version 4.4R2.3; /* */ /* 2547bis L3 VPN Configuration - ivang@juniper.net 7/8/01 */ /* sb.cfg */ system { host-name sb; ports { console type vt100; } login { user lab { uid 2001; class superuser; authentication { encrypted-password "$1$y19Mb$1.5v1LbM.g0ecOE2lFLdx0"; # SECRET-DATA } } } services { ftp; telnet; } } interfaces { /* core interface */ so-0/0/0 { unit 0 { family inet { address 10.10.1.1/24; } family mpls; } } /* edge interface */ ge-0/1/0 { vlan-tagging; unit 0 { vlan-id 100; family inet { address 10.100.1.1/24; } family mpls; } unit 1 { vlan-id 200; family inet { address 10.200.1.1/24; } } } /* core interface */ so-0/2/0 { encapsulation cisco-hdlc; sonet-options { fcs 32; payload-scrambler; } unit 0 { family inet { address 10.12.1.1/24; } family mpls; } } /* edge interface */ ge-0/3/0 { unit 0 { family inet { address 192.2.1.1/24; } family mpls; } } fxp0 { unit 0 { family inet { address 172.19.32.204/24; } } } /* loopback interface */ lo0 { unit 0 { family inet { address 10.1.1.1/32; } } } } routing-options { static { route 0.0.0.0/0 { next-hop 172.19.32.254; retain; no-readvertise; } } rib-groups { sbce-into { import-rib [ calren.inet.0 ispa.inet.0 ]; } ispa-into { import-rib [ ispa.inet.0 calren.inet.0 ]; } } autonomous-system 10; } protocols { mpls { interface all; } bgp { family inet { any; } export set-nexthop-self; group cit { type internal; multihop; local-address 10.1.1.1; family inet { any; } family inet-vpn { any; } neighbor 10.1.1.2; } group usc { type internal; multihop; local-address 10.1.1.1; family inet { any; } family inet-vpn { any; } export reddir2; neighbor 10.1.1.3; } group ucla { type internal; multihop; local-address 10.1.1.1; family inet-vpn { any; } neighbor 10.1.1.4; } inactive: group Mcast-sbCE { type external; family inet { multicast; any; } export msdp-helper; peer-as 1000; neighbor 10.200.1.2; } } ospf { traffic-engineering { no-topology; shortcuts; } area 0.0.0.0 { interface so-0/0/0.0; interface so-0/2/0.0; interface lo0.0 { passive; } } area 0.0.0.1 { interface ge-0/1/0.1; } } ldp { interface so-0/0/0.0; interface so-0/2/0.0; } pim { rp { static { address 10.1.1.3 { version 2; } } } interface ge-0/1/0.1 { mode sparse-dense; } interface so-0/0/0.0 { mode sparse-dense; } interface so-0/2/0.0 { mode sparse-dense; } } } policy-options { policy-statement xxxsbc-export { term 10 { from { protocol bgp; as-path sbce; } then { community add calren; accept; } } term 20 { then reject; } } policy-statement xxxsbce-import { term 10 { from { protocol bgp; community [ calren ispa ispb cisco ]; } then accept; } term 20 { then reject; } } policy-statement ispa-export { term 10 { /* only advertise routes learned through this interface */ from protocol [ bgp static direct ]; then { community add ispa; accept; } } term 20 { then reject; } } policy-statement ispa-import { term 10 { from { protocol bgp; community [ calren ispb ]; } then accept; } term 20 { then reject; } } policy-statement set-nexthop-self { from protocol bgp; then { next-hop self; } } policy-statement send-igp { from protocol ospf; then accept; } policy-statement reddir2 { from { protocol direct; route-filter 10.100.1.0/24 exact; } then accept; } policy-statement msdp-helper { from { protocol ospf; route-filter 10.14.0.0/16 orlonger; route-filter 10.205.0.0/16 orlonger; } then accept; } policy-statement allow1000 { from { protocol bgp; as-path sbce; } then accept; } policy-statement sbce-import { from { protocol bgp; community [ calren ispa ispb cisco ]; } then accept; } policy-statement sbce-export { from { protocol bgp; as-path sbce; } then { community add calren; accept; } } community calren members target:11422:100; community cisco members target:11422:200; community esnet members target:11422:300; community ispa members target:11422:400; community ispb members target:11422:500; as-path sbce 1000; } routing-instances { calren { instance-type vrf; interface ge-0/1/0.0; route-distinguisher 999:1000; vrf-import sbce-import; vrf-export sbce-export; protocols { bgp { group sbce { type external; import allow1000; peer-as 1000; neighbor 10.100.1.2; } } } } ispa { instance-type vrf; interface ge-0/3/0.0; route-distinguisher 999:1006; vrf-import ispa-import; vrf-export ispa-export; routing-options { interface-routes { rib-group inet ispa-into; } } protocols { bgp { group ispa { type external; family inet { unicast { rib-group ispa-into; } } peer-as 1006; neighbor 192.2.1.2; } } } } }