interfaces { restore-original-config-on-shutdown: false interface eth0 { description: "Private LAN" mac: 00:0d:60:1c:49:c4 mtu: 1500 disable: false vif eth0 { disable: false address 10.0.0.1 { prefix-length: 24 broadcast: 10.0.0.25 disable: false } } } interface eth1 { description: "NTT Link" mac: 00:0d:60:1c:49:c5 mtu: 1500 disable: false vif eth1 { disable: false address 213.130.48.26 { prefix-length: 30 broadcast: 213.130.48.27 disable: false } } } interface eth2 { description: "Public LAN" mac: 00:0e:0c:c2:5a:b0 mtu: 1500 disable: false vif eth2 { disable: false address 87.236.56.2 { prefix-length: 21 broadcast: 87.236.63.255 disable: false } } } interface eth3 { description: "Datahop interface" mac: 00:0e:0c:c2:5a:b1 mtu: 1500 disable: true vif eth3 { disable: false address 195.72.128.198 { prefix-length: 29 broadcast: 195.72.128.199 disable: false } } } interface eth4 { description: "LINX1 interface" mac: 00:0e:0c:c2:5a:b2 mtu: 1500 disable: false vif eth4 { disable: false address 195.66.224.248 { prefix-length: 23 broadcast: 195.66.225.255 disable: false } } } interface eth5 { description: "Public LAN2" mac: 00:0e:0c:c2:5a:b3 mtu: 1500 disable: false vif eth5 { disable: false address 62.73.168.1 { prefix-length: 24 broadcast: 62.73.168.255 disable: false } } } interface eth6 { description: "Level (3) interface" mac: 00:0e:0c:c3:2b:5c mtu: 1500 disable: false vif eth6 { disable: false address 80.253.124.67 { prefix-length: 24 broadcast: 80.253.124.255 disable: false } } } interface eth7 { description: "LINX2 interface" mac: 00:0e:0c:c3:2b:5d mtu: 1500 disable: false vif eth7 { disable: false address 195.66.226.248 { prefix-length: 23 broadcast: 195.66.227.255 disable: false } } } interface eth8 { mac: 00:0e:0c:c3:2b:5e disable: true vif eth8 { disable: true } } interface eth9 { description: "HX Private LAN" mac: 00:0e:0c:c3:2b:5f mtu: 1500 disable: false vif eth9 { disable: false address 10.0.1.1 { prefix-length: 24 broadcast: 10.0.1.255 disable: false } } } } fea { unicast-forwarding4 { disable: false } } protocols { static { route 192.168.0.0/16 { next-hop: 10.0.0.9 metric 10 } route 0.0.0.0/0 { next-hop: 195.72.128.193 metric 120 } route 0.0.0.0/0 { next-hop: 195.72.128.194 metric 120 } } bgp { bgp-id: 87.236.56.1 local-as: 35399 enable-4byte-as-numbers: false export "BGProutes" import "InternetIn" peer XX.XX.XX.XX { ... } peer XX.XX.XX.XX { ... } peer XX.XX.XX.XX { ... } // and many more peers // each with as, local-ip and next-hop set } } policy { network4-list "PrivateSubnets" { network 10.0.0.0/8 network 192.168.0.0/16 } network4-list "PublicSubnets" { network 87.236.56.0/21 network 62.73.168.0/24 } policy-statement "BGProutes" { term 90 { from { protocol: "bgp" neighbor: 0.0.0.0 } then { as-path-prepend: 35399 } } term 100 { from { protocol: "connected" network4-list: "PublicSubnets" } then { as-path-prepend: 35399 med: 100 next policy } } term 101 { from { protocol: "static" network4-list: "PublicSubnets" } then { as-path-prepend: 35399 med: 100 next policy } } term 110 { from { protocol: "bgp" } then { reject } } then { reject } } policy-statement "InternetIn" { term 90 { from { neighbor: 0.0.0.0 } then { as-path-prepend: 35399 accept } } term 100 { from { network4-list: "PrivateSubnets" } then { reject } } then { accept } } }