Example: Using Routing Policy in an ISP Network
This example is a case study in how routing policies might be used in a typical Internet service provider (ISP) network.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
In this network example, the ISP’s AS number is 64510. The ISP has two transit peers (AS 64514 and AS 64515) to which it connects at an exchange point. The ISP is also connected to two private peers (AS 64513 and AS 64516) with which it exchanges specific customer routes. The ISP has two customers (AS 64511 and AS 64512).
The ISP policies are configured in an outbound direction. That is, the example focuses on the routes that the ISP announces to its peers and customers, and includes the following:
The ISP has been assigned AS 64510 and the routing space of 172.16.32.0/21. With the exception of the two customer networks, all other customer routes are simulated with static routes.
The exchange peers are used for transit service to other portions of the Internet. This means that the ISP is accepting all routes (the full Internet routing table) from those BGP peers. To help maintain an optimized Internet routing table, the ISP is configured to advertise only two aggregate routes to the transit peers.
The ISP administrators want all data to the private peers to use the direct links. As a result, all the customer routes from the ISP are advertised to those private peers. These peers then advertise all their customer routes to the ISP.
Finally, each customer has a different set of requirements. Customer-1 requires a singe default route. Customer-2 requires specific routes.
Set Commands for All Devices in the Topology
CLI Quick Configuration
To quickly configure this
example, copy the following commands, paste them into a text file,
remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the
CLI at the [edit] hierarchy level.
Device Customer-1
set interfaces fe-1/2/3 unit 0 description to_ISP-3 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.8/32 set protocols bgp group ext type external set protocols bgp group ext export send-statics set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.1.0.5 set policy-options policy-statement send-statics term static-routes from protocol static set policy-options policy-statement send-statics term static-routes then accept set routing-options static route 172.16.40.0/25 reject set routing-options static route 172.16.40.128/25 reject set routing-options static route 172.16.41.0/25 reject set routing-options static route 172.16.41.128/25 reject set routing-options autonomous-system 64511
Device Customer-2
set interfaces fe-1/2/1 unit 0 description to_ISP-3 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.10/30 set interfaces fe-1/2/0 unit 0 description to-Private-Peer-2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.21/30 set interfaces lo0 unit 0 family inet address 192.168.0.9/32 set protocols bgp group ext type external set protocols bgp group ext import inbound-routes set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.0.0.9 peer-as 64510 set protocols bgp group ext neighbor 10.0.0.22 peer-as 64516 set policy-options policy-statement inbound-routes term AS64510-primary from protocol bgp set policy-options policy-statement inbound-routes term AS64510-primary from as-path AS64510-routes set policy-options policy-statement inbound-routes term AS64510-primary then local-preference 200 set policy-options policy-statement inbound-routes term AS64510-primary then accept set policy-options policy-statement inbound-routes term AS64516-backup from protocol bgp set policy-options policy-statement inbound-routes term AS64516-backup from as-path AS64516-routes set policy-options policy-statement inbound-routes term AS64516-backup then local-preference 50 set policy-options policy-statement inbound-routes term AS64516-backup then accept set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term internal-bgp-routes from protocol bgp set policy-options policy-statement outbound-routes term internal-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term internal-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64510-routes "64510 .*" set policy-options as-path AS64516-routes "64516 .*" set routing-options static route 172.16.44.0/26 reject set routing-options static route 172.16.44.64/26 reject set routing-options static route 172.16.44.128/26 reject set routing-options static route 172.16.44.192/26 reject set routing-options autonomous-system 64512
Device ISP-1
set interfaces fe-1/2/0 unit 0 description to_ISP-3 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces fe-1/2/1 unit 0 description to_ISP-2 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.2/30 set interfaces fe-1/2/2 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.2/30 set interfaces fe-1/2/3 unit 0 description to_Exchange-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.1 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group to_64513 type external set protocols bgp group to_64513 export private-peer set protocols bgp group to_64513 peer-as 64513 set protocols bgp group to_64513 neighbor 10.2.0.1 set protocols bgp group to_64514 type external set protocols bgp group to_64514 export exchange-peer set protocols bgp group to_64514 peer-as 64514 set protocols bgp group to_64514 neighbor 10.2.0.5 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.40.0/22 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.32.0/24 reject set routing-options static route 172.16.33.0/24 reject set routing-options aggregate route 172.16.32.0/21 set routing-options aggregate route 172.16.40.0/22 set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510
Device ISP-2
set interfaces fe-1/2/1 unit 0 description to_ISP-1 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-3 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.6/30 set interfaces fe-1/2/3 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.6/30 set interfaces fe-1/2/0 unit 0 description to_Exchange-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.2/30 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.2 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group AS-64516 type external set protocols bgp group AS-64516 export private-peer set protocols bgp group AS-64516 peer-as 64516 set protocols bgp group AS-64516 neighbor 10.3.0.5 set protocols bgp group AS-64515 type external set protocols bgp group AS-64515 export exchange-peer set protocols bgp group AS-64515 peer-as 64515 set protocols bgp group AS-64515 neighbor 10.3.0.1 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.34.0/24 reject set routing-options static route 172.16.35.0/24 reject set routing-options aggregate route 172.16.44.0/23 set routing-options aggregate route 172.16.32.0/21 set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64510
Device ISP-3
set interfaces fe-1/2/0 unit 0 description to_ISP-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-2 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.5/30 set interfaces fe-1/2/3 unit 0 description to_Customer-1 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.5/30 set interfaces fe-1/2/1 unit 0 description to_Customer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.3 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group to_64511 type external set protocols bgp group to_64511 export customer-1-peer set protocols bgp group to_64511 neighbor 10.1.0.6 peer-as 64511 set protocols bgp group to_64512 type external set protocols bgp group to_64512 export customer-2-peer set protocols bgp group to_64512 neighbor 10.0.0.10 peer-as 64512 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement customer-1-peer term defaut-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-1-peer term defaut-route then accept set policy-options policy-statement customer-1-peer term reject-all-other-routes then reject set policy-options policy-statement customer-2-peer term statics from protocol static set policy-options policy-statement customer-2-peer term statics then accept set policy-options policy-statement customer-2-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement customer-2-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement customer-2-peer term isp-and-customer-routes then accept set policy-options policy-statement customer-2-peer term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-2-peer term default-route then accept set policy-options policy-statement customer-2-peer term reject-all-other-routes then reject set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes from route-filter 172.16.8.0/21 exact set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next then next-hop self set routing-options static route 172.16.36.0/24 reject set routing-options static route 172.16.37.0/24 reject set routing-options static route 172.16.38.0/24 reject set routing-options static route 172.16.39.0/24 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options router-id 192.168.0.3 set routing-options autonomous-system 64510
Device Exchange-1
set interfaces fe-1/2/3 unit 0 description to_ISP-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.5/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-2 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.42/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.45/30 set interfaces lo0 unit 0 family inet address 192.168.0.6/32 set protocols bgp group ext type external set protocols bgp group ext export send-static set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.6 set protocols bgp group ext neighbor 10.3.0.41 peer-as 64515 set policy-options policy-statement send-static from protocol static set policy-options policy-statement send-static then accept set routing-options static route 172.16.8.0/21 reject set routing-options autonomous-system 64514
Device Exchange-2
set interfaces fe-1/2/0 unit 0 description to_ISP-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.1/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-1 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.41/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.49/30 set interfaces lo0 unit 0 family inet address 192.168.0.7/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.3.0.2 peer-as 64510 set protocols bgp group ext neighbor 10.3.0.50 peer-as 64516 set protocols bgp group ext neighbor 10.3.0.42 peer-as 64514 set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set routing-options autonomous-system 64515 set routing-options static route 172.16.16.0/21 reject
Device Private-Peer-1
set interfaces fe-1/2/2 unit 0 description to_ISP-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.1/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.46/30 set interfaces lo0 unit 0 family inet address 192.168.0.4/32 set protocols bgp group ext type external set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.2 set routing-options autonomous-system 64513
Device Private-Peer-2
set interfaces fe-1/2/3 unit 0 description to_ISP-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.5/30 set interfaces fe-1/2/0 unit 0 description to_Customer-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.22/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.50/30 set interfaces lo0 unit 0 family inet address 192.168.0.5/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.3.0.6 set protocols bgp group to-64512 type external set protocols bgp group to-64512 peer-as 64512 set protocols bgp group to-64512 neighbor 10.0.0.21 set protocols bgp group to-64512 export internal-routes set protocols bgp group to-64515 type external set protocols bgp group to-64515 export outbound-routes set protocols bgp group to-64515 peer-as 64515 set protocols bgp group to-64515 neighbor 10.3.0.49 set policy-options policy-statement if-upstream-routes-exist term as-64515-routes from route-filter 172.16.16.0/21 exact set policy-options policy-statement if-upstream-routes-exist term as-64515-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-routes term statics from protocol static set policy-options policy-statement internal-routes term statics then accept set policy-options policy-statement internal-routes term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement internal-routes term default-route then accept set policy-options policy-statement internal-routes term reject-all-other-routes then reject set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path AS64512-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64512-routes 64512 set routing-options static route 172.16.24.0/25 reject set routing-options static route 172.16.24.128/25 reject set routing-options static route 172.16.25.0/26 reject set routing-options static route 172.16.25.64/26 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options autonomous-system 64516
Configuring Device Customer-1
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Device Customer-1 has multiple static routes configured to simulate customer routes. These routes are sent to the ISP.
To configure Device Customer-1:
Configure the device interfaces.
[edit interfaces] user@Customer-1# set fe-1/2/3 unit 0 description to_ISP-3 user@Customer-1# set fe-1/2/3 unit 0 family inet address 10.1.0.6/30 user@Customer-1# set lo0 unit 0 family inet address 192.168.0.8/32
Configure the static routes.
[edit routing-options static] user@Customer-1# set route 172.16.40.0/25 reject user@Customer-1# set route 172.16.40.128/25 reject user@Customer-1# set route 172.16.41.0/25 reject user@Customer-1# set route 172.16.41.128/25 reject
Configure the policy to send static routes.
[edit policy-options policy-statement send-statics term static-routes] user@Customer-1# set from protocol static user@Customer-1# set then accept
Configure the external BGP (EBGP) connection to the ISP.
[edit protocols bgp group ext] user@Customer-1# set type external user@Customer-1# set export send-statics user@Customer-1# set peer-as 64510 user@Customer-1# set neighbor 10.1.0.5
Configure the autonomous system (AS) number.
[edit routing-options] user@Customer-1# set autonomous-system 64511
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@Customer-1# show interfaces
fe-1/2/1 {
unit 0 {
description to_ISP-3;
family inet {
address 10.1.0.6/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.8/32;
}
}
}
user@Customer-1# show protocols
bgp {
group ext {
type external;
export send-statics;
peer-as 64510;
neighbor 10.1.0.5;
}
}
user@Customer-1# show policy-options
policy-statement send-statics {
term static-routes {
from protocol static;
then accept;
}
}
user@Customer-1# show routing-options
static {
route 172.16.40.0/25 reject;
route 172.16.40.128/25 reject;
route 172.16.41.0/25 reject;
route 172.16.41.128/25 reject;
}
autonomous-system 64511;
If you are done configuring the device, enter commit from configuration mode.
Configuring Device Customer-2
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Device Customer-2 has two static routes configured to simulate customer routes. These routes are sent to the ISP. Customer-2 has a link to the ISP, as well as a link to AS 8000. This customer has requested specific customer routes from the ISP, as well as from AS 64516. Customer-2 wants to use the ISP for transit service to the Internet, and has requested a default route from the ISP.
To configure Device Customer-2:
Configure the device interfaces.
[edit interfaces] user@Customer-2# set fe-1/2/1 unit 0 description to_ISP-3 user@Customer-2# set fe-1/2/1 unit 0 family inet address 10.0.0.10/30 user@Customer-2# set fe-1/2/0 unit 0 description to-Private-Peer-2 user@Customer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.21/30 user@Customer-2# set lo0 unit 0 family inet address 192.168.0.9/32
Configure the static routes.
[edit routing-options static] user@Customer-2# set route 172.16.44.0/26 reject user@Customer-2# set route 172.16.44.64/26 reject user@Customer-2# set route 172.16.44.128/26 reject user@Customer-2# set route 172.16.44.192/26 reject
Configure the import routing policy.
The route with the highest local preference value is preferred. Routes from the ISP are preferred over the same routes from Device Private-Peer-2
[edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64510-primary from protocol bgp user@Customer-2# set term AS64510-primary from as-path AS64510-routes user@Customer-2# set term AS64510-primary then local-preference 200 user@Customer-2# set term AS64510-primary then accept [edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64516-backup from protocol bgp user@Customer-2# set term AS64516-backup from as-path AS64516-routes user@Customer-2# set term AS64516-backup then local-preference 50 user@Customer-2# set term AS64516-backup then accept [edit policy-options] user@Customer-2# set as-path AS64510-routes "64510 .*" user@Customer-2# set as-path AS64516-routes "64516 .*"
Configure the export routing policy.
[edit policy-options policy-statement outbound-routes] user@Customer-2# set term statics from protocol static user@Customer-2# set term statics then accept user@Customer-2# set term internal-bgp-routes from protocol bgp user@Customer-2# set term internal-bgp-routes from as-path my-own-routes user@Customer-2# set term internal-bgp-routes then accept user@Customer-2# set term no-transit then reject [edit policy-options] user@Customer-2# set as-path my-own-routes "()"
Configure the external BGP (EBGP) connection to the ISP and to Device Private-Peer-2.
[edit protocols bgp group ext] user@Customer-2# set type external user@Customer-2# set import inbound-routes user@Customer-2# set export outbound-routes user@Customer-2# set neighbor 10.0.0.9 peer-as 64510 user@Customer-2# set neighbor 10.0.0.22 peer-as 64516
Configure the autonomous system (AS) number.
[edit routing-options] user@Customer-2# set autonomous-system 64512
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@Customer-2# show interfaces
fe-1/2/1 {
unit 0 {
description to_ISP-3;
family inet {
address 10.0.0.10/30;
}
}
}
fe-1/2/0 {
unit 0 {
description to-Private-Peer-2;
family inet {
address 10.0.0.21/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.9/32;
}
}
}
user@Customer-2# show protocols
bgp {
group ext {
type external;
import inbound-routes;
export outbound-routes;
neighbor 10.0.0.9 {
peer-as 64510;
}
neighbor 10.0.0.22 {
peer-as 64516;
}
}
}
user@Customer-2# show policy-options
policy-statement inbound-routes {
term AS64510-primary {
from {
protocol bgp;
as-path AS64510-routes;
}
then {
local-preference 200;
accept;
}
}
term AS64516-backup {
from {
protocol bgp;
as-path AS64516-routes;
}
then {
local-preference 50;
accept;
}
}
}
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
term internal-bgp-routes {
from {
protocol bgp;
as-path my-own-routes;
}
then accept;
}
term no-transit {
then reject;
}
}
as-path my-own-routes "()";
as-path AS64510-routes "64510 .*";
as-path AS64516-routes "64516 .*";
user@Customer-2# show routing-options
static {
route 172.16.44.0/26 reject;
route 172.16.44.64/26 reject;
route 172.16.44.128/26 reject;
route 172.16.44.192/26 reject;
}
autonomous-system 64512;
If you are done configuring the device, enter commit from configuration mode.
Configuring Devices ISP-1 and ISP-2
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Device ISP-1 and Device ISP-2 each have two policies configured:
The private-peer policy and the exchange-peer policy. Because of their similar configurations, this example shows
the step-by-step configuration only for Device ISP-2.
On Device ISP-2, the private-peer policy sends the ISP customer routes to Device Private-Peer-2. The policy accepts all local static routes (local Device ISP-2 customers) and all BGP routes in the 172.16.32.0/21 range (advertised by other ISP routers). These two policy terms represent the ISP customer routes. The final policy term rejects all other routes, which includes the entire Internet routing table sent by the exchange peers. These routes do not need to be sent to Device Private-Peer-2 for two reasons:
The peer already maintains a connection to Device Exchange-2 in our example, so the routes are redundant.
The private peer wants customer routes only. The
private-peerpolicy accomplishes this goal. Theexchange-peerpolicy sends routes to Device Exchange-2.
In the example, only two routes need to be sent to Device Exchange-2:
The aggregate route that represents the AS 64510 routing space of 172.16.32.0/21. This route is configured as an aggregate route locally and is advertised by the
exchange-peerpolicy.The address space assigned to Customer-2, 172.16.44.0/23. This smaller aggregate route needs to be sent to Device Exchange-2 because the customer is also attached to the AS 64516 peer (Device Private-Peer-2).
Sending these two routes to Device Exchange-2 allows other networks in the Internet to reach the customer through either the ISP or the private peer. If just the private peer were to advertise the /23 network while the ISP maintained only its /21 aggregate, all traffic destined for the customer would transit AS 64516 only. Because the customer also wants routes from the ISP, the 172.16.44.0/23 route is announced by Device ISP-2. Like the larger aggregate route, the 172.16.44.0/23 route is configured locally and is advertised by the exchange-peer policy. The final term in that policy rejects all routes, including the specific customer networks of the ISP, the customer routes from Device Private-Peer-1, the customer routes from Device Private-Peer-2, and the routing table from Device Exchange-1. In essence, this final term prevents the ISP from performing transit services for the Internet at large.
To configure Device ISP-2:
Configure the device interfaces.
[edit interfaces] user@ISP-2# set fe-1/2/1 unit 0 description to_ISP-1 user@ISP-2# set fe-1/2/1 unit 0 family inet address 10.1.0.1/30 user@ISP-2# set fe-1/2/2 unit 0 description to_ISP-3 user@ISP-2# set fe-1/2/2 unit 0 family inet address 10.0.0.6/30 user@ISP-2# set fe-1/2/3 unit 0 description to_Private-Peer-2 user@ISP-2# set fe-1/2/3 unit 0 family inet address 10.3.0.6/30 user@ISP-2# set fe-1/2/0 unit 0 description to_Exchange-2 user@ISP-2# set fe-1/2/0 unit 0 family inet address 10.3.0.2/30 user@ISP-2# set lo0 unit 0 family inet address 192.168.0.2/32
Configure the interior gateway protocol (IGP).
[edit protocols ospf area 0.0.0.0] user@ISP-2# set interface fe-1/2/2.0 user@ISP-2# set interface fe-1/2/1.0 user@ISP-2# set interface lo0.0 passive
Configure the static and aggregate routes.
[edit routing-options static] user@ISP-2# set route 172.16.34.0/24 reject user@ISP-2# set route 172.16.35.0/24 reject [edit routing-options aggregate] user@ISP-2# set route 172.16.44.0/23 user@ISP-2# set route 172.16.32.0/21
Configure the routing policies for the exchange peers.
[edit policy-options policy-statement exchange-peer] user@ISP-2# set term AS64510-Aggregate from protocol aggregate user@ISP-2# set term AS64510-Aggregate from route-filter 172.16.32.0/21 exact user@ISP-2# set term AS64510-Aggregate then accept user@ISP-2# set term Customer-2-Aggregate from protocol aggregate user@ISP-2# set term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact user@ISP-2# set term Customer-2-Aggregate then accept user@ISP-2# set term reject-all-other-routes then reject
Configure the routing policies for the internal peers.
[edit policy-options policy-statement internal-peers] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term next-hop-self then next-hop self
Configure the routing policies for the private peer.
[edit policy-options policy-statement private-peer] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term isp-and-customer-routes from protocol bgp user@ISP-2# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-2# set term isp-and-customer-routes then accept user@ISP-2# set term reject-all then reject
Configure the internal BGP (IBGP) connections to the other ISP devices.
[edit protocols bgp group int] user@ISP-2# set type internal user@ISP-2# set local-address 192.168.0.2 user@ISP-2# set export internal-peers user@ISP-2# set neighbor 192.168.0.1 user@ISP-2# set neighbor 192.168.0.3
Configure the EBGP connections to the exchange peer and the private peer.
[edit protocols bgp group AS-64516] user@ISP-2# set type external user@ISP-2# set export private-peer user@ISP-2# set peer-as 64516 user@ISP-2# set neighbor 10.3.0.5 [edit protocols bgp group AS-64515] user@ISP-2# set type external user@ISP-2# set export exchange-peer user@ISP-2# set peer-as 64515 user@ISP-2# set neighbor 10.3.0.1
Configure the autonomous system (AS) number and the router ID.
[edit routing-options] user@ISP-2# set router-id 192.168.0.2 user@ISP-2# set autonomous-system 64510
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@ISP-2# show interfaces
fe-1/2/0 {
unit 0{
description to_Exchange-2;
family inet {
address 10.3.0.2/30;
}
}
}
fe-1/2/1 {
unit 0{
description to_ISP-1;
family inet {
address 10.1.0.1/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_ISP-3;
family inet {
address 10.0.0.6/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_Private-Peer-2;
family inet {
address 10.3.0.6/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.2/32;
}
}
}
user@ISP-2# show protocols
bgp {
group int {
type internal;
local-address 192.168.0.2;
export internal-peers;
neighbor 192.168.0.1;
neighbor 192.168.0.3;
}
group AS-64516 {
type external;
export private-peer;
peer-as 64516;
neighbor 10.3.0.5;
}
group AS-64515 {
type external;
export exchange-peer;
peer-as 64515;
neighbor 10.3.0.1;
}
}
ospf {
area 0.0.0.0 {
interface fe-1/2/2.0;
interface fe-1/2/1.0;
interface lo0.0 {
passive;
}
}
}
user@ISP-2# show policy-options
policy-statement exchange-peer {
term AS64510-Aggregate {
from {
protocol aggregate;
route-filter 172.16.32.0/21 exact;
}
then accept;
}
term Customer-2-Aggregate {
from {
protocol aggregate;
route-filter 172.16.44.0/23 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-peers {
term statics {
from protocol static;
then accept;
}
term next-hop-self {
then {
next-hop self;
}
}
}
policy-statement private-peer {
term statics {
from protocol static;
then accept;
}
term isp-and-customer-routes {
from {
protocol bgp;
route-filter 172.16.32.0/21 orlonger;
}
then accept;
}
term reject-all {
then reject;
}
}
user@ISP-2# show routing-options
static {
route 172.16.34.0/24 reject;
route 172.16.35.0/24 reject;
}
aggregate {
route 172.16.44.0/23;
route 172.16.32.0/21;
}
router-id 192.168.0.2;
autonomous-system 64510;
If you are done configuring the device, enter commit from configuration mode.
Configuring Device ISP-3
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
On Device ISP-3, a separate policy is in place for each customer.
The default route for Customer-1 is being sent by the customer-1-peer policy. This policy finds the 0.0.0.0/0 default route in inet.0
and accepts it. The policy also rejects all other routes, thereby
not sending all BGP routes on the ISP router. The customer-2-peer policy is for Customer-2 and contains the same policy terms, which
also send the default route and no other transit BGP routes. The additional
terms in the customer-2-peer policy send the ISP customer
routes to Customer-2. Because there are local static routes on Device
ISP-3 that represent local customers, these routes are sent as well
as all other internal routes announced to the local router by the
other ISP routers.
If the upstream route from Device Exchange-1 (172.16.8.0/21) is present, Device ISP-3 generates a default route.
To configure Device ISP-3:
Configure the device interfaces.
[edit interfaces] user@ISP-3# set fe-1/2/0 unit 0 description to_ISP-1 user@ISP-3# set fe-1/2/0 unit 0 family inet address 10.0.0.1/30 user@ISP-3# set fe-1/2/2 unit 0 description to_ISP-2 user@ISP-3# set fe-1/2/2 unit 0 family inet address 10.0.0.5/30 user@ISP-3# set fe-1/2/3 unit 0 description to_Customer-1 user@ISP-3# set fe-1/2/3 unit 0 family inet address 10.1.0.5/30 user@ISP-3# set fe-1/2/1 unit 0 description to_Customer-2 user@ISP-3# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30 user@ISP-3# set lo0 unit 0 family inet address 192.168.0.3/32
Configure the interior gateway protocol (IGP).
[edit protocols ospf area 0.0.0.0] user@ISP-3# set interface fe-1/2/0.0 user@ISP-3# set interface fe-1/2/2.0 user@ISP-3# set interface lo0.0 passive
Configure the static routes.
[edit routing-options static] user@ISP-3# set route 172.16.36.0/24 reject user@ISP-3# set route 172.16.37.0/24 reject user@ISP-3# set route 172.16.38.0/24 reject user@ISP-3# set route 172.16.39.0/24 reject
Configure a routing policy that generates a default static route only if a certain upstream route exists.
[edit policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes] user@ISP-3# set from route-filter 172.16.8.0/21 exact user@ISP-3# set then accept [edit policy-options policy-statement if-upstream-routes-exist] user@ISP-3# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@ISP-3# set policy if-upstream-routes-exist
Configure the routing policy for Customer-1.
[edit policy-options policy-statement customer-1-peer] user@ISP-3# set term defaut-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term defaut-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configure the routing policy for Customer-2.
[edit policy-options policy-statement customer-2-peer] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term isp-and-customer-routes from protocol bgp user@ISP-3# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-3# set term isp-and-customer-routes then accept user@ISP-3# set term default-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term default-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configure the routing policies for the internal peers.
[edit policy-options policy-statement internal-peers] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term next then next-hop self
Configure the internal BGP (IBGP) connections to the other ISP devices.
[edit protocols bgp group int] user@ISP-3# set type internal user@ISP-3# set local-address 192.168.0.3 user@ISP-3# set export internal-peers user@ISP-3# set neighbor 192.168.0.1 user@ISP-3# set neighbor 192.168.0.2
Configure the EBGP connections to the customer peers.
[edit protocols bgp group to_64511] user@ISP-3# set type external user@ISP-3# set export customer-1-peer user@ISP-3# set neighbor 10.1.0.6 peer-as 64511 [edit protocols bgp group to_64512] user@ISP-3# set type external user@ISP-3# set export customer-2-peer user@ISP-3# set neighbor 10.0.0.10 peer-as 64512
Configure the autonomous system (AS) number and the router ID.
[edit routing-options] user@ISP-3# set router-id 192.168.0.3 user@ISP-3# set autonomous-system 64510
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@ISP-3# show interfaces
fe-1/2/0 {
unit 0 {
description to_ISP-1;
family inet {
address 10.0.0.1/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Customer-2;
family inet {
address 10.0.0.9/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_ISP-2;
family inet {
address 10.0.0.5/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_Customer-1;
family inet {
address 10.1.0.5/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.3/32;
}
}
}
user@ISP-3# show protocols
bgp {
group int {
type internal;
local-address 192.168.0.3;
export internal-peers;
neighbor 192.168.0.1;
neighbor 192.168.0.2;
}
group to_64511 {
type external;
export customer-1-peer;
neighbor 10.1.0.6 {
peer-as 64511;
}
}
group to_64512 {
type external;
export customer-2-peer;
neighbor 10.0.0.10 {
peer-as 64512;
}
}
}
ospf {
area 0.0.0.0 {
interface fe-1/2/0.0;
interface fe-1/2/2.0;
interface lo0.0 {
passive;
}
}
}
user@ISP-3# show policy-options
policy-statement customer-1-peer {
term defaut-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement customer-2-peer {
term statics {
from protocol static;
then accept;
}
term isp-and-customer-routes {
from {
protocol bgp;
route-filter 172.16.32.0/21 orlonger;
}
then accept;
}
term default-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement if-upstream-routes-exist {
term only-certain-contributing-routes {
from {
route-filter 172.16.8.0/21 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-peers {
term statics {
from protocol static;
then accept;
}
term next {
then {
next-hop self;
}
}
}
user@ISP-3# show routing-options
static {
route 172.16.36.0/24 reject;
route 172.16.37.0/24 reject;
route 172.16.38.0/24 reject;
route 172.16.39.0/24 reject;
}
generate {
route 0.0.0.0/0 policy if-upstream-routes-exist;
}
router-id 192.168.0.3;
autonomous-system 64510;
If you are done configuring the device, enter commit from configuration mode.
Configuring Device Exchange-2
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Device Exchange-2 exchanges all BGP routes with all BGP peers.
The outbound-routes policy for Device Exchange-2 advertises locally
defined static routes using BGP. The exclusion of a final then
reject term causes the default BGP export policy to take effect,
which is to send all BGP routes to all external BGP peers.
To configure Device Exchange-2:
Configure the device interfaces.
[edit interfaces] user@Exchange-2# set fe-1/2/0 unit 0 description to_ISP-2 user@Exchange-2# set fe-1/2/0 unit 0 family inet address 10.3.0.1/30 user@Exchange-2# set fe-1/2/2 unit 0 description to_Exchange-1 user@Exchange-2# set fe-1/2/2 unit 0 family inet address 10.3.0.41/30 user@Exchange-2# set fe-1/2/1 unit 0 description to_Private-Peer-2 user@Exchange-2# set fe-1/2/1 unit 0 family inet address 10.3.0.49/30 user@Exchange-2# set lo0 unit 0 family inet address 192.168.0.7/32
Configure the static routes.
[edit routing-options static] set route 172.16.16.0/21 reject
Configure a routing policy that generates a default static route only if certain internal routes exist.
[edit policy-options policy-statement outbound-routes term statics] user@Exchange-2# set from protocol static user@Exchange-2# set then accept
Configure the EBGP connections to the customer peers.
[edit protocols bgp group ext] user@Exchange-2# set type external user@Exchange-2# set export outbound-routes user@Exchange-2# set neighbor 10.3.0.2 peer-as 64510 user@Exchange-2# set neighbor 10.3.0.50 peer-as 64516 user@Exchange-2# set neighbor 10.3.0.42 peer-as 64514
Configure the autonomous system (AS) number.
[edit routing-options] user@Exchange-2# set autonomous-system 64515
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@Exchange-2 show interfaces
fe-1/2/0 {
unit 0 {
description to_ISP-2;
family inet {
address 10.3.0.1/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Private-Peer-2;
family inet {
address 10.3.0.49/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_Exchange-1;
family inet {
address 10.3.0.41/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.7/32;
}
}
}
user@Exchange-2# show protocols
bgp {
group ext {
type external;
export outbound-routes;
neighbor 10.3.0.2 {
peer-as 64510;
}
neighbor 10.3.0.50 {
peer-as 64516;
}
neighbor 10.3.0.42 {
peer-as 64514;
}
}
}
user@Exchange-2# show policy-options
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
}
user@Exchange-2# show routing-options
static {
route 172.16.16.0/21 reject;
}
autonomous-system 64515;
If you are done configuring the device, enter commit from configuration mode.
Configuring Device Private-Peer-2
Procedure
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Device Private-Peer-2 performs two main functions:
Advertises routes local to AS 64516 to both the exchange peers and the ISP routers. The
outbound-routespolicy advertises the local static routes (that is, customers) on the router, and also advertises all routes learned by BGP that originated in either AS 64516 or AS 64512. These routes include other AS 64516 customer routes in addition to the AS 64512 customer. The AS routes are identified by an AS path regular expression match criteria in the policy.Advertises the 0.0.0.0/0 default route to the AS 64512 customer router. To accomplish this, the private peer creates a generated route for 0.0.0.0/0 locally on the router. This generated route is further assigned a policy called
if-upstream-routes-exist, which allows only certain routes to contribute to the generated route, making it an active route in the routing table. Once the route is active, it can be sent to the AS 64512 router using BGP and the configured policies. Theif-upstream-routes-existpolicy accepts only the 172.16.32.0/21 route from Device Exchange-2, and rejects all other routes. If the 172.16.32.0/21 route is withdrawn by the exchange peer, the private peer loses the 0.0.0.0/0 default route and withdraws the default route from the AS 64512 customer router.
To configure Device Private-Peer-2:
Configure the device interfaces.
[edit interfaces] user@Private-Peer-2# set fe-1/2/3 unit 0 description to_ISP-2 user@Private-Peer-2# set fe-1/2/3 unit 0 family inet address 10.3.0.5/30 user@Private-Peer-2# set fe-1/2/0 unit 0 description to_Customer-1 user@Private-Peer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.22/30 user@Private-Peer-2# set fe-1/2/1 unit 0 description to_Exchange-2 user@Private-Peer-2# set fe-1/2/1 unit 0 family inet address 10.3.0.50/30 user@Private-Peer-2# set lo0 unit 0 family inet address 192.168.0.5/32
Configure the static routes.
[edit routing-options static] user@Private-Peer-2# set route 172.16.24.0/25 reject user@Private-Peer-2# set route 172.16.24.128/25 reject user@Private-Peer-2# set route 172.16.25.0/26 reject user@Private-Peer-2# set route 172.16.25.64/26 reject
Configure a routing policy that generates a default static route only if certain internal routes exist.
[edit policy-options policy-statement if-upstream-routes-exist] user@Private-Peer-2# set term as-64515-routes from route-filter 172.16.16.0/21 exact user@Private-Peer-2# set term as-64515-routes then accept user@Private-Peer-2# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@Private-Peer-2# set policy if-upstream-routes-exist
Configure the routing policy that advertises local static routes and the default route.
[edit policy-options policy-statement internal-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term default-route from route-filter 0.0.0.0/0 exact user@Private-Peer-2# set term default-route then accept user@Private-Peer-2# set term reject-all-other-routes then reject
Configure the routing policy that advertises local customer routes.
[edit policy-options policy-statement outbound-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term allowed-bgp-routes from as-path my-own-routes user@Private-Peer-2# set term allowed-bgp-routes from as-path AS64512-routes user@Private-Peer-2# set term allowed-bgp-routes then accept user@Private-Peer-2# set term no-transit then reject [edit policy-options] user@Private-Peer-2# set as-path my-own-routes "()" user@Private-Peer-2# set as-path AS64512-routes 64512
Configure the EBGP connection to Customer-2.
[edit protocols bgp group to-64512] user@Private-Peer-2# set type external user@Private-Peer-2# set export internal-routes user@Private-Peer-2# set peer-as 64512 user@Private-Peer-2# set neighbor 10.0.0.21
Configure the EBGP connection to Device Exchange-2.
[edit protocols bgp group to-64515] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64515 user@Private-Peer-2# set neighbor 10.3.0.49
Configure the EBGP connections to the ISP.
[edit protocols bgp group ext] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64510 user@Private-Peer-2# set neighbor 10.3.0.6
Configure the autonomous system (AS) number.
[edit routing-options] user@Private-Peer-2# set autonomous-system 64516
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@Private-Peer-2# show interfaces
fe-1/2/0 {
unit 0 {
description to_Customer-1;
family inet {
address 10.0.0.22/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Exchange-2;
family inet {
address 10.3.0.50/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_ISP-2;
family inet {
address 10.3.0.5/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.5/32;
}
}
}
user@Private-Peer-2# show protocols
bgp {
group ext {
type external;
export outbound-routes;
peer-as 64510;
neighbor 10.3.0.6;
}
group to-64512 {
type external;
export internal-routes;
peer-as 64512;
neighbor 10.0.0.21;
}
group to-64515 {
type external;
export outbound-routes;
peer-as 64515;
neighbor 10.3.0.49;
}
}
user@Private-Peer-2# show policy-options
policy-statement if-upstream-routes-exist {
term as-64515-routes {
from {
route-filter 172.16.16.0/21 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-routes {
term statics {
from protocol static;
then accept;
}
term default-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
term allowed-bgp-routes {
from as-path [ my-own-routes AS64512-routes ];
then accept;
}
term no-transit {
then reject;
}
}
as-path my-own-routes "()";
as-path AS64512-routes 64512;
user@Private-Peer-2# show routing-options
static {
route 172.16.24.0/25 reject;
route 172.16.24.128/25 reject;
route 172.16.25.0/26 reject;
route 172.16.25.64/26 reject;
}
generate {
route 0.0.0.0/0 policy if-upstream-routes-exist;
}
autonomous-system 64516;
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Verifying the Routes on Device Customer-1
- Verifying the Routes on Device Customer-2
- Verifying the Routes on Device ISP-1
- Verifying the Routes on Device ISP-2
- Verifying the Routes on Device ISP-3
- Verifying the Routes on Device Exchange-1
- Verifying the Routes on Device Exchange-2
- Verifying the Routes on Device Private-Peer-1
- Verifying the Routes on Device Private-Peer-2
Verifying the Routes on Device Customer-1
Purpose
On Device Customer-1, check the routes in the routing table.
Action
user@Customer-1> show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 00:09:25, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.1.0.5 via fe-1/2/3.0
10.1.0.4/30 *[Direct/0] 23:50:20
> via fe-1/2/3.0
10.1.0.6/32 *[Local/0] 5d 21:56:47
Local via fe-1/2/3.0
172.16.40.0/25 *[Static/5] 22:59:04
Reject
172.16.40.128/25 *[Static/5] 22:59:04
Reject
172.16.41.0/25 *[Static/5] 22:59:04
Reject
172.16.41.128/25 *[Static/5] 22:59:04
Reject
192.168.0.8/32 *[Direct/0] 5d 21:25:45
> via lo0.0Meaning
Device Customer-1 has its four static routes, and it has learned the default route through BGP.
Verifying the Routes on Device Customer-2
Purpose
On Device Customer-2, check the routes in the routing table.
Action
user@Customer-2> show route
inet.0: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 00:10:35, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
10.0.0.8/30 *[Direct/0] 23:51:29
> via fe-1/2/0.10
10.0.0.10/32 *[Local/0] 23:52:49
Local via fe-1/2/0.10
10.0.0.20/30 *[Direct/0] 23:52:49
> via fe-1/2/0.0
10.0.0.21/32 *[Local/0] 23:52:49
Local via fe-1/2/0.0
172.16.24.0/25 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.24.128/25 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.25.0/26 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.25.64/26 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.32.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.33.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.34.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.35.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.36.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.37.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.38.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.39.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.44.0/26 *[Static/5] 22:57:28
Reject
172.16.44.64/26 *[Static/5] 22:57:28
Reject
172.16.44.128/26 *[Static/5] 22:57:28
Reject
172.16.44.192/26 *[Static/5] 22:57:28
Reject
192.168.0.9/32 *[Direct/0] 23:52:49
> via lo0.0Meaning
Device Customer-2 has learned the default route through its session with the ISP and also through its session with the private peer. The route learned from the ISP is preferred because it has a higher local preference.
Verifying the Routes on Device ISP-1
Purpose
On Device ISP-1, check the routes in the routing table.
Action
user@ISP-1> show route
inet.0: 42 destinations, 53 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 22:44:26, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
10.0.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/0.0
10.0.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/0.0
10.0.0.4/30 *[OSPF/10] 23:51:06, metric 2
to 10.1.0.1 via fe-1/2/1.0
> to 10.0.0.1 via fe-1/2/0.0
10.0.0.20/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
10.1.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/1.0
10.1.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/1.0
10.2.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/2.0
10.2.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/2.0
10.2.0.4/30 *[Direct/0] 23:52:00
> via fe-1/2/3.0
10.2.0.6/32 *[Local/0] 23:52:00
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
10.3.0.48/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:11:08, localpref 100
AS path: 64514 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.16.0/21 *[BGP/170] 02:02:10, localpref 100, from 192.168.0.2
AS path: 64515 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 02:02:10, localpref 100
AS path: 64514 64515 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.24.0/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.24.128/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.25.0/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.25.64/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.32.0/21 *[Aggregate/130] 22:44:27
Reject
172.16.32.0/24 *[Static/5] 22:44:27
Reject
172.16.33.0/24 *[Static/5] 22:44:27
Reject
172.16.34.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.35.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.36.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.37.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.38.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.39.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.40.0/22 *[Aggregate/130] 22:44:27
Reject
172.16.40.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.40.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.41.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.41.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.44.0/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.64/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.128/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.192/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
192.168.0.1/32 *[Direct/0] 23:52:01
> via lo0.0
192.168.0.2/32 *[OSPF/10] 23:51:06, metric 1
> to 10.1.0.1 via fe-1/2/1.0
192.168.0.3/32 *[OSPF/10] 23:51:06, metric 1
> to 10.0.0.1 via fe-1/2/0.0
192.168.0.5/32 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.233.5/32 *[OSPF/10] 23:52:07, metric 1
MultiRecvVerifying the Routes on Device ISP-2
Purpose
On Device ISP-2, check the routes in the routing table.
Action
user@ISP-2> show route
inet.0: 41 destinations, 59 routes (41 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 22:45:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
10.0.0.0/30 *[OSPF/10] 23:52:25, metric 2
to 10.0.0.5 via fe-1/2/2.0
> to 10.1.0.2 via fe-1/2/1.0
10.0.0.4/30 *[Direct/0] 23:53:21
> via fe-1/2/2.0
10.0.0.6/32 *[Local/0] 23:53:23
Local via fe-1/2/2.0
10.0.0.20/30 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
10.1.0.0/30 *[Direct/0] 23:53:19
> via fe-1/2/1.0
10.1.0.1/32 *[Local/0] 23:53:23
Local via fe-1/2/1.0
10.3.0.0/30 *[Direct/0] 23:53:22
> via fe-1/2/0.0
10.3.0.2/32 *[Local/0] 23:53:23
Local via fe-1/2/0.0
10.3.0.4/30 *[Direct/0] 23:53:23
> via fe-1/2/3.0
[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
[BGP/170] 23:52:13, localpref 100, from 192.168.0.1
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
10.3.0.6/32 *[Local/0] 23:53:23
Local via fe-1/2/3.0
10.3.0.48/30 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
172.16.8.0/21 *[BGP/170] 00:12:26, localpref 100, from 192.168.0.1
AS path: 64514 I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
[BGP/170] 00:12:26, localpref 100
AS path: 64515 64514 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.16.0/21 *[BGP/170] 02:03:28, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.24.0/25 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.24.128/25 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.25.0/26 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.25.64/26 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.32.0/21 *[Aggregate/130] 22:40:38
Reject
172.16.32.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
172.16.33.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
172.16.34.0/24 *[Static/5] 22:40:38
Reject
172.16.35.0/24 *[Static/5] 22:40:38
Reject
172.16.36.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.37.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.38.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.39.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.40.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.40.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.41.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.41.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.44.0/23 *[Aggregate/130] 22:40:38
Reject
172.16.44.0/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.64/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.128/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.192/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
192.168.0.1/32 *[OSPF/10] 23:52:25, metric 1
> to 10.1.0.2 via fe-1/2/1.0
192.168.0.2/32 *[Direct/0] 23:53:23
> via lo0.0
192.168.0.3/32 *[OSPF/10] 23:52:30, metric 1
> to 10.0.0.5 via fe-1/2/2.0
192.168.0.5/32 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.233.5/32 *[OSPF/10] 23:53:25, metric 1
MultiRecvVerifying the Routes on Device ISP-3
Purpose
On Device ISP-3, check the routes in the routing table.
Action
user@ISP-3> show route
inet.0: 40 destinations, 41 routes (40 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Aggregate/130] 23:53:57, metric2 1
> to 10.0.0.2 via fe-1/2/0.0
[BGP/170] 22:46:17, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
10.0.0.0/30 *[Direct/0] 23:53:52
> via fe-1/2/0.0
10.0.0.1/32 *[Local/0] 23:53:53
Local via fe-1/2/0.0
10.0.0.4/30 *[Direct/0] 23:53:54
> via fe-1/2/2.0
10.0.0.5/32 *[Local/0] 23:53:54
Local via fe-1/2/2.0
10.0.0.8/30 *[Direct/0] 23:53:53
> via fe-1/2/1.0
10.0.0.9/32 *[Local/0] 23:53:53
Local via fe-1/2/1.0
10.0.0.20/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
10.1.0.0/30 *[OSPF/10] 23:53:03, metric 2
> to 10.0.0.6 via fe-1/2/2.0
to 10.0.0.2 via fe-1/2/0.0
10.1.0.4/30 *[Direct/0] 23:53:54
> via fe-1/2/3.0
10.1.0.5/32 *[Local/0] 23:53:54
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:52:46, localpref 100, from 192.168.0.1
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
10.3.0.48/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.8.0/21 *[BGP/170] 00:12:59, localpref 100, from 192.168.0.1
AS path: 64514 I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.16.0/21 *[BGP/170] 02:04:01, localpref 100, from 192.168.0.2
AS path: 64515 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.24.0/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.24.128/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.25.0/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.25.64/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.32.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.33.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.34.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.35.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.36.0/24 *[Static/5] 22:41:11
Reject
172.16.37.0/24 *[Static/5] 22:41:11
Reject
172.16.38.0/24 *[Static/5] 22:41:11
Reject
172.16.39.0/24 *[Static/5] 22:41:11
Reject
172.16.40.0/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.40.128/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.41.0/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.41.128/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.44.0/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.64/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.128/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.192/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
192.168.0.1/32 *[OSPF/10] 23:53:03, metric 1
> to 10.0.0.2 via fe-1/2/0.0
192.168.0.2/32 *[OSPF/10] 23:53:03, metric 1
> to 10.0.0.6 via fe-1/2/2.0
192.168.0.3/32 *[Direct/0] 23:53:54
> via lo0.0
192.168.0.5/32 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.233.5/32 *[OSPF/10] 23:53:58, metric 1
MultiRecvVerifying the Routes on Device Exchange-1
Purpose
On Device Exchange-1, check the routes in the routing table.
Action
user@Exchange-1> show route
inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.20/30 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
10.2.0.4/30 *[Direct/0] 23:54:23
> via fe-1/2/3.0
10.2.0.5/32 *[Local/0] 23:54:29
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
10.3.0.40/30 *[Direct/0] 23:54:27
> via fe-1/2/2.0
10.3.0.42/32 *[Local/0] 23:54:29
Local via fe-1/2/2.0
10.3.0.44/30 *[Direct/0] 23:54:29
> via fe-1/2/1.0
10.3.0.45/32 *[Local/0] 23:54:29
Local via fe-1/2/1.0
172.16.8.0/21 *[Static/5] 00:13:31
Reject
172.16.16.0/21 *[BGP/170] 02:04:33, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.24.0/25 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.24.128/25 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.25.0/26 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.25.64/26 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.32.0/21 *[BGP/170] 22:46:49, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.6 via fe-1/2/3.0
[BGP/170] 22:41:43, localpref 100
AS path: 64515 64510 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.40.0/22 *[BGP/170] 22:46:49, localpref 100
AS path: 64510 64511 I, validation-state: unverified
> to 10.2.0.6 via fe-1/2/3.0
172.16.44.0/23 *[BGP/170] 22:41:43, localpref 100
AS path: 64515 64510 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.0/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.64/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.128/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.192/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
192.168.0.5/32 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
192.168.0.6/32 *[Direct/0] 23:54:29
> via lo0.0Verifying the Routes on Device Exchange-2
Purpose
On Device Exchange-2, check the routes in the routing table.
Action
user@Exchange-2> show route
inet.0: 24 destinations, 26 routes (23 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.20/30 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.0/30 *[Direct/0] 23:54:57
> via fe-1/2/0.0
10.3.0.1/32 *[Local/0] 23:54:57
Local via fe-1/2/0.0
10.3.0.4/30 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.40/30 *[Direct/0] 23:54:57
> via fe-1/2/2.0
10.3.0.41/32 *[Local/0] 23:54:57
Local via fe-1/2/2.0
10.3.0.48/30 *[Direct/0] 23:54:57
> via fe-1/2/1.0
[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.49/32 *[Local/0] 23:54:57
Local via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:14:01, localpref 100
AS path: 64514 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.16.0/21 *[Static/5] 02:05:03
Reject
172.16.24.0/25 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.24.128/25 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.25.0/26 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.25.64/26 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.32.0/21 *[BGP/170] 22:42:13, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.2 via fe-1/2/0.0
[BGP/170] 22:47:19, localpref 100
AS path: 64514 64510 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.40.0/22 *[BGP/170] 22:47:19, localpref 100
AS path: 64514 64510 64511 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.44.0/23 *[BGP/170] 22:42:13, localpref 100
AS path: 64510 64512 I, validation-state: unverified
> to 10.3.0.2 via fe-1/2/0.0
172.16.44.0/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.64/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.128/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.192/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
192.168.0.5/32 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
192.168.0.7/32 *[Direct/0] 23:54:57
> via lo0.0Meaning
On Device Exchange-2, the default route 0/0 is hidden because the next hop for the route is its own interface to Device Private-Peer-2, from which the route was received. The route is hidden to avoid a loop.
Verifying the Routes on Device Private-Peer-1
Purpose
On Device Private-Peer-1, check the routes in the routing table.
Action
user@Private-Peer-1> show route
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.2.0.0/30 *[Direct/0] 23:58:57
> via fe-1/2/2.0
10.2.0.1/32 *[Local/0] 5d 21:34:22
Local via fe-1/2/2.0
10.3.0.44/30 *[Direct/0] 23:59:02
> via fe-1/2/1.0
10.3.0.46/32 *[Local/0] 1d 03:19:52
Local via fe-1/2/1.0
172.16.32.0/24 *[BGP/170] 22:51:22, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.33.0/24 *[BGP/170] 22:51:22, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.34.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.35.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.36.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.37.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.38.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.39.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
192.168.0.4/32 *[Direct/0] 5d 21:34:22
> via lo0.0Verifying the Routes on Device Private-Peer-2
Purpose
On Device Private-Peer-2, check the routes in the routing table.
Action
user@Private-Peer-2> show route
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Aggregate/130] 1d 02:13:28
> to 10.3.0.49 via fe-1/2/1.0
10.0.0.20/30 *[Direct/0] 1d 00:00:53
> via fe-1/2/0.0
10.0.0.22/32 *[Local/0] 4d 23:51:14
Local via fe-1/2/0.0
10.3.0.4/30 *[Direct/0] 23:59:36
> via fe-1/2/3.0
10.3.0.5/32 *[Local/0] 5d 21:34:57
Local via fe-1/2/3.0
10.3.0.48/30 *[Direct/0] 23:59:35
> via fe-1/2/1.0
10.3.0.50/32 *[Local/0] 1d 03:20:27
Local via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:18:39, localpref 100
AS path: 64515 64514 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.16.0/21 *[BGP/170] 02:09:41, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.24.0/25 *[Static/5] 23:14:04
Reject
172.16.24.128/25 *[Static/5] 23:14:04
Reject
172.16.25.0/26 *[Static/5] 23:14:04
Reject
172.16.25.64/26 *[Static/5] 23:14:04
Reject
172.16.32.0/21 *[BGP/170] 22:46:51, localpref 100
AS path: 64515 64510 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.32.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.33.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.34.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.35.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.36.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.37.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.38.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.39.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.40.0/22 *[BGP/170] 22:51:57, localpref 100
AS path: 64515 64514 64510 64511 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.44.0/23 *[BGP/170] 22:46:51, localpref 100
AS path: 64515 64510 64512 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.44.0/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.64/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.128/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.192/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
192.168.0.5/32 *[Direct/0] 5d 21:34:57
> via lo0.0