[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sat May 14 23:00:43 CDT 2011
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 11304)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at STILLWATER-MX960-RE0> show system commit
-# 2011-05-14 21:52:53 CDT by von via cli commit confirmed, rollback in 2mins synchronize
-# 2011-05-14 21:15:00 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
-# 2011-05-13 16:08:45 CDT by von via cli commit synchronize
-# 2011-05-13 16:08:36 CDT by von via cli commit confirmed, rollback in 1mins synchronize
-# 2011-05-13 15:50:45 CDT by von via cli commit confirmed, rollback in 1mins synchronize
-# 2011-05-13 15:40:02 CDT by von via cli commit confirmed, rollback in 1mins synchronize
+# 2011-05-14 22:48:37 CDT by von via cli commit confirmed, rollback in 2mins synchronize
+# 2011-05-14 22:41:45 CDT by jeremyt via cli commit synchronize
+# 2011-05-14 22:29:37 CDT by von via cli commit confirmed, rollback in 1mins synchronize
+# 2011-05-14 22:26:50 CDT by von via cli commit synchronize
+# 2011-05-14 22:25:53 CDT by von via cli commit synchronize
+# 2011-05-14 22:23:18 CDT by jeremyt via cli commit synchronize
# grnoc-mon at STILLWATER-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -347,7 +347,7 @@
# grnoc-mon at STILLWATER-MX960-RE0> show system uptime
# System booted: 2011-03-24 17:25 CDT
# Protocols started: 2011-04-05 03:27 CDT
-# Last configured: 2011-05-14 21:52 CDT by von
+# Last configured: 2011-05-14 22:48 CDT by von
#
# {master}
# grnoc-mon at STILLWATER-MX960-RE0> show interface terse
@@ -358,12 +358,14 @@
#xe-0/0/0.236 up up
#xe-0/0/0.32767 up up
#xe-0/0/1 up down
-#xe-0/1/0 up down
+#xe-0/1/0 up up
+#xe-0/1/0.0 up up
#xe-0/1/1 up down
#ge-0/2/0 up down
#lc-0/2/0 up up
#lc-0/2/0.32769 up up
#ge-0/2/1 up down
+#ge-0/2/1.0 up down
#ge-0/2/2 up down
#ge-0/2/3 up down
#ge-0/2/4 up down
@@ -372,12 +374,20 @@
#ge-0/2/7 up down
#ge-0/2/8 up down
#ge-0/2/9 up down
-#ge-0/3/0 up down
+#ge-0/3/0 up up
+#ge-0/3/0.0 up up
#ge-0/3/1 up down
+#ge-0/3/1.0 up down
#ge-0/3/2 up down
+#ge-0/3/2.402 up down
+#ge-0/3/2.502 up down
+#ge-0/3/2.32767 up down
#ge-0/3/3 up down
#ge-0/3/4 up down
+#ge-0/3/4.0 up down
#ge-0/3/5 up down
+#ge-0/3/5.0 up down
+#ge-0/3/5.32767 up down
#ge-0/3/6 up down
#ge-0/3/7 up down
#ge-0/3/8 up down
@@ -417,7 +427,7 @@
#pp0 up up
#tap up up
# grnoc-mon at STILLWATER-MX960-RE0> show configuration
-## Last commit: 2011-05-14 21:52:53 CDT by von
+## Last commit: 2011-05-14 22:48:37 CDT by von
version 10.4R3.4;
groups {
re0 {
@@ -519,6 +529,7 @@
file messages {
any notice;
authorization info;
+ match "!(.*LI Packet length.*)";
}
file interactive-commands {
interactive-commands any;
@@ -582,7 +593,7 @@
family mpls;
}
}
- inactive: xe-0/1/0 {
+ xe-0/1/0 {
description OKLAHOMA-STATE-UNIVERSITY-OSU-PRIMARY-LINK-CIR0004194;
unit 0 {
family inet {
@@ -598,7 +609,7 @@
}
}
}
- inactive: ge-0/2/1 {
+ ge-0/2/1 {
description ONENET-HUB-ACCESS-POINT;
unit 0 {
family inet {
@@ -635,7 +646,7 @@
ge-0/2/9 {
description USER-DEFINE;
}
- inactive: ge-0/3/0 {
+ ge-0/3/0 {
description LINK-TO-PONCA-CITY-HUB;
unit 0 {
family inet {
@@ -643,7 +654,7 @@
}
}
}
- inactive: ge-0/3/1 {
+ ge-0/3/1 {
description OKLAHOMA-STATE-UNIVERSITY-OSU-SECONDARY-LINK-CIR0002254;
unit 0 {
family inet {
@@ -651,7 +662,7 @@
}
}
}
- inactive: ge-0/3/2 {
+ ge-0/3/2 {
description OK-DEPARTMENT-OF-VOTECH-LINK1;
vlan-tagging;
encapsulation flexible-ethernet-services;
@@ -677,7 +688,7 @@
vlan-id 502;
}
}
- inactive: ge-0/3/4 {
+ ge-0/3/4 {
description MERIDIAN-TECHNICAL-CENTER;
unit 0 {
family inet {
@@ -685,7 +696,7 @@
}
}
}
- inactive: ge-0/3/5 {
+ ge-0/3/5 {
description KPOWER-TELCO-COLLECTOR;
vlan-tagging;
unit 0 {
@@ -849,6 +860,7 @@
description OSU-STILLWATER-eBGP-PEER;
import EBGP-OSU-IMPORT;
# authentication-key <removed>;
+ export DEFAULT-EXPORT;
remove-private;
peer-as 65500;
}
@@ -875,6 +887,7 @@
interface fxp0.0 {
disable;
}
+ interface ge-0/3/0.0;
}
}
ldp {
@@ -889,7 +902,20 @@
}
}
policy-options {
- prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list EBGP-IPV4-NEIGHBORS {
+ 164.58.10.70/32;
+ }
+ policy-statement DEFAULT-EXPORT {
+ term ACCEPT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term ACCEPT-ALL-ELSE {
+ then accept;
+ }
+ }
policy-statement EBGP-OSU-IMPORT {
term STEP-1 {
then {
@@ -933,6 +959,7 @@
}
}
community 5078:65500 members 5078:65500;
+ as-path 65500 65500;
}
class-of-service {
classifiers {
@@ -1179,12 +1206,12 @@
bridge-domains {
VLAN_402_CAREER_TECHS {
vlan-id 402;
- interface ge-0/3/2.402; ## 'ge-0/3/2.402' is not defined
+ interface ge-0/3/2.402;
routing-interface irb.402;
}
VLAN_502_CAREER_TECHS {
vlan-id 502;
- interface ge-0/3/2.502; ## 'ge-0/3/2.502' is not defined
+ interface ge-0/3/2.502;
routing-interface irb.502;
}
}
Index: hub.alv.onenet.net
===================================================================
--- hub.alv.onenet.net (revision 11242)
+++ hub.alv.onenet.net (working copy)
@@ -1,13 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ALVA-M120-RE0> show system commit
+# 2011-05-14 22:55:24 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-06 11:48:31 CDT by joe via cli commit synchronize
# 2011-05-06 11:46:46 CDT by joe via cli commit synchronize
# 2011-05-05 23:06:52 CDT by jed via cli commit synchronize
-# 2011-04-15 20:37:27 CDT by root via other
-# Synchronization with remote Routing Engine
# grnoc-mon at ALVA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +293,7 @@
# grnoc-mon at ALVA-M120-RE0> show system uptime
# System booted: 2011-04-15 20:34 CDT
# Protocols started: 2011-04-15 20:36 CDT
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-14 22:55 CDT by jeremyt
#
# {master}
# grnoc-mon at ALVA-M120-RE0> show interface terse
@@ -398,7 +397,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ALVA-M120-RE0> show configuration
-## Last commit: 2011-05-13 12:36:23 CDT by admin
+## Last commit: 2011-05-14 22:55:24 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -775,6 +774,7 @@
}
address 156.110.126.118/30;
}
+ family mpls;
}
}
sp-3/3/0 {
@@ -868,28 +868,44 @@
autonomous-system 5078;
}
protocols {
+ mpls {
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
bgp {
- path-selection cisco-non-deterministic;
- log-updown;
- family inet {
- any;
- }
- family inet6 {
- unicast;
- }
- group IBGP-OKCCore-RR {
+ group CORE-RR {
type internal;
- description IBGP-OKCCore-RR1-Local-AS5078;
- neighbor 164.58.10.26 {
- description IBGP-Peer-to-OKC-RR1;
- local-address 164.58.199.74;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ local-address 164.58.199.74;
+ family inet {
+ any;
}
+ family inet-vpn {
+ any;
+ }
+ family inet6 {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+ family inet-mvpn {
+ signaling;
+ }
+ family inet6-mvpn {
+ signaling;
+ }
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216;
+ neighbor 164.58.199.226;
}
}
ospf {
export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ reference-bandwidth 100g;
area 0.0.0.0 {
interface t3-2/0/0.0 {
metric 100;
@@ -901,8 +917,14 @@
interface lo0.0;
}
}
+ ldp {
+ preference 255;
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -981,6 +1003,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -993,6 +1033,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1001,14 +1042,30 @@
}
term OSPF-ALLOW {
from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
- 164.58.10.26/32;
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -1018,13 +1075,13 @@
term ICMP-ALLOW {
from {
protocol icmp;
- icmp-type [ echo-reply unreachable time-exceeded echo-request ];
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
}
then accept;
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ];
+ source-port [ domain ntp ssh syslog ];
}
then accept;
}
@@ -1060,29 +1117,47 @@
}
then accept;
}
- term DENY_ALL {
- then {
- log;
- syslog;
- discard;
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ port ldp;
}
}
- }
- filter FLOW-INFO {
- term ALL_FLOW {
+ term PIM-ALLOW {
from {
source-address {
- 0.0.0.0/0;
+ 164.58.199.0/24;
+ 164.58.0.0/16;
}
- destination-address {
- 0.0.0.0/0;
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-address {
+ 164.58.0.0/16;
}
+ protocol udp;
+ port [ 3784 3785 ];
}
- then sample;
+ then accept;
}
- term REJECT_ALL {
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
+ term DENY_ALL {
then {
- reject;
+ log;
+ syslog;
+ discard;
}
}
}
Index: hub.end.onenet.net
===================================================================
--- hub.end.onenet.net (revision 11221)
+++ hub.end.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ENID-M120-RE0> show system commit
+# 2011-05-14 22:57:48 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:07:50 CDT by jed via cli commit synchronize
# 2011-04-19 12:25:03 CDT by todd via cli commit synchronize
# 2011-03-28 16:00:05 CDT by joe via cli commit synchronize
-# 2011-03-28 15:59:51 CDT by joe via cli commit synchronize
# grnoc-mon at ENID-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -293,7 +293,7 @@
# grnoc-mon at ENID-M120-RE0> show system uptime
# System booted: 2011-03-15 19:36 CDT
# Protocols started: 2011-03-15 19:38 CDT
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-14 22:57 CDT by jeremyt
#
# {master}
# grnoc-mon at ENID-M120-RE0> show interface terse
@@ -408,7 +408,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ENID-M120-RE0> show configuration
-## Last commit: 2011-05-13 12:36:23 CDT by admin
+## Last commit: 2011-05-14 22:57:48 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -861,6 +861,7 @@
}
address 156.110.126.122/30;
}
+ family mpls;
}
}
fe-3/1/0 {
@@ -1022,28 +1023,44 @@
autonomous-system 5078;
}
protocols {
+ mpls {
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
bgp {
- path-selection cisco-non-deterministic;
- log-updown;
- family inet {
- any;
- }
- family inet6 {
- unicast;
- }
- group IBGP-OKCCore-RR {
+ group CORE-RR {
type internal;
- description IBGP-OKCCore-RR1-Local-AS5078;
- neighbor 164.58.10.26 {
- description IBGP-Peer-to-OKC-RR1;
- local-address 164.58.199.66;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ local-address 164.58.199.66;
+ family inet {
+ any;
}
+ family inet-vpn {
+ any;
+ }
+ family inet6 {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+ family inet-mvpn {
+ signaling;
+ }
+ family inet6-mvpn {
+ signaling;
+ }
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216;
+ neighbor 164.58.199.226;
}
}
ospf {
export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ reference-bandwidth 100g;
area 0.0.0.0 {
interface fxp0.0 {
disable;
@@ -1052,8 +1069,14 @@
interface fe-3/0/0.0;
}
}
+ ldp {
+ preference 255;
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1132,6 +1155,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1144,6 +1185,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1152,14 +1194,30 @@
}
term OSPF-ALLOW {
from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
- 164.58.10.26/32;
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -1169,13 +1227,13 @@
term ICMP-ALLOW {
from {
protocol icmp;
- icmp-type [ echo-reply unreachable time-exceeded echo-request ];
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
}
then accept;
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ];
+ source-port [ domain ntp ssh syslog ];
}
then accept;
}
@@ -1211,29 +1269,47 @@
}
then accept;
}
- term DENY_ALL {
- then {
- log;
- syslog;
- discard;
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ port ldp;
}
}
- }
- filter FLOW-INFO {
- term ALL_FLOW {
+ term PIM-ALLOW {
from {
source-address {
- 0.0.0.0/0;
+ 164.58.199.0/24;
+ 164.58.0.0/16;
}
- destination-address {
- 0.0.0.0/0;
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-address {
+ 164.58.0.0/16;
}
+ protocol udp;
+ port [ 3784 3785 ];
}
- then sample;
+ then accept;
}
- term REJECT_ALL {
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
+ term DENY_ALL {
then {
- reject;
+ log;
+ syslog;
+ discard;
}
}
}
Index: hub.ponc.onenet.net
===================================================================
--- hub.ponc.onenet.net (revision 11226)
+++ hub.ponc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PONCA-CITY-MX480-RE0> show system commit
+# 2011-05-14 22:00:24 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:08:54 CDT by jed via cli commit synchronize
# 2011-03-30 17:09:57 CDT by admin via cli commit confirmed, rollback in 4mins synchronize
# 2011-03-30 17:00:18 CDT by todd via cli commit synchronize
-# 2011-03-30 16:53:20 CDT by todd via cli commit synchronize
# grnoc-mon at PONCA-CITY-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -303,7 +303,7 @@
# grnoc-mon at PONCA-CITY-MX480-RE0> show system uptime
# System booted: 2011-03-01 21:53 CST
# Protocols started: 2011-03-01 21:54 CST
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-14 22:00 CDT by jeremyt
#
# {master}
# grnoc-mon at PONCA-CITY-MX480-RE0> show interface terse
@@ -384,7 +384,7 @@
#pp0 up up
#tap up up
# grnoc-mon at PONCA-CITY-MX480-RE0> show configuration
-## Last commit: 2011-05-13 12:36:22 CDT by admin
+## Last commit: 2011-05-14 22:00:24 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -539,6 +539,7 @@
}
address 164.58.245.166/30;
}
+ family mpls;
}
}
ge-0/0/9 {
@@ -551,6 +552,7 @@
}
address 164.58.245.162/30;
}
+ family mpls;
}
}
ge-1/0/0 {
@@ -662,38 +664,45 @@
autonomous-system 5078;
}
protocols {
+ mpls {
+ interface ge-0/0/0.0;
+ interface lo0.0;
+ interface ge-0/0/9.0;
+ }
bgp {
- path-selection cisco-non-deterministic;
- log-updown;
- family inet {
- any;
- }
- family inet6 {
- unicast;
- }
- group IBGP-TONKAWA {
+ group CORE-RR {
type internal;
- description IBGP-TONKAWA-Local-AS5078;
- neighbor 164.58.199.70 {
- description IBGP-Peer-to-TONKAWA;
- local-address 164.58.199.186;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ local-address 164.58.199.186;
+ family inet {
+ any;
}
- }
- group IBGP-STILLWATER {
- type internal;
- description IBGP-STILLWATER-Local-AS5078;
- neighbor 164.58.10.12 {
- description IBGP-Peer-to-STILLWATER;
- local-address 164.58.199.186;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ family inet-vpn {
+ any;
}
+ family inet6 {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+ family inet-mvpn {
+ signaling;
+ }
+ family inet6-mvpn {
+ signaling;
+ }
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216;
+ neighbor 164.58.199.226;
}
}
ospf {
export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ reference-bandwidth 100g;
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/9.0;
@@ -703,8 +712,15 @@
interface lo0.0;
}
}
+ ldp {
+ preference 255;
+ interface ge-0/0/0.0;
+ interface ge-0/0/9.0;
+ interface lo0.0;
+ }
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -783,6 +799,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -795,6 +829,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -803,15 +838,30 @@
}
term OSPF-ALLOW {
from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
- 164.58.199.70/32;
- 164.58.10.12/32;
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -821,13 +871,13 @@
term ICMP-ALLOW {
from {
protocol icmp;
- icmp-type [ echo-reply unreachable time-exceeded echo-request ];
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
}
then accept;
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ];
+ source-port [ domain ntp ssh syslog ];
}
then accept;
}
@@ -863,29 +913,47 @@
}
then accept;
}
- term DENY_ALL {
- then {
- log;
- syslog;
- reject;
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ port ldp;
}
}
- }
- filter FLOW-INFO {
- term ALL_FLOW {
+ term PIM-ALLOW {
from {
source-address {
- 0.0.0.0/0;
+ 164.58.199.0/24;
+ 164.58.0.0/16;
}
- destination-address {
- 0.0.0.0/0;
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-address {
+ 164.58.0.0/16;
}
+ protocol udp;
+ port [ 3784 3785 ];
}
- then sample;
+ then accept;
}
- term REJECT_ALL {
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
+ term DENY_ALL {
then {
- reject;
+ log;
+ syslog;
+ discard;
}
}
}
Index: hub.ton.onenet.net
===================================================================
--- hub.ton.onenet.net (revision 11235)
+++ hub.ton.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TONKAWA-M120-RE0> show system commit
+# 2011-05-14 22:34:50 CDT by jeremyt via cli commit synchronize
+# 2011-05-14 22:23:46 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:38 CDT by jed via cli commit synchronize
# 2011-04-15 09:53:44 CDT by smclean via cli commit synchronize
-# 2011-03-31 13:10:57 CDT by von via cli commit synchronize
-# 2011-03-23 09:10:23 CDT by admin via cli commit synchronize
# grnoc-mon at TONKAWA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -313,7 +313,7 @@
# grnoc-mon at TONKAWA-M120-RE0> show system uptime
# System booted: 2011-03-08 14:44 CST
# Protocols started: 2011-03-08 14:46 CST
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-14 22:34 CDT by jeremyt
#
# {master}
# grnoc-mon at TONKAWA-M120-RE0> show interface terse
@@ -485,7 +485,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TONKAWA-M120-RE0> show configuration
-## Last commit: 2011-05-13 12:36:23 CDT by admin
+## Last commit: 2011-05-14 22:34:50 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1366,6 +1366,7 @@
}
address 164.58.245.165/30;
}
+ family mpls;
}
}
ge-4/0/1 {
@@ -1406,6 +1407,7 @@
}
address 156.110.126.121/30;
}
+ family mpls;
}
unit 403 {
description LINK-TO-ONENETHUB-WOODWARD-FE-CIR0004001;
@@ -1416,6 +1418,7 @@
}
address 156.110.126.125/30;
}
+ family mpls;
}
unit 404 {
description SHARE-MEDICAL-CENTER-E-CIR0004009;
@@ -1433,6 +1436,7 @@
}
address 156.110.126.117/30;
}
+ family mpls;
}
unit 407 {
description BLANCHARD-PUBLIC-LIBRARY-E-CIR0004174;
@@ -1645,38 +1649,47 @@
autonomous-system 5078;
}
protocols {
+ mpls {
+ interface ge-4/0/0.0;
+ interface lo0.0;
+ interface ge-4/0/3.402;
+ interface ge-4/0/3.403;
+ interface ge-4/0/3.406;
+ }
bgp {
- path-selection cisco-non-deterministic;
- log-updown;
- family inet {
- any;
- }
- family inet6 {
- unicast;
- }
- group IBGP-OKCCore-RR {
+ group CORE-RR {
type internal;
- description IBGP-OKCCore-RR1-Local-AS5078;
- neighbor 164.58.10.26 {
- description IBGP-Peer-to-OKC-RR1;
- local-address 164.58.199.70;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ local-address 164.58.199.70;
+ family inet {
+ any;
}
- }
- group IBGP-ONENETHUB-PONCA-CITY {
- type internal;
- description IBGP-ONENETHUB-PONCA-CITY-Local-AS5078;
- neighbor 164.58.199.186 {
- description IBGP-ONENETHUB-PONCA-CITY;
- local-address 164.58.199.70;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ family inet-vpn {
+ any;
}
+ family inet6 {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+ family inet-mvpn {
+ signaling;
+ }
+ family inet6-mvpn {
+ signaling;
+ }
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216;
+ neighbor 164.58.199.226;
}
}
ospf {
export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ reference-bandwidth 100g;
area 0.0.0.0 {
interface fxp0.0 {
disable;
@@ -1694,8 +1707,17 @@
}
}
}
+ ldp {
+ preference 255;
+ interface ge-4/0/0.0;
+ interface ge-4/0/3.402;
+ interface ge-4/0/3.403;
+ interface ge-4/0/3.406;
+ interface lo0.0;
+ }
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1802,6 +1824,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1814,6 +1854,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1822,15 +1863,30 @@
}
term OSPF-ALLOW {
from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
- 164.58.10.26/32;
- 164.58.199.186/32;
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -1846,7 +1902,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ];
+ source-port [ domain ntp ssh syslog ];
}
then accept;
}
@@ -1882,29 +1938,47 @@
}
then accept;
}
- term DENY_ALL {
- then {
- log;
- syslog;
- discard;
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ port ldp;
}
}
- }
- filter FLOW-INFO {
- term ALL_FLOW {
+ term PIM-ALLOW {
from {
source-address {
- 0.0.0.0/0;
+ 164.58.199.0/24;
+ 164.58.0.0/16;
}
- destination-address {
- 0.0.0.0/0;
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-address {
+ 164.58.0.0/16;
}
+ protocol udp;
+ port [ 3784 3785 ];
}
- then sample;
+ then accept;
}
- term REJECT_ALL {
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
+ term DENY_ALL {
then {
- reject;
+ log;
+ syslog;
+ discard;
}
}
}
Index: hub.woo.onenet.net
===================================================================
--- hub.woo.onenet.net (revision 11238)
+++ hub.woo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WOODWARD-M120-RE0> show system commit
+# 2011-05-14 22:45:43 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:27 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:18 CDT by admin via cli commit synchronize
# 2011-05-05 23:10:03 CDT by jed via cli commit synchronize
# 2011-05-03 22:50:43 CDT by admin via cli commit synchronize
# 2011-05-03 22:28:36 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
-# 2011-04-08 14:28:31 CDT by joe via cli commit synchronize
# grnoc-mon at WOODWARD-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at WOODWARD-M120-RE0> show system uptime
# System booted: 2011-03-14 18:18 CDT
# Protocols started: 2011-03-14 18:20 CDT
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-14 22:45 CDT by jeremyt
#
# {master}
# grnoc-mon at WOODWARD-M120-RE0> show interface terse
@@ -405,7 +405,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WOODWARD-M120-RE0> show configuration
-## Last commit: 2011-05-13 12:36:27 CDT by admin
+## Last commit: 2011-05-14 22:45:43 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1171,6 +1171,7 @@
}
address 156.110.126.126/30;
}
+ family mpls;
}
}
inactive: fe-3/0/1 {
@@ -1432,28 +1433,44 @@
autonomous-system 5078;
}
protocols {
+ mpls {
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
bgp {
- path-selection cisco-non-deterministic;
- log-updown;
- family inet {
- any;
- }
- family inet6 {
- unicast;
- }
- group IBGP-OKCCore-RR {
+ group CORE-RR {
type internal;
- description IBGP-OKCCore-RR1-Local-AS5078;
- neighbor 164.58.10.25 {
- description IBGP-Peer-to-OKC-RR1;
- local-address 164.58.199.58;
- export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
- peer-as 5078;
+ local-address 164.58.199.58;
+ family inet {
+ any;
}
+ family inet-vpn {
+ any;
+ }
+ family inet6 {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+ family inet-mvpn {
+ signaling;
+ }
+ family inet6-mvpn {
+ signaling;
+ }
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216;
+ neighbor 164.58.199.226;
}
}
ospf {
export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ reference-bandwidth 100g;
area 0.0.0.0 {
interface t3-2/0/0.0 {
metric 100;
@@ -1465,8 +1482,14 @@
interface lo0.0;
}
}
+ ldp {
+ preference 255;
+ interface fe-3/0/0.0;
+ interface lo0.0;
+ }
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1575,6 +1598,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1583,14 +1607,30 @@
}
term OSPF-ALLOW {
from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
- 164.58.10.25/32;
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -1600,13 +1640,13 @@
term ICMP-ALLOW {
from {
protocol icmp;
- icmp-type [ echo-reply unreachable time-exceeded echo-request ];
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
}
then accept;
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ];
+ source-port [ domain ntp ssh syslog ];
}
then accept;
}
@@ -1642,6 +1682,42 @@
}
then accept;
}
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ port ldp;
+ }
+ }
+ term PIM-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ }
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-address {
+ 164.58.0.0/16;
+ }
+ protocol udp;
+ port [ 3784 3785 ];
+ }
+ then accept;
+ }
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.sti.onenet.net
===================================================================
--- hub.sti.onenet.net (revision 11105)
+++ hub.sti.onenet.net (working copy)
@@ -783,7 +783,6 @@
!
!show cdp neighbor:
!port 4/3 connects to meridiantech-3750 port 1/0/1
-!port 3/3 connects to Thor.net.okstate.edu port 1/1
!end show cdp neighbor
!
!BootFlash: BOOT variable = disk0:s72033-adventerprisek9_wan-mz.122-18.SXF13.bin,1;
@@ -808,7 +807,7 @@
!BootFlash: Standby BOOTLDR variable =
!BootFlash: Standby Configuration register is 0x2102
!
-! Last configuration change at 04:49:05 extende Wed Apr 13 2011 by von
+! Last configuration change at 22:51:42 extende Sat May 14 2011 by von
!
config-register 0x2102
upgrade fpd auto
@@ -1219,6 +1218,7 @@
ip route-cache flow
no ip mroute-cache
load-interval 30
+ shutdown
!
interface TenGigabitEthernet3/4
no ip address
More information about the Nocrancid
mailing list