version 4.4R2.3; /* */ /* 2547bis L3 VPN Configuration - ivang@juniper.net 7/8/01 */ /* cit.cfg */ system { host-name cit; ports { console type vt100; } login { user lab { uid 2000; class superuser; authentication { encrypted-password "$1$y19Mb$1.5v1LbM.g0ecOE2lFLdx0"; # SECRET-DATA } } } services { ftp; telnet; } } interfaces { /* core interface */ so-0/0/0 { unit 0 { family inet { address 10.10.1.2/24; } family mpls; } } /* core interface */ so-0/2/0 { unit 0 { family inet { address 10.14.1.1/24; } family mpls; } } /* edge interface */ ge-1/0/0 { vlan-tagging; unit 0 { vlan-id 100; family inet { address 10.101.1.1/24; } family mpls; } unit 1 { vlan-id 200; family inet { address 10.201.1.1/24; } } } /* edge interface */ ge-1/1/0 { vlan-tagging; unit 0 { vlan-id 100; family inet { address 10.102.1.1/24; } family mpls; } unit 1 { vlan-id 200; family inet { address 10.201.1.1/24; address 10.202.1.1/24; } } } /* edge interface */ ge-1/2/0 { unit 0 { family inet { address 192.1.1.1/24; } family mpls; } } fxp0 { unit 0 { family inet { address 172.19.32.206/24; } } } /* loopback interface */ lo0 { unit 0 { family inet { address 10.1.1.2/32; } } } } routing-options { static { route 0.0.0.0/0 { next-hop 172.19.32.254; retain; no-readvertise; } } rib-groups { citce-into { import-rib [ calren.inet.0 cisco.inet.0 ]; } cisco-into { import-rib [ cisco.inet.0 calren.inet.0 ]; } ispb-into { import-rib ispb.inet.0; } } autonomous-system 10; } protocols { mpls { interface all; } bgp { family inet { any; } export set-nexthop-self; group sb { type internal; multihop; local-address 10.1.1.2; family inet-vpn { unicast; } neighbor 10.1.1.1; } group usc { type internal; multihop; local-address 10.1.1.2; family inet-vpn { unicast; } neighbor 10.1.1.3; } group ucla { type internal; multihop; local-address 10.1.1.2; family inet-vpn { unicast; } neighbor 10.1.1.4; } group mcast-1001 { type external; export msdp-helper; peer-as 1001; neighbor 10.201.1.2 { family inet { any; } } } group mcast-1002 { type external; export msdp-helper; peer-as 1002; neighbor 10.202.1.2 { family inet { any; } } } } ospf { traffic-engineering { no-topology; shortcuts; } area 0.0.0.0 { interface so-0/0/0.0; interface so-0/2/0.0; interface lo0.0 { passive; } interface ge-1/0/0.1 { passive; } interface ge-1/1/0.1 { passive; } } } ldp { interface so-0/0/0.0; interface so-0/2/0.0; } pim { rp { static { address 10.1.1.3 { version 2; } } } interface so-0/0/0.0 { mode sparse-dense; } interface so-0/2/0.0 { mode sparse-dense; } interface ge-1/0/0.1 { mode sparse-dense; } interface ge-1/1/0.1 { mode sparse-dense; } } } policy-options { policy-statement citce-export { term 10 { /* only advertise routes learned through this interface */ from { protocol [ bgp static direct ]; as-path citce; } then { community add calren; accept; } } term 20 { then reject; } from as-path citce; } policy-statement citce-import { term 10 { from { protocol bgp; community [ calren cisco esnet ]; } then accept; } term 20 { then reject; } } policy-statement ispb-export { term 10 { /* only advertise routes learned through this interface */ from protocol [ bgp static direct ]; then { community add ispb; accept; } } term 20 { then reject; } } policy-statement ispb-import { term 10 { from { protocol bgp; community [ calren ispa ]; } then accept; } term 20 { then reject; } } policy-statement cisco-export { term 10 { /* only advertise routes learned through this interface */ from { protocol [ bgp static direct ]; interface so-0/3/1.0; } then { community add cisco; accept; } } term 20 { then reject; } } policy-statement cisco-import { term 10 { from { protocol bgp; community calren; } then accept; } term 20 { then reject; } } policy-statement set-nexthop-self { from protocol bgp; then { next-hop self; } } policy-statement citce-in-routes { term 10 { from { protocol bgp; as-path citce; } then accept; } term 20 { then reject; } } policy-statement allow1001 { from { protocol bgp; as-path citce; } then accept; } policy-statement allow1002 { from { protocol bgp; as-path cisco; } then accept; } policy-statement cisco { from as-path cisco; } policy-statement msdp-helper { from { protocol [ ospf direct ]; route-filter 10.14.0.0/16 orlonger; route-filter 10.1.1.0/24 orlonger; } then accept; } community calren members target:11422:100; community cisco members target:11422:200; community esnet members target:11422:300; community ispa members target:11422:400; community ispb members target:11422:500; as-path citce 1001; as-path cisco 1002; } routing-instances { calren { instance-type vrf; interface ge-1/0/0.0; route-distinguisher 999:1001; vrf-import citce-import; vrf-export citce-export; routing-options { interface-routes { rib-group inet citce-into; } } protocols { bgp { group citce { type external; import allow1001; family inet { unicast { rib-group citce-into; } } peer-as 1001; neighbor 10.101.1.2; } } } } cisco { instance-type vrf; interface ge-1/1/0.0; route-distinguisher 999:1002; vrf-import cisco-import; vrf-export cisco-export; routing-options { interface-routes { rib-group inet cisco-into; } } protocols { bgp { group cisco { type external; import allow1002; family inet { unicast { rib-group cisco-into; } } peer-as 1002; neighbor 10.102.1.2; } } } } ispb { instance-type vrf; interface ge-1/2/0.0; route-distinguisher 999:1003; vrf-import ispb-import; vrf-export ispb-export; routing-options { interface-routes { rib-group inet ispb-into; } } protocols { bgp { group ispb { type external; family inet { unicast { rib-group ispb-into; } } peer-as 1003; neighbor 192.1.1.2; } } } } }