version 8.3R1.5; system { host-name jun-m20-1; domain-name us.admin.fr.cfm.fr; domain-search [ us.admin.fr.cfm.fr fr.cfm.fr ]; backup-router 10.1.3.254 destination [ 172.16.0.0/20 172.17.0.0/16 ]; time-zone America/New_York; arp { aging-timer 60; passive-learning; } mirror-flash-on-disk; location { country-code us; rack 4; } root-authentication { encrypted-password "$1$0zZfZQ3D$7ogopmG6MVS0l8GpEA1Dz."; ## SECRET-DATA } name-server { 172.16.20.201; 172.16.0.133; 172.16.0.134; } static-host-mapping { jun-m20-1 inet 10.1.3.200; } services { ssh { root-login allow; protocol-version v2; } inactive: telnet; } syslog { host 172.16.20.201 { any any; match .*; } host 172.16.0.36 { any any; match .*; } host 172.16.0.37 { any any; match .*; } source-address 10.1.3.200; } ntp { boot-server 172.16.20.201; server 172.16.20.201; server 172.16.15.102; server 172.16.15.101; } } logical-routers { CFM-1 { interfaces { ge-0/1/0 { unit 8; } } protocols { pim { interface ge-0/1/0.0 { mode sparse-dense; version 2; } } rip { send broadcast; } } } SFTI { interfaces { ge-0/2/0 { unit 10; unit 11; } } protocols { bgp { traceoptions { /* Rotate through 5 files at 1mb each */ file log-bgp size 1m files 5; /* Trace BGP state transition */ flag state; /* Trace BGP normal events */ flag normal; } mtu-discovery; /* Log BGP neighbor changes */ log-updown; family inet { any { prefix-limit { maximum 1300000; teardown 90; } } } local-as 65267; group SFTI { type external; local-as 65267; neighbor 10.152.8.190 { family inet { unicast; } peer-as 26585; } } } } } } interfaces { traceoptions { /* Rotate through 5 files at 1mb each */ file log-interfaces size 1m files 5; /* Trace changes that produce configuration events */ flag change-events; } ge-0/1/0 { vlan-tagging; unit 8 { vlan-id 8; family inet { address 10.147.120.126/26; } } } ge-0/2/0 { description "SIAC 1 Evertrust RCN 12/HMS8/000002 LX mode"; traps; vlan-tagging; unit 10 { description "SFTI Multicast"; vlan-id 10; family inet { no-redirects; address 10.152.0.189/30; } } unit 11 { description "SFTI CAP / Unicast"; vlan-id 11; family inet { no-redirects; address 10.152.8.189/30; } } unit 17 { description "SFTI CAP / Test"; vlan-id 17; family inet { no-redirects; address 10.152.56.189/30; } } unit 52 { description "NASDAQ ITCH"; vlan-id 52; family inet { no-redirects; address 10.160.80.189/30; } } } fxp0 { description Management; unit 0 { family inet { address 10.1.3.200/24; } } } fxp1 { disable; } } routing-options { options { syslog { level debug; } } static { route 172.16.0.0/20 { next-hop 10.1.3.254; retain; } route 172.17.0.0/16 { next-hop 10.1.3.254; retain; } route 10.147.22.16/29 discard; route 10.147.22.64/26 discard; route 10.147.120.40/29 discard; route 10.147.120.64/26 discard; route 64.29.179.240/29 discard; } autonomous-system 65267; } policy-options { prefix-list RoutesForSFTI { /* 10.147.22.16/29 A supprimer et a rendre SFTI */ 10.147.22.16/29; 10.147.22.64/26; /* 10.147.120.40/29 A supprimer et a rendre SFTI */ 10.147.120.40/29; 10.147.120.64/26; /* 64.29.179.240/29 Pour rerequest NYSE */ 64.29.179.240/29; } policy-statement announce { term 1 { from { protocol static; prefix-list RoutesForSFTI; } then accept; } term 2 { then reject; } } }