Lab Data

BGP ASN topology

R1-AS17 <—> R2-AS22

R1-AS17 <—> R4-AS22

WAN Subnets

R1:.1 <- 10.10.10.0/30 -> R2: .2

R1:.9 <- 10.10.10.8/30 -> R4: .10

LAN Subnets

R1: .69 <- 172.17.99.0 -> LAN1

Purpose

When R1 advertises the network 172.17.99.0 in BGP, R2 and R4 receive the route with the default AS_PATH attribute value, which is the ASN of R1. I want to make the 172.17.99.0 route received by R2 and R4 a bit ‘unattractive’, by making R1 send it with a longer AS_PATH attribute value. Since the AS_PATH attribute is a BGP non-transitive attribute, this modification will only impact the AS that are immediate neighbors of R1’s AS.

Lab Data

Topology

Rocky-Linux <—> Oob-Router <–> R1

Subnets

Rocky-Linux: .21 <- 192.168.201.0/24 -> Oob-Router:.1 <- 172.17.81.0/24 -> R1:.42

Purpose

Connecting to R1 from a remote machine using SSH must be restricted to a list of management stations whith authorized IP addresses.

Sample Configuration

root@R1> show configuration policy-options prefix-list WassimRocky 
192.168.201.0/24;
root@R1> 
root@R1> show configuration firewall family inet filter Filter1 
term AllowRocky {
    from {
        source-prefix-list {
            WassimRocky;
        }
        destination-port ssh;
    }
    then accept;
}
term PreventOthersSSH {
    from {
        destination-port ssh;
    }
    then {
        count CountSSHdiscards;         
        discard;
    }
}
term AllowOthers {
    then accept;
}
root@R1> show configuration interfaces lo0 unit 0 
family inet {
    filter {
        input Filter1;
    }
    address 1.1.1.1/32;
}