You are on page 1of 1

Zone policy -

permit ASN65530 ping/dns/ssh/trace only


permit 10.10.199.0/24 web to internet only
permit 10.10.199.0/24 AD to AD/genie only
Lo0.0
192.168.0.161 172.16.1.1
Interface NAT Ge-0/0/5.0 Send
Firefly1 Ge-0/0/1.0
OSPF networks AS65530 routes
untrust trust 10.10.112.1/24 Lo0.0
Community 65530:1
172.16.1.4 Aggregate to BGP
Redistribute
Ge-0/0/0.0 172.31.255.252 172.31.255.252/30
172.31.255.252/30
VM Network 10.10.111.1/24 172.31.255.253
Gr-0/0/0.0 VLAN112 eBGP (BFD)
ASN65535 localpref 200 ASN65530 172.31.255.254
10.10.255.1/24 10.10.112.2/24
Lo0.0 10.10.114.1/24 10.10.114.2/24 10.10.199.1/24 Jumppost2
Ge-0/0/0.0
172.16.1.3 Ge-0/0/2.0 localpref 200 Ge-0/0/2.0 Ge0/0/3.0
PROD VLAN114 trust VLAN199
OSPF AREA 0 trust Firefly3 untrust untrust Firefly4
LAN GRE tunnel w/ OSPF and PMTUD VLAN111 trust
Ge-0/0/1.0 Ge-0/0/5.0 10.10.199.100/24
Ge-0/0/3.0
Ge-0/0/0.0 10.10.116.1/24
10.10.113.2/24 10.10.118.2/24
Gr-0/0/0.0 10.10.115.1/24 NSSA default LSA metric 10
metric 100
10.10.255.2/24 VLAN113
VM Network VLAN118 VLAN115 FBF 172.16.1.7 to firefly4
OSPF AREA 0 VLAN116
10.10.111.2/24 iBGP FBF - 172.31.1.7 to firefly5
Ge-0/0/0.0 Ge-0/0/3.0 Ge-0/0/0.0 Ge-0/0/5.0
Ge-0/0/1.0 10.10.115.2/24 Ge-0/0/2.0 Ge-0/0/2.0
10.10.118.2/24 OSPF AREA 6 10.10.116.2/24
10.10.113.1/24 10.10.121.1/24 10.10.121.2/24
untrust trust set protocols bgp trust NSSA
metric 100 path-selection external-router-id
Firefly2 untrust Firefly5 trust VLAN117 trust Firefly6 trust VLAN121 trust Firefly7
Interface NAT Ge-0/0/5.0
192.168.0.162 Ge-0/0/1.0 Ge-0/0/1.0 Lo0.0
BLACK VRF = native Lo0.0 10.10.117.1/24 10.10.117.2/24 Lo0.0
Lo0.0 172.16.1.6
172.16.1.2 172.16.1.7
GREY VRF = mgt ASN65530 172.16.1.5 172.31.116.252
Generate to BGP 172.31.1.7
172.31.115.252 172.31.116.253
on contributing Lo0.0
172.31.115.253 172.31.116.254
172.31.255.252/30
172.31.115.254
AS65530 routes
Summarise on ABR boundary to
Community 65530:2
172.31.116.252/30
MANAGEMENT IP MANAGEMENT ZONE/ NSSA default LSA metric 20

Firefly1 Ge-0/0/4.0 VIRTUAL ROUTERS


192.168.0.231
Ge-0/0/4.0 functional-zone
Firefly2 192.168.0.232 management
Ge-0/0/4.0
Firefly3
192.168.0.233
routing-instance
Ge-0/0/4.0 mgt
Firefly4
192.168.0.234
Ge-0/0/4.0
Firefly5
192.168.0.235

Firefly6 Ge-0/0/4.0
192.168.0.236

Firefly7 Ge-0/0/4.0
192.168.0.237