Review the BGP router configuration to verify there are filters defined to only accept routes for prefixes that belong to specific customers. Example route-filter-list of customer addresses with corresponding policy-statement referencing the list: [edit policy-options] route-filter-list customer1-routes { <customer route 1/mask> orlonger; <customer route 2/mask> orlonger; } route-filter-list customer1-routes-ipv6 { <customer route 1/prefix> orlonger; <customer route 1/prefix> orlonger; } <additional route-filter-list for other customers> policy-statement bgp-accept-cust1-routes { term 1 { from { route-filter-list customer1-routes; route-filter-list customer1-routes-ipv6; } then accept; } term 2 { then reject; } } <additional policies for other customers> Note: The example shows using route-filter-lists to ease management. The policy-statement also supports the route directly in the match condition. For example, "route-filter <customer route 1/mask> orlonger" (in place of route-filter-list customer-routes). Verify the eBGP import statement prevents Junos from importing routes into the route table. Junos accepts import statements at three hierarchy levels: Global protocol, group, and neighbor (peer). Global is the most general, followed by group, and neighbor is the most restrictive. Junos applies only the most restrictive policy so if a policy is configured at the protocol, group, and neighbor level, only the neighbor policy is applied. [edit protocols bgp] group customer1 { <other group configuration> import bgp-accept-cust1-routes; neighbor <address> { <other neighbor configuration> import bgp-accept-cust1-routes; } } import <import policy name>; <other BGP configuration> If the router is not configured to reject inbound route advertisements from each CE router for prefixes that are not allocated to that customer, this is a finding. Note: Routes to PE-CE links within a VPN are needed for troubleshooting end-to-end connectivity across the MPLS/IP backbone. Hence, these prefixes are an exception to this requirement.