Instalasi Dan Konfigurasi Bird 2

12 May 2025 Jaringan Komputer Linux

Pre Install

Tunning di sisi konfigurasi

Agar traffic yang lewat bisa di forward aktifkan berikut

nano /etc/sysctl.conf

Uncomment bagian berikut

#net.ipv4.ip_forward=1

Sehingga menjadi seperti berikut

net.ipv4.ip_forward=1

Muat ulang konfigurasi

sysctl -p

Atau, Konfigurasi sysctl lanjutan untuk tweaking yang kiranya sangat berguna

# KONFIGURASI DIBAWAH DITAMBAHKAN MANUAL

fs.file-max = 16777216
fs.nr_open = 1073741824
kernel.hung_task_timeout_secs = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
net.core.default_qdisc = cake
net.core.netdev_max_backlog = 30000
net.core.rmem_default = 67108864
net.core.rmem_max = 67108864
net.core.somaxconn = 65536
net.core.wmem_max = 67108864
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.all.arp_ignore = 2
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.ignore_routes_with_linkdown = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.fib_multipath_use_neigh = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_per_sec = 2500
net.ipv4.icmp_ratelimit = 0
net.ipv4.igmp_max_memberships = 100
net.ipv4.ip_forward = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.neigh.default.base_reachable_time_ms = 14400000
net.ipv4.neigh.default.gc_thresh1 = 1024
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.route.max_size = 1073741824
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_l3mdev_accept = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_mem = 4194304 16777216 67108864
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_rmem = 4194304 16777216 67108864
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4194304 16777216 67108864
net.ipv6.conf.all.accept_ra_defrtr = 0
net.ipv6.conf.all.accept_ra_pinfo = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.dad_transmits = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.ignore_routes_with_linkdown = 1
net.ipv6.conf.all.router_solicitations = -1
net.ipv6.icmp.ratelimit = 0
#net.ipv6.conf.all.send_redirects = 0
net.ipv6.neigh.default.base_reachable_time_ms = 14400000
net.ipv6.neigh.default.gc_thresh1 = 1024
net.ipv6.neigh.default.gc_thresh2 = 2048
net.ipv6.neigh.default.gc_thresh2 = 8192
net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv6.neigh.default.gc_thresh3 = 16384
net.ipv6.route.max_size = 32768000
vm.max_map_count = 1048575
vm.swappiness = 100

net.ipv6.conf.all.accept_ra = 0
#net.ipv6.conf.all.proxy_ndp = 1

#net.netfilter.nf_conntrack_acct = 1
#net.netfilter.nf_conntrack_checksum = 0
#net.netfilter.nf_conntrack_max = 65535
#net.netfilter.nf_conntrack_tcp_timeout_established = 7440
#net.netfilter.nf_conntrack_udp_timeout = 60
#net.netfilter.nf_conntrack_udp_timeout_stream = 180
#net.netfilter.nf_conntrack_helper = 1

# net.ipv6.conf.all.disable_ipv6 = 1

Set CPU ke mode performance

cpufreq-set -g performance
  • Memaksa CPU untuk berjalan di kecepatan maksimum setiap saat.
  • Tidak akan mengurangi frekuensi CPU walaupun sistem sedang idle.
  • Cocok untuk server, router, dan sistem dengan kebutuhan latency rendah dan performa stabil.

Tunning di sisi hardware

Berikut catatan yang sekiranya diperhatikan

  • Jika Interface NIC bisa melewatkan bandwidth besar pastikan NIC terpasang di PCIE x16 agar tidak ada bottleneck

Instalasi dan Konfigurasi

sudo apt install bird2 -y

Periksa versi yang terinstall

bird --version

Aktifkan bird agar auto start pada saat startup

sudo systemctl enable --now bird

Basic Configuration

Agar bird dapat mengenali IP yang terpasang di interface sebagai protocol direct lakukan langkah berikut

Beri comment pada baris disabled;

protocol direct {
        disabled;               # Disable by default
        ipv4;                   # Connect to default IPv4 table
        ipv6;                   # ... and to default IPv6 table
}

Sehingga menjadi seperti berikut

protocol direct {
#       disabled;               # Disable by default
        ipv4;                   # Connect to default IPv4 table
        ipv6;                   # ... and to default IPv6 table
}

Agar route yang di set di kernel/diluar bird (misalnya static route dengan ip route add ) dapat dikenali/dibaca oleh bird lakukan langkah berikut

Hapus comment pada baris learn;

protocol kernel {
        ipv4 {                  # Connect protocol to IPv4 table by channel
#             table master4;    # Default IPv4 table is master4
#             import all;       # Import to table, default is import all
              export all;       # Export to protocol. default is export none
        };
#       learn;                  # Learn alien routes from the kernel
#       kernel table 10;        # Kernel table to synchronize with (default: main)
}

Sehingga menjadi seperti berikut

protocol kernel {
        ipv4 {                  # Connect protocol to IPv4 table by channel
#             table master4;    # Default IPv4 table is master4
#             import all;       # Import to table, default is import all
              export all;       # Export to protocol. default is export none
        };
        learn;                  # Learn alien routes from the kernel
#       kernel table 10;        # Kernel table to synchronize with (default: main)
}

Agar bird mendeteksi interface yang up atau down dengan cepat ubah scan time ke waktu yang lebih cepat, defaultnya di bird2 tidak mendefinisikan scan time dan defaultnya adalah 60 detik

protocol device {
}

Tambahkan baris berikut scan time 5; (bird mengecek setiap 5 detik)

Sehingga menjadi seperti berikut

protocol device {
        scan time 5;
}

Contoh Konfigurasi BGP Peer

Contoh BGP peer

protocol bgp RO2 {
        local 12.12.12.1;
        local as 100;
        neighbor 12.12.12.2;
        neighbor as 200;
        ipv4 {
                export all;
                import all;
        };
}

Contoh BGP peer dengan custom filter

protocol bgp RO2 {
        local 12.12.12.1;
        local as 100;
        neighbor 12.12.12.2;
        neighbor as 200;
        ipv4 {
                export filter FILTERNAME_out;
                import filter FILTERNAME_in;
        };
}

Contoh BGP peer Multihop

protocol bgp RO2 {
        local 12.12.12.1;
        local as 100;
        neighbor 12.12.12.2;
        neighbor as 200;
        multihop;
        ipv4 {
                export filter FILTERNAME_out;
                import filter FILTERNAME_in;
        };
}

Contoh BGP peer Route Reflector client

protocol bgp RO2 {
        local 12.12.12.1;
        local as 100;
        neighbor 12.12.12.2;
        neighbor as 200;
        rr client;
        rr cluster id 1.1.1.1;
        ipv4 {
                export filter FILTERNAME_out;
                import filter FILTERNAME_in;
        };
}

Route Filtering

Contoh Mengubah BGP attribute local preference

filter RO2_in {
        if ( net = 2.2.2.2/32 ) then {
                bgp_local_pref = 200;
                accept;
        }
        else accept;
}

Contoh BGP AS path prepend (2x)

filter RO2_out {
        if ( net = 1.1.1.1/32 ) then {
                bgp_path.prepend(100);
                bgp_path.prepend(100);
                accept;
        }
        else reject;
}

100 adalah ASNumber

Contoh BGP menambahkan attribute community

filter RO2_out {
        if ( net = 1.1.1.1/32 ) then {
                bgp_community.add((100,109));
                accept;
        }
        else reject;
}

Contoh BGP menambahkan attribute large community

filter RO2_out {
        if ( net = 1.1.1.1/32 ) then {
                bgp_large_community.add((100,200,109));
                accept;
        }
        else reject;
}

Contoh BGP dengan validasi ROA

## ROA VALIDATION
function is_rpki_invalid() {
  if (net.type = NET_IP4) then {
    return roa_check(rpki4, net, bgp_path.last_nonaggregated) = ROA_INVALID;
  }

  if (net.type = NET_IP6) then {
    return roa_check(rpki6, net, bgp_path.last_nonaggregated) = ROA_INVALID;
  }
}

filter neighbor_in {
        if ( is_rpki_invalid() ) then {
                reject;
        }
        else accept;

Konfigurasi RPKI ROA

# ROA table untuk IPv4 dan IPv6
roa4 table rpki4;
roa6 table rpki6;

# RPKI protocol RTR dari RPKI Cache Server seperti routinator
protocol rpki rpki_roa {
  roa4 { table rpki4; };
  roa6 { table rpki6; };

  remote 10.0.0.1 port 3323;
  retry 30;
}

Usefull Command

Melihat prefix yang diterima dari BGP neighbor

show route protocol neighbor_name

Melihat prefix yang diterima dari BGP neighbor dengan detail

show route protocol neighbor_name all

Melihat ip dengan tujuan prefix tertentu yang diterima dari neighbor tertentu

show route for 192.168.1.1 protocol neighbor_name all

Melihat prefix yang dikirim ke neighbor tertentu dengan detail

show route export neighbor_name all

Tools atau Konfigurasi Pendukung yang sekiranya berguna (Opsional)

Menambahkan Interface VLAN Di Debian 12 Server
Firewall Di Linux Menggunakan nftables
Limitasi Bandwidth Di Linux Menggunakan tcconfig
Set SNMP ifAlias

Tools lainnya
mtr
bmon
conntrack
mactelnet-client (disarankan jika terbiasa dengan environment mikrotik)
mactelnet-server (disarankan jika terbiasa dengan environment mikrotik)
ipcalc atau ipcalc-ng
pathvector
softflowd
– ethtool

Sumber/Referensi:

https://t.me/IPv6_Indonesia/104851/245315

Fariz Anwar

IT / Network Enthusiast | Debian Addict