Published 6月 15, 2018 by with 0 comment

JNCIP-SP Lab: Study Guide Chapter 6 Case Study (1/2)


In this lab, I use Olive (JunOS 12.1R1.9) to finish the JNCIP study guide chapter 6 case study lab.
I use two VMWares to run Olive-1 and Olive-2
Olive-1 have run logical-systems r1 to r7 and Ovlie-2 have run logical-systems OSPF, P1, T1, T2, C1, and C2.
Note: Due to JNCIP study Guide use old version JunOS (5.2R2.3) and  I use JunOS (12.1R1.9).
So,This lab will find some commands different.

Before we start lab, we need to load pre-configuration which JNCIP study guide chapter 4 case study lab(IS-IS).
After that, we also need to settin IBGP configuration.

For VMware Olive-1 & Olvie-2 setting:
Note: I add ram to 1536 MB for Olive-1 because the IS-IS adj will up and down sometime.





VMware Olive-1 pre-configuration:
set version 12.1R1.9
set system host-name JNCIP_1
set system time-zone Asia/Taipei
set system authentication-order radius
set system ports auxiliary type vt100
set system root-authentication encrypted-password "$1$9xaCfeIA$DoMiHW7akhvyMpAHebr/R0"
set system radius-server 10.0.200.2 secret "$9$-DbYoDi.z39JG39ApREdbs"
set system login class NOC permissions view
set system login user lab uid 2000
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$q0M9ehlx$9XZkXwUuPJK1bVFie2FCS."
set system login user noc uid 2001
set system login user noc class NOC
set system login user noc authentication encrypted-password "$1$nutuTWm9$j40sAjOFPTImr7tm/6/pE1"
set system static-host-mapping proctor inet 10.0.200.1
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services telnet
set system syslog user * any emergency
set system syslog host 10.0.200.2 interactive-commands any
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file r1-cli interactive-commands any
set system syslog file r1-cli archive files 4
set system ntp boot-server 10.0.1.102
set system ntp authentication-key 200 type md5
set system ntp authentication-key 200 value "$9$PTF/uORlK8CtK8X7sYfTz"
set system ntp broadcast-client
set system ntp trusted-key 200
set logical-systems r1 interfaces em1 unit 12 description "Connect to r2 em2.12"
set logical-systems r1 interfaces em1 unit 12 vlan-id 12
set logical-systems r1 interfaces em1 unit 12 family inet address 10.0.4.5/30
set logical-systems r1 interfaces em1 unit 12 family iso
set logical-systems r1 interfaces em1 unit 13 description "Connect to r3 em3.13"
set logical-systems r1 interfaces em1 unit 13 vlan-id 13
set logical-systems r1 interfaces em1 unit 13 family inet address 10.0.4.14/30
set logical-systems r1 interfaces em1 unit 13 family iso
set logical-systems r1 interfaces em1 unit 129 description "Connect to r2 & P1 VLAN-129"
set logical-systems r1 interfaces em1 unit 129 vlan-id 129
set logical-systems r1 interfaces em1 unit 129 family inet address 10.0.5.1/24
set logical-systems r1 interfaces lo0 unit 1 family inet address 10.0.6.1/32
set logical-systems r1 interfaces lo0 unit 1 family iso address 49.0002.0100.0000.6001.00
set logical-systems r1 protocols isis export VL129
set logical-systems r1 protocols isis reference-bandwidth 5g
set logical-systems r1 protocols isis lsp-lifetime 3600
set logical-systems r1 protocols isis level 1 wide-metrics-only
set logical-systems r1 protocols isis interface all level 2 disable
set logical-systems r1 protocols isis interface all level 1 hello-authentication-key jnx
set logical-systems r1 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r1 protocols isis interface lo0.1 passive
set logical-systems r1 policy-options policy-statement VL129 term 1 from protocol direct
set logical-systems r1 policy-options policy-statement VL129 term 1 from route-filter 10.0.5.0/24 exact
set logical-systems r1 policy-options policy-statement VL129 term 1 then metric 101
set logical-systems r1 policy-options policy-statement VL129 term 1 then accept
set logical-systems r2 interfaces em2 unit 12 description "Connect to r1 em1.12"
set logical-systems r2 interfaces em2 unit 12 vlan-id 12
set logical-systems r2 interfaces em2 unit 12 family inet address 10.0.4.6/30
set logical-systems r2 interfaces em2 unit 12 family iso
set logical-systems r2 interfaces em2 unit 23 description "Connect to r3 em3.23"
set logical-systems r2 interfaces em2 unit 23 vlan-id 23
set logical-systems r2 interfaces em2 unit 23 family inet address 10.0.4.2/30
set logical-systems r2 interfaces em2 unit 23 family iso
set logical-systems r2 interfaces em2 unit 24 description "Connect to r4 em4.24"
set logical-systems r2 interfaces em2 unit 24 vlan-id 24
set logical-systems r2 interfaces em2 unit 24 family inet address 10.0.4.10/30
set logical-systems r2 interfaces em2 unit 24 family iso
set logical-systems r2 interfaces em2 unit 129 description "Connect to r1 & P1 VLAN-129"
set logical-systems r2 interfaces em2 unit 129 vlan-id 129
set logical-systems r2 interfaces em2 unit 129 family inet address 10.0.5.2/24
set logical-systems r2 interfaces lo0 unit 2 family inet address 10.0.6.2/32
set logical-systems r2 interfaces lo0 unit 2 family iso address 49.0002.0100.0000.6002.00
set logical-systems r2 protocols isis export VL129
set logical-systems r2 protocols isis reference-bandwidth 5g
set logical-systems r2 protocols isis lsp-lifetime 3600
set logical-systems r2 protocols isis level 1 wide-metrics-only
set logical-systems r2 protocols isis interface all level 2 disable
set logical-systems r2 protocols isis interface all level 1 hello-authentication-key jnx
set logical-systems r2 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r2 protocols isis interface lo0.2 passive
set logical-systems r2 policy-options policy-statement VL129 term 1 from protocol direct
set logical-systems r2 policy-options policy-statement VL129 term 1 from route-filter 10.0.5.0/24 exact
set logical-systems r2 policy-options policy-statement VL129 term 1 then metric 101
set logical-systems r2 policy-options policy-statement VL129 term 1 then accept
set logical-systems r3 interfaces em3 unit 13 description "Connecto to r1 em1.13"
set logical-systems r3 interfaces em3 unit 13 vlan-id 13
set logical-systems r3 interfaces em3 unit 13 family inet address 10.0.4.13/30
set logical-systems r3 interfaces em3 unit 13 family iso
set logical-systems r3 interfaces em3 unit 23 description "Connecto to r2 em2.23"
set logical-systems r3 interfaces em3 unit 23 vlan-id 23
set logical-systems r3 interfaces em3 unit 23 family inet address 10.0.4.1/30
set logical-systems r3 interfaces em3 unit 23 family iso
set logical-systems r3 interfaces em3 unit 34 description "Connecto to r4 em4.34"
set logical-systems r3 interfaces em3 unit 34 vlan-id 34
set logical-systems r3 interfaces em3 unit 34 family inet address 10.0.2.5/30
set logical-systems r3 interfaces em3 unit 34 family iso
set logical-systems r3 interfaces em3 unit 35 description "Connecto to r5 em5.35"
set logical-systems r3 interfaces em3 unit 35 vlan-id 35
set logical-systems r3 interfaces em3 unit 35 family inet address 10.0.2.2/30
set logical-systems r3 interfaces em3 unit 35 family iso
set logical-systems r3 interfaces em3 unit 103 description "Connect to T1 em3.103"
set logical-systems r3 interfaces em3 unit 103 vlan-id 103
set logical-systems r3 interfaces em3 unit 103 family inet address 172.16.0.13/30
set logical-systems r3 interfaces em3 unit 113 description "Connect to T2 em4.113"
set logical-systems r3 interfaces em3 unit 113 vlan-id 113
set logical-systems r3 interfaces em3 unit 113 family inet address 172.16.0.17/30
set logical-systems r3 interfaces lo0 unit 3 family inet address 10.0.3.3/32
set logical-systems r3 interfaces lo0 unit 3 family iso address 49.0002.0100.0000.3003.00
set logical-systems r3 protocols isis export SUM
set logical-systems r3 protocols isis reference-bandwidth 5g
set logical-systems r3 protocols isis lsp-lifetime 3600
set logical-systems r3 protocols isis level 2 authentication-key jnx
set logical-systems r3 protocols isis level 2 authentication-type simple
set logical-systems r3 protocols isis interface all level 1 disable
set logical-systems r3 protocols isis interface all level 2 hello-authentication-key jnx
set logical-systems r3 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.13 level 2 disable
set logical-systems r3 protocols isis interface em3.13 level 1 hello-authentication-key jnx
set logical-systems r3 protocols isis interface em3.13 level 1 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.23 level 2 disable
set logical-systems r3 protocols isis interface em3.23 level 1 hello-authentication-key jnx
set logical-systems r3 protocols isis interface em3.23 level 1 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.310
set logical-systems r3 protocols isis interface lo0.3 passive
set logical-systems r3 policy-options policy-statement SUM term 1 from protocol aggregate
set logical-systems r3 policy-options policy-statement SUM term 1 from route-filter 10.0.4.0/22 exact
set logical-systems r3 policy-options policy-statement SUM term 1 to level 2
set logical-systems r3 policy-options policy-statement SUM term 1 then accept
set logical-systems r3 policy-options policy-statement SUM term 2 from route-filter 10.0.5.0/24 exact
set logical-systems r3 policy-options policy-statement SUM term 2 to level 2
set logical-systems r3 policy-options policy-statement SUM term 2 then accept
set logical-systems r3 policy-options policy-statement SUM term 3 from route-filter 10.0.4.0/22 longer
set logical-systems r3 policy-options policy-statement SUM term 3 to level 2
set logical-systems r3 policy-options policy-statement SUM term 3 then reject
set logical-systems r3 routing-options aggregate route 10.0.4.0/22
set logical-systems r4 interfaces em4 unit 24 description "Connect to r2 em2.24"
set logical-systems r4 interfaces em4 unit 24 vlan-id 24
set logical-systems r4 interfaces em4 unit 24 family inet address 10.0.4.9/30
set logical-systems r4 interfaces em4 unit 24 family iso
set logical-systems r4 interfaces em4 unit 34 description "Connect to r3 em3.34"
set logical-systems r4 interfaces em4 unit 34 vlan-id 34
set logical-systems r4 interfaces em4 unit 34 family inet address 10.0.2.6/30
set logical-systems r4 interfaces em4 unit 34 family iso
set logical-systems r4 interfaces em4 unit 45 description "Connect to r5 em5.45"
set logical-systems r4 interfaces em4 unit 45 vlan-id 45
set logical-systems r4 interfaces em4 unit 45 family inet address 10.0.2.10/30
set logical-systems r4 interfaces em4 unit 45 family iso
set logical-systems r4 interfaces em4 unit 124 description "Connect to C1 em5.124"
set logical-systems r4 interfaces em4 unit 124 vlan-id 124
set logical-systems r4 interfaces em4 unit 124 family inet address 172.16.0.5/30
set logical-systems r4 interfaces em4 unit 125 description "Connect to C1 em5.125"
set logical-systems r4 interfaces em4 unit 125 vlan-id 125
set logical-systems r4 interfaces em4 unit 125 family inet address 172.16.0.9/30
set logical-systems r4 interfaces lo0 unit 4 family inet address 10.0.3.4/32
set logical-systems r4 interfaces lo0 unit 4 family iso address 49.0002.0100.0000.3004.00
set logical-systems r4 protocols isis export SUM
set logical-systems r4 protocols isis reference-bandwidth 5g
set logical-systems r4 protocols isis lsp-lifetime 3600
set logical-systems r4 protocols isis level 2 authentication-key "$9$NRVs4PfzF/t"
set logical-systems r4 protocols isis level 2 authentication-type simple
set logical-systems r4 protocols isis interface all level 1 disable
set logical-systems r4 protocols isis interface all level 2 hello-authentication-key jnx
set logical-systems r4 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r4 protocols isis interface em4.24 level 2 disable
set logical-systems r4 protocols isis interface em4.24 level 1 hello-authentication-key jnx
set logical-systems r4 protocols isis interface em4.24 level 1 hello-authentication-type md5
set logical-systems r4 protocols isis interface lo0.4 passive
set logical-systems r4 policy-options policy-statement SUM term 1 from protocol aggregate
set logical-systems r4 policy-options policy-statement SUM term 1 from route-filter 10.0.4.0/22 exact
set logical-systems r4 policy-options policy-statement SUM term 1 to level 2
set logical-systems r4 policy-options policy-statement SUM term 1 then accept
set logical-systems r4 policy-options policy-statement SUM term 2 from route-filter 10.0.5.0/24 exact
set logical-systems r4 policy-options policy-statement SUM term 2 to level 2
set logical-systems r4 policy-options policy-statement SUM term 2 then accept
set logical-systems r4 policy-options policy-statement SUM term 3 from route-filter 10.0.4.0/22 longer
set logical-systems r4 policy-options policy-statement SUM term 3 to level 2
set logical-systems r4 policy-options policy-statement SUM term 3 then reject
set logical-systems r4 routing-options aggregate route 10.0.4.0/22
set logical-systems r5 interfaces em5 unit 35 description "Connect to r3 em3.35"
set logical-systems r5 interfaces em5 unit 35 vlan-id 35
set logical-systems r5 interfaces em5 unit 35 family inet address 10.0.2.1/30
set logical-systems r5 interfaces em5 unit 35 family iso
set logical-systems r5 interfaces em5 unit 45 description "Connect to r4 em4.45"
set logical-systems r5 interfaces em5 unit 45 vlan-id 45
set logical-systems r5 interfaces em5 unit 45 family inet address 10.0.2.9/30
set logical-systems r5 interfaces em5 unit 45 family iso
set logical-systems r5 interfaces em5 unit 56 description "Connect to r6 em6.56"
set logical-systems r5 interfaces em5 unit 56 vlan-id 56
set logical-systems r5 interfaces em5 unit 56 family inet address 10.0.8.6/30
set logical-systems r5 interfaces em5 unit 56 family iso
set logical-systems r5 interfaces em5 unit 57 description "Connect to r7 em7.57"
set logical-systems r5 interfaces em5 unit 57 vlan-id 57
set logical-systems r5 interfaces em5 unit 57 family inet address 10.0.8.9/30
set logical-systems r5 interfaces em5 unit 57 family iso
set logical-systems r5 interfaces lo0 unit 5 family inet address 10.0.3.5/32
set logical-systems r5 interfaces lo0 unit 5 family iso address 49.0001.0100.0000.3005.00
set logical-systems r5 protocols isis export SUM-1
set logical-systems r5 protocols isis export SUM-2
set logical-systems r5 protocols isis export SUM-3
set logical-systems r5 protocols isis reference-bandwidth 5g
set logical-systems r5 protocols isis lsp-lifetime 3600
set logical-systems r5 protocols isis level 2 authentication-key "$9$vY48xdDjq.5F"
set logical-systems r5 protocols isis level 2 authentication-type simple
set logical-systems r5 protocols isis level 1 preference 155
set logical-systems r5 protocols isis interface all level 1 disable
set logical-systems r5 protocols isis interface all level 2 hello-authentication-key jnx
set logical-systems r5 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.56 level 2 disable
set logical-systems r5 protocols isis interface em5.56 level 1 hello-authentication-key jnx
set logical-systems r5 protocols isis interface em5.56 level 1 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.56 level 1 priority 0
set logical-systems r5 protocols isis interface em5.57 level 2 disable
set logical-systems r5 protocols isis interface em5.57 level 1 hello-authentication-key jnx
set logical-systems r5 protocols isis interface em5.57 level 1 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.57 level 1 priority 0
set logical-systems r5 protocols isis interface lo0.5 passive
set logical-systems r5 policy-options policy-statement SUM-1 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-1 term 1 from route-filter 10.0.2.0/23 exact
set logical-systems r5 policy-options policy-statement SUM-1 term 1 to level 1
set logical-systems r5 policy-options policy-statement SUM-1 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-2 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-2 term 1 from route-filter 10.0.8.0/21 exact
set logical-systems r5 policy-options policy-statement SUM-2 term 1 to level 2
set logical-systems r5 policy-options policy-statement SUM-2 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-2 term 2 from route-filter 10.0.8.0/21 longer
set logical-systems r5 policy-options policy-statement SUM-2 term 2 then reject
set logical-systems r5 policy-options policy-statement SUM-3 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-3 term 1 from route-filter 192.168.0.0/22 exact
set logical-systems r5 policy-options policy-statement SUM-3 term 1 to level 2
set logical-systems r5 policy-options policy-statement SUM-3 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-3 term 2 from route-filter 192.168.0.0/22 longer
set logical-systems r5 policy-options policy-statement SUM-3 term 2 then reject
set logical-systems r5 policy-options policy-statement SUM-3 term 3 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-3 term 3 from route-filter 172.16.40.0/29 exact
set logical-systems r5 policy-options policy-statement SUM-3 term 3 to level 2
set logical-systems r5 policy-options policy-statement SUM-3 term 3 then accept
set logical-systems r5 policy-options policy-statement SUM-3 term 4 from route-filter 172.16.40.0/29 longer
set logical-systems r5 policy-options policy-statement SUM-3 term 4 then reject
set logical-systems r5 routing-options aggregate route 10.0.2.0/23
set logical-systems r5 routing-options aggregate route 10.0.8.0/21
set logical-systems r5 routing-options aggregate route 192.168.0.0/22
set logical-systems r5 routing-options aggregate route 172.16.40.0/29
set logical-systems r6 interfaces em6 unit 56 description "Connect to r5 em5.56"
set logical-systems r6 interfaces em6 unit 56 vlan-id 56
set logical-systems r6 interfaces em6 unit 56 family inet address 10.0.8.5/30
set logical-systems r6 interfaces em6 unit 56 family iso
set logical-systems r6 interfaces em6 unit 67 description "Connect to r7 em7.67"
set logical-systems r6 interfaces em6 unit 67 vlan-id 67
set logical-systems r6 interfaces em6 unit 67 family inet address 10.0.8.1/30
set logical-systems r6 interfaces em6 unit 67 family iso
set logical-systems r6 interfaces em6 unit 68 description "Connect to OSPF em1.68"
set logical-systems r6 interfaces em6 unit 68 vlan-id 68
set logical-systems r6 interfaces em6 unit 68 family inet address 172.16.40.2/30
set logical-systems r6 interfaces em6 unit 116 description "Connecto to T2 em4.116"
set logical-systems r6 interfaces em6 unit 116 vlan-id 116
set logical-systems r6 interfaces em6 unit 116 family inet address 172.16.0.21/30
set logical-systems r6 interfaces lo0 unit 6 family inet address 10.0.9.6/32
set logical-systems r6 interfaces lo0 unit 6 family iso address 49.0001.0100.0000.9006.00
set logical-systems r6 protocols isis export OSPF>ISIS
set logical-systems r6 protocols isis reference-bandwidth 5g
set logical-systems r6 protocols isis lsp-lifetime 3600
set logical-systems r6 protocols isis level 1 preference 155
set logical-systems r6 protocols isis interface all level 2 disable
set logical-systems r6 protocols isis interface all level 1 hello-authentication-key jnx
set logical-systems r6 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r6 protocols isis interface all level 1 priority 0
set logical-systems r6 protocols isis interface lo0.6 passive
set logical-systems r6 protocols ospf external-preference 159
set logical-systems r6 protocols ospf export ISIS>OSPF
set logical-systems r6 protocols ospf area 0.0.0.2 nssa
set logical-systems r6 protocols ospf area 0.0.0.2 interface em6.68 authentication simple-password peter
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 from protocol isis
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 from route-filter 0.0.0.0/0 exact
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 then accept
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from protocol ospf
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from route-filter 192.168.0.0/22 longer
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from route-filter 172.16.40.0/29 longer
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 then accept
set logical-systems r7 interfaces em7 unit 57 description "Connect to r5 em5.57"
set logical-systems r7 interfaces em7 unit 57 vlan-id 57
set logical-systems r7 interfaces em7 unit 57 family inet address 10.0.8.10/30
set logical-systems r7 interfaces em7 unit 57 family iso
set logical-systems r7 interfaces em7 unit 67 description "Connect to r6 em6.67"
set logical-systems r7 interfaces em7 unit 67 vlan-id 67
set logical-systems r7 interfaces em7 unit 67 family inet address 10.0.8.2/30
set logical-systems r7 interfaces em7 unit 67 family iso
set logical-systems r7 interfaces em7 unit 78 description "Connect to OSPF em1.78"
set logical-systems r7 interfaces em7 unit 78 vlan-id 78
set logical-systems r7 interfaces em7 unit 78 family inet address 172.16.40.6/30
set logical-systems r7 interfaces em7 unit 137 description "Connect to C2 em6.137"
set logical-systems r7 interfaces em7 unit 137 vlan-id 137
set logical-systems r7 interfaces em7 unit 137 family inet address 172.16.0.25/30
set logical-systems r7 interfaces lo0 unit 7 family inet address 10.0.9.7/32
set logical-systems r7 interfaces lo0 unit 7 family iso address 49.0001.0100.0000.9007.00
set logical-systems r7 protocols isis export OSPF>ISIS
set logical-systems r7 protocols isis reference-bandwidth 5g
set logical-systems r7 protocols isis lsp-lifetime 3600
set logical-systems r7 protocols isis level 1 preference 155
set logical-systems r7 protocols isis interface all level 2 disable
set logical-systems r7 protocols isis interface all level 1 hello-authentication-key jnx
set logical-systems r7 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r7 protocols isis interface all level 1 priority 0
set logical-systems r7 protocols isis interface lo0.7 passive
set logical-systems r7 protocols ospf external-preference 159
set logical-systems r7 protocols ospf export ISIS>OSPF
set logical-systems r7 protocols ospf area 0.0.0.2 nssa
set logical-systems r7 protocols ospf area 0.0.0.2 interface em7.78 authentication simple-password peter
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 from protocol isis
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 from route-filter 0.0.0.0/0 exact
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 then accept
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from protocol ospf
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from route-filter 192.168.0.0/22 longer
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from route-filter 172.16.40.0/29 longer
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 then accept
set chassis alarm management-ethernet link-down ignore
set interfaces em0 unit 0 family inet address 10.0.1.1/24
set interfaces em1 vlan-tagging
set interfaces em2 vlan-tagging
set interfaces em3 vlan-tagging
set interfaces em4 vlan-tagging
set interfaces em5 vlan-tagging
set interfaces em6 vlan-tagging
set interfaces em7 vlan-tagging
set snmp interface em0.0
set snmp community public authorization read-only
set snmp community private authorization read-write
set snmp trap-group FOO version v1
set snmp trap-group FOO categories authentication
set snmp trap-group FOO targets 10.0.200.2
set routing-options static route 10.0.200.0/24 next-hop 10.0.1.102
set routing-options static route 10.0.200.0/24 no-readvertise


VMware Olive-2 pre-configuration:
set version 12.1R1.9
set system host-name JNCIP_2
set system root-authentication encrypted-password "$1$iUWoHDQs$pGhPDBTA1l0idhazm/jPQ."
set logical-systems C1_C2 interfaces em5 unit 124 description "Connect to r4 em4.124"
set logical-systems C1_C2 interfaces em5 unit 124 vlan-id 124
set logical-systems C1_C2 interfaces em5 unit 124 family inet address 172.16.0.6/30
set logical-systems C1_C2 interfaces em5 unit 125 description "Connect to r4 em4.125"
set logical-systems C1_C2 interfaces em5 unit 125 vlan-id 125
set logical-systems C1_C2 interfaces em5 unit 125 family inet address 172.16.0.10/30
set logical-systems C1_C2 interfaces em6 unit 137 description "Connect to r7 em7.137"
set logical-systems C1_C2 interfaces em6 unit 137 vlan-id 137
set logical-systems C1_C2 interfaces em6 unit 137 family inet address 172.16.0.26/30
set logical-systems C1_C2 interfaces em6 unit 137 family inet address 201.201.0.1/24
set logical-systems C1_C2 interfaces em6 unit 137 family mpls
set logical-systems C1_C2 interfaces lo0 unit 0 family inet address 200.200.0.1/32
set logical-systems C1_C2 protocols mpls interface em6.137
set logical-systems C1_C2 protocols bgp group r4 type external
set logical-systems C1_C2 protocols bgp group r4 multihop
set logical-systems C1_C2 protocols bgp group r4 export r4
set logical-systems C1_C2 protocols bgp group r4 peer-as 65412
set logical-systems C1_C2 protocols bgp group r4 neighbor 10.0.3.4 authentication-key "$9$9S8-t0ILX-ds4"
set logical-systems C1_C2 policy-options policy-statement null then reject
set logical-systems C1_C2 policy-options policy-statement r4 term 1 from protocol static
set logical-systems C1_C2 policy-options policy-statement r4 term 1 from route-filter 200.0.0.0/8 orlonger
set logical-systems C1_C2 policy-options policy-statement r4 term 1 from route-filter 32.0.0.0/8 longer
set logical-systems C1_C2 policy-options policy-statement r4 term 1 from route-filter 172.16.0.0/16 orlonger
set logical-systems C1_C2 policy-options policy-statement r4 term 1 from route-filter 201.0.0.0/8 orlonger
set logical-systems C1_C2 policy-options policy-statement r4 term 1 then accept
set logical-systems C1_C2 policy-options policy-statement r7 term 1 from protocol static
set logical-systems C1_C2 policy-options policy-statement r7 term 1 then as-path-prepend 65020
set logical-systems C1_C2 policy-options policy-statement r7 term 1 then accept
set logical-systems C1_C2 policy-options policy-statement r7 term 2 from protocol direct
set logical-systems C1_C2 policy-options policy-statement r7 term 2 from route-filter 201.201.0.0/24 exact
set logical-systems C1_C2 policy-options policy-statement r7 term 2 then accept
set logical-systems C1_C2 routing-instances C2 instance-type vrf
set logical-systems C1_C2 routing-instances C2 interface em6.137
set logical-systems C1_C2 routing-instances C2 route-distinguisher 65010:1
set logical-systems C1_C2 routing-instances C2 vrf-import null
set logical-systems C1_C2 routing-instances C2 vrf-export null
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.0.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.1.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.2.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.3.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.4.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.5.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.6.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.7.0/24 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 0.0.0.0/0 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 0.0.0.0/0 as-path path "62 39"
set logical-systems C1_C2 routing-instances C2 routing-options static route 64.0.0.0/7 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 201.201.0.7/32 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 210.210.16.128/26 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 210.210.16.128/26 as-path path 65010
set logical-systems C1_C2 routing-instances C2 routing-options static route 200.200.0.0/16 discard
set logical-systems C1_C2 routing-instances C2 routing-options static route 200.200.0.0/16 as-path path 65010
set logical-systems C1_C2 routing-instances C2 routing-options router-id 201.201.0.1
set logical-systems C1_C2 routing-instances C2 routing-options autonomous-system 65020
set logical-systems C1_C2 routing-instances C2 protocols bgp export r7
set logical-systems C1_C2 routing-instances C2 protocols bgp group r7 type external
set logical-systems C1_C2 routing-instances C2 protocols bgp group r7 neighbor 172.16.0.25 peer-as 65413
set logical-systems C1_C2 routing-options static route 200.200.0.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.1.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.2.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.3.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.4.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.5.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.6.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.7.0/24 discard
set logical-systems C1_C2 routing-options static route 32.0.0.0/16 discard
set logical-systems C1_C2 routing-options static route 32.0.0.0/16 as-path path 420
set logical-systems C1_C2 routing-options static route 200.200.0.0/28 discard
set logical-systems C1_C2 routing-options static route 10.0.1.0/24 discard
set logical-systems C1_C2 routing-options static route 200.200.5.128/25 discard
set logical-systems C1_C2 routing-options static route 10.0.3.4/32 next-hop 172.16.0.5
set logical-systems C1_C2 routing-options static route 10.0.3.4/32 next-hop 172.16.0.9
set logical-systems C1_C2 routing-options static route 201.201.0.0/16 discard
set logical-systems C1_C2 routing-options static route 201.201.0.0/16 as-path path 65020
set logical-systems C1_C2 routing-options autonomous-system 65010
set logical-systems OSPF interfaces em1 unit 68 description "Connecto to r6 em6.68"
set logical-systems OSPF interfaces em1 unit 68 vlan-id 68
set logical-systems OSPF interfaces em1 unit 68 family inet address 172.16.40.1/30
set logical-systems OSPF interfaces em1 unit 78 description "Connecto to r7 em7.78"
set logical-systems OSPF interfaces em1 unit 78 vlan-id 78
set logical-systems OSPF interfaces em1 unit 78 family inet address 172.16.40.5/30
set logical-systems OSPF interfaces lo0 unit 1 family inet address 192.168.0.1/32
set logical-systems OSPF interfaces lo0 unit 1 family inet address 192.168.1.1/32
set logical-systems OSPF interfaces lo0 unit 1 family inet address 192.168.2.1/32
set logical-systems OSPF interfaces lo0 unit 1 family inet address 192.168.3.1/32
set logical-systems OSPF protocols ospf area 0.0.0.2 nssa
set logical-systems OSPF protocols ospf area 0.0.0.2 interface all authentication simple-password "$9$eOMKLNsYoUi.LxDk"
set logical-systems P1 interfaces em2 unit 129 description "Connect to r1 & r2 VLAN-129"
set logical-systems P1 interfaces em2 unit 129 vlan-id 129
set logical-systems P1 interfaces em2 unit 129 family inet address 10.0.5.254/24
set logical-systems P1 interfaces lo0 unit 2 family inet address 120.120.0.1/32
set logical-systems P1 protocols bgp group r1-r2 type external
set logical-systems P1 protocols bgp group r1-r2 export r1-r2
set logical-systems P1 protocols bgp group r1-r2 peer-as 65412
set logical-systems P1 protocols bgp group r1-r2 neighbor 10.0.5.1
set logical-systems P1 protocols bgp group r1-r2 neighbor 10.0.5.2
set logical-systems P1 policy-options policy-statement r1-r2 term 1 from route-filter 120.120.7.0/24 exact
set logical-systems P1 policy-options policy-statement r1-r2 term 1 then community add prefer
set logical-systems P1 policy-options policy-statement r1-r2 term 1 then accept
set logical-systems P1 policy-options policy-statement r1-r2 term 2 from protocol static
set logical-systems P1 policy-options policy-statement r1-r2 term 2 then accept
set logical-systems P1 policy-options community prefer members 65050:100
set logical-systems P1 routing-options static route 120.120.0.0/24 discard
set logical-systems P1 routing-options static route 120.120.1.0/24 discard
set logical-systems P1 routing-options static route 120.120.2.0/24 discard
set logical-systems P1 routing-options static route 120.120.3.0/24 discard
set logical-systems P1 routing-options static route 120.120.4.0/24 discard
set logical-systems P1 routing-options static route 120.120.5.0/24 discard
set logical-systems P1 routing-options static route 120.120.6.0/24 discard
set logical-systems P1 routing-options static route 120.120.7.0/24 discard
set logical-systems P1 routing-options static route 120.120.69.128/25 discard
set logical-systems P1 routing-options static route 172.17.0.0/24 discard
set logical-systems P1 routing-options static route 192.168.4.0/24 discard
set logical-systems P1 routing-options static route 0.0.0.0/4 discard
set logical-systems P1 routing-options static route 0.0.0.0/0 discard
set logical-systems P1 routing-options static route 3.4.0.0/20 discard
set logical-systems P1 routing-options static route 6.0.0.0/7 discard
set logical-systems P1 routing-options static route 120.120.69.0/24 discard
set logical-systems P1 routing-options static route 120.120.69.0/24 as-path path 65412
set logical-systems P1 routing-options autonomous-system 1492
set logical-systems T1 interfaces em3 unit 103 description "Connect to r3 em3.103"
set logical-systems T1 interfaces em3 unit 103 vlan-id 103
set logical-systems T1 interfaces em3 unit 103 family inet address 172.16.0.14/30
set logical-systems T1 interfaces lo0 unit 3 family inet address 130.130.0.1/32
set logical-systems T1 protocols bgp group test type internal
set logical-systems T1 protocols bgp group test cluster 130.130.1.1
set logical-systems T1 protocols bgp group test neighbor 10.0.1.201 export null
set logical-systems T1 protocols bgp group test neighbor 10.0.1.66 export nhs
set logical-systems T1 protocols bgp group ext type external
set logical-systems T1 protocols bgp group ext export static
set logical-systems T1 protocols bgp group ext neighbor 172.16.0.13 peer-as 65412
set logical-systems T1 protocols isis interface all level 1 disable
set logical-systems T1 protocols ospf area 0.0.0.0 interface fe-0/0/0.0
set logical-systems T1 policy-options policy-statement nhs term 1 from protocol bgp
set logical-systems T1 policy-options policy-statement nhs term 1 from protocol static
set logical-systems T1 policy-options policy-statement nhs term 1 then next-hop self
set logical-systems T1 policy-options policy-statement null then reject
set logical-systems T1 policy-options policy-statement static term 1 from protocol static
set logical-systems T1 policy-options policy-statement static term 1 from route-filter 120.120.0.0/16 orlonger reject
set logical-systems T1 policy-options policy-statement static term 1 from route-filter 200.200.0.0/16 orlonger reject
set logical-systems T1 policy-options policy-statement static term 2 from protocol static
set logical-systems T1 policy-options policy-statement static term 2 then accept
set logical-systems T1 routing-options static route 207.17.136.192/32 next-hop 10.0.1.201
set logical-systems T1 routing-options static route 172.17.0.0/16 discard
set logical-systems T1 routing-options static route 0.0.0.0/16 discard
set logical-systems T1 routing-options static route 130.130.0.0/16 discard
set logical-systems T1 routing-options generate route 200.0.0.0/16
set logical-systems T1 routing-options autonomous-system 65222
set logical-systems T2 interfaces em4 unit 113 description "Connect to r3 em3.113"
set logical-systems T2 interfaces em4 unit 113 vlan-id 113
set logical-systems T2 interfaces em4 unit 113 family inet address 172.16.0.18/30
set logical-systems T2 interfaces em4 unit 116 description "Connect to r6 em3.116"
set logical-systems T2 interfaces em4 unit 116 vlan-id 116
set logical-systems T2 interfaces em4 unit 116 family inet address 172.16.0.22/30
set logical-systems T2 interfaces lo0 unit 4 family inet address 130.130.0.2/32
set logical-systems T2 protocols bgp group internal type internal
set logical-systems T2 protocols bgp group internal export nhs
set logical-systems T2 protocols bgp group internal neighbor 10.0.1.65
set logical-systems T2 protocols bgp group ext type external
set logical-systems T2 protocols bgp group ext export static
set logical-systems T2 protocols bgp group ext neighbor 172.16.0.21 peer-as 65412
set logical-systems T2 protocols bgp group ext neighbor 172.16.0.17 peer-as 65412
set logical-systems T2 protocols ospf area 0.0.0.0 interface fe-0/0/0.0
set logical-systems T2 policy-options policy-statement nhs term 1 from protocol bgp
set logical-systems T2 policy-options policy-statement nhs term 1 from protocol static
set logical-systems T2 policy-options policy-statement nhs term 1 then next-hop self
set logical-systems T2 policy-options policy-statement static term 1 from route-filter 120.120.0.0/16 orlonger reject
set logical-systems T2 policy-options policy-statement static term 1 from route-filter 200.200.0.0/16 orlonger reject
set logical-systems T2 policy-options policy-statement static from protocol static
set logical-systems T2 policy-options policy-statement static then accept
set logical-systems T2 routing-options static route 220.0.0.0/28 discard
set logical-systems T2 routing-options static route 120.120.6.0/24 discard
set logical-systems T2 routing-options static route 120.120.6.0/24 community 65050:100
set logical-systems T2 routing-options static route 128.128.128.0/17 discard
set logical-systems T2 routing-options static route 130.130.0.0/16 discard
set logical-systems T2 routing-options static route 192.0.2.0/24 discard
set logical-systems T2 routing-options autonomous-system 65222
set interfaces em1 vlan-tagging
set interfaces em2 vlan-tagging
set interfaces em3 vlan-tagging
set interfaces em4 vlan-tagging
set interfaces em5 vlan-tagging
set interfaces em6 vlan-tagging
set interfaces em7 vlan-tagging


Now, the following configuration is for sub-Confed setting.
VMware Olive-1 pre-configuration:

Sub-Confed [65000] setting
R1:
set logical-systems r1 routing-options autonomous-system 65000
set logical-systems r1 routing-options confederation 65412
set logical-systems r1 routing-options confederation members [65000 65001 65002]

set logical-systems r1 protocols bgp group 65000 type internal
set logical-systems r1 protocols bgp group 65000 local-address 10.0.6.1
set logical-systems r1 protocols bgp group 65000 neighbor 10.0.3.3

R3:
set logical-systems r3 routing-options autonomous-system 65000
set logical-systems r3 routing-options confederation 65412
set logical-systems r3 routing-options confederation members [65000 65001 65002]

set logical-systems r3 protocols bgp group 65000 type internal
set logical-systems r3 protocols bgp group 65000 local-address 10.0.3.3
set logical-systems r3 protocols bgp group 65000 neighbor 10.0.6.1

Sub-Confed [65001] setting
R2:
set logical-systems r2 routing-options autonomous-system 65001
set logical-systems r2 routing-options confederation 65412
set logical-systems r2 routing-options confederation members [65000 65001 65002]

set logical-systems r2 protocols bgp group 65001 type internal
set logical-systems r2 protocols bgp group 65001 local-address 10.0.6.2
set logical-systems r2 protocols bgp group 65001 neighbor 10.0.3.4

R4:
set logical-systems r4 routing-options autonomous-system 65001
set logical-systems r4 routing-options confederation 65412
set logical-systems r4 routing-options confederation members [65000 65001 65002]

set logical-systems r4 protocols bgp group 65001 type internal
set logical-systems r4 protocols bgp group 65001 local-address 10.0.3.4
set logical-systems r4 protocols bgp group 65001 neighbor 10.0.6.2

Sub-Confed [65002] setting
R5
set logical-systems r5 routing-options autonomous-system 65002
set logical-systems r5 routing-options confederation 65412
set logical-systems r5 routing-options confederation members [65000 65001 65002]

set logical-systems r5 protocols bgp group 65002 type internal
set logical-systems r5 protocols bgp group 65002 local-address 10.0.3.5
set logical-systems r5 protocols bgp group 65002 neighbor 10.0.9.6
set logical-systems r5 protocols bgp group 65002 neighbor 10.0.9.7

R6:
set logical-systems r6 routing-options autonomous-system 65002
set logical-systems r6 routing-options confederation 65412
set logical-systems r6 routing-options confederation members [65000 65001 65002]

set logical-systems r6 protocols bgp group 65002 type internal
set logical-systems r6 protocols bgp group 65002 local-address 10.0.9.6
set logical-systems r6 protocols bgp group 65002 neighbor 10.0.3.5
set logical-systems r6 protocols bgp group 65002 neighbor 10.0.9.7

R7:
set logical-systems r7 routing-options autonomous-system 65002
set logical-systems r7 routing-options confederation 65412
set logical-systems r7 routing-options confederation members [65000 65001]

set logical-systems r7 protocols bgp group 65002 type internal
set logical-systems r7 protocols bgp group 65002 local-address 10.0.9.7
set logical-systems r7 protocols bgp group 65002 neighbor 10.0.3.5
set logical-systems r7 protocols bgp group 65002 neighbor 10.0.9.6


After Sub-Confed [65000 65001 65002] setting, we need to let these three sub-Confed eBGP peer each other.
R3:
set logical-systems r3 protocols bgp group C-BGP type external
set logical-systems r3 protocols bgp group C-BGP multihop
set logical-systems r3 protocols bgp group C-BGP local-address 10.0.3.3
set logical-systems r3 protocols bgp group C-BGP neighbor 10.0.3.4 peer-as 65001
set logical-systems r3 protocols bgp group C-BGP neighbor 10.0.3.5 peer-as 65002

R4:
set logical-systems r4 protocols bgp group C-BGP type external
set logical-systems r4 protocols bgp group C-BGP multihop
set logical-systems r4 protocols bgp group C-BGP local-address 10.0.3.4
set logical-systems r4 protocols bgp group C-BGP neighbor 10.0.3.3 peer-as 65000
set logical-systems r4 protocols bgp group C-BGP neighbor 10.0.3.5 peer-as 65002

R5:
set logical-systems r5 protocols bgp group C-BGP type external
set logical-systems r5 protocols bgp group C-BGP multihop
set logical-systems r5 protocols bgp group C-BGP local-address 10.0.3.5
set logical-systems r5 protocols bgp group C-BGP neighbor 10.0.3.3 peer-as 65000
set logical-systems r5 protocols bgp group C-BGP neighbor 10.0.3.4 peer-as 65001


OK, sub-Confed EBGP peer setting are finished, let's redistribute the static routes.
R1:
set logical-systems r1 routing-options static route 192.168.10.0/24 reject

set logical-systems r1 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r1 policy-options policy-statement ibgp term 1 from route-filter 192.168.10.0/24 exact
set logical-systems r1 policy-options policy-statement ibgp term 1 then accept
set logical-systems r1 protocols bgp group 65000 export ibgp

R2:
set logical-systems r2 routing-options static route 192.168.20.0/24 reject

set logical-systems r2 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r2 policy-options policy-statement ibgp term 1 from route-filter 192.168.20.0/24 exact
set logical-systems r2 policy-options policy-statement ibgp term 1 then accept

set logical-systems r2 protocols bgp group 65001 export ibgp

R3:
set logical-systems r3 routing-options static route 192.168.30.0/24 reject

set logical-systems r3 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r3 policy-options policy-statement ibgp term 1 from route-filter 192.168.30.0/24 exact
set logical-systems r3 policy-options policy-statement ibgp term 1 then accept

set logical-systems r3 protocols bgp group 65000 export ibgp

R4:
set logical-systems r4 routing-options static route 192.168.40.0/24 reject

set logical-systems r4 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r4 policy-options policy-statement ibgp term 1 from route-filter 192.168.40.0/24 exact
set logical-systems r4 policy-options policy-statement ibgp term 1 then accept

set logical-systems r4 protocols bgp group 65001 export ibgp

R5:
set logical-systems r5 routing-options static route 192.168.50.0/24 reject

set logical-systems r5 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r5 policy-options policy-statement ibgp term 1 from route-filter 192.168.50.0/24 exact
set logical-systems r5 policy-options policy-statement ibgp term 1 then accept

set logical-systems r5 protocols bgp group 65002 export ibgp

R6:
set logical-systems r6 routing-options static route 192.168.60.0/24 reject

set logical-systems r6 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r6 policy-options policy-statement ibgp term 1 from route-filter 192.168.60.0/24 exact
set logical-systems r6 policy-options policy-statement ibgp term 1 then accept

set logical-systems r6 protocols bgp group 65002 export ibgp

R7:
set logical-systems r7 routing-options static route 192.168.70.0/24 reject

set logical-systems r7 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r7 policy-options policy-statement ibgp term 1 from route-filter 192.168.70.0/24 exact
set logical-systems r7 policy-options policy-statement ibgp term 1 then accept

set logical-systems r7 protocols bgp group 65002 export ibgp


Requirements:
Establish EBGP peering sessions according to the following criteria:
1. EBGP load balance over the two links connecting r4 to C1.
2. EBGP load balance from r3 to T1 and T2.
3. The P1 router must peer to both r1 and r2 using interface addresses.
4. The C1 router uses authentication with secret jnx.
5. The C2 router has been incorrectly set to peer with AS 65413. You must bring up the EBGP session without modifying the C2 router’s configuration.
6. r4 must write to the syslog when C1 advertises more than 10 IPv4 unicast routes.

Policy requirements:
1. Originate three NLRI advertisements to EBGP peers reflecting your 10/8 space, the OSPF router’s routes, and the OSPF subnets, without altering the routing-options stanza on r3, r4, r6, and r7.
2. You cannot use generated routes, but a single static route is permitted on both r1 and r2.
Interface or link failures cannot disrupt P1’s connectivity.
3. Prepend 64512 64512 to all routes received from P1. Ensure that transit providers do not receive these AS numbers.
4. Use communities to tag routes based on the EBGP peering point where they are learned.
Ensure that routes learned from each peering point can be uniquely identified.
5. Remove all communities received from the P1 router.
6. Without using policy, make sure you do not install any 192.0.2/24 test-net prefixes from EBGP peers as active routes.
7. Accept all customer routes that have originated in customer sites to accommodate the C1–C2 EBGP peering shown in Figure 6.6.
8. Accept no routes with prefixes longer than a /26.
9. Use local preference so that customer routes are preferred over transit routes.
10. Do not accept any default routes or RFC 1918 routes from EBGP peers.
11. Send peer EBGP routes to all sites. Do not send transit provider routes to peers.
12. Customers receive all EBGP routes, and all sites receive customer EBGP routes.
13. r6 must advertise a MED to T2 based on its IGP metrics.
14. Damp transit provider routes based on prefix length according to these criteria:
 14-1. Prefix lengths 0–8 = No damping
 14-2. Prefix lengths 9–16 = 20-minute half-life and reuse of 1000
 14-3. Prefix lengths 17–32 = 25-minute half-life and reuse of 1500
 14-4. 210.0/16 or longer = No damping
15. All routers in your AS should forward through r2 to reach peer prefixes when r2 is operational.
16. Ensure that transit providers use the r6 peering link when forwarding traffic to customer destinations without setting MED on r3.
17. You cannot have any black holes or suboptimal routing.


EBGP Peering Case Study Configurations:
Establish EBGP peering sessions according to the following criteria:

1. EBGP load balance over the two links connecting r4 to C1.
R4:
set logical-systems r4 routing-options static route 200.200.0.1/32 next-hop 172.16.0.6
set logical-systems r4 routing-options static route 200.200.0.1/32 next-hop 172.16.0.10

set logical-systems r4 protocols bgp group C1 type external
set logical-systems r4 protocols bgp group C1 multihop
set logical-systems r4 protocols bgp group C1 local-address 10.0.3.4
set logical-systems r4 protocols bgp group C1 peer-as 65010
set logical-systems r4 protocols bgp group C1 neighbor 200.200.0.1


2. EBGP load balance from r3 to T1 and T2.
R3:
set logical-systems r3 protocols bgp group T1-T2 type external
set logical-systems r3 protocols bgp group T1-T2 peer-as 65222
set logical-systems r3 protocols bgp group T1-T2 multipath
set logical-systems r3 protocols bgp group T1-T2 neighbor 172.16.0.14
set logical-systems r3 protocols bgp group T1-T2 neighbor 172.16.0.18

R6:
set logical-systems r6 protocols bgp group T2 type external
set logical-systems r6 protocols bgp group T2 peer-as 65222
set logical-systems r6 protocols bgp group T2 neighbor 172.16.0.22


3. The P1 router must peer to both r1 and r2 using interface addresses.
R1:
set logical-systems r1 protocols bgp group P1 type external
set logical-systems r1 protocols bgp group P1 peer-as 1492
set logical-systems r1 protocols bgp group P1 neighbor 10.0.5.254

R2:
set logical-systems r2 protocols bgp group P1 type external
set logical-systems r2 protocols bgp group P1 peer-as 1492
set logical-systems r2 protocols bgp group P1 neighbor 10.0.5.254


4. The C1 router uses authentication with secret jnx.
R4:
set logical-systems r4 protocols bgp group C1 authentication-key jnx


5. The C2 router has been incorrectly set to peer with AS 65413. You must bring up the EBGP session without modifying the C2 router’s configuration.
R7:
set logical-systems r7 protocols bgp group C2 type external
set logical-systems r7 protocols bgp group C2 peer-as 65020
set logical-systems r7 protocols bgp group C2 neighbor 172.16.0.26
set logical-systems r7 protocols bgp group C2 local-as 65413


6. r4 must write to the syslog when C1 advertises more than 10 IPv4 unicast routes.
R4:
set logical-systems r4 protocols bgp group C1 family inet unicast prefix-limit maximum 10


Setting EBGP Policies.
Policy requirements:
1. Originate three NLRI advertisements to EBGP peers reflecting your 10/8 space, the OSPF router’s routes, and the OSPF subnets, without altering the routing-options stanza on r3, r4, r6, and r7.
2. You cannot use generated routes, but a single static route is permitted on both r1 and r2.
Interface or link failures cannot disrupt P1’s connectivity.
Note: 10/8 network is R1-R7 network.
192.168.0/22 (192.168.0-3.0/24) network is the OSPF router's network.
172.16.40/29 (172.16.40.0/30 & 172.16.40.4/30) network are R6 & R7 to OSPF router network.
R5:
set logical-systems r5 routing-options aggregate route 10.0.0.0/8
set logical-systems r5 routing-options aggregate route 172.16.40.0/29
set logical-systems r5 routing-options aggregate route 192.168.0.0/22

set logical-systems r5 policy-options policy-statement ibgp term 2 from protocol aggregate
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 10.0.0.0/8 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 192.168.0.0/22 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 172.16.40.0/29 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 then accept

set logical-systems r5 protocols bgp group C-BGP export ibgp

Note:On R3 & R4, we find the 192.168.0/22 and 172.16.40/29 do not advertise to (T1 & T2) & (C1 & C2), the reason is "Inactive reason: Route Preference"
Check:
R3:
run show route advertising-protocol bgp 172.16.0.14 192.168.0.0/22 logical-system r3
run show route advertising-protocol bgp 172.16.0.14 172.16.40/29 logical-system r3
run show route advertising-protocol bgp 172.16.0.18 192.168.0.0/22 logical-system r3
run show route advertising-protocol bgp 172.16.0.18 172.16.40/29 logical-system r3

R4:
run show route advertising-protocol bgp 200.200.0.1 192.168.0.0/22 logical-system r4
run show route advertising-protocol bgp 200.200.0.1 172.16.40/29 logical-system r4

R3:
set logical-systems r3 protocols bgp advertise-inactive

R4:
set logical-systems r4 protocols bgp advertise-inactive

Check again:
R3:
run show route advertising-protocol bgp 172.16.0.14 192.168.0.0/22 logical-system r3
run show route advertising-protocol bgp 172.16.0.14 172.16.40/29 logical-system r3
run show route advertising-protocol bgp 172.16.0.18 192.168.0.0/22 logical-system r3
run show route advertising-protocol bgp 172.16.0.18 172.16.40/29 logical-system r3

R4:
run show route advertising-protocol bgp 200.200.0.1 192.168.0.0/22 logical-system r4
run show route advertising-protocol bgp 200.200.0.1 172.16.40/29 logical-system r4

Note: On R1 & R2, we find the 10/8 and 172.16.40/29 do not advertise to P1 , the reason is "Next hop type: Unusable".

Check:
R1:
run show route 10/8 hidden detail logical-system r1

R2:
run show route 10/8 hidden detail logical-system r2

R1:
set logical-systems r1 routing-options static route 10.0.0.0/8 next-hop 10.0.4.13
set logical-systems r1 routing-options static route 10.0.0.0/8 qualified-next-hop 10.0.4.6 preference 10

set logical-systems r1 policy-options policy-statement R1>P1 term 1 from protocol static
set logical-systems r1 policy-options policy-statement R1>P1 term 1 from route-filter 10.0.0.0/8 exact
set logical-systems r1 policy-options policy-statement R1>P1 term 1 then accept

set logical-systems r1 protocols bgp group P1 export R1>P1

R2:
set logical-systems r2 routing-options static route 10.0.0.0/8 next-hop 10.0.4.9
set logical-systems r2 routing-options static route 10.0.0.0/8 qualified-next-hop 10.0.4.1 preference 10

set logical-systems r2 policy-options policy-statement R2>P1 term 1 from protocol static
set logical-systems r2 policy-options policy-statement R2>P1 term 1 from route-filter 10.0.0.0/8 exact
set logical-systems r2 policy-options policy-statement R2>P1 term 1 then accept

set logical-systems r2 protocols bgp group P1 export R2>P1

Check again:
run show route advertising-protocol bgp 10.0.5.254 10/8 logical-system r1
run show route advertising-protocol bgp 10.0.5.254 172.16.40.0/29 logical-system r1
run show route advertising-protocol bgp 10.0.5.254 192.168.0/22 logical-system r1

run show route advertising-protocol bgp 10.0.5.254 10/8 logical-system r2
run show route advertising-protocol bgp 10.0.5.254 172.16.40.0/29 logical-system r2
run show route advertising-protocol bgp 10.0.5.254 192.168.0/22 logical-system r2

3. Prepend 64512 64512 to all routes received from P1. Ensure that transit providers do not receive these AS numbers.
Note:That transit providers (T1 & T2) do not receive these AS numbers (64512 64512).
R1:
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 then as-path-prepend "64512 64512"

R2:
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 then as-path-prepend "64512 64512"

R3:
set logical-systems r3 protocols bgp group T1-T2 remove-private

R6:
set logical-systems r6 protocols bgp group T2 remove-private

Check:
run show route advertising-protocol bgp 172.16.0.22 120.120/16 logical-system r6


4. Use communities to tag routes based on the EBGP peering point where they are learned.
Ensure that routes learned from each peering point can be uniquely identified.
R1:
set logical-systems r1 policy-options community T1 members 65412:101
set logical-systems r1 policy-options community T2 members 65412:102
set logical-systems r1 policy-options community P1 members 65412:201
set logical-systems r1 policy-options community C1 members 65412:301
set logical-systems r1 policy-options community C2 members 65412:302

set logical-systems r1 policy-options as-path P1 ".* 1492"
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 from as-path P1
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 then community add P1

set logical-systems r1 protocols bgp group P1 import P1>R1

R2:
set logical-systems r2 policy-options community T1 members 65412:101
set logical-systems r2 policy-options community T2 members 65412:102
set logical-systems r2 policy-options community P1 members 65412:201
set logical-systems r2 policy-options community C1 members 65412:301
set logical-systems r2 policy-options community C2 members 65412:302

set logical-systems r2 policy-options as-path P1 ".* 1492"
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 from as-path P1
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 then community add P1

set logical-systems r2 protocols bgp group P1 import P1>R2

R3:
set logical-systems r3 policy-options community T1 members 65412:101
set logical-systems r3 policy-options community T2 members 65412:102
set logical-systems r3 policy-options community P1 members 65412:201
set logical-systems r3 policy-options community C1 members 65412:301
set logical-systems r3 policy-options community C2 members 65412:302

set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T1 from neighbor 172.16.0.14
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T1 then community add T1

set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T2 from neighbor 172.16.0.18
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T2 then community add T2

set logical-systems r3 protocols bgp group T1-T2 import T1_T2>R3

R4:
set logical-systems r4 policy-options community T1 members 65412:101
set logical-systems r4 policy-options community T2 members 65412:102
set logical-systems r4 policy-options community P1 members 65412:201
set logical-systems r4 policy-options community C1 members 65412:301
set logical-systems r4 policy-options community C2 members 65412:302

set logical-systems r4 policy-options as-path C1 ".* 65010"
set logical-systems r4 policy-options as-path C2 ".* 65020"

set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C1 from as-path C1
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C1 then community add C1

set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C2 from as-path C2
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C2 then community add C2

set logical-systems r3 protocols bgp group T1-T2 import T1_T2>R3

R5:
set logical-systems r5 policy-options community T1 members 65412:101
set logical-systems r5 policy-options community T2 members 65412:102
set logical-systems r5 policy-options community P1 members 65412:201
set logical-systems r5 policy-options community C1 members 65412:301
set logical-systems r5 policy-options community C2 members 65412:302

R6:
set logical-systems r6 policy-options community T1 members 65412:101
set logical-systems r6 policy-options community T2 members 65412:102
set logical-systems r6 policy-options community P1 members 65412:201
set logical-systems r6 policy-options community C1 members 65412:301
set logical-systems r6 policy-options community C2 members 65412:302

set logical-systems r6 policy-options policy-statement T2>R6 term TAG-T2 from neighbor 172.16.0.22
set logical-systems r6 policy-options policy-statement T2>R6 term TAG-T2 then community add T2

set logical-systems r6 protocols bgp group T2 import T2>R6

R7:
set logical-systems r7 policy-options community T1 members 65412:101
set logical-systems r7 policy-options community T2 members 65412:102
set logical-systems r7 policy-options community P1 members 65412:201
set logical-systems r7 policy-options community C1 members 65412:301
set logical-systems r7 policy-options community C2 members 65412:302

set logical-systems r7 policy-options as-path C1 ".* 65010"
set logical-systems r7 policy-options as-path C2 ".* 65020"

set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C1 from as-path C1
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C1 then community add C1

set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C2 from as-path C2
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C2 then community add C2

set logical-systems r7 protocols bgp group C2 import C1_C2>R7


5. Remove all communities received from the P1 router.
Note: We need to mark sure the term's order, delete all communities and than add new communities.
R1:
set logical-systems r1 policy-options community ALL_COMMS members *:*

set logical-systems r1 policy-options policy-statement P1>R1 term NO_COMMS then community delete ALL_COMMS

insert policy-options policy-statement P1>R1 term TAG-P1 after term NO_COMMS

set logical-systems r1 protocols bgp group P1 import P1>R1

R2:
set logical-systems r2 policy-options community ALL_COMMS members *:*

set logical-systems r2 policy-options policy-statement P1>R2 term NO_COMMS then community delete ALL_COMMS

insert r2 policy-options policy-statement P1>R2 term TAG-P1 after term NO_COMMS

set logical-systems r2 protocols bgp group P1 import P1>R2


6. Without using policy, make sure you do not install any 192.0.2/24 test-net prefixes from EBGP peers as active routes.
R1:
set logical-systems r1 routing-options martians 192.0.2.0/24 orlonger

R2:
set logical-systems r2 routing-options martians 192.0.2.0/24 orlonger

R3:
set logical-systems r3 routing-options martians 192.0.2.0/24 orlonger

R4:
set logical-systems r4 routing-options martians 192.0.2.0/24 orlonger

R5:
set logical-systems r5 routing-options martians 192.0.2.0/24 orlonger

R6:
set logical-systems r6 routing-options martians 192.0.2.0/24 orlonger

R7:
set logical-systems r7 routing-options martians 192.0.2.0/24 orlonger

Check:
root@JNCIP_1# run show route martians table inet.0 logical-system r1

inet.0:
             0.0.0.0/0 exact -- allowed
             0.0.0.0/8 orlonger -- disallowed
             127.0.0.0/8 orlonger -- disallowed
             192.0.0.0/24 orlonger -- disallowed
             240.0.0.0/4 orlonger -- disallowed
             224.0.0.0/4 exact -- disallowed
             224.0.0.0/24 exact -- disallowed
             192.0.2.0/24 orlonger -- disallowed

[edit logical-systems]
root@JNCIP_1#


7. Accept all customer routes that have originated in customer sites to accommodate the C1–C2 EBGP peering shown in Figure 6.6.
Note: Check r4 & r7 both have routes 200.200/16 and 201.201/16 on their routing table.
C2 will send its local routes (201.201/16) to R4 via C1.
C1 will send its local routes (200.200/16) to R7 via C2.
This means it has a link between C1 & C2.
In this Lab, the order of term is very important.
Mark sure the term KILL-REST is in the end of policy, and setting the "then next policy" before the term "KILL-REST".
In this lab, I put term "PREFER" before the term "KILL-REST"
R4:
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER then next policy

set logical-systems r4 policy-options policy-statement C1_C2>R4 term KILL-REST then reject

R7:
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER then next policy

set logical-systems r7 policy-options policy-statement C1_C2>R7 term KILL-REST then reject


8. Accept no routes with prefixes longer than a /26.
R1:
set logical-systems r1 policy-options policy-statement P1>R1 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r1 protocols bgp group P1 import P1>R1

R2:
set logical-systems r2 policy-options policy-statement P1>R2 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r2 protocols bgp group P1 import P1>R2

R3:
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r3 protocols bgp group T1-T2 import T1_T2>R3

R4:
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r4 protocols bgp group C1 import C1_C2>R4

R5:
R5 do not have any EBGP peer.

R6:
set logical-systems r6 policy-options policy-statement T2>R6 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r6 protocols bgp group T2 import T2>R6

R7:
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject

set logical-systems r7 protocols bgp group C2 import C1_C2>R7


9. Use local preference so that customer routes are preferred over transit routes.
Note: Customer routes(C1 & C2) are preferred over transit routes(T1 & T2).
R4:
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER from as-path C1
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER from as-path C2
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER then local-preference 101

set logical-systems r4 protocols bgp group C1 import C1_C2>R4

R7:
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER from as-path C1
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER from as-path C2
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER then local-preference 101

set logical-systems r7 protocols bgp group C2 import C1_C2>R7


10. Do not accept any default routes or RFC 1918 routes from EBGP peers.
R1:
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r1 protocols bgp group P1 import P1>R1

R2:
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r2 protocols bgp group P1 import P1>R2

R3:
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r3 protocols bgp group T1-T2 import T1_T2>R3

R4:
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r4 protocols bgp group C1 import C1_C2>R4

R5:
R5 do not have any EBGP peer.

R6:
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r6 protocols bgp group T2 import T2>R6

R7:
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject

set logical-systems r7 protocols bgp group C2 import C1_C2>R7


11. Send peer EBGP routes to all sites. Do not send transit provider routes to peers.
12. Customers receive all EBGP routes, and all sites receive customer EBGP routes.
Note: In this lab, we do not allow the 192.168.x.0/24 (R1-R7 static routes) send to EBGP routers.
R1:
set logical-systems r1 policy-options as-path T1_T2 ".* 65222 .*"

set logical-systems r1 policy-options policy-statement R1>P1 term 2 from as-path T1_T2
set logical-systems r1 policy-options policy-statement R1>P1 term 2 then reject
set logical-systems r1 policy-options policy-statement R1>P1 term NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r1 protocols bgp group P1 export R1>P1

R2:
set logical-systems r2 policy-options as-path T1_T2 ".* 65222 .*"

set logical-systems r2 policy-options policy-statement R2>P1 term 2 from as-path T1_T2
set logical-systems r2 policy-options policy-statement R2>P1 term 2 then reject
set logical-systems r2 policy-options policy-statement R2>P1 term NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r2 protocols bgp group P1 export R2>P1

R3:
set logical-systems r3 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r3 protocols bgp group T1-T2 export NO_192.168.x/24

R4:
set logical-systems r4 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r4 protocols bgp group C1 export NO_192.168.x/24

R6:
set logical-systems r6 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r6 protocols bgp group T2 export NO_192.168.x/24

R7:
set logical-systems r7 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject

set logical-systems r7 protocols bgp group C2 export NO_192.168.x/24


13. r6 must advertise a MED to T2 based on its IGP metrics.
R6:
set logical-systems r6 protocols bgp group T2 metric-out igp


14. Damp transit provider routes based on prefix length according to these criteria:
 14-1. Prefix lengths 0–8 = No damping
 14-2. Prefix lengths 9–16 = 20-minute half-life and reuse of 1000
 14-3. Prefix lengths 17–32 = 25-minute half-life and reuse of 1500
 14-4. 210.0/16 or longer = No damping

Note: Setting damp for transit provider (T1 & T2) only:
R3:
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 200.0.0.0/16 orlonger damping NONE
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping NONE
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /9-/16 damping LOW
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping HIGH

set logical-systems r3 policy-options damping NONE disable
set logical-systems r3 policy-options damping LOW half-life 20
set logical-systems r3 policy-options damping LOW reuse 1000
set logical-systems r3 policy-options damping HIGH half-life 25
set logical-systems r3 policy-options damping HIGH reuse 1500

set logical-systems r3 protocols bgp group T1-T2 damping
set logical-systems r3 protocols bgp group T1-T2 import DAMP

R6:
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 200.0.0.0/16 orlonger damping NONE
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping NONE
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /9-/16 damping LOW
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping HIGH

set logical-systems r6 policy-options damping NONE disable
set logical-systems r6 policy-options damping LOW half-life 20
set logical-systems r6 policy-options damping LOW reuse 1000
set logical-systems r6 policy-options damping HIGH half-life 25
set logical-systems r6 policy-options damping HIGH reuse 1500

set logical-systems r6 protocols bgp group T2 damping
set logical-systems r6 protocols bgp group T2 import DAMP


15. All routers in your AS should forward through r2 to reach peer prefixes when r2 is operational.
R2:
set logical-systems r2 policy-options policy-statement P1>R2 term PREFER from community P1
set logical-systems r2 policy-options policy-statement P1>R2 term PREFER then local-preference 101

set logical-systems r2 protocols bgp group P1 import P1>R2


16. Ensure that transit providers use the r6 peering link when forwarding traffic to customer destinations without setting MED on r3.
Note: When we finish the Q13, T1_T2 to C1_C2 network will via R3. So We set up the prepend on R3.
R3:
set logical-systems r3 policy-options policy-statement PREPEND from community C1
set logical-systems r3 policy-options policy-statement PREPEND from community C2
set logical-systems r3 policy-options policy-statement PREPEND then as-path-prepend "65412 65412"

set logical-systems r3 protocols bgp group T1-T2 export PREPEND


17. You cannot have any black holes or suboptimal routing.
R3:
set logical-systems r3 policy-options policy-statement ibgp term 2 from community T1
set logical-systems r3 policy-options policy-statement ibgp term 2 from community T2
set logical-systems r3 policy-options policy-statement ibgp term 2 then next-hop self

set logical-systems r3 protocols bgp group C-BGP export ibgp

R4:
set logical-systems r4 policy-options policy-statement ibgp term 2 from community [C1 C2]
set logical-systems r4 policy-options policy-statement ibgp term 2 then next-hop self

set logical-systems r4 protocols bgp group C-BGP export ibgp

R6:
set logical-systems r6 policy-options policy-statement ibgp term 1 then accept
set logical-systems r6 policy-options policy-statement ibgp term 2 from community T2
set logical-systems r6 policy-options policy-statement ibgp term 2 then next-hop self

set logical-systems r6 protocols bgp group 65002 export ibgp

R7:
set logical-systems r7 policy-options policy-statement ibgp term 2 from community C1
set logical-systems r7 policy-options policy-statement ibgp term 2 from community C2
set logical-systems r7 policy-options policy-statement ibgp term 2 then next-hop self

set logical-systems r7 protocols bgp group 65002 export ibgp


Final configuration:
(Olive-1):
[edit logical-systems]
root@JNCIP_1# show | display set
set version 12.1R1.9
set system host-name JNCIP_1
set system time-zone Asia/Taipei
set system authentication-order radius
set system ports auxiliary type vt100
set system root-authentication encrypted-password "$1$9xaCfeIA$DoMiHW7akhvyMpAHebr/R0"
set system radius-server 10.0.200.2 secret "$9$-DbYoDi.z39JG39ApREdbs"
set system login class NOC permissions view
set system login user lab uid 2000
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$q0M9ehlx$9XZkXwUuPJK1bVFie2FCS."
set system login user noc uid 2001
set system login user noc class NOC
set system login user noc authentication encrypted-password "$1$nutuTWm9$j40sAjOFPTImr7tm/6/pE1"
set system static-host-mapping proctor inet 10.0.200.1
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services telnet
set system syslog user * any emergency
set system syslog host 10.0.200.2 interactive-commands any
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file r1-cli interactive-commands any
set system syslog file r1-cli archive files 4
set system ntp boot-server 10.0.1.102
set system ntp authentication-key 200 type md5
set system ntp authentication-key 200 value "$9$PTF/uORlK8CtK8X7sYfTz"
set system ntp broadcast-client
set system ntp trusted-key 200
set logical-systems logical-systems
set logical-systems r1 interfaces em1 unit 12 description "Connect to r2 em2.12"
set logical-systems r1 interfaces em1 unit 12 vlan-id 12
set logical-systems r1 interfaces em1 unit 12 family inet address 10.0.4.5/30
set logical-systems r1 interfaces em1 unit 12 family iso
set logical-systems r1 interfaces em1 unit 13 description "Connect to r3 em3.13"
set logical-systems r1 interfaces em1 unit 13 vlan-id 13
set logical-systems r1 interfaces em1 unit 13 family inet address 10.0.4.14/30
set logical-systems r1 interfaces em1 unit 13 family iso
set logical-systems r1 interfaces em1 unit 129 description "Connect to r2 & P1 VLAN-129"
set logical-systems r1 interfaces em1 unit 129 vlan-id 129
set logical-systems r1 interfaces em1 unit 129 family inet address 10.0.5.1/24
set logical-systems r1 interfaces lo0 unit 1 family inet address 10.0.6.1/32
set logical-systems r1 interfaces lo0 unit 1 family iso address 49.0002.0100.0000.6001.00
set logical-systems r1 protocols bgp group 65000 type internal
set logical-systems r1 protocols bgp group 65000 local-address 10.0.6.1
set logical-systems r1 protocols bgp group 65000 export ibgp
set logical-systems r1 protocols bgp group 65000 neighbor 10.0.3.3
set logical-systems r1 protocols bgp group P1 type external
set logical-systems r1 protocols bgp group P1 import P1>R1
set logical-systems r1 protocols bgp group P1 export R1>P1
set logical-systems r1 protocols bgp group P1 peer-as 1492
set logical-systems r1 protocols bgp group P1 neighbor 10.0.5.254
set logical-systems r1 protocols isis export VL129
set logical-systems r1 protocols isis reference-bandwidth 5g
set logical-systems r1 protocols isis lsp-lifetime 3600
set logical-systems r1 protocols isis level 1 wide-metrics-only
set logical-systems r1 protocols isis interface all level 2 disable
set logical-systems r1 protocols isis interface all level 1 hello-authentication-key "$9$PTF/cSeK87"
set logical-systems r1 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r1 protocols isis interface lo0.1 passive
set logical-systems r1 policy-options policy-statement P1>R1 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r1 policy-options policy-statement P1>R1 term NO_COMMS then community delete ALL_COMMS
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 from as-path P1
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 then community add P1
set logical-systems r1 policy-options policy-statement P1>R1 term TAG-P1 then as-path-prepend "64512 64512"
set logical-systems r1 policy-options policy-statement R1>P1 term 1 from protocol static
set logical-systems r1 policy-options policy-statement R1>P1 term 1 from route-filter 10.0.0.0/8 exact
set logical-systems r1 policy-options policy-statement R1>P1 term 1 then accept
set logical-systems r1 policy-options policy-statement R1>P1 term 2 from as-path T1_T2
set logical-systems r1 policy-options policy-statement R1>P1 term 2 then reject
set logical-systems r1 policy-options policy-statement R1>P1 term NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r1 policy-options policy-statement VL129 term 1 from protocol direct
set logical-systems r1 policy-options policy-statement VL129 term 1 from route-filter 10.0.5.0/24 exact
set logical-systems r1 policy-options policy-statement VL129 term 1 then metric 101
set logical-systems r1 policy-options policy-statement VL129 term 1 then accept
set logical-systems r1 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r1 policy-options policy-statement ibgp term 1 from route-filter 192.168.10.0/24 exact
set logical-systems r1 policy-options policy-statement ibgp term 1 then accept
set logical-systems r1 policy-options community ALL_COMMS members *:*
set logical-systems r1 policy-options community C1 members 65412:301
set logical-systems r1 policy-options community C2 members 65412:302
set logical-systems r1 policy-options community P1 members 65412:201
set logical-systems r1 policy-options community T1 members 65412:101
set logical-systems r1 policy-options community T2 members 65412:102
set logical-systems r1 policy-options as-path P1 ".* 1492"
set logical-systems r1 policy-options as-path T1_T2 ".* 65222 .*"
set logical-systems r1 routing-options static route 192.168.10.0/24 reject
set logical-systems r1 routing-options static route 10.0.0.0/8 next-hop 10.0.4.13
set logical-systems r1 routing-options static route 10.0.0.0/8 qualified-next-hop 10.0.4.6 preference 10
set logical-systems r1 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r1 routing-options autonomous-system 65000
set logical-systems r1 routing-options confederation 65412
set logical-systems r1 routing-options confederation members 65000
set logical-systems r1 routing-options confederation members 65001
set logical-systems r1 routing-options confederation members 65002
set logical-systems r2 interfaces em2 unit 12 description "Connect to r1 em1.12"
set logical-systems r2 interfaces em2 unit 12 vlan-id 12
set logical-systems r2 interfaces em2 unit 12 family inet address 10.0.4.6/30
set logical-systems r2 interfaces em2 unit 12 family iso
set logical-systems r2 interfaces em2 unit 23 description "Connect to r3 em3.23"
set logical-systems r2 interfaces em2 unit 23 vlan-id 23
set logical-systems r2 interfaces em2 unit 23 family inet address 10.0.4.2/30
set logical-systems r2 interfaces em2 unit 23 family iso
set logical-systems r2 interfaces em2 unit 24 description "Connect to r4 em4.24"
set logical-systems r2 interfaces em2 unit 24 vlan-id 24
set logical-systems r2 interfaces em2 unit 24 family inet address 10.0.4.10/30
set logical-systems r2 interfaces em2 unit 24 family iso
set logical-systems r2 interfaces em2 unit 129 description "Connect to r1 & P1 VLAN-129"
set logical-systems r2 interfaces em2 unit 129 vlan-id 129
set logical-systems r2 interfaces em2 unit 129 family inet address 10.0.5.2/24
set logical-systems r2 interfaces lo0 unit 2 family inet address 10.0.6.2/32
set logical-systems r2 interfaces lo0 unit 2 family iso address 49.0002.0100.0000.6002.00
set logical-systems r2 protocols bgp group 65001 type internal
set logical-systems r2 protocols bgp group 65001 local-address 10.0.6.2
set logical-systems r2 protocols bgp group 65001 export ibgp
set logical-systems r2 protocols bgp group 65001 neighbor 10.0.3.4
set logical-systems r2 protocols bgp group P1 type external
set logical-systems r2 protocols bgp group P1 import P1>R2
set logical-systems r2 protocols bgp group P1 export R2>P1
set logical-systems r2 protocols bgp group P1 peer-as 1492
set logical-systems r2 protocols bgp group P1 neighbor 10.0.5.254
set logical-systems r2 protocols isis export VL129
set logical-systems r2 protocols isis reference-bandwidth 5g
set logical-systems r2 protocols isis lsp-lifetime 3600
set logical-systems r2 protocols isis level 1 wide-metrics-only
set logical-systems r2 protocols isis interface all level 2 disable
set logical-systems r2 protocols isis interface all level 1 hello-authentication-key "$9$s/gaUF39Cu1"
set logical-systems r2 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r2 protocols isis interface lo0.2 passive
set logical-systems r2 policy-options policy-statement P1>R2 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r2 policy-options policy-statement P1>R2 term NO_COMMS then community delete ALL_COMMS
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 from as-path P1
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 then community add P1
set logical-systems r2 policy-options policy-statement P1>R2 term TAG-P1 then as-path-prepend "64512 64512"
set logical-systems r2 policy-options policy-statement P1>R2 term PREFER from community P1
set logical-systems r2 policy-options policy-statement P1>R2 term PREFER then local-preference 101
set logical-systems r2 policy-options policy-statement R2>P1 term 1 from protocol static
set logical-systems r2 policy-options policy-statement R2>P1 term 1 from route-filter 10.0.0.0/8 exact
set logical-systems r2 policy-options policy-statement R2>P1 term 1 then accept
set logical-systems r2 policy-options policy-statement R2>P1 term 2 from as-path T1_T2
set logical-systems r2 policy-options policy-statement R2>P1 term 2 then reject
set logical-systems r2 policy-options policy-statement R2>P1 term NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r2 policy-options policy-statement VL129 term 1 from protocol direct
set logical-systems r2 policy-options policy-statement VL129 term 1 from route-filter 10.0.5.0/24 exact
set logical-systems r2 policy-options policy-statement VL129 term 1 then metric 101
set logical-systems r2 policy-options policy-statement VL129 term 1 then accept
set logical-systems r2 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r2 policy-options policy-statement ibgp term 1 from route-filter 192.168.20.0/24 exact
set logical-systems r2 policy-options policy-statement ibgp term 1 then accept
set logical-systems r2 policy-options community ALL_COMMS members *:*
set logical-systems r2 policy-options community C1 members 65412:301
set logical-systems r2 policy-options community C2 members 65412:302
set logical-systems r2 policy-options community P1 members 65412:201
set logical-systems r2 policy-options community T1 members 65412:101
set logical-systems r2 policy-options community T2 members 65412:102
set logical-systems r2 policy-options as-path P1 ".* 1492"
set logical-systems r2 policy-options as-path T1_T2 ".* 65222 .*"
set logical-systems r2 routing-options static route 192.168.20.0/24 reject
set logical-systems r2 routing-options static route 10.0.0.0/8 next-hop 10.0.4.9
set logical-systems r2 routing-options static route 10.0.0.0/8 qualified-next-hop 10.0.4.1 preference 10
set logical-systems r2 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r2 routing-options autonomous-system 65001
set logical-systems r2 routing-options confederation 65412
set logical-systems r2 routing-options confederation members 65000
set logical-systems r2 routing-options confederation members 65001
set logical-systems r2 routing-options confederation members 65002
set logical-systems r3 interfaces em3 unit 13 description "Connecto to r1 em1.13"
set logical-systems r3 interfaces em3 unit 13 vlan-id 13
set logical-systems r3 interfaces em3 unit 13 family inet address 10.0.4.13/30
set logical-systems r3 interfaces em3 unit 13 family iso
set logical-systems r3 interfaces em3 unit 23 description "Connecto to r2 em2.23"
set logical-systems r3 interfaces em3 unit 23 vlan-id 23
set logical-systems r3 interfaces em3 unit 23 family inet address 10.0.4.1/30
set logical-systems r3 interfaces em3 unit 23 family iso
set logical-systems r3 interfaces em3 unit 34 description "Connecto to r4 em4.34"
set logical-systems r3 interfaces em3 unit 34 vlan-id 34
set logical-systems r3 interfaces em3 unit 34 family inet address 10.0.2.5/30
set logical-systems r3 interfaces em3 unit 34 family iso
set logical-systems r3 interfaces em3 unit 35 description "Connecto to r5 em5.35"
set logical-systems r3 interfaces em3 unit 35 vlan-id 35
set logical-systems r3 interfaces em3 unit 35 family inet address 10.0.2.2/30
set logical-systems r3 interfaces em3 unit 35 family iso
set logical-systems r3 interfaces em3 unit 103 description "Connect to T1 em3.103"
set logical-systems r3 interfaces em3 unit 103 vlan-id 103
set logical-systems r3 interfaces em3 unit 103 family inet address 172.16.0.13/30
set logical-systems r3 interfaces em3 unit 113 description "Connect to T2 em4.113"
set logical-systems r3 interfaces em3 unit 113 vlan-id 113
set logical-systems r3 interfaces em3 unit 113 family inet address 172.16.0.17/30
set logical-systems r3 interfaces lo0 unit 3 family inet address 10.0.3.3/32
set logical-systems r3 interfaces lo0 unit 3 family iso address 49.0002.0100.0000.3003.00
set logical-systems r3 protocols bgp advertise-inactive
set logical-systems r3 protocols bgp group 65000 type internal
set logical-systems r3 protocols bgp group 65000 local-address 10.0.3.3
set logical-systems r3 protocols bgp group 65000 export ibgp
set logical-systems r3 protocols bgp group 65000 neighbor 10.0.6.1
set logical-systems r3 protocols bgp group C-BGP type external
set logical-systems r3 protocols bgp group C-BGP multihop
set logical-systems r3 protocols bgp group C-BGP local-address 10.0.3.3
set logical-systems r3 protocols bgp group C-BGP export ibgp
set logical-systems r3 protocols bgp group C-BGP neighbor 10.0.3.4 peer-as 65001
set logical-systems r3 protocols bgp group C-BGP neighbor 10.0.3.5 peer-as 65002
set logical-systems r3 protocols bgp group T1-T2 type external
set logical-systems r3 protocols bgp group T1-T2 damping
set logical-systems r3 protocols bgp group T1-T2 import DAMP
set logical-systems r3 protocols bgp group T1-T2 import T1_T2>R3
set logical-systems r3 protocols bgp group T1-T2 export NO_192.168.x/24
set logical-systems r3 protocols bgp group T1-T2 export PREPEND
set logical-systems r3 protocols bgp group T1-T2 remove-private
set logical-systems r3 protocols bgp group T1-T2 peer-as 65222
set logical-systems r3 protocols bgp group T1-T2 multipath
set logical-systems r3 protocols bgp group T1-T2 neighbor 172.16.0.14
set logical-systems r3 protocols bgp group T1-T2 neighbor 172.16.0.18
set logical-systems r3 protocols isis export SUM
set logical-systems r3 protocols isis reference-bandwidth 5g
set logical-systems r3 protocols isis lsp-lifetime 3600
set logical-systems r3 protocols isis level 2 authentication-key "$9$PTF/cSeK87"
set logical-systems r3 protocols isis level 2 authentication-type simple
set logical-systems r3 protocols isis interface all level 1 disable
set logical-systems r3 protocols isis interface all level 2 hello-authentication-key "$9$zcean9peK8LNb"
set logical-systems r3 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.13 level 2 disable
set logical-systems r3 protocols isis interface em3.13 level 1 hello-authentication-key "$9$GEjkPpu1Icl"
set logical-systems r3 protocols isis interface em3.13 level 1 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.23 level 2 disable
set logical-systems r3 protocols isis interface em3.23 level 1 hello-authentication-key "$9$Aqq4uBEx7Vb2a"
set logical-systems r3 protocols isis interface em3.23 level 1 hello-authentication-type md5
set logical-systems r3 protocols isis interface em3.310
set logical-systems r3 protocols isis interface lo0.3 passive
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 200.0.0.0/16 orlonger damping NONE
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping NONE
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /9-/16 damping LOW
set logical-systems r3 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping HIGH
set logical-systems r3 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r3 policy-options policy-statement PREPEND from community C1
set logical-systems r3 policy-options policy-statement PREPEND from community C2
set logical-systems r3 policy-options policy-statement PREPEND then as-path-prepend "65412 65412"
set logical-systems r3 policy-options policy-statement SUM term 1 from protocol aggregate
set logical-systems r3 policy-options policy-statement SUM term 1 from route-filter 10.0.4.0/22 exact
set logical-systems r3 policy-options policy-statement SUM term 1 to level 2
set logical-systems r3 policy-options policy-statement SUM term 1 then accept
set logical-systems r3 policy-options policy-statement SUM term 2 from route-filter 10.0.5.0/24 exact
set logical-systems r3 policy-options policy-statement SUM term 2 to level 2
set logical-systems r3 policy-options policy-statement SUM term 2 then accept
set logical-systems r3 policy-options policy-statement SUM term 3 from route-filter 10.0.4.0/22 longer
set logical-systems r3 policy-options policy-statement SUM term 3 to level 2
set logical-systems r3 policy-options policy-statement SUM term 3 then reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T1 from neighbor 172.16.0.14
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T1 then community add T1
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T2 from neighbor 172.16.0.18
set logical-systems r3 policy-options policy-statement T1_T2>R3 term TAG-T2 then community add T2
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r3 policy-options policy-statement T1_T2>R3 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r3 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r3 policy-options policy-statement ibgp term 1 from route-filter 192.168.30.0/24 exact
set logical-systems r3 policy-options policy-statement ibgp term 1 then accept
set logical-systems r3 policy-options policy-statement ibgp term 2 from community T1
set logical-systems r3 policy-options policy-statement ibgp term 2 from community T2
set logical-systems r3 policy-options policy-statement ibgp term 2 then next-hop self
set logical-systems r3 policy-options community C1 members 65412:301
set logical-systems r3 policy-options community C2 members 65412:302
set logical-systems r3 policy-options community P1 members 65412:201
set logical-systems r3 policy-options community T1 members 65412:101
set logical-systems r3 policy-options community T2 members 65412:102
set logical-systems r3 policy-options damping NONE disable
set logical-systems r3 policy-options damping LOW half-life 20
set logical-systems r3 policy-options damping LOW reuse 1000
set logical-systems r3 policy-options damping HIGH half-life 25
set logical-systems r3 policy-options damping HIGH reuse 1500
set logical-systems r3 routing-options static route 192.168.30.0/24 reject
set logical-systems r3 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r3 routing-options aggregate route 10.0.4.0/22
set logical-systems r3 routing-options autonomous-system 65000
set logical-systems r3 routing-options confederation 65412
set logical-systems r3 routing-options confederation members 65000
set logical-systems r3 routing-options confederation members 65001
set logical-systems r3 routing-options confederation members 65002
set logical-systems r4 interfaces em4 unit 24 description "Connect to r2 em2.24"
set logical-systems r4 interfaces em4 unit 24 vlan-id 24
set logical-systems r4 interfaces em4 unit 24 family inet address 10.0.4.9/30
set logical-systems r4 interfaces em4 unit 24 family iso
set logical-systems r4 interfaces em4 unit 34 description "Connect to r3 em3.34"
set logical-systems r4 interfaces em4 unit 34 vlan-id 34
set logical-systems r4 interfaces em4 unit 34 family inet address 10.0.2.6/30
set logical-systems r4 interfaces em4 unit 34 family iso
set logical-systems r4 interfaces em4 unit 45 description "Connect to r5 em5.45"
set logical-systems r4 interfaces em4 unit 45 vlan-id 45
set logical-systems r4 interfaces em4 unit 45 family inet address 10.0.2.10/30
set logical-systems r4 interfaces em4 unit 45 family iso
set logical-systems r4 interfaces em4 unit 124 description "Connect to C1 em5.124"
set logical-systems r4 interfaces em4 unit 124 vlan-id 124
set logical-systems r4 interfaces em4 unit 124 family inet address 172.16.0.5/30
set logical-systems r4 interfaces em4 unit 125 description "Connect to C1 em5.125"
set logical-systems r4 interfaces em4 unit 125 vlan-id 125
set logical-systems r4 interfaces em4 unit 125 family inet address 172.16.0.9/30
set logical-systems r4 interfaces lo0 unit 4 family inet address 10.0.3.4/32
set logical-systems r4 interfaces lo0 unit 4 family iso address 49.0002.0100.0000.3004.00
set logical-systems r4 protocols bgp advertise-inactive
set logical-systems r4 protocols bgp group 65001 type internal
set logical-systems r4 protocols bgp group 65001 local-address 10.0.3.4
set logical-systems r4 protocols bgp group 65001 export ibgp
set logical-systems r4 protocols bgp group 65001 neighbor 10.0.6.2
set logical-systems r4 protocols bgp group C-BGP type external
set logical-systems r4 protocols bgp group C-BGP multihop
set logical-systems r4 protocols bgp group C-BGP local-address 10.0.3.4
set logical-systems r4 protocols bgp group C-BGP export ibgp
set logical-systems r4 protocols bgp group C-BGP neighbor 10.0.3.3 peer-as 65000
set logical-systems r4 protocols bgp group C-BGP neighbor 10.0.3.5 peer-as 65002
set logical-systems r4 protocols bgp group C1 type external
set logical-systems r4 protocols bgp group C1 multihop
set logical-systems r4 protocols bgp group C1 local-address 10.0.3.4
set logical-systems r4 protocols bgp group C1 import C1_C2>R4
set logical-systems r4 protocols bgp group C1 family inet unicast prefix-limit maximum 10
set logical-systems r4 protocols bgp group C1 authentication-key "$9$g8aGi6/tpBE"
set logical-systems r4 protocols bgp group C1 export NO_192.168.x/24
set logical-systems r4 protocols bgp group C1 peer-as 65010
set logical-systems r4 protocols bgp group C1 neighbor 200.200.0.1
set logical-systems r4 protocols isis export SUM
set logical-systems r4 protocols isis reference-bandwidth 5g
set logical-systems r4 protocols isis lsp-lifetime 3600
set logical-systems r4 protocols isis level 2 authentication-key "$9$NRVs4PfzF/t"
set logical-systems r4 protocols isis level 2 authentication-type simple
set logical-systems r4 protocols isis interface all level 1 disable
set logical-systems r4 protocols isis interface all level 2 hello-authentication-key "$9$pAYBOIcN-ws4Z"
set logical-systems r4 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r4 protocols isis interface em4.24 level 2 disable
set logical-systems r4 protocols isis interface em4.24 level 1 hello-authentication-key "$9$O34HIhrVb2gJD"
set logical-systems r4 protocols isis interface em4.24 level 1 hello-authentication-type md5
set logical-systems r4 protocols isis interface lo0.4 passive
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 then next policy
deactivate logical-systems r4 policy-options policy-statement C1_C2>R4 term NO_RFC1918 then next
set logical-systems r4 policy-options policy-statement C1_C2>R4 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C1 from as-path C1
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C1 then community add C1
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C2 from as-path C2
set logical-systems r4 policy-options policy-statement C1_C2>R4 term TAG-C2 then community add C2
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER from as-path C1
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER from as-path C2
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER then local-preference 101
set logical-systems r4 policy-options policy-statement C1_C2>R4 term PREFER then next policy
set logical-systems r4 policy-options policy-statement C1_C2>R4 term KILL-REST then reject
deactivate logical-systems r4 policy-options policy-statement C1_C2>R4 term KILL-REST
set logical-systems r4 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r4 policy-options policy-statement SUM term 1 from protocol aggregate
set logical-systems r4 policy-options policy-statement SUM term 1 from route-filter 10.0.4.0/22 exact
set logical-systems r4 policy-options policy-statement SUM term 1 to level 2
set logical-systems r4 policy-options policy-statement SUM term 1 then accept
set logical-systems r4 policy-options policy-statement SUM term 2 from route-filter 10.0.5.0/24 exact
set logical-systems r4 policy-options policy-statement SUM term 2 to level 2
set logical-systems r4 policy-options policy-statement SUM term 2 then accept
set logical-systems r4 policy-options policy-statement SUM term 3 from route-filter 10.0.4.0/22 longer
set logical-systems r4 policy-options policy-statement SUM term 3 to level 2
set logical-systems r4 policy-options policy-statement SUM term 3 then reject
set logical-systems r4 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r4 policy-options policy-statement ibgp term 1 from route-filter 192.168.40.0/24 exact
set logical-systems r4 policy-options policy-statement ibgp term 1 then accept
set logical-systems r4 policy-options policy-statement ibgp term 2 from community C1
set logical-systems r4 policy-options policy-statement ibgp term 2 from community C2
set logical-systems r4 policy-options policy-statement ibgp term 2 then next-hop self
set logical-systems r4 policy-options community C1 members 65412:301
set logical-systems r4 policy-options community C2 members 65412:302
set logical-systems r4 policy-options community P1 members 65412:201
set logical-systems r4 policy-options community T1 members 65412:101
set logical-systems r4 policy-options community T2 members 65412:102
set logical-systems r4 policy-options as-path C1 ".* 65010"
set logical-systems r4 policy-options as-path C2 ".* 65020"
set logical-systems r4 routing-options static route 192.168.40.0/24 reject
set logical-systems r4 routing-options static route 200.200.0.1/32 next-hop 172.16.0.6
set logical-systems r4 routing-options static route 200.200.0.1/32 next-hop 172.16.0.10
set logical-systems r4 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r4 routing-options aggregate route 10.0.4.0/22
set logical-systems r4 routing-options autonomous-system 65001
set logical-systems r4 routing-options confederation 65412
set logical-systems r4 routing-options confederation members 65000
set logical-systems r4 routing-options confederation members 65001
set logical-systems r4 routing-options confederation members 65002
set logical-systems r5 interfaces em5 unit 35 description "Connect to r3 em3.35"
set logical-systems r5 interfaces em5 unit 35 vlan-id 35
set logical-systems r5 interfaces em5 unit 35 family inet address 10.0.2.1/30
set logical-systems r5 interfaces em5 unit 35 family iso
set logical-systems r5 interfaces em5 unit 45 description "Connect to r4 em4.45"
set logical-systems r5 interfaces em5 unit 45 vlan-id 45
set logical-systems r5 interfaces em5 unit 45 family inet address 10.0.2.9/30
set logical-systems r5 interfaces em5 unit 45 family iso
set logical-systems r5 interfaces em5 unit 56 description "Connect to r6 em6.56"
set logical-systems r5 interfaces em5 unit 56 vlan-id 56
set logical-systems r5 interfaces em5 unit 56 family inet address 10.0.8.6/30
set logical-systems r5 interfaces em5 unit 56 family iso
set logical-systems r5 interfaces em5 unit 57 description "Connect to r7 em7.57"
set logical-systems r5 interfaces em5 unit 57 vlan-id 57
set logical-systems r5 interfaces em5 unit 57 family inet address 10.0.8.9/30
set logical-systems r5 interfaces em5 unit 57 family iso
set logical-systems r5 interfaces lo0 unit 5 family inet address 10.0.3.5/32
set logical-systems r5 interfaces lo0 unit 5 family iso address 49.0001.0100.0000.3005.00
set logical-systems r5 protocols bgp group 65002 type internal
set logical-systems r5 protocols bgp group 65002 local-address 10.0.3.5
set logical-systems r5 protocols bgp group 65002 export ibgp
set logical-systems r5 protocols bgp group 65002 neighbor 10.0.9.6
set logical-systems r5 protocols bgp group 65002 neighbor 10.0.9.7
set logical-systems r5 protocols bgp group C-BGP type external
set logical-systems r5 protocols bgp group C-BGP multihop
set logical-systems r5 protocols bgp group C-BGP local-address 10.0.3.5
set logical-systems r5 protocols bgp group C-BGP export ibgp
set logical-systems r5 protocols bgp group C-BGP neighbor 10.0.3.3 peer-as 65000
set logical-systems r5 protocols bgp group C-BGP neighbor 10.0.3.4 peer-as 65001
set logical-systems r5 protocols isis export SUM-1
set logical-systems r5 protocols isis export SUM-2
set logical-systems r5 protocols isis export SUM-3
set logical-systems r5 protocols isis reference-bandwidth 5g
set logical-systems r5 protocols isis lsp-lifetime 3600
set logical-systems r5 protocols isis level 2 authentication-key "$9$vY48xdDjq.5F"
set logical-systems r5 protocols isis level 2 authentication-type simple
set logical-systems r5 protocols isis level 1 preference 155
set logical-systems r5 protocols isis interface all level 1 disable
set logical-systems r5 protocols isis interface all level 2 hello-authentication-key "$9$Fl1u6CuKvLX-w"
set logical-systems r5 protocols isis interface all level 2 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.56 level 2 disable
set logical-systems r5 protocols isis interface em5.56 level 1 hello-authentication-key "$9$PTF/cSeK87"
set logical-systems r5 protocols isis interface em5.56 level 1 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.56 level 1 priority 0
set logical-systems r5 protocols isis interface em5.57 level 2 disable
set logical-systems r5 protocols isis interface em5.57 level 1 hello-authentication-key "$9$2qoZjn6AtOR"
set logical-systems r5 protocols isis interface em5.57 level 1 hello-authentication-type md5
set logical-systems r5 protocols isis interface em5.57 level 1 priority 0
set logical-systems r5 protocols isis interface lo0.5 passive
set logical-systems r5 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32
set logical-systems r5 policy-options policy-statement SUM-1 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-1 term 1 from route-filter 10.0.2.0/23 exact
set logical-systems r5 policy-options policy-statement SUM-1 term 1 to level 1
set logical-systems r5 policy-options policy-statement SUM-1 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-2 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-2 term 1 from route-filter 10.0.8.0/21 exact
set logical-systems r5 policy-options policy-statement SUM-2 term 1 to level 2
set logical-systems r5 policy-options policy-statement SUM-2 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-2 term 2 from route-filter 10.0.8.0/21 longer
set logical-systems r5 policy-options policy-statement SUM-2 term 2 then reject
set logical-systems r5 policy-options policy-statement SUM-3 term 1 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-3 term 1 from route-filter 192.168.0.0/22 exact
set logical-systems r5 policy-options policy-statement SUM-3 term 1 to level 2
set logical-systems r5 policy-options policy-statement SUM-3 term 1 then accept
set logical-systems r5 policy-options policy-statement SUM-3 term 2 from route-filter 192.168.0.0/22 longer
set logical-systems r5 policy-options policy-statement SUM-3 term 2 then reject
set logical-systems r5 policy-options policy-statement SUM-3 term 3 from protocol aggregate
set logical-systems r5 policy-options policy-statement SUM-3 term 3 from route-filter 172.16.40.0/29 exact
set logical-systems r5 policy-options policy-statement SUM-3 term 3 to level 2
set logical-systems r5 policy-options policy-statement SUM-3 term 3 then accept
set logical-systems r5 policy-options policy-statement SUM-3 term 4 from route-filter 172.16.40.0/29 longer
set logical-systems r5 policy-options policy-statement SUM-3 term 4 then reject
set logical-systems r5 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r5 policy-options policy-statement ibgp term 1 from route-filter 192.168.50.0/24 exact
set logical-systems r5 policy-options policy-statement ibgp term 1 then accept
set logical-systems r5 policy-options policy-statement ibgp term 2 from protocol aggregate
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 10.0.0.0/8 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 192.168.0.0/22 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 from route-filter 172.16.40.0/29 exact
set logical-systems r5 policy-options policy-statement ibgp term 2 then accept
set logical-systems r5 policy-options community C1 members 65412:301
set logical-systems r5 policy-options community C2 members 65412:302
set logical-systems r5 policy-options community P1 members 65412:201
set logical-systems r5 policy-options community T1 members 65412:101
set logical-systems r5 policy-options community T2 members 65412:102
set logical-systems r5 routing-options static route 192.168.50.0/24 reject
set logical-systems r5 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r5 routing-options aggregate route 10.0.2.0/23
set logical-systems r5 routing-options aggregate route 10.0.8.0/21
set logical-systems r5 routing-options aggregate route 192.168.0.0/22
set logical-systems r5 routing-options aggregate route 172.16.40.0/29
set logical-systems r5 routing-options aggregate route 10.0.0.0/8
set logical-systems r5 routing-options autonomous-system 65002
set logical-systems r5 routing-options confederation 65412
set logical-systems r5 routing-options confederation members 65000
set logical-systems r5 routing-options confederation members 65001
set logical-systems r5 routing-options confederation members 65002
set logical-systems r6 interfaces em6 unit 56 description "Connect to r5 em5.56"
set logical-systems r6 interfaces em6 unit 56 vlan-id 56
set logical-systems r6 interfaces em6 unit 56 family inet address 10.0.8.5/30
set logical-systems r6 interfaces em6 unit 56 family iso
set logical-systems r6 interfaces em6 unit 67 description "Connect to r7 em7.67"
set logical-systems r6 interfaces em6 unit 67 vlan-id 67
set logical-systems r6 interfaces em6 unit 67 family inet address 10.0.8.1/30
set logical-systems r6 interfaces em6 unit 67 family iso
set logical-systems r6 interfaces em6 unit 68 description "Connect to OSPF em1.68"
set logical-systems r6 interfaces em6 unit 68 vlan-id 68
set logical-systems r6 interfaces em6 unit 68 family inet address 172.16.40.2/30
set logical-systems r6 interfaces em6 unit 116 description "Connecto to T2 em4.116"
set logical-systems r6 interfaces em6 unit 116 vlan-id 116
set logical-systems r6 interfaces em6 unit 116 family inet address 172.16.0.21/30
set logical-systems r6 interfaces lo0 unit 6 family inet address 10.0.9.6/32
set logical-systems r6 interfaces lo0 unit 6 family iso address 49.0001.0100.0000.9006.00
set logical-systems r6 protocols bgp group 65002 type internal
set logical-systems r6 protocols bgp group 65002 local-address 10.0.9.6
set logical-systems r6 protocols bgp group 65002 export ibgp
set logical-systems r6 protocols bgp group 65002 neighbor 10.0.3.5
set logical-systems r6 protocols bgp group 65002 neighbor 10.0.9.7
set logical-systems r6 protocols bgp group T2 type external
set logical-systems r6 protocols bgp group T2 metric-out igp
set logical-systems r6 protocols bgp group T2 damping
set logical-systems r6 protocols bgp group T2 import DAMP
set logical-systems r6 protocols bgp group T2 import T2>R6
set logical-systems r6 protocols bgp group T2 export NO_192.168.x/24
set logical-systems r6 protocols bgp group T2 remove-private
set logical-systems r6 protocols bgp group T2 peer-as 65222
set logical-systems r6 protocols bgp group T2 neighbor 172.16.0.22
set logical-systems r6 protocols isis export OSPF>ISIS
set logical-systems r6 protocols isis reference-bandwidth 5g
set logical-systems r6 protocols isis lsp-lifetime 3600
set logical-systems r6 protocols isis level 1 preference 155
set logical-systems r6 protocols isis interface all level 2 disable
set logical-systems r6 protocols isis interface all level 1 hello-authentication-key "$9$Ujiqfu0IRSe"
set logical-systems r6 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r6 protocols isis interface all level 1 priority 0
set logical-systems r6 protocols isis interface lo0.6 passive
set logical-systems r6 protocols ospf external-preference 159
set logical-systems r6 protocols ospf export ISIS>OSPF
set logical-systems r6 protocols ospf area 0.0.0.2 nssa
set logical-systems r6 protocols ospf area 0.0.0.2 interface em6.68 authentication simple-password "$9$f5390ORyeW36rv"
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 200.0.0.0/16 orlonger damping NONE
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /0-/8 damping NONE
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /9-/16 damping LOW
set logical-systems r6 policy-options policy-statement DAMP term 1 from route-filter 0.0.0.0/0 prefix-length-range /17-/32 damping HIGH
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 from protocol isis
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 from route-filter 0.0.0.0/0 exact
set logical-systems r6 policy-options policy-statement ISIS>OSPF term 1 then accept
set logical-systems r6 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from protocol ospf
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from route-filter 192.168.0.0/22 longer
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 from route-filter 172.16.40.0/29 longer
set logical-systems r6 policy-options policy-statement OSPF>ISIS term 1 then accept
set logical-systems r6 policy-options policy-statement T2>R6 term TAG-T2 from neighbor 172.16.0.22
set logical-systems r6 policy-options policy-statement T2>R6 term TAG-T2 then community add T2
set logical-systems r6 policy-options policy-statement T2>R6 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r6 policy-options policy-statement T2>R6 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r6 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r6 policy-options policy-statement ibgp term 1 from route-filter 192.168.60.0/24 exact
set logical-systems r6 policy-options policy-statement ibgp term 1 then accept
set logical-systems r6 policy-options policy-statement ibgp term 2 from community T2
set logical-systems r6 policy-options policy-statement ibgp term 2 then next-hop self
set logical-systems r6 policy-options community C1 members 65412:301
set logical-systems r6 policy-options community C2 members 65412:302
set logical-systems r6 policy-options community P1 members 65412:201
set logical-systems r6 policy-options community T1 members 65412:101
set logical-systems r6 policy-options community T2 members 65412:102
set logical-systems r6 policy-options damping NONE disable
set logical-systems r6 policy-options damping LOW half-life 20
set logical-systems r6 policy-options damping LOW reuse 1000
set logical-systems r6 policy-options damping HIGH half-life 25
set logical-systems r6 policy-options damping HIGH reuse 1500
set logical-systems r6 routing-options static route 192.168.60.0/24 reject
set logical-systems r6 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r6 routing-options autonomous-system 65002
set logical-systems r6 routing-options confederation 65412
set logical-systems r6 routing-options confederation members 65000
set logical-systems r6 routing-options confederation members 65001
set logical-systems r6 routing-options confederation members 65002
set logical-systems r7 interfaces em7 unit 57 description "Connect to r5 em5.57"
set logical-systems r7 interfaces em7 unit 57 vlan-id 57
set logical-systems r7 interfaces em7 unit 57 family inet address 10.0.8.10/30
set logical-systems r7 interfaces em7 unit 57 family iso
set logical-systems r7 interfaces em7 unit 67 description "Connect to r6 em6.67"
set logical-systems r7 interfaces em7 unit 67 vlan-id 67
set logical-systems r7 interfaces em7 unit 67 family inet address 10.0.8.2/30
set logical-systems r7 interfaces em7 unit 67 family iso
set logical-systems r7 interfaces em7 unit 78 description "Connect to OSPF em1.78"
set logical-systems r7 interfaces em7 unit 78 vlan-id 78
set logical-systems r7 interfaces em7 unit 78 family inet address 172.16.40.6/30
set logical-systems r7 interfaces em7 unit 137 description "Connect to C2 em6.137"
set logical-systems r7 interfaces em7 unit 137 vlan-id 137
set logical-systems r7 interfaces em7 unit 137 family inet address 172.16.0.25/30
set logical-systems r7 interfaces lo0 unit 7 family inet address 10.0.9.7/32
set logical-systems r7 interfaces lo0 unit 7 family iso address 49.0001.0100.0000.9007.00
set logical-systems r7 protocols bgp group 65002 type internal
set logical-systems r7 protocols bgp group 65002 local-address 10.0.9.7
set logical-systems r7 protocols bgp group 65002 export ibgp
set logical-systems r7 protocols bgp group 65002 neighbor 10.0.3.5
set logical-systems r7 protocols bgp group 65002 neighbor 10.0.9.6
set logical-systems r7 protocols bgp group C2 type external
set logical-systems r7 protocols bgp group C2 import C1_C2>R7
set logical-systems r7 protocols bgp group C2 export NO_192.168.x/24
set logical-systems r7 protocols bgp group C2 peer-as 65020
set logical-systems r7 protocols bgp group C2 local-as 65413
set logical-systems r7 protocols bgp group C2 neighbor 172.16.0.26
set logical-systems r7 protocols isis export OSPF>ISIS
set logical-systems r7 protocols isis reference-bandwidth 5g
set logical-systems r7 protocols isis lsp-lifetime 3600
set logical-systems r7 protocols isis level 1 preference 155
set logical-systems r7 protocols isis interface all level 2 disable
set logical-systems r7 protocols isis interface all level 1 hello-authentication-key "$9$IRhhyKsYoaUH"
set logical-systems r7 protocols isis interface all level 1 hello-authentication-type md5
set logical-systems r7 protocols isis interface all level 1 priority 0
set logical-systems r7 protocols isis interface lo0.7 passive
set logical-systems r7 protocols ospf external-preference 159
set logical-systems r7 protocols ospf export ISIS>OSPF
set logical-systems r7 protocols ospf area 0.0.0.2 nssa
set logical-systems r7 protocols ospf area 0.0.0.2 interface em7.78 authentication simple-password "$9$.mQntpBhyKQFcl"
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 10.0.0.0/8 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 172.16.0.0/12 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 192.168.0.0/16 orlonger reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO_RFC1918 from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term NO/27-/32 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C1 from as-path C1
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C1 then community add C1
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C2 from as-path C2
set logical-systems r7 policy-options policy-statement C1_C2>R7 term TAG-C2 then community add C2
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER from as-path C1
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER from as-path C2
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER then local-preference 101
set logical-systems r7 policy-options policy-statement C1_C2>R7 term PREFER then next policy
set logical-systems r7 policy-options policy-statement C1_C2>R7 term KILL-REST then reject
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 from protocol isis
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 from route-filter 0.0.0.0/0 exact
set logical-systems r7 policy-options policy-statement ISIS>OSPF term 1 then accept
set logical-systems r7 policy-options policy-statement NO_192.168.x/24 from route-filter 192.168.0.0/16 prefix-length-range /24-/32 reject
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from protocol ospf
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from route-filter 192.168.0.0/22 longer
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 from route-filter 172.16.40.0/29 longer
set logical-systems r7 policy-options policy-statement OSPF>ISIS term 1 then accept
set logical-systems r7 policy-options policy-statement ibgp term 1 from protocol static
set logical-systems r7 policy-options policy-statement ibgp term 1 from route-filter 192.168.70.0/24 exact
set logical-systems r7 policy-options policy-statement ibgp term 1 then accept
set logical-systems r7 policy-options policy-statement ibgp term 2 from community C1
set logical-systems r7 policy-options policy-statement ibgp term 2 from community C2
set logical-systems r7 policy-options policy-statement ibgp term 2 then next-hop self
set logical-systems r7 policy-options community C1 members 65412:301
set logical-systems r7 policy-options community C2 members 65412:302
set logical-systems r7 policy-options community P1 members 65412:201
set logical-systems r7 policy-options community T1 members 65412:101
set logical-systems r7 policy-options community T2 members 65412:102
set logical-systems r7 policy-options as-path C1 ".* 65010"
set logical-systems r7 policy-options as-path C2 ".* 65020"
set logical-systems r7 routing-options static route 192.168.70.0/24 reject
set logical-systems r7 routing-options martians 192.0.2.0/24 orlonger
set logical-systems r7 routing-options autonomous-system 65002
set logical-systems r7 routing-options confederation 65412
set logical-systems r7 routing-options confederation members 65000
set logical-systems r7 routing-options confederation members 65001
set chassis alarm management-ethernet link-down ignore
set interfaces em0 unit 0 family inet address 10.0.1.1/24
set interfaces em1 vlan-tagging
set interfaces em2 vlan-tagging
set interfaces em3 vlan-tagging
set interfaces em4 vlan-tagging
set interfaces em5 vlan-tagging
set interfaces em6 vlan-tagging
set interfaces em7 vlan-tagging
set snmp interface em0.0
set snmp community public authorization read-only
set snmp community private authorization read-write
set snmp trap-group FOO version v1     
set snmp trap-group FOO categories authentication
set snmp trap-group FOO targets 10.0.200.2
set routing-options static route 10.0.200.0/24 next-hop 10.0.1.102
set routing-options static route 10.0.200.0/24 no-readvertise

[edit]
root@JNCIP_1#


Reference:
Juniper Networks Certified Internet Professional Study Guide
Chapter 6 Case Study (p.550)

JunOS 12.1 BGP Configuration Guide
http://www.juniper.net/techpubs/en_US/junos12.1/information-products/pathway-pages/config-guide-routing/config-guide-routing-bgp.html

JNCIP-SP Lab: Study Guide Chapter 6 Case Study (2/2)
http://juilin77.blogspot.com/2018/06/jncip-sp-lab-study-guide-chapter-6-case_15.html


最初發表 / 最後更新: 2014.07.10 / 2018.06.15

0 comments:

張貼留言