[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon May 23 18:00:57 CDT 2011
Index: core1.lan-mx480.onenet.net
===================================================================
--- core1.lan-mx480.onenet.net (revision 11372)
+++ core1.lan-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LANGSTON-MX480-RE0> show system commit
+# 2011-05-23 17:14:47 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-16 11:03:56 CDT by cjensen via cli commit synchronize
# 2011-05-13 12:36:21 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-09 23:26:13 CDT by jeremyt via cli commit synchronize
# 2011-05-09 22:19:32 CDT by von via cli commit synchronize
-# 2011-05-09 22:18:28 CDT by von via cli commit synchronize
# grnoc-mon at LANGSTON-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 Check
@@ -311,7 +311,7 @@
# grnoc-mon at LANGSTON-MX480-RE0> show system uptime
# System booted: 2011-04-08 16:49 CDT
# Protocols started: 2011-04-08 16:50 CDT
-# Last configured: 2011-05-16 11:03 CDT by cjensen
+# Last configured: 2011-05-23 17:14 CDT by jeremyt
#
# {master}
# grnoc-mon at LANGSTON-MX480-RE0> show interface terse
@@ -383,7 +383,7 @@
#pp0 up up
#tap up up
# grnoc-mon at LANGSTON-MX480-RE0> show configuration
-## Last commit: 2011-05-16 11:03:56 CDT by cjensen
+## Last commit: 2011-05-23 17:14:47 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -839,6 +839,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
@@ -874,7 +875,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -892,6 +893,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -915,6 +917,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -939,6 +942,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: core1.edm-mx480.onenet.net
===================================================================
--- core1.edm-mx480.onenet.net (revision 11363)
+++ core1.edm-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EDMOND-MX480-RE0> show system commit
+# 2011-05-23 17:04:03 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-16 10:55:02 CDT by cjensen via cli commit synchronize
# 2011-05-16 10:53:56 CDT by cjensen via cli commit synchronize
# 2011-05-13 12:36:25 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:17 CDT by admin via cli commit synchronize
# 2011-05-10 14:47:39 CDT by von via cli commit synchronize
-# 2011-05-10 14:46:51 CDT by von via cli commit synchronize
# grnoc-mon at EDMOND-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -309,7 +309,7 @@
# grnoc-mon at EDMOND-MX480-RE0> show system uptime
# System booted: 2011-04-08 16:49 CDT
# Protocols started: 2011-04-08 16:50 CDT
-# Last configured: 2011-05-16 10:55 CDT by cjensen
+# Last configured: 2011-05-23 17:04 CDT by jeremyt
#
# {master}
# grnoc-mon at EDMOND-MX480-RE0> show interface terse
@@ -380,7 +380,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EDMOND-MX480-RE0> show configuration
-## Last commit: 2011-05-16 10:55:02 CDT by cjensen
+## Last commit: 2011-05-23 17:04:03 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -807,6 +807,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
@@ -842,7 +843,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -860,6 +861,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -883,6 +885,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -907,6 +910,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.elr.onenet.net
===================================================================
--- hub.elr.onenet.net (revision 11938)
+++ hub.elr.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EL-RENO-M120-RE0> show system commit
+# 2011-05-23 17:06:18 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 16:03:39 CDT by admin via netconf commit synchronize
# 2011-05-23 16:03:33 CDT by admin via netconf commit synchronize
# 2011-05-23 16:03:16 CDT by jeremyt via cli commit confirmed, rollback in 1mins synchronize
# 2011-05-23 15:54:27 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:22 CDT by admin via netconf commit synchronize
-# 2011-05-23 15:54:05 CDT by admin via netconf commit synchronize
# grnoc-mon at EL-RENO-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -293,7 +293,7 @@
# grnoc-mon at EL-RENO-M120-RE0> show system uptime
# System booted: 2011-02-22 16:32 CST
# Protocols started: 2011-02-22 16:34 CST
-# Last configured: 2011-05-23 16:03 CDT by admin
+# Last configured: 2011-05-23 17:06 CDT by jeremyt
#
# {master}
# grnoc-mon at EL-RENO-M120-RE0> show interface terse
@@ -441,7 +441,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EL-RENO-M120-RE0> show configuration
-## Last commit: 2011-05-23 16:03:39 CDT by admin
+## Last commit: 2011-05-23 17:06:18 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1276,6 +1276,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1448,11 +1449,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1473,7 +1485,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1491,6 +1503,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1514,6 +1527,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1538,6 +1552,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.goo.onenet.net
===================================================================
--- hub.goo.onenet.net (revision 11921)
+++ hub.goo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at GOODWELL-M120-RE0> show system commit
+# 2011-05-23 17:11:09 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 14:40:31 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:07:56 CDT by jed via cli commit synchronize
# 2011-05-04 15:17:16 CDT by jeremyt via cli commit synchronize
-# 2011-05-04 15:15:02 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# grnoc-mon at GOODWELL-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at GOODWELL-M120-RE0> show system uptime
# System booted: 2011-04-15 11:59 CDT
# Protocols started: 2011-04-15 12:00 CDT
-# Last configured: 2011-05-19 14:40 CDT by jeremyt
+# Last configured: 2011-05-23 17:11 CDT by jeremyt
#
# {master}
# grnoc-mon at GOODWELL-M120-RE0> show interface terse
@@ -410,7 +410,7 @@
#pp0 up up
#tap up up
# grnoc-mon at GOODWELL-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:40:31 CDT by jeremyt
+## Last commit: 2011-05-23 17:11:09 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1028,6 +1028,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1174,6 +1175,72 @@
then accept;
}
}
+ filter TAX-VIDEO {
+ term 1 {
+ from {
+ source-address {
+ 164.58.0.230/32;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 2 {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 164.58.0.230/32;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 3 {
+ then accept;
+ }
+ }
+ filter TAX2-VIDEO {
+ term 1 {
+ from {
+ source-address {
+ 164.58.0.178/32;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 2 {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 164.58.0.178/32;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 3 {
+ then accept;
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1198,11 +1265,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1223,7 +1301,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1241,6 +1319,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1264,6 +1343,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1288,6 +1368,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
@@ -1296,72 +1383,6 @@
}
}
}
- filter TAX-VIDEO {
- term 1 {
- from {
- source-address {
- 164.58.0.230/32;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 2 {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 164.58.0.230/32;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 3 {
- then accept;
- }
- }
- filter TAX2-VIDEO {
- term 1 {
- from {
- source-address {
- 164.58.0.178/32;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 2 {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 164.58.0.178/32;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 3 {
- then accept;
- }
- }
}
policer COMMODITY-pOLICER {
if-exceeding {
Index: hub.mus.onenet.net
===================================================================
--- hub.mus.onenet.net (revision 11928)
+++ hub.mus.onenet.net (working copy)
@@ -1,15 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MUSKOGEE-M120-RE0> show system commit
+# 2011-05-23 17:31:45 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
+# 2011-05-23 17:31:24 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 15:54:27 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:22 CDT by admin via netconf commit synchronize
# 2011-05-19 14:46:51 CDT by jeremyt via cli commit synchronize
# 2011-05-17 17:59:22 CDT by root via other
# Synchronization with remote Routing Engine
-# 2011-05-17 15:14:22 CDT by root via other
-# Synchronization with remote Routing Engine
-# 2011-05-17 15:06:08 CDT by root via other
-# Synchronization with remote Routing Engine
# grnoc-mon at MUSKOGEE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -299,7 +297,7 @@
# grnoc-mon at MUSKOGEE-M120-RE0> show system uptime
# System booted: 2011-05-17 17:57 CDT
# Protocols started: 2011-05-17 17:58 CDT
-# Last configured: 2011-05-23 15:54 CDT by admin
+# Last configured: 2011-05-23 17:31 CDT by jeremyt
#
# {master}
# grnoc-mon at MUSKOGEE-M120-RE0> show interface terse
@@ -468,7 +466,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MUSKOGEE-M120-RE0> show configuration
-## Last commit: 2011-05-23 15:54:27 CDT by admin
+## Last commit: 2011-05-23 17:31:45 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1448,6 +1446,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1568,11 +1567,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1593,7 +1603,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1611,6 +1621,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1634,6 +1645,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1658,6 +1670,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.ponc.onenet.net
===================================================================
--- hub.ponc.onenet.net (revision 11309)
+++ hub.ponc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PONCA-CITY-MX480-RE0> show system commit
+# 2011-05-23 17:38:27 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-14 22:00:24 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:08:54 CDT by jed via cli commit synchronize
# 2011-03-30 17:09:57 CDT by admin via cli commit confirmed, rollback in 4mins synchronize
-# 2011-03-30 17:00:18 CDT by todd via cli commit synchronize
# grnoc-mon at PONCA-CITY-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -303,7 +303,7 @@
# grnoc-mon at PONCA-CITY-MX480-RE0> show system uptime
# System booted: 2011-03-01 21:53 CST
# Protocols started: 2011-03-01 21:54 CST
-# Last configured: 2011-05-14 22:00 CDT by jeremyt
+# Last configured: 2011-05-23 17:38 CDT by jeremyt
#
# {master}
# grnoc-mon at PONCA-CITY-MX480-RE0> show interface terse
@@ -384,7 +384,7 @@
#pp0 up up
#tap up up
# grnoc-mon at PONCA-CITY-MX480-RE0> show configuration
-## Last commit: 2011-05-14 22:00:24 CDT by jeremyt
+## Last commit: 2011-05-23 17:38:27 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -877,7 +877,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh syslog ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -895,6 +895,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -918,6 +919,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
Index: hub.mca.onenet.net
===================================================================
--- hub.mca.onenet.net (revision 11839)
+++ hub.mca.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MCALESTER-M120-RE0> show system commit
+# 2011-05-23 17:23:01 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 14:44:18 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:24 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:08:28 CDT by jed via cli commit synchronize
# 2011-04-20 03:25:21 CDT by admin via cli commit synchronize
-# 2011-04-20 03:24:54 CDT by admin via cli commit confirmed, rollback in 2mins synchronize
# grnoc-mon at MCALESTER-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -291,7 +291,7 @@
# grnoc-mon at MCALESTER-M120-RE0> show system uptime
# System booted: 2011-02-15 18:51 CST
# Protocols started: 2011-02-15 18:53 CST
-# Last configured: 2011-05-19 14:44 CDT by jeremyt
+# Last configured: 2011-05-23 17:23 CDT by jeremyt
#
# {master}
# grnoc-mon at MCALESTER-M120-RE0> show interface terse
@@ -441,7 +441,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MCALESTER-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:44:18 CDT by jeremyt
+## Last commit: 2011-05-23 17:23:01 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1274,6 +1274,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1400,11 +1401,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1425,7 +1437,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1443,6 +1455,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1466,6 +1479,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1490,6 +1504,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.ton.onenet.net
===================================================================
--- hub.ton.onenet.net (revision 11926)
+++ hub.ton.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TONKAWA-M120-RE0> show system commit
+# 2011-05-23 17:52:25 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 15:54:26 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:21 CDT by admin via netconf commit synchronize
# 2011-05-14 23:54:12 CDT by admin via cli commit synchronize
# 2011-05-14 22:34:50 CDT by jeremyt via cli commit synchronize
# 2011-05-14 22:23:46 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
-# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# grnoc-mon at TONKAWA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -313,7 +313,7 @@
# grnoc-mon at TONKAWA-M120-RE0> show system uptime
# System booted: 2011-03-08 14:44 CST
# Protocols started: 2011-03-08 14:46 CST
-# Last configured: 2011-05-23 15:54 CDT by admin
+# Last configured: 2011-05-23 17:52 CDT by jeremyt
#
# {master}
# grnoc-mon at TONKAWA-M120-RE0> show interface terse
@@ -485,7 +485,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TONKAWA-M120-RE0> show configuration
-## Last commit: 2011-05-23 15:54:26 CDT by admin
+## Last commit: 2011-05-23 17:52:25 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1499,21 +1499,21 @@
forwarding-options {
sampling {
input {
- family inet {
- rate 1000;
- }
+ rate 100;
}
- output { ## Warning: 'output' is deprecated
- flow-server 164.58.253.210 {
- port 9920;
- autonomous-system-type origin;
- no-local-dump;
- source-address 164.58.199.70;
- version 5;
+ family inet {
+ output {
+ flow-server 164.58.253.210 {
+ port 9920;
+ autonomous-system-type origin;
+ no-local-dump;
+ source-address 164.58.199.70;
+ version 5;
+ }
+ interface sp-3/3/0 {
+ source-address 164.58.199.70;
+ }
}
- interface sp-3/3/0 {
- source-address 164.58.199.70;
- }
}
}
}
@@ -1902,7 +1902,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh syslog ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1920,6 +1920,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
Index: hub.osuokc.onenet.net
===================================================================
--- hub.osuokc.onenet.net (revision 11929)
+++ hub.osuokc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OSUOKC-MX80> show system commit
+# 2011-05-23 17:48:48 CDT by jeremyt via cli commit confirmed, rollback in 3mins
# 2011-05-23 16:00:12 CDT by admin via netconf
# 2011-05-23 16:00:07 CDT by admin via netconf
# 2011-05-23 15:59:42 CDT by jeremyt via cli commit confirmed, rollback in 10mins
# 2011-05-23 15:55:02 CDT by admin via netconf
# 2011-05-23 15:54:51 CDT by admin via cli
-# 2011-05-19 22:17:53 CDT by admin via cli
# grnoc-mon at OSUOKC-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -215,7 +215,7 @@
# grnoc-mon at OSUOKC-MX80> show system uptime
# System booted: 2011-05-19 15:03 CDT
# Protocols started: 2011-05-19 15:04 CDT
-# Last configured: 2011-05-23 16:00 CDT by admin
+# Last configured: 2011-05-23 17:48 CDT by jeremyt
#
# grnoc-mon at OSUOKC-MX80> show interface terse
#Interface Admin Link
@@ -271,7 +271,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OSUOKC-MX80> show configuration
-## Last commit: 2011-05-23 16:00:12 CDT by admin
+## Last commit: 2011-05-23 17:48:48 CDT by jeremyt
version 10.4R2.6;
system {
host-name OSUOKC-MX80;
@@ -397,7 +397,7 @@
lo0 {
unit 0 {
family inet {
- inactive: filter {
+ filter {
input PROTECT-RE;
}
address 127.0.0.1/32;
@@ -514,6 +514,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -543,6 +544,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ discard;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -567,11 +586,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -592,7 +622,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -610,6 +640,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -631,8 +662,9 @@
term LDP-ALLOW {
from {
source-address {
+ 164.58.199.0/24;
164.58.0.0/16;
- 164.58.199.0/24;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -672,24 +704,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- discard;
- }
- }
- }
}
}
inactive: services {
Index: hub.lawm120.onenet.net
===================================================================
--- hub.lawm120.onenet.net (revision 11913)
+++ hub.lawm120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LAWTON-M120-RE0> show system commit
+# 2011-05-23 17:19:44 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 14:43:04 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:16 CDT by admin via cli commit synchronize
# 2011-05-05 23:08:22 CDT by jed via cli commit synchronize
# 2011-04-26 14:57:21 CDT by todd via cli commit synchronize
-# 2011-04-26 14:56:45 CDT by root via other
# grnoc-mon at LAWTON-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at LAWTON-M120-RE0> show system uptime
# System booted: 2011-02-23 20:35 CST
# Protocols started: 2011-02-23 20:37 CST
-# Last configured: 2011-05-19 14:43 CDT by jeremyt
+# Last configured: 2011-05-23 17:19 CDT by jeremyt
#
# {master}
# grnoc-mon at LAWTON-M120-RE0> show interface terse
@@ -434,7 +434,7 @@
#pp0 up up
#tap up up
# grnoc-mon at LAWTON-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:43:04 CDT by jeremyt
+## Last commit: 2011-05-23 17:19:44 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1150,6 +1150,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1306,11 +1307,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1331,7 +1343,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1349,6 +1361,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1372,6 +1385,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1396,6 +1410,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.dur.onenet.net
===================================================================
--- hub.dur.onenet.net (revision 11911)
+++ hub.dur.onenet.net (working copy)
@@ -1,6 +1,7 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at DURANT-M120-RE0> show system commit
+# 2011-05-23 17:01:14 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-20 12:52:18 CDT by root via other
# Synchronization with remote Routing Engine
# 2011-05-20 11:51:42 CDT by root via other
@@ -9,7 +10,6 @@
# 2011-05-16 09:03:10 CDT by root via other
# Synchronization with remote Routing Engine
# 2011-05-13 12:36:24 CDT by admin via netconf commit synchronize
-# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# grnoc-mon at DURANT-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at DURANT-M120-RE0> show system uptime
# System booted: 2011-05-20 12:49 CDT
# Protocols started: 2011-05-20 12:51 CDT
-# Last configured: 2011-05-20 12:52 CDT by root
+# Last configured: 2011-05-23 17:01 CDT by jeremyt
#
# {master}
# grnoc-mon at DURANT-M120-RE0> show interface terse
@@ -473,7 +473,7 @@
#pp0 up up
#tap up up
# grnoc-mon at DURANT-M120-RE0> show configuration
-## Last commit: 2011-05-20 12:52:18 CDT by root
+## Last commit: 2011-05-23 17:01:14 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1640,6 +1640,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1807,11 +1808,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1832,7 +1844,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1850,6 +1862,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1873,6 +1886,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1897,6 +1911,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.war.onenet.net
===================================================================
--- hub.war.onenet.net (revision 11927)
+++ hub.war.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WARNER-M120-RE0> show system commit
+# 2011-05-23 17:55:03 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 15:54:28 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:22 CDT by admin via netconf commit synchronize
# 2011-05-17 11:41:16 CDT by jeremyt via cli commit synchronize
# 2011-05-17 11:39:12 CDT by jeremyt via cli commit synchronize
# 2011-05-17 11:35:24 CDT by jeremyt via cli commit synchronize
-# 2011-05-17 11:33:02 CDT by jeremyt via cli commit synchronize
# grnoc-mon at WARNER-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -293,7 +293,7 @@
# grnoc-mon at WARNER-M120-RE0> show system uptime
# System booted: 2011-03-07 18:18 CST
# Protocols started: 2011-03-07 18:19 CST
-# Last configured: 2011-05-23 15:54 CDT by admin
+# Last configured: 2011-05-23 17:55 CDT by jeremyt
#
# {master}
# grnoc-mon at WARNER-M120-RE0> show interface terse
@@ -402,7 +402,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WARNER-M120-RE0> show configuration
-## Last commit: 2011-05-23 15:54:28 CDT by admin
+## Last commit: 2011-05-23 17:55:03 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1271,21 +1271,21 @@
forwarding-options {
sampling {
input {
- family inet {
- rate 1000;
- }
+ rate 100;
}
- output { ## Warning: 'output' is deprecated
- flow-server 164.58.253.210 {
- port 9920;
- autonomous-system-type origin;
- no-local-dump;
- source-address 164.58.199.106;
- version 5;
+ family inet {
+ output {
+ flow-server 164.58.253.210 {
+ port 9920;
+ autonomous-system-type origin;
+ no-local-dump;
+ source-address 164.58.199.106;
+ version 5;
+ }
+ interface sp-3/3/0 {
+ source-address 164.58.199.106;
+ }
}
- interface sp-3/3/0 {
- source-address 164.58.199.106;
- }
}
}
}
@@ -1395,6 +1395,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1521,11 +1522,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1546,7 +1558,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1564,6 +1576,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1587,6 +1600,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1611,6 +1625,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: core3.okc-m120.onenet.net
===================================================================
--- core3.okc-m120.onenet.net (revision 11941)
+++ core3.okc-m120.onenet.net (working copy)
@@ -1365,8 +1365,8 @@
#t1-3/3/0:6:26.0 up up
#t1-3/3/0:6:27 up up
#t1-3/3/0:6:27.0 up up
-#t1-3/3/0:6:28 up up
-#t1-3/3/0:6:28.0 up up
+#t1-3/3/0:6:28 up down
+#t1-3/3/0:6:28.0 up down
#coc1-3/3/0:7 up up
#ct3-3/3/0:7 up up
#t1-3/3/0:7:1 up down
Index: hub.ida.onenet.net
===================================================================
--- hub.ida.onenet.net (revision 11939)
+++ hub.ida.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-M120-RE0> show system commit
+# 2011-05-23 17:13:06 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 16:11:56 CDT by jeremyt via cli commit synchronize
# 2011-05-19 14:41:33 CDT by jeremyt via cli commit synchronize
# 2011-05-17 09:38:34 CDT by root via other
# Synchronization with remote Routing Engine
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
-# 2011-05-10 13:14:52 CDT by smclean via cli commit synchronize
# grnoc-mon at IDABEL-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at IDABEL-M120-RE0> show system uptime
# System booted: 2011-05-17 09:36 CDT
# Protocols started: 2011-05-17 09:38 CDT
-# Last configured: 2011-05-23 16:11 CDT by jeremyt
+# Last configured: 2011-05-23 17:13 CDT by jeremyt
#
# {master}
# grnoc-mon at IDABEL-M120-RE0> show interface terse
@@ -324,16 +324,16 @@
#t1-2/0/3:11 up down
#t1-2/0/3:12 up up
#t1-2/0/3:12.0 up up
-#t1-2/0/3:13 up down
-#t1-2/0/3:13.0 up down
+#t1-2/0/3:13 up up
+#t1-2/0/3:13.0 up up
#t1-2/0/3:14 up up
#t1-2/0/3:14.0 up up
#t1-2/0/3:15 up up
#t1-2/0/3:15.0 up up
#t1-2/0/3:16 up up
#t1-2/0/3:16.0 up up
-#t1-2/0/3:17 up down
-#t1-2/0/3:17.0 up down
+#t1-2/0/3:17 up up
+#t1-2/0/3:17.0 up up
#t1-2/0/3:18 up up
#t1-2/0/3:18.0 up up
#t1-2/0/3:19 up up
@@ -414,7 +414,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-M120-RE0> show configuration
-## Last commit: 2011-05-23 16:11:56 CDT by jeremyt
+## Last commit: 2011-05-23 17:13:06 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1260,6 +1260,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1414,11 +1415,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1439,8 +1451,7 @@
}
term SERVICES-OUTBOUND {
from {
- protocol tcp;
- source-port [ domain ntp ssh 7804 ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1458,6 +1469,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1481,6 +1493,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1505,6 +1518,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.pot.onenet.net
===================================================================
--- hub.pot.onenet.net (revision 11793)
+++ hub.pot.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at POTEAU-M120-RE0> show system commit
+# 2011-05-23 17:40:46 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-05-19 14:52:17 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:16 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:00 CDT by jed via cli commit synchronize
# 2011-04-25 17:06:40 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
-# 2011-04-22 00:52:00 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# grnoc-mon at POTEAU-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at POTEAU-M120-RE0> show system uptime
# System booted: 2011-02-16 19:24 CST
# Protocols started: 2011-02-16 19:26 CST
-# Last configured: 2011-05-19 14:52 CDT by jeremyt
+# Last configured: 2011-05-23 17:40 CDT by jeremyt
#
# {master}
# grnoc-mon at POTEAU-M120-RE0> show interface terse
@@ -446,7 +446,7 @@
#pp0 up up
#tap up up
# grnoc-mon at POTEAU-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:52:17 CDT by jeremyt
+## Last commit: 2011-05-23 17:40:46 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1230,6 +1230,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement CASC-PREFER {
term ACL-75 {
from {
@@ -1375,11 +1376,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1400,7 +1412,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1418,6 +1430,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1441,6 +1454,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1465,6 +1479,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 11612)
+++ hub.mia.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MIAMI-M120-RE0> show system commit
+# 2011-05-23 17:24:47 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-05-19 14:45:21 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:16 CDT by admin via cli commit synchronize
# 2011-05-05 23:08:35 CDT by jed via cli commit synchronize
# 2011-04-22 10:49:28 CDT by todd via cli commit confirmed, rollback in 1mins synchronize
-# 2011-04-22 09:51:06 CDT by admin via cli commit synchronize
# grnoc-mon at MIAMI-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at MIAMI-M120-RE0> show system uptime
# System booted: 2011-02-28 14:08 CST
# Protocols started: 2011-02-28 14:09 CST
-# Last configured: 2011-05-19 14:45 CDT by jeremyt
+# Last configured: 2011-05-23 17:24 CDT by jeremyt
#
# {master}
# grnoc-mon at MIAMI-M120-RE0> show interface terse
@@ -400,7 +400,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MIAMI-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:45:21 CDT by jeremyt
+## Last commit: 2011-05-23 17:24:47 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1008,6 +1008,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1156,11 +1157,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1181,7 +1193,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1199,6 +1211,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1222,6 +1235,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1246,6 +1260,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.say.onenet.net
===================================================================
--- hub.say.onenet.net (revision 11618)
+++ hub.say.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-M120-RE0> show system commit
+# 2011-05-23 17:44:03 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 15:02:22 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:12 CDT by jed via cli commit synchronize
# 2011-05-05 22:41:52 CDT by jed via cli commit synchronize
-# 2011-05-04 03:02:47 CDT by jed via cli commit synchronize
# grnoc-mon at SAYRE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 Check
@@ -291,7 +291,7 @@
# grnoc-mon at SAYRE-M120-RE0> show system uptime
# System booted: 2011-03-01 11:39 CST
# Protocols started: 2011-03-01 11:40 CST
-# Last configured: 2011-05-19 15:02 CDT by jeremyt
+# Last configured: 2011-05-23 17:44 CDT by jeremyt
#
# {master}
# grnoc-mon at SAYRE-M120-RE0> show interface terse
@@ -405,7 +405,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-M120-RE0> show configuration
-## Last commit: 2011-05-19 15:02:22 CDT by jeremyt
+## Last commit: 2011-05-23 17:44:03 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1456,6 +1456,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1582,11 +1583,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1607,7 +1619,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1625,6 +1637,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1648,6 +1661,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1672,6 +1686,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.mwc.onenet.net
===================================================================
--- hub.mwc.onenet.net (revision 11257)
+++ hub.mwc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MWC-MX80> show system commit
+# 2011-05-23 17:27:34 CDT by jeremyt via cli commit confirmed, rollback in 3mins
# 2011-05-13 14:32:55 CDT by jeremyt via cli
# 2011-05-13 12:36:29 CDT by admin via netconf
# 2011-05-13 12:36:15 CDT by admin via cli
# 2011-05-11 23:18:33 CDT by von via cli commit confirmed, rollback in 1mins
# 2011-05-11 23:17:44 CDT by von via cli
-# 2011-05-11 23:17:27 CDT by von via cli commit confirmed, rollback in 1mins
# grnoc-mon at MWC-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -217,7 +217,7 @@
# grnoc-mon at MWC-MX80> show system uptime
# System booted: 2011-05-10 15:31 CDT
# Protocols started: 2011-05-10 15:32 CDT
-# Last configured: 2011-05-13 14:32 CDT by jeremyt
+# Last configured: 2011-05-23 17:27 CDT by jeremyt
#
# grnoc-mon at MWC-MX80> show interface terse
#Interface Admin Link
@@ -275,7 +275,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MWC-MX80> show configuration
-## Last commit: 2011-05-13 14:32:55 CDT by jeremyt
+## Last commit: 2011-05-23 17:27:34 CDT by jeremyt
version 10.4R2.6;
system {
host-name MWC-MX80;
@@ -422,7 +422,7 @@
unit 0 {
family inet {
filter {
- inactive: input PROTECT-RE;
+ input PROTECT-RE;
}
address 127.0.0.1/32;
address 164.58.199.2/32;
@@ -559,6 +559,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -588,6 +589,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ discard;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -612,11 +631,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -637,7 +667,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -655,6 +685,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -678,6 +709,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -717,24 +749,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- discard;
- }
- }
- }
}
}
inactive: services {
Index: hub.okm.onenet.net
===================================================================
--- hub.okm.onenet.net (revision 11906)
+++ hub.okm.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKMULGEE-M120-RE0> show system commit
+# 2011-05-23 17:33:54 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-05-23 11:11:17 CDT by todd via cli commit synchronize
# 2011-05-23 11:10:25 CDT by todd via cli commit synchronize
# 2011-05-23 11:07:54 CDT by todd via cli commit synchronize
# 2011-05-19 12:07:35 CDT by todd via cli commit confirmed, rollback in 1mins synchronize
# 2011-05-19 09:39:46 CDT by todd via cli commit synchronize
-# 2011-05-19 09:39:06 CDT by todd via cli commit synchronize
# grnoc-mon at OKMULGEE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at OKMULGEE-M120-RE0> show system uptime
# System booted: 2011-03-22 10:41 CDT
# Protocols started: 2011-03-22 10:43 CDT
-# Last configured: 2011-05-23 11:11 CDT by todd
+# Last configured: 2011-05-23 17:33 CDT by jeremyt
#
# {master}
# grnoc-mon at OKMULGEE-M120-RE0> show interface terse
@@ -446,7 +446,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKMULGEE-M120-RE0> show configuration
-## Last commit: 2011-05-23 11:11:17 CDT by todd
+## Last commit: 2011-05-23 17:33:54 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1492,6 +1492,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1612,11 +1613,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1637,7 +1649,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1655,6 +1667,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1678,6 +1691,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1702,6 +1716,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.sem.onenet.net
===================================================================
--- hub.sem.onenet.net (revision 11930)
+++ hub.sem.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SEMINOLE-M120-RE0> show system commit
+# 2011-05-23 17:45:45 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 15:54:25 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:20 CDT by admin via netconf commit synchronize
# 2011-05-19 15:03:46 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:24 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
-# 2011-05-11 15:51:35 CDT by bobby via cli commit synchronize
# grnoc-mon at SEMINOLE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -286,7 +286,7 @@
# grnoc-mon at SEMINOLE-M120-RE0> show system uptime
# System booted: 2011-02-10 18:03 CST
# Protocols started: 2011-02-10 18:04 CST
-# Last configured: 2011-05-23 15:54 CDT by admin
+# Last configured: 2011-05-23 17:45 CDT by jeremyt
#
# {master}
# grnoc-mon at SEMINOLE-M120-RE0> show interface terse
@@ -475,7 +475,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SEMINOLE-M120-RE0> show configuration
-## Last commit: 2011-05-23 15:54:25 CDT by admin
+## Last commit: 2011-05-23 17:45:45 CDT by jeremyt
version 10.4R1.9;
groups {
re0 {
@@ -1478,6 +1478,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1632,11 +1633,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1657,7 +1669,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1675,6 +1687,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1698,6 +1711,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1722,6 +1736,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.sal.onenet.net
===================================================================
--- hub.sal.onenet.net (revision 11741)
+++ hub.sal.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SALLISAW-M120-RE0> show system commit
+# 2011-05-23 17:42:36 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 14:53:47 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:06 CDT by jed via cli commit synchronize
# 2011-05-02 15:10:52 CDT by joe via cli commit synchronize
-# 2011-04-25 09:30:48 CDT by von via cli commit synchronize
# grnoc-mon at SALLISAW-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at SALLISAW-M120-RE0> show system uptime
# System booted: 2011-04-16 14:31 CDT
# Protocols started: 2011-04-16 14:33 CDT
-# Last configured: 2011-05-19 14:53 CDT by jeremyt
+# Last configured: 2011-05-23 17:42 CDT by jeremyt
#
# {master}
# grnoc-mon at SALLISAW-M120-RE0> show interface terse
@@ -454,7 +454,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SALLISAW-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:53:47 CDT by jeremyt
+## Last commit: 2011-05-23 17:42:36 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1302,6 +1302,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1450,11 +1451,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1475,7 +1487,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1493,6 +1505,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1516,6 +1529,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1540,6 +1554,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.law480.onenet.net
===================================================================
--- hub.law480.onenet.net (revision 11637)
+++ hub.law480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LAWTON-MX480-RE0> show system commit
+# 2011-05-23 17:17:18 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-13 12:36:22 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:14 CDT by admin via cli commit synchronize
# 2011-05-12 10:06:55 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-05 23:08:08 CDT by jed via cli commit synchronize
# 2011-04-26 14:10:58 CDT by todd via cli commit synchronize
-# 2011-04-26 13:48:32 CDT by root via other
# grnoc-mon at LAWTON-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -284,7 +284,7 @@
# grnoc-mon at LAWTON-MX480-RE0> show system uptime
# System booted: 2011-02-23 20:16 CST
# Protocols started: 2011-02-23 20:18 CST
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-23 17:17 CDT by jeremyt
#
# {master}
# grnoc-mon at LAWTON-MX480-RE0> show interface terse
@@ -378,7 +378,7 @@
#pp0 up up
#tap up up
# grnoc-mon at LAWTON-MX480-RE0> show configuration
-## Last commit: 2011-05-13 12:36:22 CDT by admin
+## Last commit: 2011-05-23 17:17:18 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -917,6 +917,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1043,12 +1044,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
- 156.110.87.0/24;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1069,7 +1080,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1087,6 +1098,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1110,6 +1122,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1134,6 +1147,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.tis.onenet.net
===================================================================
--- hub.tis.onenet.net (revision 11924)
+++ hub.tis.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TISHOMINGO-M120-RE0> show system commit
+# 2011-05-23 17:49:21 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-23 15:54:25 CDT by admin via netconf commit synchronize
# 2011-05-23 15:54:20 CDT by admin via netconf commit synchronize
# 2011-05-19 15:07:06 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:24 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
-# 2011-05-05 23:09:31 CDT by jed via cli commit synchronize
# grnoc-mon at TISHOMINGO-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at TISHOMINGO-M120-RE0> show system uptime
# System booted: 2011-04-16 05:15 CDT
# Protocols started: 2011-04-16 05:17 CDT
-# Last configured: 2011-05-23 15:54 CDT by admin
+# Last configured: 2011-05-23 17:49 CDT by jeremyt
#
# {master}
# grnoc-mon at TISHOMINGO-M120-RE0> show interface terse
@@ -404,7 +404,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TISHOMINGO-M120-RE0> show configuration
-## Last commit: 2011-05-23 15:54:25 CDT by admin
+## Last commit: 2011-05-23 17:49:21 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1104,6 +1104,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1258,11 +1259,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1283,7 +1295,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1301,6 +1313,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1324,6 +1337,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1348,6 +1362,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.end.onenet.net
===================================================================
--- hub.end.onenet.net (revision 11603)
+++ hub.end.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ENID-M120-RE0> show system commit
+# 2011-05-23 17:08:15 CDT by jeremyt via cli commit synchronize
# 2011-05-19 14:38:28 CDT by jeremyt via cli commit synchronize
# 2011-05-14 23:54:57 CDT by admin via cli commit synchronize
# 2011-05-14 22:57:48 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
-# 2011-05-05 23:07:50 CDT by jed via cli commit synchronize
# grnoc-mon at ENID-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -293,7 +293,7 @@
# grnoc-mon at ENID-M120-RE0> show system uptime
# System booted: 2011-03-15 19:36 CDT
# Protocols started: 2011-03-15 19:38 CDT
-# Last configured: 2011-05-19 14:38 CDT by jeremyt
+# Last configured: 2011-05-23 17:08 CDT by jeremyt
#
# {master}
# grnoc-mon at ENID-M120-RE0> show interface terse
@@ -408,7 +408,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ENID-M120-RE0> show configuration
-## Last commit: 2011-05-19 14:38:28 CDT by jeremyt
+## Last commit: 2011-05-23 17:08:15 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1233,7 +1233,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh syslog ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1251,6 +1251,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
Index: hub.wea.onenet.net
===================================================================
--- hub.wea.onenet.net (revision 11246)
+++ hub.wea.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WEATHERFORD-M120-RE0> show system commit
+# 2011-05-23 17:57:43 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-13 12:36:23 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:15 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:51 CDT by jed via cli commit synchronize
# 2011-04-27 15:40:56 CDT by von via cli commit synchronize
# 2011-04-27 15:40:17 CDT by von via cli commit confirmed, rollback in 2mins synchronize
-# 2011-04-20 03:35:23 CDT by admin via cli commit synchronize
# grnoc-mon at WEATHERFORD-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at WEATHERFORD-M120-RE0> show system uptime
# System booted: 2011-03-01 15:13 CST
# Protocols started: 2011-03-01 15:14 CST
-# Last configured: 2011-05-13 12:36 CDT by admin
+# Last configured: 2011-05-23 17:57 CDT by jeremyt
#
# {master}
# grnoc-mon at WEATHERFORD-M120-RE0> show interface terse
@@ -439,7 +439,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WEATHERFORD-M120-RE0> show configuration
-## Last commit: 2011-05-13 12:36:23 CDT by admin
+## Last commit: 2011-05-23 17:57:43 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1344,21 +1344,21 @@
forwarding-options {
sampling {
input {
- family inet {
- rate 1000;
- }
+ rate 100;
}
- output { ## Warning: 'output' is deprecated
- flow-server 164.58.253.210 {
- port 9920;
- autonomous-system-type origin;
- no-local-dump;
- source-address 164.58.199.38;
- version 5;
+ family inet {
+ output {
+ flow-server 164.58.253.210 {
+ port 9920;
+ autonomous-system-type origin;
+ no-local-dump;
+ source-address 164.58.199.38;
+ version 5;
+ }
+ interface sp-3/3/0 {
+ source-address 164.58.199.38;
+ }
}
- interface sp-3/3/0 {
- source-address 164.58.199.38;
- }
}
}
}
@@ -1564,6 +1564,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1690,11 +1691,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1715,7 +1727,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1733,6 +1745,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1756,6 +1769,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1780,6 +1794,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
Index: hub.tah.onenet.net
===================================================================
--- hub.tah.onenet.net (revision 11702)
+++ hub.tah.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TAHLEQUAH-M120-RE0> show system commit
+# 2011-05-23 17:47:24 CDT by jeremyt via cli commit confirmed, rollback in 3mins synchronize
# 2011-05-19 15:05:53 CDT by jeremyt via cli commit synchronize
# 2011-05-13 12:36:24 CDT by admin via netconf commit synchronize
# 2011-05-13 12:36:16 CDT by admin via cli commit synchronize
# 2011-05-05 23:09:26 CDT by jed via cli commit synchronize
# 2011-04-22 00:02:40 CDT by admin via cli commit synchronize
-# 2011-03-21 00:05:52 CDT by admin via cli commit synchronize
# grnoc-mon at TAHLEQUAH-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -313,7 +313,7 @@
# grnoc-mon at TAHLEQUAH-M120-RE0> show system uptime
# System booted: 2011-03-09 19:59 CST
# Protocols started: 2011-03-09 20:00 CST
-# Last configured: 2011-05-19 15:05 CDT by jeremyt
+# Last configured: 2011-05-23 17:47 CDT by jeremyt
#
# {master}
# grnoc-mon at TAHLEQUAH-M120-RE0> show interface terse
@@ -468,7 +468,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TAHLEQUAH-M120-RE0> show configuration
-## Last commit: 2011-05-19 15:05:53 CDT by jeremyt
+## Last commit: 2011-05-23 17:47:24 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -1634,6 +1634,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1754,11 +1755,22 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
+ term EBGP-ALLOW {
+ from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term IBGP-ALLOW {
from {
source-address {
@@ -1779,7 +1791,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1797,6 +1809,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1813,10 +1826,22 @@
protocol [ tcp udp ];
port [ snmp snmptrap ];
}
+ then accept;
}
+ term LDP-ALLOW {
+ from {
+ source-address {
+ 164.58.199.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
+ port ldp;
+ }
+ }
term PIM-ALLOW {
from {
source-address {
+ 164.58.199.0/24;
164.58.0.0/16;
}
protocol pim;
@@ -1833,6 +1858,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
More information about the Nocrancid
mailing list