key chain bgp key 1 accept-lifetime 00:00:00 january 01 2015 infinite key-string password 1543525E5C2B20253B37 send-lifetime 00:00:00 january 01 2015 infinite cryptographic-algorithm HMAC-SHA1-12 ! ! ipv4 access-list bgp-protect 10 permit tcp host 23.23.1.2 host 23.23.1.1 eq bgp 20 permit tcp host 23.23.1.6 host 23.23.1.5 eq bgp 30 deny tcp any 23.23.1.0/29 eq bgp 40 permit ipv4 any any ! ipv4 prefix-list default 10 permit 0.0.0.0/0 ! interface Loopback100 ipv4 address 44.44.0.1 255.255.255.255 ! interface GigabitEthernet0/0/0/0 description CiscoIOS ipv4 address 23.23.1.5 255.255.255.252 ipv4 access-group bgp-protect ingress ! interface GigabitEthernet0/0/0/1 description junos ipv4 address 23.23.1.1 255.255.255.252 ipv4 access-group bgp-protect ingress ! interface GigabitEthernet0/0/0/2 ! prefix-set as333 33.33.33.0/24 le 32 end-set ! prefix-set my_nets 44.44.0.0/21 le 32, 23.23.0.0/20 le 32 end-set ! prefix-set iana_unglobal 0.0.0.0/8 le 32, 10.0.0.0/8 le 32, 100.64.0.0/10 le 32, 127.0.0.0/8 le 32, 169.254.0.0/16 le 32, 172.16.0.0/12 le 32, 192.0.0.0/24 le 32, 192.0.2.0/24 le 32, 192.168.0.0/16 le 32, 198.18.0.0/15 le 32, 198.51.100.0/24 le 32, 203.0.113.0/24 le 32, 240.0.0.0/4 le 32 end-set ! route-policy bgp_damp if destination in (0.0.0.0/0 ge 23) then set dampening halflife 30 suppress 6000 others default else set dampening halflife 10 suppress 6000 others default endif end-policy ! route-policy pass-all pass end-policy ! route-policy peer_as250 if destination in my_nets or destination in iana_unglobal or destination in (0.0.0.0/0) or destination in as333 or destination in (0.0.0.0/0 ge 25) then drop else if as-path passes-through '[64512..65534]' or as-path passes-through '[4200000000..4294967294]' then drop else if (as-path neighbor-is '250' exact) and (next-hop in (23.23.1.2)) then delete community in (750:*) pass else drop endif endif endif end-policy ! route-policy client_as333 if destination in as333 and as-path originates-from '333' and as-path neighbor-is '333' exact and next-hop in (23.23.1.6/32) then delete community in (750:*) pass else drop endif end-policy ! route-policy common_peer_in if destination in my_nets or destination in iana_unglobal or destination in (0.0.0.0/0) or destination in as333 or destination in (0.0.0.0/0 ge 25) then drop else if as-path passes-through '[64512..65534]' or as-path passes-through '[4200000000..4294967294]' then drop else if community matches-any (750:*) then delete community in (750:*) else pass endif endif endif end-policy ! route-policy common_peer_out if destination in my_nets or destination in as333 then pass else drop endif end-policy ! router static address-family ipv4 unicast 0.0.0.0/0 Null0 23.23.0.0/20 Null0 44.44.0.0/21 Null0 192.168.0.0/16 Null0 ! ! router bgp 750 bgp router-id 23.23.1.1 address-family ipv4 unicast bgp dampening route-policy bgp_damp redistribute static ! neighbor 23.23.1.2 remote-as 250 password encrypted 0873181751491613190D060C ttl-security address-family ipv4 unicast route-policy peer_as250 in maximum-prefix 512000 80 route-policy common_peer_out out ! ! neighbor 23.23.1.6 remote-as 333 password encrypted 111C100304160D5E address-family ipv4 unicast route-policy client_as333 in maximum-prefix 100 80 default-originate ! ! !