version 6.4R2.4; system { host-name berlin; domain-name gate.21c3.ccc.de; backup-router 172.18.30.200 destination 0.0.0.0/0; time-zone Europe/Berlin; authentication-order password; ports { console type vt100; } root-authentication { encrypted-password "$1$rRQeJ.Wc$bh.8xMqwc.uX9fNNzuFvL0"; ## SECRET-DATA } name-server { 195.74.0.47; 212.21.72.1; 212.42.242.2; 212.84.206.1; } login { message "You are accessing CCC 2004 Berlin. "; user alf { uid 3501; class superuser; authentication { encrypted-password "$1$RWZG3UI5$dzyEssOsREytzg9NQi0Cb1"; ## SECRET-DATA } } user blackwing { uid 2010; class superuser; authentication { ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0B2m7Nh4OElq+b5QbiC2RTGVU/m3NthJIHrrMzQV/VIRkARtYwEClEA+bH/2/krl8mbh3fMPb9XT8sXdPsRKTSAdxzoSMS1akZnu4MF2tX9VsQks//Xpu/wGWIk2yclE/uhxM8/M38CUpFdWo8dLgUDqgab02H0PEAUUsLqsXrs= blackwing"; ## SECRET-DATA } } user czmok { uid 2011; class superuser; authentication { encrypted-password "$1$kgFeGUCE$DNlzYZy.npsOu/jh8zNoR."; ## SECRET-DATA ssh-dsa "ssh-dss AAAAB3NzaC1kc3MAAACBAJ0UpTZ7/koq6J6mgSpUWFGDseg3wmFMwgGrZ7tShjWk3Yl7VG7jwHl8dIDUDuEId3vFoJomstTg5Ph6RcMH/pLsqIcMmaJFpbtt0Natq1uzOEvXV1oUqN+mY7Dib/SIXcL0oiNcwwkRlEpHkZRAlimSBWtPa21EVQbZOdoZSz/RAAAAFQCu4QaM1XnqphmZ7tV/g2OisNfNnwAAAIAh3ovj6AqT8gAruUTUyFiwWA/SoIVajaaoAyfMZs1dTXCGeF9UwZ3YKcWFJbBthRAMRDlhYx0vY/J2h3eLlmKTXiuXbLESD+7z8ao1SHg3XM9rc8FzLoyzZfLEQ7CpgFDK3h9LAAJok3YvCEFSKQYkHmpnN9C/jTjELCw3ss8ySwAAAIBWIQyIlvc/CIyqNSWnKEozRI8YfJQXyAY0JMjwtEk93bA4N2MyvpLxPMmOWsWGOUV6Bg0BhcK9NTGBESJUUBZ0DiCsu7SyY2ZhHhWkWNFlQuMGARggerOVnQOAg+wa60Iw0wL9B/BZFEHrzY5NzFzXag/rNaawOmydvyBbfkV6ug== czmok@leuchtkerze"; ## SECRET-DATA } } user swahl { uid 2000; class superuser; authentication { encrypted-password "$1$F.l0i0OZ$M2uugB7HLoYiw.a2c0cI3/"; ## SECRET-DATA } } } services { ssh { protocol-version v2; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } } ntp { server 192.168.242.2; server 192.168.242.1; source-address 192.168.242.91; } } interfaces { fe-0/1/0 { description "-- Uplink Cogent 100 mbit"; speed 100m; fastether-options { no-flow-control; } unit 0 { family inet { address 212.20.156.86/30; } } } fe-0/1/2 { description InternalManagement; speed 100m; link-mode full-duplex; fastether-options { no-flow-control; } unit 0 { family inet { address 192.168.242.91/25; } } } ge-1/3/0 { description CCC-IPv6; vlan-tagging; link-mode full-duplex; unit 0 { disable; description BCIX100; vlan-id 100; family inet { address 193.178.185.101/25; } } unit 1 { disable; description BCIX102; vlan-id 102; family inet6 { address 2001:7F8:19:1::85d8:2/64; } } unit 2 { description CCC-IPv4; vlan-id 910; family inet { address 82.130.0.2/29; } } unit 3 { description BCIX102; vlan-id 911; family inet6 { address 2001:1520:21c3:ffff::2/64; } } unit 921 { description I21_VIA_SWITCH; vlan-id 921; family inet { address 84.233.147.226/30; } } } fxp0 { unit 0 { family inet { address 172.18.30.2/16; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } snmp { community vectra { clients { 192.168.242.7/32; } } } routing-options { static { route 0.0.0.0/0 { next-hop 212.20.156.85; no-readvertise; } route 82.130.0.0/18 { next-hop 82.130.0.1; install; no-readvertise; } } autonomous-system 34264; } protocols { bgp { group upstream-cogent { type external; advertise-inactive; log-updown; import CCC-IN; export [ next-hop-self CCC-cogent-out ]; local-as 34264; neighbor 212.20.156.85 { local-address 212.20.156.86; authentication-key "$9$UjiHm5Qnt0BfTORhcleXxNdwg"; ## SECRET-DATA peer-as 174; } } group upstream-i21 { type external; advertise-inactive; log-updown; import CCC-IN; export [ next-hop-self CCC-i21-out ]; local-as 34264; neighbor 84.233.147.225 { peer-as 8928; } } group ccc { type internal; description internal-bgp-sessions; import any; export any; neighbor 82.130.0.3 { description istanbul.gate; family inet { unicast; } family inet6 { unicast; } } neighbor 82.130.0.1 { description bern.gate; family inet { unicast; } family inet6 { unicast; } } inactive: neighbor 2001:7F8:19:1::85D8:3 { family inet6 { unicast; } } inactive: neighbor 2001:7F8:19:1::85D8:1 { family inet6 { unicast; } } } inactive: group dhosting { type external; log-updown; import CCC-IN; export [ next-hop-self redist-own ]; peer-as 12732; neighbor 193.178.185.1 { description dhosting-routeserver1; family inet { unicast; } family inet6 { unicast; } } neighbor 193.178.185.2 { description dhosting-routeserver2; family inet { unicast; } family inet6 { unicast; } } neighbor 193.178.185.10 { description dhosting-unknown; family inet { unicast; } family inet6 { unicast; } } neighbor 193.178.185.3; } inactive: group dhosting6 { type external; log-updown; import any; export [ next-hop-self srcAS34264 ]; peer-as 12732; neighbor 2001:7F8:19:1::31BC:1 { family inet6 { unicast; } } neighbor 2001:7F8:19:1::31BC:2 { description dhosting-20c3; family inet6 { unicast; } } neighbor 2001:7F8:19:1::31BC:3 { description dhosting-20c3; family inet6 { unicast; } } } } ospf { area 0.0.0.0 { interface ge-1/3/0.2 { authentication { md5 1 key "$9$T3nCSylMWxB1hreWXxdbs2aZji."; ## SECRET-DATA } } } } } policy-options { policy-statement next-hop-self { term set-hop { then { next-hop self; next policy; } } } policy-statement any { then accept; } policy-statement srcAS34264 { from { protocol static; route-filter 82.130.0.0/18 exact; } then { origin igp; accept; } } policy-statement CCC-IN { term DirectPeers { to as-path IsBGP-DirectPeer; then { local-preference 900; accept; } } inactive: term DFN { to as-path IsBGP-DH-DFN; then { local-preference 800; accept; } } term BCIXDirect { to as-path IsBGP-DHostingPeers; then { local-preference 700; accept; } } term BCIXIndirect { to as-path IsBGP-DH-Default; then { local-preference 300; accept; } } term CogentPeers { to as-path IsBGP-CogentPeers; then { local-preference 500; accept; } } term InterroutePeers { to as-path IsBGP-InterroutePeers; then { local-preference 500; accept; } } term DeCIX { to as-path IsBGP-DH-CL-DECIX; then { local-preference 400; accept; } } term DTAG { to as-path IsBGP-DH-PL-DTAG; then { local-preference 600; accept; } } term InterrouteDefault { to as-path IsBGP-Interroute-Default; then { local-preference 100; accept; } } term CogentDefault { to as-path IsBGP-Cogent-Default; then { local-preference 100; accept; } } term Default { then { local-preference 90; accept; } } term Freenet { to as-path IsBGP-DH-CL-Freenet; then { local-preference 700; accept; } } } policy-statement nofilter-in { term reject-ournet { from { route-filter 82.130.0.0/18 orlonger; } then reject; } term accept-any { then accept; } } policy-statement CCC-i21-out { term t1 { from { route-filter 82.130.0.0/18 exact; } then { as-path-prepend "34264 34264"; accept; } } term t999 { then reject; } } policy-statement redist-own { term own { from { route-filter 82.130.0.0/18 exact; } then accept; } term default { then reject; } } policy-statement CCC-cogent-out { term t1 { from { route-filter 82.130.0.0/18 exact; } then { as-path-prepend 34264; accept; } } term t999 { then reject; } } as-path IsBGP-DirectPeer "(174|8928|12732)"; as-path IsBGP-PeerOfDirectPeer "(174|8928|12732) ."; as-path IsBGP-DHostingPeers "12732 ."; as-path IsBGP-InterroutePeers "8928 ."; as-path IsBGP-CogentPeers "174 ."; as-path IsBGP-DH-CL-DECIX "12732 20646 .*"; as-path IsBGP-DH-DFN "12732 680 .*"; as-path IsBGP-DH-PL-DTAG "12732 12306 3320 .*"; as-path IsBGP-DH-Default "12732 .*"; as-path IsBGP-Cogent-Default "174 .*"; as-path IsBGP-Interroute-Default "8928 .*"; as-path IsBGP-DH-CL-Freenet "12732 20646 5430 .*"; }