version 7.0R2.7; groups { re0 { system { host-name jr1.sea-re0; } } re1 { system { host-name jr1.sea-re1; } } interface-options { interfaces { <*> { unit <*> { family inet { filter { input cflow; } } } } } } } apply-groups [ re0 re1 interface-options ]; system { domain-name llnw.net; domain-search [ llnw.net. sea.llnw.net. . ]; time-zone America/Phoenix; default-address-selection; no-redirects; mirror-flash-on-disk; authentication-order [ radius password ]; location { country-code US; postal-code 98121; npa-nxx 206-448; lata 722; } root-authentication { encrypted-password "$1$Ae8yzVd4$DT0VItxNuv2eWXFXRNId60"; ## SECRET-DATA } name-server { 69.28.148.102; } radius-server { 208.48.140.13 { secret "$9$RpZSrvdVYgJGregJGDmPIEhcKMVb2oJD"; ## SECRET-DATA timeout 5; } } login { message "\njr1.sea Authorized Users Only\n\n"; class rancid { permissions [ field interface network routing snmp system view firewall ]; allow-commands ping; } user admin { uid 2000; class superuser; authentication { authentication { encrypted-password "$1$pHL6uzuv$2YevXezgJ3PUeNmlNbS2J0"; ## SECRET-DATA } } user remote { uid 2001; class superuser; } } services { ssh { root-login allow; } } syslog { archive size 5m files 5 world-readable; user * { any emergency; } host 208.48.140.16 { authorization any; cron any; daemon notice; kernel any; user any; firewall any; pfe any; conflict-log any; change-log notice; facility-override local4; } file messages { any notice; authorization info; daemon any; kernel any; archive size 1m files 5 no-world-readable; } file firewall-logs { firewall any; archive size 1m files 2 no-world-readable; } } ntp { boot-server 132.246.168.148; server 208.111.137.72; server 69.28.133.10; server 69.28.137.99; } } chassis { no-source-route; redundancy { routing-engine 0 master; routing-engine 1 backup; failover on-loss-of-keepalives; } alarm { management-ethernet { link-down ignore; } } } interfaces { ge-0/0/0 { description "TRKR swh1.sea A1"; disable; vlan-tagging; gigether-options { no-flow-control; } } ge-0/1/0 { description "TRKR a2.swh1.sea"; disable; vlan-tagging; gigether-options { no-flow-control; } unit 777 { description "TRKR ge3-1.fr3.sea2"; vlan-id 777; family inet { address 69.28.171.238/30; } family iso; } } ge-0/2/0 { description "TRKR b1.swh1.sea"; disable; vlan-tagging; gigether-options { no-flow-control; } unit 20 { description "BKUP BBGX SEA-SJC"; vlan-id 20; family inet { address 69.28.172.34/30; } family iso; } } ge-0/3/0 { description "TRKR b2.swh1.sea"; disable; vlan-tagging; gigether-options { no-flow-control; } } dsc { unit 0 { family inet { address 10.10.10.1/32 { destination 10.10.10.2; } } } } fxp1 { description "fxp1 router-internal communication"; unit 0 { description "fxp1.0 router-internal communication"; } } lo0 { unit 0 { family inet { filter { input router-input; } address 127.0.0.1/32; address 68.142.92.194/32 { preferred; } } family iso { address 49.0001.0681.4209.2194.00; } } } } forwarding-options { sampling { input { family inet { rate 20000; run-length 2; } } output { cflowd 68.142.99.10 { port 8777; version 5; autonomous-system-type origin; } inactive: cflowd 69.28.128.140 { port 9997; version 8; autonomous-system-type peer; aggregation { source-destination-prefix; } } } } hash-key { family inet { layer-3; layer-4; } } } snmp { community lime4pub { authorization read-only; clients { 208.48.140.0/25; 69.28.128.140/32; 69.28.148.103/32; 68.142.99.38/32; 68.142.99.39/32; 208.111.137.117/32; } } } routing-options { interface-routes { rib-group inet if-rib; } static { /* Necessary for BGP default route origination */ route 0.0.0.0/0 discard; /* LON route hack */ inactive: route 68.142.84.0/22 next-hop 67.17.159.65; inactive: route 69.28.128.0/18 { discard; metric 15; community 22822:5013; } inactive: route 68.142.64.0/18 { discard; metric 15; community 22822:5013; } /* LLNW customers on GBLX sourced /24 */ route 69.28.190.0/23 next-hop 67.17.159.65; /* LLNW customers on GBLX sourced /24 */ route 69.28.189.0/24 next-hop 67.17.159.65; /* LLNW customers on GBLX sourced /24 */ route 68.142.75.0/24 next-hop 67.17.159.65; route 68.142.100.0/22 next-hop 67.17.159.65; /* Valve moved to fr3.sea2 */ inactive: route 68.142.92.64/28 next-hop 68.142.92.34; inactive: route 68.142.92.0/23 { discard; metric 15; community 22822:6013; } inactive: route 68.142.94.0/24 { discard; metric 15; community 22822:6013; } } rib-groups { pim-rib { export-rib inet.2; import-rib inet.2; } if-rib { import-rib [ inet.0 inet.2 ]; } } route-record; autonomous-system 22822; forwarding-table { export load-balancing-policy; } } protocols { bgp { advertise-inactive; log-updown; inactive: group CUST { type external; local-preference 200; import reject-all; family inet { unicast { prefix-limit { maximum 500; teardown idle-timeout 60; } } } export reject-all; remove-private; inactive: neighbor 68.142.92.202 { description "CUST: swift ventures"; import [ deny-rfc1918 set-customer-comm CUST:AS25700 ]; family inet { unicast; multicast; } /* MD5 Key: g5U8i9er4tcF */ authentication-key "$9$XKR-VYJGD.fQkq39Au1IylKW7V24aDHm8XbY"; ## SECRET-DATA /* regular is swift-add-pref. swift-temp is temp fix for sjc problems 12/13 */ export swift-add-pref; peer-as 25700; } inactive: neighbor 68.142.92.206 { description "CUST: swift ventures"; import [ deny-rfc1918 set-customer-comm CUST:AS25700 ]; family inet { unicast; multicast; } /* MD5 Key: g5U8i9er4tcF */ authentication-key "$9$gAJGiP5Q/Aun6BEcrvM7-VsoGHqmQ39YgUi"; ## SECRET-DATA /* regular is swift-add-pref. swift-temp is temp fix for sjc problems 12/13 */ export swift-add-pref; peer-as 25700; } } group RS { type internal; multihop; local-address 68.142.92.194; advertise-inactive; log-updown; import reject-all; family inet { unicast; multicast; } export transit-all; remove-private; peer-as 22822; neighbor 69.28.128.218; } group BACKBONE { type internal; local-address 68.142.92.194; log-updown; import ibgp-set-localpref; family inet { unicast; multicast; } export [ local-bgp transit-all ]; peer-as 22822; neighbor 69.28.139.222; neighbor 69.28.156.233; neighbor 68.142.72.222; neighbor 69.28.148.234; neighbor 69.28.144.250; neighbor 69.28.152.250; neighbor 69.28.128.221; neighbor 69.28.128.222; neighbor 68.142.120.250; neighbor 69.28.156.234; neighbor 69.28.152.249; neighbor 68.142.88.222; neighbor 68.142.88.221; neighbor 68.142.84.233; neighbor 68.142.84.234; neighbor 68.142.72.223; neighbor 68.142.120.249; neighbor 69.28.139.221; neighbor 69.28.128.223; neighbor 69.28.139.193; neighbor 203.77.184.222; neighbor 68.142.100.222; neighbor 68.142.100.223; neighbor 68.142.119.222; neighbor 68.142.119.223; neighbor 69.28.148.193; neighbor 69.28.139.194; neighbor 69.28.171.1; neighbor 69.28.171.2; neighbor 69.28.171.3; neighbor 69.28.171.4; neighbor 69.28.171.5; neighbor 69.28.171.7; neighbor 69.28.171.8; neighbor 69.28.171.9; neighbor 69.28.171.6; neighbor 69.28.171.11; neighbor 203.77.188.129; neighbor 69.28.171.15; } group NULLRS { type internal; neighbor 208.48.140.7 { description "INTERNAL: Null route server"; local-address 68.142.92.194; log-updown; import null-import; export reject-all; peer-as 22822; } } group BACKBONE-INTRA { type internal; local-address 68.142.92.194; log-updown; family inet { unicast; } export [ local-bgp transit-all ]; peer-as 22822; neighbor 69.28.171.12; } } isis { traceoptions { file isis; flag error; } export isis-export; no-authentication-check; no-ipv6-routing; multicast-topology; ## Warning: 'multicast-topology' is deprecated level 1 disable; level 2 wide-metrics-only; /* jr1.sea to fr3.sea2 */ interface ge-0/1/0.777 { level 1 disable; level 2 metric 40; } /* SEA-SJC backup only GE over wrm1.sea */ interface ge-0/2/0.20 { level 1 disable; level 2 metric 999; } interface lo0.0; } pim { rib-group inet pim-rib; rp { static { address 69.28.144.234; } } interface all { mode sparse; } } } policy-options { prefix-list admin-nets { 68.15.185.160/27; 69.28.128.0/25; 69.28.188.0/24; 199.1.1.0/24; 208.48.140.0/25; 208.48.141.224/27; } prefix-list snmp-hosts { 68.142.99.38/32; 68.142.99.39/32; 69.28.128.0/24; 69.28.148.103/32; 208.48.140.0/25; 208.111.137.117/32; } prefix-list local-interfaces { 68.142.92.0/28; 68.142.92.194/32; 69.28.191.64/26; } prefix-list bgp-peers { 12.127.70.32/30; 63.216.14.64/30; 67.17.159.64/30; 157.130.190.136/30; 198.32.180.0/24; } prefix-list bgp-customers { 68.142.92.192/26; } prefix-list bgp-internal { 68.142.72.222/32; 68.142.72.223/32; 68.142.84.233/32; 68.142.92.194/32; 68.142.96.248/29; 68.142.99.0/24; 68.142.100.222/32; 68.142.100.223/32; 68.142.119.222/32; 68.142.119.223/32; 68.142.120.249/32; 68.142.120.250/32; 69.28.128.36/32; 69.28.128.218/32; 69.28.128.220/32; 69.28.128.222/32; 69.28.128.223/32; 69.28.139.193/32; 69.28.139.194/32; 69.28.139.221/32; 69.28.139.222/32; 69.28.144.233/32; 69.28.144.250/32; 69.28.148.233/32; 69.28.148.234/32; 69.28.148.236/32; 69.28.152.233/32; 69.28.152.250/32; 69.28.156.233/32; 69.28.156.234/32; 69.28.171.0/24; 69.28.173.99/32; 203.77.184.222/32; 208.48.140.7/32; } prefix-list icmp-nets { 68.15.185.160/27; 69.28.128.0/25; 69.28.128.128/27; 69.28.136.99/32; 69.28.136.103/32; 69.28.144.99/32; 69.28.144.103/32; 69.28.148.99/32; 69.28.148.103/32; 69.28.152.99/32; 69.28.152.103/32; 69.28.156.99/32; 69.28.156.103/32; 69.28.172.0/24; 69.28.188.0/24; 199.1.1.0/24; 208.48.140.0/24; 208.48.141.224/27; } prefix-list vendor-nets { /* whiterock */ 65.192.92.128/26; } prefix-list tftp-servers { 69.28.128.16/32; 69.28.144.103/32; 69.58.152.103/32; } policy-statement static { term static { from { protocol [ static direct ]; route-filter 69.28.191.64/26 exact; route-filter 69.28.151.0/24 exact; route-filter 69.28.176.0/22 exact; route-filter 69.28.148.0/22 exact; } then { community set local-static; accept; } } then { next policy; reject; } } policy-statement bgp-default-route { term accept { from { route-filter 0.0.0.0/0 exact; } then accept; } then reject; } policy-statement reject-all { then reject; } policy-statement CUST:AS25700 { term accept { from { route-filter 38.116.0.0/23 upto /27; route-filter 64.40.36.0/24 upto /27; route-filter 64.246.160.0/21 upto /27; route-filter 64.246.168.0/24 upto /27; route-filter 64.246.169.0/24 upto /27; route-filter 64.246.170.0/24 upto /27; route-filter 64.246.171.0/24 upto /27; route-filter 64.246.172.0/24 upto /27; route-filter 64.246.173.0/24 upto /27; route-filter 64.246.176.0/24 upto /27; route-filter 64.246.177.0/24 upto /27; route-filter 64.246.178.0/24 upto /27; route-filter 64.246.179.0/24 upto /27; route-filter 66.45.219.0/24 upto /27; route-filter 66.228.192.0/24 upto /27; route-filter 66.228.193.0/24 upto /27; route-filter 66.228.194.0/24 upto /27; route-filter 66.228.199.0/24 upto /27; route-filter 66.228.203.0/24 upto /27; route-filter 66.228.205.0/24 upto /27; route-filter 66.228.206.0/24 upto /27; route-filter 66.228.208.0/24 upto /27; route-filter 66.228.211.0/24 upto /27; route-filter 66.228.212.0/24 upto /27; route-filter 66.228.213.0/24 upto /27; route-filter 66.228.214.0/24 upto /27; route-filter 66.228.215.0/24 upto /27; route-filter 69.28.244.0/22 upto /27; route-filter 69.90.112.0/22 upto /27; route-filter 192.147.164.0/24 upto /27; route-filter 192.147.172.0/23 upto /27; route-filter 199.254.229.0/24 upto /27; route-filter 204.17.223.0/24 upto /27; route-filter 204.174.34.0/24 upto /27; route-filter 204.238.107.0/24 upto /27; route-filter 207.229.64.0/18 upto /27; route-filter 207.229.71.0/24 upto /27; route-filter 207.229.72.0/24 upto /27; route-filter 207.229.73.0/24 upto /27; route-filter 207.229.74.0/24 upto /27; route-filter 207.229.103.0/24 upto /27; route-filter 208.192.40.0/24 upto /27; route-filter 208.192.41.0/24 upto /27; route-filter 208.192.42.0/24 upto /27; route-filter 208.192.43.0/24 upto /27; route-filter 208.192.46.0/24 upto /27; route-filter 209.16.128.0/18 upto /27; route-filter 209.16.149.0/24 upto /27; route-filter 209.162.128.0/19 upto /27; route-filter 216.145.0.0/19 upto /27; route-filter 216.176.176.0/20 upto /27; route-filter 216.228.64.0/21 upto /27; route-filter 66.228.216.0/21 upto /27; route-filter 66.228.210.0/24 upto /27; route-filter 66.228.204.0/22 upto /27; route-filter 66.228.202.0/24 upto /27; route-filter 66.228.208.0/20 upto /27; route-filter 64.246.174.0/32 upto /27; route-filter 66.228.209.0/24 upto /27; route-filter 66.228.192.0/19 upto /27; route-filter 66.249.24.0/21 upto /27; route-filter 64.246.160.0/20 upto /27; route-filter 64.246.176.0/22 upto /27; route-filter 64.246.180.0/23 upto /27; route-filter 208.192.40.0/21 upto /27; route-filter 66.249.16.0/23 upto /24; route-filter 64.246.182.0/24 upto /27; route-filter 64.246.183.0/24 upto /27; route-filter 64.246.184.0/24 upto /27; route-filter 64.246.185.0/24 upto /27; route-filter 64.246.186.0/24 upto /27; route-filter 204.8.32.0/22 upto /24; route-filter 216.127.33.0/24 upto /27; route-filter 66.152.64.0/19 upto /27; route-filter 64.246.187.0/24 upto /27; route-filter 64.246.188.0/24 upto /27; route-filter 209.59.220.0/22 upto /27; route-filter 209.59.216.0/22 upto /27; route-filter 209.59.218.0/23 upto /27; route-filter 209.59.214.0/23 upto /27; route-filter 209.59.222.0/23 upto /27; route-filter 209.59.192.0/18 upto /27; route-filter 64.246.189.0/24 upto /27; route-filter 64.246.190.0/24 upto /27; route-filter 64.246.191.0/24 upto /27; route-filter 206.41.112.0/20 upto /27; route-filter 207.14.112.0/20 upto /27; route-filter 66.228.222.0/24 upto /27; route-filter 204.13.164.0/22 upto /27; route-filter 204.14.120.0/22 upto /27; route-filter 209.59.194.0/24 upto /27; route-filter 209.59.195.0/24 upto /27; route-filter 209.59.206.0/24 upto /27; route-filter 72.21.128.0/20 upto /24; route-filter 72.21.64.0/20 upto /24; route-filter 216.18.224.0/20 upto /27; route-filter 204.15.224.0/21 upto /27; route-filter 192.147.172.0/24 upto /27; route-filter 192.147.173.0/24 upto /27; route-filter 192.34.239.0/24 upto /27; route-filter 199.89.174.0/23 upto /27; route-filter 204.57.191.0/24 upto /27; route-filter 204.57.192.0/24 upto /27; route-filter 206.126.16.0/20 upto /27; route-filter 206.126.21.0/24 upto /27; route-filter 206.63.201.0/24 upto /27; route-filter 206.63.202.0/24 upto /27; route-filter 209.213.0.0/20 upto /27; route-filter 209.213.0.0/24 upto /27; route-filter 209.213.2.0/23 upto /27; route-filter 209.213.5.0/24 upto /27; route-filter 209.213.6.0/23 upto /27; route-filter 209.213.8.0/21 upto /27; route-filter 216.186.100.0/22 upto /27; route-filter 216.215.53.0/24 upto /27; route-filter 63.174.180.0/24 upto /27; route-filter 64.146.245.0/24 upto /27; route-filter 64.185.120.0/21 upto /27; route-filter 64.185.96.0/19 upto /27; route-filter 66.29.152.0/24 upto /27; route-filter 66.29.153.0/24 upto /27; route-filter 66.62.142.0/23 upto /27; route-filter 66.62.164.0/23 upto /27; route-filter 66.97.64.0/19 upto /27; route-filter 66.97.64.0/24 upto /27; route-filter 66.97.66.0/24 upto /27; route-filter 67.130.92.0/24 upto /27; route-filter 72.10.0.0/20 upto /27; route-filter 72.10.2.0/24 upto /27; route-filter 72.10.3.0/24 upto /27; route-filter 72.10.4.0/24 upto /27; route-filter 199.79.200.0/24 upto /27; route-filter 203.27.111.0/24 upto /27; route-filter 207.229.75.0/24 upto /27; route-filter 72.10.0.0/19 upto /27; route-filter 204.57.142.0/24 upto /27; route-filter 206.253.218.0/24 upto /27; route-filter 206.253.219.0/24 upto /27; route-filter 206.191.172.0/24 upto /27; route-filter 207.244.144.0/20 upto /27; route-filter 209.90.224.0/20 upto /27; route-filter 208.64.240.0/21 upto /27; route-filter 207.14.34.0/24 upto /27; route-filter 208.99.192.0/19 upto /24; } then accept; } then reject; } policy-statement set-customer-comm { then { local-preference 500; community add local-customer; next policy; } } policy-statement deny-rfc1918 { term rfc1918 { from { route-filter 10.0.0.0/8 orlonger; route-filter 172.16.0.0/12 orlonger; route-filter 192.168.0.0/16 orlonger; } then reject; } term bogons { from { route-filter 0.0.0.0/0 exact; route-filter 127.0.0.0/8 orlonger; route-filter 206.223.115.0/24 orlonger; route-filter 206.223.116.0/23 orlonger; route-filter 206.223.119.0/24 orlonger; route-filter 198.32.0.0/16 orlonger; route-filter 195.66.224.0/24 orlonger; route-filter 193.203.5.0/24 orlonger; route-filter 195.69.144.0/22 orlonger; route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then reject; } then next policy; } policy-statement set-gblx-comm { then { metric 0; community add local-gblx; next policy; reject; } } policy-statement transit-all { term accept { from { protocol [ static bgp ]; community transit-all; } then accept; } term samepop-only { from community transit-customers-samepop-only; then accept; } then reject; } policy-statement transit-customers { term accept { from { protocol [ static bgp ]; community transit-customers; } then accept; } term samepop-only { from community transit-customers-samepop-only; then accept; } term no-export-us-peers { from { protocol bgp; community no-export-us-peers; } then reject; } term gblx-only { from community gblx-only; then reject; } then reject; } policy-statement load-balancing-policy { then { load-balance per-packet; } } policy-statement set-aol-comm { then { community set local-aol; next policy; reject; } } policy-statement deny-internal { from { route-filter 69.28.128.0/18 orlonger; route-filter 68.142.64.0/19 orlonger; route-filter 0.0.0.0/0 exact; } then { next policy; reject; } } policy-statement att-prefer { term accept { from { protocol bgp; as-path ATDN; } then { local-preference add 50; accept; } } then next policy; } policy-statement atdn-prepend { term anycast { from { route-filter 69.28.143.0/24 exact; } then as-path-prepend 22822; } then next policy; } policy-statement denylongerthan24 { term denylonger { from { route-filter 0.0.0.0/0 prefix-length-range /25-/32; } then reject; } then next policy; } policy-statement isis-export { term direct { from protocol direct; then accept; } term static-tagged { from tag 1515; then accept; } } policy-statement set-btn-comm { then { metric 0; community add local-btn; next policy; reject; } } policy-statement btn-pref { term pref-btncust { from { protocol bgp; community btn-customers; } then { local-preference 300; accept; } } inactive: term pref { from { protocol bgp; as-path QWEST; } then { local-preference 300; accept; } } inactive: term depref-all-rest { from { protocol bgp; as-path [ ATDN BTN-UU-kludge UUNET UUNET702 QWEST VERIO BELLSOUTH ]; } then { local-preference 47; accept; } } then next policy; } policy-statement btn-prepend { term alltraffic { then as-path-prepend 22822; } then next policy; } policy-statement set-att-comm { then { metric 0; community add local-att; next policy; reject; } } policy-statement att-pref { term pref { from { protocol bgp; as-path [ ATT-7015 ATT-7725 LEVEL3 QWEST ]; } then { local-preference add 50; accept; } } then next policy; } policy-statement set-mci-comm { then { community add local-mci; next policy; reject; } } policy-statement mci-pref { term pref { from { protocol bgp; as-path [ SPRINT SPRINTDIAL QWEST ]; } then { local-preference add 50; accept; } } term depref { from { protocol bgp; as-path NONE; } then { local-preference subtract 50; accept; } } then next policy; } policy-statement atdn-depref { term depref { from { protocol bgp; as-path DEMON; } then { local-preference subtract 50; accept; } } term pref { from { protocol bgp; as-path NONE; } then { local-preference add 50; accept; } } then next policy; } policy-statement gblx-pref { term pref { from { protocol bgp; as-path DEMON; } then { local-preference add 50; accept; } } /* interferes with routing decisions in other pops */ inactive: term override-peer { from { protocol bgp; as-path AS-BSO; } then { local-preference 330; accept; } } then next policy; } policy-statement null-import { term blackhole { from community blackhole; then { next-hop 10.10.10.2; accept; } } then reject; } policy-statement ibgp-set-localpref { term accept-internal { from { protocol bgp; community ibgp-internal-50xx; } then accept; } term accept-peers { from { protocol bgp; community ibgp-peer-1xxx; } then accept; } term accept-cust { from { protocol bgp; community ibgp-cust-4xxx; } then accept; } term accept-cust-samepop { from { protocol bgp; community ibgp-cust-samepop-6xxx; } then accept; } inactive: term temp-reject-east-coast-peers { from { protocol bgp; community [ ibgp-peer-lon-1x6x ibgp-peer-lga-1x3x ]; local-preference 40; } then accept; } then reject; } policy-statement mci-set-blackhole-comm { term llnwblackhole { from { protocol bgp; community blackhole; } then { community set mci-blackhole; accept; } } then next policy; } policy-statement prepend-once { then { as-path-prepend 22822; next policy; } } policy-statement prepend-twice { then { as-path-prepend "22822 22822"; next policy; } } policy-statement transit-customers-regionpref { term sameregion { from community transit-customers-thisregion; then accept; } term otherregion { from community transit-customers; then { as-path-prepend 22822; accept; } } then reject; } policy-statement set-sixpeering-comm { then { metric 0; local-preference 320; community set local-sixpeering; } } policy-statement export-mci-customers { term prepend0 { from { protocol [ bgp static ]; community mci-prepend0; } then reject; } term prepend1 { from { protocol [ bgp static ]; community mci-prepend1; } then { community delete mci-prepend1; as-path-prepend 22822; next term; } } term prepend2 { from { protocol [ bgp static ]; community mci-prepend2; } then { community delete mci-prepend2; as-path-prepend "22822 22822"; next term; } } term prepend3 { from { protocol [ bgp static ]; community mci-prepend3; } then { community delete mci-prepend3; as-path-prepend "22822 22822 22822"; next term; } } term prepend9 { from { protocol [ bgp static ]; community mci-prepend9; } then { community delete mci-prepend9; community add no-export; next term; } } term accept-cust { from community transit-customers; then accept; } term accept-samepop-only { from community transit-customers-samepop-only; then accept; } then reject; } policy-statement export-att-customers { term prepend0 { from { protocol [ bgp static ]; community att-prepend0; } then reject; } term prepend1 { from { protocol [ bgp static ]; community att-prepend1; } then { community delete att-prepend1; as-path-prepend 22822; next term; } } term prepend2 { from { protocol [ bgp static ]; community att-prepend2; } then { community delete att-prepend2; as-path-prepend "22822 22822"; next term; } } term prepend3 { from { protocol [ bgp static ]; community att-prepend3; } then { community delete att-prepend3; as-path-prepend "22822 22822 22822"; next term; } } term prepend9 { from { protocol [ bgp static ]; community att-prepend9; } then { community delete att-prepend9; community add no-export; next term; } } term accept-cust { from community transit-customers; then accept; } term accept-samepop-only { from community transit-customers-samepop-only; then accept; } term gblx-only { from community gblx-only; then reject; } then reject; } policy-statement export-gblx-customers { term prepend0 { from { protocol [ bgp static ]; community gblx-prepend0; } then reject; } term prepend1 { from { protocol [ bgp static ]; community gblx-prepend1; } then { community delete gblx-prepend1; as-path-prepend 22822; next term; } } term prepend2 { from { protocol [ bgp static ]; community gblx-prepend2; } then { community delete gblx-prepend2; as-path-prepend "22822 22822"; next term; } } term prepend3 { from { protocol [ bgp static ]; community gblx-prepend3; } then { community delete gblx-prepend3; as-path-prepend "22822 22822 22822"; next term; } } term prepend9 { from { protocol [ bgp static ]; community gblx-prepend9; } then { community delete gblx-prepend9; community add 3549:666; community add no-export; accept; } } term accept-cust { from community transit-customers; then accept; } term accept-samepop-only { from community transit-customers-samepop-only; then accept; } term cenic-3549 { from community cenic-3549; then { community delete cenic-3549; accept; } } term cenic-7018 { from community cenic-7018; then { community delete cenic-7018; accept; } } then reject; } policy-statement export-btn-customers { term prepend0 { from { protocol [ bgp static ]; community btn-prepend0; } then reject; } term prepend1 { from { protocol [ bgp static ]; community btn-prepend1; } then { community delete btn-prepend1; as-path-prepend 22822; next term; } } term prepend2 { from { protocol [ bgp static ]; community btn-prepend2; } then { community delete btn-prepend2; as-path-prepend "22822 22822"; next term; } } term prepend3 { from { protocol [ bgp static ]; community btn-prepend3; } then { community delete btn-prepend3; as-path-prepend "22822 22822 22822"; next term; } } term prepend9 { from { protocol [ bgp static ]; community btn-prepend9; } then { community delete btn-prepend9; community add no-export; next term; } } term accept-cust { from community transit-customers; then accept; } term accept-samepop-only { from community transit-customers-samepop-only; then accept; } then reject; } policy-statement export-twtelecom-customers { term prepend0 { from { protocol [ bgp static ]; community twtelecom-prepend0; } then reject; } term prepend1 { from { protocol [ bgp static ]; community twtelecom-prepend1; } then { community delete twtelecom-prepend1; as-path-prepend 22822; next term; } } term prepend2 { from { protocol [ bgp static ]; community twtelecom-prepend2; } then { community delete twtelecom-prepend2; as-path-prepend "22822 22822"; next term; } } term prepend3 { from { protocol [ bgp static ]; community twtelecom-prepend3; } then { community delete twtelecom-prepend3; as-path-prepend "22822 22822 22822"; next term; } } term prepend9 { from { protocol [ bgp static ]; community twtelecom-prepend9; } then { community delete twtelecom-prepend9; community add no-export; next term; } } term accept-cust { from community transit-customers; then accept; } term accept-samepop-only { from community transit-customers-samepop-only; then accept; } then reject; } policy-statement swift-add-pref { term llnw-internal { from community transit-customers; then { community add swift-pref; accept; } } term peers-west { from community swift-peers-west; then { community add swift-pref; accept; } } term pref { from { protocol bgp; as-path [ UUNET-701-ONLY UUNET-701702 WV BTN ATT-EXACT ATT-ONEASN ]; } then { community set swift-pref; accept; } } term accept-transit-all { from community transit-all; then accept; } then reject; } policy-statement swift-temp { term local { from { protocol bgp; as-path [ GBLX BTN ATT ]; } then { community set swift-pref; accept; } } term six { from { protocol bgp; community local-sixpeering; } then { community set swift-pref; accept; } } inactive: term internal { from { protocol bgp; community transit-customers; } then { community set swift-pref; accept; } } term default { then reject; } then reject; } policy-statement local-bgp { term local { from { protocol [ bgp static ]; community local-bgp; } then accept; } then next policy; } policy-statement isolate-sea-peering { term block-peer-routes { from { protocol bgp; community ibgp-peer-1xxx; } then reject; } then next policy; } policy-statement PEER:AS12222 { term accept { from { route-filter 65.19.187.0/24 exact; route-filter 80.67.74.0/24 exact; route-filter 216.218.251.0/24 exact; route-filter 67.29.168.0/24 exact; route-filter 80.67.72.0/24 exact; route-filter 166.90.150.0/24 exact; route-filter 193.108.95.0/24 exact; route-filter 206.61.136.0/23 exact; route-filter 64.124.118.0/23 upto /24; route-filter 64.124.187.0/24 exact; route-filter 207.126.107.0/24 exact; route-filter 209.249.114.0/24 exact; route-filter 209.249.115.0/24 exact; } then accept; } then reject; } policy-statement set-sixpeering-comm-acceptmeds { then { local-preference 320; community add local-sixpeering; } } community 3549:666 members 3549:666; community att-prepend0 members 22822:9030; community att-prepend1 members 22822:9031; community att-prepend2 members 22822:9032; community att-prepend3 members 22822:9033; community att-prepend9 members 22822:9039; community blackhole members 22822:666; community btn-customers members "3491:[12]00$"; community btn-prepend0 members 22822:9110; community btn-prepend1 members 22822:9111; community btn-prepend2 members 22822:9112; community btn-prepend3 members 22822:9113; community btn-prepend9 members 22822:9119; community cenic-3549 members 2512:3549; community cenic-7018 members 2512:7018; community gblx-only members 22822:9991; community gblx-prepend0 members 22822:9010; community gblx-prepend1 members 22822:9011; community gblx-prepend2 members 22822:9012; community gblx-prepend3 members 22822:9013; community gblx-prepend9 members 22822:9019; community ibgp-cust-4xxx members 22822:4...; community ibgp-cust-samepop-6xxx members 22822:6...; community ibgp-internal-50xx members 22822:50..; community ibgp-peer-1xxx members 22822:1...; community ibgp-peer-lga-1x3x members 22822:1.30; community ibgp-peer-lon-1x6x members 22822:1.6.; community local-aol members 22822:2313; community local-att members 22822:2113; community local-bgp members 22822:66..; community local-btn members 22822:3413; community local-customer members 22822:4013; community local-customer-samepop-only members 22822:6013; community local-gblx members 22822:2013; community local-mci members 22822:2213; community local-sixpeering members 22822:1013; community local-static members 22822:5013; community mci-blackhole members 701:9999; community mci-prepend0 members 22822:9020; community mci-prepend1 members 22822:9021; community mci-prepend2 members 22822:9022; community mci-prepend3 members 22822:9023; community mci-prepend9 members 22822:9029; community no-export members no-export; community no-export-us-peers members 22822:9701; community swift-depref members 22822:9997; community swift-peers-west members 22822:1...; community swift-pref members 22822:9998; community transit-all members "22822:[12345]..."; community transit-customers members "22822:[45]..."; community transit-customers-samepop-only members 22822:6013; community transit-customers-thisregion members "22822:[45].1."; community twtelecom-prepend0 members 22822:9180; community twtelecom-prepend1 members 22822:9181; community twtelecom-prepend2 members 22822:9182; community twtelecom-prepend3 members 22822:9183; community twtelecom-prepend9 members 22822:9189; as-path ATT ".* 7018 .*"; as-path LEVEL3 ".* 3356 .*"; as-path CW ".* 3561 .*"; as-path DEMON ".* (5417|2529) .*"; as-path QWEST ".* 209 .*"; as-path BBN ".* 1 .*"; as-path VERIO ".* 2914 .*"; as-path VER-AVE ".* 22385"; as-path PSINET ".* 174 .*"; as-path ATDN ".* 1668 .*"; as-path SPRINT ".* 1239 .*"; as-path UUNET ".* 701 .*"; as-path SPRINTDIAL ".* 4999 .*"; as-path EARTHLINK ".* 3703 .*"; as-path GLOBIX ".* 4513 .*"; as-path ALL .*; as-path NONE "^$"; as-path UUNET-ATTGNS ".* 701 6389 .*"; as-path WCG ".* 7911 .*"; as-path UUNET702 ".* 702 .*"; as-path CHINANET ".* 4134 .*"; as-path MIXNET ".* 5006 .*"; as-path BESTBUY ".* 11596 .*"; as-path BTN-UU701 "3491 701"; as-path BTN-UU-longaspath "3491 701 (.) .*"; as-path BTN-UU-kludge "3491 701 (8000-40000) .*"; as-path GBLX ".* 3549 .*"; as-path BTN ".* 3491 .*"; as-path UUNET-EXACT "^701$"; as-path SERVICECO ".* (11426|10796|13343) .*"; as-path ROADRUNNER ".* 11427 .*"; as-path XCOM ".* 10753 .*"; as-path OPTUS ".* 7474 .*"; as-path IS ".* 3741 .*"; as-path MIX ".* 5006 .*"; as-path CERNET ".* 4265 .*"; as-path ATT-EXACT "^7018$"; as-path ATT-DATA ".* 2383 .*"; as-path ATT-6478 ".* 6478 .*"; as-path CHARTER ".* (20115|19444) .*"; as-path COX ".* 19108 .*"; as-path COMCAST ".* (22909|7015|7757) .*"; as-path OPENTRANSIT ".* 5511 .*"; as-path TELIA ".* 1299 .*"; as-path AP-REACH ".* 4637 .*"; as-path BELLSOUTH ".* 5002|13546|6389|619[78] .*"; as-path DACOM ".* 3786 .*"; as-path ABOVENET ".* 6461 .*"; as-path XO ".* 2828 .*"; as-path SBC ".* 7132 .*"; as-path UUNET-701702 "^701 702 .*"; as-path UUNET-701-ONLY "^701$"; as-path WV ".* 19151 .*"; as-path ATT-ONEASN "^7018 (1-65000)$"; as-path ATT-7015 ".* 7015 .*"; as-path ATT-7725 ".* 7725 .*"; as-path AS-BSO ".* 6386 .*"; } firewall { policer 2meg { if-exceeding { bandwidth-limit 2m; burst-size-limit 10k; } then discard; } policer router-default { if-exceeding { bandwidth-limit 50k; burst-size-limit 5k; } then discard; } policer traceroute { if-exceeding { bandwidth-limit 35k; burst-size-limit 2k; } then discard; } filter cflow { term all { then { count count1; sample; accept; } } } filter log-rpf-failures { term default { then { count rpf-failures; log; reject; } } } filter router-input { term ntp { from { protocol [ tcp udp ]; port ntp; } then accept; } term illegal-proto { from { protocol [ 0 134-255 ]; } then { count illegal-proto; discard; } } term udp { from { protocol udp; destination-port 80; } then { count udp-80; discard; } } term tcp { from { protocol tcp; destination-port 80; } then { count tcp-80; discard; } } term ssh { from { source-address { 69.28.128.0/25; 208.48.140.0/24; 199.1.1.0/24; 206.165.137.0/27; 69.28.188.0/24; 68.15.185.160/27; 68.230.81.44/32; } protocol tcp; destination-port [ 22 23 ]; } then accept; } term reject-ssh { from { protocol tcp; destination-port 22; } then { count reject-ssh; reject; } } term snmp { from { source-address { 69.28.148.103/32; 69.28.128.0/25; 208.48.140.0/24; 69.28.128.128/25; 68.142.96.248/29; 68.142.99.0/24; 208.111.137.117/32; } protocol udp; destination-port snmp; } then accept; } term reject-snmp { from { protocol udp; destination-port snmp; } then { count reject-snmp; discard; } } term nolimit-icmp { from { source-prefix-list { icmp-nets; } protocol icmp; } then { count router-icmpnolimit; accept; } } term limit-icmp { from { protocol icmp; } then { policer 2meg; count router-icmp; accept; } } term bgp { from { prefix-list { bgp-customers; bgp-peers; bgp-internal; } protocol tcp; port 179; } then accept; } term bgp-reject { from { protocol tcp; destination-port 179; } then { count bgp-reject; discard; } } term dns-radius { from { address { 208.48.140.0/24; 206.165.6.12/32; 69.28.148.102/32; } } then accept; } term special-proto { from { protocol [ igmp pim gre ]; } then { count router-special; accept; } } term high-tcp { from { protocol tcp; destination-port 1025-65534; } then { count router-high-tcp; discard; } } term traceroute { from { protocol udp; destination-port 33434-33475; } then { policer traceroute; count traceroute; accept; } } term high-udp { from { protocol udp; destination-port 4854-65534; } then { count router-high-udp; discard; } } term udp-frag { from { is-fragment; protocol udp; } then { count udp-frag; discard; } } term all { then { policer router-default; count router-all; discard; } } term bgp-in { from { source-address { 69.28.148.193/32; } } } term bgp-out { from { source-address { 69.28.148.193/32; } } } } filter admin-networks { term internal { from { source-prefix-list { admin-nets; local-interfaces; vendor-nets; } } then accept; } term snmp { from { source-prefix-list { snmp-hosts; } protocol udp; destination-port snmp; } then accept; } term ntp { from { protocol [ tcp udp ]; port ntp; } then accept; } term tftp { from { source-prefix-list { tftp-servers; } protocol udp; } then accept; } term icmp { from { protocol icmp; } then accept; } term default { then { discard; } } } filter log-all { term all { then { log; accept; } } } filter swift-temp { term 64.246.168.50 { from { destination-address { 64.246.168.50/32; } protocol tcp; destination-port 337; } then { count swift-337; discard; } } term default { then accept; } } filter swift-udp { term scan-block { from { destination-address { 204.15.225.38/32; } protocol udp; destination-port 6667; } then { discard; } } term ip-filter { from { source-address { 69.72.230.162/32; 216.16.246.33/32; } } then { discard; } } term ICMP-UDP { from { destination-address { 208.99.210.20/30; } protocol [ icmp udp ]; } then { discard; } } term default { then accept; } } }