root@Router_1_PE> show configuration | display set | no-more set version 14.1R1.10 set system host-name Router_1_PE set system root-authentication encrypted-password "$1$XqAx/8CB$idJe7c/KZuuepaoIWt3iI1" set system services telnet connection-limit 5 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces ge-0/0/0 description "CUSTOMER - To CUSTOMER_A_CPE_1" set interfaces ge-0/0/0 unit 0 family inet address 10.10.250.0/31 set interfaces ge-0/0/1 description "CUSTOMER - To CUSTOMER_B_CPE_1" set interfaces ge-0/0/1 unit 0 family inet address 10.10.250.2/31 set interfaces ge-0/0/5 description "INFRASTRUCTURE - To Router 4" set interfaces ge-0/0/5 unit 0 family inet address 10.10.14.1/24 set interfaces ge-0/0/5 unit 0 family iso set interfaces ge-0/0/5 unit 0 family mpls set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set interfaces lo0 unit 0 family iso address 49.0001.1111.1111.1111.00 set routing-options autonomous-system 69 set routing-options autonomous-system loops 2 set protocols mpls interface ge-0/0/5.0 set protocols bgp advertise-peer-as set protocols bgp group AS69 type internal set protocols bgp group AS69 local-address 1.1.1.1 set protocols bgp group AS69 family inet unicast set protocols bgp group AS69 family inet-vpn unicast set protocols bgp group AS69 neighbor 4.4.4.4 set protocols isis interface ge-0/0/5.0 level 1 disable set protocols isis interface lo0.0 level 1 disable set protocols ldp interface ge-0/0/5.0 set policy-options policy-statement CUSTOMER_A_EXPORT term 1 then community add TARGET_COMMUNITY_CUSTOMER_A_SPOKE_ADVERTISING_TO_HUB set policy-options policy-statement CUSTOMER_A_EXPORT term 1 then accept set policy-options policy-statement CUSTOMER_A_IMPORT term 1 from community TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKE set policy-options policy-statement CUSTOMER_A_IMPORT term 1 then accept set policy-options policy-statement CUSTOMER_A_IMPORT term 2 then reject set policy-options community TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKE members target:69:200 set policy-options community TARGET_COMMUNITY_CUSTOMER_A_SPOKE_ADVERTISING_TO_HUB members target:69:100 set routing-instances CUSTOMER_A instance-type vrf set routing-instances CUSTOMER_A interface ge-0/0/0.0 set routing-instances CUSTOMER_A route-distinguisher 1.1.1.1:1 set routing-instances CUSTOMER_A vrf-import CUSTOMER_A_IMPORT set routing-instances CUSTOMER_A vrf-export CUSTOMER_A_EXPORT set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_1 type external set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_1 peer-as 64512 set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_1 neighbor 10.10.250.1 set routing-instances CUSTOMER_B instance-type vrf set routing-instances CUSTOMER_B interface ge-0/0/1.0 set routing-instances CUSTOMER_B route-distinguisher 1.1.1.1:2 set routing-instances CUSTOMER_B vrf-target target:69:420 set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_1 type external set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_1 peer-as 64512 set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_1 neighbor 10.10.250.3 ========================================================================================================== root@Router_2_PE> show configuration | display set | no-more set version 14.1R1.10 set system host-name Router_2_PE set system root-authentication encrypted-password "$1$sQcXCoDt$e3njjsuTONxgnSM8HM6eU." set system services telnet connection-limit 5 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces ge-0/0/0 vlan-tagging set interfaces ge-0/0/0 unit 10 description "CUSTOMER - To CUSTOMER_A_CPE_2 - Spoke BGP Prefixes In, Traffic Out" set interfaces ge-0/0/0 unit 10 vlan-id 10 set interfaces ge-0/0/0 unit 10 family inet address 10.10.250.100/31 set interfaces ge-0/0/0 unit 20 description "CUSTOMER - To CUSTOMER_A_CPE_2 - Hub BGP Prefixes Out, Traffic In" set interfaces ge-0/0/0 unit 20 vlan-id 20 set interfaces ge-0/0/0 unit 20 family inet address 10.10.250.102/31 set interfaces ge-0/0/3 unit 0 family inet address 10.10.24.2/24 set interfaces ge-0/0/3 unit 0 family iso set interfaces ge-0/0/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 2.2.2.2/32 set interfaces lo0 unit 0 family iso address 49.0001.2222.2222.2222.00 set routing-options autonomous-system 69 set routing-options autonomous-system loops 2 set protocols mpls interface ge-0/0/3.0 set protocols bgp advertise-peer-as set protocols bgp group AS69 type internal set protocols bgp group AS69 local-address 2.2.2.2 set protocols bgp group AS69 family inet unicast set protocols bgp group AS69 family inet-vpn unicast set protocols bgp group AS69 neighbor 4.4.4.4 set protocols isis interface ge-0/0/3.0 level 1 disable set protocols isis interface lo0.0 level 1 disable set protocols ldp interface ge-0/0/3.0 set policy-options policy-statement POLICY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES then community add TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES set policy-options policy-statement POLICY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES then accept set policy-options policy-statement POLICY_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB from community TARGET_COMMUNITY_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB set policy-options policy-statement POLICY_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB then accept set policy-options policy-statement POLICY_NOTHING_EXPORTED then reject set policy-options policy-statement POLICY_NOTHING_IMPORTED then reject set policy-options community TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES members target:69:200 set policy-options community TARGET_COMMUNITY_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB members target:69:100 set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES instance-type vrf set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES interface ge-0/0/0.20 set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES route-distinguisher 2.2.2.2:2 set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES vrf-import POLICY_NOTHING_IMPORTED set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES vrf-export POLICY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES protocols bgp group CUSTOMER_A_CPE_2 type external set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES protocols bgp group CUSTOMER_A_CPE_2 peer-as 64513 set routing-instances VRF_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKES protocols bgp group CUSTOMER_A_CPE_2 neighbor 10.10.250.103 set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB instance-type vrf set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB interface ge-0/0/0.10 set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB route-distinguisher 2.2.2.2:1 set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB vrf-import POLICY_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB vrf-export POLICY_NOTHING_EXPORTED set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB protocols bgp group CUSTOMER_A_CPE_2 type external set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB protocols bgp group CUSTOMER_A_CPE_2 peer-as 64513 set routing-instances VRF_CUSTOMER_A_SPOKES_ADVERTISING_TO_HUB protocols bgp group CUSTOMER_A_CPE_2 neighbor 10.10.250.101 ========================================================================================================== root@Router_3_PE> show configuration | display set | no-more set version 14.1R1.10 set system host-name Router_3_PE set system root-authentication encrypted-password "$1$sQcXCoDt$e3njjsuTONxgnSM8HM6eU." set system services telnet connection-limit 5 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces ge-0/0/0 description "CUSTOMER - To CUSTOMER_A_CPE_3" set interfaces ge-0/0/0 unit 0 family inet address 10.10.250.6/31 set interfaces ge-0/0/1 description "CUSTOMER - To CUSTOMER_B_CPE_2" set interfaces ge-0/0/1 unit 0 family inet address 10.10.250.8/31 set interfaces ge-0/0/4 description "INFRASTRUCTURE - To Router 4" set interfaces ge-0/0/4 unit 0 family inet address 10.10.34.3/24 set interfaces ge-0/0/4 unit 0 family iso set interfaces ge-0/0/4 unit 0 family mpls set interfaces lo0 unit 0 family inet address 3.3.3.3/32 set interfaces lo0 unit 0 family iso address 49.0001.3333.3333.3333.00 set routing-options autonomous-system 69 set routing-options autonomous-system loops 2 set protocols mpls interface ge-0/0/4.0 set protocols bgp advertise-peer-as set protocols bgp group AS69 type internal set protocols bgp group AS69 local-address 3.3.3.3 set protocols bgp group AS69 family inet unicast set protocols bgp group AS69 family inet-vpn unicast set protocols bgp group AS69 neighbor 4.4.4.4 set protocols isis interface ge-0/0/4.0 level 1 disable set protocols isis interface lo0.0 level 1 disable set protocols ldp interface ge-0/0/4.0 set policy-options policy-statement CUSTOMER_A_EXPORT term 1 then community add TARGET_COMMUNITY_CUSTOMER_A_SPOKE_ADVERTISING_TO_HUB set policy-options policy-statement CUSTOMER_A_EXPORT term 1 then accept set policy-options policy-statement CUSTOMER_A_IMPORT term 1 from community TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKE set policy-options policy-statement CUSTOMER_A_IMPORT term 1 then accept set policy-options policy-statement CUSTOMER_A_IMPORT term 2 then reject set policy-options community TARGET_COMMUNITY_CUSTOMER_A_HUB_ADVERTISING_TO_SPOKE members target:69:200 set policy-options community TARGET_COMMUNITY_CUSTOMER_A_SPOKE_ADVERTISING_TO_HUB members target:69:100 set routing-instances CUSTOMER_A instance-type vrf set routing-instances CUSTOMER_A interface ge-0/0/0.0 set routing-instances CUSTOMER_A route-distinguisher 3.3.3.3:1 set routing-instances CUSTOMER_A vrf-import CUSTOMER_A_IMPORT set routing-instances CUSTOMER_A vrf-export CUSTOMER_A_EXPORT set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_3 type external set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_3 peer-as 64514 set routing-instances CUSTOMER_A protocols bgp group CUSTOMER_A_CPE_3 neighbor 10.10.250.7 set routing-instances CUSTOMER_B instance-type vrf set routing-instances CUSTOMER_B interface ge-0/0/1.0 set routing-instances CUSTOMER_B route-distinguisher 3.3.3.3:2 set routing-instances CUSTOMER_B vrf-target target:69:420 set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_2 type external set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_2 peer-as 64514 set routing-instances CUSTOMER_B protocols bgp group CUSTOMER_B_CPE_2 neighbor 10.10.250.9 ========================================================================================================== root@Router_4_P> show configuration | display set | no-more set version 14.1R1.10 set system host-name Router_4_P set system root-authentication encrypted-password "$1$sQcXCoDt$e3njjsuTONxgnSM8HM6eU." set system services telnet connection-limit 5 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces ge-0/0/3 unit 0 family inet address 10.10.24.4/24 set interfaces ge-0/0/3 unit 0 family iso set interfaces ge-0/0/3 unit 0 family mpls set interfaces ge-0/0/4 unit 0 family inet address 10.10.34.4/24 set interfaces ge-0/0/4 unit 0 family iso set interfaces ge-0/0/4 unit 0 family mpls set interfaces ge-0/0/5 unit 0 family inet address 10.10.14.4/24 set interfaces ge-0/0/5 unit 0 family iso set interfaces ge-0/0/5 unit 0 family mpls set interfaces lo0 unit 0 family inet address 4.4.4.4/32 set interfaces lo0 unit 0 family iso address 49.0001.4444.4444.4444.00 set routing-options autonomous-system 69 set routing-options autonomous-system loops 2 set protocols mpls interface ge-0/0/5.0 set protocols mpls interface ge-0/0/4.0 set protocols mpls interface ge-0/0/3.0 set protocols bgp group AS69 type internal set protocols bgp group AS69 local-address 4.4.4.4 set protocols bgp group AS69 family inet unicast set protocols bgp group AS69 family inet-vpn unicast set protocols bgp group AS69 cluster 4.4.4.4 set protocols bgp group AS69 neighbor 1.1.1.1 set protocols bgp group AS69 neighbor 2.2.2.2 set protocols bgp group AS69 neighbor 3.3.3.3 set protocols isis interface ge-0/0/3.0 level 1 disable set protocols isis interface ge-0/0/4.0 level 1 disable set protocols isis interface ge-0/0/5.0 level 1 disable set protocols isis interface lo0.0 level 1 disable set protocols ldp interface ge-0/0/3.0 set protocols ldp interface ge-0/0/4.0 set protocols ldp interface ge-0/0/5.0 ========================================================================================================== root@CUSTOMER_A_CPE_1> show configuration | display set | no-more set version 12.1X47-D15.4 set system host-name CUSTOMER_A_CPE_1 set system root-authentication encrypted-password "$1$uupfzhgE$paPkHbLW1VhnNukikLOqz." set system services ssh set system syslog user * any emergency set system syslog user * match "!(.*Scheduler Oinker*.|.*Frame 0*.|.*ms without yielding*.)" set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes jsrp-service disable set interfaces ge-0/0/0 unit 0 description TO_ISP set interfaces ge-0/0/0 unit 0 family inet address 10.10.250.1/31 set interfaces ge-0/0/1 unit 0 description LAN set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.1/24 set routing-options autonomous-system 64512 set protocols bgp group TO_ISP type external set protocols bgp group TO_ISP export EXPORT_CONNECTED set protocols bgp group TO_ISP peer-as 69 set protocols bgp group TO_ISP neighbor 10.10.250.0 set policy-options policy-statement EXPORT_CONNECTED from protocol direct set policy-options policy-statement EXPORT_CONNECTED then accept set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based ========================================================================================================== root@CUSTOMER_A_CPE_2> show configuration | display set | no-more set version 12.1X47-D15.4 set system host-name CUSTOMER_A_CPE_2 set system root-authentication encrypted-password "$1$uupfzhgE$paPkHbLW1VhnNukikLOqz." set system services ssh set system syslog user * any emergency set system syslog user * match "!(.*Scheduler Oinker*.|.*Frame 0*.|.*ms without yielding*.)" set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes jsrp-service disable set interfaces ge-0/0/0 vlan-tagging set interfaces ge-0/0/0 unit 10 description "To ISP - Spoke BGP Prefixes In, Traffic Out" set interfaces ge-0/0/0 unit 10 vlan-id 10 set interfaces ge-0/0/0 unit 10 family inet address 10.10.250.101/31 set interfaces ge-0/0/0 unit 20 description "To ISP - Hub BGP Prefixes Out, Traffic In" set interfaces ge-0/0/0 unit 20 vlan-id 20 set interfaces ge-0/0/0 unit 20 family inet address 10.10.250.103/31 set interfaces ge-0/0/1 unit 0 description LAN set interfaces ge-0/0/1 unit 0 family inet address 192.168.20.1/24 set routing-options autonomous-system 64513 set protocols bgp advertise-peer-as set protocols bgp group TO_ISP_SPOKE_PREFIXES_IN type external set protocols bgp group TO_ISP_SPOKE_PREFIXES_IN peer-as 69 set protocols bgp group TO_ISP_SPOKE_PREFIXES_IN neighbor 10.10.250.100 set protocols bgp group TO_ISP_HUB_AND_SPOKE_PREFIXES_OUT type external set protocols bgp group TO_ISP_HUB_AND_SPOKE_PREFIXES_OUT export EXPORT_CONNECTED set protocols bgp group TO_ISP_HUB_AND_SPOKE_PREFIXES_OUT peer-as 69 set protocols bgp group TO_ISP_HUB_AND_SPOKE_PREFIXES_OUT neighbor 10.10.250.102 set policy-options policy-statement EXPORT_CONNECTED from protocol direct set policy-options policy-statement EXPORT_CONNECTED then accept set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based ========================================================================================================== root@CUSTOMER_A_CPE_3> show configuration | display set | no-more set version 12.1X47-D15.4 set system host-name CUSTOMER_A_CPE_3 set system root-authentication encrypted-password "$1$iP88THGp$ADx5kqBFopWmz9Nm1GZh5." set system services ssh set system syslog user * any emergency set system syslog user * match "!(.*Scheduler Oinker*.|.*Frame 0*.|.*ms without yielding*.)" set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes jsrp-service disable set interfaces ge-0/0/0 unit 0 description TO_ISP set interfaces ge-0/0/0 unit 0 family inet address 10.10.250.7/31 set interfaces ge-0/0/1 unit 0 description LAN set interfaces ge-0/0/1 unit 0 family inet address 192.168.30.1/24 set routing-options autonomous-system 64514 set protocols bgp group TO_ISP type external set protocols bgp group TO_ISP export EXPORT_CONNECTED set protocols bgp group TO_ISP peer-as 69 set protocols bgp group TO_ISP neighbor 10.10.250.6 set policy-options policy-statement EXPORT_CONNECTED from protocol direct set policy-options policy-statement EXPORT_CONNECTED then accept set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based ========================================================================================================== root@CUSTOMER_B_CPE_1> show configuration | display set | no-more set version 12.1X47-D15.4 set system host-name CUSTOMER_B_CPE_1 set system root-authentication encrypted-password "$1$4s20QjZY$1AjX3aXP7J2DdTcKIYNGQ." set system services ssh set system syslog user * any emergency set system syslog user * match "!(.*Scheduler Oinker*.|.*Frame 0*.|.*ms without yielding*.)" set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes jsrp-service disable set interfaces ge-0/0/0 unit 0 description LAN set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.2/24 set interfaces ge-0/0/1 unit 0 description TO_ISP set interfaces ge-0/0/1 unit 0 family inet address 10.10.250.3/31 set routing-options autonomous-system 64512 set protocols bgp group TO_ISP type external set protocols bgp group TO_ISP export EXPORT_CONNECTED set protocols bgp group TO_ISP peer-as 69 set protocols bgp group TO_ISP neighbor 10.10.250.2 set policy-options policy-statement EXPORT_CONNECTED from protocol direct set policy-options policy-statement EXPORT_CONNECTED then accept set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based ========================================================================================================== root@CUSTOMER_B_CPE_2> show configuration | display set | no-more set version 12.1X47-D15.4 set system host-name CUSTOMER_B_CPE_2 set system root-authentication encrypted-password "$1$Os08Z3jp$tM00B3SHjf7ZPE4YagUUW." set system services ssh set system syslog user * any emergency set system syslog user * match "!(.*Scheduler Oinker*.|.*Frame 0*.|.*ms without yielding*.)" set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system processes jsrp-service disable set interfaces ge-0/0/0 unit 0 description LAN set interfaces ge-0/0/0 unit 0 family inet address 192.168.30.2/24 set interfaces ge-0/0/1 unit 0 description TO_ISP set interfaces ge-0/0/1 unit 0 family inet address 10.10.250.9/31 set routing-options autonomous-system 64514 set protocols bgp group TO_ISP type external set protocols bgp group TO_ISP export EXPORT_CONNECTED set protocols bgp group TO_ISP peer-as 69 set protocols bgp group TO_ISP neighbor 10.10.250.8 set policy-options policy-statement EXPORT_CONNECTED from protocol direct set policy-options policy-statement EXPORT_CONNECTED then accept set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based