## Last commit: 2023-07-04 09:24:55 GMT by root version 12.1X47-D20.7;
groups {
node0 {
system {
host-name WE-TEST_core-0;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.31.255.253/30;
}
}
}
}
}
node1 {
system {
host-name WE-TEST_core-1;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.31.255.254/30;
}
}
}
}
}
}
system {
host-name WE-TEST_core;
domain-name example.com;
time-zone GMT;
root-authentication {
encrypted-password "$1$e0lLanRx$/HLzR00Y6FWlgi8l9D10p/"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user user001 {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$fbgM6jsV$o3UMchWv7gE7rdI9QCKor0"; ## SECRET-DATA
}
}
}
services {
ssh {
protocol-version [ v2 v1 ];
}
telnet;
netconf {
ssh {
port 830;
}
}
dhcp-local-server {
group WW-Floor-7 {
interface reth2.2007;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any warning;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
}
}
processes {
dhcp-service {
traceoptions {
file JDHCPDEBUG size 20m files 5;
flag all;
}
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 2;
}
}
cluster {
reth-count 4;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
preempt;
gratuitous-arp-count 4;
interface-monitor {
ge-0/0/6 weight 255;
ge-9/0/6 weight 255;
}
}
redundancy-group 2 {
node 0 priority 100;
node 1 priority 1;
preempt;
gratuitous-arp-count 4;
interface-monitor {
ge-0/0/8 weight 128;
ge-9/0/8 weight 128;
ge-0/0/9 weight 128;
ge-9/0/9 weight 128;
}
}
redundancy-group 3 {
node 0 priority 100;
node 1 priority 1;
preempt;
gratuitous-arp-count 4;
interface-monitor {
ge-0/0/7 weight 255;
ge-9/0/7 weight 255;
}
}
}
}
interfaces {
ge-0/0/5 {
unit 0 {
family inet {
address 12.0.0.100/24;
}
}
}
ge-0/0/6 {
gigether-options {
redundant-parent reth1;
}
}
ge-0/0/7 {
gigether-options {
redundant-parent reth3;
}
}
ge-0/0/8 {
gigether-options {
redundant-parent reth2;
}
}
ge-0/0/9 {
gigether-options {
redundant-parent reth2;
}
}
ge-9/0/5 {
unit 0 {
family inet {
address 12.0.0.101/24;
}
}
}
ge-9/0/6 {
gigether-options {
redundant-parent reth1;
}
}
ge-9/0/7 {
gigether-options {
redundant-parent reth3;
}
}
ge-9/0/8 {
gigether-options {
redundant-parent reth2;
}
}
ge-9/0/9 {
gigether-options {
redundant-parent reth2;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/2;
ge-0/0/3;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-9/0/2;
ge-9/0/3;
}
}
}
reth1 {
description ISP1;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
description ISP1;
family inet {
address 1.1.1.1/30;
}
}
}
reth2 {
description Distro-switch;
vlan-tagging;
mtu 1500;
redundant-ether-options {
redundancy-group 2;
minimum-links 1;
lacp {
active;
periodic slow;
}
}
unit 2007 {
description WW-Floor-7;
vlan-id 2007;
family inet {
filter {
input FW_FL_RIB_ISPONE_U2007;
}
address 10.0.7.1/24;
}
}
}
reth3 {
description ISP2;
redundant-ether-options {
redundancy-group 3;
}
unit 0 {
description ISP2;
family inet {
address 2.2.2.1/30;
}
}
}
vlan {
unit 0;
}
}
routing-options {
interface-routes {
rib-group inet ISP_Specific;
}
rib-groups {
ISP_Specific {
import-rib [ inet.0 ISP_ONE.inet.0 ISP_TWO.inet.0 ];
}
}
}
protocols {
lldp {
interface all;
}
}
security {
flow {
traceoptions {
file DHCPTRACE size 20m files 5;
flag basic-datapath;
flag packet-drops;
packet-filter R1 {
source-port 68;
}
packet-filter R2 {
source-port 67;
}
}
}
nat {
source {
pool voip-reth1 {
address {
1.1.1.1/32;
}
}
pool voip-reth3 {
address {
2.2.2.1/32;
}
}
rule-set to-internet-reth1 {
from zone example;
to interface reth1.0;
rule voip-reth1 {
match {
source-address 10.0.7.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
voip-reth1;
persistent-nat {
permit any-remote-host;
}
}
}
}
}
}
rule-set to-internet-reth3 {
from zone example;
to interface reth3.0;
rule voip-reth3 {
match {
source-address 10.0.7.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
voip-reth3;
persistent-nat {
permit any-remote-host;
}
}
}
}
}
}
}
}
policies {
from-zone internet to-zone internet {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone example to-zone internet {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone example to-zone example {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone internet to-zone example {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone example {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth2.2007 {
host-inbound-traffic {
system-services {
all;
dhcp;
rpm;
ping;
}
protocols {
all;
}
}
}
ge-0/0/5.0;
ge-9/0/5.0;
}
}
security-zone internet {
host-inbound-traffic {
system-services {
ike;
ping;
ssh;
snmp;
telnet;
all;
rpm;
}
protocols {
all;
}
}
interfaces {
reth1.0;
reth3.0;
}
}
}
}
firewall {
filter DHCP {
term 1 {
from {
destination-port [ 67 68 ];
}
then accept;
}
}
filter all_in {
term 2 {
from {
protocol icmp;
}
then accept;
}
}
filter FW_FL_RIB_ISPONE_U2007 {
term TM2007 {
from {
source-address {
10.0.7.0/24;
}
}
then {
routing-instance ISP_ONE;
}
}
}
}
access {
address-assignment {
pool WW-Floor-7 {
family inet {
network 10.0.7.0/24;
range range1 {
low 10.0.7.10;
high 10.0.7.254;
}
dhcp-attributes {
maximum-lease-time 3600;
domain-name example.com;
name-server {
208.67.222.222;
208.67.220.220;
}
router {
10.0.7.1;
}
}
}
}
}
}
routing-instances {
ISP_ONE {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 1.1.1.2;
}
}
}
ISP_TWO {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 2.2.2.2;
}
}
}
}
services {
rpm {
probe Probe-Server {
test testsvr {
target address 1.1.1.2;
probe-count 10;
probe-interval 5;
test-interval 10;
thresholds {
successive-loss 10;
total-loss 5;
}
destination-interface reth1.0;
next-hop 1.1.1.2;
}
}
probe Probe-Server1 {
test testsvr {
target address 2.2.2.2;
probe-count 10;
probe-interval 5;
test-interval 10;
thresholds {
successive-loss 10;
total-loss 5;
}
destination-interface reth3.0;
next-hop 2.2.2.2;
}
}
}
ip-monitoring {
policy Server-Tracking {
match {
rpm-probe Probe-Server;
}
then {
preferred-route {
routing-instances ISP_ONE {
route 0.0.0.0/0 {
next-hop 2.2.2.2;
}
}
}
}
}
policy Server-Tracking1 {
match {
rpm-probe Probe-Server1;
}
then {
preferred-route {
routing-instances ISP_TWO {
route 0.0.0.0/0 {
next-hop 1.1.1.2;
}
}
}
}
}
}
}
-------------------------------------------------------
user001@WE-TEST_core# run show interfaces reth2.2007
Logical interface reth2.2007 (Index 103) (SNMP ifIndex 571)
Description: WW-Floor-7
Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.2007 ] Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 2001833 0 159714711 528
Output: 0 0 0 0
Security: Zone: example
Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike
netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp
Protocol inet, MTU: 1482
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.0.7/24, Local: 10.0.7.1, Broadcast: 10.0.7.255
-------------------------------------------------------
Please do not hesitate to tell me if you need more info.
TIA for any hindsight!