# Huawei S6730 - VRP 5.170 ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS ACL ------------------------------------------------------------------------------ acl number 3000 rule 5 deny udp source-port eq 161 rule 10 deny udp source-port eq 123 rule 15 deny udp destination-port eq 53 rule 20 deny tcp destination-port eq 53 rule 9999 permit ip traffic classifier TC-OR operator or if-match acl 3000 traffic behavior TB-DENY deny traffic policy TRAFFIC-POLICY-IX match-order config classifier TC-OR behavior TB-DENY cpu-defend policy 1 car packet-type icmp cir 2048 car packet-type arp-request cir 4096 car packet-type arp-miss cir 4096 ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS INTERFACES ------------------------------------------------------------------------------ interface XGigabitEthernet0/0/48 arp expire-time 14400 arp-limit maximum 4096 interface XGigabitEthernet0/0/48.2150 description IXBR-IPV4 dot1q termination vid 2150 ip address 200.192.110.220 24 arp-limit maximum 4096 traffic-policy TRAFFIC-POLICY-IX inbound interface XGigabitEthernet0/0/48.2151 description IXBR-IPV6 dot1q termination vid 2151 ipv6 enable ipv6 address 2001:12f8:0:13::220 64 ipv6 nd ra halt traffic-policy TRAFFIC-POLICY-IX inbound interface XGigabitEthernet0/0/48.2155 description OPENCDN dot1q termination vid 2155 ip address 168.181.23.61 31 ipv6 enable ipv6 address 2801:80:17b1::23:61 127 ipv6 nd ra halt ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS LISTAS DE PREFIXOS ------------------------------------------------------------------------------ ip ip-prefix BLOCOS_MEU_AS-V4 index 10 permit 203.0.113.0 24 ip ipv6-prefix BLOCOS_MEU_AS-V6 index 10 permit 2001:db8:: 32 ip ip-prefix BOGONS_V4 index 10 deny 0.0.0.0 8 greater-equal 8 less-equal 32 ip ip-prefix BOGONS_V4 index 20 deny 10.0.0.0 8 greater-equal 8 less-equal 32 ip ip-prefix BOGONS_V4 index 30 deny 100.64.0.0 10 greater-equal 10 less-equal 32 ip ip-prefix BOGONS_V4 index 40 deny 127.0.0.0 8 greater-equal 8 less-equal 32 ip ip-prefix BOGONS_V4 index 50 deny 169.254.0.0 16 greater-equal 16 less-equal 32 ip ip-prefix BOGONS_V4 index 60 deny 172.16.0.0 12 greater-equal 12 less-equal 32 ip ip-prefix BOGONS_V4 index 70 deny 192.0.0.0 24 greater-equal 24 less-equal 32 ip ip-prefix BOGONS_V4 index 80 deny 192.0.2.0 24 greater-equal 24 less-equal 32 ip ip-prefix BOGONS_V4 index 90 deny 192.88.99.0 24 greater-equal 24 less-equal 32 ip ip-prefix BOGONS_V4 index 100 deny 192.168.0.0 16 greater-equal 16 less-equal 32 ip ip-prefix BOGONS_V4 index 110 deny 198.18.0.0 15 greater-equal 15 less-equal 32 ip ip-prefix BOGONS_V4 index 120 deny 198.51.100.0 24 greater-equal 24 less-equal 32 ip ip-prefix BOGONS_V4 index 130 deny 203.0.113.0 24 greater-equal 24 less-equal 32 ip ip-prefix BOGONS_V4 index 140 deny 224.0.0.0 4 greater-equal 4 less-equal 32 ip ip-prefix BOGONS_V4 index 150 deny 240.0.0.0 4 greater-equal 4 less-equal 32 ip ip-prefix BOGONS_V4 index 160 deny 0.0.0.0 0 ip ipv6-prefix BOGONS_V6 index 10 deny :: 96 ip ipv6-prefix BOGONS_V6 index 20 deny :: 128 ip ipv6-prefix BOGONS_V6 index 30 deny ::1 128 ip ipv6-prefix BOGONS_V6 index 40 deny ::FFFF:0.0.0.0 96 ip ipv6-prefix BOGONS_V6 index 50 deny 100:: 64 ip ipv6-prefix BOGONS_V6 index 60 deny 2001:: 32 ip ipv6-prefix BOGONS_V6 index 70 deny 2001:2:: 48 ip ipv6-prefix BOGONS_V6 index 80 deny 2001:10:: 28 ip ipv6-prefix BOGONS_V6 index 90 deny 2001:DB8:: 32 ip ipv6-prefix BOGONS_V6 index 100 deny FC00:: 7 ip ipv6-prefix BOGONS_V6 index 110 deny FE80:: 10 ip ipv6-prefix BOGONS_V6 index 120 deny FEC0:: 10 ip ipv6-prefix BOGONS_V6 index 130 deny FF00:: 8 ip ipv6-prefix BOGONS_V6 index 140 deny :: 0 ip ipv6-prefix IPV6_GLOBAL index 10 permit 2001:200:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 11 permit 2001:400:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 12 permit 2001:600:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 13 permit 2001:800:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 14 permit 2001:A00:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 15 permit 2001:C00:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 16 permit 2001:E00:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 17 permit 2001:1200:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 18 permit 2001:1400:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 19 permit 2001:1600:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 20 permit 2001:1800:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 21 permit 2001:1A00:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 22 permit 2001:1C00:: 22 greater-equal 22 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 23 permit 2001:2000:: 20 greater-equal 20 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 24 permit 2001:3000:: 21 greater-equal 21 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 25 permit 2001:3800:: 22 greater-equal 22 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 26 permit 2001:4000:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 27 permit 2001:4200:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 28 permit 2001:4400:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 29 permit 2001:4600:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 30 permit 2001:5000:: 20 greater-equal 20 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 31 permit 2001:8000:: 19 greater-equal 19 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 32 permit 2001:A000:: 20 greater-equal 20 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 33 permit 2001:B000:: 20 greater-equal 20 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 34 permit 2002:: 16 greater-equal 16 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 35 permit 2610:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 36 permit 2620:: 23 greater-equal 23 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 37 permit 2800:: 12 greater-equal 12 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 38 permit 2A00:: 12 greater-equal 12 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 39 permit 2C00:: 12 greater-equal 12 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 40 permit 2003:: 18 greater-equal 18 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 41 permit 2400:: 12 greater-equal 12 less-equal 48 ip ipv6-prefix IPV6_GLOBAL index 42 permit 2600:: 12 greater-equal 12 less-equal 48 ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS POLÍTICAS DE ROTEAMENTO ------------------------------------------------------------------------------ ip route-static 203.0.113.0 255.255.255.0 NULL0 ipv6 route-static 2001:db8:: 32 NULL0 ------------------------------------------------------------------------------ route-policy IX_BR_IPV4_IN deny node 10 if-match ip-prefix BOGONS_V4 # route-policy IX_BR_IPV4_IN deny node 15 if-match ip-prefix BLOCOS_MEU_AS-V4 # route-policy IX_BR_IPV4_IN permit node 30 apply local-preference 200 # ------------------------------------------------------------------------------ route-policy IX_BR_IPV6_IN deny node 10 if-match ipv6 address prefix-list BOGONS_V6 # route-policy IX_BR_IPV6_IN deny node 15 if-match ipv6 address prefix-list BLOCOS_MEU_AS-V6 # route-policy IX_BR_IPV6_IN permit node 20 if-match ipv6 address prefix-list IPV6_GLOBAL apply local-preference 200 # ------------------------------------------------------------------------------ route-policy IX_BR_IPV4_OUT permit node 10 if-match ip-prefix BLOCOS_MEU_AS-V4 # route-policy IX_BR_IPV4_OUT deny node 20 # ------------------------------------------------------------------------------ route-policy IX_BR_IPV6_OUT permit node 10 if-match ipv6 address prefix-list BLOCOS_MEU_AS-V6 # route-policy IX_BR_IPV6_OUT deny node 20 # ------------------------------------------------------------------------------ route-policy OPENCDN_IPV4_IN deny node 10 if-match ip-prefix BOGONS_V4 # route-policy OPENCDN_IPV4_IN deny node 15 if-match ip-prefix BLOCOS_MEU_AS-V4 # route-policy OPENCDN_IPV4_IN permit node 30 apply local-preference 250 ------------------------------------------------------------------------------ route-policy OPENCDN_IPV6_IN deny node 10 if-match ipv6 address prefix-list BOGONS_V6 # route-policy OPENCDN_IPV6_IN deny node 15 if-match ipv6 address prefix-list BLOCOS_MEU_AS-V6 # route-policy OPENCDN_IPV6_IN permit node 20 if-match ipv6 address prefix-list IPV6_GLOBAL apply local-preference 250 ------------------------------------------------------------------------------ route-policy OPENCDN_IPV4_OUT permit node 10 if-match ip-prefix BLOCOS_MEU_AS-V4 apply community 40027:40000 # route-policy OPENCDN_IPV4_OUT deny node 20 ------------------------------------------------------------------------------ route-policy OPENCDN_IPV6_OUT permit node 10 if-match ipv6 address prefix-list BLOCOS_MEU_AS-V6 apply community 40027:40000 # route-policy OPENCDN_IPV6_OUT deny node 20 ------------------------------------------------------------------------------ CONFIGURAÇÃO DAS SESSÕES BGP ------------------------------------------------------------------------------ bgp 65550 peer 200.192.110.253 as-number 26162 peer 200.192.110.253 description rs1.brasilia.df.ix.br peer 200.192.110.253 connect-interface XGigabitEthernet0/0/48.2150 peer 200.192.110.254 as-number 26162 peer 200.192.110.254 description rs2.brasilia.df.ix.br peer 200.192.110.254 connect-interface XGigabitEthernet0/0/48.2150 peer 2001:12f8:0:13::253 as-number 26162 peer 2001:12f8:0:13::253 description rs1.brasilia.df.ix.br peer 2001:12f8:0:13::253 connect-interface XGigabitEthernet0/0/48.2151 peer 2001:12f8:0:13::254 as-number 26162 peer 2001:12f8:0:13::254 description rs2.brasilia.df.ix.br peer 2001:12f8:0:13::254 connect-interface XGigabitEthernet0/0/48.2151 peer 168.181.23.60 as-number 61580 peer 168.181.23.60 description OPENCDN_IPV4 peer 168.181.23.60 connect-interface XGigabitEthernet0/0/48.2155 peer 2801:80:17b1::23:60 as-number 61580 peer 2801:80:17b1::23:60 description OPENCDN_IPV6 peer 2801:80:17b1::23:60 connect-interface XGigabitEthernet0/0/48.2155 ipv4-family unicast peer 200.192.110.253 enable peer 200.192.110.253 advertise-community peer 200.192.110.253 route-policy IX_BR_IPV4_IN import peer 200.192.110.253 route-policy IX_BR_IPV4_OUT export peer 200.192.110.254 enable peer 200.192.110.254 advertise-community peer 200.192.110.254 route-policy IX_BR_IPV4_IN import peer 200.192.110.254 route-policy IX_BR_IPV4_OUT export peer 168.181.23.60 enable peer 168.181.23.60 advertise-community peer 168.181.23.60 route-policy OPENCDN_IPV4_IN import peer 168.181.23.60 route-policy OPENCDN_IPV4_OUT export ipv6-family unicast peer 2001:12f8:0:13::253 enable peer 2001:12f8:0:13::253 advertise-community peer 2001:12f8:0:13::253 route-policy IX_BR_IPV6_IN import peer 2001:12f8:0:13::253 route-policy IX_BR_IPV6_OUT export peer 2001:12f8:0:13::254 enable peer 2001:12f8:0:13::254 advertise-community peer 2001:12f8:0:13::254 route-policy IX_BR_IPV6_IN import peer 2001:12f8:0:13::254 route-policy IX_BR_IPV6_OUT export peer 2801:80:17b1::23:60 enable peer 2801:80:17b1::23:60 advertise-community peer 2801:80:17b1::23:60 route-policy OPENCDN_IPV6_IN import peer 2801:80:17b1::23:60 route-policy OPENCDN_IPV6_OUT export