set routing-instances Powercode-RM instance-type forwarding
set routing-instances Powercode-RM routing-options static route 149.28.116.2/32 next-hop 10.10.100.254
set routing-instances Default-RM instance-type forwarding
set routing-instances Default-RM routing-options static route 0.0.0.0/0 next-hop 10.0.99.41
set firewall filter PBR term Powercode from source-address 10.0.0.0/8
set firewall filter PBR term Powercode then routing-instance Powercode-RM
set firewall filter PBR term Powercode from source-address 0.0.0.0/0
set firewall filter PBR term Powercode then routing-instance Default-RM
set firewall filter PBR term Accept-All then accept
set routing-options interface-routes rib-group inet FBF-Powercode
set routing-options rib-groups FBF_Powercode import-rib inet.0
set routing-options rib-groups FBF_Powercode import-rib Powercode-RM.inet.0
set routing-options rib-groups FBF_Powercode import-rib Default-RM.inet.0
set interfaces ae0 unit 0 family inet filter input PBR
*********************************************************************************************
}
ge-0/0/47 {
unit 0 {
description "Management Link to EMP-CLE.MGMT.EX3300";
family inet {
address 10.10.100.55/24;
}
}
ae0 {
description "40G LACP to Everstream VPLS";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 172.20.101.1/30;
address 172.20.102.1/30;
address 172.20.103.1/30;
address 172.20.105.1/30;
address 172.20.106.1/30;
address 172.20.107.1/30;
}
}
}
ae1 {
description "20G LACP to EMP-CLE.EDGE-FW01.CCR1072";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.99.42/30;
}
}
}
routing-options {
nonstop-routing;
static {
route 0.0.0.0/0 {
next-hop 10.0.99.41;
preference 225;
}
route 192.168.99.0/24 next-hop 10.10.100.254;
route 192.168.104.0/24 next-hop 10.10.100.254;
route 192.168.105.0/24 next-hop 10.10.100.254;
}
autonomous-system 25814;
}
protocols {
bgp {
group eBGP-Everstream {
type external;
export BGP-Everstream-Announce;
peer-as 19009;
local-as 25814;
neighbor 64.85.x.x;
}
group iBGP-Edge-01-CCR1072 {
type internal;
export ibgp-edge01-ccr1072-announce;
peer-as 25814;
local-as 25814;
neighbor 64.85.x.x;
}
group iBGP-Edge-02-CCR1072 {
type internal;
export ibgp-edge02-ccr1072-announce;
peer-as 25814;
local-as 25814;
neighbor 64.85.x.x;
}
group eBGP-JJC-CCR1036 {
type external;
export ebgp-tower-vpls-announce;
peer-as 65101;
local-as 25814;
neighbor 172.20.101.2;
}
group eBGP-Clarke-Tower-CCR1036 {
type external;
export ebgp-tower-vpls-announce;
peer-as 65102;
local-as 25814;
neighbor 172.20.102.2;
}
group eBGP-Metro-CCR1036 {
type external;
export ebgp-tower-vpls-announce;
peer-as 65103;
local-as 25814;
neighbor 172.20.103.2;
firewall {
family inet {
filter RA-FILTER {
term SSH {
from {
source-address {
69.54.49.182/32;
69.54.49.178/32;
192.168.99.0/24;
10.10.100.0/24;
172.20.0.0/16;
192.168.105.0/24;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term SSH-Block {
from {
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term DEFAULT-Allow {
then accept;
}
}
atetu@emp-cle.core-01.qfx5100> show route table inet.0
inet.0: 33 destinations, 34 routes (32 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/225] 11w1d 01:35:22
> to 10.0.99.41 via ae1.0
10.0.99.40/30 *[Direct/0] 11w1d 01:35:22
> via ae1.0
10.0.99.42/32 *[Local/0] 11w2d 00:11:46
Local via ae1.0
10.0.99.46/32 *[Local/0] 11w2d 00:11:26
Reject
10.10.100.0/24 *[Direct/0] 6w0d 12:32:59
> via ge-0/0/47.0
10.10.100.55/32 *[Local/0] 11w1d 01:45:59
Local via ge-0/0/47.0
10.50.104.0/24 *[BGP/170] 01:53:38, localpref 100
AS path: 65103 65104 I, validation-state: unverified
> to 172.20.103.2 via ae0.0
10.50.106.0/24 *[Static/5] 1w1d 01:12:21
> to 172.20.106.2 via ae0.0
10.60.104.0/24 *[BGP/170] 01:53:38, localpref 100
AS path: 65103 65104 I, validation-state: unverified
> to 172.20.103.2 via ae0.0
10.103.0.0/22 *[BGP/170] 2w1d 08:28:56, localpref 100
AS path: 65103 I, validation-state: unverified