Конфигурации устройств
RT.MSK
system {
host-name RT.MSK.M34;
root-authentication {
encrypted-password "$1$qJWadfgn$miUUR35MmW7coGaM.PoV20"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
interface-range to_m9 {
member-range ge-0/0/4 to ge-0/0/5;
gigether-options {
802.3ad ae1;
}
}
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 8.0.0.3/31;
}
}
}
ae0 {
description RT.MSK.M34;
aggregated-ether-options {
lacp {
active;
periodic fast;
}
}
unit 0 {
family inet {
address 10.1.1.0/31;
}
}
}
ae1 {
description RT.MSK.M9;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.1.1.2/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.1.1.200/32;
}
}
}
}
routing-options {
generate {
route 0.0.0.0/0 policy Contributes_For_Gateway;
}
autonomous-system 65001;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
import BGPimport;
group eBGP {
type external;
metric-out igp;
import [ 9000:666-import BGPimport ];
export 9000:666-export;
neighbor 8.0.0.2 {
peer-as 8000;
}
}
group intra-Sub-AS {
type internal;
local-address 10.1.1.200;
import [ 9000:666-import BGPimport ];
export [ next-hop-self Gateway_to_iBGP ];
multipath;
neighbor 10.1.1.201;
neighbor 10.1.1.202;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9000:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement Contributes_For_Gateway {
term 1 {
from {
route-filter 40.0.0.0/8 orlonger;
}
then reject;
}
term 2 {
from {
protocol bgp;
route-type external;
}
then accept;
}
then reject;
}
policy-statement Gateway_to_iBGP {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
policy-statement next-hop-self {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.MSK.M8;
root-authentication {
encrypted-password "$1$nbK7gN3Q$anrxKHm7EMi1CZtK1T5p/0"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
interface-range to_m9 {
member-range ge-0/0/2 to ge-0/0/3;
gigether-options {
802.3ad ae1;
}
}
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 8.0.0.1/31;
}
}
}
ae0 {
description RT.MSK.M34;
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 {
family inet {
address 10.1.1.1/31;
}
}
}
ae1 {
description RT.MSK.M9;
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 {
family inet {
address 10.1.1.4/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.1.1.201/32;
}
}
}
}
routing-options {
generate {
route 0.0.0.0/0 policy Contributes_For_Gateway;
}
autonomous-system 65001;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
import BGPimport;
group eBGP {
type external;
metric-out igp;
import [ 9000:666-import BGPimport ];
export 9000:666-export;
neighbor 8.0.0.0 {
peer-as 8000;
}
}
group intra-Sub-AS {
type internal;
local-address 10.1.1.201;
import [ 9000:666-import BGPimport ];
export [ next-hop-self Gateway_to_iBGP ];
multipath;
neighbor 10.1.1.200;
neighbor 10.1.1.202;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9000:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement Contributes_For_Gateway {
term 1 {
from {
route-filter 40.0.0.0/8 orlonger;
}
then reject;
}
term 2 {
from {
protocol bgp;
route-type external;
}
then reject;
}
}
policy-statement Gateway_to_iBGP {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
policy-statement next-hop-self {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}
system {
host-name RT.MSK.M9;
root-authentication {
encrypted-password "$1$FJtfts6M$BpKv8KKdCG5u1kyhy3t2c/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
interface-range to_m34 {
member-range ge-0/0/4 to ge-0/0/5;
gigether-options {
802.3ad ae0;
}
}
interface-range to_m8 {
member-range ge-0/0/2 to ge-0/0/3;
gigether-options {
802.3ad ae1;
}
}
interface-range to_stl {
member-range ge-0/0/0 to ge-0/0/1;
gigether-options {
802.3ad ae2;
}
}
interface-range to_obv {
member-range ge-0/0/6 to ge-0/0/7;
gigether-options {
802.3ad ae3;
}
}
ae0 {
description RT.MSK.M34;
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 {
family inet {
address 10.1.1.3/31;
}
}
}
ae1 {
description RT.MSK.M8;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.1.1.5/31;
}
}
}
ae2 {
description RT.SPB.STL;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.0/31;
}
}
}
ae3 {
description RT.SPB.OBV;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.2/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.1.1.202/32;
}
}
}
}
routing-options {
autonomous-system 65001;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group intra-Sub-AS {
type internal;
local-address 10.1.1.202;
import 9000:666-import;
multipath;
neighbor 10.1.1.201;
neighbor 10.1.1.200;
}
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65002;
multipath;
neighbor 10.0.0.1;
neighbor 10.0.0.3;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae3.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}RT.SPB
system {
host-name RT.SPB.STL;
root-authentication {
encrypted-password "$1$8G6X1vds$P9xsK7Qc..W9pOWA/2RRr1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 4;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/5 {
gigether-options {
802.3ad ae0;
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.10/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.5/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.1/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.200/32;
}
}
}
}
routing-options {
autonomous-system 65002;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65001;
multipath;
neighbor 10.0.0.0;
}
group rr-client {
type internal;
local-address 10.0.0.200;
import 9000:666-import;
multipath;
neighbor 10.0.0.201;
neighbor 10.0.0.204;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.SPB.OBV;
root-authentication {
encrypted-password "$1$bS51COvq$OQBsqg3hOj8Edx9SeOjON0"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae3;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae3;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/5 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/6 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/7 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/8 {
gigether-options {
802.3ad ae2;
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.4/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.6/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.8/31;
}
}
}
ae3 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.3/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.201/32;
}
}
}
}
routing-options {
autonomous-system 65002;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65001;
multipath;
neighbor 10.0.0.2;
}
group rr-BGP {
type internal;
local-address 10.0.0.201;
import 9000:666-import;
cluster 10.0.0.201;
multipath;
neighbor 10.0.0.203;
neighbor 10.0.0.200;
neighbor 10.0.0.204;
}
group rr-client {
type internal;
local-address 10.0.0.201;
import 9000:666-import;
multipath;
neighbor 10.0.0.202;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae3.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.SPB.MIR;
root-authentication {
encrypted-password "$1$MjqMjRN6$w/hRo5mqGBNHuOCukxOGO0"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 4;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/5 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/6 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/7 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/8 {
unit 0 {
family inet {
address 192.168.88.100/24;
}
}
}
ge-0/0/9 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 10 {
vlan-id 1;
family inet {
address 200.0.0.1/25;
}
}
unit 20 {
vlan-id 2;
family inet {
address 200.0.0.129/25;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.9/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.12/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.0/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.202/32;
}
}
}
}
routing-options {
aggregate {
route 200.0.0.0/24;
}
autonomous-system 65002;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
export aggregate-export;
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65003;
multipath;
neighbor 10.2.2.1;
}
group rr-BGP {
type internal;
local-address 10.0.0.202;
import 9000:666-import;
cluster 10.0.0.202;
multipath;
neighbor 10.0.0.201;
neighbor 10.0.0.204;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
}
area 200.0.0.0 {
interface ge-0/0/9.10 {
passive;
}
}
area 200.0.0.128 {
interface ge-0/0/9.20 {
passive;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
policy-statement aggregate-export {
from {
protocol aggregate;
route-filter 200.0.0.0/24 exact;
}
then accept;
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.SPB.K12;
root-authentication {
encrypted-password "$1$pgjyDau2$33uf4KZUU6I4FP9QYBbab."; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 3;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 9.1.1.1/31;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 9.2.2.3/31;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.11/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.14/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.203/32;
}
}
}
}
routing-options {
generate {
route 0.0.0.0/0 policy Contributes_For_Gateway;
}
autonomous-system 65002;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
import BGPimport;
group eBGP {
type external;
import [ 9000:666-import BGPimport ];
export 9000:666-export;
neighbor 9.2.2.2 {
peer-as 9002;
}
neighbor 9.1.1.0 {
peer-as 9001;
}
}
group rr-client {
type internal;
local-address 10.0.0.203;
import 9000:666-import;
export [ next-hop-self Gateway_to_iBGP ];
multipath;
neighbor 10.0.0.201;
neighbor 10.0.0.204;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9000:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement Contributes_For_Gateway {
term 1 {
from {
route-filter 40.0.0.0/8 orlonger;
}
then reject;
}
term 2 {
from {
protocol bgp;
route-type external;
}
then accept;
}
then reject;
}
policy-statement Gateway_to_iBGP {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
policy-statement next-hop-self {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.SPB.LNX;
root-authentication {
encrypted-password "$1$.0l/0YqG$0TvcL6l0O5aRhvlalmC.t."; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 5;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae3;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae3;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/5 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/6 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/7 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/8 {
gigether-options {
802.3ad ae1;
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.15/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.2/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.13/31;
}
}
}
ae3 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.0.7/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.204/32;
}
}
}
}
routing-options {
autonomous-system 65002;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65003;
multipath;
neighbor 10.2.2.3;
}
group rr-client {
type internal;
local-address 10.0.0.204;
import 9000:666-import;
multipath;
neighbor 10.0.0.202;
}
group rr-BGP {
type internal;
local-address 10.0.0.204;
import 9000:666-import;
cluster 10.0.0.201;
multipath;
neighbor 10.0.0.201;
neighbor 10.0.0.203;
neighbor 10.0.0.200;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae3.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}RT.[IKT/EKB/VVK]
system {
host-name RT.IKT.MRK;
root-authentication {
encrypted-password "$1$jKIWptB2$p8Yi.awlie5ciBwPTq6KN1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 4;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae2;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae1;
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.3/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.6/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.4/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.2.2.200/32;
}
}
}
}
routing-options {
autonomous-system 65003;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group intra-Sub-AS {
type internal;
local-address 10.2.2.200;
import 9000:666-import;
multipath;
neighbor 10.2.2.201;
neighbor 10.2.2.202;
}
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65002;
multipath;
neighbor 10.2.2.2;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.EKB.LEN;
root-authentication {
encrypted-password "$1$l1YIZcR/$UkzBKTYRUz7bhSzZ3QtrG."; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 4;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae2;
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.1/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.5/31;
}
}
}
ae2 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.9/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.2.2.201/32;
}
}
}
}
routing-options {
autonomous-system 65003;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
group intra-Sub-AS {
type internal;
local-address 10.2.2.201;
import 9000:666-import;
multipath;
neighbor 10.2.2.200;
neighbor 10.2.2.202;
}
group inter-Sub-AS {
type external;
import 9000:666-import;
peer-as 65002;
multipath;
neighbor 10.2.2.0;
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
}
}
}
policy-options {
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
}system {
host-name RT.VVK.NOV;
root-authentication {
encrypted-password "$1$vu439Pis$lEdgCwT5Xcj7ATQMxcs5m/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 3;
}
}
}
interfaces {
inactive: ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.1/24;
address 9.1.1.3/31;
}
}
}
inactive: ge-0/0/1 {
unit 0 {
family inet {
address 9.2.2.1/31;
}
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/9 {
unit 0 {
family inet {
filter {
input to-101.0.0.0;
}
address 50.0.0.0/31;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.7/31;
}
}
}
ae1 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.2.8/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.2.2.202/32;
}
}
}
}
routing-options {
interface-routes {
rib-group inet ip-transit-group;
}
generate {
route 0.0.0.0/0 policy Contributes_For_Gateway;
}
rib-groups {
ip-transit-group {
import-rib [ inet.0 101.0.0.0-reroute.inet.0 ];
}
}
autonomous-system 65003;
confederation 9000 members [ 65001 65002 65003 ];
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
import BGPimport;
group eBGP {
type external;
import [ 9000:666-import BGPimport Attr-BGP ];
export 9000:666-export;
neighbor 9.2.2.0 {
peer-as 9002;
}
neighbor 9.1.1.2 {
peer-as 9001;
}
}
group intra-Sub-AS {
type internal;
local-address 10.2.2.202;
import 9000:666-import;
export [ next-hop-self Gateway_to_iBGP ];
multipath;
neighbor 10.2.2.200;
neighbor 10.2.2.201;
}
group ip-transit {
type external;
import [ 9000:666-import BGPimport ];
export BGPclient-export;
neighbor 50.0.0.1 {
peer-as 500;
}
}
}
ospf {
reference-bandwidth 1g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface ae1.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
interface lo0.0 {
passive;
}
interface ae2.0 {
interface-type p2p;
hello-interval 2;
dead-interval 10;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9000:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement Attr-BGP {
term localpref {
from {
next-hop 9.2.2.0;
route-filter 102.0.0.0/24 exact;
}
then {
local-preference 200;
accept;
}
}
}
policy-statement BGPclient-export {
term export-default {
from {
route-filter 0.0.0.0/0 exact;
condition if-101.0.0.0-exists;
}
then accept;
}
term reject-other {
then reject;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement Contributes_For_Gateway {
term 1 {
from {
route-filter 40.0.0.0/8 orlonger;
}
then reject;
}
term 2 {
from {
protocol bgp;
route-type external;
}
then accept;
}
then reject;
}
policy-statement Gateway_to_iBGP {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
policy-statement LoadBalancing {
from protocol [ bgp ospf ];
then {
load-balance per-packet;
}
}
policy-statement next-hop-self {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
community Blackhole members 9000:666;
community Blackhole-Uplinks members [ 9001:666 9002:666 8000:666 8001:666 ];
condition if-101.0.0.0-exists {
if-route-exists {
101.0.0.0/24;
table inet.0;
}
}
}
firewall {
filter to-101.0.0.0 {
term 1 {
from {
source-address {
40.0.0.0/24;
}
destination-address {
101.0.0.0/24;
}
}
then {
routing-instance 101.0.0.0-reroute;
}
}
term default {
then accept;
}
}
}
routing-instances {
101.0.0.0-reroute {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 9.2.2.0;
}
}
}
}Uplinks and Client
system {
host-name AS8000;
root-authentication {
encrypted-password "$1$tUg9Q5YH$W.lEdnFPxGPNDmiqnFFet0"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 8.0.0.2/31;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 8.1.1.1/31;
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 8.0.0.0/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 100.0.0.1/32;
}
}
}
}
routing-options {
static {
route 100.0.0.0/24 discard;
route 100.0.1.0/25 discard;
route 8.0.0.0/16 discard;
}
autonomous-system 8000;
forwarding-table {
export LoadBalancing;
}
}
protocols {
bgp {
import [ 8000:666-import BGPimport ];
export [ exportBGP 8000:666-export ];
group eBGP {
type external;
multipath;
neighbor 8.0.0.3 {
peer-as 9000;
}
neighbor 8.0.0.1 {
peer-as 9000;
}
neighbor 8.1.1.0 {
peer-as 8001;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 8000:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 8000:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement LoadBalancing {
from {
route-filter 40.0.0.0/24 exact;
}
then {
load-balance per-packet;
}
}
policy-statement exportBGP {
from {
protocol static;
route-filter 100.0.0.0/8 upto /25;
route-filter 8.0.0.0/16 exact;
}
then accept;
}
community Blackhole members 8000:666;
community Blackhole-Uplinks members [ 9000:666 9002:666 8001:666 9001:666 ];
}system {
host-name AS8001;
root-authentication {
encrypted-password "$1$ncSO8mXX$cn24/6plpiMBcduowTmL.1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/2 {
unit 0 {
family inet {
address 8.1.1.0/31;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 8.1.1.2/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 101.0.0.1/32;
}
}
}
}
routing-options {
static {
route 101.0.0.0/24 discard;
route 8.1.0.0/16 discard;
}
autonomous-system 8001;
}
protocols {
bgp {
import [ 8001:666-import BGPimport ];
export [ exportBGP 8001:666-export ];
group eBGP {
type external;
neighbor 8.1.1.1 {
peer-as 8000;
}
neighbor 8.1.1.3 {
peer-as 9001;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 8001:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 8001:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement exportBGP {
from {
protocol static;
route-filter 8.1.0.0/16 exact;
route-filter 101.0.0.0/8 upto /24;
}
then {
origin incomplete;
accept;
}
}
community Blackhole members 8001:666;
community Blackhole-Uplinks members [ 9000:666 9002:666 8000:666 9001:666 ];
}system {
host-name AS9001;
root-authentication {
encrypted-password "$1$MOsRKjEj$U5BJxGpiTEpPbxipCKXE4/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 9.1.1.2/31;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 9.2.2.5/31;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 9.2.2.7/31;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 8.1.1.3/31;
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 9.1.1.0/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 102.0.0.1/32;
}
}
}
}
routing-options {
static {
route 102.0.0.0/24 discard;
route 9.1.0.0/16 discard;
}
autonomous-system 9001;
}
protocols {
bgp {
import [ 9001:666-import BGPimport ];
export [ exportBGP 9001:666-export ];
group eBGP {
type external;
neighbor 8.1.1.2 {
peer-as 8001;
}
neighbor 9.1.1.1 {
peer-as 9000;
}
neighbor 9.1.1.3 {
peer-as 9000;
}
neighbor 9.2.2.4 {
peer-as 9002;
}
neighbor 9.2.2.6 {
peer-as 9002;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9001:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9001:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement exportBGP {
from {
protocol static;
route-filter 102.0.0.0/8 upto /24;
route-filter 9.1.0.0/16 exact;
}
then accept;
}
community Blackhole members 9001:666;
community Blackhole-Uplinks members [ 9000:666 9002:666 8000:666 8001:666 ];
}system {
host-name AS9002-1;
root-authentication {
encrypted-password "$1$FEI2W1Qz$5LF4sJOUA5B8H38pTIt9i/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.0/31;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 9.2.2.4/31;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 9.2.2.2/31;
}
}
}
}
routing-options {
static {
route 9.2.0.0/16 discard;
}
autonomous-system 9002;
}
protocols {
bgp {
import [ 9002:666-import BGPimport ];
export [ exportBGP 9002:666-export ];
group eBGP {
type external;
neighbor 9.2.2.5 {
peer-as 9001;
}
neighbor 9.2.2.3 {
peer-as 9000;
}
}
group iBGP {
type internal;
neighbor 192.168.0.1;
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9002:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9002:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement exportBGP {
from {
protocol static;
route-filter 9.2.0.0/16 exact;
}
then accept;
}
community Blackhole members 9002:666;
community Blackhole-Uplinks members [ 9002:666 8000:666 8001:666 9001:666 ];
}
system {
host-name AS9002-2;
root-authentication {
encrypted-password "$1$bvln5wmj$V41CjbvAFHVV2ML7ZXwbE0"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.1/31;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 9.2.2.0/31;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 9.2.2.6/31;
}
}
}
}
routing-options {
static {
route 9.2.0.0/16 discard;
}
autonomous-system 9002;
}
protocols {
bgp {
import [ 9002:666-import BGPimport ];
export [ exportBGP 9002:666-export ];
group eBGP {
type external;
neighbor 9.2.2.7 {
peer-as 9001;
}
neighbor 9.2.2.1 {
peer-as 9000;
}
}
group iBGP {
type internal;
import [ 9002:666-import BGPimport ];
neighbor 192.168.0.0;
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement 9002:666-export {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community add Blackhole-Uplinks;
accept;
}
}
policy-statement 9002:666-import {
from {
community Blackhole;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop discard;
accept;
}
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement exportBGP {
from {
protocol static;
route-filter 9.2.0.0/16 exact;
}
then accept;
}
community Blackhole members 9002:666;
community Blackhole-Uplinks members [ 9002:666 8000:666 8001:666 9001:666 ];
}system {
host-name BGP-Client;
root-authentication {
encrypted-password "$1$.BIGm42G$m24NadW953bB1hHp.fMo1."; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 50.0.0.1/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 40.0.0.1/32;
}
}
}
}
routing-options {
static {
route 40.0.0.0/24 discard;
route 40.0.0.2/32 {
discard;
tag 666;
}
}
autonomous-system 500;
}
protocols {
bgp {
group ISP {
type external;
advertise-inactive;
import BGPimport;
export [ BGPexport Blackhole ];
neighbor 50.0.0.0 {
peer-as 9000;
}
}
}
}
policy-options {
prefix-list private {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement BGPexport {
from {
protocol static;
route-filter 40.0.0.0/24 exact;
}
then accept;
}
policy-statement BGPimport {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
prefix-list-filter private orlonger;
}
then reject;
}
policy-statement Blackhole {
from {
protocol static;
tag 666;
}
then {
community set Blackhole;
accept;
}
}
community Blackhole members 9000:666;
}Last updated