system { host-name P4A; root-authentication { encrypted-password "$1$GTfZ1K9U$T7mPsFdg7scKVpSL2jixy/"; ## SECRET-DATA } login { user ws { full-name Workshop; uid 2000; class super-user; authentication { encrypted-password "$1$bkok2WBa$.uuMyvqsYeLgOL0HiZsid/"; ## SECRET-DATA } } } services { ssh; telnet; } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } interfaces { fe-0/0/0 { description "To P1 - Border B fa0/0"; unit 0 { family inet { address 199.109.201.17/30; } } } fe-0/0/1 { description "To P4 - Core C fa0/0"; unit 0 { family inet { address 199.109.204.25/30; } } } fe-0/0/3 { description "EXTERNAL INTERFACE"; unit 0 { family inet { address 199.109.205.14/30; } } } fxp0 { disable; } lo0 { description "P4 - Border A"; unit 0 { family inet { address 199.109.204.1/32; } } } } routing-options { interface-routes { rib-group inet ifrg; } rib inet.0 { aggregate { route 199.109.204.0/24; } } rib inet.2 { aggregate { route 199.109.204.0/24; } } static { route 0.0.0.0/0 next-hop 199.109.205.13; } rib-groups { ifrg { import-rib [ inet.0 inet.2 ]; } igp-rg { export-rib inet.0; import-rib [ inet.0 inet.2 ]; } pim-rg { export-rib inet.2; import-rib inet.2; } } router-id 199.109.204.1; autonomous-system 65504; multicast { scope autorp-announce { prefix 224.0.1.39/32; interface all; } scope autorp-discovery { prefix 224.0.1.40/32; interface all; } } } protocols { bgp { family inet { unicast; } group iBGP-mesh { type internal; local-address 199.109.204.1; family inet { unicast; multicast; } export set-nexthop-self; local-as 65504; neighbor 199.109.204.2; neighbor 199.109.204.3; } group external-peers { type external; description "Pod1 borderB"; local-address 199.109.201.17; import transit-others; family inet { unicast; multicast; } export [ announce-our-block transit-others ]; peer-as 65501; local-as 65504; neighbor 199.109.201.18 { description "Pod 1 Border B"; local-address 199.109.201.17; peer-as 65501; } } } ospf { rib-group igp-rg; export default-into-ospf; area 0.0.0.0 { interface fe-0/0/1.0; interface lo0.0 { passive; } interface fe-0/0/0.0 { passive; } interface fe-0/0/3.0 { passive; } } } pim { rib-group inet pim-rg; import reject-PIM; rp { bootstrap-import reject-all; bootstrap-export reject-all; static { address 199.109.204.6; } } interface fe-0/0/1.0 { mode sparse; version 2; } interface fe-0/0/0.0 { mode sparse; version 2; } } } policy-options { policy-statement default-into-ospf { term default { from { protocol static; route-filter 0.0.0.0/0 exact; } then accept; } term nope { then reject; } } policy-statement set-nexthop-self { then { next-hop self; accept; } } policy-statement announce-our-block { term announce-204 { from { protocol aggregate; route-filter 199.109.204.0/24 exact; } then accept; } } policy-statement transit-others { term 1 { from { protocol bgp; route-filter 199.109.201.0/24 orlonger; route-filter 199.109.202.0/24 orlonger; route-filter 199.109.203.0/24 orlonger; } then accept; } term reject-other { then reject; } } policy-statement reject-all { then reject; } policy-statement reject-PIM { term 2 { from { interface fe-0/0/0.0; route-filter 239.0.0.0/8 orlonger; } then reject; } term accept-all { then accept; } } policy-statement SA-filter { term BAD-groups { from { route-filter 224.0.1.2/32 exact; route-filter 224.0.1.3/32 exact; route-filter 224.0.1.22/32 exact; route-filter 239.0.0.0/8 orlonger; } then reject; } term BAD-sources { from { source-address-filter 10.0.0.0/8 orlonger; source-address-filter 127.0.0.0/8 orlonger; source-address-filter 192.168.0.0/16 orlonger; source-address-filter 172.16.0.0/12 orlonger; } then reject; } term everything-else { then accept; } } }