=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.12.04 10:33:21 =~=~=~=~=~=~=~=~=~=~=~= show configuration logical-routers | no-more blumenau { interfaces { lt-1/2/0 { /* Conexoes internas ao AS48 */ unit 481 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 480; family inet { address 10.48.0.6/30; } } unit 485 { description "Conexao com chapeco"; encapsulation ethernet; peer-unit 484; family inet { address 10.48.0.14/30; } } unit 486 { description "Conexao com clientes-blumenau"; encapsulation ethernet; peer-unit 487; family inet { address 10.48.0.17/30; } } /* Conexoes externas ao AS48 */ unit 910 { description "Conexao com santa-maria"; encapsulation ethernet; peer-unit 911; family inet { address 10.51.0.141/30; } } } lo0 { unit 491 { family inet { address 10.48.48.2/32 { primary; } address 10.48.32.2/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-sc (Refletor IPv4)"; local-address 10.48.48.2; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 48; neighbor 10.48.48.5 { authentication-key "$9$pDo4BIcevLdVYM8"; ## SECRET-DATA } } group eBGP-PEERING-AS51-BNU-SMA { type external; description "Conexao com o AS51 em SMA"; import pol-eBGP-PEERING-GERAL-IMPORT; export pol-eBGP-PEERING-GERAL-EXPORT; peer-as 51; neighbor 10.51.0.142 { authentication-key "$9$tqPpO1hlK8-dsvW"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.481 { authentication { md5 1 key "$9$lb1M87bs4UDkYg"; ## SECRET-DATA } } interface lt-1/2/0.485 { authentication { md5 1 key "$9$NIbs4GDk5T3jH"; ## SECRET-DATA } } interface lt-1/2/0.486 { authentication { md5 1 key "$9$sW4aUk.5n6Amf"; ## SECRET-DATA } } interface 10.48.48.2 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_48_CLIENTES { 10.48.128.0/17; } prefix-list PREFIXOS_AS_48_LOOPBACKS_EBGP { 10.48.32.0/24; } prefix-list PREFIXOS_AS_48_INFRAESTRUTURA { 10.48.0.0/24; 10.48.48.0/24; } prefix-list PREFIXOS_AS_48 { 10.48.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_48_10; community add comm_48_13; community add comm_48_4848; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_LOOPBACKS_EBGP orlonger; } then { community add comm_48_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { community add comm_48_10; community add comm_48_13; community add comm-no-advertise; reject; } } } policy-statement pol-eBGP-PEERING-GERAL-EXPORT { /* Politica Geral de Peering */ term GERAL { from { protocol bgp; community comm_48_10; } then { metric 150; next policy; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-PEERING-GERAL-IMPORT { /* Politica Geral de Peering */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_48 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_48_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_48_90 estiver presente */ from { protocol bgp; community comm_48_90; } then { local-preference 90; community add comm_48_12; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_48_100 estiver presente */ from { protocol bgp; community comm_48_100; } then { local-preference 100; community add comm_48_12; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_48_110 estiver presente */ from { protocol bgp; community comm_48_110; } then { local-preference 110; community add comm_48_12; accept; } } term GERAL-LP { /* Seta LP=110 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 110; community add comm_48_12; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_48_10 members 48:10; community comm_48_100 members 48:100; community comm_48_11 members 48:11; community comm_48_110 members 48:110; community comm_48_12 members 48:12; community comm_48_13 members 48:13; community comm_48_400 members 48:400; community comm_48_401 members 48:401; community comm_48_4848 members 48:4848; community comm_48_4848_BLOCO2 members 48:48482; community comm_48_4848_BlOCO1 members 48:48481; community comm_48_666 members 48:666; community comm_48_90 members 48:90; community comm_48_921 members 48:921; community comm_48_951 members 48:951; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } router-id 10.48.48.2; autonomous-system 48; } } chapeco { interfaces { lt-1/2/0 { /* Conexoes internas ao AS48 */ unit 483 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 482; family inet { address 10.48.0.10/30; } } unit 484 { description "Conexao com blumenau"; encapsulation ethernet; peer-unit 485; family inet { address 10.48.0.13/30; } } /* Conexoes externas ao AS48 */ unit 909 { description "Conexao com rio-de-janeiro"; encapsulation ethernet; peer-unit 908; family inet { address 10.21.0.130/30; } } } lo0 { unit 492 { family inet { address 10.48.48.3/32 { primary; } address 10.48.32.3/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-sc (Refletor IPv4)"; local-address 10.48.48.3; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 48; neighbor 10.48.48.5 { authentication-key "$9$p4klBIcevLdVYM8"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.483 { authentication { md5 1 key "$9$CymRuORylM7Nbev"; ## SECRET-DATA } } interface lt-1/2/0.484 { authentication { md5 1 key "$9$/hkatu1cyKXxdre"; ## SECRET-DATA } } interface 10.48.48.3 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_48_CLIENTES { 10.48.128.0/17; } prefix-list PREFIXOS_AS_48_LOOPBACKS_EBGP { 10.48.32.0/24; } prefix-list PREFIXOS_AS_48_INFRAESTRUTURA { 10.48.0.0/24; 10.48.48.0/24; } prefix-list PREFIXOS_AS_48 { 10.48.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_48_10; community add comm_48_13; community add comm_48_4848; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_LOOPBACKS_EBGP orlonger; } then { community add comm_48_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { community add comm_48_10; community add comm_48_13; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_48_10 members 48:10; community comm_48_100 members 48:100; community comm_48_11 members 48:11; community comm_48_110 members 48:110; community comm_48_12 members 48:12; community comm_48_13 members 48:13; community comm_48_400 members 48:400; community comm_48_401 members 48:401; community comm_48_4848 members 48:4848; community comm_48_4848_BLOCO2 members 48:48482; community comm_48_4848_BlOCO1 members 48:48481; community comm_48_666 members 48:666; community comm_48_90 members 48:90; community comm_48_921 members 48:921; community comm_48_951 members 48:951; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } router-id 10.48.48.3; autonomous-system 48; } } clientes-blumenau { interfaces { lt-1/2/0 { /* Conexoes internas ao AS48 */ unit 487 { description "Conexao com blumenau"; encapsulation ethernet; peer-unit 486; family inet { address 10.48.0.18/30; } } /* Simulando um back-to-back */ unit 1002 { description "Conexao com wormhole"; encapsulation ethernet; peer-unit 1003; family inet { address 10.48.128.1/25; address 10.48.129.1/29; address 10.48.129.9/29; address 10.48.129.17/29; address 10.48.129.25/29; address 10.48.129.33/27; address 10.48.129.65/27; address 10.48.129.97/27; address 10.48.129.129/25; } } } lo0 { unit 493 { family inet { address 10.48.48.4/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-sc (Refletor IPv4)"; local-address 10.48.48.4; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 48; neighbor 10.48.48.5 { authentication-key "$9$abUjq5QntpBz3"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.487 { authentication { md5 1 key "$9$qfT3CtOhclp0"; ## SECRET-DATA } } interface lo0.493 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_48_CLIENTES { 10.48.128.0/17; } prefix-list PREFIXOS_AS_48_LOOPBACKS_EBGP { 10.48.32.0/24; } prefix-list PREFIXOS_AS_48_INFRAESTRUTURA { 10.48.0.0/24; 10.48.48.0/24; } prefix-list PREFIXOS_AS_48 { 10.48.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_48_10; community add comm_48_13; community add comm_48_4848; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_LOOPBACKS_EBGP orlonger; } then { community add comm_48_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { community add comm_48_10; community add comm_48_13; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_48_10 members 48:10; community comm_48_100 members 48:100; community comm_48_11 members 48:11; community comm_48_110 members 48:110; community comm_48_12 members 48:12; community comm_48_13 members 48:13; community comm_48_400 members 48:400; community comm_48_401 members 48:401; community comm_48_4848 members 48:4848; community comm_48_4848_BLOCO2 members 48:48482; community comm_48_4848_BlOCO1 members 48:48481; community comm_48_666 members 48:666; community comm_48_90 members 48:90; community comm_48_921 members 48:921; community comm_48_951 members 48:951; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } aggregate { route 10.48.128.0/24 community 48:48481; route 10.48.129.0/24 community 48:48482; } router-id 10.48.48.4; autonomous-system 48; } } clientes-petropolis { interfaces { lt-1/2/0 { /* Conexoes internas ao AS21 */ unit 217 { description "Conexao com petropolis"; encapsulation ethernet; peer-unit 216; family inet { address 10.21.0.18/30; } } /* Simulando um back-to-back */ unit 1004 { description "Conexao com wormhole"; encapsulation ethernet; peer-unit 1005; family inet { address 10.21.128.1/25; address 10.21.129.1/29; address 10.21.129.9/29; address 10.21.129.17/29; address 10.21.129.25/29; address 10.21.129.33/27; address 10.21.129.65/27; address 10.21.129.97/27; address 10.21.129.129/25; } } } lo0 { unit 293 { family inet { address 10.21.21.4/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rj (Refletor IPv4)"; local-address 10.21.21.4; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 21; neighbor 10.21.21.5 { authentication-key "$9$rdXvWxVwgGUHs2"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.217 { authentication { md5 1 key "$9$bI24ZikPF39qm"; ## SECRET-DATA } } interface lo0.293 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_21_CLIENTES { 10.21.128.0/17; } prefix-list PREFIXOS_AS_21_LOOPBACKS_EBGP { 10.21.32.0/24; } prefix-list PREFIXOS_AS_21_INFRAESTRUTURA { 10.21.0.0/24; 10.21.21.0/24; } prefix-list PREFIXOS_AS_21 { 10.21.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_21_10; community add comm_21_2121; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_LOOPBACKS_EBGP orlonger; } then { community add comm_21_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { community add comm_21_10; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_21_10 members 21:10; community comm_21_2121 members 21:2121; community comm_21_2121_BLOCO2 members 21:21212; community comm_21_2121_BlOCO1 members 21:21211; community comm_21_400 members 21:400; community comm_21_401 members 21:401; community comm_21_48 members 21:48; community comm_21_51 members 21:51; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } aggregate { route 10.21.128.0/24 community 21:21211; route 10.21.129.0/24 community 21:21212; } router-id 10.21.21.4; autonomous-system 21; } } clientes-porto-alegre { interfaces { lt-1/2/0 { /* Conexoes internas ao AS51 */ unit 517 { description "Conexao com porto-alegre"; encapsulation ethernet; peer-unit 516; family inet { address 10.51.0.18/30; } } /* Simulando um back-to-back */ unit 1000 { description "Conexao com wormhole"; encapsulation ethernet; peer-unit 1001; family inet { address 10.51.128.1/25; address 10.51.129.1/29; address 10.51.129.9/29; address 10.51.129.17/29; address 10.51.129.25/29; address 10.51.129.33/27; address 10.51.129.65/27; address 10.51.129.97/27; address 10.51.129.129/25; } } } lo0 { unit 593 { family inet { address 10.51.51.4/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rs (Refletor IPv4)"; local-address 10.51.51.4; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 51; neighbor 10.51.51.5 { authentication-key "$9$T36AO1heK8IE"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.517 { authentication { md5 1 key "$9$Hmfz/CuREyAp"; ## SECRET-DATA } } interface lo0.593 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_51_CLIENTES { 10.51.128.0/17; } prefix-list PREFIXOS_AS_51_LOOPBACKS_EBGP { 10.51.32.0/24; } prefix-list PREFIXOS_AS_51_INFRAESTRUTURA { 10.51.0.0/24; 10.51.51.0/24; } prefix-list PREFIXOS_AS_51 { 10.51.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_51_10; community add comm_51_13; community add comm_51_5151; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_LOOPBACKS_EBGP orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { community add comm_51_10; community add comm_51_13; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_51_10 members 51:10; community comm_51_100 members 51:100; community comm_51_11 members 51:11; community comm_51_110 members 51:110; community comm_51_12 members 51:12; community comm_51_13 members 51:13; community comm_51_400 members 51:400; community comm_51_401 members 51:401; community comm_51_5151 members 51:5151; community comm_51_5151_BLOCO2 members 51:51512; community comm_51_5151_BlOCO1 members 51:51511; community comm_51_666 members 51:666; community comm_51_90 members 51:90; community comm_51_921 members 51:921; community comm_51_948 members 51:948; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } aggregate { route 10.51.128.0/24 community 51:51511; route 10.51.129.0/24 community 51:51512; } router-id 10.51.51.4; autonomous-system 51; } } /* AS51 - Rio Grande do Sul */ faxinal { interfaces { lt-1/2/0 { /* Conexoes Internas ao AS51 */ unit 500 { description "Conexao com rr-rs"; encapsulation ethernet; peer-unit 501; family inet { address 10.51.0.1/30; } } unit 510 { description "Conexao com porto-alegre"; encapsulation ethernet; peer-unit 511; family inet { address 10.51.0.5/30; } } unit 512 { description "Conexao com santa-maria"; encapsulation ethernet; peer-unit 513; family inet { address 10.51.0.9/30; } } /* Conexoes externas ao AS51 */ unit 900 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 901; family inet { address 10.51.0.129/30; } } unit 902 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 903; family inet { address 10.51.0.133/30; } } unit 904 { description "Conexao com rio-de-janeiro"; encapsulation ethernet; peer-unit 905; family inet { address 10.51.0.137/30; } } } lo0 { unit 590 { family inet { address 10.51.51.1/32 { primary; } address 10.51.32.1/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rs (Refletor IPv4)"; local-address 10.51.51.1; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 51; neighbor 10.51.51.5 { authentication-key "$9$60SSApBhSeLX-yl"; ## SECRET-DATA } } group eBGP-PEERING-AS48-FXO-FLN { type external; description "Conexao com o AS48 em FLN"; local-address 10.51.32.1; import pol-eBGP-PEERING-GERAL-IMPORT; export pol-eBGP-PEERING-GERAL-EXPORT; peer-as 48; neighbor 10.48.32.1 { multihop { ttl 4; } authentication-key "$9$84K7-w4aUq.5JG"; ## SECRET-DATA } } group eBGP-CLIENTE-AS21-FXO-RJO { type external; description "Conexao com o AS21 em RJO"; import pol-eBGP-CLIENTE-GERAL-IMPORT; export pol-eBGP-CLIENTE-GERAL-EXPORT-FULL; peer-as 21; neighbor 10.51.0.138 { authentication-key "$9$1A8hSe8X-Y2axN"; ## SECRET-DATA } } } ospf { export injeta-default; area 0.0.0.0 { interface lt-1/2/0.500 { authentication { md5 1 key "$9$I.DcyKLxd2gJ7-"; ## SECRET-DATA } } interface lt-1/2/0.510 { authentication { md5 1 key "$9$dks2aDi.Qz6Hq"; ## SECRET-DATA } } interface lt-1/2/0.512 { authentication { md5 1 key "$9$95hzp0ISrvx7VlK"; ## SECRET-DATA } } interface 10.51.51.1 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_51_CLIENTES { 10.51.128.0/17; } prefix-list PREFIXOS_AS_51_LOOPBACKS_EBGP { 10.51.32.0/24; } prefix-list PREFIXOS_AS_51_INFRAESTRUTURA { 10.51.0.0/24; 10.51.51.0/24; } prefix-list PREFIXOS_AS_51 { 10.51.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_51_10; community add comm_51_13; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_LOOPBACKS_EBGP orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { community add comm_51_10; community add comm_51_13; community add comm-no-advertise; reject; } } } policy-statement injeta-default { term a { from { protocol static; route-filter 0.0.0.0/0 exact; } then accept; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-FULL { /* Politica Geral de Transito */ term ROTAS-DO-AS51 { from { protocol bgp; community comm_51_10; } then { metric 200; community delete comm_todas; accept; } } term ROTAS-DE-TRANSITO { from { protocol bgp; community comm_51_11; } then { metric 200; community delete comm_todas; accept; } } term ROTAS-DE-PEERING { from { protocol bgp; community comm_51_12; } then { metric 200; community delete comm_todas; accept; } } term ROTAS-DE-CLIENTE { from { protocol bgp; community comm_51_13; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-NADA { /* Politica Geral de Transito */ term GERAL { from { route-filter 0.0.0.0/0 exact; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-PARCIAL { /* Politica Geral de Transito */ term ROTAS-DO-AS { from { protocol bgp; community comm_51_10; } then { metric 200; community delete comm_todas; accept; } } term ROTAS-DE-CLIENTE { from { protocol bgp; community comm_51_13; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-IMPORT { /* Politica Geral de Transito */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_51 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_51_666; route-filter 10.21.0.0/16 upto /32; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_51_90 estiver presente */ from { protocol bgp; community comm_51_90; route-filter 10.21.0.0/16 upto /24; } then { local-preference 90; community add comm_51_13; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_51_100 estiver presente */ from { protocol bgp; community comm_51_100; route-filter 10.21.0.0/16 upto /24; } then { local-preference 100; community add comm_51_13; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_51_110 estiver presente */ from { protocol bgp; community comm_51_110; route-filter 10.21.0.0/16 upto /24; } then { local-preference 110; community add comm_51_13; accept; } } term GERAL-MED-LP { /* Seta LP=90 se nenhum termo anterior capturou o prefixo */ from { protocol bgp; route-filter 10.21.0.0/16 upto /24; } then { local-preference 90; community add comm_51_13; accept; } } } policy-statement pol-eBGP-PEERING-GERAL-EXPORT { /* Politica Geral de Peering */ term GERAL { from { protocol bgp; community comm_51_10; } then { metric 150; next policy; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-PEERING-GERAL-IMPORT { /* Politica Geral de Peering */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_51 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_51_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_51_90 estiver presente */ from { protocol bgp; community comm_51_90; } then { local-preference 90; community add comm_51_12; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_51_100 estiver presente */ from { protocol bgp; community comm_51_100; } then { local-preference 100; community add comm_51_12; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_51_110 estiver presente */ from { protocol bgp; community comm_51_110; } then { local-preference 110; community add comm_51_12; accept; } } term GERAL-LP { /* Seta LP=110 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 110; community add comm_51_12; accept; } } } policy-statement pol-eBGP-TRANSITO-GERAL-EXPORT { /* Politica Geral de Transito */ term GERAL { from { protocol bgp; community [ comm_51_10 comm_51_11 comm_51_12 comm_51_13 ]; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-TRANSITO-GERAL-IMPORT { /* Politica Geral de Transito */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_51 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_51_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_51_90 estiver presente */ from { protocol bgp; community comm_51_90; } then { local-preference 90; community add comm_51_11; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_51_100 estiver presente */ from { protocol bgp; community comm_51_100; } then { local-preference 100; community add comm_51_11; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_51_110 estiver presente */ from { protocol bgp; community comm_51_110; } then { local-preference 110; community add comm_51_11; accept; } } term GERAL-MED-LP { /* Seta LP=90 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 90; community add comm_51_11; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_51_10 members 51:10; community comm_51_100 members 51:100; community comm_51_11 members 51:11; community comm_51_110 members 51:110; community comm_51_12 members 51:12; community comm_51_13 members 51:13; community comm_51_400 members 51:400; community comm_51_401 members 51:401; community comm_51_5151 members 51:5151; community comm_51_5151_BLOCO2 members 51:51512; community comm_51_5151_BlOCO1 members 51:51511; community comm_51_666 members 51:666; community comm_51_90 members 51:90; community comm_51_921 members 51:921; community comm_51_948 members 51:948; community comm_todas members *:*; } routing-options { static { route 0.0.0.0/0 discard; route 192.6.66.1/32 discard; route 10.48.32.1/32 next-hop [ 10.51.0.130 10.51.0.134 ]; } router-id 10.51.51.1; autonomous-system 51; } } /* AS48 - Santa Catarina */ florianopolis { interfaces { lt-1/2/0 { /* Conexoes internas ao AS48 */ unit 400 { description "Conexao com rr-sc"; encapsulation ethernet; peer-unit 401; family inet { address 10.48.0.1/30; } } unit 480 { description "Conexao com blumenau"; encapsulation ethernet; peer-unit 481; family inet { address 10.48.0.5/30; } } unit 482 { description "Conexao com chapeco"; encapsulation ethernet; peer-unit 483; family inet { address 10.48.0.9/30; } } /* Conexoes externas ao AS48 */ unit 901 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 900; family inet { address 10.51.0.130/30; } } unit 903 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 902; family inet { address 10.51.0.134/30; } } unit 906 { description "Conexao com rio-de-janeiro"; encapsulation ethernet; peer-unit 907; family inet { address 10.48.0.129/30; } } } lo0 { unit 490 { family inet { address 10.48.48.1/32 { primary; } address 10.48.32.1/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-sc (Refletor IPv4)"; local-address 10.48.48.1; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 48; neighbor 10.48.48.5 { authentication-key "$9$-ewYoUjqTQnik"; ## SECRET-DATA } } group eBGP-PEERING-AS51-FLN-FXO { type external; description "Conexao com o AS51 em FXO"; local-address 10.48.32.1; import pol-eBGP-PEERING-GERAL-IMPORT; export [ pol-eBGP-PEERING-GERAL-EXPORT pol-eBGP-PEERING-AS51-FNS-FXO-EXPORT ]; peer-as 51; neighbor 10.51.32.1 { multihop { ttl 4; } authentication-key "$9$vpGLxdYgJiHm4a"; ## SECRET-DATA } } } ospf { export injeta-default; area 0.0.0.0 { interface lt-1/2/0.400 { authentication { md5 1 key "$9$roevWxVwgGUHs2"; ## SECRET-DATA } } interface lt-1/2/0.480 { authentication { md5 1 key "$9$Nlbs4GDk5T3jH"; ## SECRET-DATA } } interface lt-1/2/0.482 { authentication { md5 1 key "$9$ezwWLNwYoDjq24"; ## SECRET-DATA } } interface 10.48.48.1 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_48_CLIENTES { 10.48.128.0/17; } prefix-list PREFIXOS_AS_48_LOOPBACKS_EBGP { 10.48.32.0/24; } prefix-list PREFIXOS_AS_48_INFRAESTRUTURA { 10.48.0.0/24; 10.48.48.0/24; } prefix-list PREFIXOS_AS_48 { 10.48.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_48_10; community add comm_48_13; community add comm_48_4848; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_LOOPBACKS_EBGP orlonger; } then { community add comm_48_10; community add comm-no-export; community add comm-no-advertise; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { community add comm_48_10; community add comm_48_13; community add comm-no-advertise; reject; } } } policy-statement injeta-default { term a { from { protocol static; route-filter 0.0.0.0/0 exact; } then accept; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-FULL { /* Politica Geral de Transito */ term GERAL { from { protocol bgp; community [ comm_48_10 comm_48_11 comm_48_13 ]; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-NADA { /* Politica Geral de Transito */ term GERAL { from { route-filter 0.0.0.0/0 exact; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-EXPORT-PARCIAL { /* Politica Geral de Transito */ term GERAL { from { protocol bgp; community [ comm_48_10 comm_48_13 ]; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-CLIENTE-GERAL-IMPORT { /* Politica Geral de Transito */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_48 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_48_666; route-filter 10.21.0.0/16 upto /32; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_48_90 estiver presente */ from { protocol bgp; community comm_48_90; route-filter 10.21.0.0/16 upto /24; } then { local-preference 90; community add comm_48_13; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_48_100 estiver presente */ from { protocol bgp; community comm_48_100; route-filter 10.21.0.0/16 upto /24; } then { local-preference 100; community add comm_48_13; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_48_110 estiver presente */ from { protocol bgp; community comm_48_110; route-filter 10.21.0.0/16 upto /24; } then { local-preference 110; community add comm_48_13; accept; } } term GERAL-MED-LP { /* Seta LP=90 se nenhum termo anterior capturou o prefixo */ from { protocol bgp; route-filter 10.21.0.0/16 upto /24; } then { local-preference 90; community add comm_48_13; accept; } } } policy-statement pol-eBGP-PEERING-AS51-FNS-FXO-EXPORT { /* Politica Especifica de Peering entre o AS48 e AS51 no entroncamento FNS-FXO */ term BLOCO1 { from { protocol bgp; community comm_48_4848_BLOCO1; } then { metric 250; community add comm_51_90; accept; } } } policy-statement pol-eBGP-PEERING-GERAL-EXPORT { /* Politica Geral de Peering */ term GERAL { from { protocol bgp; community comm_48_10; } then { metric 150; next policy; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-PEERING-GERAL-IMPORT { /* Politica Geral de Peering */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_48 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_48_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_48_90 estiver presente */ from { protocol bgp; community comm_48_90; } then { local-preference 90; community add comm_48_12; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_48_100 estiver presente */ from { protocol bgp; community comm_48_100; } then { local-preference 100; community add comm_48_12; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_48_110 estiver presente */ from { protocol bgp; community comm_48_110; } then { local-preference 110; community add comm_48_12; accept; } } term GERAL-LP { /* Seta LP=110 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 110; community add comm_48_12; accept; } } } policy-statement pol-eBGP-TRANSITO-GERAL-EXPORT { /* Politica Geral de Transito */ term GERAL { from { protocol bgp; community [ comm_48_10 comm_48_11 comm_48_12 comm_48_13 ]; } then { metric 200; community delete comm_todas; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-TRANSITO-GERAL-IMPORT { /* Politica Geral de Transito */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_48 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_48_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_48_90 estiver presente */ from { protocol bgp; community comm_48_90; } then { local-preference 90; community add comm_48_11; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_48_100 estiver presente */ from { protocol bgp; community comm_48_100; } then { local-preference 100; community add comm_48_11; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_48_110 estiver presente */ from { protocol bgp; community comm_48_110; } then { local-preference 110; community add comm_48_11; accept; } } term GERAL-MED-LP { /* Seta LP=90 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 90; community add comm_48_11; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_48_10 members 48:10; community comm_48_100 members 48:100; community comm_48_11 members 48:11; community comm_48_110 members 48:110; community comm_48_12 members 48:12; community comm_48_13 members 48:13; community comm_48_400 members 48:400; community comm_48_401 members 48:401; community comm_48_4848 members 48:4848; community comm_48_4848_BLOCO1 members 48:48481; community comm_48_4848_BLOCO2 members 48:48482; community comm_48_666 members 48:666; community comm_48_90 members 48:90; community comm_48_921 members 48:921; community comm_48_951 members 48:951; community comm_51_90 members 51:90; community comm_todas members *:*; } routing-options { static { route 0.0.0.0/0 discard; route 192.6.66.1/32 discard; route 10.51.32.1/32 next-hop [ 10.51.0.129 10.51.0.133 ]; } router-id 10.48.48.1; autonomous-system 48; } } petropolis { interfaces { lt-1/2/0 { /* Conexoes internas ao AS21 */ unit 211 { description "Conexao com rio-de-janeiro"; encapsulation ethernet; peer-unit 210; family inet { address 10.21.0.6/30; } } unit 216 { description "Conexao com clientes-petropolis"; encapsulation ethernet; peer-unit 217; family inet { address 10.21.0.17/30; } } } lo0 { unit 291 { family inet { address 10.21.21.2/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rj (Refletor IPv4)"; local-address 10.21.21.2; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 21; neighbor 10.21.21.5 { authentication-key "$9$VnYgJjHmzF/k."; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.211 { authentication { md5 1 key "$9$YRoJDqmT6/tP5"; ## SECRET-DATA } } interface lt-1/2/0.216 { authentication { md5 1 key "$9$gDJGimfz9Cu5Q"; ## SECRET-DATA } } interface lo0.291 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_21_CLIENTES { 10.21.128.0/17; } prefix-list PREFIXOS_AS_21_LOOPBACKS_EBGP { 10.21.32.0/24; } prefix-list PREFIXOS_AS_21_INFRAESTRUTURA { 10.21.0.0/24; 10.21.21.0/24; } prefix-list PREFIXOS_AS_21 { 10.21.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_21_10; community add comm_21_2121; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_LOOPBACKS_EBGP orlonger; } then { community add comm_21_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { community add comm_21_10; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_21_10 members 21:10; community comm_21_2121 members 21:2121; community comm_21_2121_BLOCO2 members 21:21212; community comm_21_2121_BlOCO1 members 21:21211; community comm_21_400 members 21:400; community comm_21_401 members 21:401; community comm_21_48 members 21:48; community comm_21_51 members 21:51; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } router-id 10.21.21.2; autonomous-system 21; } } porto-alegre { interfaces { lt-1/2/0 { /* Conexoes internas ao AS51 */ unit 511 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 510; family inet { address 10.51.0.6/30; } } unit 515 { description "Conexao com santa-maria"; encapsulation ethernet; peer-unit 514; family inet { address 10.51.0.14/30; } } unit 516 { description "Conexao com clientes-porto-alegre"; encapsulation ethernet; peer-unit 517; family inet { address 10.51.0.17/30; } } } lo0 { unit 592 { family inet { address 10.51.51.3/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rs (Refletor IPv4)"; local-address 10.51.51.3; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 51; neighbor 10.51.51.5 { authentication-key "$9$n-l2CtOEcl8LNSr"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.511 { authentication { md5 1 key "$9$V3YgJjHmzF/k."; ## SECRET-DATA } } interface lt-1/2/0.515 { authentication { md5 1 key "$9$bQ24ZikPF39qm"; ## SECRET-DATA } } interface lt-1/2/0.516 { authentication { md5 1 key "$9$LeONdsoJD.mTZU"; ## SECRET-DATA } } interface lo0.592 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_51_CLIENTES { 10.51.128.0/17; } prefix-list PREFIXOS_AS_51_LOOPBACKS_EBGP { 10.51.32.0/24; } prefix-list PREFIXOS_AS_51_INFRAESTRUTURA { 10.51.0.0/24; 10.51.51.0/24; } prefix-list PREFIXOS_AS_51 { 10.51.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_51_10; community add comm_51_13; community add comm_51_5151; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_LOOPBACKS_EBGP orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { community add comm_51_10; community add comm_51_13; community add comm-no-advertise; reject; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_51_10 members 51:10; community comm_51_100 members 51:100; community comm_51_11 members 51:11; community comm_51_110 members 51:110; community comm_51_12 members 51:12; community comm_51_13 members 51:13; community comm_51_400 members 51:400; community comm_51_401 members 51:401; community comm_51_5151 members 51:5151; community comm_51_5151_BLOCO2 members 51:51512; community comm_51_5151_BlOCO1 members 51:51511; community comm_51_666 members 51:666; community comm_51_90 members 51:90; community comm_51_921 members 51:921; community comm_51_948 members 51:948; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } router-id 10.51.51.3; autonomous-system 51; } } /* AS21 - Rio de Janeiro */ rio-de-janeiro { interfaces { lt-1/2/0 { /* Conexoes internas ao AS21 */ unit 200 { description "Conexao com rr-rj"; encapsulation ethernet; peer-unit 201; family inet { address 10.21.0.1/30; } } unit 210 { description "Conexao com petropolis"; encapsulation ethernet; peer-unit 211; family inet { address 10.21.0.5/30; } } /* Conexoes externas ao AS21 */ unit 905 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 904; family inet { address 10.51.0.138/30; } } unit 907 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 906; family inet { address 10.48.0.130/30; } } unit 908 { description "Conexao com chapeco"; encapsulation ethernet; peer-unit 909; family inet { address 10.21.0.129/30; } } } lo0 { unit 290 { family inet { address 10.21.21.1/32 { primary; } address 10.21.32.1/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rj (Refletor IPv4)"; local-address 10.21.21.1; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 21; neighbor 10.21.21.5 { authentication-key "$9$L0RNdsoJD.mTZU"; ## SECRET-DATA } } group eBGP-CLIENTE-AS51-RJO-FXO { type external; description "Conexao com o AS51 em FXO"; peer-as 51; neighbor 10.51.0.137 { authentication-key "$9$T36AO1heK8IE"; ## SECRET-DATA } } } ospf { export injeta-default; area 0.0.0.0 { interface lt-1/2/0.200 { authentication { md5 1 key "$9$QlbOn/tBIcKvLRh"; ## SECRET-DATA } } interface lt-1/2/0.210 { authentication { md5 1 key "$9$i.PQ69pIRSCt"; ## SECRET-DATA } } interface 10.21.21.1 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_21_CLIENTES { 10.21.128.0/17; } prefix-list PREFIXOS_AS_21_LOOPBACKS_EBGP { 10.21.32.0/24; } prefix-list PREFIXOS_AS_21_INFRAESTRUTURA { 10.21.0.0/24; 10.21.21.0/24; } prefix-list PREFIXOS_AS_21 { 10.21.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_21_10; community add comm_21_2121; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_LOOPBACKS_EBGP orlonger; } then { community add comm_21_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { community add comm_21_10; community add comm-no-advertise; reject; } } } policy-statement injeta-default { term a { from { protocol static; route-filter 0.0.0.0/0 exact; } then accept; } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_21_10 members 21:10; community comm_21_2121 members 21:2121; community comm_21_2121_BLOCO2 members 21:21212; community comm_21_2121_BlOCO1 members 21:21211; community comm_21_400 members 21:400; community comm_21_401 members 21:401; community comm_21_48 members 21:48; community comm_21_51 members 21:51; community comm_todas members *:*; } routing-options { static { route 0.0.0.0/0 discard; route 192.6.66.1/32 discard; } router-id 10.21.21.1; autonomous-system 21; } } rr-rj { interfaces { lt-1/2/0 { /* Conexoes internas ao AS21 */ unit 201 { description "Conexao com rio-de-janeiro"; encapsulation ethernet; peer-unit 200; family inet { address 10.21.0.2/30; } } } lo0 { unit 294 { family inet { address 10.21.21.5/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description RR-IPv4; local-address 10.21.21.5; export IBGP-RR-IPv4; cluster 10.21.21.255; peer-as 21; neighbor 10.21.21.1 { description "iBGP rio-de-janeiro"; authentication-key "$9$Hmfz/CuREyAp"; ## SECRET-DATA } neighbor 10.21.21.2 { description "iBGP petropolis"; authentication-key "$9$1rShSe8X-Y2axN"; ## SECRET-DATA } neighbor 10.21.21.4 { description "iBGP clientes-petropolis"; authentication-key "$9$5FnC0BEleW1R"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.201 { authentication { md5 1 key "$9$VzYgJjHmzF/k."; ## SECRET-DATA } } interface lo0.294 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_21_CLIENTES { 10.21.128.0/17; } prefix-list PREFIXOS_AS_21_LOOPBACKS_EBGP { 10.21.32.0/24; } prefix-list PREFIXOS_AS_21_INFRAESTRUTURA { 10.21.0.0/24; 10.21.21.0/24; } prefix-list PREFIXOS_AS_21 { 10.21.0.0/16; } policy-statement IBGP-RR-IPv4 { term BGP { from protocol bgp; then accept; } term PREFIXOS_AS_21_CLIENTES { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_21_CLIENTES orlonger; } then { community add comm_21_10; accept; } } term PREFIXOS_AS_21_LOOPBACKS_EBGP { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_21_LOOPBACKS_EBGP orlonger; } then { community add comm_21_10; community add comm-no-export; accept; } } term PREFIXOS_INFRAESTRUTURA { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_21_INFRAESTRUTURA orlonger; } then { community add comm_21_10; community add comm-no-export; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_21_10 members 21:10; community comm_21_2121 members 21:2121; community comm_21_2121_BLOCO2 members 21:21212; community comm_21_2121_BlOCO1 members 21:21211; community comm_21_400 members 21:400; community comm_21_401 members 21:401; community comm_21_48 members 21:48; community comm_21_51 members 21:51; community comm_todas members *:*; } routing-options { static { route 10.21.128.0/17 { discard; community 21:2121; } route 10.21.32.0/24 { discard; community 21:401; } route 192.6.66.1/32 discard; } router-id 10.21.21.5; autonomous-system 21; } } rr-rs { interfaces { lt-1/2/0 { unit 501 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 500; family inet { address 10.51.0.2/30; } } } lo0 { unit 594 { family inet { address 10.51.51.5/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description RR-IPv4; local-address 10.51.51.5; export IBGP-RR-IPv4; cluster 10.51.51.255; peer-as 51; neighbor 10.51.51.1 { description "iBGP faxinal"; authentication-key "$9$GtikPz390ORn/"; ## SECRET-DATA } neighbor 10.51.51.2 { description "iBGP santa-maria"; authentication-key "$9$e7-WLNwYoDjq24"; ## SECRET-DATA } neighbor 10.51.51.3 { description "iBGP porto-alegre"; authentication-key "$9$bC24ZikPF39qm"; ## SECRET-DATA } neighbor 10.51.51.4 { description "iBGP clientes-porto-alegre"; authentication-key "$9$C4DzuORylM7Nbev"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.501 { authentication { md5 1 key "$9$Xty-VYaZjmPQGD"; ## SECRET-DATA } } interface lo0.594 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_51_CLIENTES { 10.51.128.0/17; } prefix-list PREFIXOS_AS_51_LOOPBACKS_EBGP { 10.51.32.0/24; } prefix-list PREFIXOS_AS_51_INFRAESTRUTURA { 10.51.0.0/24; 10.51.51.0/24; } prefix-list PREFIXOS_AS_51 { 10.51.0.0/16; } policy-statement IBGP-RR-IPv4 { term BGP { from protocol bgp; then accept; } term PREFIXOS_AS_51_CLIENTES { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { community add comm_51_10; community add comm_51_13; accept; } } term PREFIXOS_AS_51_LOOPBACKS_EBGP { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_51_LOOPBACKS_EBGP orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } term PREFIXOS_INFRAESTRUTURA { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_51_INFRAESTRUTURA orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_51_10 members 51:10; community comm_51_100 members 51:100; community comm_51_11 members 51:11; community comm_51_110 members 51:110; community comm_51_12 members 51:12; community comm_51_13 members 51:13; community comm_51_400 members 51:400; community comm_51_401 members 51:401; community comm_51_5151 members 51:5151; community comm_51_5151_BLOCO2 members 51:51512; community comm_51_5151_BlOCO1 members 51:51511; community comm_51_666 members 51:666; community comm_51_90 members 51:90; community comm_51_921 members 51:921; community comm_51_948 members 51:948; community comm_todas members *:*; } routing-options { static { route 10.51.128.0/17 { discard; community 51:5151; } route 10.51.32.0/24 { discard; community 51:401; } route 192.6.66.1/32 discard; } router-id 10.51.51.5; autonomous-system 51; } } rr-sc { interfaces { lt-1/2/0 { /* Conexoes internas ao AS48 */ unit 401 { description "Conexao com florianopolis"; encapsulation ethernet; peer-unit 400; family inet { address 10.48.0.2/30; } } } lo0 { unit 494 { family inet { address 10.48.48.5/32 { primary; } } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description RR-IPv4; local-address 10.48.48.5; export IBGP-RR-IPv4; cluster 10.48.48.255; peer-as 48; neighbor 10.48.48.1 { description "iBGP florianopolis"; authentication-key "$9$U5HqfFnCOBE69"; ## SECRET-DATA } neighbor 10.48.48.2 { description "iBGP blumenau"; authentication-key "$9$uyBV1RSKMXVb2WL"; ## SECRET-DATA } neighbor 10.48.48.3 { description "iBGP chapeco"; authentication-key "$9$i.PQ69pIRSCt"; ## SECRET-DATA } neighbor 10.48.48.4 { description "iBGP clientes-blumenau"; authentication-key "$9$U3HqfFnCOBE69"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.401 { authentication { md5 1 key "$9$-gwYoUjqTQnik"; ## SECRET-DATA } } interface lo0.494 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_48_CLIENTES { 10.48.128.0/17; } prefix-list PREFIXOS_AS_48_LOOPBACKS_EBGP { 10.48.32.0/24; } prefix-list PREFIXOS_AS_48_INFRAESTRUTURA { 10.48.0.0/24; 10.48.48.0/24; } prefix-list PREFIXOS_AS_48 { 10.48.0.0/16; } policy-statement IBGP-RR-IPv4 { term BGP { from protocol bgp; then accept; } term PREFIXOS_AS_48_CLIENTES { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_48_CLIENTES orlonger; } then { community add comm_48_10; community add comm_48_13; accept; } } term PREFIXOS_AS_48_LOOPBACKS_EBGP { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_48_LOOPBACKS_EBGP orlonger; } then { community add comm_48_10; community add comm-no-export; accept; } } term PREFIXOS_INFRAESTRUTURA { from { protocol [ static bgp ]; prefix-list-filter PREFIXOS_AS_48_INFRAESTRUTURA orlonger; } then { community add comm_48_10; community add comm-no-export; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_48_10 members 48:10; community comm_48_100 members 48:100; community comm_48_11 members 48:11; community comm_48_110 members 48:110; community comm_48_12 members 48:12; community comm_48_13 members 48:13; community comm_48_400 members 48:400; community comm_48_401 members 48:401; community comm_48_4848 members 48:4848; community comm_48_4848_BLOCO2 members 48:48482; community comm_48_4848_BlOCO1 members 48:48481; community comm_48_666 members 48:666; community comm_48_90 members 48:90; community comm_48_921 members 48:921; community comm_48_951 members 48:951; community comm_todas members *:*; } routing-options { static { route 10.48.128.0/17 { discard; community 48:4848; } route 10.48.32.0/24 { discard; community 48:401; } route 192.6.66.1/32 discard; } router-id 10.48.48.5; autonomous-system 48; } } santa-maria { interfaces { lt-1/2/0 { /* Conexoes internas ao AS51 */ unit 513 { description "Conexao com faxinal"; encapsulation ethernet; peer-unit 512; family inet { address 10.51.0.10/30; } } unit 514 { description "Conexao com porto-alegre"; encapsulation ethernet; peer-unit 515; family inet { address 10.51.0.13/30; } } /* Conexoes externas ao AS51 */ unit 911 { description "Conexao com blumenau"; encapsulation ethernet; peer-unit 910; family inet { address 10.51.0.142/30; } } } lo0 { unit 591 { family inet { address 10.51.51.2/32 { primary; } address 10.51.32.2/32; } } } } protocols { bgp { group iBGP-RR-IPv4 { type internal; description "Conexao com o rr-rs (Refletor IPv4)"; local-address 10.51.51.2; export [ NEXT-HOP-SELF injeta-conectadas injeta-agregadas ]; peer-as 51; neighbor 10.51.51.5 { authentication-key "$9$kP5F9A0Ehrtu"; ## SECRET-DATA } } group eBGP-PEERING-AS48-SMA-BNU { type external; description "Conexao com o AS48 em BNU"; import pol-eBGP-PEERING-GERAL-IMPORT; export pol-eBGP-PEERING-GERAL-EXPORT; peer-as 48; neighbor 10.51.0.141 { authentication-key "$9$c-jlK8NdsaJDVw"; ## SECRET-DATA } } } ospf { area 0.0.0.0 { interface lt-1/2/0.513 { authentication { md5 1 key "$9$giJGimfz9Cu5Q"; ## SECRET-DATA } } interface lt-1/2/0.514 { authentication { md5 1 key "$9$4bZUHP5FCA0Tz"; ## SECRET-DATA } } interface 10.51.51.2 { passive; } } } } policy-options { prefix-list PREFIXOS_AS_51_CLIENTES { 10.51.128.0/17; } prefix-list PREFIXOS_AS_51_LOOPBACKS_EBGP { 10.51.32.0/24; } prefix-list PREFIXOS_AS_51_INFRAESTRUTURA { 10.51.0.0/24; 10.51.51.0/24; } prefix-list PREFIXOS_AS_51 { 10.51.0.0/16; } policy-statement NEXT-HOP-SELF { then { next-hop self; } } policy-statement injeta-agregadas { term CLIENTES { from { protocol aggregate; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { metric 100; local-preference 200; community add comm_51_10; community add comm_51_13; community add comm_51_5151; accept; } } } policy-statement injeta-conectadas { term LOOPBACKS_EBGP { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_LOOPBACKS_EBGP orlonger; } then { community add comm_51_10; community add comm-no-export; accept; } } term INFRAESTRUTURA { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_INFRAESTRUTURA orlonger; } then reject; } term CLIENTES { from { protocol direct; prefix-list-filter PREFIXOS_AS_51_CLIENTES orlonger; } then { community add comm_51_10; community add comm_51_13; community add comm-no-advertise; reject; } } } policy-statement pol-eBGP-PEERING-GERAL-EXPORT { /* Politica Geral de Peering */ term GERAL { from { protocol bgp; community comm_51_10; } then { metric 150; next policy; accept; } } term DENY-RESTANTE { from protocol bgp; then reject; } } policy-statement pol-eBGP-PEERING-GERAL-IMPORT { /* Politica Geral de Peering */ term REJEITA-PREFIXOS-DO-AS-LOCAL { /* Rejeita recebimento dos prefixos do AS local */ from { protocol bgp; prefix-list-filter PREFIXOS_AS_51 orlonger; } then reject; } term BLACK-HOLE { /* Insere a rota no black-hole local - descarta trafego */ from { protocol bgp; community comm_51_666; } then { community add comm-no-advertise; next-hop 192.6.66.1; accept; } } term LOCAL-PREF-90 { /* Seta o LP para 90 se comm_51_90 estiver presente */ from { protocol bgp; community comm_51_90; } then { local-preference 90; community add comm_51_12; accept; } } term LOCAL-PREF-100 { /* Seta o LP para 100 se comm_51_100 estiver presente */ from { protocol bgp; community comm_51_100; } then { local-preference 100; community add comm_51_12; accept; } } term LOCAL-PREF-110 { /* Seta o LP para 110 se comm_51_110 estiver presente */ from { protocol bgp; community comm_51_110; } then { local-preference 110; community add comm_51_12; accept; } } term GERAL-LP { /* Seta LP=110 se nenhum termo anterior capturou o prefixo */ from protocol bgp; then { local-preference 110; community add comm_51_12; accept; } } } community comm-no-advertise members no-advertise; community comm-no-export members no-export; community comm_51_10 members 51:10; community comm_51_100 members 51:100; community comm_51_11 members 51:11; community comm_51_110 members 51:110; community comm_51_12 members 51:12; community comm_51_13 members 51:13; community comm_51_400 members 51:400; community comm_51_401 members 51:401; community comm_51_5151 members 51:5151; community comm_51_5151_BLOCO2 members 51:51512; community comm_51_5151_BlOCO1 members 51:51511; community comm_51_666 members 51:666; community comm_51_90 members 51:90; community comm_51_921 members 51:921; community comm_51_948 members 51:948; community comm_todas members *:*; } routing-options { static { route 192.6.66.1/32 discard; } router-id 10.51.51.2; autonomous-system 51; } } /* Wormhole */ wormhole { interfaces { lt-1/2/0 { unit 1001 { description "Conexao com clientes-porto-alegre"; encapsulation ethernet; peer-unit 1000; family inet { address 10.51.128.2/25; address 10.51.129.2/29; address 10.51.129.10/29; address 10.51.129.18/29; address 10.51.129.26/29; address 10.51.129.34/27; address 10.51.129.66/27; address 10.51.129.98/27; address 10.51.129.130/25; } } unit 1003 { description "Conexao com clientes-florianopolis"; encapsulation ethernet; peer-unit 1002; family inet { address 10.48.128.2/25; address 10.48.129.2/29; address 10.48.129.10/29; address 10.48.129.18/29; address 10.48.129.26/29; address 10.48.129.34/27; address 10.48.129.66/27; address 10.48.129.98/27; address 10.48.129.130/25; } } unit 1005 { description "Conexao com clientes-rio-de-janeiro"; encapsulation ethernet; peer-unit 1004; family inet { address 10.21.128.2/25; address 10.21.129.2/29; address 10.21.129.10/29; address 10.21.129.18/29; address 10.21.129.26/29; address 10.21.129.34/27; address 10.21.129.66/27; address 10.21.129.98/27; address 10.21.129.130/25; } } } } }