version 5.6R3.4; system { host-name P2A; root-authentication { encrypted-password "$1$EYEfNq6w$BdzFKoWvwZS0Bl/oiwE2j0"; # SECRET-DATA } login { user ws { full-name Workshop; uid 2002; class super-user; authentication { encrypted-password "$1$AtNyeJ7Q$4iPmRAnrvMz59O/JHLlGg0"; # SECRET-DATA } } } services { ssh; telnet; } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } interfaces { fe-0/0/0 { description "To P3 - Border B fa0/0"; unit 0 { family inet { filter { input 100; output 100; } address 140.221.203.17/30; } } } fe-0/0/1 { description "To P2 - Core C fa0/0"; unit 0 { family inet { address 140.221.202.25/30; } } } fe-0/0/3 { description "EXTERNAL INTERFACE"; unit 0 { family inet { address 206.196.178.86/30; } } } gr-0/2/0 { description "TUNNEL to ANL"; unit 0 { tunnel { source 206.196.178.86; destination 192.5.170.4; } family inet; } } fxp0 { disable; } lo0 { description "P2 - Border A"; unit 0 { family inet { address 140.221.202.1/32; } } } } routing-options { interface-routes { rib-group inet ifrg; } rib inet.0 { aggregate { route 140.221.202.0/24; } } rib inet.2 { aggregate { route 140.221.202.0/24; } } static { route 192.5.170.4/32 next-hop 206.196.178.85; route 0.0.0.0/0 next-hop gr-0/2/0.0; } rib-groups { ifrg { import-rib [ inet.0 inet.2 ]; } igp-rg { export-rib inet.0; import-rib [ inet.0 inet.2 ]; } pim-rg { export-rib inet.2; import-rib inet.2; } } router-id 140.221.202.1; autonomous-system 65502; } protocols { bgp { family inet { unicast; multicast; } group iBGP-mesh { type internal; local-address 140.221.202.1; export set-nexthop-self; local-as 65502; neighbor 140.221.202.2; neighbor 140.221.202.3; } group external-peers { type external; import transit-others; export [ announce-our-block transit-others ]; local-as 65502; neighbor 140.221.203.18 { description "Pod 3 Border B"; local-address 140.221.203.17; peer-as 65503; } } } msdp { export control-msdp; import control-msdp; } ospf { rib-group igp-rg; export default-into-ospf; area 0.0.0.0 { interface fe-0/0/1.0; interface lo0.0 { passive; } interface fe-0/0/0.0 { passive; } interface fe-0/0/3.0 { passive; } } } pim { rib-group inet pim-rg; rp { bootstrap-import block-bsr; bootstrap-export block-bsr; static { address 140.221.202.1; } } interface fe-0/0/1.0 { mode sparse; } interface fe-0/0/0.0; } } policy-options { prefix-list private-addr { 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; } prefix-list private-multi { 239.0.0.0/8; } policy-statement default-into-ospf { term default { from { protocol static; route-filter 0.0.0.0/0 exact; } then accept; } term nope { then reject; } } policy-statement set-nexthop-self { then { next-hop self; accept; } } policy-statement announce-our-block { term announce-202 { from { protocol aggregate; route-filter 140.221.202.0/24 exact; } then accept; } } policy-statement transit-others { term 1 { from { protocol bgp; route-filter 140.221.201.0/24 orlonger; route-filter 140.221.203.0/24 orlonger; route-filter 140.221.204.0/24 orlonger; } then accept; } term reject-other { then reject; } } policy-statement dashfilter { term BAD-groups { from { route-filter 224.0.1.39/32 exact; route-filter 224.0.1.40/32 exact; } } } policy-statement block-bsr { then reject; } policy-statement control-msdp { term reject-private { from { prefix-list private-multi; } then reject; } term reject-private-source { from { source-address-filter 10.0.0.0/8 orlonger; source-address-filter 172.16.0.0/12 orlonger; source-address-filter 192.168.0.0/16 orlonger; } then reject; } term then-accept { then accept; } } } firewall { filter 100 { term BlockPIMJoin { from { address { 239.0.0.0/8; } } then { reject; } } term all { then accept; } } }