--- JUNOS 20.4R3-S2.6

------------------------------------------------------------------------------
CONFIGURAÇÃO DAS ACL
------------------------------------------------------------------------------
set policy-options prefix-list IXBR-IPV4 200.192.110.220/32
set policy-options prefix-list IXBR-IPV6 2001:12f8:0:13::220/128


set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-SNMP from destination-prefix-list IXBR-IPV4
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-SNMP from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-SNMP from destination-port snmp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-SNMP then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-NTP from destination-prefix-list IXBR-IPV4
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-NTP from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-NTP from destination-port ntp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-NTP then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-DNS from destination-prefix-list IXBR-IPV4
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-DNS from protocol tcp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-DNS from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-DNS from destination-port domain
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term ALLOW-DNS then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V4 term DEFAULT-DENY then log
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term DEFAULT-DENY then syslog
set firewall family inet filter TRAFFIC-POLICY-IX-V4 term DEFAULT-DENY then accept


set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-SNMP from destination-prefix-list IXBR-IPV6
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-SNMP from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-SNMP from destination-port snmp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-SNMP then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-NTP from destination-prefix-list IXBR-IPV6
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-NTP from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-NTP from destination-port ntp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-NTP then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-DNS from destination-prefix-list IXBR-IPV6
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-DNS from protocol tcp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-DNS from protocol udp
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-DNS from destination-port domain
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term ALLOW-DNS then discard

set firewall family inet filter TRAFFIC-POLICY-IX-V6 term DEFAULT-DENY then log
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term DEFAULT-DENY then syslog
set firewall family inet filter TRAFFIC-POLICY-IX-V6 term DEFAULT-DENY then accept


set interfaces lo0 unit 0 family inet filter input TRAFFIC-POLICY-IX-V4
set interfaces lo0 unit 0 family inet6 filter input TRAFFIC-POLICY-IX-V6



------------------------------------------------------------------------------
CONFIGURAÇÃO DAS INTERFACES
------------------------------------------------------------------------------
set interfaces et-0/0/0 flexible-vlan-tagging
set interfaces et-0/0/0 unit 0 description IXBR-IPV4
set interfaces et-0/0/0 unit 0 vlan-id 2150
set interfaces et-0/0/0 unit 0 family inet address 200.192.110.220/24

set interfaces et-0/0/0 unit 0 description IXBR-IPV6
set interfaces et-0/0/0 unit 0 vlan-id 2151
set interfaces et-0/0/0 unit 0 family inet6 address 2001:12f8:0:13::220/64

set interfaces et-0/0/0 unit 0 description OPENCDN
set interfaces et-0/0/0 unit 0 vlan-id 2155
set interfaces et-0/0/0 unit 0 family inet address 168.181.23.61/31
set interfaces et-0/0/0 unit 0 family inet6 address 2801:80:17b1::23:61/127



------------------------------------------------------------------------------
CONFIGURAÇÃO DAS LISTAS DE PREFIXOS
------------------------------------------------------------------------------
set policy-options route-filter-list BLOCOS_MEU_AS-V4 203.0.113.0/24 exact
set policy-options route-filter-list BLOCOS_MEU_AS-V6 2001:db8::/32 exact

set policy-options route-filter-list BOGONS_V4 0.0.0.0/8 orlonger
set policy-options route-filter-list BOGONS_V4 10.0.0.0/8 orlonger
set policy-options route-filter-list BOGONS_V4 100.64.0.0/10 orlonger
set policy-options route-filter-list BOGONS_V4 127.0.0.0/8 orlonger
set policy-options route-filter-list BOGONS_V4 169.254.0.0/16 orlonger
set policy-options route-filter-list BOGONS_V4 172.16.0.0/12 orlonger
set policy-options route-filter-list BOGONS_V4 192.0.0.0/24 orlonger
set policy-options route-filter-list BOGONS_V4 192.0.2.0/24 orlonger
set policy-options route-filter-list BOGONS_V4 192.88.99.0/24 orlonger
set policy-options route-filter-list BOGONS_V4 192.168.0.0/16 orlonger
set policy-options route-filter-list BOGONS_V4 198.18.0.0/15 orlonger
set policy-options route-filter-list BOGONS_V4 198.51.100.0/24 orlonger
set policy-options route-filter-list BOGONS_V4 203.0.113.0/24 orlonger
set policy-options route-filter-list BOGONS_V4 224.0.0.0/4 orlonger
set policy-options route-filter-list BOGONS_V4 240.0.0.0/4 orlonger
set policy-options route-filter-list BOGONS_V4 0.0.0.0/0 exact

set policy-options route-filter-list BOGONS_V6 ::/96 orlonger
set policy-options route-filter-list BOGONS_V6 ::/128 exact
set policy-options route-filter-list BOGONS_V6 ::1/128 exact
set policy-options route-filter-list BOGONS_V6 ::ffff:0:0/96 orlonger
set policy-options route-filter-list BOGONS_V6 100::/64 orlonger
set policy-options route-filter-list BOGONS_V6 2001::/32 orlonger
set policy-options route-filter-list BOGONS_V6 2001:2::/48 orlonger
set policy-options route-filter-list BOGONS_V6 2001:10::/28 orlonger
set policy-options route-filter-list BOGONS_V6 2001:db8::/32 orlonger
set policy-options route-filter-list BOGONS_V6 fc00::/7 orlonger
set policy-options route-filter-list BOGONS_V6 fe80::/10 orlonger
set policy-options route-filter-list BOGONS_V6 fec0::/10 orlonger
set policy-options route-filter-list BOGONS_V6 ff00::/8 orlonger

set policy-options route-filter-list IPV6_GLOBAL 2001:0200::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0400::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0600::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0800::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0a00::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0c00::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:0e00::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1200::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1400::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1600::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1800::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1a00::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:1c00::/22 prefix-length-range /22-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:2000::/20 prefix-length-range /20-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:3000::/21 prefix-length-range /21-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:3800::/22 prefix-length-range /22-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:4000::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:4200::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:4400::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:4600::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:5000::/20 prefix-length-range /20-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:8000::/19 prefix-length-range /19-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:a000::/20 prefix-length-range /20-/48
set policy-options route-filter-list IPV6_GLOBAL 2001:b000::/20 prefix-length-range /20-/48
set policy-options route-filter-list IPV6_GLOBAL 2002:0000::/16 prefix-length-range /16-/48
set policy-options route-filter-list IPV6_GLOBAL 2003:0000::/18 prefix-length-range /18-/48
set policy-options route-filter-list IPV6_GLOBAL 2400:0000::/12 prefix-length-range /12-/48
set policy-options route-filter-list IPV6_GLOBAL 2600:0000::/12 prefix-length-range /12-/48
set policy-options route-filter-list IPV6_GLOBAL 2610:0000::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2620:0000::/23 prefix-length-range /23-/48
set policy-options route-filter-list IPV6_GLOBAL 2800:0000::/12 prefix-length-range /12-/48
set policy-options route-filter-list IPV6_GLOBAL 2a00:0000::/12 prefix-length-range /12-/48
set policy-options route-filter-list IPV6_GLOBAL 2c00:0000::/12 prefix-length-range /12-/48



------------------------------------------------------------------------------
CONFIGURAÇÃO DAS POLÍTICAS DE ROTEAMENTO
------------------------------------------------------------------------------
set routing-options rib inet.0 static route 203.0.113.0/24 discard
set routing-options rib inet6.0 static route 2001:db8::/32 discard
------------------------------------------------------------------------------
set policy-options community NETFLIX_OPENCDN members 40027:40000
------------------------------------------------------------------------------
set policy-options policy-statement IX_BR_IPV4_IN term 1 from route-filter-list BOGONS_V4
set policy-options policy-statement IX_BR_IPV4_IN term 1 then reject
set policy-options policy-statement IX_BR_IPV4_IN term 2 from route-filter-list BLOCOS_MEU_AS-V4
set policy-options policy-statement IX_BR_IPV4_IN term 2 then reject
set policy-options policy-statement IX_BR_IPV4_IN term 3 then local-preference add 200
set policy-options policy-statement IX_BR_IPV4_IN term 3 then accept
------------------------------------------------------------------------------
set policy-options policy-statement IX_BR_IPV6_IN term 1 from route-filter-list BOGONS_V6
set policy-options policy-statement IX_BR_IPV6_IN term 1 then reject
set policy-options policy-statement IX_BR_IPV6_IN term 2 from route-filter-list BLOCOS_MEU_AS-V6
set policy-options policy-statement IX_BR_IPV6_IN term 2 then reject
set policy-options policy-statement IX_BR_IPV6_IN term 3 from route-filter-list IPV6_GLOBAL
set policy-options policy-statement IX_BR_IPV6_IN term 3 then local-preference add 200
set policy-options policy-statement IX_BR_IPV6_IN term 3 then accept
set policy-options policy-statement IX_BR_IPV6_IN term 4 then reject
------------------------------------------------------------------------------
set policy-options policy-statement IX_BR_IPV4_OUT term 1 from route-filter-list BLOCOS_MEU_AS-V4
set policy-options policy-statement IX_BR_IPV4_OUT term 1 then accept
set policy-options policy-statement IX_BR_IPV4_OUT term 2 then reject
------------------------------------------------------------------------------
set policy-options policy-statement IX_BR_IPV6_OUT term 1 from route-filter-list BLOCOS_MEU_AS-V6
set policy-options policy-statement IX_BR_IPV6_OUT term 1 then accept
set policy-options policy-statement IX_BR_IPV6_OUT term 2 then reject
------------------------------------------------------------------------------
set policy-options policy-statement OPENCDN_IPV4_IN term 1 from route-filter-list BOGONS_V4
set policy-options policy-statement OPENCDN_IPV4_IN term 1 then reject
set policy-options policy-statement OPENCDN_IPV4_IN term 2 from route-filter-list BLOCOS_MEU_AS-V4
set policy-options policy-statement OPENCDN_IPV4_IN term 2 then reject
set policy-options policy-statement OPENCDN_IPV4_IN term 3 then local-preference add 250
set policy-options policy-statement OPENCDN_IPV4_IN term 3 then accept
------------------------------------------------------------------------------
set policy-options policy-statement OPENCDN_IPV6_IN term 1 from route-filter-list BOGONS_V6
set policy-options policy-statement OPENCDN_IPV6_IN term 1 then reject
set policy-options policy-statement OPENCDN_IPV6_IN term 2 from route-filter-list BLOCOS_MEU_AS-V6
set policy-options policy-statement OPENCDN_IPV6_IN term 2 then reject
set policy-options policy-statement OPENCDN_IPV6_IN term 3 from route-filter-list IPV6_GLOBAL
set policy-options policy-statement OPENCDN_IPV6_IN term 3 then local-preference add 200
set policy-options policy-statement OPENCDN_IPV6_IN term 3 then accept
set policy-options policy-statement OPENCDN_IPV6_IN term 4 then reject
------------------------------------------------------------------------------
set policy-options policy-statement OPENCDN_IPV4_OUT term 1 from route-filter-list BLOCOS_MEU_AS-V4
set policy-options policy-statement OPENCDN_IPV4_OUT term 1 then ommunity add NETFLIX_OPENCDN
set policy-options policy-statement OPENCDN_IPV4_OUT term 1 then accept
set policy-options policy-statement OPENCDN_IPV4_OUT term 2 then reject
------------------------------------------------------------------------------
set policy-options policy-statement OPENCDN_IPV6_OUT term 1 from route-filter-list BLOCOS_MEU_AS-V6
set policy-options policy-statement OPENCDN_IPV6_OUT term 1 then community add NETFLIX_OPENCDN
set policy-options policy-statement OPENCDN_IPV6_OUT term 1 then accept
set policy-options policy-statement OPENCDN_IPV6_OUT term 2 then reject



------------------------------------------------------------------------------
CONFIGURAÇÃO DAS SESSÕES BGP
------------------------------------------------------------------------------
set routing-options autonomous-system 65550
set protocols bgp group IXBR-V4 local-address 200.192.110.220
set protocols bgp group IXBR-V4 neighbor 200.192.110.253 description rs1.brasilia.df.ix.br
set protocols bgp group IXBR-V4 neighbor 200.192.110.253 import IX_BR_IPV4_IN
set protocols bgp group IXBR-V4 neighbor 200.192.110.253 export IX_BR_IPV4_OUT
set protocols bgp group IXBR-V4 neighbor 200.192.110.253 peer-as 26162

set protocols bgp group IXBR-V4 neighbor 200.192.110.254 description rs2.brasilia.df.ix.br
set protocols bgp group IXBR-V4 neighbor 200.192.110.254 import IX_BR_IPV4_IN
set protocols bgp group IXBR-V4 neighbor 200.192.110.254 export IX_BR_IPV4_OUT
set protocols bgp group IXBR-V4 neighbor 200.192.110.254 peer-as 26162

set protocols bgp group IXBR-v6 local-address 2001:12f8:0:13::220
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::253 description rs1.brasilia.df.ix.br
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::253 import IX_BR_IPV6_IN
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::253 export IX_BR_IPV6_OUT
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::253 peer-as 26162

set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::254 description rs2.brasilia.df.ix.br
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::254 import IX_BR_IPV6_IN
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::254 export IX_BR_IPV6_OUT
set protocols bgp group IXBR-v6 neighbor 2001:12f8:0:13::254 peer-as 26162

set protocols bgp group OPENCDN_IPV4 local-address 168.181.23.61
set protocols bgp group OPENCDN_IPV4 neighbor 168.181.23.60 description BGP_OPENCDN_IPV4
set protocols bgp group OPENCDN_IPV4 neighbor 168.181.23.60 import OPENCDN_IPV4_IN
set protocols bgp group OPENCDN_IPV4 neighbor 168.181.23.60 export OPENCDN_IPV4_OUT
set protocols bgp group OPENCDN_IPV4 neighbor 168.181.23.60 peer-as 61580

set protocols bgp group OPENCDN_IPV6 local-address 2801:80:17b1::23:61
set protocols bgp group OPENCDN_IPV6 neighbor 2801:80:17b1::23:60 description BGP_OPENCDN_IPV4
set protocols bgp group OPENCDN_IPV6 neighbor 2801:80:17b1::23:60 import OPENCDN_IPV6_IN
set protocols bgp group OPENCDN_IPV6 neighbor 2801:80:17b1::23:60 export OPENCDN_IPV6_OUT
set protocols bgp group OPENCDN_IPV6 neighbor 2801:80:17b1::23:60 peer-as 61580