JUNOSインターネットソフトウェアとIOSのコンフィグレーション変換

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2000 or 888 JUNIPER www.juniper.net

show Test Network Topology UNIX.2 192.168.1/24 172.16.2/24.1 Lunkan M10.1 Lo0 1.1.1.2/32 Null0 111.111/16 Null0 222.222/16 Lo1 100.100.1.1/32 Lo2 100.100.2.1/32 Lo0 100.200.1.1/32 Lo0 100.200.2.1/32 Access Lo0 1.1.1.7/32 1.1.1.244/30 1.1.1.248/30 Lo0 1.1.1.1/32 Ida.3 M20 Lo0 1.1.1.3/32 Cisco_pop.5 Lo0 1.1.1.5/32 Cisco_core_rr Lena.2.2.22 M40 Lo0 1.1.1.2/32 1.1.0.0/24 194.68.128/24 Cisco_border.4.3.3 3 Lo0 1.1.1.4/32 Pagent Dummy Null0 2.2/16 Plus Route Generation Null0 3.3/16 Plus Martians Null0 192.168.2/24.6 Lo0 1.1.1.6/32 6 Copyright 2001, Juniper Networks, Inc.

図 4: Connected Access and POP Route Reflector Routers UNIX Lunkan AS 1111 M10 Lena Pagent Access M20 M40 AS 2222 Ida Cisco_pop Cisco_border Dummy AS 3333 Cisco_core_rr Copyright 2001, Juniper Networks, Inc. 9

router isis redistribute isis ip level-2 into level-1 distribute-list 100 /* Leak policy from L2 db -> L1 db */ passive-interface Loopback0 net 47.0001.0010.0100.1005.00 metric-style wide/* TLV 135 used for extended metrics, no TLV 128 */ max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.5 bgp log-neighbor-changes timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor pop peer-group neighbor pop remote-as 1111 neighbor pop update-source Loopback0 neighbor pop_rr peer-group neighbor pop_rr remote-as 1111 neighbor pop_rr update-source Loopback0 neighbor pop_rr route-reflector-client neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 1.1.1.7 peer-group pop_rr no auto-summary access-list 1 permit 1.1.1.0 0.0.0.255 Copyright 2001, Juniper Networks, Inc. 13

routing-options { router-id 1.1.1.3; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state detail; log-updown; group internal { type internal; local-address 1.1.1.3; neighbor 1.1.1.1; neighbor 1.1.1.6; group pop_rr { type internal; local-address 1.1.1.3; cluster 1.1.1.5; neighbor 1.1.1.7; group pop { type internal; local-address 1.1.1.3; neighbor 1.1.1.4; isis { traceoptions { file isis; flag state detail; export isis_leak;/* Leak policy */ lsp-lifetime 65535; /* Default 1200 seconds */ level 2 wide-metrics-only; /* TLV 135 used for extended metrics, default both TLV 128/135 used */ interface fxp0.0 { level 1 disable;/* Level 2 only to Core */ interface fxp1.0 { level 2 disable;/* Level 1 only to access stub area */ 14 Copyright 2001, Juniper Networks, Inc.

policy-options { policy-statement isis_leak { term one { from { protocol isis; level 2; route-filter 1.1.1.0/24 longer; /* Prefix where next hop for BGP are within lo0 */ to { protocol isis; /*To L1 area */ level 1; lunkan@ida> show isis adjacency IS-IS adjacency database: Interface System L State Hold (secs) SNPA fxp0.0 cisco_pop 2 Up 23 0:0:c:34:74:5b fxp0.0 cisco_border 2 Up 28 0:60:9:c4:23:18 fxp0.0 cisco_core_rr 2 Up 28 0:d0:ba:58:7e:4b fxp0.0 lena 2 Up 26 0:2:b3:22:38:63 fxp0.0 lunkan 2 Up 8 0:2:b3:22:38:61 fxp1.0 cisco_access 1 Up 7 0:d0:ba:58:81:dd lunkan@ida> show isis database detail IS-IS level 1 link-state database: ida.00-00 Sequence: 0x1d, Checksum: 0x9774, Lifetime: 64666 secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: 1.1.1.248/30 Metric: 20 Internal IP prefix: 1.1.1.6/32 Metric: 10 Internal IP prefix: 1.1.1.5/32 Metric: 10 Internal IP prefix: 1.1.1.1/32 Metric: 10 Internal IP prefix: 1.1.1.4/32 Metric: 10 Internal IP prefix: 1.1.1.2/32 Metric: 10 Internal IP prefix: 1.1.1.3/32 Metric: 0 Internal IP prefix: 1.1.1.244/30 Metric: 10 Internal cisco_access.00-00 Sequence: 0x3, Checksum: 0xd715, Lifetime: 64140 secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: 1.1.1.7/32 Metric: 0 Internal IP prefix: 1.1.1.244/30 Metric: 10 Internal cisco_access.01-00 Sequence: 0x3, Checksum: 0x4b86, Lifetime: 64175 secs IS neighbor: ida.00 Metric: 0 IS neighbor: cisco_access.00 Metric: 0 IS-IS level 2 link-state database: lunkan.00-00 Sequence: 0x16, Checksum: 0x3c69, Lifetime: 62850 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 1.1.0.0/24 Metric: 10 Internal Copyright 2001, Juniper Networks, Inc. 15

IP prefix: 1.1.1.1/32 Metric: 0 Internal lunkan.02-00 Sequence: 0x6, Checksum: 0x920c, Lifetime: 62850 secs IS neighbor: cisco_pop.00 Metric: 0 IS neighbor: cisco_core_rr.00 Metric: 0 IS neighbor: cisco_border.00 Metric: 0 IS neighbor: ida.00 Metric: 0 IS neighbor: lena.00 Metric: 0 IS neighbor: lunkan.00 Metric: 0 lena.00-00 Sequence: 0x13, Checksum: 0x815c, Lifetime: 62974 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 1.1.0.0/24 Metric: 10 Internal IP prefix: 194.68.128.0/24 Metric: 10 Internal IP prefix: 1.1.1.2/32 Metric: 0 Internal ida.00-00 Sequence: 0x21, Checksum: 0x6128, Lifetime: 64666 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 1.1.1.7/32 Metric: 10 Internal IP prefix: 1.1.0.0/24 Metric: 10 Internal IP prefix: 1.1.1.244/30 Metric: 10 Internal IP prefix: 1.1.1.3/32 Metric: 0 Internal cisco_border.00-00 Sequence: 0xb, Checksum: 0x71c8, Lifetime: 62842 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 194.68.128.0/24 Metric: 0 Internal IP prefix: 1.1.1.4/32 Metric: 0 Internal IP prefix: 1.1.0.0/24 Metric: 10 Internal cisco_pop.00-00 Sequence: 0xd, Checksum: 0x20c2, Lifetime: 64009 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 1.1.1.248/30 Metric: 10 Internal IP prefix: 1.1.1.5/32 Metric: 0 Internal IP prefix: 1.1.0.0/24 Metric: 10 Internal cisco_core_rr.00-00 Sequence: 0xc, Checksum: 0xb9b1, Lifetime: 62842 secs IS neighbor: lunkan.02 Metric: 10 IP prefix: 1.1.1.6/32 Metric: 0 Internal IP prefix: 1.1.0.0/24 Metric: 10 Internal cisco_access.00-00 Sequence: 0x7, Checksum: 0x7373, Lifetime: 64086 secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: 1.1.1.244/30 Metric: 10 Internal IP prefix: 1.1.1.7/32 Metric: 0 Internal cisco_access.01-00 Sequence: 0x1, Checksum: 0x69f0, Lifetime: 59794 secs IS neighbor: ida.00 Metric: 0 IS neighbor: cisco_access.00 Metric: 0 lunkan@ida> show route inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.0.0/24 *[Direct/0] 01:41:20 > via fxp0.0 1.1.0.3/32 *[Local/0] 01:41:55 Local 1.1.1.1/32 *[IS-IS/18] 00:48:26, metric 10, tag 2 > to 1.1.0.1 via fxp0.0 1.1.1.2/32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to 1.1.0.2 via fxp0.0 1.1.1.3/32 *[Direct/0] 01:41:55 > via lo0.0 1.1.1.4/32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to 1.1.0.4 via fxp0.0 16 Copyright 2001, Juniper Networks, Inc.

1.1.1.5/32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to 1.1.0.5 via fxp0.0 1.1.1.6/32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to 1.1.0.6 via fxp0.0 1.1.1.7/32 *[IS-IS/15] 00:26:14, metric 10, tag 1 > to 1.1.1.246 via fxp1.0 1.1.1.244/30 *[Direct/0] 01:41:55 > via fxp1.0 1.1.1.245/32 *[Local/0] 01:41:55 Local 1.1.1.248/30 *[IS-IS/18] 00:27:52, metric 20, tag 2 > to 1.1.0.5 via fxp0.0 2.2.0.0/16 *[BGP/170] 00:18:56, MED 0, localpref 100, from 1.1.1.1 AS path: 2222 I > to 1.1.0.2 via fxp0.0 [BGP/170] 00:18:56, MED 0, localpref 100, from 1.1.1.6 AS path: 2222 I > to 1.1.0.2 via fxp0.0 3.3.0.0/16 *[BGP/170] 00:48:09, MED 1, localpref 100, from 1.1.1.1 AS path: 3333 I > to 1.1.0.2 via fxp0.0 [BGP/170] 00:47:33, MED 1, localpref 100, from 1.1.1.6 AS path: 3333 I > to 1.1.0.2 via fxp0.0 10.0.0.0/8 *[BGP/170] 00:48:09, MED 1, localpref 100, from 1.1.1.1 AS path: 3333? > to 1.1.0.2 via fxp0.0 [BGP/170] 00:47:33, MED 1, localpref 100, from 1.1.1.6 AS path: 3333? > to 1.1.0.2 via fxp0.0 100.100.1.1/32 *[BGP/170] 00:22:11, MED 0, localpref 100, from 1.1.1.7 AS path:? > to 1.1.1.246 via fxp1.0 100.100.2.1/32 *[BGP/170] 00:22:11, MED 0, localpref 100, from 1.1.1.7 AS path:? > to 1.1.1.246 via fxp1.0 192.168.1.0/24 *[BGP/170] 00:48:20, localpref 100, from 1.1.1.1 AS path: I > to 1.1.0.1 via fxp0.0 [BGP/170] 00:48:26, localpref 100, from 1.1.1.6 AS path: I > to 1.1.0.1 via fxp0.0 194.68.128.0/24 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to 1.1.0.4 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 47.0001.0010.0100.1003.00/80 *[Direct/0] 01:41:55 > via lo0.0 Copyright 2001, Juniper Networks, Inc. 17

router isis passive-interface Loopback0 net 47.0001.0010.0100.1007.00 is-type level-1/* Pure L1 ISIS adjacency allowed */ metric-style wide/* TLV 135 used for extended metrics, no TLV 128 */ max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.7 bgp log-neighbor-changes timers bgp 30 90 redistribute connected route-map access neighbor access peer-group neighbor access remote-as 1111 neighbor access update-source Loopback0 neighbor 1.1.1.3 peer-group access neighbor 1.1.1.5 peer-group access no auto-summary access-list 1 permit 100.100.1.1 access-list 1 permit 100.100.2.1 route-map access permit 10 match ip address 1 cisco_access#sh clns nei det System Id Interface SNPA State Holdtime Type Protocol ida Et0 0002.b322.39c8 Up 25 L1 IS-IS Area Address(es): 47.0001 IP Address(es): 1.1.1.245* Uptime: 00:10:50 cisco_access# 18 Copyright 2001, Juniper Networks, Inc.

cisco_access#sh isis dat det IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL ida.00-00 0x0000001D 0x9774 65332 0/0/0 Area Address: 47.0001 NLPID: 0xCC Router ID: 1.1.1.3 IP Address: 1.1.1.3 Hostname: ida Metric: 10 IS cisco_access.01 Metric: 10 IS-Extended cisco_access.01 Metric: 10 IP 1.1.1.244 255.255.255.252 Metric: 0 IP 1.1.1.3 255.255.255.255 Metric: 74 IP 1.1.1.2 255.255.255.255 Metric: 74 IP 1.1.1.4 255.255.255.255 Metric: 74 IP 1.1.1.1 255.255.255.255 Metric: 74 IP 1.1.1.5 255.255.255.255 Metric: 74 IP 1.1.1.6 255.255.255.255 Metric: 84 IP 1.1.1.248 255.255.255.252 Metric: 10 IP 1.1.1.244/30 Metric: 0 IP 1.1.1.3/32 Metric: 10 IP-Interarea 1.1.1.2/32 Metric: 10 IP-Interarea 1.1.1.4/32 Metric: 10 IP-Interarea 1.1.1.1/32 Metric: 10 IP-Interarea 1.1.1.5/32 Metric: 10 IP-Interarea 1.1.1.6/32 Metric: 20 IP-Interarea 1.1.1.248/30 cisco_access.00-00 * 0x00000003 0xD715 64805 0/0/0 Area Address: 47.0001 NLPID: 0xCC Hostname: cisco_access IP Address: 1.1.1.7 Metric: 10 IP 1.1.1.244/30 Metric: 0 IP 1.1.1.7/32 Metric: 10 IS-Extended cisco_access.01 cisco_access.01-00 * 0x00000003 0x4B86 64839 0/0/0 Metric: 0 IS-Extended cisco_access.00 Metric: 0 IS-Extended ida.00 cisco_access# Copyright 2001, Juniper Networks, Inc. 19

cisco_access#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/8 is variably subnetted, 9 subnets, 2 masks i ia 1.1.1.1/32 [115/20] via 1.1.1.245, Ethernet0 i L1 1.1.1.3/32 [115/10] via 1.1.1.245, Ethernet0 i ia 1.1.1.2/32 [115/20] via 1.1.1.245, Ethernet0 i ia 1.1.1.5/32 [115/20] via 1.1.1.245, Ethernet0 i ia 1.1.1.4/32 [115/20] via 1.1.1.245, Ethernet0 C 1.1.1.7/32 is directly connected, Loopback0 i ia 1.1.1.6/32 [115/20] via 1.1.1.245, Ethernet0 C 1.1.1.244/30 is directly connected, Ethernet0 i ia 1.1.1.248/30 [115/30] via 1.1.1.245, Ethernet0 2.0.0.0/16 is subnetted, 1 subnets B 2.2.0.0 [200/0] via 1.1.1.2, 00:05:32 100.0.0.0/32 is subnetted, 2 subnets C 100.100.1.1 is directly connected, Loopback1 C 100.100.2.1 is directly connected, Loopback2 3.0.0.0/16 is subnetted, 1 subnets B 3.3.0.0 [200/1] via 1.1.1.2, 00:08:49 B 10.0.0.0/8 [200/1] via 1.1.1.2, 00:08:49 B 192.168.1.0/24 [200/0] via 1.1.1.1, 00:08:49 cisco_access# 20 Copyright 2001, Juniper Networks, Inc.

cisco_access#sh ip bgp BGP table version is 14, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * i2.2.0.0/16 1.1.1.2 0 101 0 2222 i *>i 1.1.1.2 0 101 0 2222 i * i3.3.0.0/16 1.1.1.2 1 100 0 3333 i *>i 1.1.1.2 1 100 0 3333 i * i100.100.0.0/16 1.1.1.4 100 0 i *>i 1.1.1.4 100 0 i *> 100.100.1.1/32 0.0.0.0 0 32768? *> 100.100.2.1/32 0.0.0.0 0 32768? * i100.200.0.0/16 1.1.1.4 100 0 i *>i 1.1.1.4 100 0 i *> 100.200.1.1/32 0.0.0.0 0 32768? *> 100.200.2.1/32 0.0.0.0 0 32768? *> 111.111.0.0/16 0.0.0.0 0 32768? * i192.168.1.0 1.1.1.1 100 0 i *>i 1.1.1.1 100 0 i * i192.168.2.0 1.1.1.6 0 100 0 i *>i 1.1.1.6 0 100 0 i *> 222.222.0.0/16 0.0.0.0 0 32768? cisco_access# Copyright 2001, Juniper Networks, Inc. 21

Multihomed Autonomous System AS 65000 10/8 172.16/12 border_1 192.168/16 AS 64512 192.168/16 10/8 172.16/12 border_2 192.168/16 AS 64513 192.168/16 Prevention of Internal Announcements with External Link Failures AS 65000 border_1 AS 64512 192.168/16 border_2 AS 64513 10/8 172.16/12 192.168/16 192.168/16 22 Copyright 2001, Juniper Networks, Inc.

Prevention of External Announcements with External Link Failures AS 65000 border_1 AS 64512 192.168/16 border_2 AS 64513 10/8 172.16/12 192.168/16 192.168/16 router bgp 1111 no synchronization aggregate-address 100.100.0.0 255.255.0.0 summary-only # Aggregation of 100.100/16 and suppress of routes within prefix with longer mask timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.33 remote-as 3333 no auto-summary Copyright 2001, Juniper Networks, Inc. 23

cisco_border#sh ip bgp nei 194.68.128.33 adv BGP table version is 157, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.0.0/16 194.68.128.22 0 0 2222 i *> 100.100.0.0/16 0.0.0.0 32768 i *>i192.168.1.0 1.1.1.1 100 0 i cisco_border# atomic-aggregate Origin igp cisco_border#sh ip bgp 100.100.0.0 BGP routing table entry for 100.100.0.0/16, version 153 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to peer-groups: internal Advertised to non peer-group peers: 194.68.128.33 Local, (aggregated by 1111 1.1.1.4) 0.0.0.0 from 0.0.0.0 (1.1.1.4) Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best cisco_border# cisco_border#sh ip bgp BGP table version is 157, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * i2.2.0.0/16 1.1.1.2 0 100 0 2222 i * i 1.1.1.2 0 100 0 2222 i *> 194.68.128.22 0 0 2222 i * 194.68.128.22 1 0 3333 2222 i * i3.3.0.0/16 1.1.1.2 1 100 0 3333 i * i 1.1.1.2 1 100 0 3333 i * 194.68.128.33 0 2222 3333 i *> 194.68.128.33 1 0 3333 i * i10.0.0.0 1.1.1.2 1 100 0 3333? * i 1.1.1.2 1 100 0 3333? * 194.68.128.33 0 2222 3333? *> 194.68.128.33 1 0 3333? *> 100.100.0.0/16 0.0.0.0 32768 i s i100.100.1.1/32 1.1.1.7 0 100 0? s>i 1.1.1.7 0 100 0? s i100.100.2.1/32 1.1.1.7 0 100 0? s>i 1.1.1.7 0 100 0? *>i192.168.1.0 1.1.1.1 100 0 i Network Next Hop Metric LocPrf Weight Path * i 1.1.1.1 100 0 i cisco_border# 24 Copyright 2001, Juniper Networks, Inc.

routing-options { aggregate { route 100.100.0.0/16;/* Aggregation of 100.100/16 if more specific exist in route-table */ router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { path-selection always-compare-med; traceoptions { file bgp; flag state; log-updown; group external { type external; local-address 194.68.128.2; export ebgp; peer-as 2222; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1; neighbor 1.1.1.6; policy-statement ebgp { term one { from { protocol aggregate; route-filter 100.100.0.0/16 exact; /* Aggregated route */ then accept; term two { from { route-filter 100.100.0.0/16 longer; /* Deny routes (suppress) with longer mask than /16 for prefix 100.100/16 */ then reject; Copyright 2001, Juniper Networks, Inc. 25

Originator lunkan@lena# run show route advertising-protocol bgp 194.68.128.33 detail inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 100.100.0.0/16 (3 entries, 1 announced) BGP 194.68.128.33 (External AS 3333) Nexthop: Self AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 [edit] lunkan@lena# lunkan@lena> show route 100.100/16 detail all inet.0: 24 destinations, 24 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 100.100.0.0/16 (2 entries, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 5d 0:42:08 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 Flags: Depth: 0 Active AS path list: AS path:? <Originator> Cluster list: 1.1.1.1.1.1.1.3 Originator ID: 1.1.1.7 Refcount: 2 Contributing Routes (2): 100.100.1.1/32 proto BGP 100.100.2.1/32 proto BGP BGP Preference: 170/-101/* This route is from IOS border router and is ignored */ Source: 1.1.1.1 Nexthop: 2.2.2.20 via fxp0.0, selected State: <Int Ext> Inactive reason: Route Preference Local AS: 1111 Peer AS: 1111 Age: 46:30 Metric2: 10 Task: BGP_1111.1.1.1.1+3777 AS path: I <Atomic Originator> Aggregator: 1111 1.1.1.4 Cluster list: 1.1.1.1 Originator ID: 1.1.1.4/* IOS default change originate-id to itself */ BGP next hop: 1.1.1.4 Localpref: 100 Router ID: 1.1.1.1 26 Copyright 2001, Juniper Networks, Inc.

100.100.1.1/32 (1 entry, 1 announced)/* This is the contributing route from IOS access router */ *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 2.2.2.17 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> /* Note IOS add Origin incomplete default for provision of routes*/ Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 Communities: 1111:1 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 100.100.2.1/32 (1 entry, 1 announced)/* This is the contributing route from IOS access router */ *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 2.2.2.17 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> /* Note IOS add Origin incomplete default for provision of routes*/ Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 Communities: 1111:2 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 lunkan@lena> dummy#sh ip bgp BGP table version is 78, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 3.3.0.0/16 0.0.0.0 0 32768 i *> 10.0.0.0 0.0.0.0 0 32768 i *> 33.33.0.0/16 0.0.0.0 0 32768 i * 100.100.0.0/16 194.68.128.2 0 1111? /*JUNOS*/ *> 194.68.128.3 0 1111 I /*IOS*/ * 100.200.0.0/16 194.68.128.2 0 1111? *> 194.68.128.3 0 1111 i *> 111.111.0.0/16 194.68.128.2 0 1111? * 194.68.128.3 0 1111? *> 222.222.0.0/16 194.68.128.2 0 1111? * 194.68.128.3 0 1111? dummy# Copyright 2001, Juniper Networks, Inc. 27

Originate Origin MED as-path Origin igp dummy#sh ip bgp 100.100.0.0 BGP routing table entry for 100.100.0.0/16, version 77 Paths: (2 available, best #2, table Default-IP-Routing-Table) Flag: 0x208 Advertised to peer-groups: external 1111 194.68.128.2 from 194.68.128.2 (1.1.1.2)/* JUNOS router */ Origin incomplete, localpref 100, valid, external 1111, (aggregated by 1111 1.1.1.4)/* IOS router */ 194.68.128.3 from 194.68.128.3 (1.1.1.4) Origin IGP, localpref 100, valid, external, atomic-aggregate, best routing-options aggregate atomic-aggregate aggregate [edit routing-options] lunkan@lena# show aggregate { route 100.100.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; Origin igp atomic-aggregate aggregator AS router-id lunkan@lena# run show route 100.100/16 detail all inet.0: 24 destinations, 24 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 100.100.0.0/16 (2 entries, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 5d 1:28:22 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any AS path: I <Atomic> Aggregator: 1111 1.1.1.2 Flags: Depth: 0 Active Contributing Routes (2): 100.100.1.1/32 proto BGP 100.100.2.1/32 proto BGP 28 Copyright 2001, Juniper Networks, Inc.

BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 2.2.2.20 via fxp0.0, selected State: <Int Ext> Inactive reason: Route Preference Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric2: 10 Task: BGP_1111.1.1.1.1+179 AS path: I <Atomic Originator> Aggregator: 1111 1.1.1.4 Cluster list: 1.1.1.1 Originator ID: 1.1.1.4 BGP next hop: 1.1.1.4 Localpref: 100 Router ID: 1.1.1.1 100.100.1.1/32 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 2.2.2.17 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 Communities: 1111:1 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 100.100.2.1/32 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 2.2.2.17 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.3 Originator ID: 1.1.1.7 Communities: 1111:2 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 [edit routing-options] lunkan@lena# Copyright 2001, Juniper Networks, Inc. 29

dummy#sh ip bgp BGP table version is 8, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 3.3.0.0/16 0.0.0.0 0 32768 i *> 10.0.0.0 0.0.0.0 0 32768 i *> 33.33.0.0/16 0.0.0.0 0 32768 i *> 100.100.0.0/16 194.68.128.2 0 1111 I/* JUNOS */ * 194.68.128.3 0 1111 I/* IOS */ *> 100.200.0.0/16 194.68.128.2 0 1111 i * 194.68.128.3 0 1111 i *> 111.111.0.0/16 194.68.128.2 0 1111? * 194.68.128.3 0 1111? *> 222.222.0.0/16 194.68.128.2 0 1111? * 194.68.128.3 0 1111? dummy#sh ip bgp 100.100.0.0 BGP routing table entry for 100.100.0.0/16, version 5 Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to peer-groups: external 1111, (aggregated by 1111 1.1.1.2)/* JUNOS */ 194.68.128.2 from 194.68.128.2 (1.1.1.2) Origin IGP, localpref 100, valid, external, atomic-aggregate, best 1111, (aggregated by 1111 1.1.1.4)/* IOS */ 194.68.128.3 from 194.68.128.3 (1.1.1.4) Origin IGP, localpref 100, valid, external, atomic-aggregate 30 Copyright 2001, Juniper Networks, Inc.

routing-options { aggregate { route 1.1.1.0/24 policy deny_local; router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { advertise-inactive; log-updown; group external { type external; description to_ebgp-routers; local-address 194.68.128.2; hold-time 180; damping; import ebgp_in; family inet { unicast { prefix-limit { maximum 100; teardown 70; any; export ebgp; peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; policy-options { policy-statement deny_local { term 1 { from interface lo0.0; then reject; Copyright 2001, Juniper Networks, Inc. 31

lunkan@junos_lena# run show route 1.1.1.0 detail inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.0/24 (1 entry, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 18:14:13 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any AS path: I Flags: Depth: 0 Active AS path list: AS path: I Refcount: 7 Contributing Routes (7): 1.1.1.3/32 proto IS-IS 1.1.1.4/32 proto IS-IS 1.1.1.5/32 proto IS-IS 1.1.1.6/32 proto IS-IS 1.1.1.7/32 proto IS-IS 1.1.1.8/32 proto IS-IS This example shows the local (direct) routes. Note 1.1.1.2/32 is a direct route. lunkan@junos_lena# run show route protocol direct inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.2/32 *[Direct/0] 1w4d 20:09:21 > via lo0.0 2.2.2.16/28 *[Direct/0] 17:40:51 > via fxp0.0 194.68.128.0/24 *[Direct/0] 1d 06:24:04 > via fxp1.0 32 Copyright 2001, Juniper Networks, Inc.

Provision and Prevention of Advertising Intra-AS Routes AS 1111 UNIX Access Lunkan M10 Ida M20 192.168.1/24, no-export 172.16.2/24, 1111:10 Lena M40 2.2/16 Pagent AS 2222 100.100.1.1/32, 1111:1 100.100.2.1/32, 1111:2 100.200.1.1/32, 1111:5 100.200.2.1/32, 1111:4 111.111/16, 1111:5 222.222/16, 1111:6 Cisco_pop Cisco_core_rr Cisco_border Dummy 3.3/16 Plus Martians AS 3333 192.168.1/24, no-export as-path MED community 34 Copyright 2001, Juniper Networks, Inc.

Manipulation of Announced Aggregate Updates AS 1111 UNIX Lunkan M10 100.100/16 MED 0 100.200/16 MED 100 as-path 1111 1111 111.111/16 MED 0 222.222/16 MED 100 as-path 1111 1111 1111 Access Ida M20 Lena M40 Pagent AS 2222 100.100.1.1/32, 1111:1 100.100.2.1/32, 1111:2 100.200.1.1/32, 1111:5 100.200.2.1/32, 1111:4 111.111/16, 1111:5 222.222/16, 1111:6 Cisco_pop Cisco_core_rr Cisco_border 100.200/16 MED 0 100.100/16 MED 100 as-path 1111 1111 1111 111.111/16 MED 0 222.222/16 MED 100 as-path 1111 1111 1111 Dummy AS 3333 community no-export router bgp 1111 no synchronization bgp router-id 1.1.1.6 bgp cluster-id 3232236033 bgp log-neighbor-changes network 192.168.2.0 route-map rfc1918 timers bgp 30 90 redistribute connected neighbor internal_rr peer-group neighbor internal_rr remote-as 1111 neighbor internal_rr update-source Loopback0 neighbor internal_rr route-reflector-client neighbor internal_rr send-community neighbor internal_rr route-map rfc1918 out neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal send-community/* Send community */ neighbor internal route-map rfc1918 out/* Route-map out */ neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.2 peer-group internal_rr Copyright 2001, Juniper Networks, Inc. 35

neighbor 1.1.1.3 peer-group internal_rr neighbor 1.1.1.4 peer-group internal_rr neighbor 1.1.1.5 peer-group internal_rr no auto-summary ip bgp-community new-format access-list 1 permit 192.168.2.0 0.0.0.25 /* Access-list that route-map use */ route-map rfc1918 permit 10/* Route-map mark route with no-export community */ match ip address 1 set community no-export community router bgp 1111 no synchronization bgp log-neighbor-changes timers bgp 30 90 redistribute connected route-map access/* Route-map used for connected routes (loopbacks) */ redistribute static route-map static neighbor access peer-group neighbor access remote-as 1111 neighbor access update-source Loopback0 neighbor access send-community neighbor 1.1.1.3 peer-group access neighbor 1.1.1.5 peer-group access no auto-summary ip bgp-community new-format /* Route-map used for static routes */ access-list 1 permit 100.100.1.1/* Access-list that route-map uses */ access-list 2 permit 100.100.2.1 access-list 3 permit 100.200.1.1 access-list 4 permit 100.200.2.1 access-list 5 permit 111.111.0.0 0.0.255.255 access-list 6 permit 222.222.0.0 0.0.255.255 route-map access permit 10/* Route-map that sets community for connected routes */ match ip address 1 set community 1111:1 route-map access permit 20 match ip address 2 set community 1111:2 route-map access permit 30 match ip address 3 set community 1111:3 36 Copyright 2001, Juniper Networks, Inc.

route-map access permit 40 match ip address 4 set community 1111:4 route-map static permit 10/* Route-map that set community for staticly routes */ match ip address 5 set community 1111:5 route-map static permit 20 match ip address 6 set community 1111:6 community cisco_access#sh ip bgp commun 1111:1 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.100.1.1/32 0.0.0.0 0 32768? cisco_access#sh ip bgp commun 1111:2 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.100.2.1/32 0.0.0.0 0 32768? cisco_access#sh ip bgp commun 1111:3 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.200.1.1/32 0.0.0.0 0 32768? cisco_access#sh ip bgp commun 1111:4 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.200.2.1/32 0.0.0.0 0 32768? cisco_access#sh ip bgp commun 1111:5 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 111.111.0.0/16 0.0.0.0 0 32768? cisco_access#sh ip bgp commun 1111:6 BGP table version is 12, local router ID is 1.1.1.7 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 222.222.0.0/16 0.0.0.0 0 32768? Copyright 2001, Juniper Networks, Inc. 37

community no-export community routing-options { router-id 1.1.1.1; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state; log-updown; group internal_rr { type internal; local-address 1.1.1.1; export service;/* Export policy (for non-reflected routes) */ cluster 1.1.1.1; neighbor 1.1.1.2 { authentication-key "$9$.mT3ApBSrv9ApBRSMW"; neighbor 1.1.1.3 { authentication-key "$9$h2PclM7-waZjX7-w2aiH"; neighbor 1.1.1.4; neighbor 1.1.1.5; group internal { type internal; local-address 1.1.1.1; export service;/* Export policy (for non-reflected routes) */ neighbor 1.1.1.6; policy-options { policy-statement service { term one { from { route-filter 192.168.1.0/24 exact; then { community add rfc1918; accept; term two { from { route-filter 172.16.2.0/24 exact; then { community add mcast; accept; community mcast members 1111:10; community rfc1918 members no-export; 38 Copyright 2001, Juniper Networks, Inc.

community lunkan@lunkan# run show route advertising-protocol bgp 1.1.1.2 172.16.2/24 detail inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 172.16.2.0/24 (1 entry, 1 announced) BGP group type Internal AS 1111 Nexthop: Self Localpref: 100 AS path: I Communities: 1111:10 [edit] lunkan@lunkan# run show route advertising-protocol bgp 1.1.1.2 192.168.1/24 detail inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 192.168.1.0/24 (1 entry, 1 announced) BGP group type Internal AS 1111 Nexthop: Self Localpref: 100 AS path: I Communities: no-export [edit] lunkan@lunkan# MED as-path community community no-export router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor external peer-group neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out /* Route-map (policy) applied to route... */ neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 neighbor 194.68.128.33 peer-group external no auto-summary ip bgp-community new-format ip community-list 1 permit 1111:5 ip community-list 2 permit 1111:6 Copyright 2001, Juniper Networks, Inc. 39

access-list 10 permit 100.100.0.0 0.0.255.255 access-list 20 permit 100.200.0.0 0.0.255.255 route-map ext_policy permit 10 match ip address 10 /* Agggregate 100.100/16 are as-prep and get high (bad) MED */ set metric 100 set as-path prepend 1111 1111 1111 route-map ext_policy permit 20 match ip address 20/* Aggregate 100.200/16 get low (good) MED */ set metric 0 route-map ext_policy permit 30 match community 1 set metric 100 set as-path prepend 1111 1111 1111 /* 111.111/16 route with community 1111:5 get as-path prepend and high MED (bad) value */ route-map ext_policy permit 40 match community 2 /* 222.222/16 route with community 1111:6 get low MED (good) value */ set metric 0 route-map ext_policy deny 50 community cisco_border#sh ip bgp comm 1111:1 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i100.100.1.1/32 1.1.1.7 0 100 0? cisco_border# cisco_border#sh ip bgp comm 1111:2 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i100.100.2.1/32 1.1.1.7 0 100 0? cisco_border# cisco_border#sh ip bgp comm 1111:3 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i100.200.1.1/32 1.1.1.7 0 100 0? cisco_border# cisco_border#sh ip bgp comm 1111:4 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i100.200.2.1/32 1.1.1.7 0 100 0? cisco_border# 40 Copyright 2001, Juniper Networks, Inc.

community cisco_border#sh ip bgp com 1111:10 BGP table version is 18, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i172.16.2.0/24 1.1.1.1 100 0 i cisco_border# no-export community cisco_border#sh ip bgp comm no-export BGP table version is 19, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i192.168.1.0 1.1.1.1 100 0 i *>i192.168.2.0 1.1.1.6 0 100 0 i * i 1.1.1.6 0 100 0 i cisco_border# community MED as-path cisco_border#sh ip bgp comm 1111:5 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i111.111.0.0/16 1.1.1.7 0 100 0? cisco_border# cisco_border#sh ip bgp comm 1111:6 BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i222.222.0.0/16 1.1.1.7 0 100 0? cisco_border# cisco_border#sh ip bgp nei 194.68.128.33 adv BGP table version is 17, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.100.0.0/16 0.0.0.0 32768 i *> 100.200.0.0/16 0.0.0.0 32768 i *>i111.111.0.0/16 1.1.1.7 0 100 0? *>i222.222.0.0/16 1.1.1.7 0 100 0? cisco_border# Copyright 2001, Juniper Networks, Inc. 41

routing-options { aggregate { route 100.100.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; route 100.200.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag damping detail; log-updown; group external { type external; local-address 194.68.128.2; damping; import ebgp_in; export ebgp; /* Policy used for EBGP peering */ neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1 { authentication-key "$9$0UylORSvWxwYoevWx-waJ"; neighbor 1.1.1.6; policy-options { policy-statement ebgp { term two {/* Agggregate 100.200/16 are as-prep and get high (bad) MED */ from { route-filter 100.200.0.0/16 exact; then { metric 100; as-path-prepend "1111 1111"; accept; 42 Copyright 2001, Juniper Networks, Inc.

term three {/* Aggregate 100.100/16 get low (good) MED */ from { route-filter 100.100.0.0/16 exact; then { metric 0; accept; term four {/* 222.222/16 route with community 1111:5 get as-path prepend and high MED (bad) value */ from community bad; then { metric 100; as-path-prepend "1111 1111 1111"; accept; term five {/* 111.111/16 route with community 1111:6 get low MED (good) value */ from community good; then { metric 0; accept; term last { then reject; community bad members 1111:6; community good members 1111:5; Copyright 2001, Juniper Networks, Inc. 43

community lunkan@lena> show route community 1111:1 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 100.100.1.1/32 *[BGP/170] 01:55:38, MED 0, localpref 100, from 1.1.1.1 AS path:? > to 1.1.0.3 via fxp0.0 to 1.1.0.5 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:2 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 100.100.2.1/32 *[BGP/170] 01:55:41, MED 0, localpref 100, from 1.1.1.1 AS path:? to 1.1.0.3 via fxp0.0 > to 1.1.0.5 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:3 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 100.200.1.1/32 *[BGP/170] 01:55:43, MED 0, localpref 100, from 1.1.1.1 AS path:? > to 1.1.0.3 via fxp0.0 to 1.1.0.5 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:4 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 100.200.2.1/32 *[BGP/170] 01:55:45, MED 0, localpref 100, from 1.1.1.1 AS path:? > to 1.1.0.3 via fxp0.0 to 1.1.0.5 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both community lunkan@lena> show route community 1111:10 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 172.16.2.0/24 *[BGP/170] 00:22:42, localpref 100, from 1.1.1.1 AS path: I > to 1.1.0.1 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 44 Copyright 2001, Juniper Networks, Inc.

lunkan@lena> show route community no-export inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24 *[BGP/170] 02:03:04, localpref 100, from 1.1.1.1 AS path: I > to 1.1.0.1 via fxp0.0 192.168.2.0/24 *[BGP/170] 02:03:07, MED 0, localpref 100, from 1.1.1.6 AS path: I > to 1.1.0.6 via fxp0.0 [BGP/170] 02:03:04, MED 0, localpref 100, from 1.1.1.1 AS path: I > to 1.1.0.6 via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both community MED as-path lunkan@lena> show route community 1111:5 detail inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 111.111.0.0/16 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 1.1.0.3 via fxp0.0 Nexthop: 1.1.0.5 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 1:59:26 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.5 Originator ID: 1.1.1.7 Communities: 1111:5 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:6 detail inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both 222.222.0.0/16 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: 1.1.1.1 Nexthop: 1.1.0.3 via fxp0.0, selected Nexthop: 1.1.0.5 via fxp0.0 State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 1:59:33 Metric: 0 Metric2: 20 Task: BGP_1111.1.1.1.1+179 Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any Copyright 2001, Juniper Networks, Inc. 45

AS path:? <Originator> Cluster list: 1.1.1.1 1.1.1.5 Originator ID: 1.1.1.7 Communities: 1111:6 BGP next hop: 1.1.1.7 Localpref: 100 Router ID: 1.1.1.1 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route advertising-protocol bgp 194.68.128.33 inet.0: 28 destinations, 28 routes (25 active, 0 holddown, 7 hidden) Prefix Nexthop MED Lclpref AS path 100.100.0.0/16 Self 0 I 100.200.0.0/16 Self 100 1111 1111 [1111] I 111.111.0.0/16 Self 0? 222.222.0.0/16 Self 100 1111 1111 1111 [1111]? lunkan@lena> MED as-path pagent#sh ip bgp BGP table version is 13, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 194.68.128.33 1 0 3333 i *> 2.2.0.0/16 0.0.0.0 0 32768 i *> 3.3.0.0/16 194.68.128.33 1 0 3333 i *> 10.0.0.0 194.68.128.33 1 0 3333? *> 100.100.0.0/16 194.68.128.2 0 0 1111 i * 194.68.128.3 100 0 1111 1111 1111 1111 i * 194.68.128.2 0 3333 1111 i *> 100.200.0.0/16 194.68.128.3 0 0 1111 i * 194.68.128.2 100 0 1111 1111 1111 i * 194.68.128.3 0 3333 1111 i *> 111.111.0.0/16 194.68.128.2 0 0 1111? * 194.68.128.3 100 0 1111 1111 1111 1111? * 194.68.128.2 0 3333 1111? *> 222.222.0.0/16 194.68.128.3 0 0 1111? * 194.68.128.2 100 0 1111 1111 1111 1111? * 194.68.128.3 0 3333 1111? pagent# 46 Copyright 2001, Juniper Networks, Inc.

as-path MED pagent#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route S C 2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 2.2.0.0/16 is directly connected, Null0 2.2.2.2/32 is directly connected, Loopback0 100.0.0.0/16 is subnetted, 2 subnets B 100.100.0.0 [20/0] via 194.68.128.2, 00:21:51/* JUNOS */ B 100.200.0.0 [20/0] via 194.68.128.3, 00:21:37/* IOS */ 3.0.0.0/16 is subnetted, 1 subnets B 3.3.0.0 [20/1] via 194.68.128.33, 00:21:56 C 194.68.128.0/24 is directly connected, Ethernet0 111.0.0.0/16 is subnetted, 1 subnets B 111.111.0.0 [20/0] via 194.68.128.2, 00:21:53/* JUNOS */ B 10.0.0.0/8 [20/1] via 194.68.128.33, 00:21:57 B* 0.0.0.0/0 [20/1] via 194.68.128.33, 00:21:58 B 222.222.0.0/16 [20/0] via 194.68.128.3, 00:21:39/* IOS */ pagent# Copyright 2001, Juniper Networks, Inc. 47

local-preference Controlling Traffic Out from an AS AS 1111 UNIX Lunkan Access M10 Ida M20 2.2/16, Local-pref 101 3.3/16, Local-pref 100 Lena M40 2.2/16, as-path 2222 Pagent AS 2222 Cisco_pop 3.3/16, Local pref 101 2.2/16. Local pref 100 Cisco_border Dummy AS 3333 Cisco_core_rr 3.3/16, as-path 3333 Plus Martians 48 Copyright 2001, Juniper Networks, Inc.

local-preference router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group/* Internal peer grp */ neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self/* Source-address for BGP next hop is router lo0 */ neighbor external peer-group/* external peer grp */ neighbor external soft-reconfiguration inbound neighbor external prefix-list martians in neighbor external route-map int_policy in /* Route-map applied for receiving updates */ neighbor external route-map ext_policy out neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 neighbor 194.68.128.33 peer-group external no auto-summary ip as-path access-list 1 permit ^3333$ /* as-path used (routes originate in AS 3333 one hop away) */ route-map int_policy permit 10 match as-path 1 set local-preference 101/* Local-preference for routes from as-path defined above */ route-map int_policy permit 20 as-path local-preference cisco_border#sh ip bgp reg ^3333$ BGP table version is 25, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> 3.3.0.0/16 194.68.128.33 1 101 0 3333 i cisco_border# Copyright 2001, Juniper Networks, Inc. 49

local-preference routing-options { aggregate { route 100.100.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; route 100.200.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag route receive; flag damping; flag state; group external {/* External peer grp */ type external; local-address 194.68.128.2; damping; import ebgp_in;/* Policy applied to incoming route updates */ family inet { unicast { prefix-limit { maximum 100; teardown 70; export ebgp; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal {/* Internal peer grp */ type internal; local-address 1.1.1.2; export internal;/* Policy applied to advertised updates */ neighbor 1.1.1.1 { authentication-key "$9$4ToGiP5FApB.P5F6A1I"; neighbor 1.1.1.6; policy-options { policy-statement internal { term one { then { next-hop self;/* Source-address for BGP next hop is router lo0 */ 50 Copyright 2001, Juniper Networks, Inc.

policy-statement ebgp_in { term 1918 { from { route-filter 0.0.0.0/0 exact; route-filter 10.0.0.0/8 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 192.168.0.0/16 orlonger; then reject; term local_pref { from as-path from_pagent; then { local-preference 101;/* Local-precedence for routes from as-path defined below */ term no_damp { from { route-filter 198.41.0.0/24 exact; route-filter 128.9.0.0/16 exact; route-filter 192.33.4.0/24 exact; route-filter 128.8.0.0/16 exact; route-filter 192.203.230.0/24 exact; route-filter 192.5.4.0/23 exact; route-filter 128.63.0.0/16 exact; route-filter 192.36.148.0/24 exact; route-filter 193.0.14.0/24 exact; route-filter 198.32.64.0/24 exact; route-filter 202.12.27.0/24 exact; then { damping no; accept; term damp { then damping yes; as-path from_pagent 2222;/* as-path used (routes originate in AS 2222 one hop away) */ damping no { disable; damping yes { half-life 15; reuse 750; suppress 2000; max-suppress 60; Copyright 2001, Juniper Networks, Inc. 51

local-preference lunkan@lena# run show route aspath-regex "2222" detail inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.0.0/16 (2 entries, 1 announced) *BGP Preference: 170/-102 Nexthop: 194.68.128.22 via fxp1.0, selected State: <Active Ext> Local AS: 1111 Peer AS: 2222 Age: 56 Metric: 0 Task: BGP_2222.194.68.128.22+179 Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-BGP_Sync_Any AS path: 2222 I Localpref: 101 Router ID: 2.2.2.2 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both local-preference as-path lunkan@lunkan> show route 2.2.0.0 all detail inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.0.0/16 (1 entry, 1 announced) *BGP Preference: 170/-102 Source: 1.1.1.2 Nexthop: 1.1.0.2 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 5:25 Metric: 0 Metric2: 10 Task: BGP_1111.1.1.1.2+179 Announcement bits (3): 0-KRT 3-BGP.0.0.0.0+179 4-BGP_Sync_Any AS path: 2222 I BGP next hop: 1.1.1.2 Localpref: 101 Router ID: 1.1.1.2 lunkan@lunkan> show route 3.3.0.0 all detail inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 52 Copyright 2001, Juniper Networks, Inc.

3.3.0.0/16 (1 entry, 1 announced) *BGP Preference: 170/-102 Source: 1.1.1.4 Nexthop: 1.1.0.4 via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 38:34 Metric: 1 Metric2: 10 Task: BGP_1111.1.1.1.4+11029 Announcement bits (3): 0-KRT 3-BGP.0.0.0.0+179 4-BGP_Sync_Any AS path: 3333 I BGP next hop: 1.1.1.4 Localpref: 101 Router ID: 1.1.1.4 lunkan@lunkan> cisco_core_rr#sh ip rout 2.2.0.0 Routing entry for 2.2.0.0/16 Known via "bgp 1111", distance 200, metric 0 Tag 2222, type internal Last update from 1.1.1.2 00:06:56 ago Routing Descriptor Blocks: * 1.1.1.2, from 1.1.1.2, 00:06:56 ago Route metric is 0, traffic share count is 1 AS Hops 1 cisco_core_rr#sh ip rout 3.3.0.0 Routing entry for 3.3.0.0/16 Known via "bgp 1111", distance 200, metric 1 Tag 3333, type internal Last update from 1.1.1.4 00:39:58 ago Routing Descriptor Blocks: * 1.1.1.4, from 1.1.1.4, 00:39:58 ago Route metric is 1, traffic share count is 1 AS Hops 1 cisco_core_rr# cisco_access#sh ip ro 2.2.0.0 Routing entry for 2.2.0.0/16 Known via "bgp 1111", distance 200, metric 0 Tag 2222, type internal Last update from 1.1.1.2 00:02:40 ago Routing Descriptor Blocks: * 1.1.1.2, from 1.1.1.3, 00:02:40 ago Route metric is 0, traffic share count is 1 AS Hops 1 cisco_access#sh ip ro 3.3.0.0 Routing entry for 3.3.0.0/16 Known via "bgp 1111", distance 200, metric 1 Tag 3333, type internal Last update from 1.1.1.4 00:35:47 ago Routing Descriptor Blocks: * 1.1.1.4, from 1.1.1.3, 00:35:47 ago Route metric is 1, traffic share count is 1 AS Hops 1 Copyright 2001, Juniper Networks, Inc. 53

cisco_access#sh ip bgp 2.2.0.0 BGP routing table entry for 2.2.0.0/16, version 71 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 2222 1.1.1.2 (metric 20) from 1.1.1.3 (1.1.1.2) Origin IGP, metric 0, localpref 101, valid, internal, best Originator: 1.1.1.2, Cluster list: 1.1.1.5, 1.1.1.1 cisco_access#sh ip bgp 3.3.0.0 BGP routing table entry for 3.3.0.0/16, version 61 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 3333 1.1.1.4 (metric 20) from 1.1.1.3 (1.1.1.4) Origin IGP, metric 1, localpref 101, valid, internal, best Originator: 1.1.1.4, Cluster list: 1.1.1.5, 1.1.1.1 cisco_access# router bgp 64512 neighbor peer-group gix neighbor gix distribute-list 100 in... ip access-list 100 deny ip host 0.0.0.0 any ip access-list 100 deny ip 127.0.0.0 0.255.255.255.255 255.0.0.0 0.255.255.255 ip access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 ip access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 ip access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 ip access-list 100 permit ip any any 54 Copyright 2001, Juniper Networks, Inc.

router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor external peer-group neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out neighbor external soft-reconfiguration inbound neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 neighbor 194.68.128.33 peer-group external no auto-summary ip prefix-list martians seq 10 deny 0.0.0.0/32 ip prefix-list martians seq 20 deny 127.0.0.0/8 le 32 ip prefix-list martians seq 30 deny 10.0.0.0/8 le 32 ip prefix-list martians seq 40 deny 172.16.0.0/12 le 32 ip prefix-list martians seq 50 deny 192.168.0.0/16 le 32 cisco_border#sh ip bgp nei 194.68.128.33 rec BGP table version is 19, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * 0.0.0.0 194.68.128.33 1 0 3333 i * 2.2.0.0/16 194.68.128.22 1 0 3333 2222 i * 3.3.0.0/16 194.68.128.33 1 0 3333 i * 10.0.0.0 194.68.128.33 1 0 3333? Total number of prefixes 4 Copyright 2001, Juniper Networks, Inc. 55

cisco_border#sh ip bgp BGP table version is 19, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i2.2.0.0/16 1.1.1.2 0 101 0 2222 i *>i3.3.0.0/16 1.1.1.2 1 100 0 3333 i *> 100.100.0.0/16 0.0.0.0 32768 i s>i100.100.1.1/32 1.1.1.7 0 100 0? s>i100.100.2.1/32 1.1.1.7 0 100 0? *> 100.200.0.0/16 0.0.0.0 32768 i s>i100.200.1.1/32 1.1.1.7 0 100 0? s>i100.200.2.1/32 1.1.1.7 0 100 0? *>i111.111.0.0/16 1.1.1.7 0 100 0? *>i192.168.1.0 1.1.1.1 100 0 i *>i192.168.2.0 1.1.1.6 0 100 0 i * i 1.1.1.6 0 100 0 i *>i222.222.0.0/16 1.1.1.7 0 100 0? cisco_border# 56 Copyright 2001, Juniper Networks, Inc.

routing-options { aggregate { route 100.100.0.0/16; router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag damping detail; log-updown; group external { type external; local-address 194.68.128.2; damping; import ebgp_in; export ebgp; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1 { authentication-key "$9$0UylORSvWxwYoevWx-waJ"; neighbor 1.1.1.6; policy-options { policy-statement ebgp_in { term 1918 { from { route-filter 0.0.0.0/0 exact; route-filter 10.0.0.0/8 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 192.168.0.0/16 orlonger; then reject; Copyright 2001, Juniper Networks, Inc. 57

lunkan@lena# run show route receive-protocol bgp 194.68.128.33 inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 4 hidden) Prefix Nexthop MED Lclpref AS path 2.2.0.0/16 194.68.128.22 1 3333 2222 I 3.3.0.0/16 194.68.128.33 1 3333 I iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path lunkan@lena# run show bgp summary Groups: 3 Peers: 4 Down Peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 19 11 0 0 0 0 inet.2 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Act/Rcvd/Damp 194.68.128.22 2222 198 196 0 0 01:34:33 1/4/0 0/0/0 194.68.128.33 3333 389 381 0 0 03:07:58 1/4/0 0/0/0 1.1.1.1 1111 385 380 0 0 03:07:43 8/10/0 0/0/0 1.1.1.6 1111 375 378 0 0 03:06:43 1/1/0 0/0/0 lunkan@lena# run show route receive-protocol bgp 194.68.128.33 inactive inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 4 hidden) Prefix Nexthop MED Lclpref AS path 0.0.0.0/0 194.68.128.33 1 3333 I 10.0.0.0/8 194.68.128.33 1 3333? 58 Copyright 2001, Juniper Networks, Inc.

protocols { bgp { path-selection always-compare-med; traceoptions { file bgp; flag route; flag damping; flag state; log-updown; group external { type external; local-address 194.68.128.2; damping; import [ (test1 && test2) martians ebgp_in) ]; family inet { unicast { prefix-limit { maximum 100; teardown 70; export ebgp; multipath; neighbor 194.68.128.22 { import [ special_policy ]; neighbor 194.68.128.33 { peer-as 3333; import [ (test1 && test2) martians ebgp_in) ]; test1 test2 ebgp_in Copyright 2001, Juniper Networks, Inc. 59

policy-options { policy-statement ebgp_in { term 1918 { from { route-filter 0.0.0.0/0 exact; route-filter 10.0.0.0/8 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 192.168.0.0/16 orlonger; then reject; term local_pref { from as-path from_pagent; then { local-preference 101; term no_damp { from policy root_dns; then { damping no; accept; term damp { then damping yes; policy-statement root_dns { term dns { from { route-filter 198.41.0.0/24 exact; route-filter 128.9.0.0/16 exact; route-filter 192.33.4.0/24 exact; route-filter 128.8.0.0/16 exact; route-filter 192.203.230.0/24 exact; route-filter 192.5.4.0/23 exact; route-filter 192.112.36.0/24 exact; route-filter 128.63.0.0/16 exact; route-filter 192.36.148.0/24 exact; route-filter 193.0.14.0/24 exact; route-filter 198.32.64.0/24 exact; route-filter 202.12.27.0/24 exact; then accept; 60 Copyright 2001, Juniper Networks, Inc.

as-path router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor internal soft-reconfiguration inbound neighbor external peer-group neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out neighbor external soft-reconfiguration inbound neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 Copyright 2001, Juniper Networks, Inc. 61

neighbor 194.68.128.33 peer-group external no auto-summary ip as-path access-list 10 permit ^$ ip prefix-list root_dns seq 1 permit 198.41.0.0/24 ip prefix-list root_dns seq 2 permit 128.9.0.0/16 ip prefix-list root_dns seq 3 permit 192.33.4.0/24 ip prefix-list root_dns seq 4 permit 128.8.0.0/16 ip prefix-list root_dns seq 5 permit 192.203.230.0/24 ip prefix-list root_dns seq 6 permit 192.5.4.0/23 ip prefix-list root_dns seq 7 permit 192.112.36.0/24 ip prefix-list root_dns seq 8 permit 128.63.0.0/16 ip prefix-list root_dns seq 9 permit 192.36.148.0/24 ip prefix-list root_dns seq 10 permit 193.0.14.0/24 ip prefix-list root_dns seq 11 permit 198.32.64.0/24 ip prefix-list root_dns seq 12 permit 202.12.27.0/24 route-map damp deny 1 match as-path 10 route-map damp deny 2 match ip address prefix-list root_dns route-map damp permit 3 set dampening 15 750 2000 60 cisco_border#sh ip bgp sum BGP router identifier 1.1.1.4, local AS number 1111 BGP table version is 117, main routing table version 117 111 network entries and 112 paths using 14799 bytes of memory 21 BGP path attribute entries using 1092 bytes of memory 2 BGP rrinfo entries using 48 bytes of memory 11 BGP AS-PATH entries using 376 bytes of memory 7 BGP community entries using 168 bytes of memory 25 BGP route-map cache entries using 400 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths BGP activity 243/968 prefixes, 247/135 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 1111 1015 1167 117 0 0 00:01:29 8 1.1.1.6 4 1111 949 1168 117 0 0 00:01:29 1 194.68.128.22 4 2222 2129 1036 117 0 0 00:00:52 100 194.68.128.33 4 3333 1013 987 117 0 0 00:01:14 1 cisco_border# Partial route-table: cisco_border#sh ip bgp BGP table version is 117, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete 62 Copyright 2001, Juniper Networks, Inc.

Network Next Hop Metric LocPrf Weight Path *> 3.3.0.0/16 194.68.128.33 1 101 0 3333 i *> 34.1.1.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.2.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.3.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.4.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.5.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.6.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.7.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.8.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.9.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.10.0/24 194.68.128.22 1622 0 2222 53285 33299 51178 {27016,57039,16690 e *> 34.1.11.0/24 194.68.128.22 2563 0 2222 59294 21396 25638 36040 {18917,28575,47361 e cisco_border# cisco_border#debug ip bgp damp *Mar 1 07:59:59.798: BGP(0): charge penalty for 34.1.37.0/24 path 2222 4482 46350 49469 25721 33830 {51019 with halflife-time 15 reuse/suppress 750/2000 *Mar 1 07:59:59.802: BGP(0): flapped 1 times since 00:00:00. New penalty is 1000 *Mar 1 08:00:00.814: BGP(0): charge penalty for 34.1.47.0/24 path 2222 11885 8653 38033 34606 with halflife-time 15 reuse/suppress 750/2000 *Mar 1 08:00:00.818: BGP(0): flapped 2 times since 00:00:16. New penalty is 1988 *Mar 1 08:00:01.810: BGP(0): charge penalty for 34.1.53.0/24 path 2222 24193 29338 1945 65275 {10312,4520 with halflife-time 15 reuse/suppress 750/2000 *Mar 1 08:00:01.814: BGP(0): flapped 1 times since 00:00:00. New penalty is 1000 *Mar 1 08:00:02.798: BGP(0): charge penalty for 34.1.13.0/24 path 2222 59294 21396 25638 36040 {18917,28575,47361 with halflife-time 15 reuse/suppress 750/2000 *Mar 1 08:00:02.802: BGP(0): flapped 1 times since 00:00:00. New penalty is 1000g all *Mar 1 08:00:03.806: BGP(0): charge penalty for 34.1.7.0/24 path 2222 53285 33299 51178 {27016,57039,16690 with halflife-time 15 reuse/suppress 750/2000 *Mar 1 08:00:03.810: BGP(0): flapped 1 times since 00:00:00. New penalty is 1000 cisco_border#no debug all All possible debugging has been turned off Copyright 2001, Juniper Networks, Inc. 63

cisco_border#sh ip bgp damp BGP table version is 1001, local router ID is 1.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network From Reuse Path *d 34.1.2.0/24 194.68.128.22 00:21:10 2222 53285 33299 51178 {27016,57039,16690 e [edit protocols bgp] lunkan@lena# show traceoptions { file bgp; flag damping detail; log-updown; group external { type external; local-address 194.68.128.2; damping; import ebgp_in;# /* Policy for inbound EBGP ( Damping etcö). No damp on internal routes can happenö */ export ebgp; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1 { authentication-key "$9$-Xds4UjqQF/ZUjqPQ9C"; neighbor 1.1.1.6; policy-statement ebgp_in { term 1918 { from { route-filter 0.0.0.0/0 exact; route-filter 10.0.0.0/8 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 192.168.0.0/16 orlonger; then reject; term local_pref { from as-path from_pagent; then { local-preference 101; term no_damp {/* DNS root servers, no damp of these */ 64 Copyright 2001, Juniper Networks, Inc.

from { route-filter 198.41.0.0/24 exact; route-filter 128.9.0.0/16 exact; route-filter 192.33.4.0/24 exact; route-filter 128.8.0.0/16 exact; route-filter 192.203.230.0/24 exact; route-filter 192.5.4.0/23 exact; route-filter 128.63.0.0/16 exact; route-filter 192.36.148.0/24 exact; route-filter 193.0.14.0/24 exact; route-filter 198.32.64.0/24 exact; route-filter 202.12.27.0/24 exact; then { damping no; accept; term damp { then damping yes;/* Damping apply of rest of routes */ damping no { disable; damping yes { half-life 15; reuse 750; suppress 2000; max-suppress 60; [edit protocols bgp] lunkan@lena# [edit protocols bgp] lunkan@lena# run show bgp summary Groups: 3 Peers: 4 Down Peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 113 9 35 101 101 0 inet.2 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Active/Received/Damped... 194.68.128.22 2222 1 6 0 29 00:00:05 0/101/35 0/0/0 194.68.128.33 3333 37 36 0 4 00:15:23 1/3/0 0/0/0 1.1.1.1 1111 388 461 0 1 00:15:27 7/8/0 0/0/0 1.1.1.6 1111 34 461 0 1 00:15:33 1/1/0 0/0/0 Copyright 2001, Juniper Networks, Inc. 65

[edit protocols bgp traceoptions] lunkan@lena# show file bgp; flag damping; lunkan@lena# run monitor start bgp Jan 11 02:18:36 bgp_damp_change: Change event Jan 11 02:18:36 bgp_dampen: Damping 34.1.1.0 Jan 11 02:18:36 bgp_rt_change: Dampening makes route unusable Jan 11 02:18:36 bgp_damp_change: Change event Jan 11 02:18:36 bgp_dampen: Damping 34.1.2.0 Jan 11 02:18:36 bgp_rt_change: Dampening makes route unusable Jan 11 02:18:36 bgp_damp_change: Change event Jan 11 02:18:36 bgp_dampen: Damping 34.1.3.0 Jan 11 02:18:36 bgp_rt_change: Dampening makes route unusable Jan 11 02:18:36 bgp_damp_change: Change event Jan 11 02:18:36 bgp_dampen: Damping 34.1.4.0 Jan 11 02:18:36 bgp_rt_change: Dampening makes route unusable Jan 11 02:18:36 bgp_damp_change: Change event Jan 11 02:18:36 bgp_dampen: Damping 34.1.5.0 Jan 11 02:18:36 bgp_rt_change: Dampening makes route unusable Jan 11 02:18:36 bgp_damp_change: Change event lunkan@lena# run show route damping suppressed inet.0: 125 destinations, 125 routes (22 active, 0 holddown, 103 hidden) + = Active Route, - = Last Active, * = Both 34.1.1.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.2.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.3.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.4.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.5.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.6.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.7.0/24 [BGP] 00:00:03, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.8.0/24 [BGP] 00:00:19, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 66 Copyright 2001, Juniper Networks, Inc.

lunkan@lena# run show route damping history inet.0: 125 destinations, 125 routes (22 active, 0 holddown, 103 hidden) + = Active Route, - = Last Active, * = Both 34.1.1.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.2.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.3.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.4.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.5.0/24 [BGP] 00:00:36, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.6.0/24 [BGP] 00:00:15, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.7.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.8.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.9.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E > to 194.68.128.22 via fxp1.0 34.1.10.0/24 [BGP] 00:00:43, MED 1622, localpref 100 AS path: 2222 53285 33299 51178 {16690 27016 57039 E lunkan@lena# run show route damping history detail inet.0: 125 destinations, 125 routes (22 active, 0 holddown, 103 hidden) + = Active Route, - = Last Active, * = Both 34.1.1.0/24 (1 entry, 0 announced) BGP Preference: /-101 Nexthop: 194.68.128.22 via fxp1.0, selected State: <Hidden Ext> Local AS: 1111 Peer AS: 2222 Age: 42 Metric: 1622 Task: BGP_2222.194.68.128.22+11000 AS path: 2222 53285 33299 51178 {16690 27016 57039 E Localpref: 100 Router ID: 194.68.128.22 Merit (last update/now): 12110/12110 Damping parameters: "yes" Last update: 00:00:01 First update: 00:06:21 Flaps: 21 Suppressed. Reusable in: 00:59:40 Preference will be: 170 History entry. Expires in: 00:59:40 Copyright 2001, Juniper Networks, Inc. 67

maximum-prefix Log/inform when threshold exceeds Shutdown peer that exceed limit router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor internal soft-reconfiguration inbound neighbor external peer-group neighbor external soft-reconfiguration inbound neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out neighbor external maximum-prefix 100 70 neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 neighbor 194.68.128.33 peer-group external no auto-summary *Mar 1 03:19:44.275: %BGP-4-MAXPFX: No. of prefix received from 194.68.128.22 (afi 0) reaches 71, max 100 *Mar 1 03:19:49.435: %BGP-3-MAXPFXEXCEED: No. of prefix received from 194.68.128.22 (afi 0): 101 exceed limit 100 68 Copyright 2001, Juniper Networks, Inc.

cisco_border#sh ip bgp sum BGP router identifier 1.1.1.4, local AS number 1111 BGP table version is 1420, main routing table version 1420 12 network entries and 14 paths using 1668 bytes of memory 11 BGP path attribute entries using 572 bytes of memory 3 BGP rrinfo entries using 72 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 7 BGP community entries using 168 bytes of memory 4 BGP route-map cache entries using 64 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths 3 received paths for inbound soft reconfiguration BGP activity 256/270 prefixes, 2058/2044 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 1111 489 904 1420 0 0 03:18:18 8 1.1.1.6 4 1111 400 904 1420 0 0 03:18:22 1 194.68.128.22 4 2222 607 517 0 0 0 00:00:57 Idle (PfxCt) 194.68.128.33 4 3333 286 276 1420 0 0 02:14:39 0 cisco_border# Copyright 2001, Juniper Networks, Inc. 69

[edit protocols bgp] lunkan@lena# show traceoptions { file bgp; flag damping detail; log-updown; group external { type external; local-address 194.68.128.2; damping; import ebgp_in; family inet { unicast { prefix-limit { maximum 100; teardown 70; export ebgp; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1 { authentication-key "$9$HkPQ/CuEcln/CuBEeK"; neighbor 1.1.1.6; [edit protocols bgp] lunkan@lena# 70 Copyright 2001, Juniper Networks, Inc.

lunkan@lena# run show bgp group external Group Type: External AS: 3333 Local AS: 1111 Export: [ ebgp ] Import: [ ebgp_in ] Options: <Preference LocalAddress HoldTime LogUpDown Damping AddressFamily PeerAS Multipath PrefixLimit LocalAS Refresh> Address families configured: inet-unicast Local Address: 194.68.128.2 Holdtime: 90 Preference: 170 Local AS: 1111 Local System AS: 1111 Total peers: 1 Established: 1 194.68.128.33+11000 Group Type: External AS: 2222 Local AS: 1111 Export: [ ebgp ] Import: [ ebgp_in ] Options: <Preference LocalAddress HoldTime LogUpDown Damping AddressFamily PeerAS Multipath PrefixLimit LocalAS Refresh> Address families configured: inet-unicast Local Address: 194.68.128.2 Holdtime: 90 Preference: 170 Prefix Limit for inet-unicast: 100 (teardown, warning at 70%) Local AS: 1111 Local System AS: 1111 Total peers: 1 Established: 1 194.68.128.22+179 [edit protocols bgp] Jan 14 20:46:56 [1.1.1.2.4.0] lena: rpd[305]: 194.68.128.22 (External AS 2222): Configured maximum prefix threshold exceeded for inet-unicast nlri: 71 Jan 14 20:47:08 [1.1.1.2.4.0] lena: rpd[305]: 194.68.128.22 (External AS 2222): Shutting down peer due to exceeding configured prefix limit for inet-unicast nlri: 101 Copyright 2001, Juniper Networks, Inc. 71

policy-options { policy-statement load_balance { then { load-balance per-packet; /* Specific prefix can be used, instead of the whole forwding table if desire */ routing-options { forwarding-table { export load_balance; lunkan@petra# run show route forwarding-table destination 1.1.1.1 detail Routing table:: inet Internet: Destination Type RtRef InIf Flags Nexthop Type Index NhRef Netif 1.1.1.1/32 user 0 0 0x10 ulst 42 5 2.2.2.24 ucst 28 4 e1-0/2/0.0 2.2.2.28 ucst 41 3 e1-0/2/1.0 [load-balance per-packet] [ip load-sharing per-packet] 72 Copyright 2001, Juniper Networks, Inc.

advertise-inactive advertise-inactive protocols { bgp { advertise-inactive; /* Advertise inactive routes in BGP */ router bgp 3333 no synchronization bgp router-id 3.3.3.3 bgp always-compare-med bgp log-neighbor-changes bgp deterministic-med neighbor external peer-group neighbor external remote-as 1111 neighbor external timers 30 90/* Timers for BGP connections in peer grp */ neighbor 194.68.128.2 peer-group external neighbor 194.68.128.2 peer-group external no auto-summary Copyright 2001, Juniper Networks, Inc. 73

bgp { path-selection always-compare-med; log-updown; local-as 1111; group external { type external; local-address 194.68.128.2; hold-time 180/* Timers for BGP connections in peer grp */ peer-as 2222 neighbor 194.68.128.33; neighbor 194.68.128.34; lunkan@lena# run show bgp neighbor 194.68.128.33 Peer: 194.68.128.33+11005 AS 3333 Local: 194.68.128.2+179 AS 1111 Type: External State: Established Flags: <> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Export: [ ebgp ] Import: [ ebgp_in ] Options: <Preference LocalAddress HoldTime LogUpDown Damping AddressFamily PeerAS PrefixLimit LocalAS Refresh> Address families configured: inet-unicast Local Address: 194.68.128.2 Holdtime: 180 Preference: 170 Prefix Limit for inet-unicast: 100 (teardown, warning at 70%) Local AS: 1111 Local System AS: 1111 Number of flaps: 1 Peer ID: 3.3.3.3 Local ID: 1.1.1.2 Active Holdtime: 180 Keepalive Interval: 60 MED cisco-nondeterministic always-compare-med cisco-non-deterministic MED always-compare-med MED 74 Copyright 2001, Juniper Networks, Inc.

bgp deterministicmed path-selection protocols { bgp { path-selection always-compare-med;/* Path selection attribute */ aaa new-model aaa authentication login default tacacs+ local /* Default TACACS, if no service then local user for login */ aaa authentication login console none /* No console authentication */ aaa authentication enable default TACACS+ enable /* Default Tacacs, if no service then local user for enable */ enable secret 5 $1$cOwR$49I5ixU1CqiKrjco8948tp privilege exec level 1 show configuration/* Authorization, level 1 user allowed do show conf, etc. */ privilege exec level 1 show Copyright 2001, Juniper Networks, Inc. 75

clock timezone CET 1 ip subnet-zero ip rcmd rsh-enable ip rcmd remote-host root 192.168.1.10 enable root /* RSH incoming accept from specified host */ ip cef ip tcp window-size 65535 ip tftp source-interface Loopback0/* Source address for TFTP packets originate on router */ ip ftp source-interface Loopback0/* Source address for FTP packets originate on router */ ip ftp username lunkan/* If using FTP service, username, and password below */ ip ftp password 7 018rfnurcp783jmc0u6 ip host tftps 192.168.1.10/* TFTP server */ ip domain-name lunkan.net ip name-server 192.168.1.10/* DNS server */ interface Loopback0 ip address 1.1.1.1 255.255.255.255 no ip directed-broadcast interface ethernet0 description Link to GIX ip address 194.68.128.1 255.255.255.0 ip broadcast-address 194.68.128.255 ip access-group 100 in/* Filter inbound traffic */ no ip directed-broadcast/* No forward of packet with broadcast destinations */ no ip redirect/* Disable ICMP redirect */ ip route-cache flow/* Access-list on interface, route-cache flow instead CEF for better performance*/ no ip route-cache cef no ip mroute-cache load-interval 30 no cdp enable/* CDP Level 2 information protocol disable, no gain on EBGP segment */ logging facility local7/* System log facility */ logging source-interface Loopback0/*Source address for system log packets originate on router */ logging 192.168.1.10/* System log server */ logging buffered 32768 debugging/* Logging information locally stored */ logging console alerts /* Local message to consol, level Alerts and above */ Example IOS Access List 76 Copyright 2001, Juniper Networks, Inc.

access-list 1 permit 192.168.254.0 0.0.0.255 log access-list 1 permit 192.168.1.10 0.0.0.0 log access-list 2 permit 192.168.254.0 0.0.0.255 log access-list 3 permit 192.168.1.10 0.0.0.0 log access-list 100 deny ip 10.0.0.0 0.255.255.255 any log access-list 100 deny ip 127.0.0.0 0.255.255.255 any log access-list 100 deny ip 172.16.0.0 0.15.255.255 any log access-list 100 deny ip 192.168.0.0 0.0.255.255 any log access-list 100 permit ip any any snmp-server community ida RO 2/* Host with access read-only to router, see access-list 2 */ snmp-server community lena RW 3/* Host with access read-write to router, see access-list 3 */ snmp-server trap-source Loopback0/* Source address for SNMP trap (UDP 162) packets originate on router */ snmp-server contact lunkan@lunkan.net snmp-server enable traps config/* SNMP trap categories */ snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server host 192.168.1.10 lunkan /* Destination address for SNMP traps and community */ tacacs-server host 192.168.1.10/* Tacacs server */ tacacs-server key 12345678 exeption core-file this_router_name/* Coredump sent to FTP server */ exception protocol ftp exception dump 192.168.1.10 Copyright 2001, Juniper Networks, Inc. 77

line con 0 exec-timeout 60 0 login authentication console transport input none line aux 0 line vty 0 4 access-class 1 in/* Restrict Telnet based on source addressö*/ exec-timeout 120 0 password 7 123A0404012E1810 ntp clock-period 17179850 ntp source Loopback0/* NTP use lo0 as source address */ ntp update-calendar ntp server 192.168.1.10/* NTP server (peering can also be done) */ system { host-name lunkan_home;/* IP hostname */ domain-name lunkan.net;/* IP Domain */ default-address-selection;/* All UDP,TCP,ICMP ex FTP, system log, ping packets use lo0 as source */ no-redirects; /* No ip ICMP redirects */ name-server { 192.168.1.10; /* DNS server */ root-authentication {/* root user password for local root user */ encrypted-password "$1$kksX6$i58hdOpkMI4pKfFlgkt94."; # SECRET-DATA authentication-order [ radius password ]; /* Radius will be used primary as authentication validation */ radius-server { 192.168.1.10 {/* Radius server */ secret "$9$Ch.9ABElhk6-wM8"; # SECRET-DATA # Radius key timeout 5; retry 2; login { class noc_grp { permissions [ admin interface routing system firewall view]; /* Rights for noc_grp*/ user lunkan {/* Ex of local backup user with super-user access */ uid 2001; class super-user; /* Class belonging for user lunkan (handle access level) */ authentication { encrypted-password "$1$sGD5.$/8Ql5qZrDovMr7CgupSHo0"; # SECRET-DATA 78 Copyright 2001, Juniper Networks, Inc.

user remotex { full-name "radius group-user, super-user rights"; /*RADIUS super-user template grp*/ uid 2010; class super-user; user remotexx { full-name "radius group-user, read rights";/* RADIUS show/noc template grp */ uid 2011; class noc_grp; services { /* Allowed service, note that finger/tftp etc are not enable */ ssh; telnet; ftp; /* Note that JunOS use interactive FTP, not TFTP */ syslog { user * { any alerts;/* Local message to vty, level Alerts and above */ console { alerts;/* Local message to consol, level Alerts and above */ host 192.168.1.10 { /* Syslog server */ any any;/* All is sent to syslog server */ facility-override local1;/* Facility local1 will be used, since core router */ log-prefix Lunkan_home;/* All messagies will be added with prefix Lunkan_home */ file messages { any notice; authorization info; file cli_trace { authorization any;/* All user logins log to local file on router */ interactive-commands any;/* All CLI actions log to local file on router */ archive size 50m files 2 world-readable; /* Local user log 50 Mb, with overwrite to backup file */ ntp { server 192.168.1.10;/* NTP server, peer is not used but can also/instead be used */ chassis { no-source-route;/* No ip source-routing */ protocols { bgp { traceoptions {/* Start variables use when BGP monitoring */ file bgp; flag state; flag damping; flag keepalive; log-updown;/* Log message when adjencys flap */ isis { traceoptions {/* Start variables use when BGP monitoring */ file isis; flag state; flag hello; Copyright 2001, Juniper Networks, Inc. 79

snmp { describtion "blaha"; location " In my home lab"; contact "lunkan@lunkan.net"; community read-only { authorisation read-only; clients { 192.168.1.10;/* NMS host, source address for snmp-get (UDP 161) allowed */ trap-group ida { version all; categories authentication chassis link routing /* SNMP Trap categories */ targets { 192.168.1.10; /*NMS host, destination for traps (UDP 162)*/ firewall { filter access { term telnet_ok { from { source-address { 192.168.254/24; /* Telnet allowed from prefix and below host, ex a ssh/radius server */ 192.168.1.10/32; protocol tcp; destination-port telnet; then { accept; term telnet-deny { from { protocol tcp; destination-port telnet; then { count telnet_deny;/* Deny Telnet counted */ log;/* Deny Telnet log to var/log file */ discard; 80 Copyright 2001, Juniper Networks, Inc.

term snmp_ok { from { source-address { 192.168.254/24; 192.168.1.10/32; protocol udp; destination-port snmp; then { accept; term snmp_deny { from { protocol udp; destination-port snmp; then { count snmp_deny; log; discard; term ntp_ok { from { source-address { 192.168.254/32; 192.168.1.10/32; protocol udp; destination-port ntp; then { accept; term ntp_deny { from { protocol udp; destination-port ntp; then { count ntp_deny; log; discard; term permit_any {/* So that BGP, IGP etc is accepted to RE */ then accept; Copyright 2001, Juniper Networks, Inc. 81

lab@m10-oslo> show firewall filter access Filter/Counter Packet count Byte count access telnet_deny 0 0 snmp_deny 0 0 ntp_deny 0 0 lo0 { unit 0 { family inet { filter { input access; /* Filter applied to logical interface (RE) */ address 1.1.1.1/32; family iso { address 47.0001.1921.6825.4254.00; firewall { filter access_2 { term martians { from { source-address { 127.0.0.0/8;/* rfc1918 denied routes */ 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; then { count martians;/* Reject counted */ reject administratively-prohibited; /* Reject and send ICMP messageö */ term permit_any {/* Everything else is accepted */ then accept; 82 Copyright 2001, Juniper Networks, Inc.

version 4.2R2.4; system { host-name lena; domain-name lunkan.net; time-zone Europe/Stockholm; default-address-selection; no-redirects; login { user lunkan { uid 2001; class super-user; authentication { encrypted-password "$1$.vHnM$BKQpc.3dFteKZ.vheNof0."; # SECRET-DATA services { telnet; ssh; ftp; syslog { user * { any emergency; host 192.168.1.10 { any any; facility-override local7; log-prefix lena; file messages { any notice; authorization info; ntp { peer 192.168.1.10; interfaces { fxp0 { unit 0 { family inet { address 1.1.0.2/24; family iso; fxp1 { unit 0 { family inet { address 194.68.128.2/24; family iso; 84 Copyright 2001, Juniper Networks, Inc.

lo0 { unit 0 { family inet { address 1.1.1.2/32; family iso { address 47.0001.0010.0100.1002.00; routing-options { aggregate { route 100.100.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; route 100.200.0.0/16 { as-path { origin igp; atomic-aggregate; aggregator 1111 1.1.1.2; router-id 1.1.1.2; autonomous-system 1111; protocols { bgp { path-selection always-compare-med; traceoptions { file bgp; flag route receive; flag damping; flag state; log-updown; group external { type external; local-address 194.68.128.2; damping; import ebgp_in; family inet { unicast { prefix-limit { maximum 100; teardown 70; export ebgp; multipath; neighbor 194.68.128.22 { peer-as 2222; neighbor 194.68.128.33 { peer-as 3333; Copyright 2001, Juniper Networks, Inc. 85

group internal { type internal; local-address 1.1.1.2; export internal; neighbor 1.1.1.1 { authentication-key "$9$4ToGiP5FApB.P5F6A1I"; neighbor 1.1.1.6; isis { traceoptions { file isis; flag state; lsp-lifetime 65535; level 2 wide-metrics-only; interface all { level 1 disable; interface fxp1.0 { passive; policy-options { policy-statement internal { term one { from protocol bgp; then { next-hop self; policy-statement loadbalance { then { load-balance per-packet; policy-statement ebgp { inactive: term one { from protocol aggregate; then origin igp; term two { from { route-filter 100.200.0.0/16 exact; then { metric 100; as-path-prepend "1111 1111"; accept; term three { from { route-filter 100.100.0.0/16 exact; then { metric 0; accept; 86 Copyright 2001, Juniper Networks, Inc.

term four { from community bad; then { metric 100; as-path-prepend "1111 1111 1111"; accept; term five { from community good; then { metric 0; accept; term last { then reject; policy-statement ebgp_in { term 1918 { from { route-filter 0.0.0.0/0 exact; route-filter 10.0.0.0/8 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 192.168.0.0/16 orlonger; then reject; term local_pref { from as-path from_pagent; then { local-preference 101; term no_damp { from { route-filter 198.41.0.0/24 exact; route-filter 128.9.0.0/16 exact; route-filter 192.33.4.0/24 exact; route-filter 128.8.0.0/16 exact; route-filter 192.203.230.0/24 exact; route-filter 192.5.4.0/23 exact; route-filter 128.63.0.0/16 exact; route-filter 192.36.148.0/24 exact; route-filter 193.0.14.0/24 exact; route-filter 198.32.64.0/24 exact; route-filter 202.12.27.0/24 exact; then { damping no; accept; term damp { then damping yes; policy-statement root_dns { term dns { from { route-filter 198.41.0.0/24 exact; route-filter 128.9.0.0/16 exact; Copyright 2001, Juniper Networks, Inc. 87

route-filter 192.33.4.0/24 exact; route-filter 128.8.0.0/16 exact; route-filter 192.203.230.0/24 exact; route-filter 192.5.4.0/23 exact; route-filter 192.112.36.0/24 exact; route-filter 128.63.0.0/16 exact; route-filter 192.36.148.0/24 exact; route-filter 193.0.14.0/24 exact; route-filter 198.32.64.0/24 exact; route-filter 202.12.27.0/24 exact; then accept; community bad members 1111:6; community good members 1111:5; as-path from_pagent 2222; damping no { disable; damping yes { half-life 15; reuse 750; suppress 2000; max-suppress 60; 88 Copyright 2001, Juniper Networks, Inc.

version 4.2R2.4; system { host-name lunkan; domain-name lunkan.net; default-address-selection; no-redirects; login { user lunkan { uid 2001; class super-user; authentication { encrypted-password "$1$sGD5.$/8Ql5qZrDovMr7CgupSHo0"; # SECRET-DATA services { telnet; ssh; ftp; syslog { user * { any emergency; host 192.168.1.10 { facility-override local7; log-prefix lunkan; file messages { any notice; authorization info; ntp { peer 192.168.1.10; interfaces { fxp0 { unit 0 { family inet { address 1.1.0.1/24; family iso; fxp1 { unit 0 { family inet { address 192.168.1.1/24 { primary; address 172.16.2.1/24; lo0 { unit 0 { family inet { address 1.1.1.1/32; Copyright 2001, Juniper Networks, Inc. 89

family iso { address 47.0001.0010.0100.1001.00; routing-options { router-id 1.1.1.1; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state; log-updown; group internal_rr { type internal; local-address 1.1.1.1; export service; cluster 1.1.1.1; neighbor 1.1.1.2 { authentication-key "$9$FckZ39pIEyWLNBIEyeW-d"; neighbor 1.1.1.3 { authentication-key "$9$ebkK87wYojHmVwYoZjPf"; neighbor 1.1.1.4; neighbor 1.1.1.5; group internal { type internal; local-address 1.1.1.1; export service; neighbor 1.1.1.6; isis { traceoptions { file isis; flag state; lsp-lifetime 65535; level 1 disable; level 2 wide-metrics-only; interface all { level 2 priority 127; interface fxp1.0 { disable; policy-options { policy-statement service { term one { from { route-filter 192.168.1.0/24 exact; then { community add rfc1918; 90 Copyright 2001, Juniper Networks, Inc.

accept; term two { from { route-filter 172.16.2.0/24 exact; then { community add mcast; accept; community mcast members 1111:10; community rfc1918 members no-export; Copyright 2001, Juniper Networks, Inc. 91

version 4.2R2.4; system { host-name ida; domain-name juniper.net; default-address-selection; login { user lunkan { uid 2001; class super-user; authentication { encrypted-password "$1$Fg/2.$G1YuZUcU6ujXF5fCDlvWQ/"; # SECRET-DATA services { telnet; ssh; ftp; syslog { user * { any emergency; host 192.168.1.10 { any any; facility-override local7; log-prefix ida; file messages { any notice; authorization info; ntp { peer 192.168.1.10; interfaces { fxp0 { unit 0 { family inet { address 1.1.0.3/24; family iso; fxp1 { unit 0 { family inet { address 1.1.1.245/30; family iso; lo0 { unit 0 { family inet { address 1.1.1.3/32; family iso { address 47.0001.0010.0100.1003.00; routing-options { router-id 1.1.1.3; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state detail; 92 Copyright 2001, Juniper Networks, Inc.

flag update; flag policy; flag route; log-updown; group internal { type internal; local-address 1.1.1.3; neighbor 1.1.1.1 { authentication-key "$9$IW5RSeLxdgoGWLxdwgUD"; neighbor 1.1.1.6; group pop_rr { type internal; local-address 1.1.1.3; cluster 1.1.1.5; neighbor 1.1.1.7; group pop { type internal; local-address 1.1.1.3; neighbor 1.1.1.4; isis { traceoptions { file isis; flag state detail; export isis_leak; lsp-lifetime 65535; level 2 wide-metrics-only; interface all; interface fxp0.0 { level 1 disable; policy-options { policy-statement isis_leak { term one { from { level 2; route-filter 1.1.1.0/24 longer; then accept; Copyright 2001, Juniper Networks, Inc. 93

version 12.1 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption hostname cisco_border aaa new-model aaa authentication login default none aaa authentication enable default none ip subnet-zero ip rcmd rsh-enable ip rcmd remote-host root 192.168.1.10 root enable no ip finger ip telnet source-interface Loopback0 ip tftp source-interface Loopback0 ip ftp source-interface Loopback0 ip ftp username root ip ftp password lunkan no ip domain-lookup ip name-server 192.168.1.10 ip cef cns event-service server interface Loopback0 ip address 1.1.1.4 255.255.255.255 interface Ethernet0 ip address 1.1.0.4 255.255.255.0 ip router isis interface Ethernet1 ip address 194.68.128.3 255.255.255.0 interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown router isis passive-interface Ethernet1 passive-interface Loopback0 net 47.0001.0010.0100.1004.00 is-type level-2-only metric-style wide max-lsp-lifetime 65535 94 Copyright 2001, Juniper Networks, Inc.

lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.4 bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address 100.100.0.0 255.255.0.0 summary-only aggregate-address 100.200.0.0 255.255.0.0 summary-only timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor external peer-group neighbor external soft-reconfiguration inbound neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out neighbor external maximum-prefix 100 70 neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 194.68.128.22 remote-as 2222 neighbor 194.68.128.22 peer-group external neighbor 194.68.128.33 remote-as 3333 neighbor 194.68.128.33 peer-group external no auto-summary ip classless no ip http server ip bgp-community new-format ip community-list 1 permit 1111:5 ip community-list 2 permit 1111:6 ip community-list 3 permit 1111:10 ip as-path access-list 1 permit ^3333$ ip as-path access-list 10 permit ^$ ip prefix-list martians seq 1 deny 0.0.0.0/32 ip prefix-list martians seq 20 deny 127.0.0.0/8 le 32 ip prefix-list martians seq 30 deny 10.0.0.0/8 le 32 ip prefix-list martians seq 40 deny 172.16.0.0/12 le 32 ip prefix-list martians seq 50 deny 192.168.0.0/16 le 32 ip prefix-list root_dns seq 1 permit 198.41.0.0/24 ip prefix-list root_dns seq 2 permit 128.9.0.0/16 ip prefix-list root_dns seq 3 permit 192.33.4.0/24 ip prefix-list root_dns seq 4 permit 128.8.0.0/16 ip prefix-list root_dns seq 5 permit 192.203.230.0/24 ip prefix-list root_dns seq 6 permit 192.5.4.0/23 ip prefix-list root_dns seq 7 permit 192.112.36.0/24 ip prefix-list root_dns seq 8 permit 128.63.0.0/16 ip prefix-list root_dns seq 9 permit 192.36.148.0/24 ip prefix-list root_dns seq 10 permit 193.0.14.0/24 ip prefix-list root_dns seq 11 permit 198.32.64.0/24 ip prefix-list root_dns seq 12 permit 202.12.27.0/24 logging trap debugging logging source-interface Loopback0 Copyright 2001, Juniper Networks, Inc. 95

logging 192.168.1.10 access-list 10 permit 100.100.0.0 0.0.255.255 access-list 20 permit 100.200.0.0 0.0.255.255 route-map damp deny 1 match as-path 10 route-map damp deny 2 match ip address prefix-list root_dns route-map damp permit 3 set dampening 15 750 2000 60 route-map int_policy permit 10 match as-path 1 set local-preference 101 route-map int_policy permit 20 route-map ext_policy permit 10 match ip address 10 set metric 100 set as-path prepend 1111 1111 1111 route-map ext_policy permit 20 match ip address 20 set metric 0 route-map ext_policy permit 30 match community 1 set metric 100 set as-path prepend 1111 1111 1111 route-map ext_policy permit 40 match community 2 set metric 0 route-map ext_policy deny 50 match community 3 line con 0 transport input none line aux 0 line vty 0 4 ntp source Loopback0 ntp peer 192.168.1.10 end 96 Copyright 2001, Juniper Networks, Inc.

version 12.1 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption hostname cisco_core_rr boot system flash:b.bin aaa new-model aaa authentication login default none aaa authentication enable default none ip subnet-zero ip ftp source-interface Loopback0 ip ftp username root ip ftp password lunkan no ip domain-lookup ip name-server 192.168.1.10 ip dhcp pool core network 1.1.0.0 255.255.255.0 default-router 1.1.0.1 cns event-service server interface Loopback0 ip address 1.1.1.6 255.255.255.255 interface Loopback1 ip address 192.168.2.1 255.255.255.0 interface Ethernet0 ip address 1.1.0.6 255.255.255.0 ip router isis isis priority 126 interface Serial0 no ip address no ip mroute-cache shutdown no fair-queue interface Serial1 no ip address shutdown router isis passive-interface Loopback0 net 47.0001.0010.0100.1006.00 Copyright 2001, Juniper Networks, Inc. 97

is-type level-2-only metric-style wide max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.6 bgp cluster-id 3232236033 bgp log-neighbor-changes network 192.168.2.0 route-map rfc1918 timers bgp 30 90 redistribute connected neighbor internal_rr peer-group neighbor internal_rr remote-as 1111 neighbor internal_rr update-source Loopback0 neighbor internal_rr route-reflector-client neighbor internal_rr send-community neighbor internal_rr route-map rfc1918 out neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal send-community neighbor internal route-map rfc1918 out neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.2 peer-group internal_rr neighbor 1.1.1.3 peer-group internal_rr neighbor 1.1.1.4 peer-group internal_rr neighbor 1.1.1.5 peer-group internal_rr no auto-summary ip classless no ip http server ip bgp-community new-format logging trap debugging logging source-interface Loopback0 logging 192.168.1.10 access-list 1 permit 192.168.2.0 0.0.0.255 route-map rfc1918 permit 10 match ip address 1 set community no-export line con 0 transport input none line aux 0 line 2 3 line vty 0 4 ntp source Loopback0 ntp peer 192.168.1.10 end 98 Copyright 2001, Juniper Networks, Inc.

version 12.1 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption hostname cisco_pop aaa new-model aaa authentication login default none aaa authentication enable default none ip subnet-zero ip rcmd rsh-enable ip rcmd remote-host root 192.168.1.10 root enable no ip finger ip telnet source-interface Loopback0 no ip domain-lookup ip name-server 192.168.1.10 ip cef cns event-service server interface Loopback0 ip address 1.1.1.5 255.255.255.255 interface Ethernet0 ip address 1.1.0.5 255.255.255.0 ip router isis isis circuit-type level-2-only interface Serial0 bandwidth 2000000 ip address 1.1.1.249 255.255.255.252 ip router isis clockrate 2000000 interface Serial1 no ip address shutdown router isis redistribute isis ip level-2 into level-1 distribute-list 100 passive-interface Loopback0 net 47.0001.0010.0100.1005.00 metric-style wide max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 Copyright 2001, Juniper Networks, Inc. 99

log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.5 bgp log-neighbor-changes timers bgp 30 90 neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor pop peer-group neighbor pop remote-as 1111 neighbor pop update-source Loopback0 neighbor pop_rr peer-group neighbor pop_rr remote-as 1111 neighbor pop_rr update-source Loopback0 neighbor pop_rr route-reflector-client neighbor 1.1.1.1 peer-group internal neighbor 1.1.1.6 peer-group internal neighbor 1.1.1.7 peer-group pop_rr no auto-summary ip classless no ip http server ip bgp-community new-format logging trap debugging logging source-interface Loopback0 logging 192.168.1.10 access-list 1 permit 1.1.1.0 0.0.0.255 line con 0 transport input none line 1 8 line aux 0 line vty 0 4 ntp source Loopback0 ntp peer 192.168.1.10 end 100 Copyright 2001, Juniper Networks, Inc.

community version 12.1 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption hostname cisco_access boot system flash:b.bin aaa new-model aaa authentication login default enable none aaa authentication enable default enable none ip subnet-zero ip ftp source-interface Loopback0 ip ftp username root ip ftp password lunkan no ip domain-lookup cns event-service server interface Loopback0 ip address 1.1.1.7 255.255.255.255 interface Loopback1 ip address 100.100.1.1 255.255.255.255 interface Loopback2 ip address 100.100.2.1 255.255.255.255 interface Loopback3 ip address 100.200.1.1 255.255.255.255 interface Loopback4 ip address 100.200.2.1 255.255.255.255 interface Ethernet0 ip address 1.1.1.246 255.255.255.252 ip router isis interface Serial0 ip address 1.1.1.250 255.255.255.252 ip router isis no ip mroute-cache no fair-queue interface Serial1 no ip address shutdown Copyright 2001, Juniper Networks, Inc. 101

router isis passive-interface Loopback0 net 47.0001.0010.0100.1007.00 is-type level-1 metric-style wide max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 10 100 500 prc-interval 5 100 250 lsp-gen-interval 10 20 2500 log-adjacency-changes router bgp 1111 no synchronization bgp router-id 1.1.1.7 bgp log-neighbor-changes timers bgp 30 90 redistribute connected route-map access redistribute static route-map static neighbor access peer-group neighbor access remote-as 1111 neighbor access update-source Loopback0 neighbor access send-community neighbor 1.1.1.3 peer-group access neighbor 1.1.1.5 peer-group access no auto-summary ip default-gateway 1.1.1.245 ip classless ip route 111.111.0.0 255.255.0.0 Null0 ip route 222.222.0.0 255.255.0.0 Null0 no ip http server ip bgp-community new-format logging trap debugging logging source-interface Loopback0 logging 192.168.1.10 access-list 1 permit 100.100.1.1 access-list 2 permit 100.100.2.1 access-list 3 permit 100.200.1.1 access-list 4 permit 100.200.2.1 access-list 5 permit 111.111.0.0 0.0.255.255 access-list 6 permit 222.222.0.0 0.0.255.255 route-map access permit 10 match ip address 1 set community 1111:1 route-map access permit 20 match ip address 2 set community 1111:2 route-map access permit 30 match ip address 3 set community 1111:3 route-map access permit 40 match ip address 4 set community 1111:4 route-map static permit 10 match ip address 5 set community 1111:5 102 Copyright 2001, Juniper Networks, Inc.

version 12.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname pagent aaa new-model aaa authentication login default none aaa authentication enable default none ip subnet-zero no ip domain-lookup cns event-service server interface Loopback0 ip address 2.2.2.2 255.255.255.255 interface Ethernet0 ip address 194.68.128.22 255.255.255.0 interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown router bgp 2222 no synchronization bgp router-id 2.2.2.2 bgp always-compare-med bgp log-neighbor-changes bgp deterministic-med network 2.2.0.0 mask 255.255.0.0 neighbor external peer-group neighbor external remote-as 1111 neighbor 194.68.128.2 peer-group external neighbor 194.68.128.3 peer-group external neighbor 194.68.128.33 remote-as 3333 no auto-summary ip classless ip route 0.0.0.0 0.0.0.0 194.68.128.2 254 ip route 0.0.0.0 0.0.0.0 194.68.128.3 254 ip route 2.2.0.0 255.255.0.0 Null0 no ip http server ip bgp-community new-format 104 Copyright 2001, Juniper Networks, Inc.

version 12.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname dummy aaa new-model aaa authentication login default none aaa authentication enable default none ip subnet-zero isdn voice-call-failure 0 interface Loopback0 ip address 3.3.3.3 255.255.255.255 no ip directed-broadcast interface Loopback1 no ip address no ip directed-broadcast interface Ethernet0 ip address 194.68.128.33 255.255.255.0 no ip directed-broadcast interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue interface BRI0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept router bgp 3333 no synchronization bgp router-id 3.3.3.3 bgp always-compare-med bgp log-neighbor-changes bgp deterministic-med network 3.3.0.0 mask 255.255.0.0 network 0.0.0.0 redistribute static metric 1 neighbor external peer-group 106 Copyright 2001, Juniper Networks, Inc.

neighbor external remote-as 1111 neighbor external route-map med out neighbor 194.68.128.2 peer-group external neighbor 194.68.128.3 peer-group external neighbor 194.68.128.22 remote-as 2222 default-information originate no auto-summary ip classless ip route 0.0.0.0 0.0.0.0 Null0 ip route 3.3.0.0 255.255.0.0 Null0 ip route 10.0.0.0 255.0.0.0 Null0 no ip http server ip bgp-community new-format route-map out_tag permit 10 set community 3333:1 route-map med permit 10 set metric 1 route-map prepend permit 10 set as-path prepend 3333 3333 3333 3333 line con 0 transport input none line vty 0 4 end Copyright 2001, Juniper Networks, Inc. 107