> ./junos_pop_generator config_files/pop_demo.in /* Loading config_files/pop_demo.in: 27552 twdx inet.0(172.18.0.1) inet6.0(2001:4830:ff::172.18.0.1) */ /* [edit system] */ host-name dcr02.bos01; domain-name twdx.net; time-zone America/New_York; no-redirects; internet-options { no-path-mtu-discovery; } name-server { 172.18.0.100; } login { message "\n\n Unauthorized Access is Prohibited. For operational problems\n please contact ip-admin@twdx.net or call 1-617-849-7278.\n\n **F I E L D A L E R T**\n\n Do NOT issue the following commands:\n show route resolution detail\n show route resolution extensive\n show route table inet.0 detail\n show route table inet.0 extensive\n show route table inet6.0 detail\n show route table inet6.0 extensive\n show route 0.0.0.0/0 detail\n show route 0.0.0.0/0 extensive\n show route ::/0 detail\n show route ::/0 extensive\n show route all\n\n;;"; class tier0 { idle-timeout 15; permissions [ view view-configuration ]; } class tier1 { idle-timeout 15; permissions [ configure firewall interface network routing snmp system trace view ]; } class tier3 { idle-timeout 0; permissions all; } user rancid { class tier0; authentication { encrypted-password ""; } } user xmlpush { uid 2003; class tier3; authentication { encrypted-password ""; } } } services { ssh { root-login deny; protocol-version v2; } } syslog { user * { any emergency; } host 172.18.0.100 { any notice; authorization info; match "!(.*requires a license.*|.*mld6_input.*|.*LICENSE_EXPIRED.*|.*STL library initialized.*|.*kernel time sync enabled.*)"; source-address 172.18.0.1; } file messages { any notice; authorization info; match "!(.*requires a license.*|.*mld6_input.*|.*LICENSE_EXPIRED.*|.*STL library initialized.*|.*kernel time sync enabled.*|.*sshd.*|.*bgp.*|.*L2ALD_MAC.*|.*UI_OPEN_TIMEOUT.*|.*storm.*)"; } inactive: file interactive-commands { interactive-commands any; } file interfaces { any any; match ifOperStatus; } } ntp { server 172.18.0.100; } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [edit policy-options] */ policy-statement __MP_INCLUDE__direct_proto_routes { apply-flags omit; term default_255 { then next policy; } } policy-statement __MP_INCLUDE__static_proto_routes { apply-flags omit; term blackhole_inet { from { family inet; protocol static; community a-static-null; } then { local-preference 400; next-hop 192.0.2.1; next policy; } } term blackhole_inet6 { from { family inet6; protocol static; community a-static-null; } then { local-preference 400; next-hop 2001:db8::1; next policy; } } term customer_inet { from { family inet; protocol static; community a-customer; } then { local-preference 300; next-hop 172.18.0.1; next policy; } } term customer_inet6 { from { family inet6; protocol static; community a-customer; } then { local-preference 300; next-hop self; next policy; } } term internal_inet { from { family inet; protocol static; community a-internal; } then { local-preference 400; next-hop 172.18.0.1; next policy; } } term internal_inet6 { from { family inet6; protocol static; community a-internal; } then { local-preference 400; next-hop self; next policy; } } term bypass_255 { then next policy; } } policy-statement mp_inet64_default-originate { apply-flags omit; term inet { from { family inet; route-filter 0.0.0.0/0 exact; } then accept; } term inet6 { from { family inet6; route-filter ::/0 exact; } then { next-hop self; accept; } } term done { then reject; } } policy-statement mp_inet64_customers_partial_export { apply-flags omit; term pre_approved_9 { from community a-on-net; then { metric { minimum-igp; } accept; } } term default_255 { then reject; } } policy-statement mp_inet64_customers_full_export { apply-flags omit; term default_255 { then { metric { minimum-igp; } accept; } } } policy-statement mp_inet64_core_local-originate { apply-flags omit; /* 6PE mode: enable */ term 0_pass_discards { from { protocol bgp; community n-ebgp-discard; } then accept; } term 1_nhself_terminal { from { protocol bgp; community a-info_comms; route-type external; } then { next-hop self; accept; } } term bgp_10 { from { protocol bgp; community a-info_comms; } then accept; } term pre_approved_10 { from community a-on-net; then accept; } term default_255 { then reject; } } policy-statement __GENERATE__default_for_ebgp_peer { apply-flags omit; term 1_inet { from { family inet; route-filter 0.0.0.0/0 exact accept; } } term 1.1_inet6 { from { family inet6; route-filter ::/0 exact accept; } } term 2 { then next policy; } } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ policy-statement __LIMITS__inet_prefixlen { apply-flags omit; term 0 { from { protocol bgp; community n-blackhole; } then next policy; } term 1 { from { route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then reject; } term default_255 { then next policy; } } policy-statement inet_border_inbound_1.0_limits { apply-flags omit; inactive: term 1.1_permits { from { route-filter 0.0.0.0/0 exact; } then next policy; } term 2.0_rejects { from { route-filter 0.0.0.0/8 orlonger; route-filter 10.0.0.0/8 orlonger; route-filter 100.64.0.0/10 orlonger; route-filter 127.0.0.0/8 orlonger; route-filter 169.254.0.0/16 orlonger; route-filter 172.16.0.0/12 orlonger; route-filter 192.0.2.0/24 orlonger; route-filter 192.168.0.0/16 orlonger; route-filter 0.0.0.0/0 exact; route-filter 172.18.0.0/16 orlonger; } then reject; } term 8.0_AS_PATH_Filter { from as-path PRIV_ASN; then reject; } term 8.5_PreCond_Filter { from community a-border_comms_remove; then { community delete a-border_comms_remove; next term; } } term 9.0_default { from { route-filter 0.0.0.0/0 upto /24; } then next policy; } term 10.0_flushout { then reject; } } policy-statement j701-27552-cni-inet-in { apply-flags omit; term 1_PreCond { from community a-info_comms; then { community delete a-info_comms; next term; } } term 5 { from { route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then { community add a-no-export; next term; } } term 9 { from community n-blackhole; then { next-hop 192.0.2.1; next term; } } term 10 { from community n-lp-50; then { local-preference 50; community add set-customer; accept; } } term 11 { from community n-lp-100; then { local-preference 100; community add set-customer; accept; } } term 12 { from community n-lp-150; then { local-preference 150; community add set-customer; accept; } } term 13 { from community n-lp-200; then { local-preference 200; community add set-customer; accept; } } term 14 { from community n-lp-250; then { local-preference 250; community add set-customer; accept; } } term 20 { then { local-preference 300; community add set-customer; accept; } } } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [ edit policy-options ] */ policy-statement __LIMITS__inet6_prefixlen { apply-flags omit; term 0 { from { protocol bgp; community n-blackhole; } then next policy; } term 1 { from { family inet6; route-filter ::/0 prefix-length-range /65-/128; } then reject; } term default_255 { then next policy; } } policy-statement inet6_border_inbound_1.0_limits { apply-flags omit; inactive: term 1.1_permits { from { family inet6; route-filter ::/0 exact; } then next policy; } term 2.0_rejects { from { family inet6; route-filter 2001:db8::/32 orlonger; route-filter 3ffe::/16 orlonger; route-filter fe80::/16 orlonger; route-filter fc00::/16 orlonger; route-filter ::/0 exact; route-filter 2001:db8:500::/40 orlonger; } then reject; } term 8.0_AS_PATH_Filter { from as-path PRIV_ASN; then reject; } term 8.5_PreCond_Filter { from community a-border_comms_remove; then { community delete a-border_comms_remove; next term; } } term 9.0_default { from { family inet6; route-filter ::/0 upto /48; } then next policy; } term 10.0_flushout { then reject; } } policy-statement j701-27552-cni-inet6-in { apply-flags omit; term 1_PreCond { from community a-info_comms; then { community delete a-info_comms; next term; } } term 5 { from { route-filter ::/0 prefix-length-range /49-/128; } then { community add a-no-export; next term; } } term 9 { from community n-blackhole; then { next-hop 2001:db8::1; next term; } } term 10 { from community n-lp-50; then { local-preference 50; community add set-customer; accept; } } term 11 { from community n-lp-100; then { local-preference 100; community add set-customer; accept; } } term 12 { from community n-lp-150; then { local-preference 150; community add set-customer; accept; } } term 13 { from community n-lp-200; then { local-preference 200; community add set-customer; accept; } } term 14 { from community n-lp-250; then { local-preference 250; community add set-customer; accept; } } term 20 { then { local-preference 300; community add set-customer; accept; } } } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [ edit policy-options ] */ policy-statement no { apply-flags omit; term 1 { then reject; } } policy-statement __LIMITS__all_martians { apply-flags omit; term inet { from { family inet; route-filter 10.0.0.0/8 orlonger; route-filter 100.64.0.0/10 orlonger; route-filter 172.16.0.0/12 orlonger; route-filter 192.168.0.0/16 orlonger; } then reject; } term inet6 { from { family inet6; route-filter fe80::/10 orlonger; route-filter 3ffe::/16 orlonger; route-filter fc00::/7 orlonger; } then reject; } term default_255 { then next policy; } } policy-statement __PREFILTER__Customer701_Export_Policy { apply-flags omit; term 0_reject_no_comms { from community a-invalid; then reject; } term 1_proto_inet_filter { from { family inet; route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then reject; } term 1_proto_inet6_filter { from { family inet6; route-filter ::/0 prefix-length-range /49-/128; } then reject; } term 2_terminate_search_on_continue { from community n-27552-continue; then { metric { minimum-igp; } community delete a-invalid; next policy; } } term 2.1_no-export { from community n-27552-no-export; then reject; } term 10_prepend-1 { from community n-27552-prepend-1; then { metric { minimum-igp; } community delete a-invalid; as-path-prepend 27552; next policy; } } term 10_prepend-2 { from community n-27552-prepend-2; then { metric { minimum-igp; } community delete a-invalid; as-path-prepend "27552 27552"; next policy; } } term 10_prepend-3 { from community n-27552-prepend-3; then { metric { minimum-igp; } community delete a-invalid; as-path-prepend "27552 27552 27552"; next policy; } } term 255_Default { then next policy; } } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [ edit policy-options ] */ community IETF_no-export members no-export; community a-info_comms members "^27552:5....$"; community a-border_comms_remove members "^27552:(.*)$"; community a-customer members "^27552:5...4$"; community a-customer-no-export members [ 0:40000 27552:57014 ]; community a-internal members "^27552:5...5$"; community a-internal-no-export members [ 0:40000 27552:57015 ]; community a-no-export members 0:40000; community a-on-net members "^27552:5...[4-5]$"; community a-mp-maintain-nexthop members 27552:64512; community a-invalid { invert-match; members "^27552:5....$"; } community a-off-net { invert-match; members "^27552:5...[4-5]$"; } community a-static-null members [ "^27552:(911|912)$" "^27552:5...[4-5]$" ]; community n-blackhole members 27552:911; community n-ebgp-discard members [ "^27552:911$" "^27552:5...4$" ]; community n-lp-100 members 27552:100; community n-lp-150 members 27552:150; community n-lp-200 members 27552:200; community n-lp-250 members 27552:250; community n-lp-50 members 27552:50; community n-med-reset members 27552:900; community set-customer members 27552:57014; community set-tag_peer members 27552:57012; community set-tag_transit members 27552:57011; community n-27552-no-export members "^(0|27552|64512):4(701|000)0$"; community n-27552-prepend-1 members "^(0|27552|64512):4(701|000)1$"; community n-27552-prepend-2 members "^(0|27552|64512):4(701|000)2$"; community n-27552-prepend-3 members "^(0|27552|64512):4(701|000)3$"; community n-27552-continue members "^(0|27552|64512):4(701|000)5$"; as-path PRIV_ASN ".* (64512-65535) .*"; /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [ edit protocols ] */ bgp { group twdx-backbone_mp64 { type internal; local-address 172.18.0.1; family inet { unicast; } family l2vpn { signaling; } family inet6 { labeled-unicast { explicit-null; } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes mp_inet64_core_local-originate ]; peer-as 27552; tcp-mss 4096; } group twdx-dcr_mp64 { type internal; description "[!] DCRs with Full Table capacity only"; local-address 172.18.0.1; family inet { unicast; } family l2vpn { signaling; } family inet6 { labeled-unicast { explicit-null; } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes mp_inet64_core_local-originate ]; cluster 172.18.0.1; peer-as 27552; tcp-mss 4096; } group inet-customers-default { type external; accept-remote-nexthop; keep none; import j701-27552-cni-inet-in; family inet { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export mp_inet64_default-originate; } group inet-customers-full { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet-in; family inet { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __PREFILTER__Customer701_Export_Policy mp_inet64_customers_full_export ]; } group inet-customers-full-w-default { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet-in; family inet { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __GENERATE__default_for_ebgp_peer __PREFILTER__Customer701_Export_Policy mp_inet64_customers_full_export ]; } group inet-customers-partial { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet-in; family inet { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __PREFILTER__Customer701_Export_Policy mp_inet64_customers_partial_export ]; } group inet-customers-partial-w-default { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet-in; family inet { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __GENERATE__default_for_ebgp_peer __PREFILTER__Customer701_Export_Policy mp_inet64_customers_partial_export ]; } group inet6-customers-default { type external; accept-remote-nexthop; keep none; import j701-27552-cni-inet6-in; family inet6 { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export mp_inet64_default-originate; } group inet6-customers-full { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet6-in; family inet6 { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __PREFILTER__Customer701_Export_Policy mp_inet64_customers_full_export ]; } group inet6-customers-full-w-default { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet6-in; family inet6 { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __GENERATE__default_for_ebgp_peer __PREFILTER__Customer701_Export_Policy mp_inet64_customers_full_export ]; } group inet6-customers-partial { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet6-in; family inet6 { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __PREFILTER__Customer701_Export_Policy mp_inet64_customers_partial_export ]; } group inet6-customers-partial-w-default { type external; accept-remote-nexthop; keep none; remove-private; import j701-27552-cni-inet6-in; family inet6 { unicast { prefix-limit { maximum 600; teardown 90 idle-timeout 5; } } } export [ __MP_INCLUDE__direct_proto_routes __MP_INCLUDE__static_proto_routes __GENERATE__default_for_ebgp_peer __PREFILTER__Customer701_Export_Policy mp_inet64_customers_partial_export ]; } } /* Press Enter when ready to continue. * [ ^C to break ] >> * [CTN-FWD] */ /* [ edit routing-options ] */ rib inet6.0 { static { route 2001:db8::/32 discard; route fc00::/16 discard; route ::/0 { discard; preference 254; } } } static { route 0.0.0.0/0 { discard; preference 254; } route 192.0.2.0/24 discard; route 0.0.0.0/8 discard; route 10.0.0.0/8 discard; route 100.64.0.0/10 discard; route 127.0.0.0/8 discard; route 169.254.0.0/16 discard; route 172.16.0.0/12 discard; route 192.168.0.0/16 discard; } router-id 172.18.0.1; autonomous-system 27552; /* Execution completed. */ >