interfaces { em0 { unit 0 { family inet { address 33.11.11.1/30; } } } em1 { unit 0 { family inet { address 25.25.32.1/24; } } } em3 { unit 0 { description "--toXR[g0/0/0/1]--"; family inet { filter { input ttl-security; } address 23.23.1.2/30; } } } lo0 { unit 0 { family inet { filter { input filter_bgp179; } address 25.25.33.1/32; } } } } routing-options { aggregate { route 33.11.11.0/24; route 25.25.32.0/20; } autonomous-system 250; } protocols { bgp { damping; import [ pass-all dampening ]; export agrregate2bgp; local-as 250; group as750 { import peer_as750; authentication-key "$9$lcMvX7bs24ZU2gfT3nu0RhSeMXbwgaZjWL"; ## SECRET-DATA export export_common_peer; peer-as 750; neighbor 23.23.1.1 { multihop { ttl 255; } family inet { unicast { prefix-limit { maximum 500000; teardown 80 idle-timeout 10; } } } } } group as222 { import import_client_as222; export export_client; peer-as 222; neighbor 33.11.11.2 { family inet { unicast { prefix-limit { maximum 100; teardown 80 idle-timeout 30; } } } remove-private; } } } } policy-options { prefix-list bgp_iana_no_global { 0.0.0.0/8; 10.0.0.0/8; 100.64.0.0/10; 127.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 192.0.0.0/24; 192.0.2.0/24; 192.168.0.0/16; 198.18.0.0/15; 198.51.100.0/24; 203.0.113.0/24; 240.0.0.0/4; } prefix-list bgp_client_as222 { 22.22.22.0/23; } prefix-list bgp_my_as250 { 25.25.32.0/20; 33.11.11.0/24; } prefix-list bgp_default { 0.0.0.0/0; } policy-statement agrregate2bgp { term my_aggregate { from protocol aggregate; then accept; } } policy-statement bgp_reject_common { term iana { from { prefix-list-filter bgp_iana_no_global orlonger; } then accept; } term my_nets { from { prefix-list-filter bgp_my_as250 orlonger; } then accept; } term too_specific { from { route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then accept; } term private_as { from as-path [ private_as32bit private_as ]; then accept; } term default { from { prefix-list bgp_default; } then accept; } term drop_my_communites { from community myself; then { community delete myself; reject; } } term other { then reject; } } policy-statement dampening { term smallnets { from { route-filter 0.0.0.0/0 prefix-length-range /22-/32; } then damping aggressive; } term vip_net { from { route-filter 33.33.33.0/24 exact; } then damping dry; } term usual { then damping usual; } } policy-statement export_client { term my_nets { from policy agrregate2bgp; then accept; } term reject_common { from policy bgp_reject_common; then reject; } term all_other { from policy pass-all; then accept; } } policy-statement export_common_peer { term my_nets { from { prefix-list-filter bgp_my_as250 orlonger; } then accept; } term my_clients { from { prefix-list-filter bgp_client_as222 orlonger; } then accept; } term any { then reject; } } policy-statement import_client_as222 { term client { from { next-hop 33.11.11.2; as-path as222; route-filter 22.22.22.0/23 orlonger; } then accept; } term other { then reject; } } policy-statement import_common_peer { term reject_common { from policy bgp_reject_common; then reject; } term accept { from policy pass-all; then accept; } } policy-statement pass-all { term pass_all { from protocol bgp; then accept; } } policy-statement peer_as750 { term no_your_as { from { next-hop 23.23.1.1; as-path as750; policy import_common_peer; } then accept; } term other { then reject; } } community myself members 250:*; as-path private_as .*64512-65534.*; as-path private_as32bit .*4200000000-4294967294.*; as-path as222 222; as-path as750 750.*; damping dry { disable; } damping aggressive { half-life 30; suppress 2000; } damping usual { half-life 10; reuse 2000; suppress 6000; } } security { authentication-key-chains { key-chain bgp { tolerance 86400; key 1 { secret "$9$GbDqm69AuBIAtu1hyW8X7-w4ZiHm"; ## SECRET-DATA start-time "2015-1-1.00:00:00 +0000"; } } } } firewall { family inet { filter filter_bgp179 { term 1 { from { source-address { 33.11.11.2/32; 23.23.1.1/32; } destination-port bgp; } then { policer limit-bgp; accept; } } term 2 { from { source-address { 0.0.0.0/0; } destination-port bgp; } then { reject; } } term 3 { then accept; } } } policer limit-bgp { if-exceeding { bandwidth-limit 128k; burst-size-limit 32k; } then discard; } filter ttl-security { term gtsm { from { source-address { 23.23.1.1/32; } protocol tcp; ttl-except 255; port 179; } then { discard; } } term else { then accept; } } }