[Nocrancid] autopop-onenet.net/core.odmhsas-okc.onenet.net[0] router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Aug 21 12:16:12 CDT 2015
Index: configs/core.odmhsas-okc.onenet.net
===================================================================
--- configs/core.odmhsas-okc.onenet.net (revision 130992)
+++ configs/core.odmhsas-okc.onenet.net (working copy)
@@ -0,0 +1,1313 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show system commit
+# 2015-08-20 11:39:44 CDT by andrew via cli commit confirmed, rollback in 3mins
+# 2015-08-10 22:53:24 CDT by andrew via cli
+# 2015-08-10 16:20:18 CDT by andrew via cli
+# 2015-08-10 15:48:55 CDT by andrew via cli
+# 2015-08-10 15:22:13 CDT by andrew via cli
+# 2015-08-10 10:14:28 CDT by andrew via cli
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis environment
+# Class Item Status Measurement
+# Temp PEM 0 OK
+# PEM 1 OK
+# ABB 0 Intake OK
+# ABB 0 Exhaust A OK
+# ABB 0 Exhaust B OK
+# ABB 1 Intake Absent
+# ABB 1 Exhaust A Absent
+# ABB 1 Exhaust B Absent
+# Routing Engine 0 OK
+# Routing Engine 0 CPU OK
+# Routing Engine 1 Absent
+# Routing Engine 1 CPU Absent
+# AFEB 0 AFEB Processor OK
+# AFEB 0 LU Temp OK
+# AFEB 0 MQ Temp OK
+# AFEB 0 QX Temp OK
+# Fans Fan 1 OK
+# Fan 2 OK
+# Fan 3 OK
+# Fan 4 OK
+# Fan 5 OK
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis firmware
+# Part Type Version
+# FPC 0 ROM Juniper ROM Monitor Version 13.1b24
+# O/S Version 13.3R6.5 by builder on 2015-03-26 1
+# FPC 1 ROM Juniper ROM Monitor Version 13.1b24
+# O/S Version 13.3R6.5 by builder on 2015-03-26 1
+# FPC 2 ROM Juniper ROM Monitor Version 13.1b24
+# O/S Version 13.3R6.5 by builder on 2015-03-26 1
+# AFEB ROM Juniper ROM Monitor Version 13.1b24
+# O/S Version 13.3R6.5 by builder on 2015-03-26 1
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 2048 MB
+# Total SRAM 403 MB
+# Total SDRAM 1316 MB
+# Slot 1 information:
+# State Online
+# Total CPU DRAM 2048 MB
+# Total SRAM 403 MB
+# Total SDRAM 1316 MB
+# Slot 2 information:
+# State Online
+# Total CPU DRAM 2048 MB
+# Total SRAM 403 MB
+# Total SDRAM 1316 MB
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis H9077 MX104
+# Midplane REV 49 750-044219 CADP5335 MX104
+# PEM 0 REV 04 740-045933 1H175050296 AC Power Entry Module
+# PEM 1 REV 04 740-045933 1H174190205 AC Power Entry Module
+# Routing Engine 0 REV 07 750-053342 CAEA6737 RE-MX-104
+# AFEB 0 BUILTIN BUILTIN Forwarding Engine Processor
+# FPC 0 BUILTIN BUILTIN MPC BUILTIN
+# MIC 0 REV 11 750-049846 CADY3525 3D 20x 1GE(LAN)-E,SFP
+# PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) -E SFP
+# Xcvr 0 REV 02 740-013111 D499289 SFP-T
+# Xcvr 1 REV 02 740-013111 D446323 SFP-T
+# Xcvr 2 REV 02 740-013111 D498213 SFP-T
+# Xcvr 3 REV 02 740-013111 D446379 SFP-T
+# Xcvr 4 REV 02 740-013111 D499260 SFP-T
+# Xcvr 5 REV 02 740-013111 D458974 SFP-T
+# Xcvr 6 REV 02 740-013111 D458996 SFP-T
+# PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) -E SFP
+# Xcvr 7 REV 02 740-013111 D458782 SFP-T
+# Xcvr 8 REV 02 740-013111 D480275 SFP-T
+# Xcvr 9 REV 01 740-011613 USOSX25280 SFP-SX
+# FPC 1 BUILTIN BUILTIN MPC BUILTIN
+# FPC 2 BUILTIN BUILTIN MPC BUILTIN
+# MIC 0 BUILTIN BUILTIN 4x 10GE(LAN) SFP+
+# PIC 0 BUILTIN BUILTIN 4x 10GE(LAN) SFP+
+# Fan Tray 0 REV 03 711-049570 CADP1517 Fan Tray
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Midplane REV 49 750-044219 CADP5335 CHAS-MX104-S
+# PEM 0 REV 04 740-045933 1H175050296 PWR-MX104-AC-S
+# PEM 1 REV 04 740-045933 1H174190205 PWR-MX104-AC-S
+# Routing Engine 0 REV 07 750-053342 CAEA6737 RE-S-MX104-S
+# AFEB 0 BUILTIN BUILTIN
+# FPC 0 BUILTIN BUILTIN
+# MIC 0 REV 11 750-049846 CADY3525 MIC-3D-20GE-SFP-E
+# FPC 1 BUILTIN BUILTIN
+# FPC 2 BUILTIN BUILTIN
+# Fan Tray 0 REV 03 711-049570 CADP1517 FANTRAY-MX104-S
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# Election priority Master (default)
+# DRAM 3968 MB (4096 MB installed)
+# Serial ID CAEA6737
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis scb
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis sfm detail
+# grnoc-mon at ODMHSAS-OKC-MX104> show chassis ssb
+# grnoc-mon at ODMHSAS-OKC-MX104> show system boot-messages
+# platform_early_bootinit: MX-PPC Series Early Boot Initialization
+# mxppc_set_re_type: hw.board.type is MX104
+# WDOG initialized
+# Copyright (c) 1996-2015, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2007 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD is a registered trademark of The FreeBSD Foundation.
+# WARNING: debug.mpsafenet forced to 0 as ipsec requires Giant
+# Timecounter "decrementer" frequency 37500000 Hz quality 0
+# cpu0: Freescale e5500 core revision 1.2
+# cpu0: HID0 c0000080<EMCP,EN_L2MMU_MHD,EN_MAS7_UPDATE>
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing M/T/EX platform properties ..
+# nexus0: <Powerpc Nexus device>
+# ocpbus0: <on-chip peripheral bus> on nexus0
+# openpic0: <OpenPIC in on-chip peripheral bus> iomem 0xfe040000-0xfe06ffff on ocpbus0
+# uart0: <16550 or compatible> iomem 0xfe11c500-0xfe11c50f irq 52 on ocpbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> iomem 0xfe11c600-0xfe11c60f irq 52 on ocpbus0
+# lbc0: <Freescale Local Bus Controller> iomem 0xfe124000-0xfe12410f,0xff000000-0xffffffff irq 16,17,18 on ocpbus0
+# uart2: <16750 or compatible> iomem 0xff600000-0xff600fff on lbc0
+# uart3: <16750 or compatible> iomem 0xff500000-0xff500fff on lbc0
+# cfi0: <AMD/Fujitsu - 8MB> iomem 0xffc00000-0xffffffff on lbc0
+# amxbcpld0: <MX104 Bootcpld> iomem 0xff700000-0xff700fff on lbc0
+# amxbcpld0: MX104 Bootcpld Ver 1 Rev 13 (Built 1-5-13)
+# i2c0: <MPC85XX OnChip i2c Controller> iomem 0xfe118000-0xfe118014 irq 54 on ocpbus0
+# i2c1: <MPC85XX OnChip i2c Controller> iomem 0xfe118100-0xfe118114 irq 54 on ocpbus0
+# i2c2: <MPC85XX OnChip i2c Controller> iomem 0xfe119000-0xfe119014 irq 55 on ocpbus0
+# i2c3: <MPC85XX OnChip i2c Controller> iomem 0xfe119100-0xfe119114 irq 55 on ocpbus0
+# ehci0: <Frescale Integrated USB 2.0 controller> iomem 0xfe210000-0xfe210fff irq 60 on ocpbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Freescale EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: SMSC USB2513Bi, class 9/0, rev 2.00/b.a0, addr 2
+# uhub1: multiple transaction translators
+# uhub1: 3 ports with 3 removable, self powered
+# umass0: ATP Electronics AF8GSSGH-JP4, rev 2.00/11.00, addr 3
+# umass0: SCSI over Bulk-Only; quirks = 0x0000
+# umass0:0:0:-1: Attached to scbus0
+# bman0 iomem 0xfe31a000-0xfe31afff,0xfd800000-0xfd803fff,0xfd804000-0xfd804fff irq 32,121,123,125,127,129,131,133,135,137,139 on ocpbus0
+# bman0: Hardware version: 1.0.
+# qman0 iomem 0xfe318000-0xfe318fff,0xfd808000-0xfd80bfff,0xfd80c000-0xfd80cfff irq 32,120,122,124,126,128,130,132,134,136,138 on ocpbus0
+# qman0: Hardware version: 1.2.
+# fman0 iomem 0xfe400000-0xfe4fffff irq 112,32 on ocpbus0
+# fman0: Hardware version: 3.0.
+# dtsec0 on fman0
+# dtsec0: Configured for independent mode.
+# dtsec0: hardware MAC address 02:00:ff:00:00:04
+# dtsec1 on fman0
+# dtsec1: Configured for independent mode.
+# dtsec1: hardware MAC address 02:00:00:00:00:04
+# dtsec2 on fman0
+# dtsec2: Configured for independent mode.
+# dtsec2: hardware MAC address 02:00:01:00:00:04
+# dtsec3 on fman0
+# dtsec3: Configured for independent mode.
+# dtsec3: hardware MAC address 44:f4:77:a9:62:47
+# miibus0: <MII bus> on dtsec3
+# e1000phy0: <Marvell 88E1111 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# Initializing product: 152 ..
+# Setting up M/T interface operations and attributes
+# platform_cookie_read not implemented
+# Initializing MX-PPC platform mastership..
+# Loading Redundant LT driver
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ATP AF8GSSGH-JP4 1100> Fixed Direct Access SCSI-4 device
+# da0: 40.000MB/s transfers
+# da0: 7678MB (15724544 512 byte sectors: 255H 63S/T 978C)
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+# WARNING: /mnt was not properly dismounted
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show version
+# Hostname: ODMHSAS-OKC-MX104 # Model: mx104 # Junos: 13.3R6.5 # JUNOS Base OS boot [13.3R6.5] # JUNOS Base OS Software Suite [13.3R6.5] # JUNOS Kernel Software Suite [13.3R6.5] # JUNOS Crypto Software Suite [13.3R6.5] # JUNOS Packet Forwarding Engine Support (MX104) [13.3R6.5] # JUNOS Online Documentation [13.3R6.5] # JUNOS Services Application Level Gateways [13.3R6.5] # JUNOS Services Jflow Container package [13.3R6.5] # JUNOS Services Stateful Firewall [13.3R6.5] # JUNOS Services NAT [13.3R6.5] # JUNOS Services RPM [13.3R6.5] # JUNOS Services Crypto [13.3R6.5] # JUNOS Services SSL [13.3R6.5] # JUNOS Services IPSec [13.3R6.5] # JUNOS Routing Software Suite [13.3R6.5] # # grnoc-mon at ODMHSAS-OKC-MX104> file list /var/tmp detail #
+# /var/tmp:
+# total blocks: 1001096
+# -rw-r--r-- 1 root field 30 Dec 31 2009 ex.txt
+# drwxr-xr-x 2 root field 512 Dec 31 2009 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Dec 31 2009 install/
+# -rwxr-xr-x 1 root field 256095290 Mar 17 13:12 jinstall-ppc-13.3R4.6-domestic-signed.tgz*
+# -rw-r----- 1 eng field 256266846 May 23 11:38 jinstall-ppc-13.3R6.5-domestic-signed.tgz
+# drwxrwxrwx 2 root wheel 512 Dec 31 2009 pics/
+# -r--r--r-- 1 root field 237 May 23 12:31 preinstall_boot_loader.conf
+# drwxr-xr-x 2 root field 512 Dec 31 2009 rtsdb/
+# -rw-r----- 1 root field 1424 Dec 31 2009 sampled.pkts
+# drwxrwxrwt 2 root wheel 512 Dec 31 2009 vi.recover/
+# total files: 5
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show system uptime
+# System booted: 2015-05-23 14:42 CDT
+# Protocols started: 2015-05-23 14:44 CDT
+# Last configured: 2015-08-20 11:39 CDT by andrew
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#lc-0/0/0 up up
+#lc-0/0/0.32769 up up
+#pfe-0/0/0 up up
+#pfe-0/0/0.16383 up up
+#pfh-0/0/0 up up
+#pfh-0/0/0.16383 up up
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
+#ge-0/0/2 up up
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
+#ge-0/0/6 up up
+#ge-0/0/6.0 up up
+#ge-0/0/7 up down
+#ge-0/0/8 up down
+#ge-0/0/9 up down
+#ge-0/1/0 up down
+#ge-0/1/1 up down
+#ge-0/1/2 up down
+#ge-0/1/3 up down
+#ge-0/1/4 up down
+#ge-0/1/5 up down
+#ge-0/1/6 up down
+#ge-0/1/7 down down
+#ge-0/1/8 up up
+#ge-0/1/8.6 up up
+#ge-0/1/8.9 up up
+#ge-0/1/8.32767 up up
+#ge-0/1/9 up up
+#ge-0/1/9.500 up up
+#ge-0/1/9.32767 up up
+#cbp0 up up
+#demux0 up up
+#dsc up up
+#em0 up up
+#em0.0 up up
+#em1 up up
+#fxp0 down down
+#gre up up
+#ipip up up
+#irb up up
+#irb.10 up down
+#irb.20 up down
+#irb.30 up down
+#irb.40 up down
+#irb.50 up down
+#irb.90 up down
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lsi up up
+#lsi.0 up up
+#me0 up up
+#mtun up up
+#pimd up up
+#pime up up
+#pip0 up up
+#pp0 up up
+#tap up up
+# grnoc-mon at ODMHSAS-OKC-MX104> show configuration
+## Last commit: 2015-08-20 11:39:44 CDT by andrew
+version 13.3R6.5;
+system {
+ host-name ODMHSAS-OKC-MX104;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.199.85;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 1440;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ }
+ services {
+ ftp;
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ web-management {
+ http;
+ }
+ }
+ syslog {
+ archive size 10m files 20;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file default-log-messages {
+ any info;
+ match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
+ structured-data;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 164.58.199.85;
+ }
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ routing-engine {
+ on-disk-failure disk-failure-action reboot;
+ }
+ afeb {
+ slot 0 {
+ sampling-instance JFLOW-1;
+ }
+ }
+ network-services all-ethernet;
+}
+services {
+ flow-monitoring {
+ version-ipfix {
+ template ipv4 {
+ flow-active-timeout 60;
+ flow-inactive-timeout 60;
+ ipv4-template;
+ }
+ template IP-V4 {
+ flow-active-timeout 60;
+ flow-inactive-timeout 60;
+ template-refresh-rate {
+ packets 1000;
+ seconds 10;
+ }
+ option-refresh-rate {
+ packets 1000;
+ seconds 10;
+ }
+ ipv4-template;
+ }
+ }
+ }
+}
+security {
+ ipsec {
+ security-association OneNet-OSPF3-AUTH {
+ mode transport;
+ manual {
+ direction bidirectional {
+ protocol ah;
+ spi 256;
+ authentication {
+ algorithm hmac-md5-96;
+ key ascii-text "$9$dos4JTQ3At0vWNVbsaJ5Qz6Au1RcSlv7-GDiHPfEhSyMLwsg"; ## SECRET-DATA
+ }
+ }
+ }
+ }
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "ODMHSAS Central Site Internet [NO-MONITOR]";
+ unit 0 {
+ family inet {
+ address 156.110.27.61/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "ODMHSAS Central Site MPLS [NO-MONITOR]";
+ unit 0 {
+ family inet {
+ address 10.119.20.100/31;
+ }
+ }
+ }
+ ge-0/0/2 {
+ description "SERVER IN [NO-MONITOR]";
+ }
+ ge-0/0/3 {
+ description "SERVER OUT [NO-MONITOR]";
+ unit 0 {
+ family bridge {
+ interface-mode trunk;
+ vlan-id-list [ 10 20 30 40 50 90 ];
+ }
+ }
+ }
+ ge-0/0/4 {
+ description "SERVERS OUTSIDE FIREWALL [NO-MONITOR]";
+ }
+ ge-0/0/5 {
+ description "MPLS to Legacy Wan [NO-MONITOR]";
+ unit 0 {
+ family inet {
+ address 10.119.20.53/30;
+ }
+ }
+ }
+ ge-0/0/6 {
+ description "OLD SERVERS TO NORMAN [NO-MONITOR]";
+ unit 0 {
+ family inet {
+ address 10.2.11.218/16;
+ }
+ }
+ }
+ ge-0/1/7 {
+ disable;
+ }
+ ge-0/1/8 {
+ description "COX to Norman [NO-MONITOR]";
+ flexible-vlan-tagging;
+ native-vlan-id 9;
+ mtu 9192;
+ encapsulation flexible-ethernet-services;
+ unit 6 {
+ vlan-id 6;
+ family inet {
+ mtu 1528;
+ address 164.58.244.255/31;
+ }
+ family mpls {
+ mtu 1516;
+ }
+ }
+ unit 9 {
+ vlan-id 9;
+ family inet {
+ mtu 1500;
+ address 192.168.230.1/30;
+ }
+ }
+ }
+ ge-0/1/9 {
+ description "CORE 1GE to swi1.dhs-mid-okc ge-0/1/1 | OneNet-OKL110DHS-OKL120ODM-GE-6219";
+ flexible-vlan-tagging;
+ mtu 9192;
+ encapsulation flexible-ethernet-services;
+ unit 500 {
+ description "CORE 1GE to core5.okc ge-0/2/2 | OneNet-OKC-OKL120ODM-GE-6219";
+ vlan-id 500;
+ family inet {
+ mtu 9000;
+ address 164.58.244.147/31;
+ }
+ family mpls;
+ }
+ }
+ fxp0 {
+ disable;
+ }
+ irb {
+ unit 10 {
+ description "Central Office Voice [NO-MONITOR]";
+ family inet {
+ address 10.190.0.1/23;
+ }
+ }
+ unit 20 {
+ description "Central Office Data [NO-MONITOR]";
+ family inet {
+ address 10.191.0.1/23;
+ }
+ }
+ unit 30 {
+ description "Central Office Video [NO-MONITOR]";
+ family inet {
+ address 10.192.0.1/23;
+ }
+ }
+ unit 40 {
+ description "Central Office Guest [NO-MONITOR]";
+ family inet {
+ address 10.193.0.1/23;
+ }
+ }
+ unit 50 {
+ description "Central Office Mgmt [NO-MONITOR]";
+ family inet {
+ address 10.194.0.1/23;
+ }
+ }
+ unit 90 {
+ description "Central Office Servers [NO-MONITOR]";
+ family inet {
+ address 10.195.0.1/23;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ address 164.58.199.85/32;
+ }
+ family inet6 {
+ address 2610:1d8::164:58:199:85/128;
+ }
+ }
+ }
+}
+snmp {
+ description "NetGroup 1-888-566-3638";
+ location "Oklahoma Department of Mental Health Substance Abuse Services - OKC";
+ contact "OneNet Netgroup";
+ client-list snmp-management {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 0.0.0.0/0 {
+ restrict;
+ }
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+ trap-options {
+ source-address 164.58.199.85;
+ }
+ trap-group "<removed>" {
+ version v2;
+ targets {
+ 164.58.253.34;
+ 164.58.253.35;
+ }
+ }
+}
+forwarding-options {
+ sampling {
+ instance {
+ JFLOW-1 {
+ input {
+ rate 1000;
+ }
+ family inet {
+ output {
+ flow-inactive-timeout 60;
+ flow-active-timeout 60;
+ flow-server 164.58.253.36 {
+ port 9081;
+ autonomous-system-type origin;
+ no-local-dump;
+ version-ipfix {
+ template {
+ ipv4;
+ }
+ }
+ }
+ inline-jflow {
+ source-address 164.58.199.85;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+routing-options {
+ static {
+ route 192.0.2.1/32 {
+ discard;
+ no-readvertise;
+ }
+ }
+ router-id 164.58.199.85;
+ autonomous-system 5078;
+ forwarding-table {
+ export LOAD-BALANCE;
+ }
+}
+protocols {
+ mpls {
+ interface lo0.0;
+ interface ge-0/1/9.500;
+ interface ge-0/1/8.6;
+ }
+ bgp {
+ group CORE-RR-OKC-V4 {
+ type internal;
+ local-address 164.58.199.85;
+ family inet {
+ any;
+ }
+ family inet-vpn {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+# authentication-key <removed>;
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.216 {
+ description OKC-CORE6-IBGP-V4;
+ }
+ }
+ group CORE-RR-TUL-V4 {
+ type internal;
+ local-address 164.58.199.85;
+ family inet {
+ any;
+ }
+ family inet-vpn {
+ unicast;
+ }
+ family inet6-vpn {
+ unicast;
+ }
+ family l2vpn {
+ signaling;
+ }
+# authentication-key <removed>;
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 164.58.199.226 {
+ description TUL-CORE6-IBGP-V4;
+ }
+ }
+ group CORE-RR-OKC-V6 {
+ type internal;
+ local-address 2610:1d8::164:58:199:85;
+ family inet6 {
+ any;
+ }
+# authentication-key <removed>;
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 2610:1d8::164:58:199:216 {
+ description OKC-CORE6-IBGP-V6;
+ }
+ }
+ group CORE-RR-TUL-V6 {
+ type internal;
+ local-address 2610:1d8::164:58:199:85;
+ family inet6 {
+ any;
+ }
+# authentication-key <removed>;
+ export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+ peer-as 5078;
+ neighbor 2610:1d8::164:58:199:226 {
+ description TUL-CORE6-IBGP-V6;
+ }
+ }
+ group EBGP-ODMHSAS-OKC {
+ type external;
+ import EBGP-ODMHSAS-OKC-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-ODMHSAS-OKC-EXPORT;
+ peer-as 64576;
+ bfd-liveness-detection {
+ minimum-interval 2000;
+ multiplier 3;
+ }
+ neighbor 156.110.27.62 {
+ description "ODMHSAS-OKC-CENTRAL-SITE-CIR000XXXX [NO-MONITOR]";
+# authentication-key <removed>;
+ }
+ }
+ }
+ ospf {
+ reference-bandwidth 100g;
+ area 0.0.0.0 {
+ interface lo0.0 {
+ passive;
+ }
+ interface fxp0.0 {
+ disable;
+ }
+ interface ge-0/1/9.500 {
+ metric 100;
+ authentication {
+ md5 7 key "$9$.mQF/Cu01hCAhrevN-ikq.T39ApOIcFnA0BIcS"; ## SECRET-DATA
+ }
+ }
+ interface ge-0/1/8.6 {
+ metric 65535;
+ authentication {
+ md5 7 key "$9$M/QW7-wYoaGiY2i.P5/9lKvMxds24JUH-V2aZUHk"; ## SECRET-DATA
+ }
+ }
+ }
+ }
+ ospf3 {
+ reference-bandwidth 100g;
+ area 0.0.0.0 {
+ interface lo0.0 {
+ passive;
+ }
+ interface ge-0/1/9.500 {
+ ipsec-sa OneNet-OSPF3-AUTH;
+ }
+ }
+ }
+ ldp {
+ preference 255;
+ track-igp-metric;
+ interface ge-0/1/8.6;
+ interface ge-0/1/9.500;
+ interface lo0.0;
+ }
+ lldp {
+ interface ge-0/1/9;
+ }
+}
+policy-options {
+ prefix-list PRE-LDP-SOURCES {
+ 10.199.0.0/16;
+ 164.58.198.0/23;
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 10.119.20.52/30;
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-RADIUS-SOURCES {
+ apply-path "system radius-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-SNMP-SOURCES {
+ apply-path "snmp client-list snmp-management <1*>";
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-BGP-ALLOW {
+ apply-path "protocols bgp group <*> neighbor <*>";
+ }
+ prefix-list PRE-BGP-RI-ALLOW {
+ apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>";
+ }
+ prefix-list PRE-L0-SOURCES {
+ apply-path "interfaces lo0 unit <*> family inet address <164.*>";
+ }
+ policy-statement EBGP-ODMHSAS-L3VPN-HEADEND-EXPORT {
+ term EXPORT {
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ODMHSAS-L3VPN-HEADEND-IMPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term ROUTES {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 192.168.100.0/24 exact;
+ route-filter 192.168.101.0/24 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ODMHSAS-OKC-EXPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ODMHSAS-OKC-IMPORT {
+ term IMPORT {
+ from {
+ route-filter 164.58.58.128/26 exact;
+ route-filter 156.110.130.64/29 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement LOAD-BALANCE {
+ then {
+ load-balance per-packet;
+ }
+ }
+ policy-statement ODMHSAS-VRF-EXPORT {
+ term 1 {
+ from protocol static;
+ then {
+ community add ODMHSAS-VPN;
+ accept;
+ }
+ }
+ term 2 {
+ from protocol direct;
+ then {
+ community add ODMHSAS-VPN;
+ accept;
+ }
+ }
+ term 3 {
+ from protocol bgp;
+ then {
+ community add ODMHSAS-VPN;
+ accept;
+ }
+ }
+ }
+ policy-statement ODMHSAS-VRF-IMPORT {
+ term 1 {
+ from {
+ protocol bgp;
+ community ODMHSAS-VPN;
+ }
+ then accept;
+ }
+ term 2 {
+ then reject;
+ }
+ }
+ policy-statement REDISTRIBUTE-DIRECTS {
+ term 1 {
+ from protocol direct;
+ then {
+ community add ODMHSAS-OKC;
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+ }
+ policy-statement REDISTRIBUTE-STATICS {
+ term 1 {
+ from protocol static;
+ then {
+ community add ODMHSAS-OKC;
+ accept;
+ }
+ }
+ }
+ community ODMHSAS-OKC members 5078:9085;
+ community ODMHSAS-VPN members target:5078:2559;
+}
+class-of-service {
+ classifiers {
+ dscp dscp-default {
+ import default;
+ }
+ }
+ forwarding-classes {
+ class data queue-num 0;
+ class voice queue-num 1;
+ class video queue-num 2;
+ class network-control queue-num 3;
+ }
+ interfaces {
+ all {
+ scheduler-map sch-map;
+ unit * {
+ classifiers {
+ dscp dscp-default;
+ }
+ }
+ }
+ }
+ scheduler-maps {
+ sch-map {
+ forwarding-class data scheduler data-sch;
+ forwarding-class voice scheduler voice-sch;
+ forwarding-class video scheduler video-sch;
+ forwarding-class network-control scheduler network-control-sch;
+ }
+ }
+ schedulers {
+ data-sch {
+ transmit-rate {
+ remainder;
+ }
+ buffer-size {
+ remainder;
+ }
+ priority low;
+ }
+ voice-sch {
+ transmit-rate percent 5;
+ buffer-size percent 5;
+ priority high;
+ }
+ video-sch {
+ transmit-rate percent 5;
+ buffer-size percent 5;
+ priority high;
+ }
+ network-control-sch {
+ transmit-rate percent 5;
+ buffer-size percent 5;
+ priority high;
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term FIRST-FRAG {
+ from {
+ first-fragment;
+ }
+ then {
+ discard;
+ }
+ }
+ term NEXT-FRAG {
+ from {
+ is-fragment;
+ }
+ then {
+ discard;
+ }
+ }
+ term OSPF-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol ospf;
+ }
+ then accept;
+ }
+ term BGP-ALLOW {
+ from {
+ prefix-list {
+ PRE-BGP-ALLOW;
+ PRE-BGP-RI-ALLOW;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term RADIUS-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-RADIUS-SOURCES;
+ }
+ protocol [ udp tcp ];
+ port [ radius radacct ];
+ }
+ then accept;
+ }
+ term NTP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-NTP-SOURCES;
+ PRE-L0-SOURCES;
+ }
+ protocol udp;
+ port ntp;
+ }
+ then accept;
+ }
+ term DOMAIN-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-DNS-SOURCES;
+ }
+ port domain;
+ }
+ then accept;
+ }
+ term SYSLOG-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ port syslog;
+ }
+ then accept;
+ }
+ term FTP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ port ftp;
+ }
+ then accept;
+ }
+ term JSPACE-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ source-port 7408;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-SNMP-SOURCES;
+ }
+ protocol [ tcp udp ];
+ port [ snmp snmptrap ];
+ }
+ then accept;
+ }
+ term LDP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-LDP-SOURCES;
+ }
+ port ldp;
+ }
+ then accept;
+ }
+ term PIM-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol pim;
+ }
+ then accept;
+ }
+ term BFD-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ port [ 3784 3785 ];
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
+ term DENY_ALL {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+routing-instances {
+ ODMHSAS-L3VPN {
+ description ODMHSAS-L3VPN;
+ instance-type vrf;
+ interface ge-0/0/1.0;
+ interface ge-0/0/5.0;
+ interface irb.10;
+ interface irb.20;
+ interface irb.30;
+ interface irb.40;
+ interface irb.50;
+ interface irb.90;
+ route-distinguisher 164.58.199.85:2559;
+ vrf-import ODMHSAS-VRF-IMPORT;
+ vrf-export ODMHSAS-VRF-EXPORT;
+ vrf-target target:5078:2559;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 128.212.227.0/24 next-hop 10.119.20.54;
+ route 128.212.228.0/25 next-hop 10.119.20.54;
+ route 192.168.176.0/20 next-hop 10.119.20.54;
+ route 10.0.0.0/8 next-hop 10.119.20.54;
+ }
+ }
+ protocols {
+ bgp {
+ group EBGP-ODMHSAS-OKC-HEADEND {
+ type external;
+ import EBGP-ODMHSAS-L3VPN-HEADEND-IMPORT;
+ family inet {
+ unicast {
+ loops 2;
+ }
+ }
+ export EBGP-ODMHSAS-L3VPN-HEADEND-EXPORT;
+ peer-as 64576;
+ local-as 64575 loops 2 no-prepend-global-as;
+ bfd-liveness-detection {
+ minimum-interval 2000;
+ multiplier 3;
+ }
+ as-override;
+ neighbor 10.119.20.101 {
+ description "EBGP-ODMHSAS-CENTRAL-SITE-CIR000XXXX [NO-MONITOR]";
+# authentication-key <removed>;
+ }
+ }
+ }
+ }
+ }
+ ODMHSAS-OKC-NOR {
+ instance-type virtual-router;
+ interface ge-0/0/6.0;
+ interface ge-0/1/8.9;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.2.5.50;
+ route 10.1.0.0/16 next-hop 192.168.230.2;
+ }
+ }
+ }
+}
+bridge-domains {
+ vlan-10 {
+ vlan-id 10;
+ routing-interface irb.10;
+ }
+ vlan-20 {
+ vlan-id 20;
+ routing-interface irb.20;
+ }
+ vlan-30 {
+ vlan-id 30;
+ routing-interface irb.30;
+ }
+ vlan-40 {
+ vlan-id 40;
+ routing-interface irb.40;
+ }
+ vlan-50 {
+ vlan-id 50;
+ routing-interface irb.50;
+ }
+ vlan-90 {
+ vlan-id 90;
+ routing-interface irb.90;
+ }
+}
+# grnoc-mon at ODMHSAS-OKC-MX104> show ospf neighbor
+# Address Interface State ID Pri Dead
+# 164.58.244.254 ge-0/1/8.6 Full 164.58.199.214
+# 164.58.244.146 ge-0/1/9.500 Full 164.58.199.215
+#
+# grnoc-mon at ODMHSAS-OKC-MX104> show bfd session
+ Detect Transmit
+Address State Interface Time Interval Multiplier
+10.119.20.101 Up ge-0/0/1.0 6.000 2.000 3
+156.110.27.62 Up ge-0/0/0.0 6.000 2.000 3
+
+2 sessions, 2 clients
+Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps
+
+# grnoc-mon at ODMHSAS-OKC-MX104> show system snapshot media internal
+# ^
+# syntax error, expecting <data>.
+#
More information about the Nocrancid
mailing list