Reference to the last article for more reference is here. In this example we assume that the Arbor SP Collector Appliance is 10.100.200.10 and the specific Juniper device is 10.1.2.3 with a configured community 1234:5678 for RTBH purposes.
Step1: Create a FlowSpec policy allowing Arbor SP Collector IP Address
set policy-options policy-statement ARBOR_FS_POLICY from neighbor 10.100.200.10 set policy-options policy-statement ARBOR_FS_POLICY then accept
Step2: Create a FlowSpec policy allowing specific community advertisement for RTBH
set policy-options community ARBOR_ALLOWED_COMMUNITY members target:1234:5678 set policy-options policy-statement ARBOR_IMPORT_POLICY term BGP from community ARBOR_ALLOWED_COMMUNITY
Step3: Configure the routes you want to send to Arbor SP for analytics purposes.
set policy-options policy-statement ROUTES-TO-ARBOR term DIRECT from protocol direct set policy-options policy-statement ROUTES-TO-ARBOR term DIRECT then accept set policy-options policy-statement ROUTES-TO-ARBOR term OSPF from protocol ospf set policy-options policy-statement ROUTES-TO-ARBOR term OSPF then accept set policy-options policy-statement ROUTES-TO-ARBOR term BGP from protocol bgp set policy-options policy-statement ROUTES-TO-ARBOR term BGP then accept
Step4: Configure the bgp neighbor group
set routing-instances Internet protocols bgp group ARBOR-BGP type internal set routing-instances Internet protocols bgp group ARBOR-BGP local-address 10.1.2.3 set routing-instances Internet protocols bgp group ARBOR-BGP import ARBOR_IMPORT_POLICY set routing-instances Internet protocols bgp group ARBOR-BGP family inet unicast set routing-instances Internet protocols bgp group ARBOR-BGP family inet flow no-validate ARBOR_FS_POLICY set routing-instances Internet protocols bgp group ARBOR-BGP export ROUTES-TO-ARBOR
Step5: Configure BGP Neighbor.
set routing-instances Internet protocols bgp group ARBOR-BGP neighbor 10.100.200.10 description Arbor_BGP set routing-instances Internet protocols bgp group ARBOR-BGP neighbor 10.100.200.10 family inet unicast set routing-instances Internet protocols bgp group ARBOR-BGP neighbor 10.100.200.10 family inet flow
Verification:
show route table Internet.inetflow.0 detail show firewall filter __flowspec_Internet_inet__ detail logical-system all
show route receive-protocol bgp 10.100.200.10 table Internet
CISSP Made Easy 