security { ike { policy mel { proposal-set standard; } gateway mel { ike-policy mel; address 203.16.193.207; external-interface ge-0/0/1; local-address 27.122.116.52; version v2-only; } } ipsec { policy mel { proposal-set standard; } vpn mel { bind-interface st0.0; df-bit clear; ike { gateway mel; ipsec-policy mel; } establish-tunnels immediately; } } forwarding-options { family { mpls { mode flow-based; } } } flow { tcp-mss { all-tcp { mss 1400; } } tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } policies { from-zone transit to-zone transit { policy permit-all { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone ri-china-route-transit to-zone ri-china-route-transit { policy permit-all { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone transit to-zone ri-china-route-transit { policy permit-all { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone ri-china-route-transit to-zone transit { policy permit-all { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone mgmt { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; } } security-zone wan { host-inbound-traffic { system-services { ike; ping; } } interfaces { ge-0/0/1.0; } } security-zone transit { host-inbound-traffic { system-services { ping; } protocols { bgp; ospf; ldp; } } interfaces { ge-0/0/2.0; lo0.0; } } security-zone ri-china-route-transit { host-inbound-traffic { system-services { ping; } protocols { bgp; ospf; ldp; } } interfaces { st0.0; lo0.1; } } } } interfaces { ge-0/0/0 { description "nfx250 mgmt port bridge"; unit 0 { family inet { address 10.89.68.23/24; } } } ge-0/0/1 { description "superloop wan"; unit 0 { family inet { address 27.122.116.52/29; } } } ge-0/0/2 { description "to mx204"; unit 0 { family inet { address 172.16.100.5/30; } family mpls { filter { input mpls-packet-mode; } } } } fxp0 { unit 0 { family inet { dhcp; } } } lo0 { unit 0 { family inet { address 10.255.1.3/32; } family mpls; } unit 1 { family inet { address 10.255.0.4/32; } } } st0 { unit 0 { description "to hkg"; family inet { mtu 9178; address 10.88.65.6/30; } } } } policy-options { policy-statement reject { then reject; } policy-statement set-pref-120 { from protocol bgp; then { local-preference 120; } } } firewall { family mpls { filter mpls-packet-mode { term 1 { then { packet-mode; accept; } } } } } routing-instances { china-route { instance-type vrf; routing-options { static { route 103.152.35.248/32 next-hop st0.0; } } protocols { bgp { group internal { type internal; cluster 10.255.0.4; neighbor 10.255.0.1 { local-address 10.255.0.4; import set-pref-120; export reject; } } } ospf { area 0.0.0.0 { interface st0.0 { interface-type p2p; } interface lo0.1; } } } interface lo0.1; interface st0.0; vrf-target target:38008:23764; } mgmt { instance-type virtual-router; routing-options { static { route 0.0.0.0/0 next-hop 10.89.68.254; } } interface ge-0/0/0.0; } } protocols { ospf { area 0.0.0.0 { interface lo0.0 { passive; } interface ge-0/0/2.0; } } bgp { group internal { type internal; cluster 10.255.1.3; neighbor 10.255.1.1 { local-address 10.255.1.3; family inet-vpn { unicast; } } } } ldp { interface ge-0/0/2.0; interface lo0.0; } mpls { interface all; } lldp { interface all; } lldp-med { interface all; } } routing-options { route-distinguisher-id 10.255.0.4; router-id 10.255.1.3; autonomous-system 38008; static { route 0.0.0.0/0 next-hop 27.122.116.49; route 203.16.193.207/32 next-hop 27.122.116.49; } }