[edit] root@Site1_R01# show | no-more ## Last changed: 2011-05-02 11:00:14 UTC version 8.5R1.14; groups { internal; } system { host-name Site1_R01; root-authentication { encrypted-password Xyy2q7G6RhrHM; ## SECRET-DATA } login { user admin { uid 2002; class super-user; authentication { encrypted-password "$1$MlQ.wR28$DWkAIZv/Le19.PqzfRusd0"; ## SECRET-DATA } } } services { ftp; ssh; web-management { http { interface em0.0; } } } syslog { user * { any emergency; } } } interfaces { em0 { unit 0 { family inet { address 10.6.1.1/24; } } } em1 { unit 0 { family inet { address 10.6.2.1/24; } } } em2 { unit 0 { family inet { address 2.2.0.1/24; } } } em3 { unit 0 { family inet { address 3.3.0.1/24; } } } em4 { unit 0 { family inet { address 4.4.0.1/24; } } } em5 { unit 0 { family inet { address 5.5.0.1/24; } } } em6 { unit 0 { family inet { address 6.6.0.1/24; } } } lo0 { unit 0 { family inet { address 10.0.0.1/32; } } } } routing-options { static { route 10.0.1.1/32 next-hop 10.6.1.2; } rib-groups { sasn2remote { import-rib [ inet.0 r_sasn_e.inet.0 ]; } } autonomous-system 65000; } protocols { bgp { hold-time 30; advertise-inactive; family inet { unicast { rib-group sasn2remote; } } local-as 65000; group internal { type internal; local-address 10.0.0.1; export direct-static-bgp; peer-as 65000; neighbor 10.0.1.1; } } } policy-options { policy-statement direct-static-bgp { term A { from protocol [ direct static ]; then accept; } } policy-statement master-to-r_sasn_e { term A { from { instance master; protocol static; } then { metric 200; accept; } } term C { from { instance master; protocol direct; } then reject; } term B { then accept; } } policy-statement master-to-sasn { term A { from instance master; then accept; } } policy-statement sasn-to-remote { term A { from instance sasn_e; then accept; } } policy-statement sasn_e-export { from protocol [ static direct ]; then { community add sasn_e; accept; } } policy-statement sasn_e-import { from { protocol bgp; community sasn_e; } then accept; } community sasn_e members target:65000:91; } firewall { filter fbf-filter { term A { from { source-address { 3.3.0.0/24; } } then { count FBF_Count; routing-instance r_sasn_e; } } term B { then { count Master_Count; accept; } } } } routing-instances { r_sasn_e { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 6.6.1.2; } } } sasn_e { instance-type vrf; interface em2.0; interface em3.0; interface em4.0; interface em5.0; interface em6.0; route-distinguisher 65000:91; vrf-import sasn_e-import; vrf-export sasn_e-export; vrf-table-label; routing-options { static { route 0.0.0.0/0 next-hop 5.5.0.2; } } forwarding-options { family inet { filter { input fbf-filter; } } } } } [edit] root@Site1_R01# [edit] root@Site1_R01# [edit] root@Site1_R01# [edit] root@Site1_R01# show | display set | no-more set version 8.5R1.14 set groups internal set system host-name Site1_R01 set system root-authentication encrypted-password Xyy2q7G6RhrHM set system login user admin uid 2002 set system login user admin class super-user set system login user admin authentication encrypted-password "$1$MlQ.wR28$DWkAIZv/Le19.PqzfRusd0" set system services ftp set system services ssh set system services web-management http interface em0.0 set system syslog user * any emergency set interfaces em0 unit 0 family inet address 10.6.1.1/24 set interfaces em1 unit 0 family inet address 10.6.2.1/24 set interfaces em2 unit 0 family inet address 2.2.0.1/24 set interfaces em3 unit 0 family inet address 3.3.0.1/24 set interfaces em4 unit 0 family inet address 4.4.0.1/24 set interfaces em5 unit 0 family inet address 5.5.0.1/24 set interfaces em6 unit 0 family inet address 6.6.0.1/24 set interfaces lo0 unit 0 family inet address 10.0.0.1/32 set routing-options static route 10.0.1.1/32 next-hop 10.6.1.2 set routing-options rib-groups sasn2remote import-rib inet.0 set routing-options rib-groups sasn2remote import-rib r_sasn_e.inet.0 set routing-options autonomous-system 65000 set protocols bgp hold-time 30 set protocols bgp advertise-inactive set protocols bgp family inet unicast rib-group sasn2remote set protocols bgp local-as 65000 set protocols bgp group internal type internal set protocols bgp group internal local-address 10.0.0.1 set protocols bgp group internal export direct-static-bgp set protocols bgp group internal peer-as 65000 set protocols bgp group internal neighbor 10.0.1.1 set policy-options policy-statement direct-static-bgp term A from protocol direct set policy-options policy-statement direct-static-bgp term A from protocol static set policy-options policy-statement direct-static-bgp term A then accept set policy-options policy-statement master-to-r_sasn_e term A from instance master set policy-options policy-statement master-to-r_sasn_e term A from protocol static set policy-options policy-statement master-to-r_sasn_e term A then metric 200 set policy-options policy-statement master-to-r_sasn_e term A then accept set policy-options policy-statement master-to-r_sasn_e term C from instance master set policy-options policy-statement master-to-r_sasn_e term C from protocol direct set policy-options policy-statement master-to-r_sasn_e term C then reject set policy-options policy-statement master-to-r_sasn_e term B then accept set policy-options policy-statement master-to-sasn term A from instance master set policy-options policy-statement master-to-sasn term A then accept set policy-options policy-statement sasn-to-remote term A from instance sasn_e set policy-options policy-statement sasn-to-remote term A then accept set policy-options policy-statement sasn_e-export from protocol static set policy-options policy-statement sasn_e-export from protocol direct set policy-options policy-statement sasn_e-export then community add sasn_e set policy-options policy-statement sasn_e-export then accept set policy-options policy-statement sasn_e-import from protocol bgp set policy-options policy-statement sasn_e-import from community sasn_e set policy-options policy-statement sasn_e-import then accept set policy-options community sasn_e members target:65000:91 set firewall filter fbf-filter term A from source-address 3.3.0.0/24 set firewall filter fbf-filter term A then count FBF_Count set firewall filter fbf-filter term A then routing-instance r_sasn_e set firewall filter fbf-filter term B then count Master_Count set firewall filter fbf-filter term B then accept set routing-instances r_sasn_e instance-type forwarding set routing-instances r_sasn_e routing-options static route 0.0.0.0/0 next-hop 6.6.1.2 set routing-instances sasn_e instance-type vrf set routing-instances sasn_e interface em2.0 set routing-instances sasn_e interface em3.0 set routing-instances sasn_e interface em4.0 set routing-instances sasn_e interface em5.0 set routing-instances sasn_e interface em6.0 set routing-instances sasn_e route-distinguisher 65000:91 set routing-instances sasn_e vrf-import sasn_e-import set routing-instances sasn_e vrf-export sasn_e-export set routing-instances sasn_e vrf-table-label set routing-instances sasn_e routing-options static route 0.0.0.0/0 next-hop 5.5.0.2 set routing-instances sasn_e forwarding-options family inet filter input fbf-filter [edit] root@Site1_R01#