibantu cache dari Squid ProxyWah sudah lama gak nulis di blog , kebetulan malam ini iseng pengen tahu karakter game Point Blank http://pb.gemscool.com/<br /><br />Setelah mendownload aplikasi dan patch dan mendaftar user di gemscool lalu selanjutnya saya coba mainkan mh.... ya seperti Counter Strike permainannya tapi karena tangan sudah lama gak dibuat untuk main game jadi ya kaku kaku gitu harus menghafalkan tombol2 navigasi lagi yang kurang lebih seperti CS.<br /><br />yang menarik pada waktu iseng saya klik tombol Check sebelum mengklik Start yang dilakukan oleh PB adalah melakukan download patch dan ternyata bandwidth 10Mbps di sikat habis wak....<br />waduh ini game kalau lagi ngepatch sadis punya ternyata mh... iseng saya torch di mikrotik ternyata patchnya via port 80 alias http wah ini bisa di bantu squid nih.<br /><br />Benar saja setelah saya redirect port 80 ke squid hasilnya sesuai dengan yang saya inginkan yaitu file2 patch bisa di cache di squid proxy sehingga trafficnya sekarang yang besar yang kearah squid proxy<br /><br />Gambar berikut adalah bukti bahwa proses patch bisa di bantu squid dengan hasil tail -f /var/log/squid/access.log banyak sekali TCP_HIT maupun TCP_MEM_HIT untuk file2 .zip artinya sekarang patch PB diambil dari cache yang ada di squid<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRpGMgSzLU_0EYsosXIDWw9dqnQv7SPmVIYqeqLv8fAih6N4SobHRzYbAuIIB25aeEE9ZuC3WG2zirfq0cmmPIxkSC3Cc9lKYTpBojzNDmpkss0Ur72ubi6Ovp91Fp5m1OwBNzFgC7tn0/s1600/squid-hit-patch-pb.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 216px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRpGMgSzLU_0EYsosXIDWw9dqnQv7SPmVIYqeqLv8fAih6N4SobHRzYbAuIIB25aeEE9ZuC3WG2zirfq0cmmPIxkSC3Cc9lKYTpBojzNDmpkss0Ur72ubi6Ovp91Fp5m1OwBNzFgC7tn0/s400/squid-hit-patch-pb.png" alt="" id="BLOGGER_PHOTO_ID_5485265695488923090" border="0" /></a><br />Berikut adalah tampilan torch mikrotik pada interface wlan1 untuk ip source 10.5.50.232 ternyata pada waktu patch Tx Rate sangat tinggi sekali mencapai 8.2Mbps , untungnya saat ini sudah di dst-nat ke squid sehingga Data Rate yang menuju ke Jakarta tidak sampai 8.2Mbps karena sebagian besar file patching telah ada di squid proxy<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4LsvXBxgujSCXNIpFyVHShkYzXcTPOgh8tQ4x0kRMK0vusUR0pw4EMWPd5YwvDUONCmif-hDRGLXb-lIee1JSsFVcUUw0LDx2brwq_qs8gvJ5RYiWe5Z0tCAdsXKcncoiEsGH6vhxOiU/s1600/kantor-pda-t-proxy.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 199px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4LsvXBxgujSCXNIpFyVHShkYzXcTPOgh8tQ4x0kRMK0vusUR0pw4EMWPd5YwvDUONCmif-hDRGLXb-lIee1JSsFVcUUw0LDx2brwq_qs8gvJ5RYiWe5Z0tCAdsXKcncoiEsGH6vhxOiU/s400/kantor-pda-t-proxy.png" alt="" id="BLOGGER_PHOTO_ID_5485266214130663810" border="0" /></a><br /><br />Ini adalah buktinya pada waktu PB melakukan patching dan port 80 diredirect ke squid proxy di mikrotik backbone Jakarta-Cirebon tidak terjadi lonjakan traffic sd 8Mbps lebih seperti yang terjadi pada mikrotik distribusi hotspot di kantor.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-sjRdsY8FRONCE00vctzmnMQAWU37z_T8plRX4xt6ApteTICY7X3ZxsOHm3xquynzkClrZ7S8eZ2whqMzYpMldXPBlqa52gORtAAqYltG9qMiz6uW9a2uQJ0tiATwZoRjLX_A1P5ijlc/s1600/pda1-torch.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 217px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-sjRdsY8FRONCE00vctzmnMQAWU37z_T8plRX4xt6ApteTICY7X3ZxsOHm3xquynzkClrZ7S8eZ2whqMzYpMldXPBlqa52gORtAAqYltG9qMiz6uW9a2uQJ0tiATwZoRjLX_A1P5ijlc/s400/pda1-torch.png" alt="" id="BLOGGER_PHOTO_ID_5485268089555894882" border="0" /></a><br /><br />Jadi kesimpulannya traffic patch Point Blank sangat bisa di bantu oleh mekanisme cache squid proxy, sedangkan pada saat permainan berlangsung dengan skenario notebook saya sebagai client yang joint ke server public PB , data rate yang terjadi sangat kecil sekitar 15Kbps-16Kbps<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQiz8bXxF5jzK4EtBrSWQGEn-alTFBMvCWCuniDf7fBcW_8Jalv3UxUS7xRYS0XnmAkJEWDJ81T3lrznN5P-fGVR9fFvCYEBxDmYbuKQgT-xs8BIqvaHpJtmKl9HsMkfQCpZe81gKJdEM/s1600/pb-on-war.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 134px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQiz8bXxF5jzK4EtBrSWQGEn-alTFBMvCWCuniDf7fBcW_8Jalv3UxUS7xRYS0XnmAkJEWDJ81T3lrznN5P-fGVR9fFvCYEBxDmYbuKQgT-xs8BIqvaHpJtmKl9HsMkfQCpZe81gKJdEM/s400/pb-on-war.png" alt="" id="BLOGGER_PHOTO_ID_5485268721959952594" border="0" /></a><br />Jadi kesimpulannya:<br /><br />1. Proses Patch game Point Blank yang sangat berat bisa di bantu dengan mekanisme cache dari squid<br />2. Pada saat permainan berlangsung alokasi bandwidth per PC game bisa diset dari 32Kbps - 128Kbps<br />3. Buat alokasi bandwidth khusus yang berasal dari PC Game menuju ke squid proxy<br /><br />adapun di /etc/squid/squid.conf saya coba set parameter berikut:<br /><br />maximum_object_size 300000 KB<br />store_avg_object_size 5000 KB<br /><br />karena dari beberapa forum dan blog, ada yang berkomentar maximum objectnya di besarkan jadi 300MB agar file2 patch PB bisa di cache oleh squid<br /><br />Semoga hasil analisa ini bisa berguna bagi yang memerlukannyaHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com6tag:blogger.com,1999:blog-4650800593925871709.post-89953029316178785892010-01-05T14:24:00.006+07:002010-01-05T14:48:17.435+07:00Max-Term + SATA DOM + Mikrotik 4.4 Level 4 alternatif RB1000Hari ini dapet mainan dari seorang teman sebuah Komputer Max-Term / Maxspeed dengan spesifikasi sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjELCmiz1zGGF8XkUaioaMbaZVLGWn7QW0nIu5FSHbsgBP5JlYv50rzt8TuCKCcFUrnpOk9pEMODAxTT9IsHgzThP8F6yAL8sRKgGOylqMEIaHRfiSHin_J_kDlyWBfXiRlCIhFvJL5zKY/s1600-h/maxterm.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 353px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjELCmiz1zGGF8XkUaioaMbaZVLGWn7QW0nIu5FSHbsgBP5JlYv50rzt8TuCKCcFUrnpOk9pEMODAxTT9IsHgzThP8F6yAL8sRKgGOylqMEIaHRfiSHin_J_kDlyWBfXiRlCIhFvJL5zKY/s400/maxterm.JPG" alt="" id="BLOGGER_PHOTO_ID_5423154380225848738" border="0" /></a><br /><br />Penasaran mau tahu bisa menangani paket sebanyak apa saya lakukan percobaan dengan menggunakan btest.exe dari notebook dengan spesifikasi sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQMBrDS3uFsniv7AHLUU_C-UahNg-tY_zWM3yNwkKmAe148-22sYwhCtjSTuz4oU0GxeI5VuGL4xp8u8csXT3fg705aMJwqmZcvodiGMCfZsf8DT8oFwFsRQyexmPXavrmMWcM4KonlKg/s1600-h/winxp.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 351px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQMBrDS3uFsniv7AHLUU_C-UahNg-tY_zWM3yNwkKmAe148-22sYwhCtjSTuz4oU0GxeI5VuGL4xp8u8csXT3fg705aMJwqmZcvodiGMCfZsf8DT8oFwFsRQyexmPXavrmMWcM4KonlKg/s400/winxp.JPG" alt="" id="BLOGGER_PHOTO_ID_5423155222759817010" border="0" /></a><br /><span style="font-weight: bold;">Percobaan 1: </span>Max-Term dijalankan BTest-Server lalu dari notebook lenovo menjalankan btest.exe sebanyak 15 windows dengan kombinasi udp dan tcp packet, hasilnya:<br /><br />Tx Packet mencapai 8.658 pps dan Rx Packet 14.304 pps pada Tx 76.5 Mbps dan Rx 91.1 Mbps dengna latency mencapai 50 ms - 80 ms cpu 100%<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjToYtAZ6UnZmphlonKPGOViHBEm9lCUECpvNMkQLxPkY68gm7yLLH0bUeOlBnZcT4zjPX8P4x6mnrrdHbAb6fwSeRB8xKhTsDU6v0XnQW7X3LHdlxCUTdEOF9qB7I_oT6bSBp-ivayoGQ/s1600-h/max-term-test-packet.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjToYtAZ6UnZmphlonKPGOViHBEm9lCUECpvNMkQLxPkY68gm7yLLH0bUeOlBnZcT4zjPX8P4x6mnrrdHbAb6fwSeRB8xKhTsDU6v0XnQW7X3LHdlxCUTdEOF9qB7I_oT6bSBp-ivayoGQ/s400/max-term-test-packet.JPG" alt="" id="BLOGGER_PHOTO_ID_5423153737114091042" border="0" /></a><br /><br /><span style="font-weight: bold;">Percobaan 2:</span> Notebook menjalankan btest.exe sebagai server dan Max-Term melakukan bandwidth-test ke notebook sebanyak 25 terminal dengan protocol udp hasilnya:<br /><br />Tx Packet mencapai 3.280 pps dan Rx Packet 8.061 pps pada Tx 38.7Mbps dan Rx 97.1Mbps dengna latency mencapai 3 ms cpu 18%<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEiDUkMQ5mhDnq_ebvSxb2FKE90bOj7HivpPl049sRcoHp1tJOjgnuexm1ObiI3VfA5DQ6cRlBOdPn9OMPkE8WO2uPupeu4S7H76W8Utc-ZJt3EyUI1FCdLtkQVJfyE9B_yhSemDQ0HlU/s1600-h/max-term-test-packet-udp-to-notebook.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEiDUkMQ5mhDnq_ebvSxb2FKE90bOj7HivpPl049sRcoHp1tJOjgnuexm1ObiI3VfA5DQ6cRlBOdPn9OMPkE8WO2uPupeu4S7H76W8Utc-ZJt3EyUI1FCdLtkQVJfyE9B_yhSemDQ0HlU/s400/max-term-test-packet-udp-to-notebook.JPG" alt="" id="BLOGGER_PHOTO_ID_5423153741375937954" border="0" /></a><br />Kesimpulan:<br />Harusnya dengan MaxTerm / Maxspeed + Mikrotik 4.4 Level 4 bisa mem-forward packet 0 - 10000 pps pada throughput <input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"> 0 - 20 Mbps dengan lancar<br /><br />Berikut adalah gambar MaxTerm / Maxspeed :<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRIlCr8XHUCWGmKeb0h2gAnDhG1SPQPaBpCEMoOhSYOOQZuWXUYYCm4MZLazejOMjtaK-6PBYUqiw7sFfFCY79AB9KlsXTGM6fBpRdYLfbND95jVNO8449vqpzLDJ035GyTegUasG0Ki8/s1600-h/IMG00048-20100105-1357.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRIlCr8XHUCWGmKeb0h2gAnDhG1SPQPaBpCEMoOhSYOOQZuWXUYYCm4MZLazejOMjtaK-6PBYUqiw7sFfFCY79AB9KlsXTGM6fBpRdYLfbND95jVNO8449vqpzLDJ035GyTegUasG0Ki8/s400/IMG00048-20100105-1357.jpg" alt="" id="BLOGGER_PHOTO_ID_5423153730504550786" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOUlb-bEtatWkaa5pN5TehRY313b-63NDqzfyyCLCOKWtWQz3A9jybhhNQjw6wor-4fZ6E-P9aN-QL8IJ9dvrCrg568Ge1wKswinidztdddBa3elP9CUSZwTHXBIGdtSoUoCSsKHbUt2w/s1600-h/IMG00047-20100105-1356.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOUlb-bEtatWkaa5pN5TehRY313b-63NDqzfyyCLCOKWtWQz3A9jybhhNQjw6wor-4fZ6E-P9aN-QL8IJ9dvrCrg568Ge1wKswinidztdddBa3elP9CUSZwTHXBIGdtSoUoCSsKHbUt2w/s400/IMG00047-20100105-1356.jpg" alt="" id="BLOGGER_PHOTO_ID_5423153733496044290" border="0" /></a><br />yang mau cari barangnya cek aja di : <a href="http://www.edccomp.com/product.php?id_product=175">http://www.edccomp.com</a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com3tag:blogger.com,1999:blog-4650800593925871709.post-39986839264403530672010-01-02T10:26:00.034+07:002010-01-02T11:45:51.586+07:00BGP Failover antar BTSHalo apakabar? Selamat Tahun Baru 2010 sudah lama saya tidak menulis blog saya ini, kebetulan lagi liburan Tahun Baru saya coba tulis contoh kasus BGP Failover antar BTS.<br /><br />Dalam contoh kasus BGP Failover antar BTS skenarionya adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2U1PDZKx9qQ60oKoycJXe84j3J9ZepnBi-Rp5P0CeNZWdt4vHcvLDALinpSajwpXfIUVKSY7DPkfWZNA5iJE7a6XaijSCktnbmebAjCcZ7SxL1EPgApDbru0zE-MEYY8SjvwizHCH-LQ/s1600-h/bgp-failover-cyber-meruya-slipi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 352px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2U1PDZKx9qQ60oKoycJXe84j3J9ZepnBi-Rp5P0CeNZWdt4vHcvLDALinpSajwpXfIUVKSY7DPkfWZNA5iJE7a6XaijSCktnbmebAjCcZ7SxL1EPgApDbru0zE-MEYY8SjvwizHCH-LQ/s400/bgp-failover-cyber-meruya-slipi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421980100036832658" border="0" /></a><br />Dengan skenario diatas maka BTS Slipi dan BTS Meruya menjadi full-protection (bahasa kerennya XL / Moratel / Icon+ untuk backbone fiber-optic mereka di pulau Jawa)<br /><br />Dengan demikian ada 4 BGP Router yang terlibat dalam skenario ini, yaitu: Router International dan Router OIXP/IIX yang keduanya ada di Gedung Cyber dan Router Mikrotik di BTS Slipi dan BTS Meruya<br /><br />Adapun link yang antara Gedung Cyber ke Slipi menggunakan Fiber Optic sedangkan antara Gedung Cyber ke Meruya menggunakan Microwave 15Ghz (Pake ISR tentunya) dan Dari Meruya ke Slipi menggunakan WiFi IEEE 802.11 tentunya pake Mikrotik RB600<br /><br />Ok langsung saja berikut adalah screen capturenya semoga bermanfaat bagi yang membacanya, oh ya dalam screen capture ip-ip publik yang relevan tidak saya sensor agar bisa menjadi contoh nyata karena semangat saya nulis adalah untuk berbagi jadi mohon agar tidak di serang ya "semoga".<br /><br /><span style="font-weight: bold;">Konfigurasi di Router IIX di Cyber pada Cisco 7206VXR G2:</span><br /><br />neighbor ke Mikrotik Meruya<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuJdzaA254BLZymk7ddgcRyCXor8cUsZjJawjFYZXu_tEhatUWEr3aWgblYhrkPrb5Qzd7ZH70pJ7mKoZ2g6Sn86kobxFQND8diWTSPNh6J4sRirVCF_rz0RXdRQeXAEJ3EcOteUl7B1Q/s1600-h/bgp-failover-cisco-bgp-peers-meruya.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 77px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuJdzaA254BLZymk7ddgcRyCXor8cUsZjJawjFYZXu_tEhatUWEr3aWgblYhrkPrb5Qzd7ZH70pJ7mKoZ2g6Sn86kobxFQND8diWTSPNh6J4sRirVCF_rz0RXdRQeXAEJ3EcOteUl7B1Q/s400/bgp-failover-cisco-bgp-peers-meruya.jpg" alt="" id="BLOGGER_PHOTO_ID_5421983475940716178" border="0" /></a><br />neighbor ke Mikrotik Slipi<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrC8oaU7zcEqKhKqkPZ-mTTc_pok-J5x5eP3iebNdbpLZDE3BeNNbs4GcCuJFmpcGl1cVnBEov5E52fJkMbXTo23lkq3mYsh3-dazNDeAkXEtdCpEj4skfo0Kgavyhx6V8c_vIgU9tREw/s1600-h/bgp-failover-cisco-bgp-peers-peninsula.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 72px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrC8oaU7zcEqKhKqkPZ-mTTc_pok-J5x5eP3iebNdbpLZDE3BeNNbs4GcCuJFmpcGl1cVnBEov5E52fJkMbXTo23lkq3mYsh3-dazNDeAkXEtdCpEj4skfo0Kgavyhx6V8c_vIgU9tREw/s400/bgp-failover-cisco-bgp-peers-peninsula.jpg" alt="" id="BLOGGER_PHOTO_ID_5421983852027907602" border="0" /></a><br />route-map IIXNICEONLY-EXPORT<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVdhuUri1wsNMCHsG2HBphYBGKiG9ugDpULq3ooNQbppzy6gwKKo_UVkZDrHXY07PxSbewJFZez_E-MZ4Uew5O3BZLlRRFEc_Bfd_rWZPhkmHc9NvvOYDgkrer3Vmmzw26pabd4f2cX1g/s1600-h/bgp-failover-cisco-route-map.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 325px; height: 131px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVdhuUri1wsNMCHsG2HBphYBGKiG9ugDpULq3ooNQbppzy6gwKKo_UVkZDrHXY07PxSbewJFZez_E-MZ4Uew5O3BZLlRRFEc_Bfd_rWZPhkmHc9NvvOYDgkrer3Vmmzw26pabd4f2cX1g/s400/bgp-failover-cisco-route-map.jpg" alt="" id="BLOGGER_PHOTO_ID_5421984135904187106" border="0" /></a><br />as-path 2 , tujuannya untuk memfilter hanya prefix dari AS7597 (IIX) dan AS7717 (NICE/OIXP) yang akan di advertise ke BGP Meruya dan Slipi, untuk di implementasikan ke route-map IIXNICEONLY-EXPORT diatas<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWaGaFlkuTw4M6-Tg1BcYxDes-B3QxP7XHq3rlMWO04AlsE1Br1RM5J7FwDHWWzdjw-r8i6KMyeS1TErFr7qZYRv-0yh3t_ZIHCPD79L5aiYQzlzbfwvuKk4ANE3zv4f0Bo6hD0FOQFpo/s1600-h/bgp-failover-cisco-as-path-2.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 326px; height: 49px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWaGaFlkuTw4M6-Tg1BcYxDes-B3QxP7XHq3rlMWO04AlsE1Br1RM5J7FwDHWWzdjw-r8i6KMyeS1TErFr7qZYRv-0yh3t_ZIHCPD79L5aiYQzlzbfwvuKk4ANE3zv4f0Bo6hD0FOQFpo/s400/bgp-failover-cisco-as-path-2.jpg" alt="" id="BLOGGER_PHOTO_ID_5421984572200750050" border="0" /></a><br />access-list 100, tujuannya selain prefix dari AS7597 (IIX) dan AS7717 (NICE/OIXP) juga prefix asli milik Datautama di advertise ke BGP Meruya dan Slipi, untuk di implementasikan ke route-map IIXNICEONLY-EXPORT diatas<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyRls4J5m4giAVLEDfAaqxvrFPsX0D-66saVLCnhWq2rL3d7fNFEERnQnQCKKEgdu659R-Rka1FF87ll8PUyz1RkONsd6oDPyeOrlCuSVUj59K_Xq72y55_ZFWgOPT1r0oPaAeJBkhTj4/s1600-h/bgp-failover-cisco-access-list.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 361px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyRls4J5m4giAVLEDfAaqxvrFPsX0D-66saVLCnhWq2rL3d7fNFEERnQnQCKKEgdu659R-Rka1FF87ll8PUyz1RkONsd6oDPyeOrlCuSVUj59K_Xq72y55_ZFWgOPT1r0oPaAeJBkhTj4/s400/bgp-failover-cisco-access-list.jpg" alt="" id="BLOGGER_PHOTO_ID_5421985271715157362" border="0" /></a><br />Dengan demikian maka BGP Meruya dan Slipi akan menerima prefix/routing table IIX+OIXP+Datautama<br /><br />Jika konfigurasi ke 4 BGP tersebut telah berfungsi maka hasil "sh ip bgp sum" di router IIX/OIXP di cyber adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgejG7SQ8rCWQEz6LwIkhjFfgSaxvdxLoxe4fzl9lG6nsdJlP6Xik5TKryhjNhyphenhyphenFisQRBCSln9ApYxQmP2-MA3XaaSjVrwuvor-H9MqJ_icIa0MkbrZ8UjZ7sRF9s2fbsHXxjlFPL7GWP4/s1600-h/bgp-failover-cisco-bgp-sum.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 327px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgejG7SQ8rCWQEz6LwIkhjFfgSaxvdxLoxe4fzl9lG6nsdJlP6Xik5TKryhjNhyphenhyphenFisQRBCSln9ApYxQmP2-MA3XaaSjVrwuvor-H9MqJ_icIa0MkbrZ8UjZ7sRF9s2fbsHXxjlFPL7GWP4/s400/bgp-failover-cisco-bgp-sum.jpg" alt="" id="BLOGGER_PHOTO_ID_5421986547243575362" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Internatinoal di Cyber:<br /></span><span><br />neighbor ke Mikrotik Meruya</span><span style="font-weight: bold;"><br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSnK_lB06iSgwxs41YWwWdmIn8-TafrFmQyjXj0W24sSqckM73lGVPz4qYo-9s6i-MlAWUOs1WaJns9O9VT19KcgoCp8sfoIsOI6aTys8TFKWi_u6tv0Sn_nHvAYpj0RXzT540k_pJOdA/s1600-h/bgp-failover-ibm-bgp-peers-meruya.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 93px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSnK_lB06iSgwxs41YWwWdmIn8-TafrFmQyjXj0W24sSqckM73lGVPz4qYo-9s6i-MlAWUOs1WaJns9O9VT19KcgoCp8sfoIsOI6aTys8TFKWi_u6tv0Sn_nHvAYpj0RXzT540k_pJOdA/s400/bgp-failover-ibm-bgp-peers-meruya.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987038920343074" border="0" /></a><br />neighbor ke Mikrotik Slipi<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLfSK3D6UhXBcm5nOlXBvYXIdg81Hd8YTw6Q-oZDJhQLgGcCGzgnxvBiezG1P8GdT04F5zO8RqB1uL7OY2ge6ZlnbPlsIMdaJkpuUKBXR7CYgedy1eUjH6B7nBp6bHLimee2caz4rLMOw/s1600-h/bgp-failover-ibm-bgp-peers-slipi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 87px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLfSK3D6UhXBcm5nOlXBvYXIdg81Hd8YTw6Q-oZDJhQLgGcCGzgnxvBiezG1P8GdT04F5zO8RqB1uL7OY2ge6ZlnbPlsIMdaJkpuUKBXR7CYgedy1eUjH6B7nBp6bHLimee2caz4rLMOw/s400/bgp-failover-ibm-bgp-peers-slipi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987230401230914" border="0" /></a><br />route-map KOSONG<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkcPlcU6w4UBlSEM66WpdBSMwhrxFBVtFAwarp6sNnqHvJZL9hIZOf41m-cxQT3sjtvfEtVFlC_NEs2GVELANobFogAe1H6j6hbXtxG6ASZyWomsLtQl4s6IUBNVWclU9mmO_Fhf-wUk/s1600-h/bgp-failover-ibm-route-map.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 355px; height: 130px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkcPlcU6w4UBlSEM66WpdBSMwhrxFBVtFAwarp6sNnqHvJZL9hIZOf41m-cxQT3sjtvfEtVFlC_NEs2GVELANobFogAe1H6j6hbXtxG6ASZyWomsLtQl4s6IUBNVWclU9mmO_Fhf-wUk/s400/bgp-failover-ibm-route-map.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987542779949874" border="0" /></a><br />tujuan dari as-path access-list 11 deny .* pada route-map KOSONG adalah untuk memfilter semua prefix dari International agar tidak di advertise ke BTS Meruya dan Slipi, karena Mikrotik Meruya dan Slipi hanya perlu prefix IIX/OIXP agar routing menuju ke IIX/OIXP langsung belok ke Router IIX/OIXP di Cyber sedangkan default-route menuju ke Router International.<br /><br />Sebagai catatan: hal terpenting dalam bermain BGP maupun OSPF adalah pemahaman tentang filtering as-path , access-list, prepend, subnet dan supernet.<br /><br />Jika konfigurasi ke 4 BGP tersebut telah berfungsi maka hasil "sh ip bgp sum" di router International di cyber adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOE2NuxDMY8bX_BN0Y50ZS7pSAcymUWj4ktK-TXYalH13BkysTplaPCaceoyMjWoX3teRxpC-S_YVyvKGHK8nG4YnGONs71GSJX6T98VkOvpZnUPL0VCXvoyNB8RZviNeEJvZ5FDENDN0/s1600-h/bgp-failover-ibm-bgp-sum.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 230px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOE2NuxDMY8bX_BN0Y50ZS7pSAcymUWj4ktK-TXYalH13BkysTplaPCaceoyMjWoX3teRxpC-S_YVyvKGHK8nG4YnGONs71GSJX6T98VkOvpZnUPL0VCXvoyNB8RZviNeEJvZ5FDENDN0/s400/bgp-failover-ibm-bgp-sum.jpg" alt="" id="BLOGGER_PHOTO_ID_5421988718428692674" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Mikrotik Meruya:</span><br /><br />ip-address, interface backhaul adalah interface yang menghadap ke Cyber menggunakan Microwave 15Ghz<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7mLb-daFP4_hH5XriGBJt57rdXVh7xauAOgfiow_Z4_Pa8z0-pCS1NJH-kamMSMboq811HmoDqZBa0CWUHhH6IP_gos8af9o-2EcOcdbOSIHhdf8Ik0IMIjFO_3WSy_yRPq7VaECdqf0/s1600-h/bgp-failover-meruya-ipaddress.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 107px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7mLb-daFP4_hH5XriGBJt57rdXVh7xauAOgfiow_Z4_Pa8z0-pCS1NJH-kamMSMboq811HmoDqZBa0CWUHhH6IP_gos8af9o-2EcOcdbOSIHhdf8Ik0IMIjFO_3WSy_yRPq7VaECdqf0/s400/bgp-failover-meruya-ipaddress.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989167281806386" border="0" /></a><br />bgp-instance<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5ansIkQITgmOWI0I8m1K3V4EqiLUsz-6Ea77HwLTrSg5ktk2xWMLIRzW-xsx5ODE1s7mA-9ScKNJE8IfQx2bSaQROZGrix49oM9jUy0GKAOIBWkrHP862-PwziEhc-aYZF3t3rIvGngI/s1600-h/bgp-failover-meruya-bgp-instance.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 363px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5ansIkQITgmOWI0I8m1K3V4EqiLUsz-6Ea77HwLTrSg5ktk2xWMLIRzW-xsx5ODE1s7mA-9ScKNJE8IfQx2bSaQROZGrix49oM9jUy0GKAOIBWkrHP862-PwziEhc-aYZF3t3rIvGngI/s400/bgp-failover-meruya-bgp-instance.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989578910548978" border="0" /></a><br />bgp-peers Meruya ke International Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsy-sOYFOItIgLb2GzIO4uqdXhpvuaUXXNJLziLo0IvoaVVHqdUkv6gL5P2-HyUyV3Uvlu3Bwf5py_Zw4_7S5bJMnO4tqr34aL32qJzASP_GQTjzqqiRmtpWeDy7m8Q8FmLvFeP_hDJGI/s1600-h/bgp-failover-meruya-bgp-peers-inter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 349px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsy-sOYFOItIgLb2GzIO4uqdXhpvuaUXXNJLziLo0IvoaVVHqdUkv6gL5P2-HyUyV3Uvlu3Bwf5py_Zw4_7S5bJMnO4tqr34aL32qJzASP_GQTjzqqiRmtpWeDy7m8Q8FmLvFeP_hDJGI/s400/bgp-failover-meruya-bgp-peers-inter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989940108726594" border="0" /></a><br />bgp-peers Meruya ke IIX Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi45uDfy6V_WyV2doYpPscunTyLWxO1_BP4anox9nDpownbssvbYIE6kO46kU-QSZWPic6fcJIWJTvXDsz3b0eaFUja9uub77CI5tYXEFkzKYr672nBYpe9gD0dQC13J6a4Lx6Ev7Zq4Do/s1600-h/bgp-failover-meruya-bgp-peers-iix.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 350px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi45uDfy6V_WyV2doYpPscunTyLWxO1_BP4anox9nDpownbssvbYIE6kO46kU-QSZWPic6fcJIWJTvXDsz3b0eaFUja9uub77CI5tYXEFkzKYr672nBYpe9gD0dQC13J6a4Lx6Ev7Zq4Do/s400/bgp-failover-meruya-bgp-peers-iix.jpg" alt="" id="BLOGGER_PHOTO_ID_5421990267172195922" border="0" /></a><br />bgp-peers Meruya ke Slipi, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggdSclUJv9dR09splvferZxWONppzLRn07KNpvzaTvJqiRr1WM7DtWHYQr5AVMlCUchOl3GVAqyEuiWmLfDzbWqXWGPwtWHn45ahRJ48P23uWDQmolvQnvnhCrsFDtfbqOkcsCiiARDb8/s1600-h/bgp-failover-meruya-bgp-peers-peninsula.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 351px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggdSclUJv9dR09splvferZxWONppzLRn07KNpvzaTvJqiRr1WM7DtWHYQr5AVMlCUchOl3GVAqyEuiWmLfDzbWqXWGPwtWHn45ahRJ48P23uWDQmolvQnvnhCrsFDtfbqOkcsCiiARDb8/s400/bgp-failover-meruya-bgp-peers-peninsula.jpg" alt="" id="BLOGGER_PHOTO_ID_5421990532269426338" border="0" /></a><br />Berikut adalah konfigurasi routing-filter yang merupakan bagian terpenting dan paling rumit untuk dipahami, pada bagian BGP Prepend tujuannya agar ke arah PENINSULA-EXPORT di prepend 2 kali agar ke arah AS24521-EXPORT lebih pendek sehingga menjadi prioritas, kecuali jika link Meruya ke Cyber putus baru akan menggunakan link Meruya-Slipi-Cyber.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzout3Z-v6vimZ5bzdOfOxMq7gn2GsKQCKNztTFV8JdKLBdIaXYX3LhOzjQloihlf-9QBPUlTsIfcGX6wzdRM_AWMoocgTSMOWjtlzGM2GVoIZnfDgH_FPMZqvwP8aEyYAayuIrm_hARM/s1600-h/bgp-failover-meruya-routing-filter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 231px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzout3Z-v6vimZ5bzdOfOxMq7gn2GsKQCKNztTFV8JdKLBdIaXYX3LhOzjQloihlf-9QBPUlTsIfcGX6wzdRM_AWMoocgTSMOWjtlzGM2GVoIZnfDgH_FPMZqvwP8aEyYAayuIrm_hARM/s400/bgp-failover-meruya-routing-filter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421991304456916114" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Mikrotik Slipi:<br /><br /></span>ip-address, interface ether1 adalah interface yang menghadap ke Cyber menggunakan Fiber Optic<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1poWw_LcIo6bNB3O7DyU27ELzN26YjSS72Vi-E_lCRxK7tZDskfpI4XdFwlEJAHUW_PWhnlznJ5etSfln1UF51cpi57YwqEqjqPwSRNM798F_nHz3fN5J4WmPQZ1z8Q3QdeMuinASRY0/s1600-h/bgp-failover-rb1000-ipaddress.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 133px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1poWw_LcIo6bNB3O7DyU27ELzN26YjSS72Vi-E_lCRxK7tZDskfpI4XdFwlEJAHUW_PWhnlznJ5etSfln1UF51cpi57YwqEqjqPwSRNM798F_nHz3fN5J4WmPQZ1z8Q3QdeMuinASRY0/s400/bgp-failover-rb1000-ipaddress.jpg" alt="" id="BLOGGER_PHOTO_ID_5421991784089289362" border="0" /></a><br />bgp-instance<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCDGifAxZysQOSghWR2hOxMNw76PfbCKClOWRvCqfYYvO1fmAbElxDYBSGcY-kJcWXKSD1oixo7JZBb6Q4JPUnhLYEna53RSG6KLu3iEY4y8DPiH77YiE6R9lpt8NUR83yH5Fhd0OVQlI/s1600-h/bgp-failover-rb1000-bgp-instance.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 382px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCDGifAxZysQOSghWR2hOxMNw76PfbCKClOWRvCqfYYvO1fmAbElxDYBSGcY-kJcWXKSD1oixo7JZBb6Q4JPUnhLYEna53RSG6KLu3iEY4y8DPiH77YiE6R9lpt8NUR83yH5Fhd0OVQlI/s400/bgp-failover-rb1000-bgp-instance.jpg" alt="" id="BLOGGER_PHOTO_ID_5421992164459353330" border="0" /></a><br />bgp-peers Slipi ke International Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3uKEYJsOX7q1eftY7WnbXU1yTORt4WjyrEQxNURiNszlM2QcWWD6aEiePzsfnxpkDppA8FeoLC7e47EWKQC1KecU_e95He-x8HTNi_APYi3H110eWAHx9PlePKru7nlq5qvakCVGGxWw/s1600-h/bgp-failover-rb1000-bgp-peers-inter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 314px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3uKEYJsOX7q1eftY7WnbXU1yTORt4WjyrEQxNURiNszlM2QcWWD6aEiePzsfnxpkDppA8FeoLC7e47EWKQC1KecU_e95He-x8HTNi_APYi3H110eWAHx9PlePKru7nlq5qvakCVGGxWw/s400/bgp-failover-rb1000-bgp-peers-inter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421992824486366242" border="0" /></a><br />bgp-peers Slipi ke IIX Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9uqlsdcPsEmcwmpxsrtxAfCSY7V8-24pF2cEdTRoJDfogvZcywXVfXB1KiEi3xH0q2OVODzzJ8tQKB0HYlOgcvQXowxDY7nGzORtNrFkoH7fWUinNFUSYO1QrLNxrLX8b6Kuota7LSak/s1600-h/bgp-failover-rb1000-bgp-peers-iix.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 313px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9uqlsdcPsEmcwmpxsrtxAfCSY7V8-24pF2cEdTRoJDfogvZcywXVfXB1KiEi3xH0q2OVODzzJ8tQKB0HYlOgcvQXowxDY7nGzORtNrFkoH7fWUinNFUSYO1QrLNxrLX8b6Kuota7LSak/s400/bgp-failover-rb1000-bgp-peers-iix.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993098838500258" border="0" /></a><br />bgp-peers Slipi ke Meruya, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeXuF3wuNmRInH08mYYauAzLK-12cNrFLHzicVI8KDokndSVuG7j0-9gd9aZMfMC3a45JLHClcLbFMzD9CYC5Yax1nMddxb_ynPTcIRNcz6zVm4j4w0pRXk0RllvT31Pg8BoSkfy053Rk/s1600-h/bgp-failover-rb1000-bgp-peers-presisi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 312px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeXuF3wuNmRInH08mYYauAzLK-12cNrFLHzicVI8KDokndSVuG7j0-9gd9aZMfMC3a45JLHClcLbFMzD9CYC5Yax1nMddxb_ynPTcIRNcz6zVm4j4w0pRXk0RllvT31Pg8BoSkfy053Rk/s400/bgp-failover-rb1000-bgp-peers-presisi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993378891688850" border="0" /></a><br /><br />Berikut adalah konfigurasi routing-filter yang merupakan bagian terpenting dan paling rumit untuk dipahami, pada bagian BGP Prepend tujuannya agar ke arah PRESISI-EXPORT di prepend 2 kali agar ke arah INTL-CYBER-EXPORT lebih pendek sehingga menjadi prioritas, kecuali jika link Slipi ke Cyber putus baru akan menggunakan link Slipi-Meruya-Cyber.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHjIqUEKEqosKKoyILNRQNa8FlnW9BqQ_zAGG5WSSVR-S04grYgiDa195LpwVkRMQ4GvodCTcrFA2rfDGOO18E1tupWGjK_ybi7_ybE117I5_mxwkmd2OsrFZg3bO5DdfxZ1hmJHXrZJg/s1600-h/bgp-failover-rb1000-routing-filter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 343px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHjIqUEKEqosKKoyILNRQNa8FlnW9BqQ_zAGG5WSSVR-S04grYgiDa195LpwVkRMQ4GvodCTcrFA2rfDGOO18E1tupWGjK_ybi7_ybE117I5_mxwkmd2OsrFZg3bO5DdfxZ1hmJHXrZJg/s400/bgp-failover-rb1000-routing-filter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993692552370130" border="0" /></a><br />Dengan demikian maka pada kondisi Fiber Optic Slipi-Cyber normal default-route pada Mikrotik di Slipi adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW2RJwqdUG6NmZaT3rSqC5huZlB6UdK624IHJysMgMS9PEcgPeB6P3UWc42EXJ0EAm5vdSuO6Yd3QqxNBFpJR9-hj2tFsNZn36hjsSEO0UcW-dc4YZI6vI0J2I0f4Xg5yXEQSJ2bhkl7s/s1600-h/bgp-failover-rb1000-ip-route.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 170px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW2RJwqdUG6NmZaT3rSqC5huZlB6UdK624IHJysMgMS9PEcgPeB6P3UWc42EXJ0EAm5vdSuO6Yd3QqxNBFpJR9-hj2tFsNZn36hjsSEO0UcW-dc4YZI6vI0J2I0f4Xg5yXEQSJ2bhkl7s/s400/bgp-failover-rb1000-ip-route.jpg" alt="" id="BLOGGER_PHOTO_ID_5421995238790370786" border="0" /></a><br />DAb Destination 0.0.0.0/0 gateway 203.89.26.49 adalah entry bgp yang di terima, sedangkan Db Destination 0.0.0.0/0 gateway 203.89.24.185 dengan warna biru adalah entry bgp yang tidak diterima atau dengan kata lain standby kalau sampai gateway 203.89.26.49 putus maka gateway 203.89.24.185 akan digunakan melalui interface ipip-P6toP2 yang merupakan ipip-tunnel dari Mikrotik Slipi ke Mikrotik Meruya melalui link WiFi IEEE 802.11 menggunakan RB600<br /><br />Sedangkan untuk kondisi Microwave 15Ghz Meruya-Cyber normal default-route pada Mikrotik Meruya adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXofgpqmeRVKtsDfk8G-XWRNvC1pDa69qC5d0iGBXv9K7G4DvTQUdcRYwXXHEZNWgXaXgSbdpi5UXsdV63wdUlLVg8v9ZK-sy_q_CF0iln8cawG-3yf_bVbCRjWPmTcXLaMfySbfKzAFU/s1600-h/bgp-failover-meruya-ip-route.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 205px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXofgpqmeRVKtsDfk8G-XWRNvC1pDa69qC5d0iGBXv9K7G4DvTQUdcRYwXXHEZNWgXaXgSbdpi5UXsdV63wdUlLVg8v9ZK-sy_q_CF0iln8cawG-3yf_bVbCRjWPmTcXLaMfySbfKzAFU/s400/bgp-failover-meruya-ip-route.jpg" alt="" id="BLOGGER_PHOTO_ID_5421995243953816242" border="0" /></a><br />DAb Destination 0.0.0.0/0 gateway 203.89.26.1 adalah entry bgp yang di terima, sedangkan Db Destination 0.0.0.0/0 gateway 203.89.24.186 dengan warna biru adalah entry bgp yang tidak diterima atau dengan kata lain standby kalau sampai gateway 203.89.26.1 putus maka gateway 203.89.24.186 akan digunakan melalui interface ipip-P2toP6 yang merupakan ipip-tunnel dari Mikrotik Meruya ke Mikrotik Slipi melalui link WiFi IEEE 802.11 menggunakan RB600<br /><br />Demikian kiranya sedikit sharing ilmu semoga bermanfaat bagi semua yang membacanya<br /><br /><div id="refHTML"></div><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com5tag:blogger.com,1999:blog-4650800593925871709.post-53445474496646076802009-08-10T12:22:00.000+07:002009-08-10T12:23:14.038+07:00Blacklists/Blocklists<p>Blacklists or blocklists are lists of <acronym title="Internet Protocol">IP</acronym> addresses, domain names, email addresses or content of the headers or the body, or some combination of these different types, that can be used to help identify spam. A special subset of IP address and domain name lists exist which can be queried using <acronym title="Domain Name Service">DNS</acronym>, which are called <acronym title="Domain Name Service">DNS</acronym> Blackhole Lists or <a href="http://spamlinks.net/filter-dnsbl.htm" class="locallink" title="DNS Blackhole Lists">DNSBLs</a>. Blacklists can be unverified and cause “collateral damage”; their criteria for listing may not be clear.</p> <p>Those blacklists listed here are just a tiny subset of all of the private access lists and <acronym title="Access Control Lists">ACLs</acronym> that exist to block spam from private networks; that larger set is the source of the death of a thousand cuts that any spam friendly provider should eventually experience. They may not have the clout of SPEWS, but they may last even longer.</p><br />From:<br /><a href="http://spamlinks.net/filter-bl.htm">http://spamlinks.net/filter-bl.htm</a><br /><br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-57700994701181111032009-08-10T10:58:00.000+07:002009-08-10T10:59:20.569+07:00Postfix blacklist or reject an email address<p><strong><span style="color: rgb(255, 0, 0);">Q</span></strong>. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.</p> <p><strong><span style="color: rgb(0, 153, 0);">A</span></strong>. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table. </p> <p>Open /etc/postfix/sender_access file<br /><code># cd /etc/postfix<br /># vi sender_access </code><br />Append sender email id as follows:<br /><code>user@abadboy.com REJECT</code><br />Save and close the file. Use postmap command to create a database:<br /><code># postmap hash:sender_access </code><br />Now open main.cf and add code as follows:<br /><code>smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access</code><br />Save and close the file. Restart / reload postfix MTA:<br /><code># /etc/init.d/postfix restart</code></p> <p>You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:<br /><code># vi /etc/mail/spamassassin/local.cf</code><br />Append blacklist as follows:<br /><code>blacklist_from user@abadboy.com</code><br />Save and close the file. Restart spamassassin:<br /><code># /etc/init.d/spamassassin restart</code></p> <p>spamassassin will marke mail as SPAM instead of rejecting the same.</p>From:<a href="http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/"><br />http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/</a><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-69315145045351788972009-08-09T12:01:00.001+07:002009-08-09T12:04:41.170+07:00Lindungi jaringan anda dari daftar ip yang terindentifikasi pada dshield dan spamhausPagi ini lagi-lagi smtp ku di buat mabok oleh traffic spam , iseng aku cari di google bagaimana fetch daftar ip sumber spam langsung di mikrotik ternyata ketemu link berikut:<br /><a href="http://forum.mikrotik.com/viewtopic.php?f=9&t=24427"><br />http://forum.mikrotik.com/viewtopic.php?f=9&t=24427</a><br /><br />berikut adalah contoh script + scheduling + firewall filter yang saya gunakan di router mikrotik 3.25:<br /><br /><br /><span style="font-size:85%;"># aug/09/2009 11:27:24 by RouterOS 3.25<br />#<br />/system script<br />add name=fetch-dshield-spamhaus policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff source="## Parse D\<br /> SHIELD & Spamhaus feed and build an address-list.\r\<br /> \n## Written by Sam Norris, ChangeIP.com 2008\r\<br /> \n## Any comments or suggestions welcome in the forums.\r\<br /> \n##\r\<br /> \n## 06/03/08 - Initial list parsing.\r\<br /> \n\r\<br /> \n/tool fetch address=feeds.dshield.org host=feeds.dshield.org mode=http s\<br /> rc-path=block.txt\r\<br /> \n/tool fetch address=www.spamhaus.org host=www.spamhaus.org mode=http src\<br /> -path=drop/drop.lasso\r\<br /> \n\r\<br /> \n##\r\<br /> \n## DSHIELD Drop List\r\<br /> \n##\r\<br /> \n\r\<br /> \n:if ( [/file get [/file find name=block.txt] size] > 0 ) do={\r\<br /> \n\r\<br /> \n /ip firewall address-list remove [/ip firewall address-list find list=\<br /> dshield]\r\<br /> \n\r\<br /> \n :global content [/file get [/file find name=block.txt] contents] ;\r\<br /> \n :global contentLen [ :len \$content ] ;\r\<br /> \n\r\<br /> \n :global lineEnd 0;\r\<br /> \n :global line \"\";\r\<br /> \n :global lastEnd 0;\r\<br /> \n\r\<br /> \n :do {\r\<br /> \n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\<br /> \n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\<br /> \n :set lastEnd ( \$lineEnd + 1 ) ;\r\<br /> \n\r\<br /> \n :if ( [:pick \$line 0 1] != \"#\" ) do={\r\<br /> \n\r\<br /> \n :if ([:typeof [:toip [:pick \$line 0 [:find \$line \"\\t\"] ] ] ] !=\<br /> \_\"nil\") do={\r\<br /> \n :local pos1 [:find \$line \"\\t\" 0]\r\<br /> \n :local pos2 [:find \$line \"\\t\" \$pos1]\r\<br /> \n :local pos3 [:find \$line \"\\t\" \$pos2]\r\<br /> \n :log info ( \"DShield Entry: \" . [:pick \$line 0 \$pos1 ] . \"/\"\<br /> \_. [:pick \$line (\$pos2+1) \$pos3 ] )\r\<br /> \n /ip firewall address-list add list=dshield address=( [:pick \$line\<br /> \_0 \$pos1 ] . \"/\" . [:pick \$line (\$pos2+1) \$pos3 ] )\r\<br /> \n } \r\<br /> \n\r\<br /> \n }\r\<br /> \n\r\<br /> \n } while (\$lineEnd < \$contentLen)\r\<br /> \n\r\<br /> \n}\r\<br /> \n\r\<br /> \n##\r\<br /> \n## SPAMHAUS.ORG Drop List\r\<br /> \n##\r\<br /> \n\r\<br /> \n:if ( [/file get [/file find name=drop.lasso] size] > 0 ) do={\r\<br /> \n\r\<br /> \n /ip firewall address-list remove [/ip firewall address-list find list=\<br /> spamhaus.lasso]\r\<br /> \n\r\<br /> \n :global content [/file get [/file find name=drop.lasso] contents] ;\r\<br /> \n :global contentLen [ :len \$content ] ;\r\<br /> \n\r\<br /> \n :global lineEnd 0;\r\<br /> \n :global line \"\";\r\<br /> \n :global lastEnd 0;\r\<br /> \n\r\<br /> \n :do {\r\<br /> \n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\<br /> \n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\<br /> \n :set lastEnd ( \$lineEnd + 1 ) ;\r\<br /> \n\r\<br /> \n :if ( [:pick \$line 0 1] != \";\" ) do={\r\<br /> \n\r\<br /> \n :if ([:len [:pick \$line 0 [:find \$line \";\"] ] ] > 0 ) do={\r\<br /> \n :local pos1 [:find \$line \";\" 0]\r\<br /> \n :local entry [:pick \$line 0 (\$pos1-1) ]\r\<br /> \n :if ( [:len \$entry ] > 0 ) do={\r\<br /> \n :log info \"Lasso Entry: \$entry\"\r\<br /> \n /ip firewall address-list add list=spamhaus.lasso address=\$ent\<br /> ry\r\<br /> \n }\r\<br /> \n } \r\<br /> \n\r\<br /> \n }\r\<br /> \n\r\<br /> \n } while (\$lineEnd < \$contentLen)\r\<br /> \n\r\<br /> \n}"<br /># aug/09/2009 11:27:47 by RouterOS 3.25<br />#<br />/system scheduler<br />add comment="" disabled=no interval=12h name=fecth-dshield-spamhaus on-event=\<br /> fetch-dshield-spamhaus start-date=jan/01/1970 start-time=06:00:00<br /># aug/09/2009 11:33:37 by RouterOS 3.25<br />#<br />/ip firewall filter<br />add action=drop chain=forward comment="### DROP Spamhaus-Lasso" disabled=no \<br /> src-address-list=spamhaus.lasso<br />add action=drop chain=forward comment="### DROP Dshield" \<br /> disabled=no src-address-list=dshield<br />#</span><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-33747291664986785882009-07-31T11:02:00.002+07:002009-07-31T12:19:00.112+07:00ISP dan Keamanan Jaringan InternetSaat ini Internet sudah mulai menjadi gaya hidup yang tanpa disadari diperlukan oleh hampir seluruh lapisan masyarakat seiring dengan kemajuan teknologi baik hardware maupun software.<br />Dengan fenomena layanan Facebook, Blog, Email dan Instant Messaging yang dapat diakses melalui berbagai macam gadget maka layanan Internet bukan lagi monopoli orang yang mampu menggunakan komputer dengan 101 tombol saja tetapi hampir semua lapisan masyarakat dapat mengakses layanan Internet dengan sangat mudah.<br /><br />Internet Service Provider yang merupakan gerbang bagi para pengguna Internet saat ini menghadapi tantangan untuk dapat tetap memberikan layanan Internet yang berkualitas, terjangkau dan aman bagi penggunanya.<br /><br />Bicara tentang keamanan Internet tidak terlepas dari Sistem Keamanan Jaringan Komputer yang sangat komplek dan banyak lapisan walaupun dapat di rangkum dalam tiga hal besar saja yaitu:<br /><br />Confidentiality (kerahasiaan data)<br />Integrity (Integritas / keutuhan / keaslian, termasuk pengaturan hak akses)<br />Availability (Ketersediaan layanan)<br /><br />selain itu bicara tentang keamanan jaringan komputer mau tidak mau tunduk terhadap model segitiga yang memiliki tiga sisi:<br /><br />sisi kemanan<br />sisi kenyamanan/kemudahan<br />sisi fungsi<br /><br />dimana ketiga sisi tersebut saling bertolak belakang, artinya mengutamakan salah satu berarti mengurangi yang lainnya dengan demikian yang dapat dicapai adalah mencari komposisi yang paling dapat diterima oleh pengguna, dengan demikian menurut saya visi keamanan di ISP adalah:<br /><br />Menciptakan Internet yang aman, nyaman dan berfungsi dengan baik<br /><br />visi diatas sangat sederhana tetapi untuk mencapi hal tersebut terus terang tidak mudah dan butuh banyak pemikiran pertimbangan dan pemahaman dari semua stake holder sbb:<br /><br />1. Pengguna Internet<br />2. Internet Service Provider (ISP) termasuk Network Access Provider<br />3. Content Provider termasuk penyelenggara e-Bussines/e-Commerce dan infrastruktur pendukungnya yaitu: Bank, penerbit Certified Authorization (CA) dan logistik.<br />4. Penyelenggara Jaringan<br />5. Pemerintah<br /><br />tentunya tidak semua aspek dapat diakomodir oleh ISP, karena sejatinya ISP minimal memiliki layanan standar sbb:<br /><br />1. DNS server / nameserver sebagai sarana resolve domain ke IP atau sebaliknya<br />2. Email server sebagai outgoing dan atau incoming server<br />3. Proxy server sebagai perantara akses web sekaligus sebagai cache dan filtering konten pada lapisan aplikasi<br />4. Webhosting sebagai sarana untuk mempublikasikan halaman web<br />5. RADIUS Server sebagai Authentication Authorization Accounting (AAA) untuk Billing Server<br />6. Routing Alamat IP agar user/pengguna dapat mengkakses layanan-layanan tersebut melalui protocol TCP/IP yang dihubungkan satu dengan lainnya secara terbuka atau dengan kata lain jaringan Publik (Internet)<br />7. Sistem Monitoring dan manajemen Jaringan<br /><br />Dengan demikian bagian keamanan yang harus di akomodir oleh ISP setidaknya adalah:<br />1. Menyediakan Nameserver yang handal dan aman yang bebas dari dns poisoning / spoofing<br />2. Menyediakan Email server yang mampu menyaring email sampah (Spam), virus dan mallware lainnya<br />3. Menyediakan Proxy Server yang mampu menyaring pishing dan membatasi konten-konten mallware lainnya.<br />4. Menyediakan Webhosting yang aman yang tidak menyimpan kode-kode jahat seperti pishing, virus, trojan, mallware dan konten-konten yang mengandung unsur SARA (Suku Agama Ras)<br />5. Menyediakan RADIUS Server yang handal, aman dan tidak merugikan pelanggan baik secara finansial maupun secara kerahasiaan username password pelanggan tersebut.<br />6. Menyediakan sistem routing paket TCP/IP yang handal, aman dan terbebas dari serangan: Spoofing, Distributed Denial of Service, Worm dll.<br />7. Memiliki sistem monitoring dan manajemen jaringan untuk dapat menganalisa dan mengatasi permasalahan jika terjadi hal-hal yang disebut diatas.<br /><br />adapun layanan-layanan lainnya selain tujuh hal yang disebutkan diatas lebih sebagai tanggung jawab pengelola konten baik itu bagi ISP yang memiliki konten, maupun institusi yang menyediakan konten bagi pengguna Internet termasuk: E-Banking/Bank, Pengelola E-Business/E-Commerce, E-Learning/Kampus, E-Goverment/Pemerintah, Pengelola Portal dll.<br /><br />Sedangkan untuk Warnet sejatinya adalah mini ISP yang menyediakan/menyewakan sarana bagi pengguna Internet yang tidak mengakses Internet dari perangkat pribadinya.<br /><br />Dalam hal terjadinya cybercrime ISP berperan untuk membantu perangkat hukum melakukan investigasi dan mencari bukti-bukti digital yang sekiranya dapat menjadi petunjuk dan bukti di pengadilan sesuai dengan perundang-undangan yang berlaku.<br /><br />Bentuk barang bukti dan petunjuk bisa berupa analisa header email, logfile aplikasi server-server yang telah disebutkan diatas dan analisa traffic.<br /><br />Khusus untuk analisa traffic tidaklah bijaksana untuk menganalisa semua taffic data secara paket pada lapisan 3 dan 4 (network layer dan transport layer) secara terus menerus karena akan mengganggu fungsi dan kenyamanan dari layanan Internet itu sendiri, adapun yang dapat dilakukan adalah analisa paket secara langsung pada saat insident keamanan terjadi atau biasa disebut sniffing. analoginya adalah jika tiap hari semua kendaraan di jalan raya diperiksa stnk dan kesesuaiannya dengan nomor mesin dan nomor rangka dan sim pengendaranya maka yang ada adalah kemacetan di sepanjang jalan sehingga kenyamanan dan fungsi dari kendaraan itu menjadi tidak ada artinya lagi, yang lumrah terjadi adalah pada saat terjadi laporan kehilangan mobil atau kasus penculikan atau kasus-kasus pidana lainnya termasuk kasus teroris yang terjadi belum lama ini terjadi maka jajaran kepolisian melakukan razia di titik rawan terhadap kendaraan bermotor tersebut bukan?<br /><br />Kesimpulan:<br />Untuk menciptakan layanan Internet yang aman, nyaman dan berfungsi sebagaimana mestinya diperlukan kerja sama semua pihak dan pemahaman yang benar terhadap aspek-aspek keamanan jaringan Internet tersebut baik secara teknis maupun non-teknis.<br /><br />masukan/saran dan pendapat dari berbagai pihak sangat diperlukan untuk mencapai visi tersebut.<br /><br />Wasalam<br />Harijanto Pribadi<br />Kabid. Internet Security APJII periode 2009 - 2012<br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-52627064202301357022009-06-15T00:52:00.003+07:002009-06-15T01:11:41.496+07:00Jailbreak and/or unlock your iPhone 2G with version 2.2.1fuih , setelah baca sana baca sini akhirnya aku bisa men Jailbreak/Unlock iphone 2g ku dengan versi 2.2.1<br /><br />caranya aku baca di : <a href="http://www.iphonedownloadblog.com/2008/11/23/unlock-your-iphone-2g-22-using-quickpwn/">http://www.iphonedownloadblog.com/2008/11/23/unlock-your-iphone-2g-22-using-quickpwn/</a><br /><br />langkah-langkahnya kurang lebih sbb:<br /><br />download file-file berikut:<br /><br />1. <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5830.20090127.Mmni6/iPhone1,1_2.2.1_5H11_Restore.ipsw">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5830.20090127.Mmni6/iPhone1,1_2.2.1_5H11_Restore.ipsw</a><br />2. <a href="http://torrents.thepiratebay.org/4689995/QuickPwn-225-2.zip.4689995.TPB.torrent">http://torrents.thepiratebay.org/4689995/QuickPwn-225-2.zip.4689995.TPB.torrent</a><br />3. <a href="http://iphonefreakz.com/firmware/BL-39.bin">http://iphonefreakz.com/firmware/BL-39.bin</a><br />4. <a href="http://iphonefreakz.com/firmware/BL-46.bin">http://iphonefreakz.com/firmware/BL-46.bin</a><br /><br />langkah-langkahnya<br /><br />1. aktifkan itunes8 dan pasang kabel data+usb pc ke iphone<br />2. jika iphone sudah terdeteksi di itunes8 maka akan muncul disamping kanan pada bagian devices, lalu klik devices tsb maka akan muncul pada tab summary tombol restore.<br />3. tekan tombol shift + klik tombol restore maka kita dapat memilih firmware / file ipsw yang telah kita download (no.1) dan lakukan proses restore.<br />4. tunggu sampai proses restore selesai, setelah selesai (ditandai dengan iphone yang mereboot dirinya sendiri) tutup aplikasi itunes8 tsb dan jangan lakukan apapun pada iphone.<br />5. Jalankan QuickPwn.exe yang telah kita download (no.2) , oh ya downloadnya pake bittorrent ya.<br />6. Biarkan sampai tombol biru pada QuickPwn aktif artinya iphone telah terdeteksi lalu klik tombol tsb.<br />7. langkah selanjutnya adalah browse file ipsw / firmware yang sama yang tadi kita restore via itunes8 diatas (point no.3) lalu klik tombol biru lagi, jika firmware cocok akan ada tanda centrang hijau, ok klik lagi tombol biru.<br />8. selanjutnya diminta untuk browse file no.3 dan no.4 yang merupakan bootloader yang dibutuhkan lalu klik tombol biru lagi.<br />9. setelah itu biasanya ada konfirmasi untuk memastikan bahwa kabel data usb terpasang antara pc dan iphone, nah disini triknya pada saat keluar konfirmasi layar tsb coba untuk cabut dan pasang lagi kabel usb tsb di pc agar pc dipaksa mengidentifikasi device iphone tsb, kalau sudah terdengar bunyi ding-ding artinya usb terdektsi maka klik tombol biru<br />10. selanjutnya iphone akan masuk dalam mode recovery jangan alihkan perhatian anda dari layar monitor dan ikuti perintah berikut:<br /><span style="font-style: italic;">You will be asked to hold down the Power button for 5 seconds. Then you will have to also hold down the Home button for 10 seconds without letting go of the Power button. At the end of 10 seconds you will need to release only the Power button.</span><br /><br />ok jika anda dengan benar mengikuti perintah diatas maka iphone akan masuk dalam proses Jailbrake / Unlock<br /><br />dan trala..... akhirnya iphone 2g ku sudah siap digunakan dengan firmware 2.2.1 jadi bisa install facebook application dan yahoo messenger di iphone sayang masih 2g tapi mayanlah :)<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifmdkAwgFNkbm1NqhPIbQX93TgqupWJOdlqcw_3Bc9xgLaSjNaUSxSiHy_tVeu3YJmZ782bBYNFmQPbtU6-oT3VGU1A40U28vUskNQZrz6O-igQAC9WPwLTFeCb5hCCKFiojsbkAGsv20/s1600-h/iphone-2-2-1.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifmdkAwgFNkbm1NqhPIbQX93TgqupWJOdlqcw_3Bc9xgLaSjNaUSxSiHy_tVeu3YJmZ782bBYNFmQPbtU6-oT3VGU1A40U28vUskNQZrz6O-igQAC9WPwLTFeCb5hCCKFiojsbkAGsv20/s400/iphone-2-2-1.JPG" alt="" id="BLOGGER_PHOTO_ID_5347247450413369522" border="0" /></a><br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-50818204085425654962009-04-22T00:34:00.003+07:002009-04-22T00:42:51.148+07:00Aktifkan bpdu-filter di switch ProcurveSore ini lagi-lagi ada masalah dengan link DS3 ku :(<br />anehnya setelah link normal dan kabel DS3 dikembalikan paket tetap tidak mau mengalir padahal di test pake notebook udah jalan....<br /><br />Ternyata masalahnya di HP Procurve bpdu-filter belum aku aktifkan<br />apa itu BPDU bisa dibaca di<br /><a href="http://en.wikipedia.org/wiki/Spanning_tree_protocol#Bridge_Protocol_Data_Units_.28BPDUs.29">http://en.wikipedia.org/wiki/Spanning_tree_protocol#Bridge_Protocol_Data_Units_.28BPDUs.29</a><br /><br />sedangkan cara mengaktifkan bpdu-filter di HP Procurve bisa dibaca di:<br /><br /><a href="http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/">http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/</a><br /><br />semoga bermanfaat<br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-60548655022600764462009-03-26T12:56:00.002+07:002009-03-26T13:02:56.099+07:00No more "overrun: No buffer space available"Setelah berhari-hari mencari akhirnya ketemu juga jawabannya agar quagga di fedora 9 tidak muncul error "netlink-listen: overrun: No buffer space available"<br /><br />ternyata di fedora 9 configurasinya ada di /etc/sysconfig/quagga yang isinya:<br /><br /><span style="font-size:78%;"><span style="font-family: courier new;">#</span><br /><span style="font-family: courier new;"># Default: Bind all daemon vtys to the loopback(s) only</span><br /><span style="font-family: courier new;">#</span><br /><span style="font-family: courier new;">QCONFDIR="/etc/quagga"</span><br /><span style="font-family: courier new;">BGPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/bgpd.conf"</span><br /><span style="font-family: courier new;">OSPF6D_OPTS="-A ::1 -f ${QCONFDIR}/ospf6d.conf"</span><br /><span style="font-family: courier new;">OSPFD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ospfd.conf"</span><br /><span style="font-family: courier new;">RIPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ripd.conf"</span><br /><span style="font-family: courier new;">RIPNGD_OPTS="-A ::1 -f ${QCONFDIR}/ripngd.conf"</span><br /><span style="font-family: courier new;">#ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"</span><br /></span><span style="font-family: courier new; font-weight: bold;font-size:78%;" >ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"</span><span style="font-size:78%;"><br /><br /><span style="font-family: courier new;">ISISD_OPTS="-A ::1 -f ${QCONFDIR}/isisd.conf"</span><br /><br /><span style="font-family: courier new;"># Watchquagga configuration (please check timer values before using):</span><br /><span style="font-family: courier new;">WATCH_OPTS=""</span><br /><span style="font-family: courier new;">WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd"</span><br /><span style="font-family: courier new;"># To enable restarts, uncomment this line (but first be sure to edit</span><br /><span style="font-family: courier new;"># the WATCH_DAEMONS line to reflect the daemons you are actually using):</span><br /><span style="font-family: courier new;">#WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"</span></span><br /><br />pada baris ZEBRA_OPTS rubah menjadi<br /><span style="font-family: courier new; font-weight: bold;font-size:78%;" ><br />ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"</span><span style="font-size:78%;"><br /> </span><br />aslinya<br /><br /><span style="font-size:78%;"><span style="font-family: courier new;">ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"</span></span><br /><br />setelah /etc/sysconfig/quagga diedit lalu restart service zebra dan bgpd<br /><br />sumber:<br /><a href="http://lists.quagga.net/pipermail/quagga-users/2005-May/004524.html">http://lists.quagga.net/pipermail/quagga-users/2005-May/004524.html</a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-53546235499336149872009-03-20T16:05:00.004+07:002009-03-25T18:41:06.434+07:00Solve Problem with nf_conntrack: table full, dropping packetWhen i have the problem with "nf_conntrack: table full, dropping packet"<br />the problem was solved after i read this article from: <br /><br /><br />http://paulroberts69.spaces.live.com/blog/cns!665BC38F152E1206!1645.entry <br /><br />nf_conntrack: table full, dropping packet.<br /><br />If you see this message "nf_conntrack: table full, dropping packet" in your syslog on a Linux box, it's likely that it's having comms problems. I saw this recently on a DNS server that looked like it was being attacked. The problem is that when this happens, normal DNS resolution is interrupted.<br /><br />I haven't found a decent solution yet, but it seems that if the system has lots of RAM then you can increase the nf_conntrack_max kernel parameter (my system is running iptables, which I assume the "netfilter" module has something to do with).<br /><br />On a 2.6 kernel, you can go to /proc/sys/net/netfilter and check some of the values. For instance, nf_conntrack_count shows you the current value while nf_conntrack_max is the maximum value that is set.<br /><br />You can just cat these values or use sysctl to view them:<br /><br /># sysctl net.netfilter.nf_conntrack_max<br />net.netfilter.nf_conntrack_max = 65536<br /><br /># sysctl net.netfilter.nf_conntrack_count<br />net.netfilter.nf_conntrack_count = 45033<br /><br />To change the value, use the -w switch (in this example I've doubled the value):<br /><br /># sysctl -w net.netfilter.nf_conntrack_max=131072<br /><br />I think that in order to make this permanent across reboots, you'll need to add this line to the bottom of /etc/sysctl.conf:<br /><br />net.netfilter.nf_conntrack_max=131072<br /><br /><br />another reference<br />TCP Tuning Guide:<br /><a href="http://fasterdata.es.net/TCP-tuning/linux.html"><br />http://fasterdata.es.net/TCP-tuning/linux.html</a>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-20463042767700851622009-03-01T17:52:00.005+07:002009-03-01T18:23:03.745+07:00Fail Over Layer 2 tanpa STP menggunakan script dan bridgeSeringkali kita membutuhkan link yang bisa fail-over di layer 2 tetapi tidak memungkinkan menggunakan STP maka cara demikian bisa menjadi pilihan.<br /><br />Skenario<br /><br /><pre><br /><br /> |-[Link-1]-|eth1 comment "backhaul"|<br />[Internet]-[R1 1.1.1.1/30]-| [R2 1.1.1.2 Distribusi ]->[To User]<br /> |-[Link-2]-|eth2 comment "backup" |<br /></pre><br /><br />Keterangan:<br />----------<br />1. R2 Distribusi memiliki minimal dua interface untuk link ke R1, misal eth1 diberi comment="backhaul" dan eth2 diberi comment="backup", lalu eth1 dan eth2 tsb di jadikan satu bridge misal dengan nama bridge1 <br />2. IP point to point R2 ke R1 di pasang di interface bridge1<br /><br />Contoh Scipt check_backhaul dan schedulernya bisa diimport dari script dibawah ini<br /><br />Script:<br />------<br /><pre><br /># mar/01/2009 17:27:17 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system script<br />add name=check_backhaul policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff source="/interface\<br /> disable [/interface find comment=\"backup\"]\r\<br /> \n/interface enable [/interface find comment=\"backhaul\"]\r\<br /> \n:log info \"Waiting 15s Backhaul Forward Packet\";\r\<br /> \n:delay 15s;\r\<br /> \n:if ( [/ping 1.1.1.1 count=1]=1) do={\r\<br /> \n:log info \"Backhaul Up\"\r\<br /> \n} else={\r\<br /> \n:log info \"Backhaul Down\";\r\<br /> \n\<br /> \n/interface disable [/interface find comment=\"backhaul\"]\r\<br /> \n/interface enable [/interface find comment=\"backup\"]\r\<br /> \n:delay 15s;\r\<br /> \n\<br /> \n/tool e-mail send to=\"support@domain.anda\" subject=([/system ide\<br /> ntity get name] . \" Microwave Down \" . [/system clock get date]) body=\"\<br /> Backup with Mikrotik!\";\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\r\<br /> \n}"<br /><br /><br /># mar/01/2009 17:30:30 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system scheduler<br />add comment="" disabled=no interval=5m name=sched_check_backhaul on-event=\<br /> check_backhaul start-date=jan/01/1970 start-time=00:00:00<br /></pre><br /><br />Keterangan:<br />----------<br />Setiap 5 menit sekali script check_backhaul dijalankan dengan mengenable interface dengan comment "backhaul" lalu melakukan ping ke 1.1.1.1 jika rto maka interface dengan comment "backhaul" akan di disable lalu meng-enable interface dengan comment "backup"Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0