Kau bisa bersembunyi dari kesalahanmu, tapi tidak dari penyesalanmu. Kau bisa bermain dengan dramamu, tapi tidak dengan karmamu.

  • About

    Seorang Teknisi Jaringan yang pernah berkecimpung di Internet Service Provider (ISP) dan akhirnya memutuskan diri untuk menjadi freelancer yang berdomisili di Solo, Surakarta Hadiningrat.

  • Services

    Melayani jasa pasang Internet berbasis Wireless maupun Fiber Optic, Jasa Pasang Tower/Pipa, Pointing Wireless, Setting Router, CCTV, Hotspot, Proxy, Web Server, Network Managed dan Monitoring

  • Contact

    Berbagai saran, kritikan, keluhan dan masukan akan sangat berarti bagi saya. Anda dapat menghubungi/whatsapp saya di nomor:08564-212-8686 atau melalui BBM:2128686

    Sunday, May 8, 2022

    Clear log otomatis

    Posted by .::[ RahoX ]::. 3:46 PM No comments

    sekarang coba lihat list file log :

    find /var/log/ -type f -regex '.*\.[0-9]+\.gz$'
    kl mau delete :
    find /var/log/ -type f -regex '.*\.[0-9]+\.gz$' -delete
    atur ulang journal :
    journalctl --vacuum-time=2days
    journalctl --vacuum-size=100M
    journalctl --vacuum-files=5
    systemctl daemon-reload
    nano /etc/systemd/journald.conf
    SystemMaxUse=100M

    Kemudian reload

    systemctl daemon-reload 

    Create vlan di FREEBSD Tanpa Downtime

    Posted by .::[ RahoX ]::. 12:08 AM No comments

    Kali ini saya akan bagi tips cara create vlan yg aman, tanpa down.
    Seperti pada umumnya, kl mau tambah ip, edit, dll kan kita lakukan service netif restart
    Itu impact nya adalah semua interface di-restart, maka ada downtime.
    Supaya ngga terjadi downtime walau per sekian detik, caranya akan saya jelaskan di bawah. Ini khusus untuk penambahan vlan ya. Simak tips berikut :

    Pastikan sudah ditambahkan value berikut ini di /boot/loader.conf

    if_vlan_load="YES"
    Kemudian, buatlah value di file /etc/rc.conf

    cloned_interfaces="vlan605 vlan606 vlan607 vlan608"
    #MX80
    ifconfig_vlan605="inet 10.60.60.2 netmask 255.255.255.252 vlan 605 vlandev mlxen0"
    #CCR1036
    ifconfig_vlan605_alias0="inet 10.60.61.2 netmask 255.255.255.252"
    #JKTIX
    ifconfig_vlan606="inet 10.60.60.6 netmask 255.255.255.252 vlan 606 vlandev mlxen0"
    #IIX
    ifconfig_vlan607="inet 10.28.75.14 netmask 255.255.255.252 vlan 607 vlandev mlxen0"
    #GGC
    ifconfig_vlan608="inet 10.60.60.10 netmask 255.255.255.252 vlan 608 vlandev mlxen0"
    ifconfig_mlxen0="up"
    jika sudah, kemudian lakukan seperti berikut :
    root@BSDRouter:~ # service netif start vlan608
    Created clone interfaces: vlan608.
    Starting Network: vlan608.
    vlan608: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=680703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
            ether 00:02:c9:a3:0d:21
            inet 10.60.60.10 netmask 0xfffffffc broadcast 10.60.60.11
            groups: vlan
            vlan: 608 vlanpcp: 0 parent interface: mlxen0
            media: Ethernet autoselect (40Gbase-CR4 <full-duplex,rxpause,txpause>)
            status: active
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Cukup mudah bukan ?
    Semoga berguna :))

    Saturday, May 7, 2022

    Bandwidth Traffic Monitoring on FREEBSD

    Posted by .::[ RahoX ]::. 6:40 AM No comments

     Ada banyak tool buat monitoring lalu-lintas trafik yg lewat router FreeBSD diantaranya :

    systat -ifstat

    tcpdump 

    netstat 1

    bmon

    trafshow

    trafshow3

    iftop

    vnstat

    dll...


    Semoga berguna :))

    Create Loopback Interface FREEBSD

    Posted by .::[ RahoX ]::. 5:50 AM No comments

    Interface loopback adalah interface internal dalam sebuah router, fungsinya sebagai pref-source untuk mendefinisikan atau mengidentifikasi router itu sendiri. Diantara manfaat penggunaan loopback ip public ini diantaranya :

    • hemat ip public, karena point to point peer bgp bisa menggunakan ip private
    • jika ada peer bgp yang multipath, dapat berganti ganti dengan tetap mengidentifikasi berdasarkan ip yang tertanam pada interface loopback tadi
    • dapat digunakan untuk trobelshoting seperti ping / tracert dengan mencantumkan preference source
    • dll.

    root@BSDRouter:~ # ifconfig lo1
    ifconfig: interface lo1 does not exist
    root@BSDRouter:~ # ifconfig lo1 create
    root@BSDRouter:~ # ifconfig lo1 up
    root@BSDRouter:~ # service netif start lo1
    Starting Network: lo1.
    lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
            options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
            inet 103.166.11.103 netmask 0xffffffff
            groups: lo
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

    jangan lupa simpan biar permanen di /etc/rc.conf

    ifconfig_lo1_alias1="inet 103.166.11.103/32"
    ifconfig_lo1="up"

    Friday, May 6, 2022

    Catatan Bird Config (BIRD.CONF)

    Posted by .::[ RahoX ]::. 10:31 PM No comments

    Berikut isi file /usr/local/etc/bird.conf 

    # Configure logging
    log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
    log stderr all;
    #log "tmp" all;

    # Override router ID
    router id 10.60.60.2;
    protocol kernel {

    #       learn;                  # Learn all alien routes from the kernel
            persist;                # Don't remove routes on bird shutdown
            scan time 20;           # Scan kernel routing table every 20 seconds
    #       import none;            # Default is import all
            export all;             # Default is export none
    #       kernel table 5;         # Kernel table to synchronize with (default: main)
    }

    # This pseudo-protocol watches all interface up/down events.
    protocol device {
            scan time 10;           # Scan interfaces every 10 seconds
    }

    # Static routes (again, there can be multiple instances, so that you
    # can disable/enable various groups of static routes on the fly).
    protocol static {
    #       disabled;               # Disable by default
    #       table testable;         # Connect to a non-default table
    #       preference 1000;        # Default preference of routes
    #       debug { states, routes, filters, interfaces, events, packets };
    #       debug all;
    #       route 0.0.0.0/0 via 198.51.100.13;
    #       route 198.51.100.0/25 unreachable;
    #       route 10.0.0.0/8 unreachable;
    #       route 10.1.1.0:255.255.255.0 via 198.51.100.3;
    #       route 10.1.2.0:255.255.255.0 via 198.51.100.3;
    #       route 10.1.3.0:255.255.255.0 via 198.51.100.4;
    #       route 10.2.0.0/24 via "arc0";
            route 103.166.141.0/32 via 10.60.60.1;
    }

    protocol bgp CCR1036 {
            #disabled;
            description "BGP Peer to CCR1036";
            local as 65530;
            neighbor 10.60.60.1 as 139967;
            import filter {
            ##jika no label maka kasih label 65000:5678
            # bgp_community = -empty-; bgp_community = add(bgp_community,(65000,5678));

            ##jika terima aspath 7717 maka kasih tag 50310:7717
            if bgp_path ~ [= * 7717 * =] then
                    bgp_community = add(bgp_community,(50310,7717));
            if bgp_path ~ [= * 7597 * =] then
                    bgp_community = add(bgp_community,(50310,7597));
            ##jika origin AS7713 maka kasih tag 50310:7713
            if bgp_path ~ [= * 7713 =] then
                    bgp_community = add(bgp_community,(50310,7713));
            ##contoh reject AS20940
            #if bgp_path ~ [= * 20940 * =] then reject;
            ##contoh reject prefix 45.126.184.0/22 saja
            #if net ~ [ 45.126.184.0/22 ] then reject;
            ##contoh reject prefix 45.126.184.0/22 sampai prefix terkecil
            #if net ~ [ 45.126.184.0/22+ ] then reject;
            ##contoh reject prefix 45.126.184.0/22 sampai prefix terkecil (cara lain)
            #if net ~ 45.126.184.0/22 then reject;
            ##contoh reject prefix 36.90.0.0/16 sampai prefix terkecil
            #if net ~ 36.90.0.0/16 then reject;
            ##yg matching bgp community 50310:17451 ditambahkan tag 39967:17451
            if (50310,17451) ~ bgp_community then bgp_community.add((39967,17451));
            ##selain diatas maka accept
            accept;
            };
    }


    Berikut CheatSet untuk trobelshoting masalah routing bgp

    root@BSDRouter:~ # birdc
    BIRD 1.6.8 ready.
    bird> show protocols
    name     proto    table    state  since       info
    kernel1  Kernel   master   up     23:07:34
    device1  Device   master   up     23:07:34
    static1  Static   master   up     23:07:34
    CCR1036  BGP      master   up     04:44:52    Established
    bird>

    bird> show protocols all CCR1036
    name     proto    table    state  since       info
    CCR1036  BGP      master   up     04:44:52    Established
      Description:    BGP Peer to CCR1036
      Preference:     100
      Input filter:   (unnamed)
      Output filter:  REJECT
      Routes:         20994 imported, 0 exported, 20994 preferred
      Route change stats:     received   rejected   filtered    ignored   accepted
        Import updates:         231033          0         18     206404      24611
        Import withdraws:         1430          0        ---       1408         40
        Export updates:          24612      24611          1        ---          0
        Export withdraws:           40        ---        ---        ---          0
      BGP state:          Established
        Neighbor address: 10.60.60.1
        Neighbor AS:      139967
        Neighbor ID:      103.146.185.254
        Neighbor caps:    refresh AS4
        Session:          external AS4
        Source address:   10.60.60.2
        Hold timer:       138/180
        Keepalive timer:  3/60

    bird> show route where net ~ 45.126.184.0/22 all

    45.126.185.0/24    via 10.60.60.1 on vlan605 [CCR1036 05:24:46] * (100) [AS17451i]
            Type: BGP unicast univ
            BGP.origin: IGP
            BGP.as_path: 139967 17451
            BGP.next_hop: 10.60.60.1
            BGP.local_pref: 100
            BGP.community: (0,32934) (17451,7033) (50310,17451) (39967,17451)
    45.126.184.0/24    via 10.60.60.1 on vlan605 [CCR1036 05:24:45] * (100) [AS17451i]
            Type: BGP unicast univ
            BGP.origin: IGP
            BGP.as_path: 139967 17451
            BGP.next_hop: 10.60.60.1
            BGP.local_pref: 100
            BGP.community: (0,32934) (50310,17451) (39967,17451)
    45.126.184.0/22    via 10.60.60.1 on vlan605 [CCR1036 05:24:46] * (100) [AS17451?]
            Type: BGP unicast univ
            BGP.origin: Incomplete
            BGP.as_path: 139967 17451
            BGP.next_hop: 10.60.60.1
            BGP.local_pref: 100
            BGP.atomic_aggr:
            BGP.aggregator: 182.253.99.245 AS17451
            BGP.community: (0,32934) (50310,17451) (39967,17451)

    bonus aspath delete :

    ##bgp cut aspath 139967
    if (bgp_path ~ [= 139967 * =]) && (bgp_path.last != 139967) then
    bgp_path.delete(139967);

    ##bgp cut aspath 139967 dan 7717
    if (bgp_path ~ [= 7717 * =]) then
    bgp_path.delete(7717);

    Semoga berguna :))


    Thursday, May 5, 2022

    Create Delete VLAN FreeBSD 12.3-Stable

    Posted by .::[ RahoX ]::. 8:12 PM No comments
    Sebelumnya, load dulu kernel buat vlan
    vi /boot/loader.conf
    if_vlan_load=YES
    Setelah itu reboot. Sebelum create vlan, perhatikan root interface/ethernet nya apa, di sini saya kasih contoh mlxen0 (Mellanox ConectX-3) 2 Port 40Gbps, ini port manteb bgt buat deploy router. Oh iya, cara load driver nya begini :
    kldload mlx4en
    Itu hanya bersifat sementara, kalau mau permanen, tambahkan script di /boot/loader.conf lalu reboot
    mlx4en_load="YES"
    Sekarang tips buat vlan interface. Untuk freebsd versi terbaru, crate vlan lebih mudah, contoh :
    root@BSDRouter:~ # ifconfig vlan605 create
    root@BSDRouter:~ # ifconfig vlan605 vlan 605 vlandev mlxen0
    root@BSDRouter:~ # ifconfig vlan605 inet 10.70.70.2 netmask 255.255.255.252
    root@BSDRouter:~ # ifconfig vlan605
    vlan605: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=680703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
            ether 00:02:c9:a3:0d:21
            inet 10.70.70.2 netmask 0xfffffffc broadcast 10.70.70.3
            groups: vlan
            vlan: 605 vlanpcp: 0 parent interface: mlxen0
            media: Ethernet autoselect (40Gbase-CR4 <full-duplex,rxpause,txpause>)
            status: active
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Lalu, kalau ingin destroy cukup ketikkan begini:
    ifconfig vlan605 destroy
    Kalau ingi disable vlan, ketikkan gini :
    ifconfig vlan605 down
    ok, itu hanya bersifat temporary. Kalau pengen kesimpen dan di load saat booting, pasang script di /etc/rc.conf
    cloned_interfaces="vlan605"
ifconfig_vlan605="inet 10.60.60.2 netmask 255.255.255.252 vlan 605 vlandev mlxen0"
ifconfig_mlxen0="up"
    setelah itu save, kemudian eksekusi :
    service netif restart
    Semoga Berguna :-)
    Subscribe to: Posts (Atom)

    ABOUT ME

    BLOG ROLL

    FOLLOWERS