Configuring Private and Exchange Peers on ISP Router 1 and 2
ISP Router 1 and ISP Router 2 each have two policies configured: the
private-peerspolicy and theexchange-peerspolicy. Because of their similar configurations, this example describes the configuration for only ISP Router 2.On ISP Router 2, the
private-peerspolicy sends the ISP customer routes to the Private Peer 2 router. The policy accepts all local static routes (local ISP Router 2 customers) and all BGP routes in the192.168.0/17range (advertised by other ISP routers). These two terms represent the ISP customer routes. The final term rejects all other routes, which includes the entire Internet routing table sent by the exchange peers. These routes do not need to be sent to Private Peer 2 for two reasons:
- The peer already maintains a connection to Exchange Peer 2 in our example, so the routes are redundant.
- The Private Peer wants customer routes only. The
private-peerspolicy accomplishes this goal. Theexchange-peerspolicy sends routes to the Exchange Peer 2 router.In the example, only two routes need to be sent to Exchange Peer 2:
- The aggregate route that represents the AS 1000 routing space of
192.168.0/17. This route is configured as an aggregate route locally and is advertised by theexchange-peerspolicy.- The address space assigned to Customer 2,
192.168.64/22. This smaller aggregate route needs to be sent to Exchange Peer 2 because the customer is also attached to the AS 8000 peer (Private Peer 2).Sending these two routes to Exchange Peer 2 allows other networks in the Internet to reach the customer through either the ISP or the Private Peer. If just the Private Peer were to advertise the
/22network while the ISP maintained only its/17aggregate, then all traffic destined for the customer would transit AS 8000 only. Because the customer also wants routes from the ISP, the192.168.64/22route is announced by ISP Router 2. Like the larger aggregate route, the192.168.64/22route is configured locally and is advertised by theexchange-peerspolicy. The final term in that policy rejects all routes, including the specific customer networks of the ISP, the customer routes from Private Peer 1, the customer routes from
Private Peer 2, and the routing table from Exchange Peer 1. In essence, this final term prevents the ISP from performing transit services for the Internet at large.[edit]routing-options {static {route 192.168.32.0/22 reject;route 192.168.36.0/22 reject;route 192.168.40.0/22 reject;route 192.168.44.0/22 reject;route 192.168.48.0/22 reject;route 192.168.52.0/22 reject;route 192.168.32.0/21 reject;route 192.168.40.0/21 reject;route 192.168.48.0/21 reject;}aggregate {route 192.168.0.0/17;route 192.168.64.0/22;}autonomous-system 1000;}protocols {bgp {group Internal-Peers {type internal;local-address 192.168.0.2;export internal-peers;neighbor 192.168.0.1;neighbor 192.168.0.3;}group AS8000-Peers {type external;export private-peers;peer-as 8000;neighbor 10.222.45.2;}group AS22222-Peers {type external;export exchange-peers;peer-as 22222;neighbor 10.222.46.1;}}isis {level 1 disable;interface so-0/0/0.0;interface ge-0/2/0.0;interface lo0.0;}}policy-options {policy-statement internal-peers {term statics {from protocol static;then accept;}term next-hop-self {then {next-hop self;}}}policy-statement private-peers {term statics {from protocol static;then accept;}term isp-and-customer-routes {from {protocol bgp;route-filter 192.168.0.0/17 orlonger;}then accept;}term reject-all {then reject;}}policy-statement exchange-peers {term AS1000-Aggregate {from {protocol aggregate;route-filter 192.168.0.0/17 exact;}then accept;}term Customer-2-Aggregate {from {protocol aggregate;route-filter 192.168.64.0/22 exact;}then accept;}term reject-all-other-routes {then reject;}}}