version 7.1R2.2; groups { re0 { system { host-name fhr1.lo6-re0; } interfaces { fxp0 { disable; unit 0 { family inet; } } } } re1 { system { host-name fhr1.lo6-re1; } interfaces { fxp0 { disable; unit 0 { family inet; } } } } } apply-groups [ re0 re1 ]; system { domain-name savvis.net; time-zone America/New_York; default-address-selection; dump-on-panic; authentication-order radius; name-server { 204.71.36.9; 204.70.127.127; } radius-server { 167.215.232.32 { secret "$9$F4r/36CAp0hSe69IcylW8"; timeout 5; retry 1; } 216.90.89.135 { secret "$9$f5Q3n/CBIcQFu1Rhle"; timeout 5; retry 1; } } login { class all { idle-timeout 15; permissions all; } class read-access { idle-timeout 15; permissions [ interface network routing snmp system trace view firewall ]; deny-commands "set|request|test|file|clear"; } class scc { idle-timeout 15; permissions [ clear configure interface interface-control network reset routing routing-control snmp system trace view firewall rollback view-configuration ]; allow-configuration interfaces; } class scc_access { idle-timeout 15; permissions [ configure interface network routing snmp system trace view ]; } user FULL { uid 3004; class all; } user READ { uid 2000; class read-access; } user SCC { uid 4000; class scc; } user autojuco { uid 2017; class all; authentication { ssh-rsa "1024 35 117368654974780910785804472328190496433755973300803053423299024175036242435747627812505529688000436949785484981772284116245736038093657503993364805140242824490573695257301456102356172165176328625890867569328219292100315044847195987067474021662846314660195892724192964475644563644853660336695620996491872426299 autojuco- 8/25/2004"; ssh-rsa "1024 35 117368654974780910785804472328190496433755973300803053423299024175036242435747627812505529688000436949785484981772284116245736038093657503993364805140242824490573695257301456102356172165176328625890867569328219292100315044847195987067474021662846314660195892724192964475644563644853660336695620996491872426299 autojuco - 8/25/2004"; } } } static-host-mapping { fhr1.lo6 sysid 02aa.ce18.ac40; fhr2.lo6 sysid 02aa.ce18.ac60; } services { ssh { connection-limit 16; rate-limit 10; } } syslog { user * { any emergency; } host 204.71.36.44 { any notice; authorization info; daemon info; kernel info; interactive-commands any; } host 204.71.36.45 { any notice; authorization info; daemon info; kernel info; interactive-commands any; } host 204.70.133.240 { any notice; authorization info; daemon info; kernel info; interactive-commands any; } host 212.124.244.48 { any notice; authorization any; cron any; daemon any; kernel any; user any; firewall any; } host 216.90.89.68 { any notice; authorization info; daemon info; kernel info; interactive-commands any; } file messages { any notice; authorization info; daemon info; kernel info; } file ACL10-firewall { firewall any; } file cli_logs { interactive-commands any; } } processes { snmp enable; } ntp { server 204.70.128.1; server 204.70.57.242; } } chassis { no-source-route; dump-on-panic; redundancy { routing-engine 0 backup; routing-engine 1 master; } aggregated-devices { sonet { device-count 1; } } } interfaces { ge-0/0/0 { description "G/E DataCenter trunk to uklond6-001.exalp-e:3.3"; vlan-tagging; link-mode full-duplex; gigether-options { flow-control; } unit 3 { description "Mgt LAN - uklond6-001.exalp-a:8.7"; vlan-id 3; family inet { accounting { destination-class-usage; } address 10.49.235.4/26; } } unit 8 { description "Public LAN to uklond6_001.exalp-e:8.1"; vlan-id 8; family inet { accounting { destination-class-usage; } address 213.174.192.177/29; } } unit 27 { description "Internet Transit VLAN to Inkra"; vlan-id 27; family inet { accounting { destination-class-usage; } filter { output deny-non-routable; } address 213.174.206.3/23 { vrrp-group 254 { virtual-address 213.174.206.1; priority 254; } vrrp-group 255 { virtual-address 213.174.206.2; priority 100; } } } } unit 901 { description "VPN Public Interface"; vlan-id 901; family inet { accounting { destination-class-usage; } filter { output ACL109; } address 213.174.194.2/26 { vrrp-group 109 { virtual-address 213.174.194.1; priority 101; } } } } unit 912 { description "The Carlyle Group s254723 bgp1"; vlan-id 912; family inet { accounting { destination-class-usage; } address 165.193.172.73/30; } } unit 961 { description "Zynap Pro Co-Lo"; vlan-id 961; family inet { accounting { destination-class-usage; } filter { input IDS-ZYNAPCOLO-TO-NET-ANTI-SPOOF; output NET-TO-IDS-ZYNAPCOLO-ANTI-SPOOF; } address 213.174.199.210/29 { vrrp-group 161 { virtual-address 213.174.199.209; priority 251; } } } } unit 969 { description "B&Q Co-Lo"; vlan-id 969; family inet { accounting { destination-class-usage; } filter { input IDS-BANDQCOLO-TO-NET-ANTI-SPOOF; } address 10.83.54.162/29 { vrrp-group 169 { virtual-address 10.83.54.161; priority 251; } } } } unit 972 { description "iNext Co-Lo"; vlan-id 972; family inet { accounting { destination-class-usage; } filter { input IDS-INEXTCOLO-TO-NET-ANTI-SPOOF; output NET-TO-IDS-INEXTCOLO-ANTI-SPOOF; } address 213.174.199.114/29 { vrrp-group 72 { virtual-address 213.174.199.113; priority 101; } } } } unit 978 { description "Inchcape Co-Lo First POD"; vlan-id 978; family inet { accounting { destination-class-usage; } filter { input IDS-INCHCAPECOLO-TO-NET-ANTI-SPOOF; output NET-TO-IDS-INCHCAPECOLO-ANTI-SPOOF; } address 213.174.203.2/26 { vrrp-group 72 { virtual-address 213.174.203.1; priority 101; } } } } } at-0/1/0 { description "Future OC12 ATM for customer access via 550 - test rancid"; disable; clocking internal; encapsulation atm-pvc; sonet-options { payload-scrambler; } atm-options { vpi 1 { maximum-vcs 512; } vpi 2 { maximum-vcs 512; } } } so-0/3/0 { description "OC12 to SCR2.Lond6:so-0/3/0 part1 of as0"; sonet-options { rfc-2615; aggregate as0; } } at-1/1/0 { description "OC12 atm to 550 uklond6.ag:3.9"; mtu 4482; clocking internal; encapsulation atm-pvc; sonet-options { payload-scrambler; } atm-options { vpi 1 { maximum-vcs 256; } vpi 2 { maximum-vcs 256; } vpi 8 { maximum-vcs 1024; } } unit 105 { description "Test Hybrid - VLAN822"; encapsulation atm-snap; vci 1.105; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.65/30; } } unit 106 { description "Fish4 Production - VLAN823"; encapsulation atm-snap; vci 1.106; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.81/30; } } unit 107 { description "Axon Production - VLAN872"; encapsulation atm-snap; vci 1.107; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.33/30; } } unit 108 { description "Medtronic - VLAN893"; encapsulation atm-snap; vci 1.108; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.93/30; } } unit 109 { description "Screwfix Production - VLAN879"; encapsulation atm-snap; vci 1.109; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.161/30; } } unit 110 { description "Screwfix DR - VLAN332"; encapsulation atm-snap; vci 1.110; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.169/30; } } unit 111 { description "Easybroker Production - VLAN869"; encapsulation atm-snap; vci 1.111; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.177/30; } } unit 112 { description "Easybroker Test - VLAN868"; encapsulation atm-snap; vci 1.112; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.201/30; } } unit 113 { description "LME_WEB - VLAN864"; encapsulation atm-snap; vci 1.113; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.89/30; } } unit 114 { description "LME_CORP - VLAN866"; encapsulation atm-snap; vci 1.114; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.213/30; } } unit 115 { description "LMUK Production - VLAN877"; encapsulation atm-snap; vci 1.115; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.217/30; } } unit 116 { description "LMUK Development - VLAN333"; encapsulation atm-snap; vci 1.116; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.233/30; } } unit 117 { description "Reception Room - VLAN990"; encapsulation atm-snap; vci 1.117; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.189/30; } } unit 118 { description "Gaming Boarse Production - VLAN853"; encapsulation atm-snap; vci 1.118; oam-period 3; oam-liveness { up-count 3; down-count 3; } family inet { accounting { destination-class-usage; } mtu 1500; address 213.174.193.129/30; } } unit 710 { description "DRAIN for uklond6_01.bsn-a:cntx04"; encapsulation atm-snap; point-to-point; vci 8.710; family inet { accounting { destination-class-usage; } mtu 4470; filter { input uklond6_01_cntx04_ingress; output uklond6_01_cntx04_egress; } address 206.24.172.81/30; } } unit 711 { description "DRAIN for uklond6_01.bsn-a:cntx11"; encapsulation atm-snap; point-to-point; vci 8.711; family inet { accounting { destination-class-usage; } mtu 4470; address 206.24.172.129/30; } } unit 713 { description "DRAIN for uklond6_01.bsn-a:cntx13"; encapsulation atm-snap; point-to-point; vci 8.713; family inet { accounting { destination-class-usage; } mtu 4470; address 206.24.172.133/30; } } unit 714 { description "DRAIN for uklond6_01.bsn-a:cntx14"; encapsulation atm-snap; point-to-point; vci 8.714; family inet { accounting { destination-class-usage; } mtu 4470; address 206.24.172.137/30; } } unit 920 { description "fhr1.lo6 to kar1.nyr at-0/3/0.920"; encapsulation atm-snap; point-to-point; vci 8.920; family inet { address 204.70.145.2/30; } } unit 930 { description "fhr1.lo6 to kar2.nyr at-0/3/0.930"; encapsulation atm-snap; point-to-point; vci 8.930; family inet { address 204.70.148.6/30; } } unit 940 { description "To dcr1.frx at-2/0/0.940"; encapsulation atm-snap; point-to-point; vci 8.940; family inet { address 204.70.192.229/30; } } unit 950 { description "fhr1.lo6 to acr2.frx at-2/0/0.950"; encapsulation atm-snap; point-to-point; vci 8.950; family inet { address 204.70.192.233/30; } family iso; family mpls; } unit 960 { description "fhr1.lo6 to bcr1.lnx at-3/1/0:960"; encapsulation atm-snap; point-to-point; vci 8.960; family inet { address 206.24.172.69/30; } family iso; family mpls; } unit 970 { description "fhr1.lo6 to bcr2.lnx at-3/1/0:970"; encapsulation atm-snap; point-to-point; vci 8.970; family inet { address 206.24.172.73/30; } family iso; family mpls; } } so-1/3/0 { description "OC12 to SCR2.Lond6:so-1/3/0 part2 of as0"; sonet-options { rfc-2615; aggregate as0; } } as0 { description "Bonded OC12 to SCR2.Lond6:as0"; aggregated-sonet-options { link-speed oc12; } unit 0 { family inet { address 206.24.172.77/30; } family iso; family mpls; } } dsc { unit 0 { family inet { address 206.24.194.50/32 { destination 206.24.194.51; } } } } lo0 { unit 0 { family inet { primary; filter { input ACL10; } address 206.24.172.64/32 { primary; preferred; } address 208.174.15.156/32; } family iso { address 47.0005.80ff.e200.000a.0000.3200.02aa.ce18.ac40.00; } } } } snmp { description for-snmp; community marzbar { authorization read-only; clients { 209.83.194.0/24; } } community mvJuwJIkTJcPel2z { authorization read-only; } } accounting-options { file ddos2 { files 10; } file ddos3 { files 10; } class-usage-profile ddos2 { file ddos2; interval 1; destination-classes { dos-victim2; } } class-usage-profile ddos3 { file ddos3; interval 1; destination-classes { dos-victim3; } } } routing-options { interface-routes { rib-group inet ifrg; } static { route 213.174.195.80/28 { qualified-next-hop at-1/1/0.108 { preference 230; } } route 213.174.196.128/28 { qualified-next-hop at-1/1/0.110 { preference 230; } } route 213.174.196.192/28 { qualified-next-hop at-1/1/0.105 { preference 230; } } route 213.174.197.208/28 { qualified-next-hop at-1/1/0.112 { preference 230; } } route 213.174.200.96/28 { qualified-next-hop at-1/1/0.117 { preference 230; } } route 213.174.201.0/28 { qualified-next-hop at-1/1/0.113 { preference 230; } } route 213.174.201.32/32 { qualified-next-hop at-1/1/0.114 { preference 230; } } route 213.174.201.64/32 { qualified-next-hop at-1/1/0.107 { preference 230; } } route 213.174.192.0/25 next-hop 213.174.206.233; route 213.174.192.208/29 next-hop 213.174.206.9; route 213.174.192.216/29 next-hop 213.174.206.9; route 213.174.193.0/28 next-hop 213.174.207.105; route 213.174.195.0/26 next-hop 213.174.206.25; route 213.174.195.112/28 next-hop 213.174.206.249; route 213.174.195.128/28 next-hop 213.174.206.113; route 213.174.195.176/28 next-hop 213.174.206.97; route 213.174.195.224/28 next-hop 213.174.206.81; route 213.174.196.0/28 next-hop 213.174.206.169; route 213.174.196.16/28 next-hop 213.174.206.105; route 213.174.196.32/28 next-hop 213.174.206.241; route 213.174.196.64/28 next-hop 213.174.206.121; route 213.174.196.160/28 next-hop 213.174.206.241; route 213.174.196.176/28 next-hop 213.174.207.49; route 213.174.196.224/29 next-hop 213.174.206.137; route 213.174.196.240/28 next-hop 213.174.207.113; route 213.174.198.0/27 next-hop 213.174.207.57; route 213.174.198.32/27 next-hop 213.174.207.73; route 213.174.198.64/27 next-hop 213.174.207.89; route 213.174.198.192/29 next-hop 213.174.206.185; route 213.174.198.208/28 next-hop 213.174.206.65; route 213.174.198.240/29 next-hop 213.174.207.1; route 213.174.199.0/27 next-hop 213.174.206.211; route 213.174.199.64/27 next-hop 213.174.207.17; route 213.174.199.96/28 next-hop 213.174.206.201; route 213.174.199.128/29 next-hop 213.174.206.33; route 213.174.199.144/29 next-hop 213.174.206.177; route 213.174.199.160/27 next-hop 213.174.206.161; route 213.174.200.0/28 next-hop 213.174.206.145; route 213.174.200.80/28 next-hop 213.174.206.17; route 213.174.200.128/29 next-hop 213.174.206.217; route 213.174.200.144/28 next-hop 213.174.207.33; route 213.174.200.192/27 next-hop 213.174.207.9; route 213.174.201.96/28 next-hop 213.174.207.129; route 213.174.201.128/25 next-hop 213.174.206.233; route 213.174.202.160/27 next-hop 213.174.206.241; route 213.174.205.0/24 next-hop 213.174.207.41; route 213.174.207.116/32 next-hop 213.174.207.113; route 213.174.198.128/27 next-hop 213.174.199.118; route 213.174.199.224/27 next-hop 213.174.199.118; route 213.174.195.64/29 next-hop 10.83.54.166; route 213.174.202.128/27 next-hop 10.83.54.166; route 213.174.197.176/28 next-hop at-1/1/0.111; route 213.174.200.32/28 next-hop at-1/1/0.109; route 213.174.202.0/25 next-hop at-1/1/0.106; route 213.174.196.96/28 next-hop 213.174.207.137; route 213.174.195.72/29 next-hop 213.174.206.73; route 213.174.192.144/28 next-hop 213.174.207.81; route 213.174.200.224/28 next-hop 213.174.207.153; route 213.174.203.192/28 next-hop 213.174.207.178; route 213.174.202.192/27 { qualified-next-hop at-1/1/0.115 { preference 230; } } route 213.174.202.224/28 { qualified-next-hop at-1/1/0.115 { preference 230; } } route 213.174.197.128/27 { qualified-next-hop at-1/1/0.115 { preference 230; } } route 213.174.198.160/28 next-hop 213.174.207.161; route 213.174.203.224/27 next-hop 213.174.207.185; route 213.174.198.184/29 next-hop 213.174.207.169; route 213.174.203.160/28 next-hop 213.174.207.201; route 213.174.203.144/29 next-hop 213.174.207.209; route 213.174.196.232/29 next-hop 213.174.207.193; route 213.174.197.224/28 next-hop 213.174.207.217; route 213.174.192.128/29 next-hop 213.174.207.225; route 213.174.203.208/29 next-hop 213.174.207.233; route 213.174.197.240/28 next-hop 213.174.207.249; route 213.174.203.216/29 next-hop 213.174.207.241; route 213.174.196.112/28 next-hop 213.174.206.13; route 213.174.198.176/29 next-hop 213.174.206.21; route 213.174.198.251/32 next-hop 213.174.206.53; route 213.174.197.0/25 next-hop 213.174.206.69; route 212.117.224.192/26 next-hop 213.174.206.61; route 213.174.198.250/32 next-hop 213.174.206.37; route 213.174.198.252/32 next-hop 213.174.206.77; route 213.174.198.253/32 next-hop 213.174.206.109; route 212.124.227.48/28 next-hop 213.174.206.93; route 82.118.66.0/24 next-hop 213.174.206.125; route 82.118.67.0/24 next-hop 213.174.206.133; route 82.118.65.112/28 next-hop 213.174.206.141; route 213.174.199.48/29 next-hop 213.174.207.65; route 82.118.65.192/26 next-hop 213.174.206.173; route 82.118.71.0/27 next-hop 213.174.206.117; route 82.118.95.96/27 next-hop 213.174.206.149; route 213.174.201.112/28 next-hop 213.174.207.145; route 212.124.251.176/28 next-hop 213.174.206.165; route 213.174.200.16/28 next-hop 213.174.206.45; route 212.124.226.88/29 next-hop 213.174.206.157; route 82.118.71.64/26 next-hop 213.174.206.157; route 213.174.198.192/28 next-hop 213.174.206.185; route 206.24.172.144/28 next-hop 213.174.206.9; route 82.118.70.0/24 next-hop 213.174.206.181; route 212.124.251.160/28 next-hop at-1/1/0.108; route 82.118.65.96/29 next-hop 213.174.206.181; route 212.124.252.112/28 next-hop 213.174.206.101; route 206.24.172.192/26 next-hop 213.174.207.9; route 212.124.253.32/28 next-hop 213.174.206.189; route 212.124.227.160/27 next-hop 213.174.206.197; route 212.124.239.192/27 next-hop 213.174.207.217; route 212.117.224.112/28 next-hop 213.174.206.205; route 212.124.240.0/28 next-hop 213.174.206.213; route 216.219.74.0/23 next-hop 213.174.206.221; route 0.0.0.0/0 { discard; no-install; } route 212.124.240.176/28 next-hop 213.174.206.229; route 212.124.236.32/29 next-hop 213.174.206.237; route 212.124.224.64/28 next-hop 213.174.206.197; route 212.124.241.208/28 next-hop 213.174.206.245; route 213.174.193.128/27 next-hop at-1/1/0.109; route 212.124.241.240/28 next-hop 213.174.207.5; route 213.174.192.0/19 reject; } rib-groups { mcrg { export-rib inet.2; import-rib inet.2; } ifrg { import-rib [ inet.0 inet.2 ]; } mcast-rpf-rib { import-rib inet.2; } ios-isis-routes { import-rib [ inet.0 inet.2 ]; import-policy isis-tag; } static-rg { import-rib [ inet.0 inet.2 ]; import-policy deny-default; } } router-id 206.24.172.64; autonomous-system 3561; forwarding-table { export [ per-flow-load-balancing ddostracking2 ddostracking3 ]; } } protocols { rsvp { traceoptions { file rsvp-log size 1m files 10; flag error; flag state; } interface all; } mpls { statistics { file mpls-stat; interval 160; } log-updown { syslog; trap; } traceoptions { file mpls-log size 1m files 10; flag state; flag error; } interface all; } bgp { traceoptions { file bgp size 1m files 5; flag state send receive detail; flag open send receive detail; } hold-time 180; log-updown; damping; group internal { type internal; family inet { unicast; multicast; } authentication-key "$9$nOLcCpOEcyv8xSysgoaUD3n/90B"; export [ next-hop-self announce-local ]; peer-as 3561; neighbor 206.24.168.27 { description bcr1.lnx; } neighbor 206.24.168.28 { description bcr2.lnx; } neighbor 206.24.168.1 { description dar1.lnx; } neighbor 206.24.168.2 { description iar1.lnx; } neighbor 206.24.172.96 { description fhr2.lo6; export [ next-hop-self announce-local redistribute-direct ]; } neighbor 204.70.145.1 { description kar1.nyr:at-0/3/0.920; local-address 204.70.145.2; } neighbor 204.70.148.5 { description kar2.nyr:at-0/3/0.930; local-address 204.70.148.6; } } group AS65530 { type external; description "The Carlyle Group"; multihop { ttl 1; } import [ AS65530-DDoS cisco-damping filter-multihomed-customer color-external-neighbor set-customer-private-ASN-local-pref AS65530 ]; export [ default-originate deny-all ]; remove-private; peer-as 65530; neighbor 165.193.172.74; } group shasta { type external; description "multiple context on Nortel Shasta"; import [ color-external-neighbor set-comm-shasta prefix-shasta ]; authentication-key "$9$cVvSrv2gJHqfgo39puEhVwYg4ZjHmP5F"; export [ default-originate deny-all ]; remove-private; neighbor 206.24.172.82 { description uklond1_01.bsn-a:cntx04; peer-as 65090; } neighbor 206.24.172.130 { description uklond1_01.bsn-a:cntx11; peer-as 65091; } neighbor 206.24.172.134 { description uklond1_01.bsn-a:cntx13; peer-as 65093; } neighbor 206.24.172.138 { description uklond1_01.bsn-a:cntx14; peer-as 65094; } } } isis { traceoptions { file log-adjacency-changes size 1m files 10; flag error; flag normal; flag state; } lsp-lifetime 65535; multicast-topology; level 1 wide-metrics-only; level 2 wide-metrics-only; interface at-1/1/0.950 { lsp-interval 50; level 2 { metric 35; hello-interval 10; hold-time 60; } level 1 disable; } interface at-1/1/0.960 { lsp-interval 50; level 2 { metric 10; hello-interval 10; hold-time 60; } level 1 disable; } interface at-1/1/0.970 { lsp-interval 50; level 2 { metric 10; hello-interval 10; hold-time 60; } level 1 disable; } interface as0.0 { lsp-interval 50; level 2 { metric 2; hello-interval 10; hold-time 60; } level 1 { metric 2; hello-interval 10; hold-time 60; } } interface lo0.0 { lsp-interval 50; passive; level 2 disable; } } ldp { traceoptions { file ldp-log size 1m files 10; flag error; flag state; } track-igp-metric; import block-general-ldp-routes; egress-policy export-sec-loopback; transport-address 208.174.15.156; interface at-1/1/0.950; interface at-1/1/0.960; interface at-1/1/0.970; interface as0.0; interface lo0.0; } pim { traceoptions { file pim size 8m files 2; flag general; } rib-group inet mcrg; rp { static { address 206.24.194.40; } } interface lo0.0 { mode sparse; version 2; } interface at-1/1/0.960 { mode sparse; version 2; } interface at-1/1/0.970 { mode sparse; version 2; } } } policy-options { prefix-list snmp-list { 64.14.144.153/32; 64.14.144.154/32; 64.14.144.155/32; 64.14.144.156/32; 64.14.144.157/32; 64.14.144.158/32; 64.41.189.214/32; 64.41.251.174/32; 64.242.52.23/32; 167.215.232.0/24; 204.70.128.30/32; 204.70.128.31/32; 204.70.128.81/32; 204.70.128.202/32; 204.70.133.240/32; 204.70.133.243/32; 204.70.133.244/32; 204.71.36.18/32; 204.71.36.39/32; 204.71.36.225/32; 204.71.40.160/32; 206.24.168.45/32; 206.24.209.15/32; 206.24.224.24/32; 206.24.224.25/32; 208.172.0.23/32; 208.172.0.25/32; 208.172.33.25/32; 208.172.64.23/32; 208.172.80.23/32; 208.172.128.23/32; 208.172.160.23/32; 208.172.225.6/32; 208.174.48.45/32; 208.174.56.45/32; 208.175.109.17/32; 208.175.168.18/32; 208.175.184.45/32; 209.83.194.12/32; 209.83.194.104/32; 209.83.194.105/32; 209.83.194.106/32; 209.83.194.107/32; 209.83.194.108/32; 209.83.194.109/32; 209.83.194.110/32; 209.83.194.111/32; 209.83.194.112/32; 209.83.194.113/32; 209.83.194.114/32; 209.83.194.115/32; 209.83.194.188/32; 209.83.194.221/32; 209.83.194.222/32; 209.83.194.224/32; 209.83.194.225/32; 209.83.194.226/32; 209.83.194.228/32; 209.83.194.231/32; 209.83.194.251/32; 209.225.10.240/32; 216.33.108.73/32; 216.33.108.75/32; 216.74.153.230/32; 216.177.76.156/32; 216.182.78.36/32; } prefix-list ntp-list { apply-path "system ntp server <*>"; } prefix-list syslog-list { 204.70.133.240/32; 204.71.36.44/32; 204.71.36.45/32; 216.90.89.68/32; } prefix-list ssh-list { 64.41.189.214/32; 167.215.232.85/32; 204.70.3.0/24; 204.70.133.240/32; 204.70.133.243/32; 204.70.133.244/32; 204.71.36.0/23; 204.71.247.104/32; 206.24.168.0/25; 206.24.194.0/25; 206.24.210.0/25; 206.24.226.0/25; 208.172.2.0/25; 208.172.18.0/25; 208.172.34.0/25; 208.172.50.0/25; 208.172.66.0/25; 208.172.82.0/25; 208.172.98.0/25; 208.172.130.0/25; 208.172.146.0/25; 208.172.162.0/25; 208.172.226.0/25; 208.174.2.0/25; 208.174.15.0/24; 208.174.48.0/25; 208.174.56.0/25; 208.175.170.0/25; 208.175.184.0/25; 209.1.40.0/24; 209.1.220.0/24; 209.83.159.0/24; 209.83.194.0/24; 209.225.10.235/32; 212.124.244.44/32; 216.33.108.73/32; 216.35.132.15/32; } prefix-list bgp-list { apply-path "protocols bgp group <*> neighbor <*>"; } prefix-list non-routable-list { 0.0.0.0/7; 2.0.0.0/8; 5.0.0.0/8; 7.0.0.0/8; 10.0.0.0/8; 23.0.0.0/8; 27.0.0.0/8; 31.0.0.0/8; 36.0.0.0/7; 39.0.0.0/8; 42.0.0.0/8; 49.0.0.0/8; 50.0.0.0/8; 77.0.0.0/8; 78.0.0.0/7; 92.0.0.0/6; 96.0.0.0/4; 112.0.0.0/5; 120.0.0.0/8; 127.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 173.0.0.0/8; 174.0.0.0/7; 176.0.0.0/5; 184.0.0.0/6; 192.0.2.0/24; 192.168.0.0/16; 197.0.0.0/8; 198.18.0.0/15; 223.0.0.0/8; 224.0.0.0/3; } prefix-list accept-prot-55 { 24.237.7.155/32; 130.76.118.134/32; 134.205.148.227/32; 192.187.8.122/32; } prefix-list SObigF_prefix { 12.158.102.205/32; 12.232.104.221/32; 24.33.66.38/32; 24.197.143.132/32; 24.202.91.43/32; 24.206.75.137/32; 24.210.182.156/32; 61.38.18.59/32; 63.250.82.87/32; 65.92.80.218/32; 65.92.186.145/32; 65.93.81.59/32; 65.95.193.138/32; 65.177.240.194/32; 66.131.207.81/32; 67.9.241.67/32; 67.73.21.6/32; 68.38.159.161/32; 68.50.20.96/32; 218.147.164.29/32; } prefix-list bad-guys-list { 204.70.0.0/32; } prefix-list ddos-target-list { 204.70.0.0/32; } prefix-list ldp-list { 202.126.0.4/32; 206.24.194.103/32; 206.24.194.104/32; 206.24.226.97/32; 206.24.226.98/32; 208.172.130.101/32; 208.172.130.102/32; 208.172.162.17/32; 208.172.162.18/32; 208.173.155.168/32; 208.174.15.1/32; 208.174.15.2/32; 208.174.15.3/32; 208.174.15.4/32; 208.174.15.5/32; 208.174.15.6/32; 208.174.15.8/32; 208.174.15.9/32; 208.174.15.10/32; 208.174.15.12/32; 208.174.15.13/32; 208.174.15.14/32; 208.174.15.15/32; 208.174.15.16/32; 208.174.15.17/32; 208.174.15.18/32; 208.174.15.19/32; 208.174.15.21/32; 208.174.15.22/32; 208.174.15.23/32; 208.174.15.25/32; 208.174.15.26/32; 208.174.15.31/32; 208.174.15.32/32; 208.174.15.33/32; 208.174.15.34/32; 208.174.15.35/32; 208.174.15.36/32; 208.174.15.37/32; 208.174.15.38/32; 208.174.15.39/32; 208.174.15.40/32; 208.174.15.41/32; 208.174.15.42/32; 208.174.15.43/32; 208.174.15.44/32; 208.174.15.45/32; 208.174.15.46/32; 208.174.15.47/32; 208.174.15.48/32; 208.174.15.50/32; 208.174.15.51/32; 208.174.15.52/32; 208.174.15.53/32; 208.174.15.54/32; 208.174.15.55/32; 208.174.15.56/32; 208.174.15.58/32; 208.174.15.60/32; 208.174.15.61/32; 208.174.15.62/32; 208.174.15.63/32; 208.174.15.64/32; 208.174.15.66/32; 208.174.15.67/32; 208.174.15.68/32; 208.174.15.70/32; 208.174.15.72/32; 208.174.15.73/32; 208.174.15.74/32; 208.174.15.76/32; 208.174.15.80/32; 208.174.15.81/32; 208.174.15.96/32; 208.174.15.97/32; 208.174.15.98/32; 208.174.15.100/32; 208.174.15.101/32; 208.174.15.106/32; 208.174.15.107/32; 208.174.15.108/32; 208.174.15.109/32; 208.174.15.130/32; 208.174.15.131/32; 208.174.15.141/32; 208.174.15.143/32; 208.174.15.144/32; 208.174.15.146/32; 208.174.15.149/32; 208.174.15.156/32; 208.174.15.157/32; 208.174.15.158/32; 208.174.15.159/32; 208.174.15.160/32; 209.83.159.1/32; 209.83.159.3/32; 209.83.159.4/32; 209.83.159.6/32; 209.83.159.7/32; 209.83.159.106/32; 209.83.159.107/32; 209.83.159.115/32; } prefix-list msdp-list { apply-path "protocols msdp group <*> peer <*>"; } prefix-list dns-list { apply-path "system name-server <*>"; } prefix-list pim { apply-path "policy-options policy-statement announce-networks term announce-networks from route-filter <*> "; } prefix-list radius-list { apply-path "system radius-server <*>"; } prefix-list core-list { 204.70.3.0/24; 206.24.168.0/25; 206.24.194.0/25; 206.24.210.0/25; 206.24.226.0/25; 208.172.2.0/25; 208.172.18.0/25; 208.172.34.0/25; 208.172.50.0/25; 208.172.66.0/25; 208.172.82.0/25; 208.172.98.0/25; 208.172.130.0/25; 208.172.146.0/25; 208.172.162.0/25; 208.172.226.0/25; 208.174.2.0/25; 208.174.15.0/24; 208.174.48.0/25; 208.174.56.0/25; 208.175.170.0/25; 208.175.184.0/25; 209.1.40.0/24; 209.1.220.0/24; 209.83.159.0/24; } prefix-list host-list { 63.136.120.0/21; 64.41.189.214/32; 167.215.232.0/24; 167.215.232.85/32; 204.70.133.240/32; 204.70.133.243/32; 204.70.133.244/32; 204.71.36.0/23; 204.71.39.13/32; 204.71.247.104/32; 206.24.172.144/32; 209.83.194.0/24; 209.225.10.235/32; 212.124.244.44/32; 216.33.108.73/32; 216.35.132.15/32; } policy-statement next-hop-self { from color 135; then { next-hop self; } } policy-statement color-external-neighbor { then { color 135; } } policy-statement filter-resrv-swamp-prefix { term step1 { from { route-filter 0.0.0.0/7 orlonger reject; route-filter 2.0.0.0/8 orlonger reject; route-filter 5.0.0.0/8 orlonger reject; route-filter 7.0.0.0/8 orlonger reject; route-filter 10.0.0.0/8 orlonger reject; route-filter 23.0.0.0/8 orlonger reject; route-filter 27.0.0.0/8 orlonger reject; route-filter 31.0.0.0/8 orlonger reject; route-filter 36.0.0.0/7 orlonger reject; route-filter 39.0.0.0/8 orlonger reject; route-filter 42.0.0.0/8 orlonger reject; route-filter 49.0.0.0/8 orlonger reject; route-filter 50.0.0.0/8 orlonger reject; route-filter 77.0.0.0/8 orlonger reject; route-filter 78.0.0.0/7 orlonger reject; route-filter 92.0.0.0/6 orlonger reject; route-filter 96.0.0.0/4 orlonger reject; route-filter 112.0.0.0/5 orlonger reject; route-filter 127.0.0.0/8 orlonger reject; route-filter 169.254.0.0/16 orlonger reject; route-filter 172.16.0.0/12 orlonger reject; route-filter 173.0.0.0/8 orlonger reject; route-filter 174.0.0.0/7 orlonger reject; route-filter 176.0.0.0/5 orlonger reject; route-filter 184.0.0.0/6 orlonger reject; route-filter 192.0.2.0/24 orlonger reject; route-filter 192.168.0.0/16 orlonger reject; route-filter 197.0.0.0/8 orlonger reject; route-filter 198.18.0.0/15 orlonger reject; route-filter 223.0.0.0/8 orlonger reject; route-filter 224.0.0.0/3 orlonger reject; route-filter 120.0.0.0/8 orlonger reject; } } term step2 { from { route-filter 0.0.0.0/0 upto /6; } then reject; } term step3 { from { route-filter 0.0.0.0/0 upto /24 next policy; } } term step4 { then reject; } } policy-statement filter-multihomed-customer { from as-path swamp; then reject; } policy-statement cisco-damping { then damping cisco; } policy-statement export-full-routes { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-customer; then { community delete comm-wild; accept; } } term comm-peer { from community comm-peer; then { community delete comm-wild; accept; } } then { community delete comm-wild; next policy; } } policy-statement private-as-filter { from as-path private-as; then reject; } policy-statement filter-specifics { term one { from { route-filter 199.242.24.0/23 exact; route-filter 206.220.224.0/22 exact; route-filter 209.27.56.0/22 exact; route-filter 206.128.220.0/22 exact; route-filter 204.188.128.0/21 exact; route-filter 207.189.88.0/21 exact; route-filter 206.154.56.0/21 exact; route-filter 63.136.120.0/21 exact; route-filter 206.99.112.0/21 exact; route-filter 206.97.16.0/21 exact; route-filter 208.138.160.0/21 exact; route-filter 208.157.152.0/21 exact; route-filter 199.242.16.0/21 exact; route-filter 206.128.208.0/21 exact; route-filter 204.194.8.0/21 exact; route-filter 209.143.192.0/20 exact; route-filter 216.118.192.0/20 exact; route-filter 206.97.0.0/20 exact; route-filter 66.128.224.0/20 exact; route-filter 66.128.64.0/20 exact; route-filter 206.28.160.0/20 exact; route-filter 216.144.64.0/20 exact; route-filter 206.151.32.0/20 exact; route-filter 216.182.160.0/20 exact; route-filter 216.182.64.0/20 exact; route-filter 216.19.160.0/20 exact; route-filter 216.219.64.0/20 exact; route-filter 216.219.96.0/20 exact; route-filter 206.132.32.0/20 exact; route-filter 216.224.96.0/20 exact; route-filter 205.140.160.0/20 exact; route-filter 216.227.224.0/20 exact; route-filter 206.154.32.0/20 exact; route-filter 216.39.32.0/20 exact; route-filter 216.39.96.0/20 exact; route-filter 216.48.64.0/20 exact; route-filter 216.69.224.0/20 exact; route-filter 64.15.192.0/20 exact; route-filter 216.227.192.0/20 exact; route-filter 216.14.160.0/20 exact; route-filter 64.209.128.0/20 exact; route-filter 64.209.192.0/20 exact; route-filter 206.29.128.0/20 exact; route-filter 64.253.192.0/20 exact; route-filter 206.132.144.0/20 exact; route-filter 64.27.160.0/20 exact; route-filter 64.56.192.0/20 exact; route-filter 64.70.96.0/20 exact; route-filter 64.79.160.0/20 exact; route-filter 208.138.0.0/20 exact; route-filter 208.138.176.0/20 exact; route-filter 64.89.32.0/20 exact; route-filter 64.92.160.0/20 exact; route-filter 208.157.128.0/20 exact; route-filter 207.189.64.0/20 exact; route-filter 206.99.96.0/20 exact; route-filter 209.27.32.0/20 exact; route-filter 204.188.144.0/20 exact; route-filter 63.136.96.0/20 exact; route-filter 208.167.208.0/20 exact; route-filter 66.119.32.0/20 exact; route-filter 208.48.208.0/20 exact; route-filter 206.97.32.0/19 exact; route-filter 64.209.224.0/19 exact; route-filter 199.217.64.0/19 exact; route-filter 213.174.192.0/19 exact; route-filter 166.63.128.0/19 exact; route-filter 206.28.128.0/19 exact; route-filter 206.153.64.0/19 exact; route-filter 207.50.160.0/19 exact; route-filter 205.140.128.0/19 exact; route-filter 206.132.0.0/19 exact; route-filter 64.209.160.0/19 exact; route-filter 208.168.192.0/19 exact; route-filter 209.27.0.0/19 exact; route-filter 64.15.224.0/19 exact; route-filter 64.15.160.0/19 exact; route-filter 216.64.192.0/19 exact; route-filter 206.40.64.0/19 exact; route-filter 206.154.0.0/19 exact; route-filter 208.169.96.0/19 exact; route-filter 208.175.192.0/19 exact; route-filter 206.99.64.0/19 exact; route-filter 208.163.0.0/19 exact; route-filter 212.124.224.0/19 exact; route-filter 208.138.128.0/19 exact; route-filter 207.2.64.0/19 exact; route-filter 208.166.0.0/19 exact; route-filter 206.24.160.0/19 exact; route-filter 208.175.160.0/19 exact; route-filter 66.37.192.0/19 exact; route-filter 206.151.0.0/19 exact; route-filter 216.39.64.0/19 exact; route-filter 205.217.192.0/19 exact; route-filter 216.19.128.0/19 exact; route-filter 216.182.192.0/19 exact; route-filter 206.128.224.0/19 exact; route-filter 216.177.64.0/19 exact; route-filter 216.109.64.0/19 exact; route-filter 216.104.224.0/19 exact; route-filter 209.225.64.0/19 exact; route-filter 209.143.224.0/19 exact; route-filter 204.188.160.0/19 exact; route-filter 206.96.96.0/19 exact; route-filter 209.16.192.0/19 exact; route-filter 82.118.64.0/19 exact; route-filter 206.128.0.0/19 exact; route-filter 206.40.128.0/19 exact; route-filter 208.132.64.0/19 exact; route-filter 64.210.160.0/19 exact; route-filter 64.211.224.0/19 exact; route-filter 64.22.128.0/19 exact; route-filter 64.28.64.0/19 exact; route-filter 64.39.32.0/19 exact; route-filter 64.58.64.0/19 exact; route-filter 64.68.64.0/19 exact; route-filter 64.70.64.0/19 exact; route-filter 63.136.64.0/19 exact; route-filter 208.163.64.0/18 exact; route-filter 208.173.128.0/18 exact; route-filter 205.140.192.0/18 exact; route-filter 206.97.64.0/18 exact; route-filter 208.169.0.0/18 exact; route-filter 207.50.192.0/18 exact; route-filter 209.44.0.0/18 exact; route-filter 206.24.192.0/18 exact; route-filter 206.99.0.0/18 exact; route-filter 208.168.128.0/18 exact; route-filter 206.128.128.0/18 exact; route-filter 206.151.64.0/18 exact; route-filter 206.153.0.0/18 exact; route-filter 208.132.0.0/18 exact; route-filter 208.48.64.0/18 exact; route-filter 208.50.128.0/18 exact; route-filter 209.202.128.0/18 exact; route-filter 209.225.0.0/18 exact; route-filter 208.138.192.0/18 exact; route-filter 208.138.64.0/18 exact; route-filter 208.157.192.0/18 exact; route-filter 205.217.128.0/18 exact; route-filter 207.2.0.0/18 exact; route-filter 216.74.128.0/18 exact; route-filter 66.35.192.0/18 exact; route-filter 64.210.192.0/18 exact; route-filter 64.85.64.0/18 exact; route-filter 206.28.192.0/18 exact; route-filter 209.27.64.0/18 exact; route-filter 208.167.128.0/18 exact; route-filter 64.37.192.0/18 exact; route-filter 206.96.0.0/18 exact; route-filter 206.29.192.0/18 exact; route-filter 206.154.64.0/18 exact; route-filter 64.70.0.0/18 exact; route-filter 208.131.192.0/18 exact; route-filter 63.136.0.0/18 exact; route-filter 64.75.0.0/18 exact; route-filter 208.166.64.0/18 exact; route-filter 209.83.128.0/17 exact; route-filter 207.50.0.0/17 exact; route-filter 167.216.128.0/17 exact; route-filter 146.135.0.0/17 exact; route-filter 205.217.0.0/17 exact; route-filter 208.168.0.0/17 exact; route-filter 206.28.0.0/17 exact; route-filter 206.29.0.0/17 exact; route-filter 208.169.128.0/17 exact; route-filter 206.154.128.0/17 exact; route-filter 166.49.0.0/17 exact; route-filter 207.2.128.0/17 exact; route-filter 206.97.128.0/17 exact; route-filter 205.140.0.0/17 exact; route-filter 206.153.128.0/17 exact; route-filter 208.132.128.0/17 exact; route-filter 208.163.128.0/17 exact; route-filter 206.96.128.0/17 exact; route-filter 208.173.0.0/17 exact; route-filter 209.102.0.0/17 exact; route-filter 208.175.0.0/17 exact; route-filter 63.136.128.0/17 exact; route-filter 209.25.0.0/17 exact; route-filter 208.157.0.0/17 exact; route-filter 208.166.128.0/17 exact; route-filter 67.54.0.0/17 exact; route-filter 64.41.128.0/17 exact; route-filter 209.27.128.0/17 exact; route-filter 206.151.128.0/17 exact; route-filter 208.167.0.0/17 exact; route-filter 204.188.0.0/17 exact; route-filter 206.24.0.0/17 exact; route-filter 208.131.0.0/17 exact; route-filter 216.136.128.0/17 exact; route-filter 206.99.128.0/17 exact; route-filter 204.189.0.0/16 exact; route-filter 206.79.0.0/16 exact; route-filter 208.162.0.0/16 exact; route-filter 207.82.0.0/16 exact; route-filter 207.149.0.0/16 exact; route-filter 209.176.0.0/16 exact; route-filter 206.142.0.0/16 exact; route-filter 205.136.0.0/16 exact; route-filter 64.14.0.0/16 exact; route-filter 207.124.0.0/16 exact; route-filter 207.3.0.0/16 exact; route-filter 209.1.0.0/16 exact; route-filter 208.156.0.0/16 exact; route-filter 206.129.0.0/16 exact; route-filter 208.139.0.0/16 exact; route-filter 209.223.0.0/16 exact; route-filter 209.144.0.0/16 exact; route-filter 209.185.0.0/16 exact; route-filter 206.98.0.0/16 exact; route-filter 206.150.0.0/16 exact; route-filter 206.152.0.0/16 exact; route-filter 209.67.0.0/16 exact; route-filter 206.155.0.0/16 exact; route-filter 207.51.0.0/16 exact; route-filter 208.130.0.0/16 exact; route-filter 63.137.0.0/16 exact; route-filter 206.25.0.0/16 exact; route-filter 208.133.0.0/16 exact; route-filter 165.193.0.0/16 exact; route-filter 167.215.0.0/16 exact; route-filter 208.172.0.0/16 exact; route-filter 205.216.0.0/16 exact; route-filter 208.174.0.0/16 exact; route-filter 207.48.0.0/15 exact; route-filter 208.160.0.0/15 exact; route-filter 63.128.0.0/15 exact; route-filter 208.164.0.0/15 exact; route-filter 204.70.0.0/15 exact; route-filter 206.156.0.0/15 exact; route-filter 208.158.0.0/15 exact; route-filter 208.170.0.0/15 exact; route-filter 208.134.0.0/15 exact; route-filter 206.30.0.0/15 exact; route-filter 208.136.0.0/15 exact; route-filter 66.100.0.0/15 exact; route-filter 208.128.0.0/15 exact; route-filter 205.218.0.0/15 exact; route-filter 207.0.0.0/15 exact; route-filter 205.138.0.0/15 exact; route-filter 206.26.0.0/15 exact; route-filter 206.100.0.0/14 exact; route-filter 216.88.0.0/14 exact; route-filter 64.240.0.0/14 exact; route-filter 208.140.0.0/14 exact; route-filter 216.32.0.0/14 exact; route-filter 208.152.0.0/14 exact; route-filter 208.144.0.0/13 exact; } then accept; } term two { from { route-filter 199.242.24.0/23 longer reject; route-filter 206.220.224.0/22 longer reject; route-filter 209.27.56.0/22 longer reject; route-filter 206.128.220.0/22 longer reject; route-filter 204.188.128.0/21 longer reject; route-filter 207.189.88.0/21 longer reject; route-filter 206.154.56.0/21 longer reject; route-filter 63.136.120.0/21 longer reject; route-filter 206.99.112.0/21 longer reject; route-filter 206.97.16.0/21 longer reject; route-filter 208.138.160.0/21 longer reject; route-filter 208.157.152.0/21 longer reject; route-filter 199.242.16.0/21 longer reject; route-filter 206.128.208.0/21 longer reject; route-filter 204.194.8.0/21 longer reject; route-filter 209.143.192.0/20 longer reject; route-filter 216.118.192.0/20 longer reject; route-filter 206.97.0.0/20 longer reject; route-filter 66.128.224.0/20 longer reject; route-filter 66.128.64.0/20 longer reject; route-filter 206.28.160.0/20 longer reject; route-filter 216.144.64.0/20 longer reject; route-filter 206.151.32.0/20 longer reject; route-filter 216.182.160.0/20 longer reject; route-filter 216.182.64.0/20 longer reject; route-filter 216.19.160.0/20 longer reject; route-filter 216.219.64.0/20 longer reject; route-filter 216.219.96.0/20 longer reject; route-filter 206.132.32.0/20 longer reject; route-filter 216.224.96.0/20 longer reject; route-filter 205.140.160.0/20 longer reject; route-filter 216.227.224.0/20 longer reject; route-filter 206.154.32.0/20 longer reject; route-filter 216.39.32.0/20 longer reject; route-filter 216.39.96.0/20 longer reject; route-filter 216.48.64.0/20 longer reject; route-filter 216.69.224.0/20 longer reject; route-filter 64.15.192.0/20 longer reject; route-filter 216.227.192.0/20 longer reject; route-filter 216.14.160.0/20 longer reject; route-filter 64.209.128.0/20 longer reject; route-filter 64.209.192.0/20 longer reject; route-filter 206.29.128.0/20 longer reject; route-filter 64.253.192.0/20 longer reject; route-filter 206.132.144.0/20 longer reject; route-filter 64.27.160.0/20 longer reject; route-filter 64.56.192.0/20 longer reject; route-filter 64.70.96.0/20 longer reject; route-filter 64.79.160.0/20 longer reject; route-filter 208.138.0.0/20 longer reject; route-filter 208.138.176.0/20 longer reject; route-filter 64.89.32.0/20 longer reject; route-filter 64.92.160.0/20 longer reject; route-filter 208.157.128.0/20 longer reject; route-filter 207.189.64.0/20 longer reject; route-filter 206.99.96.0/20 longer reject; route-filter 209.27.32.0/20 longer reject; route-filter 204.188.144.0/20 longer reject; route-filter 63.136.96.0/20 longer reject; route-filter 208.167.208.0/20 longer reject; route-filter 66.119.32.0/20 longer reject; route-filter 208.48.208.0/20 longer reject; route-filter 206.97.32.0/19 longer reject; route-filter 64.209.224.0/19 longer reject; route-filter 199.217.64.0/19 longer reject; route-filter 213.174.192.0/19 longer reject; route-filter 166.63.128.0/19 longer reject; route-filter 206.28.128.0/19 longer reject; route-filter 206.153.64.0/19 longer reject; route-filter 207.50.160.0/19 longer reject; route-filter 205.140.128.0/19 longer reject; route-filter 206.132.0.0/19 longer reject; route-filter 64.209.160.0/19 longer reject; route-filter 208.168.192.0/19 longer reject; route-filter 209.27.0.0/19 longer reject; route-filter 64.15.224.0/19 longer reject; route-filter 64.15.160.0/19 longer reject; route-filter 216.64.192.0/19 longer reject; route-filter 206.40.64.0/19 longer reject; route-filter 206.154.0.0/19 longer reject; route-filter 208.169.96.0/19 longer reject; route-filter 208.175.192.0/19 longer reject; route-filter 206.99.64.0/19 longer reject; route-filter 208.163.0.0/19 longer reject; route-filter 212.124.224.0/19 longer reject; route-filter 208.138.128.0/19 longer reject; route-filter 207.2.64.0/19 longer reject; route-filter 208.166.0.0/19 longer reject; route-filter 206.24.160.0/19 longer reject; route-filter 208.175.160.0/19 longer reject; route-filter 66.37.192.0/19 longer reject; route-filter 206.151.0.0/19 longer reject; route-filter 216.39.64.0/19 longer reject; route-filter 205.217.192.0/19 longer reject; route-filter 216.19.128.0/19 longer reject; route-filter 216.182.192.0/19 longer reject; route-filter 206.128.224.0/19 longer reject; route-filter 216.177.64.0/19 longer reject; route-filter 216.109.64.0/19 longer reject; route-filter 216.104.224.0/19 longer reject; route-filter 209.225.64.0/19 longer reject; route-filter 209.143.224.0/19 longer reject; route-filter 204.188.160.0/19 longer reject; route-filter 206.96.96.0/19 longer reject; route-filter 209.16.192.0/19 longer reject; route-filter 82.118.64.0/19 longer reject; route-filter 206.128.0.0/19 longer reject; route-filter 206.40.128.0/19 longer reject; route-filter 208.132.64.0/19 longer reject; route-filter 64.210.160.0/19 longer reject; route-filter 64.211.224.0/19 longer reject; route-filter 64.22.128.0/19 longer reject; route-filter 64.28.64.0/19 longer reject; route-filter 64.39.32.0/19 longer reject; route-filter 64.58.64.0/19 longer reject; route-filter 64.68.64.0/19 longer reject; route-filter 64.70.64.0/19 longer reject; route-filter 63.136.64.0/19 longer reject; route-filter 208.163.64.0/18 longer reject; route-filter 208.173.128.0/18 longer reject; route-filter 205.140.192.0/18 longer reject; route-filter 206.97.64.0/18 longer reject; route-filter 208.169.0.0/18 longer reject; route-filter 207.50.192.0/18 longer reject; route-filter 209.44.0.0/18 longer reject; route-filter 206.24.192.0/18 longer reject; route-filter 206.99.0.0/18 longer reject; route-filter 208.168.128.0/18 longer reject; route-filter 206.128.128.0/18 longer reject; route-filter 206.151.64.0/18 longer reject; route-filter 206.153.0.0/18 longer reject; route-filter 208.132.0.0/18 longer reject; route-filter 208.48.64.0/18 longer reject; route-filter 208.50.128.0/18 longer reject; route-filter 209.202.128.0/18 longer reject; route-filter 209.225.0.0/18 longer reject; route-filter 208.138.192.0/18 longer reject; route-filter 208.138.64.0/18 longer reject; route-filter 208.157.192.0/18 longer reject; route-filter 205.217.128.0/18 longer reject; route-filter 207.2.0.0/18 longer reject; route-filter 216.74.128.0/18 longer reject; route-filter 66.35.192.0/18 longer reject; route-filter 64.210.192.0/18 longer reject; route-filter 64.85.64.0/18 longer reject; route-filter 206.28.192.0/18 longer reject; route-filter 209.27.64.0/18 longer reject; route-filter 208.167.128.0/18 longer reject; route-filter 64.37.192.0/18 longer reject; route-filter 206.96.0.0/18 longer reject; route-filter 206.29.192.0/18 longer reject; route-filter 206.154.64.0/18 longer reject; route-filter 64.70.0.0/18 longer reject; route-filter 208.131.192.0/18 longer reject; route-filter 63.136.0.0/18 longer reject; route-filter 64.75.0.0/18 longer reject; route-filter 208.166.64.0/18 longer reject; route-filter 209.83.128.0/17 longer reject; route-filter 207.50.0.0/17 longer reject; route-filter 167.216.128.0/17 longer reject; route-filter 146.135.0.0/17 longer reject; route-filter 205.217.0.0/17 longer reject; route-filter 208.168.0.0/17 longer reject; route-filter 206.28.0.0/17 longer reject; route-filter 206.29.0.0/17 longer reject; route-filter 208.169.128.0/17 longer reject; route-filter 206.154.128.0/17 longer reject; route-filter 166.49.0.0/17 longer reject; route-filter 207.2.128.0/17 longer reject; route-filter 206.97.128.0/17 longer reject; route-filter 205.140.0.0/17 longer reject; route-filter 206.153.128.0/17 longer reject; route-filter 208.132.128.0/17 longer reject; route-filter 208.163.128.0/17 longer reject; route-filter 206.96.128.0/17 longer reject; route-filter 208.173.0.0/17 longer reject; route-filter 209.102.0.0/17 longer reject; route-filter 208.175.0.0/17 longer reject; route-filter 63.136.128.0/17 longer reject; route-filter 209.25.0.0/17 longer reject; route-filter 208.157.0.0/17 longer reject; route-filter 208.166.128.0/17 longer reject; route-filter 67.54.0.0/17 longer reject; route-filter 64.41.128.0/17 longer reject; route-filter 209.27.128.0/17 longer reject; route-filter 206.151.128.0/17 longer reject; route-filter 208.167.0.0/17 longer reject; route-filter 204.188.0.0/17 longer reject; route-filter 206.24.0.0/17 longer reject; route-filter 208.131.0.0/17 longer reject; route-filter 216.136.128.0/17 longer reject; route-filter 206.99.128.0/17 longer reject; route-filter 204.189.0.0/16 longer reject; route-filter 206.79.0.0/16 longer reject; route-filter 208.162.0.0/16 longer reject; route-filter 207.82.0.0/16 longer reject; route-filter 207.149.0.0/16 longer reject; route-filter 209.176.0.0/16 longer reject; route-filter 206.142.0.0/16 longer reject; route-filter 205.136.0.0/16 longer reject; route-filter 64.14.0.0/16 longer reject; route-filter 207.124.0.0/16 longer reject; route-filter 207.3.0.0/16 longer reject; route-filter 209.1.0.0/16 longer reject; route-filter 208.156.0.0/16 longer reject; route-filter 206.129.0.0/16 longer reject; route-filter 208.139.0.0/16 longer reject; route-filter 209.223.0.0/16 longer reject; route-filter 209.144.0.0/16 longer reject; route-filter 209.185.0.0/16 longer reject; route-filter 206.98.0.0/16 longer reject; route-filter 206.150.0.0/16 longer reject; route-filter 206.152.0.0/16 longer reject; route-filter 209.67.0.0/16 longer reject; route-filter 206.155.0.0/16 longer reject; route-filter 207.51.0.0/16 longer reject; route-filter 208.130.0.0/16 longer reject; route-filter 63.137.0.0/16 longer reject; route-filter 206.25.0.0/16 longer reject; route-filter 208.133.0.0/16 longer reject; route-filter 165.193.0.0/16 longer reject; route-filter 167.215.0.0/16 longer reject; route-filter 208.172.0.0/16 longer reject; route-filter 205.216.0.0/16 longer reject; route-filter 208.174.0.0/16 longer reject; route-filter 207.48.0.0/15 longer reject; route-filter 208.160.0.0/15 longer reject; route-filter 63.128.0.0/15 longer reject; route-filter 208.164.0.0/15 longer reject; route-filter 204.70.0.0/15 longer reject; route-filter 206.156.0.0/15 longer reject; route-filter 208.158.0.0/15 longer reject; route-filter 208.170.0.0/15 longer reject; route-filter 208.134.0.0/15 longer reject; route-filter 206.30.0.0/15 longer reject; route-filter 208.136.0.0/15 longer reject; route-filter 66.100.0.0/15 longer reject; route-filter 208.128.0.0/15 longer reject; route-filter 205.218.0.0/15 longer reject; route-filter 207.0.0.0/15 longer reject; route-filter 205.138.0.0/15 longer reject; route-filter 206.26.0.0/15 longer reject; route-filter 206.100.0.0/14 longer reject; route-filter 216.88.0.0/14 longer reject; route-filter 64.240.0.0/14 longer reject; route-filter 208.140.0.0/14 longer reject; route-filter 216.32.0.0/14 longer reject; route-filter 208.152.0.0/14 longer reject; route-filter 208.144.0.0/13 longer reject; } then next policy; } } policy-statement find-specifics { term accept-specifics { from { route-filter 199.242.24.0/23 longer accept; route-filter 206.220.224.0/22 longer accept; route-filter 209.27.56.0/22 longer accept; route-filter 206.128.220.0/22 longer accept; route-filter 204.188.128.0/21 longer accept; route-filter 207.189.88.0/21 longer accept; route-filter 206.154.56.0/21 longer accept; route-filter 63.136.120.0/21 longer accept; route-filter 206.99.112.0/21 longer accept; route-filter 206.97.16.0/21 longer accept; route-filter 208.138.160.0/21 longer accept; route-filter 208.157.152.0/21 longer accept; route-filter 199.242.16.0/21 longer accept; route-filter 206.128.208.0/21 longer accept; route-filter 204.194.8.0/21 longer accept; route-filter 209.143.192.0/20 longer accept; route-filter 216.118.192.0/20 longer accept; route-filter 206.97.0.0/20 longer accept; route-filter 66.128.224.0/20 longer accept; route-filter 66.128.64.0/20 longer accept; route-filter 206.28.160.0/20 longer accept; route-filter 216.144.64.0/20 longer accept; route-filter 206.151.32.0/20 longer accept; route-filter 216.182.160.0/20 longer accept; route-filter 216.182.64.0/20 longer accept; route-filter 216.19.160.0/20 longer accept; route-filter 216.219.64.0/20 longer accept; route-filter 216.219.96.0/20 longer accept; route-filter 206.132.32.0/20 longer accept; route-filter 216.224.96.0/20 longer accept; route-filter 205.140.160.0/20 longer accept; route-filter 216.227.224.0/20 longer accept; route-filter 206.154.32.0/20 longer accept; route-filter 216.39.32.0/20 longer accept; route-filter 216.39.96.0/20 longer accept; route-filter 216.48.64.0/20 longer accept; route-filter 216.69.224.0/20 longer accept; route-filter 64.15.192.0/20 longer accept; route-filter 216.227.192.0/20 longer accept; route-filter 216.14.160.0/20 longer accept; route-filter 64.209.128.0/20 longer accept; route-filter 64.209.192.0/20 longer accept; route-filter 206.29.128.0/20 longer accept; route-filter 64.253.192.0/20 longer accept; route-filter 206.132.144.0/20 longer accept; route-filter 64.27.160.0/20 longer accept; route-filter 64.56.192.0/20 longer accept; route-filter 64.70.96.0/20 longer accept; route-filter 64.79.160.0/20 longer accept; route-filter 208.138.0.0/20 longer accept; route-filter 208.138.176.0/20 longer accept; route-filter 64.89.32.0/20 longer accept; route-filter 64.92.160.0/20 longer accept; route-filter 208.157.128.0/20 longer accept; route-filter 207.189.64.0/20 longer accept; route-filter 206.99.96.0/20 longer accept; route-filter 209.27.32.0/20 longer accept; route-filter 204.188.144.0/20 longer accept; route-filter 63.136.96.0/20 longer accept; route-filter 208.167.208.0/20 longer accept; route-filter 66.119.32.0/20 longer accept; route-filter 208.48.208.0/20 longer accept; route-filter 206.97.32.0/19 longer accept; route-filter 64.209.224.0/19 longer accept; route-filter 199.217.64.0/19 longer accept; route-filter 213.174.192.0/19 longer accept; route-filter 166.63.128.0/19 longer accept; route-filter 206.28.128.0/19 longer accept; route-filter 206.153.64.0/19 longer accept; route-filter 207.50.160.0/19 longer accept; route-filter 205.140.128.0/19 longer accept; route-filter 206.132.0.0/19 longer accept; route-filter 64.209.160.0/19 longer accept; route-filter 208.168.192.0/19 longer accept; route-filter 209.27.0.0/19 longer accept; route-filter 64.15.224.0/19 longer accept; route-filter 64.15.160.0/19 longer accept; route-filter 216.64.192.0/19 longer accept; route-filter 206.40.64.0/19 longer accept; route-filter 206.154.0.0/19 longer accept; route-filter 208.169.96.0/19 longer accept; route-filter 208.175.192.0/19 longer accept; route-filter 206.99.64.0/19 longer accept; route-filter 208.163.0.0/19 longer accept; route-filter 212.124.224.0/19 longer accept; route-filter 208.138.128.0/19 longer accept; route-filter 207.2.64.0/19 longer accept; route-filter 208.166.0.0/19 longer accept; route-filter 206.24.160.0/19 longer accept; route-filter 208.175.160.0/19 longer accept; route-filter 66.37.192.0/19 longer accept; route-filter 206.151.0.0/19 longer accept; route-filter 216.39.64.0/19 longer accept; route-filter 205.217.192.0/19 longer accept; route-filter 216.19.128.0/19 longer accept; route-filter 216.182.192.0/19 longer accept; route-filter 206.128.224.0/19 longer accept; route-filter 216.177.64.0/19 longer accept; route-filter 216.109.64.0/19 longer accept; route-filter 216.104.224.0/19 longer accept; route-filter 209.225.64.0/19 longer accept; route-filter 209.143.224.0/19 longer accept; route-filter 204.188.160.0/19 longer accept; route-filter 206.96.96.0/19 longer accept; route-filter 209.16.192.0/19 longer accept; route-filter 82.118.64.0/19 longer accept; route-filter 206.128.0.0/19 longer accept; route-filter 206.40.128.0/19 longer accept; route-filter 208.132.64.0/19 longer accept; route-filter 64.210.160.0/19 longer accept; route-filter 64.211.224.0/19 longer accept; route-filter 64.22.128.0/19 longer accept; route-filter 64.28.64.0/19 longer accept; route-filter 64.39.32.0/19 longer accept; route-filter 64.58.64.0/19 longer accept; route-filter 64.68.64.0/19 longer accept; route-filter 64.70.64.0/19 longer accept; route-filter 63.136.64.0/19 longer accept; route-filter 208.163.64.0/18 longer accept; route-filter 208.173.128.0/18 longer accept; route-filter 205.140.192.0/18 longer accept; route-filter 206.97.64.0/18 longer accept; route-filter 208.169.0.0/18 longer accept; route-filter 207.50.192.0/18 longer accept; route-filter 209.44.0.0/18 longer accept; route-filter 206.24.192.0/18 longer accept; route-filter 206.99.0.0/18 longer accept; route-filter 208.168.128.0/18 longer accept; route-filter 206.128.128.0/18 longer accept; route-filter 206.151.64.0/18 longer accept; route-filter 206.153.0.0/18 longer accept; route-filter 208.132.0.0/18 longer accept; route-filter 208.48.64.0/18 longer accept; route-filter 208.50.128.0/18 longer accept; route-filter 209.202.128.0/18 longer accept; route-filter 209.225.0.0/18 longer accept; route-filter 208.138.192.0/18 longer accept; route-filter 208.138.64.0/18 longer accept; route-filter 208.157.192.0/18 longer accept; route-filter 205.217.128.0/18 longer accept; route-filter 207.2.0.0/18 longer accept; route-filter 216.74.128.0/18 longer accept; route-filter 66.35.192.0/18 longer accept; route-filter 64.210.192.0/18 longer accept; route-filter 64.85.64.0/18 longer accept; route-filter 206.28.192.0/18 longer accept; route-filter 209.27.64.0/18 longer accept; route-filter 208.167.128.0/18 longer accept; route-filter 64.37.192.0/18 longer accept; route-filter 206.96.0.0/18 longer accept; route-filter 206.29.192.0/18 longer accept; route-filter 206.154.64.0/18 longer accept; route-filter 64.70.0.0/18 longer accept; route-filter 208.131.192.0/18 longer accept; route-filter 63.136.0.0/18 longer accept; route-filter 64.75.0.0/18 longer accept; route-filter 208.166.64.0/18 longer accept; route-filter 209.83.128.0/17 longer accept; route-filter 207.50.0.0/17 longer accept; route-filter 167.216.128.0/17 longer accept; route-filter 146.135.0.0/17 longer accept; route-filter 205.217.0.0/17 longer accept; route-filter 208.168.0.0/17 longer accept; route-filter 206.28.0.0/17 longer accept; route-filter 206.29.0.0/17 longer accept; route-filter 208.169.128.0/17 longer accept; route-filter 206.154.128.0/17 longer accept; route-filter 166.49.0.0/17 longer accept; route-filter 207.2.128.0/17 longer accept; route-filter 206.97.128.0/17 longer accept; route-filter 205.140.0.0/17 longer accept; route-filter 206.153.128.0/17 longer accept; route-filter 208.132.128.0/17 longer accept; route-filter 208.163.128.0/17 longer accept; route-filter 206.96.128.0/17 longer accept; route-filter 208.173.0.0/17 longer accept; route-filter 209.102.0.0/17 longer accept; route-filter 208.175.0.0/17 longer accept; route-filter 63.136.128.0/17 longer accept; route-filter 209.25.0.0/17 longer accept; route-filter 208.157.0.0/17 longer accept; route-filter 208.166.128.0/17 longer accept; route-filter 67.54.0.0/17 longer accept; route-filter 64.41.128.0/17 longer accept; route-filter 209.27.128.0/17 longer accept; route-filter 206.151.128.0/17 longer accept; route-filter 208.167.0.0/17 longer accept; route-filter 204.188.0.0/17 longer accept; route-filter 206.24.0.0/17 longer accept; route-filter 208.131.0.0/17 longer accept; route-filter 216.136.128.0/17 longer accept; route-filter 206.99.128.0/17 longer accept; route-filter 204.189.0.0/16 longer accept; route-filter 206.79.0.0/16 longer accept; route-filter 208.162.0.0/16 longer accept; route-filter 207.82.0.0/16 longer accept; route-filter 207.149.0.0/16 longer accept; route-filter 209.176.0.0/16 longer accept; route-filter 206.142.0.0/16 longer accept; route-filter 205.136.0.0/16 longer accept; route-filter 64.14.0.0/16 longer accept; route-filter 207.124.0.0/16 longer accept; route-filter 207.3.0.0/16 longer accept; route-filter 209.1.0.0/16 longer accept; route-filter 208.156.0.0/16 longer accept; route-filter 206.129.0.0/16 longer accept; route-filter 208.139.0.0/16 longer accept; route-filter 209.223.0.0/16 longer accept; route-filter 209.144.0.0/16 longer accept; route-filter 209.185.0.0/16 longer accept; route-filter 206.98.0.0/16 longer accept; route-filter 206.150.0.0/16 longer accept; route-filter 206.152.0.0/16 longer accept; route-filter 209.67.0.0/16 longer accept; route-filter 206.155.0.0/16 longer accept; route-filter 207.51.0.0/16 longer accept; route-filter 208.130.0.0/16 longer accept; route-filter 63.137.0.0/16 longer accept; route-filter 206.25.0.0/16 longer accept; route-filter 208.133.0.0/16 longer accept; route-filter 165.193.0.0/16 longer accept; route-filter 167.215.0.0/16 longer accept; route-filter 208.172.0.0/16 longer accept; route-filter 205.216.0.0/16 longer accept; route-filter 208.174.0.0/16 longer accept; route-filter 207.48.0.0/15 longer accept; route-filter 208.160.0.0/15 longer accept; route-filter 63.128.0.0/15 longer accept; route-filter 208.164.0.0/15 longer accept; route-filter 204.70.0.0/15 longer accept; route-filter 206.156.0.0/15 longer accept; route-filter 208.158.0.0/15 longer accept; route-filter 208.170.0.0/15 longer accept; route-filter 208.134.0.0/15 longer accept; route-filter 206.30.0.0/15 longer accept; route-filter 208.136.0.0/15 longer accept; route-filter 66.100.0.0/15 longer accept; route-filter 208.128.0.0/15 longer accept; route-filter 205.218.0.0/15 longer accept; route-filter 207.0.0.0/15 longer accept; route-filter 205.138.0.0/15 longer accept; route-filter 206.26.0.0/15 longer accept; route-filter 206.100.0.0/14 longer accept; route-filter 216.88.0.0/14 longer accept; route-filter 64.240.0.0/14 longer accept; route-filter 208.140.0.0/14 longer accept; route-filter 216.32.0.0/14 longer accept; route-filter 208.152.0.0/14 longer accept; route-filter 208.144.0.0/13 longer accept; } } term reject-others { then reject; } } policy-statement export-customer-routes-glbl { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-customer; then { community delete comm-wild; accept; } } term comm-peer { from community comm-peer; then reject; } then { community delete comm-wild; next policy; } } policy-statement export-customer-routes-glbl-comm { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-customer; then accept; } term comm-peer { from community comm-peer; then reject; } then next policy; } policy-statement export-full-routes-comm { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-customer; then accept; } term comm-peer { from community comm-peer; then accept; } then next policy; } policy-statement set-peer-local-pref-100-RNA { then { local-preference 100; community set comm-RNA-peer; } } policy-statement set-peer-local-pref-RNA { then { metric 128; local-preference 80; community set comm-RNA-peer; } } policy-statement per-flow-load-balancing { term 1 { from { route-filter 208.174.15.0/24 orlonger; } } then { load-balance per-packet; } } policy-statement default-originate { term 1 { from { route-filter 0.0.0.0/0 exact accept; } } term 2 { then next policy; } } policy-statement export-backbone-routes { term one { from { route-filter 199.242.24.0/23 exact; route-filter 206.220.224.0/22 exact; route-filter 209.27.56.0/22 exact; route-filter 206.128.220.0/22 exact; route-filter 204.188.128.0/21 exact; route-filter 207.189.88.0/21 exact; route-filter 206.154.56.0/21 exact; route-filter 63.136.120.0/21 exact; route-filter 206.99.112.0/21 exact; route-filter 206.97.16.0/21 exact; route-filter 208.138.160.0/21 exact; route-filter 208.157.152.0/21 exact; route-filter 199.242.16.0/21 exact; route-filter 206.128.208.0/21 exact; route-filter 204.194.8.0/21 exact; route-filter 209.143.192.0/20 exact; route-filter 216.118.192.0/20 exact; route-filter 206.97.0.0/20 exact; route-filter 66.128.224.0/20 exact; route-filter 66.128.64.0/20 exact; route-filter 206.28.160.0/20 exact; route-filter 216.144.64.0/20 exact; route-filter 206.151.32.0/20 exact; route-filter 216.182.160.0/20 exact; route-filter 216.182.64.0/20 exact; route-filter 216.19.160.0/20 exact; route-filter 216.219.64.0/20 exact; route-filter 216.219.96.0/20 exact; route-filter 206.132.32.0/20 exact; route-filter 216.224.96.0/20 exact; route-filter 205.140.160.0/20 exact; route-filter 216.227.224.0/20 exact; route-filter 206.154.32.0/20 exact; route-filter 216.39.32.0/20 exact; route-filter 216.39.96.0/20 exact; route-filter 216.48.64.0/20 exact; route-filter 216.69.224.0/20 exact; route-filter 64.15.192.0/20 exact; route-filter 216.227.192.0/20 exact; route-filter 216.14.160.0/20 exact; route-filter 64.209.128.0/20 exact; route-filter 64.209.192.0/20 exact; route-filter 206.29.128.0/20 exact; route-filter 64.253.192.0/20 exact; route-filter 206.132.144.0/20 exact; route-filter 64.27.160.0/20 exact; route-filter 64.56.192.0/20 exact; route-filter 64.70.96.0/20 exact; route-filter 64.79.160.0/20 exact; route-filter 208.138.0.0/20 exact; route-filter 208.138.176.0/20 exact; route-filter 64.89.32.0/20 exact; route-filter 64.92.160.0/20 exact; route-filter 208.157.128.0/20 exact; route-filter 207.189.64.0/20 exact; route-filter 206.99.96.0/20 exact; route-filter 209.27.32.0/20 exact; route-filter 204.188.144.0/20 exact; route-filter 63.136.96.0/20 exact; route-filter 208.167.208.0/20 exact; route-filter 66.119.32.0/20 exact; route-filter 208.48.208.0/20 exact; route-filter 206.97.32.0/19 exact; route-filter 64.209.224.0/19 exact; route-filter 199.217.64.0/19 exact; route-filter 213.174.192.0/19 exact; route-filter 166.63.128.0/19 exact; route-filter 206.28.128.0/19 exact; route-filter 206.153.64.0/19 exact; route-filter 207.50.160.0/19 exact; route-filter 205.140.128.0/19 exact; route-filter 206.132.0.0/19 exact; route-filter 64.209.160.0/19 exact; route-filter 208.168.192.0/19 exact; route-filter 209.27.0.0/19 exact; route-filter 64.15.224.0/19 exact; route-filter 64.15.160.0/19 exact; route-filter 216.64.192.0/19 exact; route-filter 206.40.64.0/19 exact; route-filter 206.154.0.0/19 exact; route-filter 208.169.96.0/19 exact; route-filter 208.175.192.0/19 exact; route-filter 206.99.64.0/19 exact; route-filter 208.163.0.0/19 exact; route-filter 212.124.224.0/19 exact; route-filter 208.138.128.0/19 exact; route-filter 207.2.64.0/19 exact; route-filter 208.166.0.0/19 exact; route-filter 206.24.160.0/19 exact; route-filter 208.175.160.0/19 exact; route-filter 66.37.192.0/19 exact; route-filter 206.151.0.0/19 exact; route-filter 216.39.64.0/19 exact; route-filter 205.217.192.0/19 exact; route-filter 216.19.128.0/19 exact; route-filter 216.182.192.0/19 exact; route-filter 206.128.224.0/19 exact; route-filter 216.177.64.0/19 exact; route-filter 216.109.64.0/19 exact; route-filter 216.104.224.0/19 exact; route-filter 209.225.64.0/19 exact; route-filter 209.143.224.0/19 exact; route-filter 204.188.160.0/19 exact; route-filter 206.96.96.0/19 exact; route-filter 209.16.192.0/19 exact; route-filter 82.118.64.0/19 exact; route-filter 206.128.0.0/19 exact; route-filter 206.40.128.0/19 exact; route-filter 208.132.64.0/19 exact; route-filter 64.210.160.0/19 exact; route-filter 64.211.224.0/19 exact; route-filter 64.22.128.0/19 exact; route-filter 64.28.64.0/19 exact; route-filter 64.39.32.0/19 exact; route-filter 64.58.64.0/19 exact; route-filter 64.68.64.0/19 exact; route-filter 64.70.64.0/19 exact; route-filter 63.136.64.0/19 exact; route-filter 208.163.64.0/18 exact; route-filter 208.173.128.0/18 exact; route-filter 205.140.192.0/18 exact; route-filter 206.97.64.0/18 exact; route-filter 208.169.0.0/18 exact; route-filter 207.50.192.0/18 exact; route-filter 209.44.0.0/18 exact; route-filter 206.24.192.0/18 exact; route-filter 206.99.0.0/18 exact; route-filter 208.168.128.0/18 exact; route-filter 206.128.128.0/18 exact; route-filter 206.151.64.0/18 exact; route-filter 206.153.0.0/18 exact; route-filter 208.132.0.0/18 exact; route-filter 208.48.64.0/18 exact; route-filter 208.50.128.0/18 exact; route-filter 209.202.128.0/18 exact; route-filter 209.225.0.0/18 exact; route-filter 208.138.192.0/18 exact; route-filter 208.138.64.0/18 exact; route-filter 208.157.192.0/18 exact; route-filter 205.217.128.0/18 exact; route-filter 207.2.0.0/18 exact; route-filter 216.74.128.0/18 exact; route-filter 66.35.192.0/18 exact; route-filter 64.210.192.0/18 exact; route-filter 64.85.64.0/18 exact; route-filter 206.28.192.0/18 exact; route-filter 209.27.64.0/18 exact; route-filter 208.167.128.0/18 exact; route-filter 64.37.192.0/18 exact; route-filter 206.96.0.0/18 exact; route-filter 206.29.192.0/18 exact; route-filter 206.154.64.0/18 exact; route-filter 64.70.0.0/18 exact; route-filter 208.131.192.0/18 exact; route-filter 63.136.0.0/18 exact; route-filter 64.75.0.0/18 exact; route-filter 208.166.64.0/18 exact; route-filter 209.83.128.0/17 exact; route-filter 207.50.0.0/17 exact; route-filter 167.216.128.0/17 exact; route-filter 146.135.0.0/17 exact; route-filter 205.217.0.0/17 exact; route-filter 208.168.0.0/17 exact; route-filter 206.28.0.0/17 exact; route-filter 206.29.0.0/17 exact; route-filter 208.169.128.0/17 exact; route-filter 206.154.128.0/17 exact; route-filter 166.49.0.0/17 exact; route-filter 207.2.128.0/17 exact; route-filter 206.97.128.0/17 exact; route-filter 205.140.0.0/17 exact; route-filter 206.153.128.0/17 exact; route-filter 208.132.128.0/17 exact; route-filter 208.163.128.0/17 exact; route-filter 206.96.128.0/17 exact; route-filter 208.173.0.0/17 exact; route-filter 209.102.0.0/17 exact; route-filter 208.175.0.0/17 exact; route-filter 63.136.128.0/17 exact; route-filter 209.25.0.0/17 exact; route-filter 208.157.0.0/17 exact; route-filter 208.166.128.0/17 exact; route-filter 67.54.0.0/17 exact; route-filter 64.41.128.0/17 exact; route-filter 209.27.128.0/17 exact; route-filter 206.151.128.0/17 exact; route-filter 208.167.0.0/17 exact; route-filter 204.188.0.0/17 exact; route-filter 206.24.0.0/17 exact; route-filter 208.131.0.0/17 exact; route-filter 216.136.128.0/17 exact; route-filter 206.99.128.0/17 exact; route-filter 204.189.0.0/16 exact; route-filter 206.79.0.0/16 exact; route-filter 208.162.0.0/16 exact; route-filter 207.82.0.0/16 exact; route-filter 207.149.0.0/16 exact; route-filter 209.176.0.0/16 exact; route-filter 206.142.0.0/16 exact; route-filter 205.136.0.0/16 exact; route-filter 64.14.0.0/16 exact; route-filter 207.124.0.0/16 exact; route-filter 207.3.0.0/16 exact; route-filter 209.1.0.0/16 exact; route-filter 208.156.0.0/16 exact; route-filter 206.129.0.0/16 exact; route-filter 208.139.0.0/16 exact; route-filter 209.223.0.0/16 exact; route-filter 209.144.0.0/16 exact; route-filter 209.185.0.0/16 exact; route-filter 206.98.0.0/16 exact; route-filter 206.150.0.0/16 exact; route-filter 206.152.0.0/16 exact; route-filter 209.67.0.0/16 exact; route-filter 206.155.0.0/16 exact; route-filter 207.51.0.0/16 exact; route-filter 208.130.0.0/16 exact; route-filter 63.137.0.0/16 exact; route-filter 206.25.0.0/16 exact; route-filter 208.133.0.0/16 exact; route-filter 165.193.0.0/16 exact; route-filter 167.215.0.0/16 exact; route-filter 208.172.0.0/16 exact; route-filter 205.216.0.0/16 exact; route-filter 208.174.0.0/16 exact; route-filter 207.48.0.0/15 exact; route-filter 208.160.0.0/15 exact; route-filter 63.128.0.0/15 exact; route-filter 208.164.0.0/15 exact; route-filter 204.70.0.0/15 exact; route-filter 206.156.0.0/15 exact; route-filter 208.158.0.0/15 exact; route-filter 208.170.0.0/15 exact; route-filter 208.134.0.0/15 exact; route-filter 206.30.0.0/15 exact; route-filter 208.136.0.0/15 exact; route-filter 66.100.0.0/15 exact; route-filter 208.128.0.0/15 exact; route-filter 205.218.0.0/15 exact; route-filter 207.0.0.0/15 exact; route-filter 205.138.0.0/15 exact; route-filter 206.26.0.0/15 exact; route-filter 206.100.0.0/14 exact; route-filter 216.88.0.0/14 exact; route-filter 64.240.0.0/14 exact; route-filter 208.140.0.0/14 exact; route-filter 216.32.0.0/14 exact; route-filter 208.152.0.0/14 exact; route-filter 208.144.0.0/13 exact; } then accept; } term two { then reject; } } policy-statement deny-all { then reject; } policy-statement set-customer-non-transit-local-pref-US { term delete-community { then { community delete delete-cw-comm; next term; } } term comm-70 { from community comm-70; then { local-preference 70; community add comm-US-customer; community add comm-no-peer; next policy; } } term comm-80 { from community comm-80; then { local-preference 80; community add comm-US-customer; community add comm-no-peer; next policy; } } term comm-90 { from community comm-90; then { local-preference 90; community add comm-US-customer; community add comm-no-peer; next policy; } } term comm-100 { then { local-preference 100; community add comm-US-customer; community add comm-no-peer; next policy; } } } policy-statement ddostracking2 { from community dos-victim2; then destination-class dos-victim2; } policy-statement ddostracking3 { from community dos-victim3; then destination-class dos-victim3; } policy-statement set-customer-private-ASN-non-transit-local-pref { term delete-community { then { community delete delete-cw-comm; next term; } } term comm-70 { from community comm-70; then { local-preference 70; community add comm-no-peer; next policy; } } term comm-80 { from community comm-80; then { local-preference 80; community add comm-no-peer; next policy; } } term comm-90 { from community comm-90; then { local-preference 90; community add comm-no-peer; next policy; } } term comm-100 { then { local-preference 100; community add comm-no-peer; next policy; } } } policy-statement set-customer-private-ASN-local-pref { term delete-community { then { community delete delete-cw-comm; next term; } } term comm-70 { from community comm-70; then { local-preference 70; next policy; } } term comm-80 { from community comm-80; then { local-preference 80; next policy; } } term comm-90 { from community comm-90; then { local-preference 90; next policy; } } term comm-100 { then { local-preference 100; next policy; } } } policy-statement export-customer-routes-GB { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-GB-customer; then { community delete comm-wild; accept; } } term comm-peer { from community [ comm-peer comm-customer ]; then reject; } then { community delete comm-wild; next policy; } } policy-statement export-customer-routes-GB-comm { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-GB-customer; then accept; } term comm-peer { from community [ comm-peer comm-customer ]; then reject; } then next policy; } policy-statement set-customer-local-pref-GB { term delete-community { then { community delete delete-cw-comm; next term; } } term comm-70 { from community comm-70; then { local-preference 70; community add comm-GB-customer; next policy; } } term comm-80 { from community comm-80; then { local-preference 80; community add comm-GB-customer; next policy; } } term comm-90 { from community comm-90; then { local-preference 90; community add comm-GB-customer; next policy; } } term comm-100 { then { local-preference 100; community add comm-GB-customer; next policy; } } } policy-statement export-customer-routes-REU { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-REU-customer; then { community delete comm-wild; accept; } } term comm-peer { from community [ comm-peer comm-customer ]; then reject; } then { community delete comm-wild; next policy; } } policy-statement export-customer-routes-REU-comm { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-customer { from community comm-REU-customer; then accept; } term comm-peer { from community [ comm-peer comm-customer ]; then reject; } then next policy; } policy-statement set-peer-local-pref-100-REU { then { local-preference 100; community set comm-REU-peer; } } policy-statement set-peer-local-pref-REU { then { metric 128; local-preference 80; community set comm-REU-peer; } } policy-statement set-customer-non-transit-local-pref-GB { term delete-community { then { community delete delete-cw-comm; next term; } } term comm-70 { from community comm-70; then { local-preference 70; community add comm-GB-customer; community add comm-no-peer; next policy; } } term comm-80 { from community comm-80; then { local-preference 80; community add comm-GB-customer; community add comm-no-peer; next policy; } } term comm-90 { from community comm-90; then { local-preference 90; community add comm-GB-customer; community add comm-no-peer; next policy; } } term comm-100 { then { local-preference 100; community add comm-GB-customer; community add comm-no-peer; next policy; } } } policy-statement announce-local { term reject-default { from { route-filter 0.0.0.0/0 exact; } then reject; } term announce-local { from { route-filter 213.174.192.0/25 exact; route-filter 213.174.192.208/29 exact; route-filter 213.174.192.216/29 exact; route-filter 213.174.193.0/28 exact; route-filter 213.174.195.0/26 exact; route-filter 213.174.195.112/28 exact; route-filter 213.174.195.128/28 exact; route-filter 213.174.195.176/28 exact; route-filter 213.174.195.224/28 exact; route-filter 213.174.196.0/28 exact; route-filter 213.174.196.16/28 exact; route-filter 213.174.196.32/28 exact; route-filter 213.174.196.64/28 exact; route-filter 213.174.196.96/28 exact; route-filter 213.174.196.160/28 exact; route-filter 213.174.196.176/28 exact; route-filter 213.174.196.224/29 exact; route-filter 213.174.196.240/28 exact; route-filter 213.174.198.0/27 exact; route-filter 213.174.198.32/27 exact; route-filter 213.174.198.64/27 exact; route-filter 213.174.198.192/29 exact; route-filter 213.174.198.208/28 exact; route-filter 213.174.198.240/29 exact; route-filter 213.174.199.0/27 exact; route-filter 213.174.199.64/27 exact; route-filter 213.174.199.96/28 exact; route-filter 213.174.199.128/29 exact; route-filter 213.174.199.144/29 exact; route-filter 213.174.199.160/27 exact; route-filter 213.174.200.0/28 exact; route-filter 213.174.200.80/28 exact; route-filter 213.174.200.128/29 exact; route-filter 213.174.200.144/28 exact; route-filter 213.174.200.192/27 exact; route-filter 213.174.201.96/28 exact; route-filter 213.174.201.128/25 exact; route-filter 213.174.202.160/27 exact; route-filter 213.174.205.0/24 exact; route-filter 213.174.207.116/32 exact; route-filter 213.174.198.128/27 exact; route-filter 213.174.199.224/27 exact; route-filter 213.174.195.64/29 exact; route-filter 213.174.202.128/27 exact; route-filter 213.174.197.176/28 exact; route-filter 213.174.200.32/28 exact; route-filter 213.174.202.0/25 exact; route-filter 212.124.244.0/26 exact; route-filter 165.193.172.72/30 exact; route-filter 213.174.195.72/29 exact; route-filter 213.174.192.144/28 exact; route-filter 213.174.200.224/28 exact; route-filter 213.174.203.224/27 exact; route-filter 213.174.196.232/29 exact; route-filter 206.24.172.80/30 exact; route-filter 213.174.197.240/28 exact; route-filter 213.174.197.0/25 exact; route-filter 212.117.224.192/26 exact; route-filter 213.174.198.252/32 exact; route-filter 213.174.198.253/32 exact; route-filter 212.124.227.48/28 exact; route-filter 212.124.251.160/28 exact; route-filter 82.118.66.0/24 exact; route-filter 82.118.67.0/24 exact; route-filter 82.118.65.112/28 exact; route-filter 213.174.199.48/29 exact; route-filter 82.118.65.192/26 exact; route-filter 82.118.71.0/27 exact; route-filter 82.118.95.96/27 exact; route-filter 212.124.251.176/28 exact; route-filter 213.174.200.16/28 exact; route-filter 212.117.224.0/26 exact; route-filter 212.124.226.88/29 exact; route-filter 82.118.71.64/26 exact; route-filter 213.174.198.192/28 exact; route-filter 206.24.172.144/28 exact; route-filter 82.118.70.0/24 exact; route-filter 82.118.65.104/29 exact; route-filter 82.118.65.96/29 exact; route-filter 212.124.252.112/28 exact; route-filter 212.124.253.32/28 exact; route-filter 206.24.172.192/26 exact; route-filter 206.24.172.128/30 exact; route-filter 206.24.172.132/30 exact; route-filter 206.24.172.136/30 exact; route-filter 212.124.227.160/27 exact; route-filter 212.124.239.192/27 exact; route-filter 212.117.224.112/28 exact; route-filter 212.124.240.0/28 exact; route-filter 216.219.74.0/23 exact; route-filter 212.124.240.176/28 exact; route-filter 212.124.236.32/29 exact; route-filter 212.124.224.64/28 exact; route-filter 212.124.241.208/28 exact; route-filter 213.174.193.128/27 exact; route-filter 212.124.241.240/28 exact; route-filter 213.174.192.0/19 exact; } then { next-hop self; accept; } } term backup-static { from { route-filter 213.174.195.80/28 exact; route-filter 213.174.196.128/28 exact; route-filter 213.174.196.192/28 exact; route-filter 213.174.197.208/28 exact; route-filter 213.174.200.96/28 exact; route-filter 213.174.201.0/28 exact; route-filter 213.174.201.32/32 exact; route-filter 213.174.201.64/32 exact; route-filter 213.174.202.192/27 exact; route-filter 213.174.202.224/28 exact; route-filter 213.174.197.128/27 exact; route-filter 192.168.0.1/32 exact; } then { local-preference 90; next-hop self; accept; } } from { route-filter 213.174.203.192/28 exact; route-filter 213.174.198.184/29 exact; route-filter 213.174.198.160/28 exact; route-filter 213.174.196.112/28 exact; route-filter 213.174.198.176/29 exact; } } policy-statement deny-default { term one { from { route-filter 0.0.0.0/0 exact reject; } } } policy-statement isis-tag { term one { from { protocol isis; tag 120; } then accept; } term two { then reject; } } policy-statement redistribute-direct { term one { from protocol direct; then accept; } then reject; } policy-statement AS65530-DDoS { term accept-DDoS { from { community dos-victim1; route-filter 165.193.172.96/27 orlonger; } then { local-preference 100; community delete delete-cw-comm; next-hop 206.24.194.51; accept; } } term next-policy { then next policy; } } policy-statement AS65530 { term accept-prefix { from { route-filter 165.193.172.96/27 exact accept; } then accept; } term reject-rest { then reject; } } policy-statement set-comm-shasta { term cntx04 { from as-path shasta-cntx04; then { community set comm-shasta-cntx04; next policy; } } term shasta-cntx11 { from as-path shasta-cntx11; then { community set comm-shasta-cntx11; next policy; } } term shasta-cntx12 { from as-path shasta-cntx12; then { community set comm-shasta-cntx12; next policy; } } term shasta-cntx13 { from as-path shasta-cntx13; then { community set comm-shasta-cntx13; next policy; } } term shasta-cntx14 { from as-path shasta-cntx14; then { community set comm-shasta-cntx14; next policy; } } term shasta-cntx32 { from as-path shasta-cntx32; then { community set comm-shasta-cntx32; next policy; } } } policy-statement prefix-shasta { term 10 { from { route-filter 82.118.93.0/24 orlonger; route-filter 212.124.236.48/28 exact; } then { damping none; accept; } } then reject; } policy-statement block-general-ldp-routes { term one { from { route-filter 208.174.15.0/24 orlonger; route-filter 209.83.159.0/24 orlonger; } then accept; } term two { then reject; } } policy-statement export-sec-loopback { term one { from { route-filter 208.174.15.156/32 exact; } then accept; } term two { then reject; } } policy-statement DDoS { term accept-DDoS { from community dos-victim1; then { local-preference 100; community delete delete-cw-comm; next-hop 206.24.194.51; accept; } } term next-policy { then next policy; } } policy-statement export-peer-routes { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-peer { from community comm-peer; then { community delete comm-wild; accept; } } term comm-customer { from community comm-customer; then reject; } then reject; } policy-statement export-peer-routes-comm { term AS4293 { from { as-path as4293-routes; policy find-specifics; } then reject; } term comm-peer { from community comm-peer; then accept; } term comm-customer { from community comm-customer; then reject; } then reject; } community AS2828-0 members 3561:30030; community AS2828-1 members 3561:30031; community AS2828-2 members 3561:30032; community AS2828-3 members 3561:30033; community AS2828-9 members 3561:30039; community comm-70 members 3561:70; community comm-80 members 3561:80; community comm-90 members 3561:90; community comm-GB-customer members 3561:12826; community comm-REU-customer members 3561:12...; community comm-REU-peer members 3561:22000; community comm-RNA-customer members 3561:11...; community comm-RNA-peer members 3561:21000; community comm-US-customer members 3561:11840; community comm-announce-only members 3561:30..9; community comm-customer members 3561:1....; community comm-no-export members no-export; community comm-no-peer members 3561:30000; community comm-peer members 3561:2....; community comm-shasta-cntx04 members 3561:65090; community comm-shasta-cntx11 members 3561:65091; community comm-shasta-cntx12 members 3561:65092; community comm-shasta-cntx13 members 3561:65093; community comm-shasta-cntx14 members 3561:65094; community comm-shasta-cntx32 members 3561:65095; community comm-wild members *:*; community delete-cw-comm members [ 3561:1.* 3561:2.* 3561:700 3561:701 ]; community dos-victim1 members 3561:666; community dos-victim2 members 3561:700; community dos-victim3 members 3561:701; community guard-DDoS members 3561:6157; as-path private-as ".* 64512-65535+ .*"; as-path swamp ".*(174|209|701|702|1239|1299|1668|2828|2914|3257|3300|3320|3356|3549|5511|6461|6762|7018|7132|8220).*"; as-path as4293-routes ".*(4293|64512-65535).*"; as-path shasta-cntx04 65090; as-path shasta-cntx11 65091; as-path shasta-cntx12 65092; as-path shasta-cntx13 65093; as-path shasta-cntx14 65094; as-path shasta-cntx32 65095; damping cisco { reuse 1500; suppress 4001; } damping none { disable; } } firewall { policer limit-ssh { if-exceeding { bandwidth-limit 5m; burst-size-limit 15k; } then discard; } policer limit-snmp { if-exceeding { bandwidth-limit 1m; burst-size-limit 15k; } then discard; } policer limit-udp { if-exceeding { bandwidth-limit 2m; burst-size-limit 15k; } then discard; } policer limit-ntp { if-exceeding { bandwidth-limit 500k; burst-size-limit 15k; } then discard; } policer limit-syn { if-exceeding { bandwidth-limit 1m; burst-size-limit 15k; } then discard; } policer limit-traceroutes { if-exceeding { bandwidth-limit 1m; burst-size-limit 15k; } then discard; } policer limit-ddos { if-exceeding { bandwidth-limit 2m; burst-size-limit 15k; } then discard; } policer limit-icmp { if-exceeding { bandwidth-limit 20m; burst-size-limit 2m; } then discard; } policer limit-management { if-exceeding { bandwidth-limit 5m; burst-size-limit 1m; } then discard; } filter deny-non-routable { term block_nonroutable { from { source-prefix-list { non-routable-list; } } then { count non-routable-packets; discard; } } term first { then { count cflowd-stat; sample; next term; } } term last { then accept; } } filter ACL10 { term NTP_accept { from { source-prefix-list { ntp-list; } protocol udp; port ntp; } then { policer limit-management; accept; } } term BGP_SYN_accept { from { source-prefix-list { bgp-list; } protocol tcp; port bgp; tcp-initial; } then { policer limit-syn; accept; } } term BGP_accept { from { source-prefix-list { bgp-list; } protocol tcp; port bgp; } then accept; } term SSH_accept { from { source-prefix-list { core-list; host-list; } protocol tcp; port ssh; } then { policer limit-management; accept; } } term SSH_deny { from { protocol tcp; port ssh; } then { count SSH_deny; syslog; discard; } } term SNMP_accept { from { source-prefix-list { snmp-list; } protocol udp; port snmp; } then { policer limit-management; accept; } } term MSDP_accept { from { source-prefix-list { msdp-list; } protocol tcp; port [ 639 679 ]; } then { policer limit-management; accept; } } term LDP_accept { from { source-prefix-list { ldp-list; } protocol [ tcp udp ]; port ldp; } then { policer limit-management; accept; } } term DNS_accept { from { source-prefix-list { dns-list; } protocol udp; port 53; } then { policer limit-management; accept; } } term RADIUS_accept { from { source-prefix-list { radius-list; } protocol [ udp tcp ]; source-port radius; } then { policer limit-management; accept; } } term IGMP_accept { from { destination-address { 224.0.0.0/24; } protocol igmp; } then { policer limit-management; accept; } } term VRRP_accept { from { destination-address { 224.0.0.18/32; } protocol vrrp; } then { policer limit-management; accept; } } term RIP_accept { from { destination-address { 224.0.0.9/32; } protocol udp; port 520; } then { policer limit-management; accept; } } term OSPF_accept { from { protocol ospf; } then { policer limit-management; accept; } } term PIM { from { protocol pim; } then { policer limit-management; accept; } } term RSVP { from { protocol rsvp; } then { policer limit-management; accept; } } term no-ICMP-source-quench { from { protocol icmp; icmp-type source-quench; } then { discard; } } term ICMP { from { protocol icmp; } then { policer limit-icmp; accept; } } term traceroutes { from { protocol udp; destination-port 33434-33523; } then { policer limit-management; accept; } } term everything-else { then { count deny_everything; syslog; discard; } } term TELNET_deny { from { protocol tcp; port telnet; } then { count TELNET_deny; syslog; discard; } } term LDP_need_to_fix { from { protocol [ tcp udp ]; port ldp; } then { policer limit-management; count LDP_bogus; syslog; accept; } } } filter IDS-ZYNAPCOLO-TO-NET-ANTI-SPOOF { term Permit-Established { from { source-address { 213.174.199.208/29; } tcp-established; } then { count tcp-established; accept; } } term Permit-112 { from { source-address { 213.174.199.208/29; } destination-address { 224.0.0.0/24; } protocol 112; } then { count Multi; accept; } } term Permit-563x { from { source-address { 213.174.199.208/29; } destination-address { 62.55.0.0/16; 80.177.32.8/29; 212.124.224.56/29; } protocol [ udp tcp ]; port 5631-5632; } then { count 563x; accept; } } term Permit-WWW { from { source-address { 213.174.199.208/29; } protocol tcp; port http; } then { count WWW; accept; } } term Deny-SNMP { from { source-address { 213.174.199.208/29; } destination-address { 213.174.199.208/29; } protocol [ udp tcp ]; port [ 161 162 ]; } then { count SNMP; reject; } } term Permit-Destinations { from { source-address { 213.174.199.208/29; } destination-address { 213.174.199.208/29; } } then { count Permitted; accept; } } term Permit-ntp { from { source-address { 213.174.199.208/29; } destination-address { 213.174.195.20/31; } protocol udp; port ntp; } then { count NTP; accept; } } term Permit-DNS { from { source-address { 213.174.199.208/29; } destination-address { 213.174.195.20/30; } protocol [ udp tcp ]; port domain; } then { count DNS; accept; } } term Permit-Multi2 { from { source-address { 213.174.199.208/29; } destination-address { 224.0.0.0/24; } protocol udp; } then { count MULTI2; accept; } } term Permit-Ftp { from { source-address { 213.174.199.208/29; } protocol tcp; port ftp-data; } then { count FTP; accept; } } term Deny-ALL { then { count Denied; reject; } } } filter NET-TO-IDS-ZYNAPCOLO-ANTI-SPOOF { term Permit-Established { from { tcp-established; } then { count tcp-established; accept; } } term Permit-563x { from { source-address { 62.55.0.0/16; 80.177.32.8/29; 212.124.224.56/29; } destination-address { 213.174.199.208/29; } protocol [ udp tcp ]; port 5631-5632; } then { count 563x; accept; } } term Permit-Various-TCP { from { destination-address { 213.174.199.208/29; } protocol tcp; port [ 389 522 4000 4001 smtp ftp 2000 2001 3389 http 443 ]; } then { count various; accept; } } term Permit-Various-UDP { from { destination-address { 213.174.199.208/29; } protocol udp; port [ domain ntp 30000-65535 ]; } then { count UDP; accept; } } term Permit-ICMP { from { source-address { 10.83.251.20/30; } destination-address { 213.174.199.208/29; } protocol icmp; } then { count ICMP; accept; } } term Deny-ALL { then { count denied; reject; } } } filter IDS-BANDQCOLO-TO-NET-ANTI-SPOOF { term one { from { tcp-established; } then accept; } term two { from { source-address { 10.83.54.160/29; } destination-address { 10.83.54.160/29; } protocol udp; port [ snmp snmptrap ]; } then { count snmp-snmptrap; discard; } } term three { from { source-address { 10.83.54.160/29; } destination-address { 10.83.54.160/29; } protocol tcp; port [ 161 162 ]; } then { count 161-162; discard; } } term four { from { source-address { 10.83.54.160/29; } destination-address { 213.174.195.20/30; } protocol udp; port domain; } then accept; } term five { from { source-address { 10.83.54.160/29; } destination-address { 213.174.195.20/30; } protocol udp; source-port domain; destination-port [ 1023-65530 1023-65535 ]; } then accept; } term six { from { source-address { 10.83.54.160/29; } destination-address { 213.174.195.20/31; } protocol udp; port ntp; } then accept; } term seven { from { source-address { 10.83.54.160/29; } destination-address { 213.174.195.20/31; } protocol udp; source-port ntp; destination-port 1023-65535; } then accept; } term eight { from { source-address { 10.83.54.160/29; } destination-address { 224.0.0.0/24; } protocol udp; } then accept; } term nine { from { source-address { 10.83.54.160/29; } destination-address { 10.83.54.160/29; } } then accept; } term ten { from { source-address { 10.83.54.160/29; } } then accept; } term eleven { from { source-address { 213.174.195.64/29; } } then accept; } term twelve { from { source-address { 213.174.202.128/27; } } then accept; } term thirteen { then { discard; } } } filter NET-TO-IDS-INEXTCOLO-ANTI-SPOOF { term one { from { tcp-established; } then accept; } term two { from { source-address { 213.174.195.20/30; } destination-address { 213.174.199.112/29; } protocol udp; port domain; } then accept; } term three { from { source-address { 213.174.195.20/30; } destination-address { 213.174.199.112/29; } protocol udp; source-port domain; destination-port 1023-65535; } then accept; } term four { from { source-address { 213.174.195.20/31; } destination-address { 213.174.199.112/29; } port ntp; } then accept; } term five { from { source-address { 213.174.195.20/31; } destination-address { 213.174.199.112/29; } protocol udp; source-port ntp; destination-port 1023-65535; } then accept; } term six { from { destination-address { 213.174.199.112/29; } } then accept; } term seven { from { destination-address { 213.174.199.224/27; } } then accept; } term eight { from { destination-address { 213.174.198.128/27; } } then accept; } term nine { then { discard; } } } filter IDS-INCHCAPECOLO-TO-NET-ANTI-SPOOF { term one { from { tcp-established; } then { count tcp-established; accept; } } term two { from { source-address { 213.174.199.112/29; } destination-address { 224.0.0.0/24; } port 112; } then { count 112; accept; } } term three { from { source-address { 213.174.203.0/26; } destination-address { 213.174.203.0/26; } protocol udp; port [ snmp snmptrap ]; } then { count snmp-snmptrap; discard; } } term four { from { source-address { 213.174.203.0/26; } destination-address { 213.174.203.0/26; } protocol tcp; port [ 161 162 ]; } then { count 161-162; discard; } } term five { from { destination-address { 213.174.203.0/26; } protocol udp; port domain; } then { count domain; accept; } } term six { from { source-address { 213.174.203.0/26; } destination-address { 213.174.195.20/30; } protocol udp; source-port domain; destination-port 1023-65535; } then { count domain-to-1023-65535; accept; } } term seven { from { source-address { 213.174.203.0/26; } destination-address { 213.174.195.20/30; } protocol udp; port ntp; } then { count ntp; accept; } } term eight { from { source-address { 213.174.203.0/26; } destination-address { 213.174.195.20/30; } protocol udp; source-port ntp; destination-port 1023-65535; } then { count ntp-to-1023-65535; accept; } } term nine { from { source-address { 213.174.203.0/26; } destination-address { 224.0.0.0/24; } protocol udp; } then { count udp; accept; } } term ten { from { source-address { 213.174.203.0/26; } destination-address { 213.174.203.0/26; } } then { count ip; accept; } } term eleven { from { source-address { 213.174.203.0/26; } destination-address { 0.0.0.0/0; } } then { count ip-any; accept; } } term twelve { from { source-address { 0.0.0.0/0; } destination-address { 0.0.0.0/0; } } then { count discard; discard; } } } filter ACL109 { term one { from { tcp-established; } then { count tcp-established; accept; } } term two { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol esp; } then { count esp; accept; } } term three { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol ah; } then { count ah; accept; } } term four { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol udp; source-port 1531; destination-port 500; } then { count isakmp; accept; } } term five { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol udp; port 10001; } then { count 10001; accept; } } term six { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol gre; } then { count gre; accept; } } term seven { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol tcp; port 1723; } then { count 1723; accept; } } term eight { from { source-address { 0.0.0.0/0; } destination-address { 213.174.194.0/26; } protocol icmp; } then { count icmp; accept; } } term nine { from { source-address { 0.0.0.0/0; } destination-address { 0.0.0.0/0; } } then { count deny-all; discard; } } } filter NET-TO-IDS-INCHCAPECOLO-ANTI-SPOOF { term one { from { tcp-established; } then { count tcp-established; accept; } } term two { from { source-address { 213.174.195.20/30; } destination-address { 213.174.203.0/26; } protocol udp; port domain; } then { count domain; accept; } } term three { from { source-address { 213.174.195.20/30; } destination-address { 213.174.203.0/26; } protocol udp; source-port domain; destination-port 1023-65535; } then { count domain-to-1023-65535; accept; } } term four { from { source-address { 213.174.195.20/30; } destination-address { 213.174.203.0/26; } protocol udp; port ntp; } then { count ntp; accept; } } term five { from { source-address { 213.174.195.20/30; } destination-address { 213.174.203.0/26; } protocol udp; source-port ntp; destination-port 1023-65535; } then { count ntp-to-1023-65535; accept; } } term six { from { source-address { 0.0.0.0/0; } destination-address { 213.174.203.0/26; } } then { count ip-any; accept; } } term seven { from { source-address { 0.0.0.0/0; } destination-address { 0.0.0.0/0; } } then { count discard; discard; } } } filter IDS-INEXTCOLO-TO-NET-ANTI-SPOOF { term one { from { tcp-established; } then accept; } term two { from { source-address { 213.174.199.112/29; } destination-address { 224.0.0.0/24; } protocol 112; } then accept; } term three { from { source-address { 213.174.199.112/29; } destination-address { 213.174.199.112/29; } protocol udp; port [ snmp snmptrap ]; } then { discard; } } term four { from { source-address { 213.174.199.112/29; } destination-address { 213.174.199.112/29; } protocol tcp; port [ 161 162 ]; } then { discard; } } term five { from { source-address { 213.174.199.112/29; } destination-address { 213.174.195.20/30; } protocol udp; port domain; } then accept; } term six { from { source-address { 213.174.199.112/29; } destination-address { 213.174.195.20/30; } source-port domain; destination-port 1023-65535; } then accept; } term seven { from { source-address { 213.174.199.112/29; } destination-address { 213.174.195.20/31; } protocol udp; port ntp; } then accept; } term eight { from { source-address { 213.174.199.112/29; } destination-address { 213.174.195.20/31; } protocol udp; source-port ntp; destination-port 1023-65535; } then accept; } term nine { from { source-address { 213.174.199.112/29; } destination-address { 224.0.0.0/24; } protocol udp; } then accept; } term ten { from { source-address { 213.174.199.112/29; } destination-address { 213.174.199.112/29; } } then accept; } term eleven { from { source-address { 213.174.199.112/29; } } then accept; } term twelve { from { source-address { 213.174.199.224/27; } } then accept; } term thirteen { from { source-address { 213.174.198.128/27; } } then accept; } term fourteen { from { destination-address { 213.174.199.114/32; } protocol tcp; destination-port 445; } then { discard; } } term fifteen { then { discard; } } } filter uklond6_01_cntx04_egress { term udp { from { protocol udp; } then { count udp; accept; } } term icmp { from { protocol icmp; } then { count icmp; accept; } } term protocol_0 { from { protocol 0; } then { count protocol_0; accept; } } term protocol_255 { from { protocol 255; } then { count protocol_255; accept; } } term port_135 { from { protocol tcp; port 135; } then { count port_135; accept; } } term port_137 { from { protocol tcp; port 137; } then { count port_137; accept; } } term port_139 { from { protocol tcp; port 139; } then { count port_139; accept; } } term port_445 { from { protocol tcp; port 445; } then { count port_445; accept; } } term port_1433 { from { protocol tcp; port 1433; } then { count port_1433; accept; } } term port_1434 { from { protocol tcp; port 1434; } then { count port_1434; accept; } } term tcp_syn { from { tcp-initial; } then { count tcp-initial; accept; } } term everything_else { then { count the_rest; accept; } } } filter uklond6_01_cntx04_ingress { term udp { from { protocol udp; } then { count udp; accept; } } term icmp { from { protocol icmp; } then { count icmp; accept; } } term protocol_0 { from { protocol 0; } then { count protocol_0; accept; } } term protocol_255 { from { protocol 255; } then { count protocol_255; accept; } } term port_135 { from { protocol tcp; port 135; } then { count port_135; accept; } } term port_137 { from { protocol tcp; port 137; } then { count port_137; accept; } } term port_139 { from { protocol tcp; port 139; } then { count port_139; accept; } } term port_445 { from { protocol tcp; port 445; } then { count port_445; accept; } } term port_1433 { from { protocol tcp; port 1433; } then { count port_1433; accept; } } term port_1434 { from { protocol tcp; port 1434; } then { count port_1434; accept; } } term tcp_syn { from { tcp-initial; } then { count tcp-initial; accept; } } term everything_else { then { count the_rest; accept; } } } filter cflowd { term cflowd-sample { then { count cflowd-stat; sample; accept; } } } }