[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Sep 1 14:03:57 CDT 2016
Index: configs/pushmataha-fmc-boswell.client.onenet.net
===================================================================
--- configs/pushmataha-fmc-boswell.client.onenet.net (revision 146100)
+++ configs/pushmataha-fmc-boswell.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PUSHMATAHA-FMC-BOSWELL-004949> show system commit
+# 2016-09-01 13:28:57 CDT by sky via cli
# 2016-09-01 12:53:28 CDT by admin via cli
# 2016-08-30 15:40:41 CDT by admin via cli
# 2016-08-30 14:46:02 CDT by admin via cli
# 2015-07-06 11:40:39 CDT by admin via cli
# 2015-06-30 16:03:40 CDT by admin via cli commit confirmed, rollback in 3mins
-# 2015-06-30 14:30:50 CDT by admin via cli commit confirmed, rollback in 3mins
# grnoc-mon at PUSHMATAHA-FMC-BOSWELL-004949> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -98,7 +98,7 @@
# grnoc-mon at PUSHMATAHA-FMC-BOSWELL-004949> show system uptime
# System booted: 2016-09-01 12:36 CDT
# Protocols started: 2016-09-01 12:38 CDT
-# Last configured: 2016-09-01 12:53 CDT by admin
+# Last configured: 2016-09-01 13:28 CDT by sky
#
# grnoc-mon at PUSHMATAHA-FMC-BOSWELL-004949> show interface terse
#Interface Admin Link
@@ -139,11 +139,12 @@
#ppd0 up up
#ppe0 up up
#st0 up up
+#st0.0 up up
#tap up up
#vlan up up
#vlan.999 up down
# grnoc-mon at PUSHMATAHA-FMC-BOSWELL-004949> show configuration
-## Last commit: 2016-09-01 12:53:28 CDT by admin
+## Last commit: 2016-09-01 13:28:57 CDT by sky
version 12.1X46-D20.5;
system {
host-name PUSHMATAHA-FMC-BOSWELL-004949;
@@ -339,6 +340,14 @@
}
}
}
+ st0 {
+ unit 0 {
+ description "TUNNEL TO CLAYTON VPN";
+ family inet {
+ mtu 1440;
+ }
+ }
+ }
vlan {
unit 999 {
description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
@@ -383,6 +392,53 @@
}
}
security {
+ ike {
+ proposal PRE-G2-3DES-SHA {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm sha1;
+ encryption-algorithm 3des-cbc;
+ lifetime-seconds 28800;
+ }
+ policy IKE-CLAYTON {
+ mode main;
+ proposals PRE-G2-3DES-SHA;
+# pre-shared-#key <removed>;
+ }
+ gateway IKE-GATE-CLAYTON {
+ ike-policy IKE-CLAYTON;
+ address 164.58.17.183;
+ external-interface ge-0/0/0.0;
+ }
+ }
+ ipsec {
+ proposal ESP-3DES-SHA {
+ description group2;
+ protocol esp;
+ authentication-algorithm hmac-sha1-96;
+ encryption-algorithm 3des-cbc;
+ lifetime-seconds 28800;
+ }
+ policy VPN-POLICY-CLAYTON {
+ proposals ESP-3DES-SHA;
+ }
+ vpn IPSEC-VPN-CLAYTON {
+ bind-interface st0.0;
+ ike {
+ gateway IKE-GATE-CLAYTON;
+ ipsec-policy VPN-POLICY-CLAYTON;
+ }
+ traffic-selector CLAYTON-VPN-192.168.0.15 {
+ local-ip 192.168.1.1/24;
+ remote-ip 192.168.0.15/32;
+ }
+ traffic-selector CLAYTON-VPN-192.168.0.100 {
+ local-ip 192.168.1.1/24;
+ remote-ip 192.168.0.100/32;
+ }
+ establish-tunnels immediately;
+ }
+ }
screen {
ids-option UNTRUST-SCREEN {
icmp {
@@ -461,6 +517,18 @@
}
}
}
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -474,6 +542,16 @@
}
}
}
+ st0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
}
}
security-zone TEST {
Index: configs/allen-public-library.client.onenet.net
===================================================================
--- configs/allen-public-library.client.onenet.net (revision 146100)
+++ configs/allen-public-library.client.onenet.net (working copy)
@@ -137,8 +137,8 @@
#ge-0/0/2.0 up up
#ge-0/0/3 up down
#ge-0/0/3.0 up down
-#ge-0/0/4 up up
-#ge-0/0/4.0 up up
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
#ge-0/0/5 up up
#ge-0/0/5.0 up up
#ge-0/0/6 up up
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 146088)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,6 +614,7 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/antlers-head-start.client.onenet.net
===================================================================
--- configs/antlers-head-start.client.onenet.net (revision 145427)
+++ configs/antlers-head-start.client.onenet.net (working copy)
@@ -107,14 +107,15 @@
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
# Trying to mount root from ufs:/dev/da0s2a
+# WARNING: / was not properly dismounted
#
# grnoc-mon at ANTLERS-HEAD-START-LR-004910> show version
# Hostname: ANTLERS-HEAD-START-LR-004910 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at ANTLERS-HEAD-START-LR-004910> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at ANTLERS-HEAD-START-LR-004910> show system uptime
-# System booted: 2016-08-08 16:42 CDT
-# Protocols started: 2016-08-08 16:45 CDT
+# System booted: 2016-09-01 12:57 CDT
+# Protocols started: 2016-09-01 13:00 CDT
# Last configured: 2016-08-09 10:08 CDT by andrew
#
# grnoc-mon at ANTLERS-HEAD-START-LR-004910> show interface terse
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 146100)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -1054,9 +1054,9 @@
#t1-3/3/0:1:23 down down
#t1-3/3/0:1:24 down down
#t1-3/3/0:1:25 down down
-#t1-3/3/0:1:26 up down
-#t1-3/3/0:1:26.16 up down
-#t1-3/3/0:1:26.17 up down
+#t1-3/3/0:1:26 up up
+#t1-3/3/0:1:26.16 up up
+#t1-3/3/0:1:26.17 up up
#t1-3/3/0:1:27 down down
#t1-3/3/0:1:28 down down
#coc1-3/3/0:2 up up
Index: configs/hub.bar.onenet.net
===================================================================
--- configs/hub.bar.onenet.net (revision 146097)
+++ configs/hub.bar.onenet.net (working copy)
@@ -338,7 +338,7 @@
#t1-2/0/2:20 up up
#t1-2/0/2:20.0 up up
#t1-2/0/2:21 up up
-#t1-2/0/2:21.0 up down
+#t1-2/0/2:21.0 up up
#t1-2/0/2:22 up up
#t1-2/0/2:22.0 up up
#t1-2/0/2:23 up up
Index: configs/core.shawobu.onenet.net
===================================================================
--- configs/core.shawobu.onenet.net (revision 146027)
+++ configs/core.shawobu.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OBU-SHAWNEE-MX104-RE0> show system commit
+# 2016-09-01 13:15:13 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-07-20 14:08:12 CDT by andrew via cli commit synchronize
# 2016-07-11 11:28:48 CDT by andrew via cli commit synchronize
# 2016-06-28 23:02:58 CDT by andrew via cli commit synchronize
# 2016-06-28 22:58:40 CDT by andrew via cli commit synchronize
# 2016-06-28 17:22:35 CDT by andrew via cli commit synchronize
-# 2016-06-28 16:24:05 CDT by andrew via cli commit synchronize
# grnoc-mon at OBU-SHAWNEE-MX104-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -234,7 +234,7 @@
# grnoc-mon at OBU-SHAWNEE-MX104-RE0> show system uptime
# System booted: 2016-05-27 18:18 CDT
# Protocols started: 2016-05-27 18:20 CDT
-# Last configured: 2016-07-20 14:08 CDT by andrew
+# Last configured: 2016-09-01 13:15 CDT by andrew
#
# {master}
# grnoc-mon at OBU-SHAWNEE-MX104-RE0> show interface terse
@@ -256,9 +256,7 @@
#ge-0/0/6 down down
#ge-0/0/7 down down
#ge-0/0/8 down down
-#ge-0/0/9 up down
-#ge-0/0/9.98 up down
-#ge-0/0/9.32767 up down
+#ge-0/0/9 down down
#ge-0/1/0 up up
#ge-0/1/0.80 up up
#ge-0/1/0.500 up up
@@ -309,7 +307,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OBU-SHAWNEE-MX104-RE0> show configuration
-## Last commit: 2016-07-20 14:08:12 CDT by andrew
+## Last commit: 2016-09-01 13:15:13 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -565,22 +563,7 @@
disable;
}
ge-0/0/9 {
- description "CORE 300M to core5.okc ge-1/3/5 | OneNet-OKC-SHAWOBU-300M-4324 [DECOM]";
- flexible-vlan-tagging;
- mtu 9192;
- encapsulation flexible-ethernet-services;
- unit 98 {
- vlan-id 98;
- family inet {
- mtu 1900;
- address 164.58.244.225/31;
- }
- family inet6 {
- mtu 1900;
- address 2610:1d8:1400::7/127;
- }
- family mpls;
- }
+ disable;
}
ge-0/1/0 {
description SHAWNEE-PS-DARK-FIBER-CIR0019186;
@@ -813,7 +796,6 @@
mpls {
icmp-tunneling;
interface lo0.0;
- interface ge-0/0/9.98;
interface xe-2/0/0.42;
}
bgp {
@@ -897,17 +879,6 @@
interface fxp0.0 {
disable;
}
- interface ge-0/0/9.98 {
- link-protection;
- metric 333;
- authentication {
- md5 7# key <removed>;
- }
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
interface xe-2/0/0.42 {
link-protection;
authentication {
@@ -926,15 +897,6 @@
interface lo0.0 {
passive;
}
- interface ge-0/0/9.98 {
- link-protection;
- metric 333;
- ipsec-sa OneNet-OSPF3-AUTH;
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
interface xe-2/0/0.42 {
link-protection;
ipsec-sa OneNet-OSPF3-AUTH;
@@ -948,7 +910,6 @@
ldp {
preference 255;
track-igp-metric;
- interface ge-0/0/9.98;
interface xe-2/0/0.42;
interface lo0.0;
}
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 146100)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -144,8 +144,8 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up up
-#ge-0/0/14.0 up up
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
Index: configs/antlers-pl.client.onenet.net
===================================================================
--- configs/antlers-pl.client.onenet.net (revision 143241)
+++ configs/antlers-pl.client.onenet.net (working copy)
@@ -95,8 +95,8 @@
# total files: 1
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show system uptime
-# System booted: 2016-05-31 22:46 CDT
-# Protocols started: 2016-05-31 22:48 CDT
+# System booted: 2016-09-01 12:58 CDT
+# Protocols started: 2016-09-01 13:00 CDT
# Last configured: 2016-03-16 14:37 CDT by joel
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show interface terse
Index: configs/core5.tul.onenet.net
===================================================================
--- configs/core5.tul.onenet.net (revision 146095)
+++ configs/core5.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system commit
+# 2016-09-01 13:43:41 CDT by joel via cli commit synchronize
# 2016-09-01 10:05:51 CDT by andrew via cli commit synchronize
# 2016-08-31 11:17:07 CDT by aberrios via cli commit synchronize
# 2016-08-31 11:15:33 CDT by aberrios via cli commit synchronize
# 2016-08-30 14:37:20 CDT by sky via cli commit synchronize
# 2016-08-30 14:31:09 CDT by sky via cli commit synchronize
-# 2016-08-30 14:14:08 CDT by sky via cli commit synchronize
# grnoc-mon at TULSA-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -391,7 +391,7 @@
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 04:47 CDT
# Protocols started: 2016-08-15 04:53 CDT
-# Last configured: 2016-09-01 10:05 CDT by andrew
+# Last configured: 2016-09-01 13:43 CDT by joel
#
# {master}
# grnoc-mon at TULSA-CORE5-MX480-RE0> show interface terse
@@ -642,6 +642,7 @@
#xe-2/3/0 up up
#xe-2/3/0.101 up up
#xe-2/3/0.102 up up
+#xe-2/3/0.106 up up
#xe-2/3/0.112 up up
#xe-2/3/0.114 up up
#xe-2/3/0.115 up up
@@ -746,7 +747,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE5-MX480-RE0> show configuration
-## Last commit: 2016-09-01 10:05:51 CDT by andrew
+## Last commit: 2016-09-01 13:43:41 CDT by joel
version 13.3R9.13;
groups {
re0 {
@@ -3104,6 +3105,22 @@
address 192.168.252.18/30;
}
}
+ unit 106 {
+ description SAYRE-PUBLIC-LIBRARY-20M-CIR0019238-LR;
+ bandwidth 20;
+ vlan-id 106;
+ family inet {
+ rpf-check;
+ policer {
+ input 20M-POL;
+ output 20M-POL;
+ }
+ sampling {
+ input;
+ }
+ address 10.0.0.1/30;
+ }
+ }
unit 112 {
description DOH-MCALESTER-MGMT-10M-CIR0005691-OCS;
vlan-tags outer 112 inner 500;
@@ -7196,6 +7213,10 @@
vrf-target target:5078:2531;
vrf-table-label;
}
+ TEST-JOEL {
+ instance-type virtual-router;
+ interface xe-2/3/0.106;
+ }
VPLS-AREON {
description AREON-VPLS-INSTANCE;
instance-type vpls;
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 146097)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -674,6 +674,7 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/odot-stillwater-residence.client.onenet.net
===================================================================
--- configs/odot-stillwater-residence.client.onenet.net (revision 146077)
+++ configs/odot-stillwater-residence.client.onenet.net (working copy)
@@ -124,8 +124,8 @@
#ge-0/0/2.0 up down
#ge-0/0/3 up up
#ge-0/0/3.0 up up
-#ge-0/0/4 up down
-#ge-0/0/4.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
#ge-0/0/5 up down
#ge-0/0/5.0 up down
#ge-0/0/6 up up
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 146100)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2016-09-01 13:58:41 CDT by sean via cli commit synchronize
+# 2016-09-01 13:34:12 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
+# 2016-09-01 13:17:46 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-09-01 11:45:09 CDT by sean via cli commit synchronize
# 2016-09-01 11:30:01 CDT by sean via cli commit synchronize
# 2016-08-30 10:35:54 CDT by sean via cli commit synchronize
-# 2016-08-29 17:55:08 CDT by andrew via cli commit synchronize
-# 2016-08-26 15:36:27 CDT by aberrios via cli commit synchronize
-# 2016-08-26 15:34:26 CDT by aberrios via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -442,7 +442,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 03:57 CDT
# Protocols started: 2016-08-15 04:06 CDT
-# Last configured: 2016-09-01 11:45 CDT by sean
+# Last configured: 2016-09-01 13:58 CDT by sean
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -476,7 +476,7 @@
#xe-0/1/0.32767 up up
#xe-0/1/1 up up
#xe-0/1/1.0 up up
-#ge-0/2/0 up down
+#ge-0/2/0 down down
#lc-0/2/0 up up
#lc-0/2/0.32769 up up
#pfe-0/2/0 up up
@@ -579,9 +579,7 @@
#ge-1/3/4.1756 up up
#ge-1/3/4.3756 up up
#ge-1/3/4.32767 up up
-#ge-1/3/5 up down
-#ge-1/3/5.98 up down
-#ge-1/3/5.32767 up down
+#ge-1/3/5 down down
#ge-1/3/6 up up
#ge-1/3/6.0 up up
#ge-1/3/7 up down
@@ -752,6 +750,7 @@
#xe-3/0/0.32767 up up
#xe-3/0/1 up up
#xe-3/0/1.507 up up
+#xe-3/0/1.509 up up
#xe-3/0/1.510 up up
#xe-3/0/1.511 up up
#xe-3/0/1.514 up up
@@ -907,7 +906,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2016-09-01 11:45:09 CDT by sean
+## Last commit: 2016-09-01 13:58:41 CDT by sean
version 13.3R9.13;
groups {
re0 {
@@ -1259,18 +1258,8 @@
802.3ad ae0;
}
}
- inactive: ge-0/2/0 {
- description "OneNetHub-Ardmore-Gig | OneNet-ARD-OKC-GE-3800";
- mtu 9192;
- unit 0 {
- family inet {
- mtu 9000;
- sampling {
- input;
- }
- address 164.58.245.153/30;
- }
- }
+ ge-0/2/0 {
+ disable;
}
ge-0/2/1 {
description OKACTE-SWI-1G-CIR0005479;
@@ -1796,33 +1785,7 @@
}
}
ge-1/3/5 {
- description "CORE 300M to core.shawobu ge-0/0/9 | OneNet-OKC-SHAWOBU-300M-4324 [DECOM]";
- flexible-vlan-tagging;
- speed 1g;
- mtu 9192;
- link-mode full-duplex;
- encapsulation flexible-ethernet-services;
- gigether-options {
- no-auto-negotiation;
- }
- unit 98 {
- vlan-id 98;
- family inet {
- mtu 1900;
- sampling {
- input;
- }
- address 164.58.244.224/31;
- }
- family inet6 {
- mtu 1900;
- sampling {
- input;
- }
- address 2610:1d8:1400::6/127;
- }
- family mpls;
- }
+ disable;
}
ge-1/3/6 {
description "IPERF MGMT";
@@ -3304,7 +3267,7 @@
mtu 9192;
encapsulation flexible-ethernet-services;
unit 507 {
- description "MARLOW-PS-100M-CIR0019197 [ORDERED]";
+ description "MARLOW-PS-100M-CIR0019197 ";
vlan-id 507;
family inet {
rpf-check;
@@ -3318,6 +3281,19 @@
address 156.110.42.245/30;
}
}
+ unit 509 {
+ description "CANADIAN-VALLEY-VO-TECH-CHICKASHA-500M-CIR0019261 [ORDERED]";
+ encapsulation vlan-vpls;
+ bandwidth 500m;
+ vlan-tags outer 509 inner-range 100-600;
+ native-inner-vlan-id 315;
+ family vpls {
+ policer {
+ input 500M-POL;
+ output 500M-POL;
+ }
+ }
+ }
unit 510 {
description "CHICKASHA-PUBLIC-LIBRARY-100Mb-CIR0019221 ";
bandwidth 100m;
@@ -4152,7 +4128,6 @@
route 156.110.34.224/28 next-hop 164.58.17.235;
route 164.58.16.224/29 next-hop 156.110.28.249;
route 156.110.39.240/29 next-hop 164.58.16.233;
- route 156.110.47.176/30 next-hop 156.110.42.246;
}
router-id 164.58.199.215;
autonomous-system 5078;
@@ -4168,14 +4143,11 @@
}
mpls {
icmp-tunneling;
- interface xe-1/0/0.60;
interface lo0.0;
interface xe-0/1/0.72;
interface ge-1/3/1.830;
- interface ge-1/3/3.69;
interface xe-2/1/1.500;
interface ae1.42;
- interface ge-1/3/5.98;
}
bgp {
damping;
@@ -4369,16 +4341,6 @@
interface fxp0.0 {
disable;
}
- interface xe-1/0/0.60 {
- link-protection;
- authentication {
- md5 7# key <removed>;
- }
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
interface xe-0/1/0.72 {
link-protection;
authentication {
@@ -4389,7 +4351,6 @@
multiplier 3;
}
}
- interface ge-0/2/0.0;
interface ge-1/3/1.830 {
link-protection;
authentication {
@@ -4400,11 +4361,6 @@
multiplier 3;
}
}
- interface ge-1/3/3.69 {
- authentication {
- md5 7# key <removed>;
- }
- }
interface xe-2/1/1.500 {
metric 100;
authentication {
@@ -4421,24 +4377,12 @@
multiplier 3;
}
}
- interface ge-1/3/5.98 {
- link-protection;
- metric 333;
- authentication {
- md5 7# key <removed>;
- }
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
}
}
ospf3 {
reference-bandwidth 100g;
area 0.0.0.0 {
interface xe-0/1/0.72;
- interface xe-1/0/0.60;
interface lo0.0;
interface ge-1/3/1.830 {
link-protection;
@@ -4456,25 +4400,13 @@
multiplier 3;
}
}
- interface ge-1/3/5.98 {
- link-protection;
- metric 333;
- ipsec-sa OneNet-OSPF3-AUTH;
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
}
}
ldp {
preference 255;
track-igp-metric;
interface xe-0/1/0.72;
- interface xe-1/0/0.60;
interface ge-1/3/1.830;
- interface ge-1/3/3.69;
- interface ge-1/3/5.98;
interface xe-2/1/1.500;
interface ae1.42;
interface lo0.0;
@@ -4580,9 +4512,7 @@
}
lldp {
interface xe-0/0/0;
- interface xe-1/0/0;
interface xe-0/1/0;
- interface ge-1/3/3;
interface xe-0/0/1;
interface xe-2/0/0;
interface ge-1/3/8;
@@ -13018,6 +12948,7 @@
instance-type vpls;
vlan-id all;
interface ge-1/3/3.315;
+ interface xe-3/0/1.509;
route-distinguisher 164.58.199.215:2523;
vrf-target target:5078:2523;
protocols {
@@ -13027,6 +12958,7 @@
packet-action drop;
}
interface ge-1/3/3.315;
+ interface xe-3/0/1.509;
no-tunnel-services;
site OKC-Core5 {
site-identifier 3;
Index: configs/hub.wil.onenet.net
===================================================================
--- configs/hub.wil.onenet.net (revision 146100)
+++ configs/hub.wil.onenet.net (working copy)
@@ -295,10 +295,10 @@
#t1-2/0/2:12 up down
#t1-2/0/2:13 down down
#t1-2/0/2:14 down down
-#t1-2/0/2:15 up down
-#t1-2/0/2:15.16 up down
-#t1-2/0/2:15.17 up down
-#t1-2/0/2:15.30 up down
+#t1-2/0/2:15 up up
+#t1-2/0/2:15.16 up up
+#t1-2/0/2:15.17 up up
+#t1-2/0/2:15.30 up up
#t1-2/0/2:16 down down
#t1-2/0/2:17 up down
#t1-2/0/2:17.0 up down
Index: configs/pushmataha-fmc-clayton.client.onenet.net
===================================================================
--- configs/pushmataha-fmc-clayton.client.onenet.net (revision 146097)
+++ configs/pushmataha-fmc-clayton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show system commit
+# 2016-09-01 13:38:06 CDT by sky via cli
+# 2016-09-01 13:37:39 CDT by sky via cli
+# 2016-09-01 13:36:11 CDT by sky via cli commit confirmed, rollback in 3mins
+# 2016-09-01 13:32:28 CDT by sky via cli
+# 2016-09-01 13:31:59 CDT by sky via cli commit confirmed, rollback in 3mins
# 2016-09-01 11:33:46 CDT by sky via cli
-# 2016-08-31 12:45:26 CDT by sky via cli
-# 2016-08-31 12:20:22 CDT by sky via cli
-# 2016-08-31 12:00:45 CDT by sky via cli
-# 2016-08-31 11:53:54 CDT by sky via cli
-# 2016-08-31 11:44:17 CDT by sky via cli
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -115,7 +115,7 @@
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show system uptime
# System booted: 2016-08-18 10:28 CDT
# Protocols started: 2016-08-18 10:31 CDT
-# Last configured: 2016-09-01 11:33 CDT by sky
+# Last configured: 2016-09-01 13:38 CDT by sky
#
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show interface terse
#Interface Admin Link
@@ -165,11 +165,12 @@
#ppe0 up up
#st0 up up
#st0.0 up up
+#st0.1 up up
#tap up up
#vlan up up
#vlan.999 up down
# grnoc-mon at PUSHMATAHA-FMC-CLAYTON-LR-004932> show configuration
-## Last commit: 2016-09-01 11:33:46 CDT by sky
+## Last commit: 2016-09-01 13:38:06 CDT by sky
version 12.1X46-D40.2;
system {
host-name PUSHMATAHA-FMC-CLAYTON-LR-004932;
@@ -430,6 +431,12 @@
mtu 1440;
}
}
+ unit 1 {
+ description "TUNNEL TO BOSWELL VPN";
+ family inet {
+ mtu 1440;
+ }
+ }
}
vlan {
unit 999 {
@@ -488,11 +495,21 @@
proposals PRE-G2-3DES-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-BOSWELL {
+ mode main;
+ proposals PRE-G2-3DES-SHA;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-DIA {
ike-policy IKE-DIA;
address 156.110.207.226;
external-interface ge-0/0/0.0;
}
+ gateway IKE-GATE-BOSWELL {
+ ike-policy IKE-BOSWELL;
+ address 40.135.80.170;
+ external-interface ge-0/0/0.0;
+ }
}
ipsec {
proposal ESP-3DES-SHA {
@@ -505,6 +522,9 @@
policy VPN-POLICY-DIA {
proposals ESP-3DES-SHA;
}
+ policy VPN-POLICY-BOSWELL {
+ proposals ESP-3DES-SHA;
+ }
vpn IPSEC-VPN-DIA {
bind-interface st0.0;
ike {
@@ -517,6 +537,22 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-BOSWELL {
+ bind-interface st0.1;
+ ike {
+ gateway IKE-GATE-BOSWELL;
+ ipsec-policy VPN-POLICY-BOSWELL;
+ }
+ traffic-selector BOSWELL-VPN-192.168.0.15 {
+ local-ip 192.168.0.15/32;
+ remote-ip 192.168.1.1/24;
+ }
+ traffic-selector BOSWELL-VPN-192.168.0.100 {
+ local-ip 192.168.0.100/32;
+ remote-ip 192.168.1.1/24;
+ }
+ establish-tunnels immediately;
+ }
}
screen {
ids-option UNTRUST-SCREEN {
@@ -631,6 +667,16 @@
}
}
}
+ st0.1 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
}
}
security-zone TEST {
Index: configs/core1.sti-mx960.onenet.net
===================================================================
--- configs/core1.sti-mx960.onenet.net (revision 145943)
+++ configs/core1.sti-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at STILLWATER-MX960-RE0> show system commit
+# 2016-09-01 13:40:58 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-08-26 16:07:58 CDT by andrew via cli commit synchronize
# 2016-08-26 11:49:41 CDT by andrew via cli commit synchronize
# 2016-08-08 09:55:08 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2016-08-08 09:49:24 CDT by andrew via cli commit synchronize
# 2016-08-06 13:51:40 CDT by andrew via cli commit synchronize
-# 2016-08-06 13:51:09 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# grnoc-mon at STILLWATER-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -511,7 +511,7 @@
# grnoc-mon at STILLWATER-MX960-RE0> show system uptime
# System booted: 2016-03-20 01:59 CDT
# Protocols started: 2016-03-20 02:02 CDT
-# Last configured: 2016-08-26 16:07 CDT by andrew
+# Last configured: 2016-09-01 13:40 CDT by andrew
#
# {master}
# grnoc-mon at STILLWATER-MX960-RE0> show interface terse
@@ -781,7 +781,7 @@
#pp0 up up
#tap up up
# grnoc-mon at STILLWATER-MX960-RE0> show configuration
-## Last commit: 2016-08-26 16:07:58 CDT by andrew
+## Last commit: 2016-09-01 13:40:58 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -1987,7 +1987,6 @@
interface xe-0/0/0.236;
interface lo0.0;
interface xe-1/0/1.40;
- inactive: interface xe-3/1/1.70;
interface xe-2/3/0.40;
interface xe-0/1/1.40;
interface xe-1/1/0.40;
@@ -2270,16 +2269,6 @@
multiplier 3;
}
}
- inactive: interface xe-3/1/1.70 {
- link-protection;
- authentication {
- md5 7# key <removed>;
- }
- bfd-liveness-detection {
- minimum-interval 100;
- multiplier 3;
- }
- }
interface xe-2/3/0.40 {
link-protection;
authentication {
@@ -2366,14 +2355,6 @@
multiplier 3;
}
}
- inactive: interface xe-3/1/1.70 {
- link-protection;
- ipsec-sa OneNet-OSPF3-AUTH;
- bfd-liveness-detection {
- minimum-interval 100;
- multiplier 3;
- }
- }
interface xe-0/0/1.40 {
link-protection;
ipsec-sa OneNet-OSPF3-AUTH;
@@ -2458,7 +2439,6 @@
interface xe-2/2/1.69;
interface xe-2/3/0.40;
interface xe-3/0/0.42;
- inactive: interface xe-3/1/1.70;
interface xe-4/0/0.42;
interface et-4/1/0.42;
interface et-4/3/0.42;
@@ -2513,7 +2493,6 @@
interface xe-1/0/1;
interface xe-0/1/1;
interface xe-1/1/0;
- inactive: interface xe-3/1/1;
interface xe-2/3/0;
interface xe-3/0/0;
interface et-4/1/0;
More information about the Nocrancid
mailing list