Step by step IGP-OSPF : 1. Activate protocol ospf area XX -> edit protocol ospf area xx 2.

configure interface under protocol ospf -> set interface fe-1/3/x.y or set interface ge-0/x/0.y (unit interface) or set interface lo0.xxx 3. configure MD5 -> set protocol ospf area x authentication-type md5 set protocol ospf area x interface xx-x/x/x authentication md5 1 key juniper 4. configure RIP -> set protocol rip neighbor fe-1/3/x.y or ge-0/x/0.y 5. No LSA Type 4 and 5 -> in router R1 and R6 -> set area 1 stub default-metric 10 In router R1 and R6 -> set area 1 interface fe-1/3/x.y or ge-0/x/0.y in router R3 and R4 -> set area 2 nssa default-lsa default-metric 10 in router R3 and R4 -> set area 2 interface fe-1/3/x.y or ge-0/x/0.y 6. Redistribute RIP to OSPF -> create policy in R3 and R4 edit policy-options policy-statement TO_OSPF term 1 set from protocol rip set from route-filter 55.55.55.0/24 orlonger set then accept put policy TO_OSPF into protocol RIP -> set protocol ospf export TO_OSPF 7. Redistribute OSPF to RIP -> create policy in R3 and R4 Edit policy-options policy-statement TO_RIP term 1 Set from protocol rip Set from route-filter 0.0.0.0/0 exact Set then accept Set protocol rip group rip export TO_RIP 8. Summarize all inter-area routes and RIP routes before going into backbone area -> in R2 and R5 -> set protocol ospf area 2 nssa area-range 55.55.55.0/24 Set protocol ospf area 2 area-range 10.0.8.0/24 9. Interface to T2 must seen as internal ospf route but must not send hello packets to that interface -> set protocol ospf area 0 interface fe-1/3/x.y or ge-0/x/0 passive Step by step for IBGP + RR Create 2 Cluster and 4 RR in R2, R3, R4, R5

Set routing-option autonomous-system 65001 edit protocol BGP group cluster-x.x.x.x set type internal set local-address x.x.x.x (IP address loopback) set cluster x.x.x.x set neighbor x.x.x.x create iBGP between RR in R2, R3, R4, R5 edit protocol BGP group iBGP set type internal set local-address x.x.x.x (IP Address loopback) set neighbor x.x.x.x (ip loopback) create iBGP between RR and other routers based on design Set routing-option autonomous-system 65001 edit protocol BGP group iBGP set type internal set neighbor x.x.x.x (IP loopback) create md5 authentication -> set protocol bgp group iBGP authentication-key juniper create hold down timer 45 seconds -> set protocol bgp hold-time 45 changes must be sent to syslog -> set protocol bgp log-updown Step by step EBGP Configure in R1 + T1 peering with load balance o Set static router -> set routing-option static route x.x.x.x/y (IP Loopback) next-hop x.x.x.x o Create group BGP -> edit protocol bgp group EBGP-T1 set type external set neighbor x.x.x.x (IP loopback) set multihop set local-address x.x.x.x (ip loopback) o Create load balance per packet -> set policy-options policy-statement LOAD_BALANCE then load-balance perpacket set routing-option forwarding-table export LOAD_BALANCE Configure R6 with P1 & P2 -> edit protocol bgp group EBGP set type external

set neighbor x.x.x.x (physical interface to P1 and P2) set multipath Config next-hop self to all Routers Edit policy-options policy-statement nhs Set next-hop self Set protocol bgp group ibgp export nhs Configure R1 with T2 but cannot initiate the peering -> edit protocols bgp group EBGP-T2 o Set type external o Set neighbor x.x.x.x (physical interface) o Set passive Configure R7 with C2 -> edit protocols bgp group EBGP-C2 o Set type external o Set neighbor x.x.x.x (physical interface) peer-as xxxx Configure R7 with C1 -> edit protocols bgp group EBGP-C2 o Set type external o Set neighbor x.x.x.x (physical interface) peer-as xxxx (dummy AS# to get the right AS# with debug) o Set log-updown o Run show log bgp -> to get C1 AS# Damp 110.110.10.0/24 more aggressive from other routes. o Set protocol bgp group EBGP damping (activate damping) o Edit policy-option policy-statement damping aggressive Set half-life 30 Set suppress 2500 o Edit policy-option policy-statement damping dry Set disable o Put damping policy Edit policy-statement DAMPING Set term 1 from protocol bgp Set term 1 from route-filter 110.110.10.0/24 exact damping aggressive Set term 1 from route-filter 220.220.220.0/24 exact damping dry o Activate damping in eBGP -> set protocol bgp neighbor x.x.x.x import DAMPING 3

Limit receive advertisement from customer to 25 routes and teardown for 30 minutes if exceeds o set protocols bgp group ebgp neighbor 1.1.1.1 family inet unicast prefix-limit maximum 25 teardown idle-timeout 30

Step by step IGP-ISIS Configure Loopback with is-is capable at R1 R7 o R1 -> Set interface lo0 unit xx family iso address 49.0001.0100.0000.6001.00 o R2 -> Set interface lo0 unit xx family iso address 49.0002.0100.0000.6002.00 o R3 -> Set interface lo0 unit xx family iso address 49.0002.0100.0000.3003.00 o R4 -> Set interface lo0 unit xx family iso address 49.0002.0100.0000.3004.00 o R5 -> Set interface lo0 unit xx family iso address 49.0002.0100.0000.3005.00 o R6 -> Set interface lo0 unit xx family iso address 49.0001.0100.0000.9006.00 o R7 -> Set interface lo0 unit xx family iso address 49.0001.0100.0000.9007.00 o Activate protocol isis at all routers -> edit protocol isis Set interface fe-x/x/x level 1 disable or level 2 disable (depends on diagram) Set interface lo0.xxx level 1 disable or level 2 disable (depends on diagram) The subnet between r1 and T2 must appear in area 49.0001 as an internal route. Ensure that no adjacencies can be established on this subnet o Activate at R1 -> set protocol isis interface fe-x/x/x level 1 disable passive ISIS authentication for level 2 only -> set protocol isis interface fe-x/x/x hello-authentication-key jnx o Set protocol isis interface fe-x/x/x helloauthentication-type md5 ISIS LSP Lifetime 3600 Level 2 only -> set protocol isis lsplifetime 3600 Advertise RIP -> after config protocol RIP at R3 & R4, then advertise RIP Routes to ISIS -> edit policy-options policystatement TO_ISIS term 1 set from protocol rip set then accept set protocol isis export TO_ISIS

advertise default routes to Router RIP (at R3 & R4) -> edit policy-options policy-statement TO_RIP term 1 set from protocol isis set from route-filter 0.0.0.0/0 exact set then accept set protocol rip group rip export TO_RIP automatically metric 5 -> set protocol isis reference-bandwidth 500m summary Routes from RIP and summary internal into backbone with metric greater than 100, config at R2 & R5 -> set routingoptions aggregate route 55.55.55.0/24 o set routing-options aggregate route 10.0.8.0/24 edit policy-options policy statement TO_ISIS term 1 set from protocol aggregate set from route-filter 55.55.55.0/24 exact set from route-filter 10.0.8.0/24 exact set then metric 110 set then accept set protocol isis export TO_ISIS set protocol isis level 2 wide-metric-only o

Step by step Confederation create AS-Private,config at all routers : set routing-options autonomous-system xxxx (AS Private) set confederation xxxx (AS Public) member xxxx (AS private) Config C-BGP at R2, R3, R4 and R5 : Edit protocol bgp group C-BGP Set type external Set local-address x.x.x.x (IP Loopback) Set neighbor x.x.x.x (IP Loopback based on diagram) Set multihop Set peer-as xxxx Config IBGP at all router : Edit protocol bgp group IBGP Set type internal Set local-address x.x.x.x (IP Loopback) Set neighbor x.x.x.x (IP Loopback based on diagram) Step by step POLICY 1. Advertise 2 aggregates routes representing each backbone routes and RIP routes to all peers

o Config at R1, R6, R7 -> set routing-option aggregate route 10.0.0.0/8 Edit policy-option policy-statement ADV_INTERNAL term 1 Set from protocol aggregate Set from route-filter 10.0.0.0/8 exact Set then accept Set protocol bgp group EBGP export ADV_INTERNAL o Config at R1 & R6 -> edit policy-option policy ADV_INTERNAL term 2 Set from protocol ospf Set from route-filter 55.55.55.0/24 exact Set then accept o Advertise 55.55.55.0/24 into C1 & C2 Config at R1 & R6 -> edit policy-option policystatement TO_iBGPBGP term 1 Set from protocol ospf Set from route-filter 55.55.55.0/24 exact Set then accept Edit protocol bgp group iBGP Set export TO_iBGP (Automaticaly advertise 55.55.55.0/24 toward C1 & C2 via R7) 2. Advertise C1 & C2 routes to all peers (automatically happen when peering between R7 with C1 &C2 established) 3. advertise P1 and P2 routes to customer only o config at R6 with community -> edit policy-option set community P1_P2 member 65001:100 set as-path P1_P2 65002 edit policy-statement IMPORT_BGP term 1 set from protocols bgp set from as-path P1_P2 (ONLY received as path from P1_P2) set then community add P1_P2 set then accept edit protocol bgp group ebgp set import IMPORT_BGP o config at R1 -> edit policy-options set community P1_P2 member 65001:100 edit policy-statement TO_EBGP term 1 set from protocol bgp set from community P1_P2

set then reject edit protocol bgp group EBGP set neighbor x.x.x.x export TO_EBGP advertise T1 and T2 routes to customer only o config at R1 with community -> edit policy-option set community T1_T2 member 65001:101 edit policy-statement IMPORT_EBGP term 1 set from protocol bgp set from neighbor x.x.x.x set then community add T1_T2 edit protocol bgp group EBGP set import IMPORT_EBGP o config at R6 -> edit policy-option set community T1_T2 member 65001:101 edit policy-statement TO_EBGP term x set from protocol bgp set from community T1_T2 set then reject set protocol bgp group EBGP export TO_EBGP Alter local-preference route from customer if the route has 65432:1001 tag on it o Config at R7 with community -> edit policy-options Set community member FROM_Cust 65432:1001 Edit policy-statement TO_iBGP term 1 Set from protocol bgp Set from community FROM_Cust Set then local-preference 150 Set then accept Edit protocol bgp group IBGP Set export TO_iBGP Do not accept any RFC 1918 routes from transits (10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/16) Config at R6 -> edit policy-options policy-statement IMPORT_EBGP term x Set from protocol bgp Set from neighbor x.x.x.x Set from route-filter 10.0.0.0/8 orlonger reject Set from route-filter 172.16.0.0/16 orlonger reject Set from route-filter 192.168.0.0/16 orlonger reject Edit protocol bgp group EBGP Set import IMPORT_EBGP Do not accept any 0.0.0.0 routes no matter the length from transit 7

Config at R1 -> edit policy-option policy-statement IMPORT_EBGP term x Set from protocol bgp Set from route-filter 0.0.0.0/0 through 0.0.0.0/32 reject Edit protocol bgp group EBGP Set import IMPORT_EBGP o Do not accept any prefixes less specific than /8 and no more specific than /24 from provider Config at R6 -> edit policy-option policy-statement IMPORT_EBGP term x Set from protocol bgp Set from route-filter 0.0.0.0/0 through 0.0.0.0/7 reject Set from route-filter 0.0.0.0/0 prefix-length-range / 25-/32 reject Edit protocol bgp group EBGP Set import IMPORT_EBGP o Do not advertise customer route to other than their AS Config at R7 -> edit policy-options Set community no-export member no-export Edit policy-policy statement TO_EBGP term x Set from route-filter 10.0.0.0/8 exact Set from route-filter 55.55.55.0/24 exact Set then community no-export Edit protocol bgp group EBGP Set export TO_EBGP o Make sure no community is sent to T1 and T2 routes Config at R1 -> edit policy-options Set community delete-comm member *:* Edit policy-statement TO_EBGP term x Set then community add delete-comm Edit protocol bgp group EBGP Set export TO_EBGP