version 11.4R1.14;
interfaces {
ge-1/0/1 {
unit 0 {
family inet {
address 10.0.0.2/29;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.10.10.2/32;
}
}
}
}
/* Place local supernets into FIB */
routing-options {
static {
route 1.2.3.0/8 {
discard;
tag 66666;
}
route 4.5.6.0/8 {
discard;
tag 66666;
}
}
martians {
0.0.0.0/8 orlonger;
100.64.0.0/10 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
192.0.0.0/24 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
198.51.100.0/24 orlonger;
203.0.113.0/24 orlonger;
224.0.0.0/4 orlonger;
240.0.0.0/4 orlonger;
}
autonomous-system 66666;
}
protocols {
bgp {
traceoptions {
file log-bgp size 1m files 5;
flag state;
flag normal;
flag open detail;
}
log-updown;
remove-private;
group public-peers {
type external;
import [ PS-Deny-IXP-Prefixes PS-Deny-Own-Prefixes PS-Filter-Prefix-Size PS-No-Private-ASN ];
family inet {
any {
prefix-limit {
/* Try to detect full table leaks */
maximum 250000;
teardown 80 idle-timeout 60;
}
}
}
export [ PS-Match-Supernets-Into-BGP PS-Set-Next-Hop-Self ];
neighbor 10.0.0.5 {
description AS12345;
peer-as 12345;
}
neighbor 10.0.0.3 {
description AS555555;
peer-as 55555;
}
}
group private-peers {
type external;
import [ PS-Deny-IXP-Prefixes PS-Deny-Own-Prefixes PS-Filter-Prefix-Size PS-No-Private-ASN ];
export [ PS-Match-Supernets-Into-BGP PS-Set-Next-Hop-Self ];
peer-as 65000;
neighbor 10.0.0.1;
}
}
}
policy-options {
/* Don't accept routes to peering LANs this AS is already connected to */
policy-statement PS-Deny-IXP-Prefixes {
term 1 {
from {
route-filter 1.1.1.0/24 orlonger;
route-filter 2.2.2.0/24 orlonger;
}
then {
trace;
reject;
}
}
}
/* Block our own supernets from coming in */
policy-statement PS-Deny-Own-Prefixes {
term 1 {
from {
route-filter 1.2.3.0/8 orlonger;
route-filter 4.5.6.0/8 orlonger;
}
then {
trace;
reject;
}
}
}
policy-statement PS-Filter-Prefix-Size {
from {
route-filter 0.0.0.0/0 prefix-length-range /27-/32;
route-filter 0.0.0.0/0 prefix-length-range /0-/5;
}
then {
trace;
reject;
}
}
policy-statement PS-Match-Supernets-Into-BGP {
term 1 {
from {
protocol static;
tag 66666;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement PS-No-Private-ASN {
from as-path private-asn;
then {
trace;
reject;
}
}
policy-statement PS-Set-Next-Hop-Self {
then {
next-hop self;
}
}
as-path private-asn 64512-65535;
}Add a code snippet to your website: www.paste.org