[Nocrancid] autopop-onenet.net router config diffs

Sun Mar 29 02:02:29 CDT 2015

Index: configs/core.woo.onenet.net
===================================================================

--- configs/core.woo.onenet.net	(revision 125377)
+++ configs/core.woo.onenet.net	(working copy)
@@ -354,8 +354,8 @@
 #lsi.1052702 up up
 #lsi.1052722 up up
 #lsi.1052762 up up
-#lsi.1052794 up up
-#lsi.1052795 up up
+#lsi.1052804 up up
+#lsi.1052805 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.end.onenet.net
===================================================================
--- configs/core.end.onenet.net	(revision 125377)
+++ configs/core.end.onenet.net	(working copy)
@@ -393,9 +393,9 @@
 #lsi.1050965 up up
 #lsi.1050992 up up
 #lsi.1051006 up up
-#lsi.1051038 up up
-#lsi.1051039 up up
-#lsi.1051040 up up
+#lsi.1051048 up up
+#lsi.1051049 up up
+#lsi.1051050 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.law.onenet.net
===================================================================
--- configs/core.law.onenet.net	(revision 125377)
+++ configs/core.law.onenet.net	(working copy)
@@ -508,8 +508,8 @@
 #lsi.1066336 up up
 #lsi.1066356 up up
 #lsi.1066396 up up
-#lsi.1066428 up up
-#lsi.1066429 up up
+#lsi.1066438 up up
+#lsi.1066439 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net	(revision 125377)
+++ configs/core5.okc.onenet.net	(working copy)
@@ -652,9 +652,9 @@
 #lsi.1498607 up up
 #lsi.1498634 up up
 #lsi.1498664 up up
-#lsi.1498680 up up
-#lsi.1498681 up up
-#lsi.1498682 up up
+#lsi.1498691 up up
+#lsi.1498692 up up
+#lsi.1498693 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.hut.hen.onenet.net
===================================================================
--- configs/core.hut.hen.onenet.net	(revision 125370)
+++ configs/core.hut.hen.onenet.net	(working copy)
@@ -306,13 +306,13 @@
 #lsi.1048637 up up
 #lsi.1048641 up up
 #lsi.1048656 up up
-#lsi.1048660 up up
 #lsi.1048662 up up
 #lsi.1048663 up up
 #lsi.1048664 up up
 #lsi.1048665 up up
 #lsi.1048666 up up
 #lsi.1048667 up up
+#lsi.1048668 up up
 #me0 up up
 #me0.0 up up
 #mtun up up
Index: configs/core2-okc-mx960.onenet.net
===================================================================
--- configs/core2-okc-mx960.onenet.net	(revision 125377)
+++ configs/core2-okc-mx960.onenet.net	(working copy)
@@ -619,8 +619,8 @@
 #lsi.1066107 up up
 #lsi.1066127 up up
 #lsi.1066137 up up
-#lsi.1066199 up up
-#lsi.1066200 up up
+#lsi.1066209 up up
+#lsi.1066210 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.dur.onenet.net
===================================================================
--- configs/core.dur.onenet.net	(revision 125377)
+++ configs/core.dur.onenet.net	(working copy)
@@ -378,9 +378,9 @@
 #lsi.1052117 up up
 #lsi.1052144 up up
 #lsi.1052158 up up
-#lsi.1052190 up up
-#lsi.1052191 up up
-#lsi.1052192 up up
+#lsi.1052200 up up
+#lsi.1052201 up up
+#lsi.1052202 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.say.onenet.net
===================================================================
--- configs/core.say.onenet.net	(revision 125377)
+++ configs/core.say.onenet.net	(working copy)
@@ -332,7 +332,6 @@
 #lsi.1051321 up up
 #lsi.1051506 up up
 #lsi.1051560 up up
-#lsi.1051740 up up
 #lsi.1051751 up up
 #lsi.1051861 up up
 #lsi.1051863 up up
@@ -343,7 +342,8 @@
 #lsi.1051919 up up
 #lsi.1051951 up up
 #lsi.1051971 up up
-#lsi.1052042 up up
+#lsi.1052051 up up
+#lsi.1052052 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net	(revision 125377)
+++ configs/core4.okc.onenet.net	(working copy)
@@ -853,7 +853,7 @@
 #lsi.1049955 up up
 #lsi.1049956 up up
 #lsi.1049958 up up
-#lsi.1049959 up up
+#lsi.1049960 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.mus.onenet.net
===================================================================
--- configs/core.mus.onenet.net	(revision 125377)
+++ configs/core.mus.onenet.net	(working copy)
@@ -352,7 +352,7 @@
 #lsi.1051839 up up
 #lsi.1051898 up up
 #lsi.1051921 up up
-#lsi.1051992 up up
+#lsi.1052001 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core1.dc.onenet.net
===================================================================
--- configs/core1.dc.onenet.net	(revision 125377)
+++ configs/core1.dc.onenet.net	(working copy)
@@ -945,8 +945,8 @@
 #lsi.1052492 up up
 #lsi.1052524 up up
 #lsi.1052544 up up
-#lsi.1052615 up up
-#lsi.1052616 up up
+#lsi.1052625 up up
+#lsi.1052626 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core1.lan-mx80.onenet.net
===================================================================
--- configs/core1.lan-mx80.onenet.net	(revision 125377)
+++ configs/core1.lan-mx80.onenet.net	(working copy)
@@ -288,7 +288,7 @@
 #lsi.1066317 up up
 #lsi.1066322 up up
 #lsi.1066399 up up
-#lsi.1066470 up up
+#lsi.1066479 up up
 #me0 up up
 #me0.0 up up
 #mtun up up
Index: configs/core.ada.onenet.net
===================================================================
--- configs/core.ada.onenet.net	(revision 125377)
+++ configs/core.ada.onenet.net	(working copy)
@@ -390,9 +390,9 @@
 #lsi.1052542 up up
 #lsi.1052556 up up
 #lsi.1052583 up up
-#lsi.1052590 up up
-#lsi.1052591 up up
-#lsi.1052592 up up
+#lsi.1052600 up up
+#lsi.1052601 up up
+#lsi.1052602 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/hub.end.onenet.net
===================================================================
--- configs/hub.end.onenet.net	(revision 125376)
+++ configs/hub.end.onenet.net	(working copy)
@@ -409,7 +409,6 @@
 #sp-3/3/0.0 up up
 #sp-3/3/0.16383 up up
 #vt-3/3/0 up up
-#vt-3/3/0.1051579 up up
 #demux0 up up
 #dsc up up
 #em0 up up
Index: configs/core.ida.onenet.net
===================================================================
--- configs/core.ida.onenet.net	(revision 125377)
+++ configs/core.ida.onenet.net	(working copy)
@@ -360,8 +360,8 @@
 #lsi.1054321 up up
 #lsi.1054325 up up
 #lsi.1054384 up up
-#lsi.1054416 up up
-#lsi.1054417 up up
+#lsi.1054426 up up
+#lsi.1054427 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net	(revision 125377)
+++ configs/core.mca.onenet.net	(working copy)
@@ -366,7 +366,7 @@
 #lsi.1050414 up up
 #lsi.1050491 up up
 #lsi.1050531 up up
-#lsi.1050563 up up
+#lsi.1050572 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.pot.onenet.net
===================================================================
--- configs/core.pot.onenet.net	(revision 125377)
+++ configs/core.pot.onenet.net	(working copy)
@@ -382,7 +382,7 @@
 #lsi.1051982 up up
 #lsi.1052059 up up
 #lsi.1052099 up up
-#lsi.1052131 up up
+#lsi.1052140 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.hut.ard.onenet.net
===================================================================
--- configs/core.hut.ard.onenet.net	(revision 125377)
+++ configs/core.hut.ard.onenet.net	(working copy)
@@ -323,7 +323,7 @@
 #lsi.1049655 up up
 #lsi.1049656 up up
 #lsi.1049657 up up
-#lsi.1049658 up up
+#lsi.1049659 up up
 #me0 up up
 #me0.0 up up
 #mtun up up
Index: configs/core.hut.412.onenet.net
===================================================================
--- configs/core.hut.412.onenet.net	(revision 125377)
+++ configs/core.hut.412.onenet.net	(working copy)
@@ -324,7 +324,7 @@
 #lsi.1049141 up up
 #lsi.1049142 up up
 #lsi.1049143 up up
-#lsi.1049144 up up
+#lsi.1049145 up up
 #me0 up up
 #me0.0 up up
 #mtun up up
Index: configs/core.ard.onenet.net
===================================================================
--- configs/core.ard.onenet.net	(revision 125377)
+++ configs/core.ard.onenet.net	(working copy)
@@ -340,7 +340,6 @@
 #lsi.1053004 up up
 #lsi.1053108 up up
 #lsi.1053167 up up
-#lsi.1053228 up up
 #lsi.1053351 up up
 #lsi.1053482 up up
 #lsi.1053484 up up
@@ -355,8 +354,9 @@
 #lsi.1053593 up up
 #lsi.1053599 up up
 #lsi.1053640 up up
-#lsi.1053672 up up
-#lsi.1053673 up up
+#lsi.1053681 up up
+#lsi.1053682 up up
+#lsi.1053683 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net	(revision 125376)
+++ configs/hub.dur.onenet.net	(working copy)
@@ -377,7 +377,7 @@
 #fe-2/1/1.0 up up
 #fe-2/1/2 up up
 #fe-2/1/2.0 up up
-#fe-2/1/3 down up
+#fe-2/1/3 down down
 #ge-2/2/0 up up
 #pc-2/2/0 up up
 #pc-2/2/0.16383 up up
Index: configs/core.alt.onenet.net
===================================================================
--- configs/core.alt.onenet.net	(revision 125377)
+++ configs/core.alt.onenet.net	(working copy)
@@ -382,29 +382,29 @@
 #lsi.1083713 up up
 #lsi.1086255 up up
 #lsi.1087093 up up
-#lsi.1087226 up up
-#lsi.1087228 up up
-#lsi.1087229 up up
-#lsi.1087230 up up
-#lsi.1087231 up up
-#lsi.1087232 up up
-#lsi.1087233 up up
-#lsi.1087234 up up
-#lsi.1087235 up up
-#lsi.1087236 up up
-#lsi.1087237 up up
-#lsi.1087238 up up
-#lsi.1087239 up up
-#lsi.1087240 up up
-#lsi.1087241 up up
-#lsi.1087242 up up
-#lsi.1087243 up up
-#lsi.1087244 up up
-#lsi.1087245 up up
-#lsi.1087246 up up
-#lsi.1087247 up up
-#lsi.1087248 up up
-#lsi.1087249 up up
+#lsi.1087404 up up
+#lsi.1087405 up up
+#lsi.1087406 up up
+#lsi.1087407 up up
+#lsi.1087408 up up
+#lsi.1087409 up up
+#lsi.1087410 up up
+#lsi.1087411 up up
+#lsi.1087412 up up
+#lsi.1087413 up up
+#lsi.1087414 up up
+#lsi.1087415 up up
+#lsi.1087416 up up
+#lsi.1087417 up up
+#lsi.1087419 up up
+#lsi.1087420 up up
+#lsi.1087421 up up
+#lsi.1087422 up up
+#lsi.1087423 up up
+#lsi.1087424 up up
+#lsi.1087425 up up
+#lsi.1087426 up up
+#lsi.1087427 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core1.sti-mx960.onenet.net
===================================================================
--- configs/core1.sti-mx960.onenet.net	(revision 125377)
+++ configs/core1.sti-mx960.onenet.net	(working copy)
@@ -683,8 +683,8 @@
 #lsi.1060977 up up
 #lsi.1060981 up up
 #lsi.1061001 up up
-#lsi.1061072 up up
-#lsi.1061073 up up
+#lsi.1061082 up up
+#lsi.1061083 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.chi.onenet.net
===================================================================
--- configs/core.chi.onenet.net	(revision 125377)
+++ configs/core.chi.onenet.net	(working copy)
@@ -329,7 +329,6 @@
 #lsi.1050805 up up
 #lsi.1050845 up up
 #lsi.1050903 up up
-#lsi.1050962 up up
 #lsi.1051088 up up
 #lsi.1051174 up up
 #lsi.1051219 up up
@@ -344,8 +343,9 @@
 #lsi.1051328 up up
 #lsi.1051334 up up
 #lsi.1051375 up up
-#lsi.1051407 up up
-#lsi.1051408 up up
+#lsi.1051416 up up
+#lsi.1051417 up up
+#lsi.1051418 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.redoak.onenet.net
===================================================================
--- configs/core.redoak.onenet.net	(revision 124919)
+++ configs/core.redoak.onenet.net	(working copy)
@@ -1,6 +1,7 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at RED-OAK-MX80> show system commit 
+#   2015-03-29 01:16:36 CDT by andrew via cli commit confirmed, rollback in 3mins
 #   2015-03-14 21:35:01 CDT by andrew via cli
 #   2015-03-14 21:31:19 CDT by andrew via cli
 #   2015-02-23 11:32:35 CST by root via cli
@@ -203,7 +204,7 @@
 # grnoc-mon at RED-OAK-MX80> show system uptime 
 # System booted: 2015-03-11 12:10 CDT 
 # Protocols started: 2015-03-11 12:12 CDT 
-# Last configured: 2015-03-14 21:35 CDT  by andrew
+# Last configured: 2015-03-29 01:16 CDT  by andrew
 # 
 # grnoc-mon at RED-OAK-MX80> show interface terse 
 #Interface Admin Link
@@ -265,7 +266,7 @@
 #pp0 up up
 #tap up up
 # grnoc-mon at RED-OAK-MX80> show configuration 
-## Last commit: 2015-03-14 21:35:01 CDT by andrew
+## Last commit: 2015-03-29 01:16:36 CDT by andrew
 version 12.3R7.7;
 system {
     host-name RED-OAK-MX80;
@@ -437,6 +438,7 @@
                 mtu 9000;
                 address 164.58.244.173/31;
             }
+            family mpls;
         }
     }
     xe-0/0/1 {
@@ -450,6 +452,7 @@
                 mtu 9000;
                 address 164.58.244.174/31;
             }
+            family mpls;
         }
     }
     lo0 {
@@ -594,7 +597,9 @@
     ospf {
         reference-bandwidth 100g;
         area 0.0.0.0 {
-            interface lo0.0;
+            interface lo0.0 {
+                passive;
+            }
             interface fxp0.0 {
                 disable;
             }
Index: configs/core.hut.cli.onenet.net
===================================================================
--- configs/core.hut.cli.onenet.net	(revision 125377)
+++ configs/core.hut.cli.onenet.net	(working copy)
@@ -297,7 +297,7 @@
 #lsi.1048669 up up
 #lsi.1048670 up up
 #lsi.1048671 up up
-#lsi.1048672 up up
+#lsi.1048673 up up
 #me0 up up
 #me0.0 up up
 #mtun up up
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net	(revision 125371)
+++ configs/core3.okc-m120.onenet.net	(working copy)
@@ -1226,8 +1226,8 @@
 #t1-3/3/0:6:6 up up
 #t1-3/3/0:6:6.0 up up
 #t1-3/3/0:6:7 down down
-#t1-3/3/0:6:8 up down
-#t1-3/3/0:6:8.0 up down
+#t1-3/3/0:6:8 up up
+#t1-3/3/0:6:8.0 up up
 #t1-3/3/0:6:9 up down
 #t1-3/3/0:6:9.0 up down
 #t1-3/3/0:6:10 up up
Index: configs/core.wea.onenet.net
===================================================================
--- configs/core.wea.onenet.net	(revision 125377)
+++ configs/core.wea.onenet.net	(working copy)
@@ -345,8 +345,8 @@
 #lsi.1053141 up up
 #lsi.1053161 up up
 #lsi.1053201 up up
-#lsi.1053233 up up
-#lsi.1053234 up up
+#lsi.1053243 up up
+#lsi.1053244 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core1.nor.onenet.net
===================================================================
--- configs/core1.nor.onenet.net	(revision 125377)
+++ configs/core1.nor.onenet.net	(working copy)
@@ -461,8 +461,8 @@
 #lsi.1050910 up up
 #lsi.1050930 up up
 #lsi.1050970 up up
-#lsi.1051002 up up
-#lsi.1051003 up up
+#lsi.1051012 up up
+#lsi.1051013 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.sem.onenet.net
===================================================================
--- configs/core.sem.onenet.net	(revision 125377)
+++ configs/core.sem.onenet.net	(working copy)
@@ -357,8 +357,8 @@
 #lsi.1049514 up up
 #lsi.1049534 up up
 #lsi.1049574 up up
-#lsi.1049606 up up
-#lsi.1049607 up up
+#lsi.1049616 up up
+#lsi.1049617 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.dun.onenet.net
===================================================================
--- configs/core.dun.onenet.net	(revision 125370)
+++ configs/core.dun.onenet.net	(working copy)
@@ -362,13 +362,13 @@
 #lsi.1050989 up up
 #lsi.1051005 up up
 #lsi.1051012 up up
-#lsi.1051013 up up
 #lsi.1051015 up up
 #lsi.1051016 up up
 #lsi.1051017 up up
 #lsi.1051018 up up
 #lsi.1051019 up up
 #lsi.1051020 up up
+#lsi.1051021 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.wless.velm.onenet.net
===================================================================
--- configs/core.wless.velm.onenet.net	(revision 125377)
+++ configs/core.wless.velm.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at VELMA-TOWER-SRX220> show system commit 
+#   2015-03-29 01:06:50 CDT by andrew via cli commit confirmed, rollback in 5mins
 #   2015-03-29 00:30:53 CDT by root via other
 #   2015-03-16 09:37:12 CDT by sean via cli
 #   2014-11-07 15:22:39 CST by admin via netconf
 #   2014-09-24 14:09:37 CDT by sky via cli commit confirmed, rollback in 10mins
 #   2014-09-17 14:58:05 CDT by donnie via cli
-#   2014-09-10 16:18:51 CDT by joel via cli
 # grnoc-mon at VELMA-TOWER-SRX220> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -96,7 +96,7 @@
 # grnoc-mon at VELMA-TOWER-SRX220> show system uptime 
 # System booted: 2015-03-29 00:29 CDT 
 # Protocols started: 2015-03-29 00:31 CDT 
-# Last configured: 2015-03-29 00:30 CDT  by root
+# Last configured: 2015-03-29 01:06 CDT  by andrew
 # 
 # grnoc-mon at VELMA-TOWER-SRX220> show interface terse 
 #Interface Admin Link
@@ -140,7 +140,7 @@
 #tap up up
 #vlan up up
 # grnoc-mon at VELMA-TOWER-SRX220> show configuration 
-## Last commit: 2015-03-29 00:30:53 CDT by root
+## Last commit: 2015-03-29 01:06:50 CDT by andrew
 version 12.1X46-D20.5;
 system {
     host-name VELMA-TOWER-SRX220;
@@ -152,9 +152,8 @@
     }
     name-server {
         164.58.253.10;
-        156.110.198.10;
-        164.58.233.202;
         164.58.253.4;
+        164.58.198.10;
     }
     radius-server {
         156.110.31.11 {
@@ -165,7 +164,7 @@
         }
     }
     login {
-        message "\n\n************************************ WARNING ****************************************\n\n*                    To protect the system from unauthorized use,                   *\n\n*      activities on this system are monitored,recorded and subject to audit.       *\n\n*     Use of this system is expressed consent to such monitoring and recording.     *\n\n*          Any unauthorized access or use of this system is prohibited and          *\n\n*     is subject to criminal and civil penalties and/or administrative action.      *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n;";
+        message "\n\n************************************ WARNING ****************************************\n\n*                    To protect the system from unauthorized use,                   *\n\n*      activities on this system are monitored,recorded and subject to audit.       *\n\n*     Use of this system is expressed consent to such monitoring and recording.     *\n\n*          Any unauthorized access or use of this system is prohibited and          *\n\n*     is subject to criminal and civil penalties and/or administrative action.      *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
         class admin {
             idle-timeout 1044;
             permissions all;
@@ -224,43 +223,44 @@
         netconf {
             ssh;
         }
-        inactive: web-management {
-            http;
-        }
     }
     syslog {
-        archive size 10m files 5;
+        archive size 10m files 20;
         user * {
             any emergency;
         }
+        host 164.58.253.92 {
+            any any;
+        }
+        host 164.58.253.38 {
+            any any;
+        }
         file messages {
             any notice;
             authorization info;
+            match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
         }
         file interactive-commands {
             interactive-commands any;
         }
+        file PROTECT-RE {
+            firewall any;
+            archive no-world-readable;
+        }
         file default-log-messages {
             any info;
-            match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES";
+            match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
             structured-data;
         }
-        source-address 164.58.199.125;
+        file updown {
+            any any;
+            match "(TRAP_LINK)";
+        }
     }
     ntp {
         server 164.58.3.98 prefer;
     }
 }
-chassis {
-    alarm {
-        ##
-        ## Warning: configuration block ignored: unsupported platform (srx220h-poe)
-        ##
-        management-ethernet {
-            link-down ignore;
-        }
-    }
-}
 interfaces {
     ge-0/0/0 {
         description "CORE FE to Velma-7200 FastEthernet0/1 | OneNet-VELM-VELM-FE-15464";
@@ -320,7 +320,7 @@
     }
 }
 snmp {
-    location "Norman, OK";
+    location "Velma, OK";
     contact "Net Group";
     client-list snmp-management {
         156.110.31.0/27;
@@ -356,32 +356,82 @@
         interface lo0.0;
         interface ge-0/0/0.0;
     }
+    bgp {
+        group CORE-RR-OKC-V4 {
+            type internal;
+            local-address 164.58.199.125;
+            family inet {
+                unicast;
+            }
+#            authentication-key <removed>;
+            export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+            peer-as 5078;
+            neighbor 164.58.199.216 {
+                description OKC-CORE6-IBGP-V4;
+            }
+        }
+        group CORE-RR-TUL-V4 {
+            type internal;
+            local-address 164.58.199.125;
+            family inet {
+                unicast;
+            }
+#            authentication-key <removed>;
+            export [ REDISTRIBUTE-DIRECTS REDISTRIBUTE-STATICS ];
+            peer-as 5078;
+            neighbor 164.58.199.226 {
+                description TUL-CORE6-IBGP-V4;
+            }
+        }
+    }
     ospf {
-        export [ REDISTRIBUTE-STATICS REDISTRIBUTE-DIRECTS ];
         reference-bandwidth 100g;
         area 0.0.0.0 {
-            interface lo0.0;
+            interface lo0.0 {
+                passive;
+            }
             interface ge-0/0/0.0;
         }
     }
 }
 policy-options {
-    prefix-list EBGP-IPV4-NEIGHBORS {
-        164.58.10.38/32;
-    }
     prefix-list PRE-LDP-SOURCES {
         10.199.0.0/16;
+        164.58.198.0/23;
+        apply-path "interfaces <*> unit <*> family inet address <*>";
     }
-    policy-statement IBGP-IMPORT {
-        term 1 {
-            from {
-                route-filter 0.0.0.0/0 exact accept;
-            }
-        }
-        term reject {
-            then reject;
-        }
+    prefix-list PRE-MGMT-SOURCES {
+        64.207.244.14/32;
+        66.129.224.37/32;
+        129.15.127.96/28;
+        156.110.31.0/27;
+        156.110.31.32/28;
+        164.58.10.0/24;
+        164.58.15.0/24;
+        164.58.244.0/22;
+        164.58.253.0/24;
     }
+    prefix-list PRE-RADIUS-SOURCES {
+        apply-path "system radius-server <*>";
+    }
+    prefix-list PRE-NTP-SOURCES {
+        apply-path "system ntp server <*>";
+    }
+    prefix-list PRE-DNS-SOURCES {
+        apply-path "system name-server <*>";
+    }
+    prefix-list PRE-SNMP-SOURCES {
+        apply-path "snmp client-list snmp-management <1*>";
+    }
+    prefix-list PRE-LOCALIPv4-SOURCES {
+        apply-path "interfaces <*> unit <*> family inet address <*>";
+    }
+    prefix-list PRE-BGP-ALLOW {
+        apply-path "protocols bgp group <*> neighbor <*>";
+    }
+    prefix-list PRE-L0-SOURCES {
+        apply-path "interfaces lo0 unit <*> family inet address <164.*>";
+    }
     policy-statement LOAD-BALANCE {
         then {
             load-balance per-packet;
@@ -390,15 +440,25 @@
     policy-statement REDISTRIBUTE-DIRECTS {
         term 1 {
             from protocol direct;
-            then accept;
+            then {
+                community add VELMA;
+                external {
+                    type 1;
+                }
+                accept;
+            }
         }
     }
     policy-statement REDISTRIBUTE-STATICS {
         term 1 {
             from protocol static;
-            then accept;
+            then {
+                community add VELMA;
+                accept;
+            }
         }
     }
+    community VELMA members 5078:9125;
 }
 security {
     forwarding-options {
@@ -418,112 +478,112 @@
 firewall {
     family inet {
         filter PROTECT-RE {
-            term SERVICES {
+            term SSH-ALLOW {
                 from {
-                    source-address {
-                        129.15.127.96/28;
-                        156.110.31.0/27;
-                        156.110.31.32/28;
-                        164.58.10.0/24;
-                        164.58.253.0/24;
-                        64.207.244.14/32;
-                        66.129.224.37/32;
-                        164.58.15.0/24;
-                        164.58.244.0/22;
+                    source-prefix-list {
+                        PRE-MGMT-SOURCES;
                     }
                     protocol tcp;
-                    destination-port [ ssh http telnet ];
+                    destination-port ssh;
                 }
                 then accept;
             }
+            term FIRST-FRAG {
+                from {
+                    first-fragment;
+                }
+                then {
+                    discard;
+                }
+            }
+            term NEXT-FRAG {
+                from {
+                    is-fragment;
+                }
+                then {
+                    discard;
+                }
+            }
             term OSPF-ALLOW {
                 from {
-                    source-address {
-                        164.58.199.0/24;
-                        164.58.0.0/16;
-                        156.110.0.0/16;
+                    source-prefix-list {
+                        PRE-LOCALIPv4-SOURCES;
                     }
                     protocol ospf;
                 }
                 then accept;
             }
-            term EBGP-ALLOW {
+            term BGP-ALLOW {
                 from {
                     prefix-list {
-                        EBGP-IPV4-NEIGHBORS;
+                        PRE-BGP-ALLOW;
                     }
                     protocol tcp;
                     port 179;
                 }
                 then accept;
             }
-            term IBGP-ALLOW {
+            term RADIUS-ALLOW {
                 from {
-                    source-address {
-                        164.58.199.216/32;
-                        164.58.199.226/32;
+                    source-prefix-list {
+                        PRE-RADIUS-SOURCES;
                     }
-                    protocol tcp;
-                    port 179;
+                    protocol [ udp tcp ];
+                    port [ radius radacct ];
                 }
                 then accept;
             }
-            term FIRST-FRAG {
+            term NTP-ALLOW {
                 from {
-                    first-fragment;
+                    source-prefix-list {
+                        PRE-NTP-SOURCES;
+                        PRE-L0-SOURCES;
+                    }
+                    protocol udp;
+                    port ntp;
                 }
-                then {
-                    discard;
-                }
+                then accept;
             }
-            term NEXT-FRAG {
+            term DOMAIN-ALLOW {
                 from {
-                    is-fragment;
+                    source-prefix-list {
+                        PRE-DNS-SOURCES;
+                    }
+                    port domain;
                 }
-                then {
-                    discard;
-                }
-            }
-            term ICMP-ALLOW {
-                from {
-                    protocol icmp;
-                    icmp-type [ echo-reply echo-request unreachable time-exceeded ];
-                }
                 then accept;
             }
-            term SERVICES-OUTBOUND {
+            term SYSLOG-ALLOW {
                 from {
-                    source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+                    source-prefix-list {
+                        PRE-MGMT-SOURCES;
+                    }
+                    port syslog;
                 }
                 then accept;
             }
-            term RADIUS {
+            term FTP-ALLOW {
                 from {
-                    source-address {
-                        156.110.31.11/32;
+                    source-prefix-list {
+                        PRE-MGMT-SOURCES;
                     }
-                    protocol [ udp tcp ];
-                    port [ radius radacct ];
+                    port ftp;
                 }
                 then accept;
             }
-            term NTP {
+            term JSPACE-ALLOW {
                 from {
-                    source-address {
-                        164.58.10.1/32;
-                        164.58.199.0/24;
+                    source-prefix-list {
+                        PRE-MGMT-SOURCES;
                     }
-                    protocol udp;
-                    port ntp;
+                    source-port 7408;
                 }
                 then accept;
             }
             term SNMP-ALLOW {
                 from {
-                    source-address {
-                        164.58.253.0/24;
-                        156.110.31.0/27;
-                        156.110.31.32/28;
+                    source-prefix-list {
+                        PRE-SNMP-SOURCES;
                     }
                     protocol [ tcp udp ];
                     port [ snmp snmptrap ];
@@ -532,19 +592,17 @@
             }
             term LDP-ALLOW {
                 from {
-                    source-address {
-                        164.58.199.0/24;
-                        164.58.0.0/16;
-                        156.110.0.0/16;
+                    source-prefix-list {
+                        PRE-LDP-SOURCES;
                     }
                     port ldp;
                 }
+                then accept;
             }
             term PIM-ALLOW {
                 from {
-                    source-address {
-                        164.58.199.0/24;
-                        164.58.0.0/16;
+                    source-prefix-list {
+                        PRE-LOCALIPv4-SOURCES;
                     }
                     protocol pim;
                 }
@@ -552,14 +610,21 @@
             }
             term BFD-ALLOW {
                 from {
-                    source-address {
-                        164.58.0.0/16;
+                    source-prefix-list {
+                        PRE-LOCALIPv4-SOURCES;
                     }
                     protocol udp;
                     port [ 3784 3785 ];
                 }
                 then accept;
             }
+            term ICMP-ALLOW {
+                from {
+                    protocol icmp;
+                    icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+                }
+                then accept;
+            }
             term TRACEROUTE-ALLOW {
                 from {
                     protocol udp;
@@ -567,6 +632,20 @@
                 }
                 then accept;
             }
+            term DENY-SERVICES-INBOUND {
+                from {
+                    destination-port [ ssh telnet http https snmp ntp domain ];
+                }
+                then {
+                    discard;
+                }
+            }
+            term SERVICES-OUTBOUND {
+                from {
+                    source-port [ ssh telnet ];
+                }
+                then accept;
+            }
             term DENY_ALL {
                 then {
                     discard;
Index: configs/core.wil.onenet.net
===================================================================
--- configs/core.wil.onenet.net	(revision 125377)
+++ configs/core.wil.onenet.net	(working copy)
@@ -382,7 +382,7 @@
 #lsi.1052253 up up
 #lsi.1052330 up up
 #lsi.1052370 up up
-#lsi.1052402 up up
+#lsi.1052411 up up
 #mtun up up
 #pimd up up
 #pime up up
Index: configs/core.clayton.onenet.net
===================================================================
--- configs/core.clayton.onenet.net	(revision 124919)
+++ configs/core.clayton.onenet.net	(working copy)
@@ -1,6 +1,7 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CLAYTON-MX40> show system commit 
+#   2015-03-29 01:15:27 CDT by andrew via cli
 #   2015-03-14 21:34:07 CDT by andrew via cli
 #   2015-02-24 16:00:59 CST by root via cli
 #   2015-02-24 15:48:39 CST by root via other
@@ -201,7 +202,7 @@
 # grnoc-mon at CLAYTON-MX40> show system uptime 
 # System booted: 2015-03-11 19:42 CDT 
 # Protocols started: 2015-03-11 19:44 CDT 
-# Last configured: 2015-03-14 21:34 CDT  by andrew
+# Last configured: 2015-03-29 01:15 CDT  by andrew
 # 
 # grnoc-mon at CLAYTON-MX40> show interface terse 
 #Interface Admin Link
@@ -261,7 +262,7 @@
 #pp0 up up
 #tap up up
 # grnoc-mon at CLAYTON-MX40> show configuration 
-## Last commit: 2015-03-14 21:34:07 CDT by andrew
+## Last commit: 2015-03-29 01:15:27 CDT by andrew
 version 12.3R7.7;
 system {
     host-name CLAYTON-MX40;
@@ -433,6 +434,7 @@
                 mtu 9000;
                 address 164.58.244.177/31;
             }
+            family mpls;
         }
     }
     lo0 {

