show | no-more /config/license/JUNOS201386.lic:1:(0) JUNOS201386: license is for device: [JN10EF6B0ADD], serial number of device is: [JN10F09DCADD] ## Last changed: 2010-12-28 21:28:01 UTC version 9.0R2.10; system { host-name Kiryat-Arye; root-authentication { encrypted-password "$1$dGycpBlD$wbDT7vfitv0d5NujBeWTO0"; ## SECRET-DATA } services { web-management { http { interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ]; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } } interfaces { ge-0/0/0 { unit 0 { family inet { address 1.1.1.1/30; } family mpls; } } ge-0/0/1 { vlan-tagging; unit 1 { vlan-id 100; family inet { address 100.1.1.254/24; } } unit 2 { vlan-id 200; family inet { address 200.1.1.254/24; } } } ge-0/0/2 { vlan-tagging; unit 1 { vlan-id 11; family inet { address 192.168.2.2/28; } } unit 2 { vlan-id 12; family inet { address 192.168.2.21/28; } } } ge-0/0/3 { description Agg-9-2x1GE-links-to-IDC-Srv-RM-6509A-10.170.254.177; unit 0 { family inet { address 10.170.254.177/28; } } } lo0 { unit 0 { family inet { address 10.1.1.1/32; } } } } routing-options { autonomous-system 65100; } protocols { mpls { interface ge-0/0/0.0; } bgp { local-address 10.1.1.1; group local { type internal; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } neighbor 10.1.1.2 { description R1; vpn-apply-export; } } } ospf { area 0.0.0.0 { interface ge-0/0/0.0; interface lo0.0; } } ldp { interface ge-0/0/0.0; interface lo0.0; } } policy-options { policy-statement Redistributes-RT-Vrf-CTS-Export-to-OSPF { term Directly-Connected { from protocol direct; then { external { type 1; } accept; } } term Static-Routes { from protocol static; then { external { type 1; } accept; } } term BGP-Routes1 { from protocol bgp; then { tag add 88; accept; } } term BGP-Routes { from protocol bgp; then { external { type 1; } accept; } } term Reject-Else { then reject; } } policy-statement Redistributes-RT-Vrf-DMZ-Export-to-OSPF { term Directly-Connected { from protocol direct; then { external { type 1; } accept; } } term Static-Routes { from protocol static; then { external { type 1; } accept; } } term BGP-Routes1 { from { protocol bgp; tag 111; } then reject; } term BGP-Routes { from protocol bgp; then { external { type 1; } accept; } } term Reject-Else { then reject; } } policy-statement ospf-import-cts { term term1 { from protocol bgp; then { tag 666; } } } policy-statement vrf-cts-export { term SRX { from next-hop 192.168.2.1; then reject; } term term2 { then { tag add 111; community add Origin-IDC-Core-KA-Mx960A-CTS; community add Community-CTS; accept; } } } policy-statement vrf-cts-import { term Prevent-Loop { from { protocol bgp; community Origin-IDC-Core-KA-Mx960B-CTS; } then reject; } term www { from tag 111; then reject; } term Prefer-BGP-Over-OSPF { from { protocol bgp; community Community-CTS; } then { preference 149; accept; } } } policy-statement vrf-dmz-export { term SRX { from next-hop 192.168.2.20; then reject; } term term2 { then { community add Origin-IDC-Core-KA-Mx960A-DMZ; community add Community-DMZ; accept; } } } policy-statement vrf-dmz-import { term Prevent-Loop { from { protocol bgp; community Origin-IDC-Core-KA-Mx960B-DMZ; } then reject; } term Prefer-BGP-Over-OSPF { from { protocol bgp; community Community-DMZ; } then { tag add 222; preference 149; accept; } } } community Community-CTS members target:65100:100; community Community-DMZ members target:65100:200; community Origin-IDC-Core-KA-Mx960A-CTS members origin:10.1.1.1:100; community Origin-IDC-Core-KA-Mx960A-DMZ members origin:10.1.1.1:200; community Origin-IDC-Core-KA-Mx960B-CTS members origin:10.1.1.3:100; community Origin-IDC-Core-KA-Mx960B-DMZ members origin:10.1.1.3:200; community domain-cts-R6 members domain-id:192.168.2.2:0; community domain-dmz-R6 members domain-id:192.168.2.21:0; } routing-instances { CTS { instance-type vrf; interface ge-0/0/1.1; interface ge-0/0/2.1; interface ge-0/0/3.0; route-distinguisher 10.1.1.1:100; vrf-import vrf-cts-import; vrf-export vrf-cts-export; vrf-table-label; routing-options { router-id 192.168.2.2; } protocols { ospf { domain-vpn-tag 0; export Redistributes-RT-Vrf-CTS-Export-to-OSPF; import ospf-import-cts; area 0.0.0.0 { interface ge-0/0/1.1; interface ge-0/0/2.1; interface ge-0/0/3.0; } } } } DMZ { instance-type vrf; interface ge-0/0/1.2; interface ge-0/0/2.2; route-distinguisher 10.1.1.1:200; vrf-import vrf-dmz-import; vrf-export vrf-dmz-export; vrf-table-label; routing-options { router-id 192.168.2.21; } protocols { ospf { domain-vpn-tag 0; export Redistributes-RT-Vrf-DMZ-Export-to-OSPF; area 0.0.0.0 { interface ge-0/0/1.2; interface ge-0/0/2.2; } } } } } [edit] root@Kiryat-Arye#