version 7.2R2.4;
system {
host-name Juniper-Lab;
backup-router 172.27.10.129;
time-zone Asia/Shanghai;
saved-core-context;
ports {
console type vt100;
auxiliary type vt100;
}
login {
user juniper {
uid 2002;
class superuser;
authentication {
encrypted-password "$1$fTE4aVvP$u8euyzJMcJdVZ/AlBCNoj1"; ## SECRET-DATA
}
}
user lab {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$egKb445d$Ygcrc.fzXzxi0nw966brT1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh {
root-login allow;
protocol-version v2;
}
telnet;
}
compress-configuration-files;
}
logical-routers {
c1 {
interfaces {
fxp2 {
unit 10 {
vlan-id 10;
family inet {
address 172.16.0.6/30;
}
}
unit 20 {
vlan-id 20;
family inet {
address 172.16.0.10/30;
}
}
}
lo0 {
unit 200 {
family inet {
address 200.200.0.1/32;
}
}
}
}
protocols {
bgp {
group r4 {
type external;
multihop;
export r4;
peer-as 65412;
neighbor 10.0.3.4;
}
}
}
policy-options {
policy-statement null {
then reject;
}
policy-statement r4 {
term first {
from {
route-filter 200.200.0.0/16 exact;
}
then {
as-path-prepend "10458 14203 701 4230";
accept;
}
}
term second {
from {
protocol static;
route-filter 200.0.0.0/8 orlonger;
route-filter 32.0.0.0/8 longer;
route-filter 172.16.0.0/16 orlonger;
}
then {
as-path-prepend 65000;
accept;
}
}
}
}
routing-options {
static {
route 200.200.0.0/16 reject;
route 200.200.0.0/24 discard;
route 200.200.1.0/24 discard;
route 200.200.2.0/24 discard;
route 200.200.3.0/24 discard;
route 200.200.4.0/24 discard;
route 200.200.5.0/24 discard;
route 200.200.6.0/24 discard;
route 200.200.7.0/24 discard;
route 32.0.0.0/16 {
discard;
as-path {
path 420;
}
}
route 200.200.0.0/28 discard;
route 10.0.1.0/24 discard;
route 200.200.5.128/25 discard;
route 10.0.3.4/32 next-hop [ 172.16.0.5 172.16.0.9 ];
}
autonomous-system 65010;
}
}
c2 {
interfaces {
fxp2 {
unit 80 {
vlan-id 80;
family inet {
address 172.16.0.26/30;
}
}
}
lo0 {
unit 80 {
family inet {
address 201.201.0.1/32;
}
}
}
}
protocols {
bgp {
group r7 {
type external;
export r7;
neighbor 172.16.0.25 {
peer-as 65412;
}
}
}
}
policy-options {
policy-statement r7 {
term 1 {
from protocol static;
then {
as-path-prepend 65020;
accept;
}
}
term 2 {
from {
protocol direct;
route-filter 201.201.0.0/24 exact;
}
then accept;
}
}
}
routing-options {
static {
route 201.201.0.0/24 discard;
route 201.201.1.0/24 discard;
route 201.201.2.0/24 discard;
route 201.201.3.0/24 discard;
route 201.201.4.0/24 discard;
route 201.201.5.0/24 discard;
route 201.201.6.0/24 discard;
route 201.201.7.0/24 discard;
route 0.0.0.0/0 {
discard;
as-path {
path "62 39";
}
}
route 64.0.0.0/7 discard;
route 201.201.0.7/32 discard;
route 210.210.16.128/26 {
discard;
as-path {
path 65010;
}
}
}
autonomous-system 65020;
}
}
ospf-RTR {
interfaces {
fxp1 {
unit 70 {
vlan-id 70;
family inet {
address 172.16.40.1/30;
}
}
}
fxp2 {
unit 60 {
vlan-id 60;
family inet {
address 172.16.40.5/30;
}
}
}
lo0 {
unit 192 {
family inet {
address 192.168.0.1/32;
address 192.168.1.1/32;
address 192.168.2.1/32;
address 192.168.3.1/32;
address 192.168.4.1/32;
address 192.168.5.1/32;
address 192.168.6.1/32;
}
}
}
}
protocols {
inactive: ospf {
export advertise-ospf;
area 0.0.0.2 {
nssa;
authentication-type simple;
interface fxp1.70 {
authentication {
simple-password "$9$EwUhlM8LNbYoxN"; ## SECRET-DATA
}
}
interface fxp2.60 {
authentication {
simple-password "$9$g74GikqfznCmf"; ## SECRET-DATA
}
}
}
}
rip {
group rip-grp {
export advertise-rip;
neighbor fxp1.70;
neighbor fxp2.60;
}
}
}
policy-options {
policy-statement advertise-rip {
term 1 {
from {
protocol static;
route-filter 192.168.0.0/24 exact;
route-filter 192.168.1.0/24 exact;
route-filter 192.168.2.0/24 exact;
route-filter 192.168.3.0/24 exact;
}
then accept;
}
term 2 {
from protocol [ direct rip ];
then accept;
}
}
policy-statement advertise-ospf {
term 1 {
from {
protocol static;
route-filter 192.168.0.0/22 longer;
}
then accept;
}
}
policy-statement test {
term 1 {
then accept;
}
}
}
routing-options {
static {
route 192.168.0.0/24 discard;
route 192.168.1.0/24 discard;
route 192.168.2.0/24 discard;
route 192.168.3.0/24 discard;
}
}
}
p1 {
interfaces {
fxp3 {
unit 55 {
vlan-id 55;
family inet {
address 10.0.5.254/24;
}
}
}
lo0 {
unit 55 {
family inet {
address 120.120.0.1/32;
}
}
}
}
protocols {
bgp {
group r1-r2 {
type external;
export r1-r2;
peer-as 65412;
inactive: neighbor 10.0.5.200;
neighbor 10.0.5.1;
neighbor 10.0.5.2;
}
}
}
policy-options {
policy-statement r1-r2 {
term 1 {
from {
route-filter 120.120.7.0/24 exact;
}
then {
community add prefer;
accept;
}
}
term 2 {
from protocol static;
then accept;
}
}
community prefer members 65050:100;
}
routing-options {
static {
route 120.120.0.0/24 discard;
route 120.120.1.0/24 discard;
route 120.120.2.0/24 discard;
route 120.120.3.0/24 discard;
route 120.120.4.0/24 discard;
route 120.120.5.0/24 discard;
route 120.120.6.0/24 discard;
route 120.120.7.0/24 {
discard;
as-path {
path 65412;
}
}
route 172.17.0.0/24 discard;
route 192.168.4.0/24 discard;
route 0.0.0.0/4 discard;
route 0.0.0.0/0 discard;
route 3.4.0.0/20 discard;
route 6.0.0.0/7 discard;
route 120.120.69.0/24 {
discard;
as-path {
path 65412;
}
}
}
autonomous-system 65050;
}
}
r1 {
interfaces {
fxp1 {
unit 12 {
vlan-id 12;
family inet {
address 10.0.4.5/30;
}
family iso;
}
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.14/30;
}
family iso;
}
unit 55 {
vlan-id 55;
family inet {
address 10.0.5.1/24;
}
}
}
lo0 {
unit 1 {
family inet {
address 10.0.6.1/32;
}
family iso {
address 49.0002.1111.1111.1111.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
traceoptions {
file r1-bgp;
flag state detail;
}
export ibgp;
peer-as 65412;
neighbor 10.0.4.13;
neighbor 10.0.4.9;
}
group p1 {
type external;
import [ bogons community ];
export peer-export;
peer-as 65050;
neighbor 10.0.5.254;
}
}
isis {
export direct;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 1 wide-metrics-only;
interface fxp1.12 {
level 2 disable;
level 1 {
hello-authentication-key "$9$2NoZjn6AtOR"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp1.13 {
level 2 disable;
level 1 {
hello-authentication-key "$9$JMUi.AtOBEy"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface lo0.1 {
level 2 disable;
}
}
}
policy-options {
policy-statement direct {
term 1 {
from {
protocol direct;
route-filter 10.0.5.0/24 exact;
}
then {
metric 101;
accept;
}
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.10.0/24 exact;
route-filter 192.168.100.0/24 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
neighbor 10.0.5.254;
}
then {
next-hop self;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Peer;
}
}
}
policy-statement peer-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community Transit;
then reject;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
}
routing-options {
static {
route 192.168.10.0/24 reject;
route 192.168.100.0/24 reject;
}
aggregate {
route 10.0.0.0/8;
}
autonomous-system 65412 loops 2;
}
}
r2 {
interfaces {
fxp2 {
unit 12 {
vlan-id 12;
family inet {
address 10.0.4.6/30;
}
family iso;
}
unit 23 {
vlan-id 23;
family inet {
address 10.0.4.2/30;
}
family iso;
}
unit 24 {
vlan-id 24;
family inet {
address 10.0.4.10/30;
}
family iso;
}
unit 55 {
vlan-id 55;
family inet {
address 10.0.5.2/24;
}
}
}
lo0 {
unit 2 {
family inet {
address 10.0.6.2/32;
}
family iso {
address 49.0002.2222.2222.2222.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
traceoptions {
file r2-bgp;
flag state detail;
}
export ibgp;
peer-as 65412;
neighbor 10.0.4.13;
neighbor 10.0.4.9;
}
group p1 {
type external;
import [ bogons community ];
export peer-export;
peer-as 65050;
neighbor 10.0.5.254;
}
}
isis {
export direct;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 1 wide-metrics-only;
interface fxp2.12 {
level 2 disable;
level 1 {
hello-authentication-key "$9$vrl8xdDjq.5F"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp2.23 {
level 2 disable;
level 1 {
hello-authentication-key "$9$M3iL7Vji.mT3"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp2.24 {
level 2 disable;
level 1 {
hello-authentication-key "$9$umBZBRS-dsYoG"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface lo0.2 {
level 2 disable;
}
}
}
policy-options {
policy-statement direct {
term 1 {
from {
protocol direct;
route-filter 10.0.5.0/24 exact;
}
then {
metric 101;
accept;
}
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.20.0/24 exact;
route-filter 192.168.100.0/24 exact next term;
}
then accept;
}
term 2 {
from {
route-filter 192.168.100.0/24 exact;
}
then {
community add r2;
accept;
}
}
term 3 {
from {
protocol bgp;
neighbor 10.0.5.254;
}
then {
next-hop self;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Peer;
}
}
}
policy-statement peer-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community Transit;
then reject;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
community r2 members 65412:2;
}
routing-options {
static {
route 192.168.20.0/24 reject;
route 192.168.100.0/24 reject;
}
aggregate {
route 10.0.0.0/8;
}
autonomous-system 65412 loops 2;
}
}
r3 {
interfaces {
fxp1 {
unit 23 {
vlan-id 23;
family inet {
address 10.0.4.1/30;
}
family iso;
}
unit 30 {
vlan-id 30;
family inet {
address 172.16.0.13/30;
}
family iso;
}
unit 34 {
vlan-id 34;
family inet {
address 10.0.2.5/30;
}
family iso;
}
unit 35 {
vlan-id 35;
family inet {
address 10.0.2.2/30;
}
family iso;
}
unit 40 {
vlan-id 40;
family inet {
address 172.16.0.17/30;
}
}
}
fxp2 {
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.13/30;
}
family iso;
}
}
lo0 {
unit 3 {
family inet {
address 10.0.3.3/32;
}
family iso {
address 49.0002.3333.3333.3333.00;
}
}
}
}
protocols {
bgp {
traceoptions {
file r3-bgp;
flag state detail;
}
damping;
import prefer-2;
group cluster-1111 {
export ibgp;
cluster 1.1.1.1;
peer-as 65412;
neighbor 10.0.4.14;
neighbor 10.0.4.6;
}
group core {
type internal;
traceoptions {
file r3-bgp;
flag state detail;
}
local-preference 200;
local-address 10.0.3.3;
export ibgp;
peer-as 65412;
neighbor 10.0.3.4;
neighbor 10.0.3.5;
}
group t1-t2 {
type external;
import [ damp bogons community ];
export transit-export;
peer-as 65222;
multipath;
neighbor 172.16.0.14;
neighbor 172.16.0.18 {
export [ med transit-export ];
}
}
}
isis {
export summ;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 2 {
authentication-key "$9$4fJUH/9pu1h"; ## SECRET-DATA
authentication-type simple; ## SECRET-DATA
wide-metrics-only;
}
level 1 wide-metrics-only;
interface fxp1.23 {
level 2 disable;
level 1 {
hello-authentication-key "$9$5znCyrvMX-"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp1.30 {
passive;
level 1 disable;
}
interface fxp1.34 {
level 2 {
hello-authentication-key "$9$CXw4pORXxdVYo"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
level 1 disable;
}
interface fxp1.35 {
level 1 disable;
level 2 {
hello-authentication-key "$9$xQa-b2.mTQnC"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp2.13 {
level 2 disable;
level 1 {
hello-authentication-key "$9$0h2N1EydVY2aU"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface lo0.3 {
level 1 disable;
}
}
}
policy-options {
policy-statement summ {
term 1 {
from {
route-filter 10.0.5.0/24 exact;
}
to level 2;
then accept;
}
term 2 {
from {
protocol aggregate;
route-filter 10.0.4.0/22 exact;
}
to level 2;
then accept;
}
term 3 {
from {
route-filter 10.0.4.0/22 longer;
}
to level 2;
then reject;
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.30.0/24 exact;
}
then accept;
}
term 2 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 3 {
from {
protocol bgp;
neighbor [ 172.16.0.14 172.16.0.18 ];
}
then {
next-hop self;
}
}
}
policy-statement prefer-2 {
term 1 {
from community r2;
then {
preference 20;
}
}
}
policy-statement damp {
term 1 {
from {
route-filter 17.128.0.0/9 exact damping dry;
route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping timid;
route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping aggressive;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Transit;
}
}
}
policy-statement transit-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community [ Peer Transit ];
then reject;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
policy-statement med {
term 1 {
then {
metric 100;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
community r2 members 65412:2;
damping aggressive {
half-life 30;
suppress 2500;
}
damping timid {
half-life 5;
}
damping dry {
disable;
}
}
routing-options {
static {
route 192.168.30.0/24 reject;
}
aggregate {
route 10.0.4.0/22;
route 10.0.0.0/8;
}
autonomous-system 65412;
}
}
r4 {
interfaces {
fxp1 {
unit 10 {
vlan-id 10;
family inet {
address 172.16.0.5/10;
}
}
unit 20 {
vlan-id 20;
family inet {
address 172.16.0.9/30;
}
}
unit 24 {
vlan-id 24;
family inet {
address 10.0.4.9/30;
}
family iso;
}
unit 45 {
vlan-id 45;
family inet {
address 10.0.2.10/30;
}
family iso;
}
}
fxp2 {
unit 34 {
vlan-id 34;
family inet {
address 10.0.2.6/30;
}
family iso;
}
}
lo0 {
unit 4 {
family inet {
address 10.0.3.4/32;
}
family iso {
address 49.0002.4444.4444.4444.00;
}
}
}
}
protocols {
bgp {
traceoptions {
file r4-bgp;
flag state detail;
}
import prefer-2;
group cluster-3333 {
export ibgp;
cluster 3.3.3.3;
peer-as 65412;
neighbor 10.0.4.5;
neighbor 10.0.4.10;
}
group core {
type internal;
traceoptions {
file r4-bgp;
flag state detail;
}
local-address 10.0.3.4;
export ibgp;
peer-as 65412;
neighbor 10.0.3.3;
neighbor 10.0.3.5;
}
group c1 {
type external;
multihop;
local-address 10.0.3.4;
import [ bogons community ];
export cust-export;
peer-as 65010;
neighbor 200.200.0.1;
}
}
isis {
export summ;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 2 {
authentication-key "$9$89jx-wHkPfz6"; ## SECRET-DATA
authentication-type simple; ## SECRET-DATA
wide-metrics-only;
}
level 1 wide-metrics-only;
interface fxp1.24 {
level 2 disable;
level 1 {
hello-authentication-key "$9$vYn8xdDjq.5F"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp1.45 {
level 1 disable;
level 2 {
hello-authentication-key "$9$utauBRS-dsYoG"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp2.34 {
level 1 disable;
level 2 {
hello-authentication-key "$9$e91MLNGUHkPQ"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface lo0.4 {
level 1 disable;
}
}
}
policy-options {
policy-statement summ {
term 1 {
from {
route-filter 10.0.5.0/24 exact;
}
to level 2;
then accept;
}
term 2 {
from {
protocol aggregate;
route-filter 10.0.4.0/22 exact;
}
to level 2;
then accept;
}
term 3 {
from {
route-filter 10.0.4.0/22 longer;
}
to level 2;
then reject;
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.40.0/24 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
neighbor 200.200.0.1;
}
then {
next-hop self;
}
}
}
policy-statement prefer-2 {
term 1 {
from community r2;
then {
preference 20;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /29-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
term 3 {
from as-path c1;
then next policy;
}
term 4 {
then reject;
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Customer;
}
}
}
policy-statement cust-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community [ Customer Transit Peer ];
then next policy;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
community r2 members 65412:2;
as-path c2 ".* 65020";
as-path c1 ".* 65010";
}
routing-options {
static {
route 192.168.40.0/24 reject;
route 200.200.0.1/32 {
next-hop [ 172.16.0.6 172.16.0.10 ];
no-readvertise;
}
}
aggregate {
route 10.0.4.0/22;
route 10.0.0.0/8;
}
autonomous-system 65412;
}
}
r5 {
interfaces {
fxp1 {
unit 56 {
vlan-id 56;
family inet {
address 10.0.8.6/30;
}
family iso;
}
unit 57 {
vlan-id 57;
family inet {
address 10.0.8.9/30;
}
family iso;
}
}
fxp2 {
unit 35 {
vlan-id 35;
family inet {
address 10.0.2.1/30;
}
family iso;
}
unit 45 {
vlan-id 45;
family inet {
address 10.0.2.9/30;
}
family iso;
}
}
lo0 {
unit 5 {
family inet {
address 10.0.3.5/32;
}
family iso {
address 49.0001.5555.5555.5555.00;
}
}
}
}
protocols {
bgp {
group cluster-2222 {
traceoptions {
file r5-bgp;
flag state detail;
}
local-address 10.0.3.5;
export ibgp;
cluster 2.2.2.2;
peer-as 65412;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
group core {
type internal;
traceoptions {
file r5-bgp;
flag state detail;
}
local-address 10.0.3.5;
export ibgp;
peer-as 65412;
neighbor 10.0.3.3;
neighbor 10.0.3.4;
}
}
isis {
export summ;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 2 {
authentication-key "$9$PTF/cSeK87"; ## SECRET-DATA
authentication-type simple; ## SECRET-DATA
}
level 1 preference 155;
interface fxp1.56 {
level 2 disable;
level 1 {
hello-authentication-key "$9$yeqeMXaJDjqf"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface fxp1.57 {
level 2 disable;
level 1 {
hello-authentication-key "$9$UHiqfu0IRSe"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface fxp2.35 {
level 1 disable;
level 2 {
hello-authentication-key "$9$jZkmTOBEhrv"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface fxp2.45 {
level 1 disable;
level 2 {
hello-authentication-key "$9$H.fz1IcSeW"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
}
}
interface lo0.5 {
level 1 disable;
}
}
}
policy-options {
policy-statement summ {
term 1 {
from {
protocol aggregate;
route-filter 10.0.2.0/23 exact;
}
to level 1;
then accept;
}
term 2 {
from {
route-filter 10.0.8.0/21 longer;
route-filter 192.168.0.0/22 longer;
}
to level 2;
then reject;
}
term 3 {
from {
protocol aggregate;
route-filter 10.0.8.0/21 exact;
route-filter 192.168.0.0/22 exact;
route-filter 172.16.40.0/29 exact;
}
to level 2;
then accept;
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.50.0/24 exact;
}
then accept;
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Customer;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
}
routing-options {
static {
route 192.168.50.0/24 reject;
}
aggregate {
route 10.0.2.0/23;
route 10.0.8.0/21;
route 192.168.0.0/22;
route 172.16.40.0/29;
}
autonomous-system 65412;
}
}
r6 {
interfaces {
fxp2 {
unit 50 {
vlan-id 50;
family inet {
address 172.16.0.21/30;
}
}
unit 56 {
vlan-id 56;
family inet {
address 10.0.8.5/30;
}
family iso;
}
unit 67 {
vlan-id 67;
family inet {
address 10.0.8.1/30;
}
family iso;
}
unit 70 {
vlan-id 70;
family inet {
address 172.16.40.2/30;
}
}
}
lo0 {
unit 6 {
family inet {
address 10.0.9.6/32;
}
family iso {
address 49.0001.6666.6666.6666.00;
}
}
}
}
protocols {
bgp {
damping;
group internal {
type internal;
traceoptions {
file r6-bgp;
flag state detail;
}
local-address 10.0.9.6;
export ibgp;
neighbor 10.0.3.5;
}
group t2 {
type external;
import [ damp bogons community ];
authentication-key "$9$Tz39tpByrvuO"; ## SECRET-DATA
export transit-export;
peer-as 65222;
neighbor 172.16.0.22;
}
}
isis {
export ospf-isis;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 1 preference 155;
interface fxp1.67 {
level 2 disable;
}
interface fxp2.56 {
level 2 disable;
level 1 {
hello-authentication-key "$9$cUhrK84oGUHm"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface fxp2.57 {
level 2 disable;
}
interface fxp2.67 {
level 2 disable;
level 1 {
hello-authentication-key "$9$QSMt3/tleW87V"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface lo0.6 {
level 2 disable;
}
}
ospf {
external-preference 159;
export isis-ospf;
area 0.0.0.2 {
nssa;
authentication-type simple;
interface fxp2.70 {
authentication {
simple-password "$9$C9/PAORhclMLNyl"; ## SECRET-DATA
}
}
}
}
rip {
traceoptions {
file rip-debug;
flag update detail;
flag error detail;
}
group rip-grp {
neighbor fxp2.70;
}
}
}
policy-options {
policy-statement ospf-isis {
term 1 {
from {
route-filter 192.168.0.0/22 longer;
route-filter 172.16.40.0/29 longer;
}
then accept;
}
term 2 {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
}
policy-statement isis-ospf {
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.60.0/24 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
neighbor 172.16.0.22;
}
then {
next-hop self;
}
}
}
policy-statement damp {
term 1 {
from {
route-filter 17.128.0.0/9 exact damping dry;
route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping timid;
route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping aggressive;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Transit;
}
}
}
policy-statement transit-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community [ Peer Transit ];
then reject;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
damping aggressive {
half-life 30;
suppress 2500;
}
damping dry {
disable;
}
damping timid {
half-life 5;
}
}
routing-options {
static {
route 192.168.60.0/24 reject;
}
aggregate {
route 10.0.0.0/8;
}
router-id 10.0.9.6;
autonomous-system 65412;
}
}
r7 {
interfaces {
fxp1 {
unit 60 {
vlan-id 60;
family inet {
address 172.16.40.6/30;
}
}
unit 67 {
vlan-id 67;
family inet {
address 10.0.8.2/30;
}
family iso;
}
unit 80 {
vlan-id 80;
family inet {
address 172.16.0.25/30;
}
}
}
fxp2 {
unit 57 {
vlan-id 57;
family inet {
address 10.0.8.10/30;
}
family iso;
}
}
lo0 {
unit 7 {
family inet {
address 10.0.9.7/32;
}
family iso {
address 49.0001.7777.7777.7777.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
traceoptions {
file r7-bgp;
flag state detail;
}
local-address 10.0.9.7;
export ibgp;
neighbor 10.0.3.5;
}
group c2 {
type external;
import [ bogons community ];
export cust-export;
peer-as 65020;
neighbor 172.16.0.26;
}
}
isis {
export ospf-isis;
reference-bandwidth 500m;
lsp-lifetime 3600;
level 1 preference 155;
interface fxp1.67 {
level 2 disable;
level 1 {
hello-authentication-key "$9$-jbYof5F39p"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface fxp2.57 {
level 2 disable;
level 1 {
hello-authentication-key "$9$WhTXNbiHmPQn"; ## SECRET-DATA
hello-authentication-type md5; ## SECRET-DATA
priority 0;
}
}
interface lo0.7 {
level 2 disable;
}
}
inactive: ospf {
external-preference 159;
export isis-ospf;
area 0.0.0.2 {
nssa;
authentication-type simple;
interface fxp1.60 {
authentication {
simple-password "$9$Hkfz3nCuBE/C"; ## SECRET-DATA
}
}
}
}
rip {
group rip-grp {
neighbor fxp1.60;
}
}
}
policy-options {
policy-statement ospf-isis {
term 1 {
from {
route-filter 192.168.0.0/22 longer;
route-filter 172.16.40.0/29 longer;
}
then accept;
}
term 2 {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
}
policy-statement isis-ospf {
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.70.0/24 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
neighbor 172.16.0.26;
}
then {
next-hop self;
}
}
}
policy-statement bogons {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /29-/32 reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
}
}
term 3 {
from as-path c2;
then next policy;
}
term 4 {
then reject;
}
}
policy-statement community {
term 1 {
from protocol bgp;
then {
community add Customer;
}
}
}
policy-statement cust-export {
term 1 {
from {
protocol aggregate;
route-filter 10.0.0.0/8 exact;
}
then accept;
}
term 2 {
from community [ Customer Transit Peer ];
then next policy;
}
term 3 {
from {
route-filter 192.168.0.0/16 orlonger reject;
}
}
}
community Customer members 65412:300;
community Peer members 65412:200;
community Transit members 65412:100;
as-path c2 ".* 65020";
}
routing-options {
static {
route 192.168.70.0/24 reject;
}
aggregate {
route 10.0.0.0/8;
}
router-id 10.0.9.7;
autonomous-system 65412;
}
}
t1 {
interfaces {
fxp1 {
unit 333 {
vlan-id 333;
family inet {
address 10.0.1.65/30;
}
}
}
fxp2 {
unit 30 {
vlan-id 30;
family inet {
address 172.16.0.14/30;
}
}
}
lo0 {
unit 30 {
family inet {
address 130.130.0.1/32;
}
}
}
}
protocols {
bgp {
group test {
type internal;
neighbor 10.0.1.66 {
export nhs;
}
}
group ext {
type external;
export static;
neighbor 172.16.0.13 {
peer-as 65412;
}
}
}
}
policy-options {
policy-statement null {
then reject;
}
policy-statement nhs {
term 1 {
from protocol [ bgp static ];
then {
next-hop self;
}
}
}
policy-statement static {
term first {
from {
route-filter 130.130.0.1/32 exact;
}
then accept;
}
term 1 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 172.17.0.0/16 reject;
route 0.0.0.0/16 reject;
route 130.130.0.0/16 discard;
route 207.17.136.192/32 next-hop 10.0.1.201;
route 220.0.0.0/28 discard;
route 120.120.6.0/24 {
discard;
community 65050:100;
}
route 128.128.128.0/17 discard;
route 4.0.0.0/28 reject;
route 5.0.0.0/24 reject;
route 6.0.0.0/29 reject;
route 7.0.0.0/26 reject;
route 9.0.0.0/24 reject;
route 10.0.0.0/28 reject;
route 14.0.0.0/28 reject;
route 15.0.0.0/24 reject;
route 16.0.0.0/29 reject;
route 117.0.0.0/26 reject;
route 115.0.0.0/24 reject;
route 126.0.0.0/29 reject;
route 137.0.0.0/26 reject;
route 8.0.0.0/30 reject;
route 134.0.0.0/28 reject;
route 135.0.0.0/24 reject;
route 136.0.0.0/29 reject;
route 104.0.0.0/28 reject;
route 95.0.0.0/24 reject;
route 96.0.0.0/29 reject;
route 79.0.0.0/26 reject;
route 47.0.0.0/28 reject;
route 57.4.5.0/24 reject;
route 166.0.0.0/29 reject;
route 17.0.0.0/26 reject;
route 18.0.0.0/30 reject;
route 19.0.0.0/24 reject;
route 24.0.0.0/28 reject;
route 26.0.0.0/29 reject;
route 27.0.0.0/26 reject;
route 28.0.0.0/30 reject;
route 29.0.0.0/24 reject;
route 56.0.0.0/29 reject;
route 208.0.0.0/30 reject;
route 57.0.0.0/26 reject;
route 211.160.0.0/24 reject;
route 194.2.3.0/28 reject;
route 215.4.3.0/24 reject;
route 116.0.0.0/29 reject;
route 3.0.0.0/8 reject;
route 4.23.180.0/24 reject;
}
autonomous-system 65222;
}
}
t2 {
interfaces {
fxp1 {
unit 50 {
vlan-id 50;
family inet {
address 172.16.0.22/30;
}
}
}
fxp2 {
unit 40 {
vlan-id 40;
family inet {
address 172.16.0.18/30;
}
}
unit 333 {
vlan-id 333;
family inet {
address 10.0.1.66/30;
}
}
}
lo0 {
unit 40 {
family inet {
address 130.130.0.2/32;
}
}
}
}
protocols {
bgp {
group int {
type internal;
export nhs;
neighbor 10.0.1.65;
}
group ext {
type external;
export static;
neighbor 172.16.0.21 {
authentication-key "$9$.P5F6/tREy9A"; ## SECRET-DATA
peer-as 65412;
}
neighbor 172.16.0.17 {
peer-as 65412;
}
}
}
}
policy-options {
policy-statement nhs {
term 1 {
from protocol [ bgp static ];
then {
next-hop self;
}
}
}
policy-statement static {
term 1 {
from {
route-filter 130.130.0.1/32 exact reject;
}
}
term 2 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 220.0.0.0/28 discard;
route 120.120.6.0/24 {
discard;
community 65050:100;
}
route 128.128.128.0/17 discard;
route 130.130.0.0/16 discard;
route 4.0.0.0/28 reject;
route 5.0.0.0/24 reject;
route 6.0.0.0/29 reject;
route 7.0.0.0/26 reject;
route 8.0.0.0/30 reject;
route 9.0.0.0/24 reject;
route 10.0.0.0/28 reject;
route 14.0.0.0/28 reject;
route 15.0.0.0/24 reject;
route 16.0.0.0/29 reject;
route 117.0.0.0/26 reject;
route 115.0.0.0/24 reject;
route 126.0.0.0/29 reject;
route 137.0.0.0/26 reject;
route 134.0.0.0/28 reject;
route 135.0.0.0/24 reject;
route 136.0.0.0/29 reject;
route 104.0.0.0/28 reject;
route 95.0.0.0/24 reject;
route 96.0.0.0/29 reject;
route 79.0.0.0/26 reject;
route 47.0.0.0/28 reject;
route 57.4.5.0/24 reject;
route 166.0.0.0/29 reject;
route 17.0.0.0/26 reject;
route 18.0.0.0/30 reject;
route 19.0.0.0/24 reject;
route 24.0.0.0/28 reject;
route 26.0.0.0/29 reject;
route 27.0.0.0/26 reject;
route 28.0.0.0/30 reject;
route 29.0.0.0/24 reject;
route 56.0.0.0/29 reject;
route 208.0.0.0/30 reject;
route 57.0.0.0/26 reject;
route 211.160.0.0/24 reject;
route 194.2.3.0/28 reject;
route 215.4.3.0/24 reject;
route 116.0.0.0/29 reject;
route 3.0.0.0/8 reject;
}
autonomous-system 65222;
}
}
term;
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
fxp0 {
description "MGMT INTERFACE - DO NOT DELETE";
unit 0 {
description "DON'T DELETE THIS INTERFACE,IT IS OOB MGMT";
family inet {
address 192.168.1.150/24;
address 192.168.0.200/24;
}
}
}
fxp1 {
vlan-tagging;
}
fxp2 {
vlan-tagging;
}
fxp3 {
vlan-tagging;
}
fxp4 {
vlan-tagging;
}
}
No comments:
Post a Comment