[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Feb 25 18:01:10 CST 2014
Index: core.alt.onenet.net
===================================================================
--- core.alt.onenet.net (revision 110957)
+++ core.alt.onenet.net (working copy)
@@ -324,15 +324,15 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1112225 up up
-#lsi.1112226 up up
-#lsi.1112227 up up
-#lsi.1112228 up up
-#lsi.1112229 up up
-#lsi.1112230 up up
-#lsi.1112231 up up
-#lsi.1112232 up up
-#lsi.1112233 up up
+#lsi.1112297 up up
+#lsi.1112298 up up
+#lsi.1112299 up up
+#lsi.1112300 up up
+#lsi.1112301 up up
+#lsi.1112302 up up
+#lsi.1112303 up up
+#lsi.1112304 up up
+#lsi.1112305 up up
#mtun up up
#pimd up up
#pime up up
Index: core.ida.onenet.net
===================================================================
--- core.ida.onenet.net (revision 110922)
+++ core.ida.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-MX480-RE0> show system commit
+# 2014-02-25 17:22:24 CST by jeremyt via cli commit synchronize
# 2014-02-25 14:46:06 CST by jeremyt via cli commit synchronize
# 2014-02-25 14:45:02 CST by jeremyt via cli commit confirmed, rollback in 5mins synchronize
# 2014-02-24 17:55:40 CST by rnordmark via cli commit synchronize
# 2014-02-24 17:47:19 CST by rnordmark via cli commit synchronize
# 2014-02-24 17:27:05 CST by rnordmark via cli commit confirmed, rollback in 2mins synchronize
-# 2014-02-24 17:23:37 CST by rnordmark via cli commit confirmed, rollback in 5mins synchronize
# grnoc-mon at IDABEL-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -249,7 +249,7 @@
# grnoc-mon at IDABEL-MX480-RE0> show system uptime
# System booted: 2014-02-20 20:55 CST
# Protocols started: 2014-02-20 20:56 CST
-# Last configured: 2014-02-25 14:46 CST by jeremyt
+# Last configured: 2014-02-25 17:22 CST by jeremyt
#
# {master}
# grnoc-mon at IDABEL-MX480-RE0> show interface terse
@@ -329,7 +329,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-MX480-RE0> show configuration
-## Last commit: 2014-02-25 14:46:06 CST by jeremyt
+## Last commit: 2014-02-25 17:22:24 CST by jeremyt
version 11.4R7.5;
groups {
re0 {
@@ -1126,7 +1126,7 @@
}
term NTP-ALLOW {
from {
- source-prefix-list {
+ prefix-list {
PRE-NTP-SOURCES;
}
protocol udp;
Index: core.law.onenet.net
===================================================================
--- core.law.onenet.net (revision 110958)
+++ core.law.onenet.net (working copy)
@@ -475,7 +475,7 @@
#lsi.1059941 up up
#lsi.1059942 up up
#lsi.1060158 up up
-#lsi.1060185 up up
+#lsi.1060193 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.dc.onenet.net
===================================================================
--- core1.dc.onenet.net (revision 110963)
+++ core1.dc.onenet.net (working copy)
@@ -851,7 +851,7 @@
#lsi.1058993 up up
#lsi.1058994 up up
#lsi.1059096 up up
-#lsi.1059237 up up
+#lsi.1059245 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.okccc.onenet.net
===================================================================
--- core1.okccc.onenet.net (revision 110966)
+++ core1.okccc.onenet.net (working copy)
@@ -533,7 +533,7 @@
#lsi.1049852 up up
#lsi.1049853 up up
#lsi.1049854 up up
-#lsi.1050095 up up
+#lsi.1050103 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.lan-mx80.onenet.net
===================================================================
--- core1.lan-mx80.onenet.net (revision 110961)
+++ core1.lan-mx80.onenet.net (working copy)
@@ -269,7 +269,7 @@
#lsi.1060959 up up
#lsi.1060960 up up
#lsi.1060961 up up
-#lsi.1061202 up up
+#lsi.1061210 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: core1.nor.onenet.net
===================================================================
--- core1.nor.onenet.net (revision 110973)
+++ core1.nor.onenet.net (working copy)
@@ -451,7 +451,7 @@
#lsi.1057664 up up
#lsi.1057665 up up
#lsi.1057666 up up
-#lsi.1057907 up up
+#lsi.1057915 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 110964)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -622,7 +622,7 @@
#lsi.1068930 up up
#lsi.1068931 up up
#lsi.1068932 up up
-#lsi.1069173 up up
+#lsi.1069181 up up
#mtun up up
#pimd up up
#pime up up
Index: core2-okc-mx960.onenet.net
===================================================================
--- core2-okc-mx960.onenet.net (revision 110965)
+++ core2-okc-mx960.onenet.net (working copy)
@@ -606,7 +606,7 @@
#lsi.1060503 up up
#lsi.1060504 up up
#lsi.1060505 up up
-#lsi.1060746 up up
+#lsi.1060754 up up
#mtun up up
#pimd up up
#pime up up
Index: hub.mca.onenet.net
===================================================================
--- hub.mca.onenet.net (revision 110971)
+++ hub.mca.onenet.net (working copy)
@@ -295,7 +295,7 @@
#t1-2/0/2:5.0 up up
#t1-2/0/2:6 up up
#t1-2/0/2:6.0 up up
-#t1-2/0/2:7 up down
+#t1-2/0/2:7 up up
#t1-2/0/2:7.0 up down
#t1-2/0/2:8 up up
#t1-2/0/2:8.0 up up
Index: hub.mwc.onenet.net
===================================================================
--- hub.mwc.onenet.net (revision 110605)
+++ hub.mwc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MWC-MX80> show system commit
-# 2014-02-24 17:50:47 CST by rnordmark via cli
-# 2014-02-14 14:49:57 CST by rnordmark via cli
-# 2013-11-11 15:21:41 CST by rnordmark via cli
-# 2013-10-31 14:26:27 CDT by jeremyt via cli
-# 2013-09-05 11:30:08 CDT by donnie via cli
-# 2013-09-03 12:43:28 CDT by cjensen via cli
+# 2014-02-25 17:57:55 CST by jeremyt via cli
+# 2014-02-25 17:54:45 CST by jeremyt via cli
+# 2014-02-25 17:53:01 CST by jeremyt via cli
+# 2014-02-25 17:52:21 CST by jeremyt via cli commit confirmed, rollback in 5mins
+# 2014-02-25 17:50:48 CST by jeremyt via cli
+# 2014-02-25 17:48:30 CST by jeremyt via cli
# grnoc-mon at MWC-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -212,7 +212,7 @@
# grnoc-mon at MWC-MX80> show system uptime
# System booted: 2013-04-21 00:06 CDT
# Protocols started: 2013-04-21 00:07 CDT
-# Last configured: 2014-02-24 17:50 CST by rnordmark
+# Last configured: 2014-02-25 17:57 CST by jeremyt
#
# grnoc-mon at MWC-MX80> show interface terse
#Interface Admin Link
@@ -275,7 +275,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MWC-MX80> show configuration
-## Last commit: 2014-02-24 17:50:47 CST by rnordmark
+## Last commit: 2014-02-25 17:57:55 CST by jeremyt
version 11.4R7.5;
system {
host-name MWC-MX80;
@@ -287,7 +287,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -387,7 +387,7 @@
source-address 164.58.199.2;
}
ntp {
- server 164.58.3.98 prefer;
+ server 164.58.3.98;
}
}
chassis {
@@ -611,7 +611,40 @@
}
}
policy-options {
- prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list PRE-RADIUS-SOURCES {
+ apply-path "system radius-server <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-NTP-SOURCES {
+ 164.58.3.98/32;
+ apply-path "system ntp server <*>";
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-SNMP-SOURCES {
+ apply-path "snmp client-list snmp-management <1*>";
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-BGP-ALLOW {
+ apply-path "protocols bgp group <*> neighbor <*>";
+ }
+ prefix-list PRE-LDP-SOURCES {
+ 164.58.198.0/23;
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -698,112 +731,112 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
+ term SSH-ALLOW {
from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
}
protocol tcp;
- destination-port [ ssh http ];
+ destination-port ssh;
}
then accept;
}
+ term FIRST-FRAG {
+ from {
+ first-fragment;
+ }
+ then {
+ discard;
+ }
+ }
+ term NEXT-FRAG {
+ from {
+ is-fragment;
+ }
+ then {
+ discard;
+ }
+ }
term OSPF-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol ospf;
}
then accept;
}
- term EBGP-ALLOW {
+ term BGP-ALLOW {
from {
prefix-list {
- EBGP-IPV4-NEIGHBORS;
+ PRE-BGP-ALLOW;
}
protocol tcp;
port 179;
}
then accept;
}
- term IBGP-ALLOW {
+ term RADIUS-ALLOW {
from {
- source-address {
- 164.58.199.216/32;
- 164.58.199.226/32;
+ source-prefix-list {
+ PRE-RADIUS-SOURCES;
}
- protocol tcp;
- port 179;
+ protocol [ udp tcp ];
+ port [ radius radacct ];
}
then accept;
}
- term FIRST-FRAG {
+ term NTP-ALLOW {
from {
- first-fragment;
+ prefix-list {
+ PRE-NTP-SOURCES;
+ }
}
then {
- discard;
+ count NTP-COUNT;
+ accept;
}
}
- term NEXT-FRAG {
+ term DOMAIN-ALLOW {
from {
- is-fragment;
+ source-prefix-list {
+ PRE-DNS-SOURCES;
+ }
+ port domain;
}
- then {
- discard;
- }
- }
- term ICMP-ALLOW {
- from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
- }
then accept;
}
- term SERVICES-OUTBOUND {
+ term SYSLOG-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ port syslog;
}
then accept;
}
- term RADIUS {
+ term FTP-ALLOW {
from {
- source-address {
- 156.110.31.11/32;
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
}
- protocol [ udp tcp ];
- port [ radius radacct ];
+ port ftp;
}
then accept;
}
- term NTP {
+ term JSPACE-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
}
- protocol udp;
- port ntp;
+ source-port 7408;
}
then accept;
}
term SNMP-ALLOW {
from {
- source-address {
- 164.58.253.0/24;
- 156.110.31.0/27;
- 156.110.31.32/28;
+ source-prefix-list {
+ PRE-SNMP-SOURCES;
}
protocol [ tcp udp ];
port [ snmp snmptrap ];
@@ -812,19 +845,17 @@
}
term LDP-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LDP-SOURCES;
}
port ldp;
}
+ then accept;
}
term PIM-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol pim;
}
@@ -832,14 +863,21 @@
}
term BFD-ALLOW {
from {
- source-address {
- 164.58.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -847,6 +885,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
@@ -874,7 +926,9 @@
}
}
}
+# commit confirmed will be rolled back in 5 minutes
# grnoc-mon at MWC-MX80> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.245.197 ge-1/0/9.0 Full 164.58.199.214
#
+# # commit confirmed will be rolled back in 5 minutes
Index: core5.okc.onenet.net
===================================================================
--- core5.okc.onenet.net (revision 110969)
+++ core5.okc.onenet.net (working copy)
@@ -577,7 +577,7 @@
#lsi.1493338 up up
#lsi.1493339 up up
#lsi.1493340 up up
-#lsi.1493581 up up
+#lsi.1493589 up up
#lsi.1496838 up up
#lsi.2010116 up up
#mtun up up
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 110970)
+++ hub.mia.onenet.net (working copy)
@@ -443,7 +443,7 @@
#lsi.1054799 up up
#lsi.1054800 up up
#lsi.1054801 up up
-#lsi.1055042 up up
+#lsi.1055051 up up
#mtun up up
#pimd up up
#pime up up
More information about the Nocrancid
mailing list