[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Aug 14 04:03:51 CDT 2016
Index: configs/core1.edm.onenet.net
===================================================================
--- configs/core1.edm.onenet.net (revision 145506)
+++ configs/core1.edm.onenet.net (working copy)
@@ -1,13 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EDMOND-MX104-RE0> show system commit
+# 2016-08-14 03:58:09 CDT by andrew via cli commit synchronize
+# 2016-08-14 03:52:01 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-08-12 08:43:24 CDT by andrew via cli commit synchronize
# 2016-08-12 08:17:36 CDT by andrew via cli commit synchronize
# 2016-07-20 10:08:45 CDT by andrew via cli commit synchronize
# 2016-05-26 14:46:29 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
-# 2016-04-17 15:12:40 CDT by andrew via cli commit synchronize
-# 2016-03-12 00:45:08 CST by root via other
-# Synchronization with remote Routing Engine
# grnoc-mon at EDMOND-MX104-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -236,7 +235,7 @@
# grnoc-mon at EDMOND-MX104-RE0> show system uptime
# System booted: 2016-03-12 01:11 CST
# Protocols started: 2016-03-12 01:15 CST
-# Last configured: 2016-08-12 08:43 CDT by andrew
+# Last configured: 2016-08-14 03:58 CDT by andrew
#
# {master}
# grnoc-mon at EDMOND-MX104-RE0> show interface terse
@@ -314,7 +313,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EDMOND-MX104-RE0> show configuration
-## Last commit: 2016-08-12 08:43:24 CDT by andrew
+## Last commit: 2016-08-14 03:58:09 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -843,6 +842,21 @@
description TUL-CORE6-IBGP-V6;
}
}
+ group EBGP-UCO-V4 {
+ type external;
+ accept-remote-nexthop;
+ family inet {
+ unicast;
+ }
+ neighbor 156.110.24.161 {
+ description "EBGP-UCO-CIR000XXXX [NO-MONITOR]";
+ import EBGP-UCO-V4-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-UCO-V4-EXPORT;
+ remove-private all;
+ peer-as 64579;
+ }
+ }
}
ospf {
reference-bandwidth 100g;
@@ -966,6 +980,146 @@
prefix-list PRE-L0-SOURCES {
apply-path "interfaces lo0 unit <*> family inet address <164.*>";
}
+ prefix-list EBGP-UCO-V4-PREFIXES {
+ 156.110.28.196/31;
+ 192.206.65.0/24;
+ 198.102.159.0/24;
+ 204.154.112.0/21;
+ }
+ prefix-list BOGONS-V4-PREFIXES {
+ 0.0.0.0/8;
+ 10.0.0.0/8;
+ 100.64.0.0/10;
+ 127.0.0.0/8;
+ 169.254.0.0/16;
+ 172.16.0.0/12;
+ 192.0.0.0/24;
+ 192.0.2.0/24;
+ 192.168.0.0/16;
+ 198.18.0.0/15;
+ 198.51.100.0/24;
+ 203.0.113.0/24;
+ 224.0.0.0/4;
+ 240.0.0.0/4;
+ }
+ prefix-list ONENET-AGGREGATE-ADVERTISED-V4-PREFIXES {
+ 156.110.0.0/16;
+ 164.58.0.0/16;
+ }
+ prefix-list ONENET-AGGREGATE-FILTERED-V4-PREFIXES {
+ 156.110.0.0/17;
+ 156.110.128.0/20;
+ 156.110.160.0/19;
+ 156.110.192.0/19;
+ 156.110.240.0/20;
+ 164.58.0.0/16;
+ }
+ prefix-list PRE-BGP-RI-ALLOW {
+ apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>";
+ }
+ policy-statement EBGP-UCO-L3VPN-V4-EXPORT {
+ term SEND-ROUTES {
+ then accept;
+ }
+ }
+ policy-statement EBGP-UCO-L3VPN-V4-IMPORT {
+ term ACCEPT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-UCO-V4-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-BOGONS {
+ from {
+ prefix-list-filter BOGONS-V4-PREFIXES orlonger;
+ }
+ then reject;
+ }
+ term REJECT-NO-ADVERTISE-COMMUNITY {
+ from community ONENET_E_NO_ADVERTISE;
+ then reject;
+ }
+ term REJECT-NO-CUSTOMER-COMMUNITY {
+ from community ONENET_E_NO_CUSTOMER;
+ then reject;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-UCO-V4-IMPORT {
+ term REJECT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then reject;
+ }
+ term REJECT-BOGONS {
+ from {
+ prefix-list-filter BOGONS-V4-PREFIXES orlonger;
+ }
+ then reject;
+ }
+ term CHECK-BLACKHOLE-LENGTH {
+ from {
+ community ONENET_BLACKHOLE;
+ route-filter 0.0.0.0/0 prefix-length-range /32-/32;
+ }
+ then next term;
+ }
+ term ACCEPT-BLACKHOLE {
+ from {
+ community ONENET_BLACKHOLE;
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community set ONENET_BLACKHOLE;
+ community add ONENET_SRC_CUSTOMER;
+ next-hop 192.0.2.1;
+ accept;
+ }
+ }
+ term REJECT-25-ORLONGER {
+ from {
+ route-filter 0.0.0.0/0 prefix-length-range /25-/32;
+ }
+ then reject;
+ }
+ term DELETE-PROHIBITED-COMMUNITIES {
+ from {
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community delete NON_ONENET;
+ community delete ONENET_ENGINEERING;
+ next term;
+ }
+ }
+ term ACCEPT-ROUTES {
+ from {
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community add ONENET_SRC_CUSTOMER;
+ next-hop peer-address;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1149,9 +1303,31 @@
}
}
community EDMOND members 5078:;
+ community NON_ONENET {
+ invert-match;
+ members 5078:*;
+ }
community OFFN-VPN members target:5078:2572;
community ONENET-MGMT-VPN members target:5078:2543;
+ community ONENET_ADV_AKAMAI members 5078:5400;
+ community ONENET_ADV_FACEBOOK members 5078:5500;
+ community ONENET_ADV_GGC members 5078:5600;
+ community ONENET_ADV_NETFLIX members 5078:5300;
+ community ONENET_ADV_PEER members 5078:5200;
+ community ONENET_ADV_RESEARCH members 5078:5100;
+ community ONENET_ADV_UPSTREAM members 5078:5000;
community ONENET_BLACKHOLE members 5078:911;
+ community ONENET_ENGINEERING members "5078:[023456789].*";
+ community ONENET_E_NO_ADVERTISE members 5078:10999;
+ community ONENET_E_NO_CACHE members 5078:10989;
+ community ONENET_E_NO_COMMODITY members 5078:10909;
+ community ONENET_E_NO_CUSTOMER members 5078:10939;
+ community ONENET_E_NO_PEER members 5078:10929;
+ community ONENET_E_NO_RESEARCH members 5078:10919;
+ community ONENET_SRC_COMMODITY members 5078:4000;
+ community ONENET_SRC_CUSTOMER members 5078:4300;
+ community ONENET_SRC_PEER members 5078:4200;
+ community ONENET_SRC_RESEARCH members 5078:4100;
community OSBI-VPN members target:5078:2546;
community UCO-VPN members target:5078:3001;
}
@@ -1254,6 +1430,7 @@
from {
prefix-list {
PRE-BGP-ALLOW;
+ PRE-BGP-RI-ALLOW;
}
protocol tcp;
port 179;
@@ -1451,6 +1628,23 @@
route 0.0.0.0/0 next-hop 10.100.100.1;
}
}
+ protocols {
+ bgp {
+ group EBGP-UCO-L3VPN {
+ type external;
+ family inet {
+ unicast;
+ }
+ neighbor 10.100.100.1 {
+ description "EBGP-UCO-L3VPN-CIR000XXXX [ORDERED]";
+ import EBGP-UCO-L3VPN-V4-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-UCO-L3VPN-V4-EXPORT;
+ peer-as 64579;
+ }
+ }
+ }
+ }
}
}
{master}
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 145553)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -674,7 +674,6 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.edmmcs.onenet.net
===================================================================
--- configs/core.edmmcs.onenet.net (revision 145516)
+++ configs/core.edmmcs.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EDMOND-MCS-MX80> show system commit
+# 2016-08-14 03:57:38 CDT by andrew via cli
+# 2016-08-14 03:56:30 CDT by andrew via cli
+# 2016-08-14 03:54:55 CDT by andrew via cli
# 2016-08-12 16:23:30 CDT by rnordmark via cli
# 2016-08-12 16:20:00 CDT by rnordmark via cli
# 2016-08-12 15:42:31 CDT by andrew via cli
-# 2016-07-20 10:06:43 CDT by andrew via cli
-# 2016-05-10 17:00:13 CDT by rnordmark via cli
-# 2016-05-10 16:58:56 CDT by rnordmark via cli
# grnoc-mon at EDMOND-MCS-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -223,7 +223,7 @@
# grnoc-mon at EDMOND-MCS-MX80> show system uptime
# System booted: 2016-06-26 09:48 CDT
# Protocols started: 2016-06-26 09:51 CDT
-# Last configured: 2016-08-12 16:23 CDT by rnordmark
+# Last configured: 2016-08-14 03:57 CDT by andrew
#
# grnoc-mon at EDMOND-MCS-MX80> show interface terse
#Interface Admin Link
@@ -283,6 +283,7 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
+#lsi.0 up up
#me0 up up
#me0.0 up up
#mtun up up
@@ -292,7 +293,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EDMOND-MCS-MX80> show configuration
-## Last commit: 2016-08-12 16:23:30 CDT by rnordmark
+## Last commit: 2016-08-14 03:57:38 CDT by andrew
version 13.3R8.7;
system {
host-name EDMOND-MCS-MX80;
@@ -721,6 +722,21 @@
description TUL-CORE6-IBGP-V6;
}
}
+ group EBGP-UCO-V4 {
+ type external;
+ accept-remote-nexthop;
+ family inet {
+ unicast;
+ }
+ neighbor 156.110.24.163 {
+ description "EBGP-UCO-CIR000XXXX [NO-MONITOR]";
+ import EBGP-UCO-V4-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-UCO-V4-EXPORT;
+ remove-private all;
+ peer-as 64579;
+ }
+ }
}
ospf {
reference-bandwidth 100g;
@@ -825,6 +841,146 @@
prefix-list PRE-L0-SOURCES {
apply-path "interfaces lo0 unit <*> family inet address <164.*>";
}
+ prefix-list EBGP-UCO-V4-PREFIXES {
+ 156.110.28.196/31;
+ 192.206.65.0/24;
+ 198.102.159.0/24;
+ 204.154.112.0/21;
+ }
+ prefix-list BOGONS-V4-PREFIXES {
+ 0.0.0.0/8;
+ 10.0.0.0/8;
+ 100.64.0.0/10;
+ 127.0.0.0/8;
+ 169.254.0.0/16;
+ 172.16.0.0/12;
+ 192.0.0.0/24;
+ 192.0.2.0/24;
+ 192.168.0.0/16;
+ 198.18.0.0/15;
+ 198.51.100.0/24;
+ 203.0.113.0/24;
+ 224.0.0.0/4;
+ 240.0.0.0/4;
+ }
+ prefix-list ONENET-AGGREGATE-ADVERTISED-V4-PREFIXES {
+ 156.110.0.0/16;
+ 164.58.0.0/16;
+ }
+ prefix-list ONENET-AGGREGATE-FILTERED-V4-PREFIXES {
+ 156.110.0.0/17;
+ 156.110.128.0/20;
+ 156.110.160.0/19;
+ 156.110.192.0/19;
+ 156.110.240.0/20;
+ 164.58.0.0/16;
+ }
+ prefix-list PRE-BGP-RI-ALLOW {
+ apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>";
+ }
+ policy-statement EBGP-UCO-L3VPN-V4-EXPORT {
+ term SEND-ROUTES {
+ then accept;
+ }
+ }
+ policy-statement EBGP-UCO-L3VPN-V4-IMPORT {
+ term ACCEPT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-UCO-V4-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-BOGONS {
+ from {
+ prefix-list-filter BOGONS-V4-PREFIXES orlonger;
+ }
+ then reject;
+ }
+ term REJECT-NO-ADVERTISE-COMMUNITY {
+ from community ONENET_E_NO_ADVERTISE;
+ then reject;
+ }
+ term REJECT-NO-CUSTOMER-COMMUNITY {
+ from community ONENET_E_NO_CUSTOMER;
+ then reject;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-UCO-V4-IMPORT {
+ term REJECT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then reject;
+ }
+ term REJECT-BOGONS {
+ from {
+ prefix-list-filter BOGONS-V4-PREFIXES orlonger;
+ }
+ then reject;
+ }
+ term CHECK-BLACKHOLE-LENGTH {
+ from {
+ community ONENET_BLACKHOLE;
+ route-filter 0.0.0.0/0 prefix-length-range /32-/32;
+ }
+ then next term;
+ }
+ term ACCEPT-BLACKHOLE {
+ from {
+ community ONENET_BLACKHOLE;
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community set ONENET_BLACKHOLE;
+ community add ONENET_SRC_CUSTOMER;
+ next-hop 192.0.2.1;
+ accept;
+ }
+ }
+ term REJECT-25-ORLONGER {
+ from {
+ route-filter 0.0.0.0/0 prefix-length-range /25-/32;
+ }
+ then reject;
+ }
+ term DELETE-PROHIBITED-COMMUNITIES {
+ from {
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community delete NON_ONENET;
+ community delete ONENET_ENGINEERING;
+ next term;
+ }
+ }
+ term ACCEPT-ROUTES {
+ from {
+ prefix-list-filter EBGP-UCO-V4-PREFIXES orlonger;
+ }
+ then {
+ community add ONENET_SRC_CUSTOMER;
+ next-hop peer-address;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -855,7 +1011,62 @@
}
}
}
+ policy-statement UCO-VRF-EXPORT {
+ term 1 {
+ from protocol static;
+ then {
+ community add UCO-VPN;
+ accept;
+ }
+ }
+ term 2 {
+ from protocol direct;
+ then {
+ community add UCO-VPN;
+ accept;
+ }
+ }
+ term reject {
+ then reject;
+ }
+ }
+ policy-statement UCO-VRF-IMPORT {
+ term 1 {
+ from {
+ protocol bgp;
+ community UCO-VPN;
+ }
+ then accept;
+ }
+ term reject {
+ then reject;
+ }
+ }
community EDMOND-MCS members 5078:9238;
+ community NON_ONENET {
+ invert-match;
+ members 5078:*;
+ }
+ community ONENET_ADV_AKAMAI members 5078:5400;
+ community ONENET_ADV_FACEBOOK members 5078:5500;
+ community ONENET_ADV_GGC members 5078:5600;
+ community ONENET_ADV_NETFLIX members 5078:5300;
+ community ONENET_ADV_PEER members 5078:5200;
+ community ONENET_ADV_RESEARCH members 5078:5100;
+ community ONENET_ADV_UPSTREAM members 5078:5000;
+ community ONENET_BLACKHOLE members 5078:911;
+ community ONENET_ENGINEERING members "5078:[023456789].*";
+ community ONENET_E_NO_ADVERTISE members 5078:10999;
+ community ONENET_E_NO_CACHE members 5078:10989;
+ community ONENET_E_NO_COMMODITY members 5078:10909;
+ community ONENET_E_NO_CUSTOMER members 5078:10939;
+ community ONENET_E_NO_PEER members 5078:10929;
+ community ONENET_E_NO_RESEARCH members 5078:10919;
+ community ONENET_SRC_COMMODITY members 5078:4000;
+ community ONENET_SRC_CUSTOMER members 5078:4300;
+ community ONENET_SRC_PEER members 5078:4200;
+ community ONENET_SRC_RESEARCH members 5078:4100;
+ community UCO-VPN members target:5078:3001;
}
firewall {
family inet {
@@ -899,6 +1110,7 @@
from {
prefix-list {
PRE-BGP-ALLOW;
+ PRE-BGP-RI-ALLOW;
}
protocol tcp;
port 179;
@@ -1043,6 +1255,34 @@
}
}
}
+routing-instances {
+ UCO-L3VPN {
+ description UCO-L3VPN;
+ instance-type vrf;
+ route-distinguisher 164.58.199.238:3001;
+ vrf-import UCO-VRF-IMPORT;
+ vrf-export UCO-VRF-EXPORT;
+ vrf-target target:5078:3001;
+ vrf-table-label;
+ protocols {
+ bgp {
+ group EBGP-UCO-L3VPN {
+ type external;
+ family inet {
+ unicast;
+ }
+ neighbor 10.100.100.3 {
+ description "EBGP-UCO-L3VPN-CIR000XXXX [ORDERED]";
+ import EBGP-UCO-L3VPN-V4-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-UCO-L3VPN-V4-EXPORT;
+ peer-as 64579;
+ }
+ }
+ }
+ }
+ }
+}
# grnoc-mon at EDMOND-MCS-MX80> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.244.150 ge-1/0/9.42 Full 164.58.199.153
Index: configs/maysville-hs.client.onenet.net
===================================================================
--- configs/maysville-hs.client.onenet.net (revision 145553)
+++ configs/maysville-hs.client.onenet.net (working copy)
@@ -598,7 +598,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
More information about the Nocrancid
mailing list