[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Jun 11 15:02:22 CDT 2014
Index: configs/hub.chi.onenet.net
===================================================================
--- configs/hub.chi.onenet.net (revision 116892)
+++ configs/hub.chi.onenet.net (working copy)
@@ -308,7 +308,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down up
+#t1-2/0/2:24 down down
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: configs/core.dur.onenet.net
===================================================================
--- configs/core.dur.onenet.net (revision 116894)
+++ configs/core.dur.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at DURANT-MX480-RE0> show system commit
+# 2014-06-11 14:54:10 CDT by andrew via cli commit confirmed, rollback in 2mins synchronize
# 2014-06-11 12:56:44 CDT by donnie via cli commit confirmed, rollback in 2mins synchronize
# 2014-05-28 15:42:44 CDT by andrew via cli commit synchronize
# 2014-05-12 17:09:37 CDT by andrew via cli commit confirmed, rollback in 2mins synchronize
# 2014-04-21 15:12:08 CDT by andrew via cli commit synchronize
# 2014-04-15 14:26:08 CDT by joel via cli commit synchronize
-# 2014-04-15 14:08:21 CDT by joel via cli commit synchronize
# grnoc-mon at DURANT-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -246,7 +246,7 @@
# grnoc-mon at DURANT-MX480-RE0> show system uptime
# System booted: 2013-05-26 00:24 CDT
# Protocols started: 2013-05-26 00:27 CDT
-# Last configured: 2014-06-11 12:56 CDT by donnie
+# Last configured: 2014-06-11 14:54 CDT by andrew
#
# {master}
# grnoc-mon at DURANT-MX480-RE0> show interface terse
@@ -334,7 +334,7 @@
#pp0 up up
#tap up up
# grnoc-mon at DURANT-MX480-RE0> show configuration
-## Last commit: 2014-06-11 12:56:44 CDT by donnie
+## Last commit: 2014-06-11 14:54:10 CDT by andrew
version 11.4R7.5;
groups {
re0 {
@@ -825,6 +825,9 @@
address 127.0.0.1/32;
}
family inet6 {
+ filter {
+ input PROTECT-RE-V6;
+ }
address 2610:1d8::1c/128;
}
}
@@ -1101,6 +1104,34 @@
prefix-list PRE-L0-SOURCES {
apply-path "interfaces lo0 unit <*> family inet address <164.*>";
}
+ prefix-list PRE-BGPV6-ALLOW {
+ apply-path "protocols bgp group <*> neighbor <*>";
+ }
+ prefix-list PRE-DNSV6-ALLOW {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTPV6-ALLOW {
+ apply-path "system ntp server <*>";
+ }
+ prefix-list PRE-LOCALIPV6-ALLOW {
+ fe80::/64;
+ apply-path "interfaces <*> unit <*> family inet6 address <*>";
+ }
+ prefix-list PRE-L0V6-ALLOW {
+ apply-path "interfaces lo0 unit <*> family inet6 address <*>";
+ }
+ prefix-list PRE-SNMPV6-ALLOW {
+ apply-path "snmp client-list snmp-management <*>";
+ }
+ prefix-list PRE-RADIUSV6-ALLOW {
+ apply-path "system radius-server <*>";
+ }
+ prefix-list PRE-SSHV6-ALLOW {
+ apply-path "interfaces <*> unit <62> family inet6 address <*>";
+ }
+ prefix-list PRE-MGMTV6-ALLOW {
+ 2610:1d8::/40;
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1566,6 +1597,159 @@
}
}
}
+ family inet6 {
+ filter PROTECT-RE-V6 {
+ term FRAGV6 {
+ from {
+ next-header fragment;
+ }
+ then discard;
+ }
+ term ICMPV6 {
+ from {
+ next-header icmpv6;
+ }
+ then {
+ policer 500K-POL;
+ accept;
+ }
+ }
+ term TRACEROUTE-UDPV6 {
+ from {
+ next-header udp;
+ destination-port 33435-33450;
+ hop-limit 1;
+ }
+ then {
+ policer 500K-POL;
+ accept;
+ }
+ }
+ term OSPF3V6-IPSEC {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPV6-ALLOW;
+ }
+ next-header [ ah esp ];
+ }
+ then accept;
+ }
+ term OSPF3V6 {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPV6-ALLOW;
+ }
+ next-header ospf;
+ }
+ then accept;
+ }
+ term BGPV6 {
+ from {
+ source-prefix-list {
+ PRE-BGPV6-ALLOW;
+ }
+ next-header tcp;
+ port bgp;
+ }
+ then accept;
+ }
+ term LDPV6 {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPV6-ALLOW;
+ }
+ port ldp;
+ }
+ then accept;
+ }
+ term PIMV6 {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPV6-ALLOW;
+ }
+ next-header pim;
+ }
+ then accept;
+ }
+ term BFDV6 {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPV6-ALLOW;
+ }
+ next-header udp;
+ port [ 3784 3785 ];
+ }
+ then accept;
+ }
+ term DNSV6 {
+ from {
+ source-prefix-list {
+ PRE-DNSV6-ALLOW;
+ }
+ next-header [ udp tcp ];
+ port domain;
+ }
+ then accept;
+ }
+ term NTPV6 {
+ from {
+ source-prefix-list {
+ PRE-NTPV6-ALLOW;
+ PRE-L0V6-ALLOW;
+ }
+ next-header udp;
+ port ntp;
+ }
+ then accept;
+ }
+ term SSHV6 {
+ from {
+ source-prefix-list {
+ PRE-MGMTV6-ALLOW;
+ PRE-SSHV6-ALLOW;
+ }
+ next-header tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMPV6 {
+ from {
+ source-prefix-list {
+ PRE-SNMPV6-ALLOW;
+ }
+ next-header udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term RADIUSV6 {
+ from {
+ source-prefix-list {
+ PRE-RADIUSV6-ALLOW;
+ }
+ next-header udp;
+ port [ 1812 1813 ];
+ }
+ then accept;
+ }
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then discard;
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
+ term DENY-ALL {
+ then discard;
+ }
+ }
+ }
policer 50M-POL {
if-exceeding {
bandwidth-limit 50m;
@@ -1580,6 +1764,13 @@
}
then discard;
}
+ policer 500K-POL {
+ if-exceeding {
+ bandwidth-limit 500k;
+ burst-size-limit 50k;
+ }
+ then discard;
+ }
}
routing-instances {
ONENET-PS_NET-L3VPN {
Index: configs/rpswi1.rp3f2.onenet.net
===================================================================
--- configs/rpswi1.rp3f2.onenet.net (revision 116896)
+++ configs/rpswi1.rp3f2.onenet.net (working copy)
@@ -17,7 +17,10 @@
!BootFlash: CONFIG_FILE variable does not exist
!BootFlash: BOOTLDR variable does not exist
!BootFlash: Configuration register is 0x2101
-!BootFlash: Standby not ready to show bootvar
+!BootFlash: Standby BOOT variable = bootflash:cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin,1;
+!BootFlash: Standby CONFIG_FILE variable does not exist
+!BootFlash: Standby BOOTLDR variable does not exist
+!BootFlash: Standby Configuration register is 0x2101
!
!show flash
!Slot 1: type 10/100/1000BaseT UPOE E Series, 48 ports
@@ -40,6 +43,10 @@
!Slot 5: part WS-X45-SUP8-E, serial CAT1748L5S8
!Slot 5: hvers 1.0, firmware 15.1(1r)SG1 03.03.00.XO, sw Ok
!
+!Slot 6: type Sup 8-E 10GE (SFP+), 1000BaseX (SFP), 8 ports
+!Slot 6: part WS-X45-SUP8-E, serial CAT1748L8KX
+!Slot 6: hvers 1.0, firmware 15.1(1r)SG1 03.03.00.XO, sw Ok
+!
!Slot 7: type 10/100/1000BaseT UPOE E Series, 48 ports
!Slot 7: part WS-X4748-UPOE+E, serial CAT1747L4L5
!Slot 7: hvers 1.1, firmware, sw Ok
Index: configs/hub.mca.onenet.net
===================================================================
--- configs/hub.mca.onenet.net (revision 116896)
+++ configs/hub.mca.onenet.net (working copy)
@@ -292,7 +292,7 @@
#t1-2/0/2:3.0 up up
#t1-2/0/2:4 up up
#t1-2/0/2:4.0 up up
-#t1-2/0/2:5 up down
+#t1-2/0/2:5 up up
#t1-2/0/2:5.0 up down
#t1-2/0/2:6 up up
#t1-2/0/2:6.0 up up
More information about the Nocrancid
mailing list