User Tools

Site Tools


pop-mg:configs:ufvbgp:start

UFV Viçosa BGP

Roteamento

PoP-MG
ASN 10417
ASN 65031
PoP-MG...
UFLA
ASN 52853
UFLA...
UFMG
ASN 271354
UFMG...
TUTU
Juniper EX9214
TUTU...
eBGP
eBGP
eBGP
eBGP
rotas estáticas
rotas estáticas
iBGP+OSPF
iBGP+OSPF
TROPEIRO
Juniper EX9214
TROPEIRO...
eBGP
eBGP
iBGP
iBGP
eBGP
eBGP
CPE
CPE
CPE Reitoria
CPE Reito...
CPE ICEx
CPE ICEx
UFV
ASN 271640
UFV...
CPE
CPE
iBGP+OSPF
iBGP+OSPF
eBGP
eBGP
BORDER-MG-1
Juniper MX204
BORDER-MG-1...
eBGP
eBGP
BORDER-MG-2
Juniper MX204
BORDER-MG-2...
Clientes
(sem bgp)
Clientes...
Clientes
(sem bgp)
Clientes...
DESATIVANDO
DESATIVANDO
CPE
CPE
rotas estáticas
rotas estáticas
CPE
CPE
CORE-MG-1
Juniper MX10003
CORE-MG-1...
CORE-MG-2
Juniper MX10003
CORE-MG-2...
iBGP+OSPF
iBGP+OSPF
iBGP+OSPF
iBGP+OSPF
eBGP+estaticas
eBGP+estaticas
eBGP+estaticas
eBGP+estaticas
iBGP+OSPF
iBGP+OSPF
iBGP+OSPF
iBGP+OSPF
COUVE
Brocade MLX
COUVE...
ALMEIRAO
Brocade MLX
ALMEIRAO...
RNP
ASN 1916
RNP...
MXMG2
Juniper MX480
MXMG2...
MXMG1
Juniper MX480
MXMG1...
Text is not SVG - cannot display

https://drive.google.com/file/d/14HNuwbmYmhgQNGqxWH6CkmFJUNsWy3h1/view?usp=sharing

Caso UFV-Vicosa

  Nome: UFV campus Viçosa                                                       
  Site: ufv-vicosa - Ticket: #31824                                             
  Blocos alocados:                                                              
  Identificador: 9                                                              
    200.235.128.0/17     Alocado para ufv-vicosa   
                              
  ufv {MTR-RNP-38} [2G] (#188115)                                               
  Operadora: ATC -- Velocidade: 2G -- Designacao: MTR-RNP-38                    
  Localizacao: DM4000                                                           
  Contratante: RNP -- SLA Contratado: 99.8                                      
  Status: Active-- Ativacao: 2018-12-13                                         
  tropeiro -> irb.1946                                                          
  IPv4: 200.19.156.145/30 IPv6: 2001:12f0:0600:ff06::1/64     

TROPEIRO JUNIPER EX9214

--- JUNOS 21.4R2.10 Kernel 64-bit  JNPR-12.1-20220228.82e60e3_buil
At least one package installed on this device has limited support.
Run 'file show /etc/notices/unsupported.txt' for details.
{master}
murilo@tropeiro-0> show configuratin            
                        ^
syntax error, expecting <command>.
murilo@tropeiro-0> show configuration                                           
## Last commit: 2022-08-05 20:33:11 UTC by pamelacarvalho
version 21.4R2.10;
groups {
    /* dar nome aa routing-engine0 */
    re0 {
        system {
            host-name tropeiro-0;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 200.131.1.2/24 {
                            master-only;
                        }
                    }
                }
            }
        }
    }
    /* dar nome aa routing-engine1 */
    re1 {
        system {
            host-name tropeiro-1;       
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 200.131.1.2/24 {
                            master-only;
                        }
                    }
                }
            }
        }
    }
    jumbo-frames {
        interfaces {
            <ge-*/*/*> {
                mtu 9192;
            }
            irb {
                mtu 9192;
                unit <*> {
                    family inet {
                        mtu 1500;       
                    }                   
                    family inet6 {
                        mtu 1500;
                    }
                }
            }
        }
    }
    SYSTEM-LOGIN {
        system {
            login {
                class <*> {
                    idle-timeout 30;
                }
            }
        }
    }
    /* template aplicado na configuracao de rotas estaticas e agregadas para
    .  marca-las serem exportadas via BGP */
    rota-estatica-as65031 {
        logical-systems {
            <*> {
                routing-options {
                    rib inet6.0 {
                        static {
                            route <*> community 65031:200;
                        }
                        aggregate {
                            route <*> community 65031:200;
                        }
                        bgp-static {
                            route <*> community 65031:200;
                        }
                    }
                    static {
                        route <*> community 65031:200;
                    }
                    aggregate {
                        route <*> community 65031:200;
                    }
                    bgp-static {
                        route <*> community 65031:200;
                    }
                }
            }
        }
        routing-options {
            rib inet6.0 {
                static {
                    route <*> community 65031:200;
                }
                aggregate {
                    route <*> community 65031:200;
                }
                bgp-static {
                    route <*> community 65031:200;
                }
            }
            static {
                route <*> community 65031:200;
            }
            aggregate {
                route <*> community 65031:200;
            }
            bgp-static {
                route <*> community 65031:200;
            }
        }
    }
    /* template aplicado na configuracao de rotas estaticas e agregadas para
    .  marca-las serem exportadas via BGP */
    rota-estatica-as10417 {
        logical-systems {
            <*> {                       
                routing-options {
                    rib inet6.0 {
                        static {
                            route <*> community 10417:200;
                        }
                        aggregate {
                            route <*> community 10417:200;
                        }
                        bgp-static {
                            route <*> community 10417:200;
                        }
                    }
                    static {
                        route <*> community 10417:200;
                    }
                    aggregate {
                        route <*> community 10417:200;
                    }
                    bgp-static {
                        route <*> community 10417:200;
                    }
                }
            }
        }
        routing-options {
            rib inet6.0 {
                static {
                    route <*> community 10417:200;
                }
                aggregate {
                    route <*> community 10417:200;
                }
                bgp-static {
                    route <*> community 10417:200;
                }
            }
            static {
                route <*> community 10417:200;
            }
            aggregate {
                route <*> community 10417:200;
            }
            bgp-static {
                route <*> community 10417:200;
            }
        }
    }
}
apply-groups [ re0 re1 jumbo-frames ];
system {
    root-authentication {
        encrypted-password "$1$hTwijV6u$mLmQBSQNkQE47wHttTilB0"; ## SECRET-DATA
    }
    commit synchronize;
    login {
        apply-groups SYSTEM-LOGIN;
        class admin-10417 {
            logical-system as10417;
            permissions all;
        }
        class daero {
            permissions [ maintenance view view-configuration ];
            allow-commands "(monitor interface *.)|(ping|traceroute|show .*|exit|quit|set cli .*)|(request routing-engine login other-routing-engine);";
        }
        class remote-readonly {
            permissions [ network view view-configuration ];
        }
        class remote-superuser {
            permissions all;
        }
        class view-configuration {
            permissions [ view view-configuration ];
            allow-commands "(show)|(set cli screen-length)|(set cli screen-width)";
            deny-commands "(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)|(set)|(start)|(test)";
            deny-configuration all;
        }
        user ansible {
            uid 2006;
            class super-user;
            authentication {
                encrypted-password "$6$yMzjYBv9$i.ODyZ4SqSxbiI/0Z4MQvwlgDwkcfLncVYu0edzgyD5lp7NmJTS81t4y21qAPJFGHkfP8P3L2wihEDETE78yi1"; ## SECRET-DATA
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDFbG5lRl8Fv0+3jpGx4vIJ0guwgA5HQO266o+4klNwLFxtwt+2Oai4aeqcCQxgfvjh/YL9DvGmAas7tjj3tktsYU6VFfR7tl1uC1E2294i0HH1NIu1wPvMtYwVjikUYW+bPUU+crbP5BGB9DUcAH02Ot1blv2P/AL1upJ72mY8qw== root@net-mgmt"; ## SECRET-DATA
            }
        }
        user ansible-10417 {
            uid 2005;
            class admin-10417;
            authentication {
                encrypted-password "$6$yMzjYBv9$i.ODyZ4SqSxbiI/0Z4MQvwlgDwkcfLncVYu0edzgyD5lp7NmJTS81t4y21qAPJFGHkfP8P3L2wihEDETE78yi1"; ## SECRET-DATA
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDFbG5lRl8Fv0+3jpGx4vIJ0guwgA5HQO266o+4klNwLFxtwt+2Oai4aeqcCQxgfvjh/YL9DvGmAas7tjj3tktsYU6VFfR7tl1uC1E2294i0HH1NIu1wPvMtYwVjikUYW+bPUU+crbP5BGB9DUcAH02Ot1blv2P/AL1upJ72mY8qw== root@net-mgmt"; ## SECRET-DATA
            }
        }
        user backup {
            uid 2004;
            class view-configuration;
            authentication {
                encrypted-password "$6$2SjbTPT8$OvOa4JJaacw0eEzZ37qU3G1fl/BHcdTDa4K.c5Z0mXkatmSM11z3cU9HtQpt3btgwxoZ1uw.hmMQ09v8iP9O0/"; ## SECRET-DATA
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaO8MqbkzWJ4fBEx29yTNp0bQ/oysxX1TJRl5VswDLv96Kpwn+8db5xKMuU0JLqlf1t/nTSix8JW3r23FMIge/clE+6l7GuQC9i/KKF4pgKV9B6sDlwiYx2Wl9p3V2R81U3PKvxN/i4abb+4iRU5l8RZSp3p7OTVhUjdQWMHRYiTenvLJdS1z635YrILcWkiGXgdc+qHV/KvKKIFoJiEn8qi6t+OEnlncNaNm0IZpI5TWWgJFZZ6RYr62lMBWyd0q8hieBTUrxx/CKAqL0Fr8HKgpstVuxDhwprPT9JeiYCT+eXL778z1o8/4/nOe1+XRmazLxo9g4eYYNAXk1dTGt oxidized@capetang"; ## SECRET-DATA
            }
        }
        user daeroadm {
            uid 2001;
            class super-user;
            authentication {
                encrypted-password "$1$O.kcBNFi$4ExncGu0uMLHhSUREI2L2."; ## SECRET-DATA
            }
        }
        user manager {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$XpfxTmy7$yjVuOzr7rCCL7wmcS0PZj0"; ## SECRET-DATA
            }
        }
        user remote-readonly {
            full-name "TACACS read-only user";
            uid 2003;
            class remote-readonly;
        }
        user remote-superuser {
            full-name "TACACS user";
            uid 2002;
            class remote-superuser;
        }
    }
    services {
        ssh {
            protocol-version v2;
            connection-limit 20;
            rate-limit 10;
        }
        netconf {
            ssh;
        }
    }
    domain-name pop-mg.rnp.br;
    domain-search pop-mg.rnp.br;
    arp {
        aging-timer 5;
    }
    internet-options {
        path-mtu-discovery;             
    }
    authentication-order tacplus;
    name-server {
        200.131.1.80;
        200.131.1.8;
        200.131.1.9;
    }
    radius-server {
        inactive: 200.131.1.103 {
            secret "$9$hZfyrvMWX-dscyeWxdg4P5QnApBIheK8FnyK8LN-qmfQn/"; ## SECRET-DATA
            timeout 5;
            source-address 200.131.0.5;
        }
    }
    tacplus-server {
        200.131.1.69 {
            secret "$9$P5T3AtOEcltp8x7dg4UjHqmTtpBylM69pB1EeKM8X7dsoJGDjq7-qf5zCA"; ## SECRET-DATA
            source-address 200.131.0.5;
        }
    }
    tacplus-options {
        enhanced-accounting;
    }
    accounting {
        events [ login change-log interactive-commands ];
        destination {
            tacplus {
                server {
                    200.131.1.69 {
                        secret "$9$GlDjqTQnApBQzcrlv7Ns24aZjQz60BEmfz6/A1IEcylvL-VwY2alKaUDH5T"; ## SECRET-DATA
                        source-address 200.131.0.5;
                    }
                }
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        host 200.131.1.90 {
            any info;
        }
        file interactive-commands {
            interactive-commands any;
        }
        file messages {
            any notice;
            authorization info;
        }
        source-address 200.131.0.5;
    }
    ntp {
        server 200.131.1.21 prefer;
        source-address 200.131.0.5;
    }
}
logical-systems {
    as10417 {
        interfaces {
            lt-11/0/0 {
                unit 1 {
                    description "virtual tunel as10417 as65031";
                    encapsulation ethernet;
                    peer-unit 0;
                    family inet {
                        address 200.236.191.75/31;
                    }
                    family inet6 {
                        address 2001:12f0:600:417:5::1/127;
                    }
                }
            }                           
            xe-11/0/7 {
                unit 340 {
                    description "ptp tutu";
                    vlan-id 340;
                    family inet {
                        address 200.236.191.65/31;
                    }
                    family inet6 {
                        address 2001:12f0:600:417::340:1/127;
                    }
                }
            }
            ae0 {
                unit 344 {
                    description "conexao almeirao";
                    vlan-id 344;
                    family inet {
                        mtu 1500;
                        address 200.236.191.79/31;
                    }
                    family inet6 {
                        mtu 1500;
                        address 2001:12f0:600:417:344::1/127;
                    }
                }
            }
            ae3 {
                unit 343 {
                    description "ptp border-mg-2 as10417";
                    vlan-id 343;
                    family inet {
                        address 200.236.191.71/31;
                    }
                    family inet6 {
                        address 2001:12f0:600:417::343:1/127;
                    }
                }
            }
            lo0 {
                unit 1 {
                    description loopback-as10417;
                    family inet {
                        filter {
                            input-list [ RE-SEC-IN RE-SEC-LAST-IN ];
                        }
                        address 200.236.191.5/32;
                    }
                    family inet6 {
                        filter {
                            input-list [ RE-SEC-INv6 RE-SEC-LAST-INv6 ];
                        }
                        address 2001:12f0:600:417::5/128;
                    }
                }
            }
        }
        protocols {
            bgp {
                group IBGP-POPMG {
                    type internal;
                    description IBGP-POPMG;
                    multipath;
                    neighbor 200.236.191.4 {
                        description IBGP-with-tutu-10417;
                        local-address 200.236.191.5;
                        family inet {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600:417::4 {
                        description IBGPv6-with-tutu-10417;
                        local-address 2001:12f0:600:417::5;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 200.236.191.21 {
                        description IBGP-with-border-mg-1-10417;
                        local-address 200.236.191.5;
                        family inet {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600:417::21 {
                        description IBGPv6-with-border-mg-1-10417;
                        local-address 2001:12f0:600:417::5;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 200.236.191.22 {
                        description IBGP-with-border-mg-2-10417;
                        local-address 200.236.191.5;
                        family inet {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600:417::22 {
                        description IBGPv6-with-border-mg-2-10417;
                        local-address 2001:12f0:600:417::5;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 200.131.0.2 {
                        description IBGP-with-couve;
                        local-address 200.236.191.5;
                        family inet {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600::2 {
                        description IBGPv6-with-couve;
                        local-address 2001:12f0:600:417::5;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 200.131.0.3 {
                        description IBGP-with-almeirao;
                        local-address 200.236.191.5;
                        family inet {   
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600::3 {
                        description IBGPv6-with-almeirao;
                        local-address 2001:12f0:600:417::5;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-IBGP;
                        peer-as 10417;
                        local-as 10417;
                    }
                }
                group EBGP-POPMG {
                    type external;
                    description "Peerings com outros ASNs";
                    remove-private;
                    neighbor 200.236.191.74 {
                        description "Peering IPv4 de AS10417 com POP65031 - AS65031";
                        local-address 200.236.191.75;
                        family inet {
                            unicast;
                        }
                        export AS10417-EXPORT-PEER;
                        peer-as 65031;
                        local-as 10417;
                        advertise-bgp-static;
                    }
                    neighbor 2001:12f0:600:417:5::0 {
                        description "Peering IPv6 de AS10417 com POP65031 - AS65031";
                        local-address 2001:12f0:600:417:5::1;
                        family inet6 {
                            unicast;
                        }
                        export AS10417-EXPORT-PEER;
                        peer-as 65031;
                        local-as 10417;
                        advertise-bgp-static;
                    }
                    neighbor 200.19.156.198 {
                        description "Peering IPv4 de AS10417 com UFLA - AS52853";
                        local-address 200.19.156.197;
                        /* AS52853-IMPORT - filtra apenas prefixos alocados ao ASN
                        .  SANITIZA-CLIENTE      - filtra prefixos menores do que o minimo aceito
                        .  AS10417-IMPORT-PEER - marca prefixos como sendo de cliente (transito) */
                        import [ AS52853-IMPORT SANITIZA-CLIENTE AS10417-IMPORT-PEER ];
                        family inet {
                            unicast;
                        }
                        /* enviada apenas a rota default para clientes */
                        export EXPORT-ESTATICA-DEFAULT;
                        peer-as 52853;
                        local-as 10417;
                    }
                    neighbor 2001:12f0:600:ff04::2 {
                        description "Peering IPv6 de AS10417 com UFLA - AS52853";
                        local-address 2001:12f0:600:ff04::1;
                        /* AS52853-IMPORT - filtra apenas prefixos alocados ao ASN
                        .  SANITIZA-CLIENTE      - filtra prefixos menores do que o minimo aceito
                        .  AS10417-IMPORT-PEER - marca prefixos como sendo de cliente (transito) */
                        import [ AS52853-IMPORT SANITIZA-CLIENTE AS10417-IMPORT-PEER ];
                        family inet6 {
                            unicast;
                        }
                        /* enviada apenas a rota default para clientes */
                        export EXPORT-ESTATICA-DEFAULT;
                        peer-as 52853;
                        local-as 10417;
                    }                   
                }
                advertise-inactive;
                mtu-discovery;
                log-updown;
            }
            inactive: ospf {
                area 0.0.0.0 {
                    interface lo0.1 {
                        passive;
                    }
                    interface ae3.343 {
                        interface-type p2p;
                    }
                    interface xe-11/0/7.340 {
                        interface-type p2p;
                    }
                    interface ae0.344 {
                        interface-type p2p;
                    }
                }
                export OSPF-EXPORT;
                reference-bandwidth 200g;
            }
            inactive: ospf3 {
                area 0.0.0.0 {
                    interface lo0.1 {
                        passive;
                    }
                    interface ae3.343 {
                        interface-type p2p;
                    }
                    interface xe-11/0/7.340 {
                        interface-type p2p;
                    }
                    interface ae0.344 {
                        interface-type p2p;
                    }
                }
                export OSPF-EXPORT;
                reference-bandwidth 200g;
            }
        }
        policy-options {
            /* todos os prefixos validos do AS10417 alocados pelo registro.br */
            prefix-list PREFIXOS-AS10417 {
                200.236.128.0/18;
                200.238.192.0/18;
            }
            /* prefixos alocados pela RNP ao POP-MG (AS65031) */
            prefix-list PREFIXOS-65031 {
                200.19.156.0/22;
                200.131.0.0/23;
            }
            /* prefixos que tem permissao de acesso de gerencia para usuarios do PoP-MG */
            prefix-list MGMT-POP {
                /* prefixo v4 do CRC/DCC */
                150.164.8.0/26;
                200.131.0.0/23;
                200.131.2.165/32;
                200.131.2.166/32;
                2001:12f0:600:1::/64;
                /* prefixo v6 do CRC/DCC */
                2001:12f0:601:a910::/64;
            }
            /* prefixos que tem permissao de acesso de gerencia para usuarios da DAERO/RNP */
            prefix-list MGMT-DAERO {
                170.79.212.176/29;
                200.130.25.12/32;
                200.130.66.10/32;
                200.130.66.146/32;
                200.143.193.205/32;
                200.143.193.220/32;
                2001:12f0:3e::c1dc/128; 
                2001:12f0:b01:106::92/128;
            }
            /* prefixos alocados exclusivamente para conexoes ponto a ponto com clientes */
            prefix-list PTPS-POP {
                200.19.156.0/22;
            }
            prefix-list LINK-LOCALv6 {
                fe80::/10;
            }
            prefix-list LOCALHOSTv4 {
                127.0.0.1/32;
            }
            prefix-list LOCALHOSTv6 {
                ::1/128;
            }
            prefix-list NDPv6 {
                fe80::/10;
                ff02::1/128;
                ff02::2/128;
                ff02:0:0:0:0:1:ff00::/104;
            }
            prefix-list OSPF-ALL-ROUTERSv4 {
                224.0.0.5/32;
                224.0.0.6/32;
            }
            prefix-list OSPF-ALL-ROUTERSv6 {
                ff02::5/128;
                ff02::6/128;
            }
            prefix-list BGP-PEERSv4 {
                apply-path "protocols bgp group <*> neighbor <*>";
            }
            prefix-list BGP-LS-PEERSv4 {
                apply-path "logical-systems <*> protocols bgp group <*> neighbor <*>";
            }
            prefix-list BGP-PEERSv6 {
                apply-path "protocols bgp group <*> neighbor <*:*:*>";
            }
            prefix-list BGP-LS-PEERSv6 {
                apply-path "logical-systems <*> protocols bgp group <*> neighbor <*:*:*>";
            }
            prefix-list INTERFACESv4 {
                apply-path "interfaces <*> unit <*> family inet address <*>";
            }
            prefix-list INTERFACES-LSv4 {
                apply-path "logical-systems <*> interfaces <*> unit <*> family inet address <*>";
            }
            prefix-list INTERFACESv6 {
                apply-path "interfaces <*> unit <*> family inet6 address <*>";
            }
            prefix-list INTERFACES-LSv6 {
                apply-path "logical-systems <*> interfaces <*> unit <*> family inet6 address <*>";
            }
            prefix-list INTERFACE_FXP0v4 {
                apply-path "interfaces fxp0 unit <*> family inet address <*>";
            }
            prefix-list SERVERS-DNS {
                apply-path "system name-server <*>";
            }
            prefix-list SERVERS-DNSv6 {
                apply-path "system name-server <*:*:*>";
            }
            prefix-list SERVERS-NTP {
                apply-path "system ntp server <*>";
            }
            prefix-list SERVERS-NTP-SOURCE {
                apply-path "system ntp source-address <*>";
            }
            prefix-list SERVERS-NTP-SOURCEv6 {
                apply-path "system ntp source-address <*:*:*>";
            }
            prefix-list SERVERS-NTPv6 {
                apply-path "system ntp server <*:*:*>";
            }
            prefix-list SERVERS-SNMP {
                apply-path "snmp community <*> clients <[1-9]*>";
            }
            prefix-list SERVERS-SNMPv6 {
                apply-path "snmp community <*> clients <[1-9]*:*:*>";
            }
            route-filter-list SMALL-PREFIXES-V4 {
                0.0.0.0/0 prefix-length-range /29-/32;
            }
            route-filter-list SMALL-PREFIXES-V6 {
                ::0/0 prefix-length-range /65-/128;
            }
            /* prefixos que nunca devem ser roteados para fora do pop (BOGONS) 
            .  Bogons are defined as Martians (private and reserved addresses defined by
            .  RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated
            .  to a regional internet registry (RIR) */
            route-filter-list BOGONS-V4 {
                10.0.0.0/8 orlonger;
                100.64.0.0/10 orlonger;
                127.0.0.0/8 orlonger;
                169.254.0.0/16 orlonger;
                172.16.0.0/12 orlonger;
                192.0.0.0/24 orlonger;
                192.0.2.0/24 orlonger;
                192.88.99.0/24 orlonger;
                192.168.0.0/16 orlonger;
                198.18.0.0/15 orlonger;
                198.51.100.0/24 orlonger;
                203.0.113.0/24 orlonger;
                224.0.0.0/4 orlonger;
                240.0.0.0/4 orlonger;
            }
            /* prefixos que nunca devem ser roteados para fora do pop (BOGONS) 
            .  Bogons are defined as Martians (private and reserved addresses defined by
            .  RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated
            .  to a regional internet registry (RIR) */
            route-filter-list BOGONS-V6 {
                100::/64 orlonger;
                2001:2::/48 orlonger;
                2001:10::/28 orlonger;
                2001:db8::/32 orlonger;
                2002::/16 orlonger;
                3ffe::/16 orlonger;
                fc00::/7 orlonger;
                fe80::/10 orlonger;
                fec0::/10 orlonger;
                ff00::/8 orlonger;
            }
            policy-statement AS10417-EXPORT-IBGP {
                /* rotas recebidas via bgp sao sempre exportadas via ibgp 
                .  os filtros sao aplicados apenas no import/export do ebgp */
                term rotas-bgp {
                    from protocol bgp;
                    then {
                        next-hop self;
                        accept;
                    }
                }
                /* prefixos estaticos e agregados */
                term rotas-estaticas {
                    from protocol [ static aggregate bgp-static ];
                    then {
                        next-hop self;
                        accept;
                    }
                }
                /* outros casos sao descartados */
                term last-term {
                    then reject;
                }
            }
            policy-statement AS10417-EXPORT-PEER {
                /* nao exportar bogons */
                term reject-bogon-prefixes-v4 {
                    from {
                        route-filter-list BOGONS-V4;
                    }
                    then reject;
                }
                term reject-bogon-prefixes-v6 {
                    from {
                        route-filter-list BOGONS-V6;
                    }
                    then reject;
                }
                /* nao exportar prefixos ipv4 menores que /28 */
                term remove-pequenos-v4 {
                    from {
                        route-filter-list SMALL-PREFIXES-V4;
                    }
                    then reject;
                }
                /* nao exportar prefixos ipv6 menores que /64 */
                term remove-pequenos-v6 {
                    from {
                        route-filter-list SMALL-PREFIXES-V6;
                    }
                    then reject;
                }
                /* exportar prefixos marcados como FROM-PEERS (transito ) */
                term transito {
                    from {
                        protocol bgp;
                        community AS10417-FROM-PEERS;
                    }
                    then {
                        community delete AS10417-FROM-PEERS;
                        next-hop self;
                        accept;
                    }
                }
                /* exportar prefixos internos marcados como FROM-POPMG */
                term rota-estatica {
                    from {
                        community AS10417-FROM-POPMG;
                        prefix-list-filter PREFIXOS-AS10417 orlonger;
                    }
                    then {
                        community delete AS10417-FROM-POPMG;
                        next-hop self;
                        accept;
                    }
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement AS10417-IMPORT-PEER {
                term rotas-de-clientes {
                    then {
                        community add AS10417-FROM-PEERS;
                        accept;
                    }
                }
            }
            policy-statement AS52853-IMPORT {
                /* aceitar apenas prefixos com as-path iniciando com o ASN do peer */
                term cliente-prefixo-v4 {
                    from {
                        as-path FROM-AS52853;
                        /* aceitar apenas prefixos que fazem parte de blocos alocados ao peer */
                        route-filter 177.105.0.0/18 orlonger;
                    }
                    then next policy;
                }                       
                /* aceitar apenas prefixos com as-path do AS do peer */
                term cliente-prefixo-v6 {
                    from {
                        as-path FROM-AS52853;
                        route-filter 2801:a6::/32 orlonger;
                    }
                    then next policy;
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement AS65031-EXPORT-IBGP {
                /* exportar prefixos marcados como transito recebidos de peers privados */
                term rotas-bgp {
                    from protocol bgp;
                    then {
                        next-hop self;
                        accept;
                    }
                }
                /* exportar prefixos estaticos e agregados */
                term rotas-estaticas {
                    from protocol [ static aggregate bgp-static ];
                    then {
                        next-hop self;
                        accept;
                    }
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement AS65031-EXPORT-PEER {
                /* nao exportar bogons ipv4 */
                term reject-bogon-prefixes-v4 {
                    from {
                        route-filter-list BOGONS-V4;
                    }
                    then reject;
                }
                /* nao exportar bogons ipv6 */
                term reject-bogon-prefixes-v6 {
                    from {
                        route-filter-list BOGONS-V6;
                    }
                    then reject;
                }
                /* nao exportar prefixos ipv4 menores que /28 */
                term remove-pequenos-v4 {
                    from {
                        route-filter-list SMALL-PREFIXES-V4;
                    }
                    then reject;
                }
                /* nao exportar prefixos ipv6 menores que /65 */
                term remove-pequenos-v6 {
                    from {
                        route-filter-list SMALL-PREFIXES-V6;
                    }
                    then reject;
                }
                /* exportar prefixos marcados como FROM-PEERS (transito ) */
                term transito {
                    from {
                        protocol bgp;
                        community AS65031-FROM-PEERS;
                    }
                    then {
                        community delete AS65031-FROM-PEERS;
                        next-hop self;
                        accept;
                    }                   
                }
                /* exportar prefixos internos marcados como FROM-POPMG */
                term rota-cliente {
                    from community AS65031-FROM-POPMG;
                    then {
                        community delete AS65031-FROM-POPMG;
                        next-hop self;
                        accept;
                    }
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement AS65031-IMPORT-PEER {
                term rotas-de-clientes {
                    then {
                        community add AS65031-FROM-PEERS;
                        accept;
                    }
                }
            }
            policy-statement EXPORT-ESTATICA-DEFAULT {
                term anuncio-default-v4 {
                    from {
                        route-filter 0.0.0.0/0 exact;
                    }
                    then accept;
                }
                term anuncio-default-v6 {
                    from {
                        route-filter ::0/0 exact;
                    }
                    then accept;
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement LOAD-BALANCE {
                then {
                    load-balance per-packet;
                }
            }
            /* policy que exporta no OSPF apenas prefixos diretamente conectados
            .  e do loopback, ignorando a interface de gerencia (fxp0) */
            policy-statement OSPF-EXPORT {
                term ignora-fxp0 {
                    from interface fxp0.0;
                    then reject;
                }
                term connected-interfaces {
                    from protocol [ direct local ];
                    then accept;
                }
                term last-term {
                    then reject;
                }
            }
            /* politica utilizada para balancear o trafego quando ha mais de
            .  uma conexao com o mesmo peso */
            policy-statement OSPF-balance {
                then {
                    load-balance per-packet;
                }
            }
            policy-statement SANITIZA-CLIENTE {
                term validar-rota-v4 {
                    from {
                        route-filter 0.0.0.0/0 upto /27;
                    }
                    then next policy;
                }                       
                term validar-rota-v6 {
                    from {
                        route-filter ::0/0 upto /56;
                    }
                    then next policy;
                }
                term last-term {
                    then reject;
                }
            }
            policy-statement SET-MED-HIGH {
                term med {
                    then {
                        metric 300;
                    }
                }
            }
            policy-statement SET-PREPEND-3X-10417 {
                term prepend-3X-parceiros {
                    then as-path-prepend "10417 10417 10417";
                }
            }
            policy-statement SET-PREPEND-3X-65031 {
                term prepend-3X-parceiros {
                    then as-path-prepend "65031 65031 65031";
                }
            }
            /* community aplicado aos prefixos recebidos de peers para os quais
            .  o ASN eh transito */
            community AS10417-FROM-PEERS members 10417:600;
            /* community aplicado aos prefixos internos ao pop e que devem ser 
            .  anunciados via EBGP */
            community AS10417-FROM-POPMG members 10417:200;
            /* community aplicado aos prefixos recebidos via EBGP com a RNP */
            community AS10417-FROM-RNP members 10417:1916;
            /* community aplicado aos prefixos recebidos de peers para os quais
            .  o ASN eh transito */
            community AS65031-FROM-PEERS members 65031:600;
            /* community aplicado aos prefixos internos ao pop e que devem ser 
            .  anunciados via EBGP */
            community AS65031-FROM-POPMG members 65031:200;
            /* community aplicado aos prefixos recebidos via EBGP com a RNP */
            community AS65031-FROM-RNP members 65031:1916;
            /* permite apenas prefixos cujo as-path contenha apenas o
            .  ASN 52853 - UFLA */
            as-path FROM-AS52853 "^52853{1,6}$";
        }
        firewall {
            family inet {
                filter RE-SEC-IN {
                    term rejected-frag-ip-first {
                        from {
                            first-fragment;
                        }
                        then {
                            count rejected-frag-ip-first;
                            discard;
                        }
                    }
                    term rejected-frag-next {
                        from {
                            is-fragment;
                        }
                        then {
                            count rejected-frag-next;
                            discard;
                        }
                    }
                    term allow-ssh {
                        from {
                            source-prefix-list {
                                MGMT-POP;
                                PTPS-POP;
                                INTERFACE_FXP0v4;
                            }
                            protocol tcp;
                            port ssh;
                        }
                        then {
                            count allow-ssh;
                            accept;
                        }
                    }
                    term allow-netconf {
                        from {
                            source-prefix-list {
                                MGMT-POP;
                                PTPS-POP;
                                INTERFACE_FXP0v4;
                            }
                            protocol tcp;
                            port 830;
                        }
                        then {
                            count allow-netconf;
                            accept;
                        }
                    }
                    term allow-RE-ssh {
                        from {
                            destination-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            source-port ssh;
                            tcp-established;
                        }
                        then {
                            count allow-RE-ssh;
                            accept;
                        }
                    }
                    term allow-snmp {
                        from {
                            source-prefix-list {
                                SERVERS-SNMP;
                                MGMT-POP;
                            }
                            protocol udp;
                            destination-port snmp;
                        }
                        then {
                            policer POLICER-RE-5M;
                            count allow-snmp;
                            accept;
                        }
                    }
                    term allow-ospf {
                        from {
                            source-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            destination-prefix-list {
                                OSPF-ALL-ROUTERSv4;
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            protocol ospf;
                        }
                        then {
                            count allow-ospf;
                            accept;
                        }
                    }
                    term allow-bgp {    
                        from {
                            source-prefix-list {
                                BGP-PEERSv4;
                                BGP-LS-PEERSv4;
                            }
                            destination-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            protocol tcp;
                            port bgp;
                        }
                        then {
                            count allow-bgp;
                            accept;
                        }
                    }
                    term allow-ntp {
                        from {
                            source-prefix-list {
                                SERVERS-NTP;
                                SERVERS-NTP-SOURCE;
                                LOCALHOSTv4;
                            }
                            protocol udp;
                            port ntp;
                        }
                        then {
                            policer POLICER-RE-1M;
                            count allow-ntp;
                            accept;
                        }
                    }
                    term allow-dns {
                        from {
                            source-prefix-list {
                                SERVERS-DNS;
                            }
                            destination-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            protocol udp;
                            source-port 53;
                        }
                        then {
                            policer POLICER-RE-1M;
                            count allow-dns;
                            accept;
                        }
                    }
                    term allow-icmp {
                        from {
                            protocol icmp;
                            icmp-type [ echo-reply echo-request time-exceeded unreachable source-quench router-advertisement parameter-problem ];
                        }
                        then {
                            policer POLICER-RE-1M;
                            count allow-icmp;
                            accept;
                        }
                    }
                    term allow-traceroute-udp {
                        from {
                            destination-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            protocol udp;
                            ttl 1;
                            destination-port 33435-33450;
                        }
                        then {          
                            policer POLICER-RE-512K;
                            count allow-traceroute-udp;
                            accept;
                        }
                    }
                    term allow-bfd {
                        from {
                            protocol udp;
                            source-port [ 49152-65535 4784 ];
                            destination-port [ 3784-3785 4784 ];
                        }
                        then {
                            count allow-bfd;
                            accept;
                        }
                    }
                    term allow-tacacs {
                        from {
                            protocol tcp;
                            port tacacs;
                        }
                        then {
                            count allow-tacacs;
                            accept;
                        }
                    }
                }
                /* Ultima regra aplicada no firewall de entrada */
                filter RE-SEC-LAST-IN {
                    term last-term {
                        then {
                            count last-term;
                            log;
                            discard;
                        }
                    }
                }
                filter reroute-iperf {
                    term 0 {
                        from {
                            source-address {
                                200.131.2.248/29;
                            }
                            destination-address {
                                200.131.2.248/29;
                            }
                        }
                        then {
                            routing-instance bwtest-router; ## 'bwtest-router' is not defined
                        }
                    }
                    term DEFAULT {
                        then accept;
                    }
                }
            }
            family inet6 {
                filter RE-SEC-INv6 {
                    term discard-ext-headers {
                        from {
                            next-header [ dstopts fragment routing no-next-header ];
                        }
                        then {
                            count ipv6-discard-ext-headers;
                            discard;
                        }
                    }
                    term allow-ndp-neigh-discov {
                        from {
                            source-prefix-list {
                                INTERFACESv6;
                                INTERFACES-LSv6;
                                LINK-LOCALv6;
                            }
                            destination-prefix-list {
                                INTERFACESv6;
                                INTERFACES-LSv6;
                                NDPv6;
                            }
                            payload-protocol icmp6;
                            icmp-type [ neighbor-solicit neighbor-advertisement ];
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-allow-ndp-neigh-discov;
                            accept;
                        }
                    }
                    term allow-ndp-router-adv-solicit {
                        from {
                            source-prefix-list {
                                LINK-LOCALv6;
                            }
                            payload-protocol icmp6;
                            icmp-type [ router-solicit router-advertisement ];
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-allow-ndp-rt-adv-sol;
                            accept;
                        }
                    }
                    term allow-ospf3 {
                        from {
                            source-prefix-list {
                                LINK-LOCALv6;
                            }
                            destination-prefix-list {
                                OSPF-ALL-ROUTERSv6;
                                LINK-LOCALv6;
                            }
                        }
                        then {
                            count ipv6-allow-ospf3;
                            accept;
                        }
                    }
                    term allow-bgp {
                        from {
                            source-prefix-list {
                                BGP-PEERSv6;
                                BGP-LS-PEERSv6;
                            }
                            destination-prefix-list {
                                INTERFACESv6;
                                INTERFACES-LSv6;
                            }
                            payload-protocol tcp;
                            port bgp;
                        }
                        then {
                            count ipv6-allow-bgp;
                            accept;
                        }
                    }
                    term allow-icmp6-echo {
                        from {
                            payload-protocol icmp6;
                            icmp-type [ echo-reply echo-request ];
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-allow-icmp6-echo;
                        }
                    }
                    term allow-icmp6-rfc4890 {
                        from {
                            payload-protocol icmpv6;
                            icmp-type [ destination-unreachable packet-too-big time-exceeded parameter-problem ];
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-allow-icmp6-rfc4890;
                            accept;
                        }
                    }
                    term allow-bfd {
                        from {
                            source-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            destination-prefix-list {
                                INTERFACESv4;
                                INTERFACES-LSv4;
                            }
                            payload-protocol udp;
                            source-port 49152-65535;
                            destination-port 3784-3785;
                        }
                        then {
                            count ipv6-allow-bfd;
                            accept;
                        }
                    }
                    term allow-ssh {
                        from {
                            source-prefix-list {
                                MGMT-POP;
                                MGMT-DAERO;
                            }
                            payload-protocol tcp;
                            port ssh;
                        }
                        then {
                            count ipv6-allow-ssh;
                            accept;
                        }
                    }
                    term allow-RE-ssh {
                        from {
                            destination-prefix-list {
                                INTERFACESv6;
                                INTERFACES-LSv6;
                            }
                            payload-protocol tcp;
                            source-port ssh;
                            tcp-established;
                        }
                        then {
                            count ipv6-allow-RE-ssh;
                            accept;
                        }
                    }
                    term servers-snmp {
                        from {
                            source-prefix-list {
                                SERVERS-SNMPv6;
                            }
                            payload-protocol udp;
                            destination-port snmp;
                        }
                        then {
                            policer POLICER-RE-5M;
                            count ipv6-servers-snmp;
                            accept;
                        }
                    }
                    term servers-ntp {  
                        from {
                            source-prefix-list {
                                SERVERS-NTPv6;
                                SERVERS-NTP-SOURCEv6;
                                LOCALHOSTv6;
                            }
                            payload-protocol udp;
                            port ntp;
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-servers-ntp;
                            accept;
                        }
                    }
                    term servers-dns {
                        from {
                            source-prefix-list {
                                SERVERS-DNSv6;
                            }
                            destination-prefix-list {
                                INTERFACESv6;
                                INTERFACES-LSv6;
                            }
                            payload-protocol udp;
                            source-port 53;
                        }
                        then {
                            policer POLICER-RE-1M;
                            count ipv6-servers-dns;
                            accept;
                        }
                    }
                }
                filter RE-SEC-LAST-INv6 {
                    term last-term {
                        then {
                            count ipv6-last-term;
                            log;
                            discard;
                        }
                    }
                }
            }
            policer POLICER-RE-1M {
                if-exceeding {
                    bandwidth-limit 1m;
                    burst-size-limit 9192;
                }
                then discard;
            }
            policer POLICER-RE-512K {
                if-exceeding {
                    bandwidth-limit 512k;
                    burst-size-limit 15k;
                }
                then discard;
            }
            policer POLICER-RE-5M {
                if-exceeding {
                    bandwidth-limit 5m;
                    burst-size-limit 9192;
                }
                then discard;
            }
        }
    }
}
chassis {
    redundancy {
        routing-engine 0 master;
        graceful-switchover;
    }                                   
    aggregated-devices {
        ethernet {
            device-count 4;
        }
    }
    fpc 11 {
        pic 0 {
            tunnel-services {
                bandwidth 20g;
            }
        }
    }
    alarm {
        management-ethernet {
            link-down ignore;
        }
    }
}
interfaces {
    interface-range gigabit-interfaces {
        member-range ge-0/0/0 to ge-5/3/9;
    }
    interface-range tengigabit-interfaces {
        member-range xe-11/0/0 to xe-11/3/7;
    }
    ge-1/0/0 {
        apply-groups-except jumbo-frames;
        ether-options {
            802.3ad ae1;
        }
    }
    ge-1/0/1 {
        apply-groups-except jumbo-frames;
        ether-options {
            802.3ad ae2;
        }
    }
    ge-1/0/2 {
        apply-groups-except jumbo-frames;
        ether-options {
            802.3ad ae1;
        }
    }
    ge-1/0/3 {
        apply-groups-except jumbo-frames;
        ether-options {
            802.3ad ae2;
        }
    }
    ge-1/0/4 {
        disable;
    }
    ge-1/0/5 {
        disable;
    }
    ge-1/0/6 {
        disable;
    }
    ge-1/0/7 {
        disable;
    }
    ge-1/0/8 {
        disable;
    }
    ge-1/0/9 {
        disable;
    }
    ge-1/1/0 {
        disable;
    }
    ge-1/1/1 {
        disable;
    }                                   
    ge-1/1/2 {
        disable;
    }
    ge-1/1/3 {
        disable;
    }
    ge-1/1/4 {
        disable;
    }
    ge-1/1/5 {
        disable;
    }
    ge-1/1/6 {
        disable;
    }
    ge-1/1/7 {
        disable;
    }
    ge-1/1/8 {
        disable;
    }
    ge-1/1/9 {
        disable;
    }
    ge-1/2/0 {
        disable;
    }
    ge-1/2/1 {
        disable;
    }
    ge-1/2/2 {
        disable;
    }
    ge-1/2/3 {
        disable;
    }
    ge-1/2/4 {
        disable;
    }
    ge-1/2/5 {
        disable;
    }
    ge-1/2/6 {
        disable;
    }
    ge-1/2/7 {
        disable;
    }
    ge-1/2/8 {
        disable;
    }
    ge-1/2/9 {
        disable;
    }
    ge-1/3/0 {
        disable;
    }
    ge-1/3/1 {
        disable;
    }
    ge-1/3/2 {
        disable;
    }
    ge-1/3/3 {
        disable;
    }
    ge-1/3/4 {
        disable;
    }
    ge-1/3/5 {
        disable;
    }
    ge-1/3/6 {                          
        disable;
    }
    ge-1/3/7 {
        disable;
    }
    ge-1/3/8 {
        description espelhamento-ufmg-projeto-jussara;
        disable;
        unit 0 {
            family inet {
                address 10.0.0.1/24;
            }
        }
    }
    ge-1/3/9 {
        disable;
    }
    ge-5/0/0 {
        disable;
    }
    ge-5/0/1 {
        disable;
    }
    ge-5/0/2 {
        disable;
    }
    ge-5/0/3 {
        disable;
    }
    ge-5/0/4 {
        disable;
    }
    ge-5/0/5 {
        disable;
    }
    ge-5/0/6 {
        disable;
    }
    ge-5/0/7 {
        disable;
    }
    ge-5/0/8 {
        disable;
    }
    ge-5/0/9 {
        disable;
    }
    ge-5/1/0 {
        disable;
    }
    ge-5/1/1 {
        disable;
    }
    ge-5/1/2 {
        disable;
    }
    ge-5/1/3 {
        disable;
    }
    ge-5/1/4 {
        disable;
    }
    ge-5/1/5 {
        disable;
    }
    ge-5/1/6 {
        disable;
    }
    ge-5/1/7 {
        disable;
    }
    ge-5/1/8 {
        disable;                        
    }
    ge-5/1/9 {
        disable;
    }
    ge-5/2/0 {
        disable;
    }
    ge-5/2/1 {
        disable;
    }
    ge-5/2/2 {
        disable;
    }
    ge-5/2/3 {
        disable;
    }
    ge-5/2/4 {
        disable;
    }
    ge-5/2/5 {
        disable;
    }
    ge-5/2/6 {
        disable;
    }
    ge-5/2/7 {
        disable;
    }
    ge-5/2/8 {
        disable;
    }
    ge-5/2/9 {
        disable;
    }
    ge-5/3/0 {
        disable;
    }
    ge-5/3/1 {
        disable;
    }
    ge-5/3/2 {
        disable;
    }
    ge-5/3/3 {
        disable;
    }
    ge-5/3/4 {
        disable;
    }
    ge-5/3/5 {
        disable;
    }
    ge-5/3/6 {
        disable;
    }
    ge-5/3/7 {
        disable;
    }
    ge-5/3/8 {
        disable;
    }
    ge-5/3/9 {
        disable;
    }
    lt-11/0/0 {
        mtu 9192;
        unit 0 {
            encapsulation ethernet;
            peer-unit 1;
            family inet {
                address 200.236.191.74/31;
            }
            family inet6 {              
                address 2001:12f0:600:417:5::0/127;
            }
        }
    }
    xe-11/0/0 {
        description bmg2-xe-0/1/1;
        gigether-options {
            802.3ad ae3;
        }
    }
    xe-11/0/1 {
        description bmg2-xe-0/1/0;
        gigether-options {
            802.3ad ae3;
        }
    }
    xe-11/0/2 {
        disable;
    }
    xe-11/0/3 {
        disable;
    }
    xe-11/0/4 {
        disable;
    }
    xe-11/0/5 {
        disable;
    }
    xe-11/0/6 {
        description "Core: tutu xe-11/0/6 [10G]";
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ bwtest4 bwtest3 rnp-fibre-ufu-2 rnp-fibre-ufu-1 cemig-conectinfo-cefetmg-timoteo cemig-conectinfo-ifnmg-teofilootoni-100 cemig-conectinfo-ufop-monlevade cemig-ufla cemig-ufu-sede cemig-ufv-vicosa ufu-sede-ptp cemig-conectinfo-ufjf-governadorvaladares rnp-rghu rnp-rghu-monitoracao int-ufmg-pedroleopoldo north-ufjf-sede-2G int-ufmg-igarape ifsudestemg-reitoria-brdigital ufu-santamonica-brdigital ];
                }
            }
        }
        unit 1034 {
            encapsulation vlan-bridge;
            vlan-tags outer 1034;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ pop-ufjf-hc-santacatarina-100 rnp-rghu ];
                }
            }
        }
        unit 1255 {
            encapsulation vlan-bridge;
            vlan-tags outer 1255;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ ptp-ufmg-igarape int-ufmg-igarape ];
                }
            }
        }
        unit 1346 {
            encapsulation vlan-bridge;
            vlan-tags outer 1346;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching { 
                interface-mode trunk;
                inner-vlan {
                    members [ pop-ufu-hc-100 rnp-rghu ];
                }
            }
        }
        unit 1913 {
            encapsulation vlan-bridge;
            vlan-tags outer 1913;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ pop-ufmg-hc-100 rnp-rghu ];
                }
            }
        }
        unit 1915 {
            encapsulation vlan-bridge;
            vlan-tags outer 1915;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ pop-uftm-hc-atc-100 rnp-rghu rnp-rghu-monitoracao ];
                }
            }
        }
        unit 1916 {
            encapsulation vlan-bridge;
            vlan-tags outer 1916;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ pop-ufjf-hc-100 rnp-rghu ];
                }
            }
        }
        unit 1965 {
            encapsulation vlan-bridge;
            vlan-tags outer 1965;
            input-vlan-map pop;
            output-vlan-map push;
            family ethernet-switching {
                interface-mode trunk;
                inner-vlan {
                    members [ ptp-ufmg-pedroleopoldo int-ufmg-pedroleopoldo ];
                }
            }
        }
    }
    xe-11/0/7 {
        description "Core: tutu xe-11/0/7 [10G]";
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        unit 115 {
            description "homologacao local dos testes de iperf";
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members homologa-iperf;
                }
            }
        }
        unit 135 {
            description "core-popmg-135 tropeiro-tutu";
            vlan-id 135;
            family inet {               
                address 200.131.0.130/30;
            }
            family inet6 {
                address 2001:12f0:600:fe05::3/127;
            }
        }
    }
    xe-11/1/0 {
        description "Core: almeirao (10GigabitEthernet1/3) [10G]";
        ether-options {
            802.3ad ae0;
        }
    }
    xe-11/1/1 {
        description "Core: almeirao (10GigabitEthernet1/4) [10G]";
        ether-options {
            802.3ad ae0;
        }
    }
    xe-11/1/2 {
        disable;
    }
    xe-11/1/3 {
        disable;
    }
    xe-11/1/4 {
        disable;
    }
    xe-11/1/5 {
        description "BRDigital: roteador-av03u36-brdigital-dm4100 Porta 28";
        flexible-vlan-tagging;
        mtu 9192;
        unit 1004 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members embrapa-cnpms-brdigital;
                }
            }
        }
        unit 1006 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members ifsudestemg-juizdefora-brdigital;
                }
            }
        }
        unit 1023 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members ifsudestemg-reitoria-brdigital;
                }
            }
        }
        unit 1120 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members ufu-santamonica-brdigital;
                }
            }
        }
        unit 1163 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members ufu-umuarama-brdigital;
                }
            }
        }
    }                                   
    xe-11/1/6 {
        disable;
    }
    /* circuito #325093 via Ansible - xe-11/1/7 */
    inactive: xe-11/1/7 {
        description "conexao ufmg-sede";
        unit 0 {
            description "Cust: ufmg-sede {Cliente fibra direta 001} [10G] (#325093 ufmg-10g)";
            family inet {
                filter {
                    input espelhamento;
                    output espelhamento;
                }
                address 200.19.158.253/29;
            }
            family inet6 {
                address 2001:12f0:600:ff26::0/127;
            }
        }
    }
    xe-11/2/0 {
        disable;
    }
    xe-11/2/1 {
        disable;
    }
    xe-11/2/2 {
        disable;
    }
    xe-11/2/3 {
        disable;
    }
    xe-11/2/4 {
        disable;
    }
    xe-11/2/5 {
        disable;
    }
    xe-11/2/6 {
        disable;
    }
    xe-11/2/7 {
        disable;
    }
    xe-11/3/0 {
        disable;
    }
    xe-11/3/1 {
        disable;
    }
    xe-11/3/2 {
        disable;
    }
    xe-11/3/3 {
        disable;
    }
    xe-11/3/4 {
        disable;
    }
    xe-11/3/5 {
        disable;
    }
    xe-11/3/6 {
        description "conexao popperf";
        flexible-vlan-tagging;
        mtu 9000;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ iperf-helper cemig-ufv-vicosa pop-ufjf-hc-100 pop-ufmg-hc-100 teste-iperfopenflow-a north-ufjf-sede-2G homologa-iperf ];
                }
            }                           
        }
    }
    xe-11/3/7 {
        disable;
    }
    ae0 {
        description "Core: LAG almeirao [20G] (xe-11/1/0+xe-11/1/1)";
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        aggregated-ether-options {
            minimum-links 1;
            link-speed 10g;
            lacp {
                passive;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ stc2-3700 stc2-3702 stc2-3703 stc2-3704 stc2-3706 stc2-3707 stc2-3710 stc2-3713 teste-transit ripe-atlas core-popmg-141 ];
                }
            }
        }
    }
    ae1 {
        description loop-ufu-qinq-cemig;
        mtu 9192;
        aggregated-ether-options {
            minimum-links 1;
            link-speed 1g;
            lacp {
                passive;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members cemig-ufu-sede;
                }
            }
        }
    }
    ae2 {
        description loop-ufu-qinq-pop;
        mtu 9192;
        aggregated-ether-options {
            minimum-links 1;
            link-speed 1g;
            lacp {
                active;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ rnp-fibre-ufu-1 rnp-fibre-ufu-2 ufu-sede-ptp ];
                }
            }
        }
    }
    ae3 {
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        aggregated-ether-options {
            minimum-links 1;
            link-speed 10g;
            lacp {
                active;                 
            }
        }
        unit 144 {
            description "ptp border-mg-2 as65031";
            vlan-id 144;
            family inet {
                address 200.131.0.238/31;
            }
            family inet6 {
                address 2001:12f0:600:fe05::144:1/127;
            }
        }
    }
    fxp0 {
        disable;
    }
    irb {
        unit 112 {
            description "Testes de banda com clientes - vlan bwtest3";
            family inet {
                filter {
                    input reroute-iperf;
                }
                address 200.131.2.249/30;
            }
        }
        unit 113 {
            description "Testes de banda com clientes - vlan bwtest4";
            family inet {
                filter {
                    input reroute-iperf;
                }
                address 200.131.2.253/30;
            }
        }
        unit 115 {
            description "homologacao local dos testes de iperf";
            family inet {
                address 200.19.157.54/31;
            }
        }
        unit 123 {
            family inet {
                address 10.123.0.2/30;
            }
        }
        unit 141 {
            description "core-popmg-141 tropeiro-almeirao";
            family inet {
                address 200.131.0.143/31;
            }
            family inet6 {
                address 2001:12f0:600:fe05::9/127;
            }
        }
        unit 158 {
            description "RIPE Atlas";
            family inet {
                address 200.131.2.73/29;
            }
            family inet6 {
                address 2001:12f0:600:200::1/64;
            }
        }
        unit 501 {
            description "Cust: ebserh-hcu {Algar 08667981/08667980} [100M]";
            family inet {
                address 200.19.156.46/31;
            }
            family inet6 {
                address 2001:12f0:600:ffaf::1/64;
            }
        }                               
        /* circuito #388685 via Ansible - irb.503 */
        unit 503 {
            description "Cust: ebserh-hctm {ATC MTR-RNP-86} [100M] (#388685 ebserh-hctm-atc-100 vlan-503)";
            family inet {
                address 200.19.156.57/30;
            }
            family inet6 {
                address 2001:12f0:600:ff0c::1/64;
            }
        }
        /* circuito #388669 via Ansible - irb.504 */
        unit 504 {
            description "Cust: ebserh-hcmg {ATC MTR-RNP-85} [100M] (#388669 ebserh-hcmg-atc-100 vlan-504)";
            family inet {
                address 200.19.156.37/30;
            }
            family inet6 {
                address 2001:12f0:600:ff45::1/64;
            }
        }
        /* circuito #389363 via Ansible - irb.505 */
        unit 505 {
            description "Cust: ebserh-hujf {ATC MTR-RNP-87} [100M] (#389363 ebserh-hujf-atc-100 vlan-505)";
            family inet {
                address 200.19.157.137/30;
            }
            family inet6 {
                address 2001:12f0:600:ff47::1/64;
            }
        }
        /* circuito #389220 via Ansible - irb.506 */
        unit 506 {
            description "Cust: ufmg-pedroleopoldo {ATC MTR-RNP-90} [100M] (#389220 ufmg-pedroleopoldo-atc-100 vlan-506)";
            family inet {
                address 200.19.158.13/30;
            }
        }
        unit 510 {
            description "Cust: ebserh-hujf-santacatarina {Kater 01-017937-02B-016} [100M]";
            family inet {
                address 200.19.157.112/31;
            }
            family inet6 {
                address 2001:12f0:600:ffb1::1/64;
            }
        }
        unit 512 {
            description "ptp-ufmg-20g-icex - bgp";
            family inet {
                address 200.19.158.0/31;
            }
            family inet6 {
                address 2001:12f0:600:ffa0::1/64;
            }
        }
        unit 593 {
            description "Cust: ufmg-igarape (vlan 1255) {Kater 01-017937-02B-014} [100M]";
            family inet {
                address 200.19.158.106/31;
            }
        }
        unit 910 {
            family inet {
                address 200.131.2.17/30;
            }
        }
        /* circuito #390594 via Ansible - irb.925 */
        unit 925 {
            description "Cust: ufjf-sede {North 01-001985-02A-002} [2G] (#390594 ufjf-sede-north-2g vlan-925)";
            family inet {
                address 200.19.156.237/30;
            }
            family inet6 {              
                address 2001:12f0:600:ff05::1/64;
            }
        }
        unit 1004 {
            description "Cust: embrapa-cnpms {BRDigital SLA001197520A} [150M] (#389435 embrapa-cnpms-brdigital-150 vlan-1004)";
            family inet {
                address 200.19.157.173/30;
            }
            family inet6 {
                address 2001:12f0:600:ff48::1/64;
            }
        }
        unit 1006 {
            description "Cust: ifsudestemg-juizdefora {BRDigital JFA001018421A} [200M] (#391985 ifsudestemg-juizdefora-brdigital-200 vlan-1006)";
            family inet {
                address 200.19.159.81/30;
            }
            family inet6 {
                address 2001:12f0:600:ff22::1/64;
            }
        }
        unit 1023 {
            description "Cust: ifsudestemg-reitoria {BRDigital JFA001496421A} [1G] (#397303 ifsudestemg-reitoria-brdigital-1G vlan-1023)";
            family inet {
                address 200.19.156.246/31;
            }
            family inet6 {
                address 2001:12f0:600:ffb0::1/64;
            }
        }
        unit 1120 {
            description "Cust: ufu-santamonica {BRDigital ULA001512021A} [2G] (#397451 ufu-santamonica-brdigital vlan-1120)";
            family inet {
                address 200.19.156.108/31;
            }
        }
        unit 1163 {
            description "Cust: ufu-umuarama {BRDigital ULA001018521A} [200M] (#393661 ufu-umuarama-brdigital-200 vlan-1163)";
            family inet {
                address 200.19.157.182/31;
            }
            family inet6 {
                address 2001:12f0:600:ff43::1/64;
            }
        }
        unit 1218 {
            disable;
            family inet {
                address 200.19.156.249/30;
            }
        }
        unit 1219 {
            disable;
            description "ifsuldeminas-pousoalegre-200M Algar";
            family inet {
                address 200.19.156.193/30;
            }
            family inet6 {
                address 2001:12f0:0600:ff01::1/64;
            }
        }
        unit 1578 {
            disable;
            family inet {
                address 200.19.159.85/30;
            }
            family inet6 {
                address 2001:12f0:600:ff46::1/64;
            }
        }
        /* circuito #386159 via Ansible - irb.1748 */
        unit 1748 {
            description "Cust: cefetmg-timoteo {ConectInfo Cnt01rnptto} [100M] (#386159 conectinfo-cefetmg-timoteo vlan-1748)";
            family inet {
                address 200.19.158.45/30;
            }
            family inet6 {
                address 2001:12f0:600:ff18::1/64;
            }
        }
        /* circuito #185516 via Ansible - irb.1945 */
        unit 1945 {
            description "Cust: ufu-sede {ATC MTR-RNP-37} [2G] (#185516 ufu vlan-1945)";
            family inet {
                address 200.19.156.149/30;
            }
            family inet6 {
                address 2001:12f0:600:ff31::1/64;
            }
        }
        /* circuito #188115 via Ansible - irb.1946 */
        unit 1946 {
            description "Cust: ufv-vicosa {ATC MTR-RNP-38} [2G] (#188115 ufv vlan-1946)";
            family inet {
                address 200.19.156.145/30;
            }
            family inet6 {
                address 2001:12f0:600:ff06::1/64;
            }
        }
        /* circuito #382822 via Ansible - irb.1968 */
        unit 1968 {
            description "Cust: ufla {ATC MTR-RNP-62} [2G] (#382822 ufla2 vlan-1968)";
            family inet {
                address 200.19.156.197/30;
            }
            family inet6 {
                address 2001:12f0:600:ff04::1/64;
            }
        }
        unit 2092 {
            family inet;
        }
        /* circuito #386158 via Ansible - irb.2873 */
        unit 2873 {
            description "Cust: ufop-joaomonlevade {ConectInfo Cnt02rnpjmd} [100M] (#386158 conectinfo-ufop-monlevade-2 vlan-2873)";
            family inet {
                address 200.19.157.145/30;
            }
            family inet6;
        }
        /* circuito #388586 via Ansible - irb.2908 */
        unit 2908 {
            description "Cust: ufjf-governadorvaladares {ConectInfo Cnt04rnpgvv} [100M] (#388586 ufjf-governadorvaladares-2 vlan-2908)";
            family inet {
                address 200.19.156.65/30;
            }
            family inet6 {
                address 2001:12f0:600:ff67::1/64;
            }
        }
        unit 3703 {
            description "Projeto STC2 - GER/RNP";
            family inet {
                address 10.37.3.1/24;
            }
        }
        unit 3704 {
            description "Projeto STC2 - GER/RNP";
            family inet {
                address 10.37.4.1/24;
            }
        }
        unit 3706 {
            description "Projeto STC2 - GER/RNP";
            family inet {               
                address 10.37.6.1/24;
            }
        }
        unit 3913 {
            disable;
            family inet {
                address 200.19.159.13/30;
            }
            family inet6 {
                address 2001:12f0:600:ff55::1/64;
            }
        }
        unit 3914 {
            disable;
            family inet {
                address 200.19.157.29/30;
            }
        }
        /* circuito #387275 via Ansible - irb.3962 */
        unit 3962 {
            description "Cust: ifnmg-teofilootoni {ConectInfo Cnt03rnptot} [100M] (#387275 ifnmg-teofilootoni vlan-3962)";
            family inet {
                address 200.19.157.65/30;
            }
            family inet6;
        }
        unit 4001 {
            description teste-shapping;
            family inet {
                inactive: filter {
                    output shapping;
                }
                policer {
                    output shapping100m;
                }
                address 10.1.1.1/30;
            }
        }
    }
    lo0 {
        description loopback-65031;
        unit 0 {
            family inet {
                filter {
                    input-list [ RE-SEC-IN RE-SEC-LAST-IN ];
                }
                address 200.131.0.5/32 {
                    primary;
                }
            }
            family inet6 {
                filter {
                    input-list [ RE-SEC-INv6 RE-SEC-LAST-INv6 ];
                }
                address 2001:12f0:600::5/128 {
                    primary;
                }
            }
        }
    }
}
snmp {
    location "PoP-MG [-19.868768,-43.964630]";
    community fe11owchip;
    community UCQSDDA {
        authorization read-only;
        clients {
            0.0.0.0/0 restrict;
            200.130.25.12/32;
            200.143.193.213/32;
            200.130.25.19/32;
            200.143.193.218/32;
            200.143.193.221/32;         
            200.143.193.220/32;
            2001:12f0:3e::/48;
            200.133.240.96/32;
        }
    }
    community "v1a1pe@RNPcom31" {
        authorization read-only;
        clients {
            200.131.2.165/32;
            200.131.1.81/32;
            200.131.1.101/32;
            200.131.2.166/32;
        }
    }
}
forwarding-options {
    port-mirroring {
        mirror-once;
        input {
            rate 1;
        }
        family inet {
            output {
                interface ge-1/3/8.0 {
                    next-hop 10.0.0.2;
                }
                no-filter-check;
            }
        }
    }
}
policy-options {
    /* todos os prefixos validos do AS10417 alocados pelo registro.br */
    prefix-list PREFIXOS-AS10417 {
        200.236.128.0/18;
        200.238.192.0/18;
    }
    /* prefixos alocados pela RNP ao POP-MG (AS65031) */
    prefix-list PREFIXOS-65031 {
        200.19.156.0/22;
        200.131.0.0/23;
    }
    /* prefixos que tem permissao de acesso de gerencia para usuarios do PoP-MG */
    prefix-list MGMT-POP {
        /* prefixo v4 do CRC/DCC */
        150.164.8.0/26;
        200.131.0.0/23;
        200.131.2.165/32;
        200.131.2.166/32;
        2001:12f0:600:1::/64;
        /* prefixo v6 do CRC/DCC */
        2001:12f0:601:a910::/64;
    }
    /* prefixos que tem permissao de acesso de gerencia para usuarios da DAERO/RNP */
    prefix-list MGMT-DAERO {
        170.79.212.176/29;
        200.130.25.12/32;
        200.130.66.10/32;
        200.130.66.146/32;
        200.143.193.205/32;
        200.143.193.220/32;
        2001:12f0:3e::c1dc/128;
        2001:12f0:b01:106::92/128;
    }
    /* prefixos alocados exclusivamente para conexoes ponto a ponto com clientes */
    prefix-list PTPS-POP {
        200.19.156.0/22;
    }
    prefix-list LINK-LOCALv6 {
        fe80::/10;
    }
    prefix-list LOCALHOSTv4 {
        127.0.0.1/32;                   
    }
    prefix-list LOCALHOSTv6 {
        ::1/128;
    }
    prefix-list NDPv6 {
        fe80::/10;
        ff02::1/128;
        ff02::2/128;
        ff02:0:0:0:0:1:ff00::/104;
    }
    prefix-list OSPF-ALL-ROUTERSv4 {
        224.0.0.5/32;
        224.0.0.6/32;
    }
    prefix-list OSPF-ALL-ROUTERSv6 {
        ff02::5/128;
        ff02::6/128;
    }
    prefix-list BGP-PEERSv4 {
        apply-path "protocols bgp group <*> neighbor <*>";
    }
    prefix-list BGP-LS-PEERSv4 {
        apply-path "logical-systems <*> protocols bgp group <*> neighbor <*>";
    }
    prefix-list BGP-PEERSv6 {
        apply-path "protocols bgp group <*> neighbor <*:*:*>";
    }
    prefix-list BGP-LS-PEERSv6 {
        apply-path "logical-systems <*> protocols bgp group <*> neighbor <*:*:*>";
    }
    prefix-list INTERFACESv4 {
        apply-path "interfaces <*> unit <*> family inet address <*>";
    }
    prefix-list INTERFACES-LSv4 {
        apply-path "logical-systems <*> interfaces <*> unit <*> family inet address <*>";
    }
    prefix-list INTERFACESv6 {
        apply-path "interfaces <*> unit <*> family inet6 address <*>";
    }
    prefix-list INTERFACES-LSv6 {
        apply-path "logical-systems <*> interfaces <*> unit <*> family inet6 address <*>";
    }
    prefix-list INTERFACE_FXP0v4 {
        apply-path "interfaces fxp0 unit <*> family inet address <*>";
    }
    prefix-list SERVERS-DNS {
        apply-path "system name-server <*>";
    }
    prefix-list SERVERS-DNSv6 {
        apply-path "system name-server <*:*:*>";
    }
    prefix-list SERVERS-NTP {
        apply-path "system ntp server <*>";
    }
    prefix-list SERVERS-NTP-SOURCE {
        apply-path "system ntp source-address <*>";
    }
    prefix-list SERVERS-NTP-SOURCEv6 {
        apply-path "system ntp source-address <*:*:*>";
    }
    prefix-list SERVERS-NTPv6 {
        apply-path "system ntp server <*:*:*>";
    }
    prefix-list SERVERS-SNMP {
        apply-path "snmp community <*> clients <[1-9]*>";
    }
    prefix-list SERVERS-SNMPv6 {
        apply-path "snmp community <*> clients <[1-9]*:*:*>";
    }
    route-filter-list SMALL-PREFIXES-V4 {
        0.0.0.0/0 prefix-length-range /29-/32;
    }
    route-filter-list SMALL-PREFIXES-V6 {
        ::0/0 prefix-length-range /65-/128;
    }
    /* prefixos que nunca devem ser roteados para fora do pop (BOGONS) 
    .  Bogons are defined as Martians (private and reserved addresses defined by
    .  RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated
    .  to a regional internet registry (RIR) */
    route-filter-list BOGONS-V4 {
        10.0.0.0/8 orlonger;
        100.64.0.0/10 orlonger;
        127.0.0.0/8 orlonger;
        169.254.0.0/16 orlonger;
        172.16.0.0/12 orlonger;
        192.0.0.0/24 orlonger;
        192.0.2.0/24 orlonger;
        192.88.99.0/24 orlonger;
        192.168.0.0/16 orlonger;
        198.18.0.0/15 orlonger;
        198.51.100.0/24 orlonger;
        203.0.113.0/24 orlonger;
        224.0.0.0/4 orlonger;
        240.0.0.0/4 orlonger;
    }
    /* prefixos que nunca devem ser roteados para fora do pop (BOGONS) 
    .  Bogons are defined as Martians (private and reserved addresses defined by
    .  RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated
    .  to a regional internet registry (RIR) */
    route-filter-list BOGONS-V6 {
        100::/64 orlonger;
        2001:2::/48 orlonger;
        2001:10::/28 orlonger;
        2001:db8::/32 orlonger;
        2002::/16 orlonger;
        3ffe::/16 orlonger;
        fc00::/7 orlonger;
        fe80::/10 orlonger;
        fec0::/10 orlonger;
        ff00::/8 orlonger;
    }
    policy-statement AS10417-EXPORT-IBGP {
        /* rotas recebidas via bgp sao sempre exportadas via ibgp 
        .  os filtros sao aplicados apenas no import/export do ebgp */
        term rotas-bgp {
            from protocol bgp;
            then {
                next-hop self;
                accept;
            }
        }
        /* prefixos estaticos e agregados */
        term rotas-estaticas {
            from protocol [ static aggregate bgp-static ];
            then {
                next-hop self;
                accept;
            }
        }
        /* outros casos sao descartados */
        term last-term {
            then reject;
        }
    }
    policy-statement AS10417-EXPORT-PEER {
        /* nao exportar bogons */
        term reject-bogon-prefixes-v4 {
            from {
                route-filter-list BOGONS-V4;
            }
            then reject;
        }
        term reject-bogon-prefixes-v6 {
            from {
                route-filter-list BOGONS-V6;
            }                           
            then reject;
        }
        /* nao exportar prefixos ipv4 menores que /28 */
        term remove-pequenos-v4 {
            from {
                route-filter-list SMALL-PREFIXES-V4;
            }
            then reject;
        }
        /* nao exportar prefixos ipv6 menores que /64 */
        term remove-pequenos-v6 {
            from {
                route-filter-list SMALL-PREFIXES-V6;
            }
            then reject;
        }
        /* exportar prefixos marcados como FROM-PEERS (transito ) */
        term transito {
            from {
                protocol bgp;
                community AS10417-FROM-PEERS;
            }
            then {
                community delete AS10417-FROM-PEERS;
                next-hop self;
                accept;
            }
        }
        /* exportar prefixos internos marcados como FROM-POPMG */
        term rota-estatica {
            from {
                community AS10417-FROM-POPMG;
                prefix-list-filter PREFIXOS-AS10417 orlonger;
            }
            then {
                community delete AS10417-FROM-POPMG;
                next-hop self;
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS10417-IMPORT {
        term peer-path {
            from {
                /* aceitar apenas prefixos com as-path iniciando com o ASN do peer */
                as-path FROM-AS10417;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS10417-IMPORT-PEER {
        term rotas-de-clientes {
            then {
                community add AS10417-FROM-PEERS;
                accept;
            }
        }
    }
    policy-statement AS271354-IMPORTv4 {
        term rotas-cliente {
            from {
                route-filter 150.164.0.0/16 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;                
        }
    }
    policy-statement AS271354-IMPORTv6 {
        term rotas-cliente {
            from {
                route-filter 2804:1f4a::/32 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS271640-IMPORTv4 {
        term rotas-cliente {
            from {
                route-filter 200.235.128.0/17 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS271640-IMPORTv6 {
        term rotas-cliente {
            from {
                route-filter 2801:80:3e80::/48 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS52853-IMPORTv4 {
        term rotas-cliente {
            from {
                route-filter 177.105.0.0/18 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS52853-IMPORTv6 {
        term rotas-cliente {
            from {
                route-filter 2801:a6::/32 orlonger;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS65031-EXPORT-IBGP {
        /* exportar prefixos marcados como transito recebidos de peers privados */
        term rotas-bgp {
            from protocol bgp;
            then {
                next-hop self;
                accept;
            }
        }
        /* exportar prefixos estaticos e agregados */
        term rotas-estaticas {
            from protocol [ static aggregate bgp-static ];
            then {
                next-hop self;
                accept;
            }                           
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS65031-EXPORT-PEER {
        /* nao exportar bogons ipv4 */
        term reject-bogon-prefixes-v4 {
            from {
                route-filter-list BOGONS-V4;
            }
            then reject;
        }
        /* nao exportar bogons ipv6 */
        term reject-bogon-prefixes-v6 {
            from {
                route-filter-list BOGONS-V6;
            }
            then reject;
        }
        /* nao exportar prefixos ipv4 menores que /28 */
        term remove-pequenos-v4 {
            from {
                route-filter-list SMALL-PREFIXES-V4;
            }
            then reject;
        }
        /* nao exportar prefixos ipv6 menores que /65 */
        term remove-pequenos-v6 {
            from {
                route-filter-list SMALL-PREFIXES-V6;
            }
            then reject;
        }
        /* exportar prefixos marcados como FROM-PEERS (transito ) */
        term transito {
            from {
                protocol bgp;
                community AS65031-FROM-PEERS;
            }
            then {
                community delete AS65031-FROM-PEERS;
                next-hop self;
                accept;
            }
        }
        /* exportar prefixos internos marcados como FROM-POPMG */
        term rota-cliente {
            from community AS65031-FROM-POPMG;
            then {
                community delete AS65031-FROM-POPMG;
                next-hop self;
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement AS65031-IMPORT-PEER {
        term rotas-de-clientes {
            then {
                community add AS65031-FROM-PEERS;
                accept;
            }
        }
    }
    policy-statement CLIENTE-IMPORT {
        term rotas-de-clientes {
            then {
                community add CLIENTE-BGP;
                community add AS10417-FROM-PEERS;
                accept;                 
            }
        }
    }
    policy-statement DEFAULT-ESTATICA-EXPORTv4 {
        term anuncia-default {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement DEFAULT-ESTATICA-EXPORTv6 {
        term anuncia-default {
            from {
                route-filter ::0/0 exact;
            }
            then accept;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement EXPORT-ESTATICA-DEFAULT {
        term anuncio-default-v4 {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term anuncio-default-v6 {
            from {
                route-filter ::0/0 exact;
            }
            then accept;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement EXPORT-POPMG {
        term clientes-bgp {
            from protocol bgp;
            then {
                community delete CLIENTE-BGP;
                next-hop self;
                accept;
            }
        }
    }
    policy-statement LOAD-BALANCE {
        then {
            load-balance per-packet;
        }
    }
    /* policy que exporta no OSPF apenas prefixos diretamente conectados
    .  e do loopback, ignorando a interface de gerencia (fxp0) */
    policy-statement OSPF-EXPORT {
        term ignora-fxp0 {
            from interface fxp0.0;
            then reject;
        }
        term connected-interfaces {
            from protocol [ direct local ];
            then accept;
        }
        term last-term {
            then reject;
        }
    }
    /* politica utilizada para balancear o trafego quando ha mais de
    .  uma conexao com o mesmo peso */
    policy-statement OSPF-balance {
        then {
            load-balance per-packet;
        }
    }
    policy-statement SANITIZA-CLIENTE {
        term validar-rota-v4 {
            from {
                route-filter 0.0.0.0/0 upto /27;
            }
            then next policy;
        }
        term validar-rota-v6 {
            from {
                route-filter ::0/0 upto /56;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement SANITIZA-CLIENTEv4 {
        term valida-rota {
            from {
                route-filter 0.0.0.0/0 upto /27;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement SANITIZA-CLIENTEv6 {
        term valida-rota {
            from {
                route-filter ::0/0 upto /56;
            }
            then next policy;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement SET-MED-HIGH {
        term med {
            then {
                metric 300;
            }
        }
    }
    policy-statement SET-PREPEND-3X-10417 {
        term prepend-3X-parceiros {
            then as-path-prepend "10417 10417 10417";
        }
    }
    policy-statement SET-PREPEND-3X-65031 {
        term prepend-3X-parceiros {
            then as-path-prepend "65031 65031 65031";
        }
    }
    policy-statement exportospf {
        term no-default {
            from {
                protocol static;
                route-filter 0.0.0.0/0 exact;
                route-filter 8.8.8.0/24 exact;
            }
            then reject;
        }
        term exportstatic {
            from protocol static;       
            then accept;
        }
        term block-fxp {
            from {
                protocol direct;
                interface fxp0.0;
            }
            then reject;
        }
        term stc2 {
            from {
                protocol direct;
                interface [ irb.3700 irb.3702 irb.3703 irb.3704 irb.3706 irb.3707 irb.3710 irb.3713 ];
            }
            then reject;
        }
        term exportconnected {
            from protocol direct;
            then accept;
        }
        term export-cliente-bgp {
            from {
                protocol bgp;
                community CLIENTE-BGP;
            }
            then accept;
        }
    }
    /* community aplicado aos prefixos recebidos de peers para os quais
    .  o ASN eh transito */
    community AS10417-FROM-PEERS members 10417:600;
    /* community aplicado aos prefixos internos ao pop e que devem ser 
    .  anunciados via EBGP */
    community AS10417-FROM-POPMG members 10417:200;
    /* community aplicado aos prefixos recebidos via EBGP com a RNP */
    community AS10417-FROM-RNP members 10417:1916;
    /* community aplicado aos prefixos recebidos de peers para os quais
    .  o ASN eh transito */
    community AS65031-FROM-PEERS members 65031:600;
    /* community aplicado aos prefixos internos ao pop e que devem ser 
    .  anunciados via EBGP */
    community AS65031-FROM-POPMG members 65031:200;
    /* community aplicado aos prefixos recebidos via EBGP com a RNP */
    community AS65031-FROM-RNP members 65031:1916;
    community CLIENTE-BGP members 10417:500;
    /* permite apenas prefixos cujo as-path contenha apenas o
    .  ASN 10417 - POP10417 */
    as-path FROM-AS10417 "^10417{1,6}.*";
}
firewall {
    family inet {
        filter RE-SEC-IN {
            term rejected-frag-ip-first {
                from {
                    first-fragment;
                }
                then {
                    count rejected-frag-ip-first;
                    discard;
                }
            }
            term rejected-frag-next {
                from {
                    is-fragment;
                }
                then {
                    count rejected-frag-next;
                    discard;
                }
            }
            term allow-ssh {
                from {
                    source-prefix-list {
                        MGMT-POP;
                        PTPS-POP;
                        INTERFACE_FXP0v4;
                    }
                    protocol tcp;
                    port ssh;
                }
                then {
                    count allow-ssh;
                    accept;
                }
            }
            term allow-netconf {
                from {
                    source-prefix-list {
                        MGMT-POP;
                        PTPS-POP;
                        INTERFACE_FXP0v4;
                    }
                    protocol tcp;
                    port 830;
                }
                then {
                    count allow-netconf;
                    accept;
                }
            }
            term allow-RE-ssh {
                from {
                    destination-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    source-port ssh;
                    tcp-established;
                }
                then {
                    count allow-RE-ssh;
                    accept;
                }
            }
            term allow-snmp {
                from {
                    source-prefix-list {
                        SERVERS-SNMP;
                        MGMT-POP;
                    }
                    protocol udp;
                    destination-port snmp;
                }
                then {
                    policer POLICER-RE-5M;
                    count allow-snmp;
                    accept;
                }
            }
            term allow-ospf {
                from {
                    source-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    destination-prefix-list {
                        OSPF-ALL-ROUTERSv4;
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    protocol ospf;
                }
                then {
                    count allow-ospf;
                    accept;
                }                       
            }
            term allow-bgp {
                from {
                    source-prefix-list {
                        BGP-PEERSv4;
                        BGP-LS-PEERSv4;
                    }
                    destination-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    protocol tcp;
                    port bgp;
                }
                then {
                    count allow-bgp;
                    accept;
                }
            }
            term allow-ntp {
                from {
                    source-prefix-list {
                        SERVERS-NTP;
                        SERVERS-NTP-SOURCE;
                        LOCALHOSTv4;
                    }
                    protocol udp;
                    port ntp;
                }
                then {
                    policer POLICER-RE-1M;
                    count allow-ntp;
                    accept;
                }
            }
            term allow-dns {
                from {
                    source-prefix-list {
                        SERVERS-DNS;
                    }
                    destination-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    protocol udp;
                    source-port 53;
                }
                then {
                    policer POLICER-RE-1M;
                    count allow-dns;
                    accept;
                }
            }
            term allow-icmp {
                from {
                    protocol icmp;
                    icmp-type [ echo-reply echo-request time-exceeded unreachable source-quench router-advertisement parameter-problem ];
                }
                then {
                    policer POLICER-RE-1M;
                    count allow-icmp;
                    accept;
                }
            }
            term allow-traceroute-udp {
                from {
                    destination-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    protocol udp;
                    ttl 1;
                    destination-port 33435-33450;
                }
                then {
                    policer POLICER-RE-512K;
                    count allow-traceroute-udp;
                    accept;
                }
            }
            term allow-bfd {
                from {
                    protocol udp;
                    source-port [ 49152-65535 4784 ];
                    destination-port [ 3784-3785 4784 ];
                }
                then {
                    count allow-bfd;
                    accept;
                }
            }
            term allow-tacacs {
                from {
                    protocol tcp;
                    port tacacs;
                }
                then {
                    count allow-tacacs;
                    accept;
                }
            }
        }
        /* Ultima regra aplicada no firewall de entrada */
        filter RE-SEC-LAST-IN {
            term last-term {
                then {
                    count last-term;
                    log;
                    discard;
                }
            }
        }
        filter espelhamento {
            term todos {
                from {
                    address {
                        0.0.0.0/0;
                    }
                }
                then {
                    count espelhados;
                    port-mirror;
                    accept;
                }
            }
        }
        filter reroute-iperf {
            term 0 {
                from {
                    source-address {
                        200.131.2.248/29;
                    }
                    destination-address {
                        200.131.2.248/29;
                    }
                }
                then {
                    routing-instance bwtest-router;
                }
            }
            term DEFAULT {
                then accept;
            }
        }
    }
    family inet6 {                      
        filter RE-SEC-INv6 {
            term discard-ext-headers {
                from {
                    next-header [ dstopts fragment routing no-next-header ];
                }
                then {
                    count ipv6-discard-ext-headers;
                    discard;
                }
            }
            term allow-ndp-neigh-discov {
                from {
                    source-prefix-list {
                        INTERFACESv6;
                        INTERFACES-LSv6;
                        LINK-LOCALv6;
                    }
                    destination-prefix-list {
                        INTERFACESv6;
                        INTERFACES-LSv6;
                        NDPv6;
                    }
                    payload-protocol icmp6;
                    icmp-type [ neighbor-solicit neighbor-advertisement ];
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-allow-ndp-neigh-discov;
                    accept;
                }
            }
            term allow-ndp-router-adv-solicit {
                from {
                    source-prefix-list {
                        LINK-LOCALv6;
                    }
                    payload-protocol icmp6;
                    icmp-type [ router-solicit router-advertisement ];
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-allow-ndp-rt-adv-sol;
                    accept;
                }
            }
            term allow-ospf3 {
                from {
                    source-prefix-list {
                        LINK-LOCALv6;
                    }
                    destination-prefix-list {
                        OSPF-ALL-ROUTERSv6;
                        LINK-LOCALv6;
                    }
                }
                then {
                    count ipv6-allow-ospf3;
                    accept;
                }
            }
            term allow-bgp {
                from {
                    source-prefix-list {
                        BGP-PEERSv6;
                        BGP-LS-PEERSv6;
                    }
                    destination-prefix-list {
                        INTERFACESv6;
                        INTERFACES-LSv6;
                    }
                    payload-protocol tcp;
                    port bgp;
                }                       
                then {
                    count ipv6-allow-bgp;
                    accept;
                }
            }
            term allow-icmp6-echo {
                from {
                    payload-protocol icmp6;
                    icmp-type [ echo-reply echo-request ];
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-allow-icmp6-echo;
                }
            }
            term allow-icmp6-rfc4890 {
                from {
                    payload-protocol icmpv6;
                    icmp-type [ destination-unreachable packet-too-big time-exceeded parameter-problem ];
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-allow-icmp6-rfc4890;
                    accept;
                }
            }
            term allow-bfd {
                from {
                    source-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    destination-prefix-list {
                        INTERFACESv4;
                        INTERFACES-LSv4;
                    }
                    payload-protocol udp;
                    source-port 49152-65535;
                    destination-port 3784-3785;
                }
                then {
                    count ipv6-allow-bfd;
                    accept;
                }
            }
            term allow-ssh {
                from {
                    source-prefix-list {
                        MGMT-POP;
                        MGMT-DAERO;
                    }
                    payload-protocol tcp;
                    port ssh;
                }
                then {
                    count ipv6-allow-ssh;
                    accept;
                }
            }
            term allow-RE-ssh {
                from {
                    destination-prefix-list {
                        INTERFACESv6;
                        INTERFACES-LSv6;
                    }
                    payload-protocol tcp;
                    source-port ssh;
                    tcp-established;
                }
                then {
                    count ipv6-allow-RE-ssh;
                    accept;
                }                       
            }
            term servers-snmp {
                from {
                    source-prefix-list {
                        SERVERS-SNMPv6;
                    }
                    payload-protocol udp;
                    destination-port snmp;
                }
                then {
                    policer POLICER-RE-5M;
                    count ipv6-servers-snmp;
                    accept;
                }
            }
            term servers-ntp {
                from {
                    source-prefix-list {
                        SERVERS-NTPv6;
                        SERVERS-NTP-SOURCEv6;
                        LOCALHOSTv6;
                    }
                    payload-protocol udp;
                    port ntp;
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-servers-ntp;
                    accept;
                }
            }
            term servers-dns {
                from {
                    source-prefix-list {
                        SERVERS-DNSv6;
                    }
                    destination-prefix-list {
                        INTERFACESv6;
                        INTERFACES-LSv6;
                    }
                    payload-protocol udp;
                    source-port 53;
                }
                then {
                    policer POLICER-RE-1M;
                    count ipv6-servers-dns;
                    accept;
                }
            }
        }
        filter RE-SEC-LAST-INv6 {
            term last-term {
                then {
                    count ipv6-last-term;
                    log;
                    syslog;
                    discard;
                }
            }
        }
    }
    policer POLICER-RE-1M {
        if-exceeding {
            bandwidth-limit 1m;
            burst-size-limit 9192;
        }
        then discard;
    }
    policer POLICER-RE-512K {
        if-exceeding {
            bandwidth-limit 512k;
            burst-size-limit 15k;
        }                               
        then discard;
    }
    policer POLICER-RE-5M {
        if-exceeding {
            bandwidth-limit 5m;
            burst-size-limit 9192;
        }
        then discard;
    }
    policer shapping100m {
        logical-bandwidth-policer;
        if-exceeding {
            bandwidth-limit 96m;
            burst-size-limit 14m;
        }
        then discard;
    }
    filter shapping {
        term aaa {
            from {
                protocol icmp;
            }
            then accept;
        }
        term abc {
            from {
                address {
                    200.131.1.101/32 except;
                    0.0.0.0/0;
                }
            }
            then policer shapping100m;
        }
        term fim {
            from {
                address {
                    0.0.0.0/0;
                }
            }
            then accept;
        }
    }
}
routing-instances {
    bwtest-router {
        instance-type forwarding;
        routing-options {
            static {
                route 200.131.2.250/32 next-hop 200.19.156.103;
                route 200.131.2.254/32 next-hop 200.19.156.103;
            }
        }
    }
}
routing-options {
    rib inet6.0 {
        static {
            route ::0/0 next-hop 2001:12f0:600::2;
            route 2001:12f0:619::/48 next-hop 2001:12f0:600:ff43::2;
            route 2001:12f0:600:fe00::/64 next-hop 2001:12f0:600:ff43::2;
            route 2001:12f0:62d::/48 next-hop 2001:12f0:0600:ff01::2;
            route 2001:12f0:61d::/48 next-hop 2001:12f0:600:ff55::2;
            route 2001:12f0:600:fe02::/64 next-hop 2001:12f0:600:ff55::2;
            route 2001:12f0:0602::/48 next-hop 2001:12f0:600:ff13::2;
            route 2001:12f0:618::/48 next-hop 2001:12f0:600:ff31::2;
            route 2001:12f0:0630::/48 next-hop 2001:12f0:0600:ff0c::2;
            route 2001:12f0:dbd::/48 next-hop 2001:12f0:0600:ff45::2;
            route 2001:12f0:692::/48 next-hop 2001:12f0:600:ff47::2;
            route 2001:12f0:6bd::/48 next-hop 2001:12f0:600:ff45::2;
            route 2001:12f0:614::/48 next-hop 2001:12f0:600:ff05::2;
            route 2001:12f0:694::/48 next-hop 2001:12f0:600:ffaf::2;
        }
    }                                   
    interface-routes {
        rib-group inet bwtest-router;
    }
    router-id 200.131.0.5;
    static {
        route 200.131.16.224/27 next-hop [ 200.19.158.2 200.19.156.66 ];
        route 200.131.50.0/26 next-hop 200.19.158.246;
        route 200.131.188.0/22 next-hop 200.19.156.150;
        route 200.19.144.0/21 next-hop 200.19.156.150;
        route 200.19.152.0/23 next-hop 200.19.156.150;
        route 200.19.154.0/24 next-hop 200.19.156.150;
        route 200.131.32.64/30 next-hop 200.19.158.46;
        route 200.131.39.0/25 next-hop 200.19.158.46;
        route 200.128.144.0/21 next-hop 200.19.158.46;
        route 10.44.0.0/30 next-hop 10.123.0.1;
        route 200.131.213.0/24 next-hop 200.19.156.58;
        route 200.131.48.64/28 next-hop 200.19.156.38;
        route 200.131.52.0/24 next-hop 200.19.156.238;
        route 200.17.69.0/24 next-hop 200.19.156.238;
        route 200.17.70.0/23 next-hop 200.19.156.238;
        route 200.17.72.0/24 next-hop 200.19.156.238;
        route 200.131.16.0/22 next-hop 200.19.156.238;
        route 200.131.55.0/24 next-hop 200.19.156.238;
        route 200.131.56.0/24 next-hop 200.19.156.238;
        route 200.131.60.0/23 next-hop 200.19.156.238;
        route 200.131.219.0/24 next-hop 200.19.156.238;
        route 200.131.194.0/23 next-hop 200.19.156.150;
        route 200.131.196.0/22 next-hop 200.19.156.150;
        route 200.131.200.0/21 next-hop 200.19.156.150;
        route 200.131.8.0/24 next-hop 200.19.157.174;
        route 200.131.2.8/30 next-hop 200.19.157.174;
        route 200.131.96.0/24 next-hop 200.19.159.82;
        route 200.131.97.0/24 next-hop 200.19.159.82;
        route 200.131.98.0/24 next-hop 200.19.159.82;
        route 200.131.192.0/24 next-hop 200.19.157.183;
        route 200.131.15.208/28 next-hop 200.19.156.47;
        route 200.131.250.0/24 next-hop 200.19.156.198;
        route 200.131.15.192/29 next-hop 200.19.157.138;
        route 200.131.15.200/29 next-hop 200.19.157.113;
    }
    rib-groups {
        bwtest-router {
            import-rib [ inet.0 bwtest-router.inet.0 ];
        }
    }
    nonstop-routing;
    forwarding-table {
        export OSPF-balance;
    }
}
protocols {
    oam {
        gre-tunnel {
            interface gr-0/0/0.0;
        }
    }
    bgp {
        group IBGP-POPMG {
            type internal;
            description IBGP-POPMG;
            multipath;
            inactive: neighbor 200.131.0.4 {
                description IBGP-with-tutu;
                local-address 200.131.0.5;
                family inet {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
            inactive: neighbor 2001:12f0:600::4 {
                description IBGPv6-with-tutu;
                local-address 2001:12f0:600::5;
                family inet6 {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
            neighbor 200.131.0.21 {
                description IBGP-with-border-mg-1;
                local-address 200.131.0.5;
                family inet {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
            neighbor 2001:12f0:600::21 {
                description IBGPv6-with-border-mg-1;
                local-address 2001:12f0:600::5;
                family inet6 {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
            neighbor 200.131.0.22 {
                description IBGP-with-border-mg-2;
                local-address 200.131.0.5;
                family inet {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
            neighbor 2001:12f0:600::22 {
                description IBGPv6-with-border-mg-2;
                local-address 2001:12f0:600::5;
                family inet6 {
                    unicast;
                }
                export AS65031-EXPORT-IBGP;
                peer-as 65031;
                local-as 65031;
            }
        }
        inactive: group EBGP-POPMG {
            type external;
            description "Peerings com outros ASNs";
            remove-private;
            neighbor 200.236.191.75 {
                description "Peering IPv4 de AS65031 com POP10417 - AS10417";
                local-address 200.236.191.74;
                /* AS10417-IMPORT - filtra apenas prefixos com as-path iniciando pelo ASN
                .  SANITIZA-CLIENTE      - filtra prefixos menores do que o minimo aceito
                .  AS65031-IMPORT-PEER - marca prefixos para transito */
                import [ AS10417-IMPORT SANITIZA-CLIENTE AS65031-IMPORT-PEER ];
                family inet {
                    unicast;
                }
                export EXPORT-ESTATICA-DEFAULT;
                peer-as 10417;
                local-as 65031;
                advertise-bgp-static;
            }
            neighbor 2001:12f0:600:417:5::1 {
                description "Peering IPv6 de AS65031 com POP10417 - AS10417";
                local-address 2001:12f0:600:417:5::0;
                /* AS10417-IMPORT - filtra apenas prefixos com as-path iniciando pelo ASN
                .  SANITIZA-CLIENTE      - filtra prefixos menores do que o minimo aceito
                .  AS65031-IMPORT-PEER - marca prefixos para transito */
                import [ AS10417-IMPORT SANITIZA-CLIENTE AS65031-IMPORT-PEER ];
                family inet6 {
                    unicast;
                }
                export EXPORT-ESTATICA-DEFAULT;
                peer-as 10417;
                local-as 65031;
                advertise-bgp-static;
            }
        }
        group IBGP-POPMGv4 {
            type internal;
            description IBGPv4-ASN10417;
            local-address 200.131.0.5;
            advertise-inactive;
            family inet {
                unicast;
                flow;
            }
            export EXPORT-POPMG;
            local-as 10417;
            multipath;
            neighbor 200.131.0.3 {
                description "IBGPv4 almeirao";
            }
            neighbor 200.131.0.2 {
                description "IBGPv4 couve";
            }
            neighbor 200.131.0.4 {
                description "IBGPv4 tutu";
            }
        }
        group IBGP-POPMGv6 {
            type internal;
            description IBGPv6-ASN10417;
            local-address 2001:12f0:600::5;
            advertise-inactive;
            family inet6 {
                unicast;
            }
            export EXPORT-POPMG;
            local-as 10417;
            multipath;
            neighbor 2001:12f0:600::3 {
                description "IBGPv6 almeirao";
            }
            neighbor 2001:12f0:600::2 {
                description "IBGPv6 couve";
            }
            neighbor 2001:12f0:600::4 {
                description "IBGPv6 tutu";
            }
        }
        group EBGP-CLIENTESv4 {
            type external;
            description "Peering com clientes";
            family inet {
                unicast;
                flow;
            }
            export DEFAULT-ESTATICA-EXPORTv4;
            local-as 10417;
            inactive: neighbor 200.19.158.1 {
                description "EBGPv4 ASN271354 - UFMG";
                local-address 200.19.158.0;
                import [ AS271354-IMPORTv4 SANITIZA-CLIENTEv4 CLIENTE-IMPORT ];
                peer-as 271354;
            }
            neighbor 200.19.156.198 {
                description "EBGPv4 ASN52853 - UFLA";
                local-address 200.19.156.197;
                import [ AS52853-IMPORTv4 SANITIZA-CLIENTEv4 CLIENTE-IMPORT ];
                peer-as 52853;
            }
            neighbor 200.19.156.146 {
                description "EBGPv4 ASN271640 - UFV";
                local-address 200.19.156.145;
                import [ AS271640-IMPORTv4 SANITIZA-CLIENTEv4 CLIENTE-IMPORT ];
                peer-as 271640;
            }
        }
        group EBGP-CLIENTESv6 {
            description "Peering com clientes";
            family inet6 {
                unicast;
            }
            export DEFAULT-ESTATICA-EXPORTv6;
            local-as 10417;
            inactive: neighbor 2001:12f0:600:ffa0::2 {
                description "EBGPv6 ASN271354 - UFMG";
                local-address 2001:12f0:600:ffa0::1;
                import [ AS271354-IMPORTv6 SANITIZA-CLIENTEv6 CLIENTE-IMPORT ];
                export DEFAULT-ESTATICA-EXPORTv6;
                peer-as 271354;
            }
            neighbor 2001:12f0:600:ff04::2 {
                description "EBGPv6 ASN52853 - UFLA";
                local-address 2001:12f0:600:ff04::1;
                import [ AS52853-IMPORTv6 SANITIZA-CLIENTEv6 CLIENTE-IMPORT ];
                export DEFAULT-ESTATICA-EXPORTv6;
                peer-as 52853;
            }
            neighbor 2001:12f0:600:ff06::2 {
                description "EBGPv6 ASN271640 - UFV";
                local-address 2001:12f0:600:ff06::1;
                import [ AS271640-IMPORTv6 SANITIZA-CLIENTEv6 CLIENTE-IMPORT ];
                export DEFAULT-ESTATICA-EXPORTv6;
                peer-as 271640;
            }
        }
        advertise-inactive;
        mtu-discovery;
        log-updown;
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface ae3.144 {
                interface-type p2p;
            }
            interface xe-11/0/7.135 {
                interface-type p2p;
            }
            interface irb.141;
        }
        export exportospf;
        reference-bandwidth 200g;
    }
    ospf3 {
        area 0.0.0.0 {
            interface xe-11/0/7.135 {
                interface-type p2p;
            }
            interface irb.141 {
                interface-type p2p;
                priority 1;
            }
            interface lo0.0 {
                passive;
            }
            interface ae3.144 {
                interface-type p2p;
            }                           
        }
        traceoptions {
            file log.ospf3 size 1000k files 5 world-readable;
            flag state;
            flag error;
        }
        export exportospf;
        reference-bandwidth 200g;
    }
    lldp {
        port-id-subtype interface-name;
        interface all;
    }
    sflow {
        polling-interval 30;
        sample-rate {
            ingress 2048;
            egress 2048;
        }
        source-ip 200.131.0.5;
        collector 200.131.1.99 {
            udp-port 9996;
        }
        collector 200.131.1.107 {
            udp-port 9990;
        }
        interfaces gigabit-interfaces;
        interfaces tengigabit-interfaces;
    }
}
vlans {
    bgp-rnp-puc {
        vlan-id 2950;
    }
    bwtest3 {
        vlan-id 112;
        l3-interface irb.112;
    }
    bwtest4 {
        vlan-id 113;
        l3-interface irb.113;
    }
    cemig-conectinfo-cefetmg-timoteo {
        vlan-id 1748;
        l3-interface irb.1748;
    }
    cemig-conectinfo-ifnmg-teofilootoni-100 {
        vlan-id 3962;
        l3-interface irb.3962;
    }
    cemig-conectinfo-ufjf-governadorvaladares {
        vlan-id 2908;
        l3-interface irb.2908;
    }
    cemig-conectinfo-ufop-monlevade {
        vlan-id 2873;
        l3-interface irb.2873;
    }
    cemig-ufla {
        vlan-id 1968;
        l3-interface irb.1968;
    }
    cemig-ufu-sede {
        vlan-id 602;
    }
    cemig-ufv-vicosa {
        vlan-id 1946;
        l3-interface irb.1946;
    }
    core-popmg-135 {
        vlan-id 135;
        l3-interface irb.135;
    }                                   
    core-popmg-141 {
        vlan-id 141;
        l3-interface irb.141;
    }
    embrapa-cnpms-brdigital {
        vlan-id 1004;
        l3-interface irb.1004;
    }
    homologa-iperf {
        vlan-id 115;
        l3-interface irb.115;
    }
    ifsudestemg-juizdefora-brdigital {
        vlan-id 1006;
        l3-interface irb.1006;
    }
    ifsudestemg-reitoria-brdigital {
        vlan-id 1023;
        l3-interface irb.1023;
    }
    int-ufmg-igarape {
        vlan-id 594;
    }
    int-ufmg-pedroleopoldo {
        vlan-id 507;
    }
    iperf-helper {
        description "vlan ficticia para ajudar automacao do iperf";
    }
    north-ufjf-sede-2G {
        vlan-id 925;
        l3-interface irb.925;
    }
    pop-ufjf-hc-100 {
        vlan-id 505;
        l3-interface irb.505;
    }
    pop-ufjf-hc-santacatarina-100 {
        vlan-id 510;
        l3-interface irb.510;
    }
    pop-ufmg-hc-100 {
        vlan-id 504;
        l3-interface irb.504;
    }
    pop-uftm-hc-atc-100 {
        vlan-id 503;
        l3-interface irb.503;
    }
    pop-ufu-hc-100 {
        vlan-id 501;
        l3-interface irb.501;
    }
    ptp-ufmg-20g-icex {
        vlan-id 512;
        l3-interface irb.512;
    }
    ptp-ufmg-igarape {
        vlan-id 593;
        l3-interface irb.593;
    }
    ptp-ufmg-pedroleopoldo {
        vlan-id 506;
        l3-interface irb.506;
    }
    ripe-atlas {
        vlan-id 158;
        l3-interface irb.158;
    }
    rnp-fibre-ufu-1 {
        vlan-id 3501;
    }
    rnp-fibre-ufu-2 {                   
        vlan-id 3502;
    }
    rnp-rghu {
        vlan-id 3470;
    }
    rnp-rghu-monitoracao {
        vlan-id 3465;
    }
    scapy {
        vlan-id 3011;
        l3-interface irb.3011;
    }
    stc2-3700 {
        vlan-id 3700;
        l3-interface irb.3700;
    }
    stc2-3702 {
        vlan-id 3702;
        l3-interface irb.3702;
    }
    stc2-3703 {
        vlan-id 3703;
        l3-interface irb.3703;
    }
    stc2-3704 {
        vlan-id 3704;
        l3-interface irb.3704;
    }
    stc2-3706 {
        vlan-id 3706;
        l3-interface irb.3706;
    }
    stc2-3707 {
        vlan-id 3707;
        l3-interface irb.3707;
    }
    stc2-3710 {
        vlan-id 3710;
        l3-interface irb.3710;
    }
    stc2-3713 {
        vlan-id 3713;
        l3-interface irb.3713;
    }
    teste-iperfopenflow-a {
        vlan-id 123;
        l3-interface irb.123;
    }
    teste-transit {
        vlan-id 151;
    }
    ufu-santamonica-brdigital {
        vlan-id 1120;
        l3-interface irb.1120;
    }
    ufu-sede-ptp {
        vlan-id 1945;
        l3-interface irb.1945;
    }
    ufu-umuarama-brdigital {
        vlan-id 1163;
        l3-interface irb.1163;
    }
}

{master}

UFV-VICOSA JUNIPER EX9214

--- JUNOS 19.2R2.7 built 2020-05-16 03:51:10 UTC
minas@UFV-Vicosa> configure 
Entering configuration mode

minas@UFV-Vicosa# run show config
## Last commit: 2022-01-06 09:33:44 BRST by minas
version 20200423.125841_builder.r1104050;
groups {
    SYSTEM-LOGIN {
        system {
            login {
                class <*> {
                    idle-timeout 30;
                }
            }
        }
    }
}
system {
    host-name UFV-Vicosa;
    root-authentication {
        encrypted-password "$1$e9PsbKIT$kxPqdt6vgw3Ors4Oe4fYb1"; ## SECRET-DATA
    }
    login {
        apply-groups SYSTEM-LOGIN;
        class view-configuration {
            permissions [ view view-configuration ];
        }
        user backup {
            uid 2002;
            class view-configuration;
            authentication {
                ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaO8MqbkzWJ4fBEx29yTNp0bQ/oysxX1TJRl5VswDLv96Kpwn+8db5xKMuU0JLqlf1t/nTSix8JW3r23FMIge/clE+6l7GuQC9i/KKF4pgKV9B6sDlwiYx2Wl9p3V2R81U3PKvxN/i4abb+4iRU5l8RZSp3p7OTVhUjdQWMHRYiTenvLJdS1z635YrILcWkiGXgdc+qHV/KvKKIFoJiEn8qi6t+OEnlncNaNm0IZpI5TWWgJFZZ6RYr62lMBWyd0q8hieBTUrxx/CKAqL0Fr8HKgpstVuxDhwprPT9JeiYCT+eXL778z1o8/4/nOe1+XRmazLxo9g4eYYNAXk1dTGt oxidized@capetang"; ## SECRET-DATA
            }
        }
        user minas {
            uid 2001;
            class super-user;
            authentication {
                encrypted-password "$1$883SL2wL$J0lBLtK.qt0Kr8MK4smS2."; ## SECRET-DATA
            }
        }
        user staff-pop {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$JSgr.O6q$u0wj3mrwEoYDg3a5Z80Jh."; ## SECRET-DATA
            }
        }
        message "***************************************************\n                       RNP\nAcesso a este equipamento ou a redes internas e'\nproibido sem uma autorizacao formal por escrito.\nOs infratores estarao sujeitos a processos civis\ne criminais.\n\nAccess to this device or attached networks is\nprohibited without express written permission.\nViolators will be prosecuted to the fullest extend\nof both civil and criminal law.\n***************************************************";
    }
    services {
        ssh {
            protocol-version v2;
            connection-limit 3;
            rate-limit 3;
        }
        web-management {
            http;
        }
    }
    domain-name rnp.br;
    time-zone America/Sao_Paulo;
    internet-options {
        path-mtu-discovery;
    }
    name-server {
        200.131.1.8;
        200.131.1.9;
        200.131.1.10;
    }
    syslog {
        user * {
            any emergency;              
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp {
        server 200.131.1.21 prefer;
    }
}
chassis {
    config-button no-clear;
    aggregated-devices {
        ethernet {
            device-count 4;
            lacp {
                system-priority 1;
            }
        }
    }
    alarm {
        management-ethernet {
            link-down ignore;
        }
    }
}
security {
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        rsh disable;
        rtsp disable;
        sccp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
interfaces {
    interface-range interfaces-desativadas {
        member ge-0/0/3;
        member ge-0/0/4;
        member ge-0/0/5;
        member ge-0/0/6;
        member ge-0/0/7;
        member ge-0/0/10;
        member ge-0/0/11;
        member ge-0/0/12;
        member ge-0/0/13;
        member ge-0/0/14;
        member ge-0/0/15;               
        disable;
    }
    ge-0/0/0 {
        description "Peering ATC";
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members atc-peering;
                }
            }
        }
    }
    ge-0/0/1 {
        gigether-options {
            802.3ad ae0;
        }
    }
    ge-0/0/2 {
        gigether-options {
            802.3ad ae0;
        }
    }
    ge-0/0/8 {
        gigether-options {
            802.3ad ae1;
        }
    }
    ge-0/0/9 {
        gigether-options {
            802.3ad ae1;
        }
    }
    ae0 {
        description "WAN - PoP-MG";
        aggregated-ether-options {
            minimum-links 1;
            link-speed 1g;
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            family inet {
                address 200.19.156.146/30;
            }
            family inet6 {
                address 2001:12f0:0600:ff06::2/64;
            }
        }
    }
    ae1 {
        description "LAN - UFV";
        aggregated-ether-options {
            minimum-links 1;
            link-speed 1g;
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            family inet {
                address 200.235.255.249/29;
                address 200.235.255.209/28;
            }
            family inet6 {
                address 2801:80:3e80:ffff::1/64;
            }
        }
    }
    ae2 {                               
        disable;
    }
    ae3 {
        disable;
    }
    fxp0 {
        disable;
    }
    irb {
        unit 401 {
            family inet {
                address 186.248.113.74/30;
            }
            family inet6 {
                address 2804:238:0:2::5b6/126;
            }
        }
    }
    lo0 {
        description "Interface de Loopback";
        unit 0 {
            description "Loopback0 - ENDERECO RFC1918";
            family inet {
                filter {
                    input-list [ RENGINE-SEC RENGINE-SEC-LAST ];
                }
                address 172.16.17.18/32;
            }
            family inet6 {
                filter {
                    input-list [ RENGINE-SEC-v6 RENGINE-SEC-LASTv6 ];
                }
                address 2001:db8:16:17::18/128;
            }
        }
    }
}
snmp {
    description ufv-vicosa;
    location "Vicosa [-20.762165, -42.869384]";
    contact "operacao@pop-mg.rnp.br";
    community cl1ente5 {
        authorization read-only;
        clients {
            200.131.1.0/24;
        }
    }
    community "v1a1pe@RNPcom31" {
        authorization read-only;
        clients {
            200.131.2.165/32;
            200.131.1.81/32;
        }
    }
    community dti {
        authorization read-only;
        clients {
            200.235.128.167/32;
            200.235.177.41/32;
        }
    }
}
forwarding-options {
    hash-key {
        family inet {
            layer-3;
            layer-4;
        }
    }
}
policy-options {
    prefix-list MGMT-POP {
        200.131.0.0/23;                 
        200.131.2.165/32;
    }
    prefix-list NTP-SERVERS {
        apply-path "system ntp server <*>";
    }
    prefix-list NTP-SOURCE {
        apply-path "system ntp source-address <*>";
    }
    prefix-list MGMT-LOCAL {
        192.168.1.0/24;
        200.235.128.167/32;
    }
    prefix-list POP-MGMT {
        10.19.46.0/30;
        192.168.1.0/24;
        200.131.0.0/23;
    }
    prefix-list RNP-MGMT {
        200.131.2.165/32;
    }
    prefix-list POP-ICMP {
        200.131.0.0/23;
    }
    prefix-list RNP-ICMP {
        200.131.2.165/32;
    }
    prefix-list LOCAL-MGMT {
        200.235.128.0/17;
    }
    prefix-list POP-MGMT-IPv6 {
        2001:12f0:600:0::/64;
        2001:12f0:600:1::/64;
    }
    prefix-list POP-DNS {
        apply-path "system name-server <*>";
    }
    prefix-list BGP-PEERS-V4 {
        apply-path "protocols bgp group <*> neighbor <*>";
    }
    prefix-list BGP-PEERS-V6 {
        apply-path "protocols bgp group <*v6> neighbor <*:*:*>";
    }
    prefix-list INTERFACESv4 {
        apply-path "interfaces <*> unit <*> family inet address <*>";
    }
    prefix-list INTERFACESv6 {
        apply-path "interfaces <*> unit <*> family inet6 address <*>";
    }
    policy-statement FROM-ATCv4 {
        term rota-default-backup {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then {
                preference 200;
                accept;
            }
        }
        term rotas-locais {
            from {
                route-filter 0.0.0.0/0 prefix-length-range /16-/24;
            }
            then {
                preference 200;
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement FROM-ATCv6 {
        term rota-default-backup {      
            from {
                route-filter ::/0 exact;
            }
            then {
                preference 200;
                accept;
            }
        }
        term rotas-locais {
            from {
                route-filter ::/0 prefix-length-range /32-/56;
            }
            then {
                preference 200;
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement PREPEND {
        term prepend {
            then as-path-prepend 271640;
        }
        then next policy;
    }
    policy-statement TO-ATCv4 {
        term anuncia-com-prepend {
            from {
                route-filter 200.235.128.0/17 upto /24;
            }
            then {
                as-path-prepend "271640 271640 271640 271640";
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement TO-ATCv6 {
        term anuncia-com-prepend {
            from {
                route-filter 2801:80:3e80::/48 orlonger;
            }
            then {
                as-path-prepend "271640 271640 271640 271640";
                accept;
            }
        }
        term last-term {
            then reject;
        }
    }
    policy-statement TO-POPMGv4 {
        term blocos {
            from {
                route-filter 200.235.128.0/17 upto /24;
            }
            then accept;
        }
        term last-term {
            then reject;
        }
    }
    policy-statement TO-POPMGv6 {
        term blocos {
            from {
                route-filter 2801:80:3e80::/48 orlonger;
            }
            then accept;
        }                               
        term last-term {
            then reject;
        }
    }
    inactive: community FROM-PEERING members 271640:100;
}
firewall {
    family inet {
        filter RENGINE-SEC {
            term allow-dns {
                from {
                    source-prefix-list {
                        POP-DNS;
                    }
                    protocol udp;
                    source-port domain;
                }
                then accept;
            }
            term allow-snmp {
                from {
                    source-prefix-list {
                        POP-MGMT;
                        RNP-MGMT;
                        LOCAL-MGMT;
                    }
                    protocol udp;
                    port snmp;
                }
                then accept;
            }
            term allow-icmp-internal {
                from {
                    prefix-list {
                        POP-ICMP;
                        RNP-ICMP;
                    }
                    protocol icmp;
                }
                then accept;
            }
            term allow-icmp {
                from {
                    protocol icmp;
                }
                then {
                    policer POLICER-RE-5M;
                    count allow-icmp-counter;
                    accept;
                }
            }
            term allow-ntp-servers {
                from {
                    source-prefix-list {
                        NTP-SERVERS;
                        NTP-SOURCE;
                    }
                    protocol udp;
                    port ntp;
                }
                then accept;
            }
            term allow-ssh {
                from {
                    source-prefix-list {
                        POP-MGMT;
                        RNP-MGMT;
                        LOCAL-MGMT;
                    }
                    protocol tcp;
                    port ssh;
                }
                then accept;            
            }
            term allow-bgp {
                from {
                    source-prefix-list {
                        BGP-PEERS-V4;
                    }
                    destination-prefix-list {
                        INTERFACESv4;
                    }
                    protocol tcp;
                    port bgp;
                }
                then {
                    count allow-bgp;
                    accept;
                }
            }
        }
        filter RENGINE-SEC-LAST {
            term last-term {
                then {
                    count last-term-discard-counter;
                    discard;
                }
            }
        }
    }
    family inet6 {
        filter RENGINE-SEC-v6 {
            term allow-snmp {
                from {
                    source-prefix-list {
                        POP-MGMT-IPv6;
                    }
                    port snmp;
                }
                then accept;
            }
            term allow-icmpv6 {
                from {
                    next-header icmpv6;
                }
                then {
                    count allow-icmpv6-counter;
                    accept;
                }
            }
            term allow-ntp-servers {
                from {
                    source-prefix-list {
                        NTP-SERVERS;
                        NTP-SOURCE;
                    }
                    port ntp;
                }
                then accept;
            }
            term allow-ssh {
                from {
                    source-prefix-list {
                        POP-MGMT-IPv6;
                    }
                    port ssh;
                }
                then accept;
            }
            term allow-bgp {
                from {
                    source-prefix-list {
                        BGP-PEERS-V6;
                    }
                    destination-prefix-list {
                        INTERFACESv6;   
                    }
                    next-header tcp;
                    port bgp;
                }
                then {
                    count ipv6-allow-bgp;
                    accept;
                }
            }
        }
        filter RENGINE-SEC-LASTv6 {
            term last-term {
                then {
                    count last-term-discard-counter-ipv6;
                    discard;
                }
            }
        }
    }
    policer POLICER-RE-5M {
        if-exceeding {
            bandwidth-limit 5m;
            burst-size-limit 9192;
        }
        then discard;
    }
}
vlans {
    atc-peering {
        vlan-id 401;
        l3-interface irb.401;
    }
}
protocols {
    bgp {
        group POPMGv4 {
            type external;
            family inet {
                unicast;
                flow;
            }
            export TO-POPMGv4;
            peer-as 10417;
            neighbor 200.19.156.145 {
                description "ptp popmg";
            }
        }
        group POPMGv6 {
            type external;
            export TO-POPMGv6;
            peer-as 10417;
            neighbor 2001:12f0:600:ff06::1 {
                description "ptp popmg";
            }
        }
        group ATCv4 {
            type external;
            local-address 186.248.113.74;
            import FROM-ATCv4;
            family inet {
                unicast;
                flow;
            }
            export TO-ATCv4;
            peer-as 23106;
            neighbor 186.248.113.73 {
                description "ATC sessao local - tabela parcial";
            }
            /* NAO ATIVAR - MEMORIA INSUFICIENTE - FULL ROUTING */
            inactive: neighbor 200.150.1.192 {
                description "ATC sessao multihop - full-table";
                multihop {
                    /* necessario 16 hops */
                    ttl 1;
                }
            }
        }
        group ATCv6 {
            type external;
            local-address 2804:238:0:2::5b6;
            import FROM-ATCv6;
            export TO-ATCv6;
            peer-as 23106;
            neighbor 2804:238:0:2::5b5 {
                description "ATC sessao local - tabela parcial";
            }
            inactive: neighbor 2804:238:0:1::1 {
                description "ATC sessao multihop - full-table";
                multihop {
                    ttl 1;
                }
            }
        }
    }
}
routing-options {
    rib inet6.0 {
        static {
            route 2801:80:3e80::/48 next-hop 2801:80:3e80:ffff::2;
        }
        generate {
            route 2801:80:3e80::/48;
        }
    }
    static {
        route 200.235.255.128/26 next-hop 200.235.255.250;
        route 200.235.255.192/27 next-hop 200.235.255.250;
        route 200.235.255.240/29 next-hop 200.235.255.250;
        route 200.235.128.0/19 next-hop 200.235.255.250;
        route 200.235.160.0/21 next-hop 200.235.255.250;
        route 200.235.172.0/22 next-hop 200.235.255.250;
        route 200.235.176.0/20 next-hop 200.235.255.250;
        route 200.235.207.0/25 next-hop 200.235.255.250;
        route 200.235.209.0/25 next-hop 200.235.255.250;
        route 200.235.211.0/24 next-hop 200.235.255.250;
        route 200.235.212.0/25 next-hop 200.235.255.250;
        route 200.235.213.0/25 next-hop 200.235.255.250;
        route 200.235.215.0/25 next-hop 200.235.255.250;
        route 200.235.216.0/25 next-hop 200.235.255.250;
        route 200.235.218.0/25 next-hop 200.235.255.250;
        route 200.235.219.0/25 next-hop 200.235.255.250;
        route 200.235.220.0/25 next-hop 200.235.255.250;
        route 200.235.221.0/25 next-hop 200.235.255.250;
        route 200.235.222.0/24 next-hop 200.235.255.250;
        route 200.235.223.0/25 next-hop 200.235.255.250;
        route 200.235.224.0/21 next-hop 200.235.255.250;
        route 200.235.232.0/23 next-hop 200.235.255.250;
        route 200.235.236.0/22 next-hop 200.235.255.250;
        route 200.235.240.0/22 next-hop 200.235.255.250;
        route 200.235.246.0/23 next-hop 200.235.255.250;
        route 200.235.248.0/22 next-hop 200.235.255.250;
        route 200.235.252.0/23 next-hop 200.235.255.250;
        route 200.235.254.0/24 next-hop 200.235.255.250;
        route 200.235.168.0/23 next-hop 200.235.255.250;
        route 200.235.255.0/25 next-hop 200.235.255.253;
        route 200.235.170.0/23 next-hop 200.235.255.250;
        route 200.235.192.0/21 next-hop 200.235.255.250;
        route 200.235.200.0/22 next-hop 200.235.255.250;
        route 200.235.204.0/23 next-hop 200.235.255.250;
        route 200.235.206.0/24 next-hop 200.235.255.250;
        route 200.235.207.128/25 next-hop 200.235.255.250;
        route 200.235.208.0/24 next-hop 200.235.255.250;
        route 200.235.209.128/25 next-hop 200.235.255.250;
        route 200.235.210.0/24 next-hop 200.235.255.250;
        route 200.235.212.128/25 next-hop 200.235.255.250;
        route 200.235.213.128/25 next-hop 200.235.255.250;
        route 200.235.214.0/24 next-hop 200.235.255.250;
        route 200.235.215.128/25 next-hop 200.235.255.250;
        route 200.235.216.128/25 next-hop 200.235.255.250;
        route 200.235.217.0/24 next-hop 200.235.255.250;
        route 200.235.218.128/25 next-hop 200.235.255.250;
        route 200.235.219.128/25 next-hop 200.235.255.250;
        route 200.235.220.128/25 next-hop 200.235.255.250;
        route 200.235.221.128/25 next-hop 200.235.255.250;
        route 200.235.223.128/25 next-hop 200.235.255.250;
        route 200.235.234.0/23 next-hop 200.235.255.250;
        route 200.235.244.0/23 next-hop 200.235.255.250;
        route 200.235.255.224/28 next-hop 200.235.255.250;
        route 200.235.128.0/17 next-hop 200.235.255.250;
        route 200.150.1.192/32 next-hop 186.248.113.73;
    }
    autonomous-system 271640;
}

[edit]
minas@UFV-Vicosa# 
pop-mg/configs/ufvbgp/start.txt · Last modified: 2022/10/17 19:34 by murilo