[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Apr 3 14:04:15 CDT 2017
Index: configs/legal-aid-tulsa.client.onenet.net
===================================================================
--- configs/legal-aid-tulsa.client.onenet.net (revision 152082)
+++ configs/legal-aid-tulsa.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show system commit
+# 2017-04-03 13:40:53 CDT by andrew via cli
+# 2017-04-03 13:30:41 CDT by andrew via cli
+# 2017-04-03 13:15:04 CDT by andrew via cli
# 2017-04-03 11:33:21 CDT by andrew via cli
# 2017-04-03 11:07:14 CDT by andrew via cli
# 2017-04-03 11:06:16 CDT by andrew via cli
-# 2017-04-03 11:05:04 CDT by andrew via cli
-# 2017-04-03 11:02:44 CDT by andrew via cli
-# 2017-04-03 10:22:53 CDT by andrew via cli commit confirmed, rollback in 5mins
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -119,7 +119,7 @@
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show system uptime
# System booted: 2016-12-29 11:23 CST
# Protocols started: 2016-12-29 11:27 CST
-# Last configured: 2017-04-03 11:33 CDT by andrew
+# Last configured: 2017-04-03 13:40 CDT by andrew
#
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show interface terse
#Interface Admin Link
@@ -182,10 +182,11 @@
#tap up up
#vlan up up
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show configuration
-## Last commit: 2017-04-03 11:33:21 CDT by andrew
+## Last commit: 2017-04-03 13:40:53 CDT by andrew
version 12.3X48-D35.7;
system {
host-name LEGAL-AID-TULSA-SRX240-LR-004955;
+ auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -340,6 +341,15 @@
server 164.58.3.98 prefer;
}
}
+services {
+ flow-monitoring {
+ version9 {
+ template NTA-flow {
+ ipv4-template;
+ }
+ }
+ }
+}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -625,6 +635,9 @@
description "L3 INTERFACE - UNTRUST-WAN - 164.58.0.81/31";
vlan-id 500;
family inet {
+ sampling {
+ input;
+ }
address 164.58.0.81/31;
}
}
@@ -632,6 +645,9 @@
description "L3 INTERFACE - MPLS - 10.199.6.14/30";
vlan-id 501;
family inet {
+ sampling {
+ input;
+ }
address 10.199.6.14/30;
}
}
@@ -690,6 +706,9 @@
description "L3 INTERFACE - Data - 192.168.2.1/24";
vlan-id 1;
family inet {
+ sampling {
+ input;
+ }
address 192.168.2.1/24;
}
}
@@ -697,6 +716,9 @@
description "L3 INTERFACE - Data - 192.168.10.1/24";
vlan-id 10;
family inet {
+ sampling {
+ input;
+ }
address 192.168.10.1/24;
}
}
@@ -704,6 +726,9 @@
description "L3 INTERFACE - Data - 192.168.11.1/24";
vlan-id 11;
family inet {
+ sampling {
+ input;
+ }
address 192.168.11.1/24;
}
}
@@ -711,6 +736,9 @@
description "L3 INTERFACE - Data - 192.168.12.1/24";
vlan-id 12;
family inet {
+ sampling {
+ input;
+ }
address 192.168.12.1/24;
}
}
@@ -718,6 +746,9 @@
description "L3 INTERFACE - Data - 192.168.13.1/24";
vlan-id 13;
family inet {
+ sampling {
+ input;
+ }
address 192.168.13.1/24;
}
}
@@ -725,6 +756,9 @@
description "L3 INTERFACE - Data - 192.168.14.1/24";
vlan-id 14;
family inet {
+ sampling {
+ input;
+ }
address 192.168.14.1/24;
}
}
@@ -732,6 +766,9 @@
description "L3 INTERFACE - Data - 192.168.111.1/24";
vlan-id 111;
family inet {
+ sampling {
+ input;
+ }
address 192.168.111.1/24;
}
}
@@ -739,6 +776,9 @@
description "L3 INTERFACE - Voice - 192.168.112.1/24";
vlan-id 112;
family inet {
+ sampling {
+ input;
+ }
address 192.168.112.1/24;
}
}
@@ -746,6 +786,9 @@
description "L3 INTERFACE - Wifi - 192.168.113.1/24";
vlan-id 113;
family inet {
+ sampling {
+ input;
+ }
address 192.168.113.1/24;
}
}
@@ -776,12 +819,32 @@
authorization read-only;
}
}
+forwarding-options {
+ sampling {
+ input {
+ rate 1024;
+ run-length 0;
+ }
+ family inet {
+ output {
+ flow-server 208.76.14.247 {
+ port 20013;
+ version9 {
+ template {
+ NTA-flow;
+ }
+ }
+ }
+ inline-jflow {
+ source-address 164.58.0.81;
+ }
+ }
+ }
+ }
+}
routing-options {
static {
route 0.0.0.0/0 next-hop 164.58.0.80;
- route 192.168.0.0/16 next-hop 10.199.6.13;
- route 10.0.0.0/8 next-hop 10.199.6.13;
- route 172.16.0.0/12 next-hop 10.199.6.13;
}
autonomous-system 64517;
}
@@ -789,7 +852,7 @@
bgp {
group EBGP-ONENET-L3VPN {
neighbor 10.199.6.13 {
- description "EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800-LR [ORDERED]";
+ description EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800;
import EBGP-LEGAL-AID-IMPORT;
# authentication-#key <removed>;
export EBGP-LEGAL-AID-EXPORT;
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 152084)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,7 +614,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.alt.onenet.net
===================================================================
--- configs/core.alt.onenet.net (revision 152084)
+++ configs/core.alt.onenet.net (working copy)
@@ -322,8 +322,8 @@
#ge-0/3/0.80 up up
#ge-0/3/0.500 up up
#ge-0/3/0.32767 up up
-#ge-0/3/1 up down
-#ge-0/3/1.0 up down
+#ge-0/3/1 up up
+#ge-0/3/1.0 up up
#ge-0/3/2 down down
#ge-0/3/3 up up
#ge-0/3/3.0 up up
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net (revision 152082)
+++ configs/core4.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE4-MX480-RE0> show system commit
+# 2017-04-03 13:33:36 CDT by andrew via cli commit synchronize
+# 2017-04-03 13:20:04 CDT by andrew via cli commit synchronize
# 2017-04-03 11:45:31 CDT by andrew via cli commit synchronize
# 2017-04-03 11:25:09 CDT by andrew via cli commit synchronize
# 2017-03-29 16:01:51 CDT by andrew via cli commit synchronize
# 2017-03-29 15:59:01 CDT by andrew via cli commit synchronize
-# 2017-03-29 15:45:04 CDT by andrew via cli commit synchronize
-# 2017-03-29 13:35:36 CDT by sean via cli commit synchronize
# grnoc-mon at OKC-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -436,7 +436,7 @@
# grnoc-mon at OKC-CORE4-MX480-RE0> show system uptime
# System booted: 2016-10-12 18:12 CDT
# Protocols started: 2016-10-12 18:14 CDT
-# Last configured: 2017-04-03 11:45 CDT by andrew
+# Last configured: 2017-04-03 13:33 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE4-MX480-RE0> show interface terse
@@ -1313,7 +1313,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE4-MX480-RE0> show configuration
-## Last commit: 2017-04-03 11:45:31 CDT by andrew
+## Last commit: 2017-04-03 13:33:36 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -6710,7 +6710,7 @@
}
}
unit 505 {
- description LEGAL-AID-OKC-MAIN-OFFICE-INTERNET-100M-CIR0019119;
+ description LEGAL-AID-OKC-MAIN-OFFICE-INTERNET-100M-CIR0019119-MR;
bandwidth 100m;
vlan-tags outer 505 inner 500;
family inet {
@@ -6985,7 +6985,7 @@
}
}
unit 1505 {
- description LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119;
+ description LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119-MR;
bandwidth 100m;
vlan-tags outer 505 inner 501;
family inet {
@@ -14841,7 +14841,6 @@
vrf-table-label;
routing-options {
static {
- route 0.0.0.0/0 next-hop 10.199.6.2;
route 192.168.42.0/24 next-hop 10.199.6.6;
route 192.168.43.0/24 next-hop 10.199.6.6;
route 192.168.44.0/24 next-hop 10.199.6.6;
@@ -14851,7 +14850,7 @@
bgp {
group EBGP-LEGAL-AID {
neighbor 10.199.6.2 {
- description "EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119 [ORDERED]";
+ description EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119-MR;
import EBGP-LEGAL-AID-IMPORT;
# authentication-#key <removed>;
export EBGP-LEGAL-AID-EXPORT;
Index: configs/oja-sw-youth-academy-manitou.client.onenet.net
===================================================================
--- configs/oja-sw-youth-academy-manitou.client.onenet.net (revision 152065)
+++ configs/oja-sw-youth-academy-manitou.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at OJA-SW-YOUTH-ACADEMY-MANITOU-LR-004653> show system uptime
-# System booted: 2017-03-20 08:50 CDT
-# Protocols started: 2017-03-20 08:52 CDT
+# System booted: 2017-04-03 13:10 CDT
+# Protocols started: 2017-04-03 13:12 CDT
# Last configured: 2015-11-09 09:44 CST by sky
#
# grnoc-mon at OJA-SW-YOUTH-ACADEMY-MANITOU-LR-004653> show interface terse
Index: configs/core5.tul.onenet.net
===================================================================
--- configs/core5.tul.onenet.net (revision 152082)
+++ configs/core5.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system commit
+# 2017-04-03 13:33:00 CDT by andrew via cli commit synchronize
+# 2017-04-03 13:12:35 CDT by andrew via cli commit synchronize
+# 2017-04-03 13:11:04 CDT by andrew via cli commit synchronize
+# 2017-04-03 13:08:01 CDT by andrew via cli commit synchronize
# 2017-04-03 11:45:08 CDT by andrew via cli commit synchronize
# 2017-04-03 11:39:02 CDT by andrew via cli commit synchronize
-# 2017-04-03 11:32:18 CDT by andrew via cli commit synchronize
-# 2017-04-03 10:22:44 CDT by andrew via cli commit synchronize
-# 2017-03-29 11:39:55 CDT by sean via cli commit synchronize
-# 2017-03-29 11:37:43 CDT by sean via cli commit synchronize
# grnoc-mon at TULSA-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -392,7 +392,7 @@
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 04:47 CDT
# Protocols started: 2016-08-15 04:53 CDT
-# Last configured: 2017-04-03 11:45 CDT by andrew
+# Last configured: 2017-04-03 13:33 CDT by andrew
#
# {master}
# grnoc-mon at TULSA-CORE5-MX480-RE0> show interface terse
@@ -859,7 +859,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE5-MX480-RE0> show configuration
-## Last commit: 2017-04-03 11:45:08 CDT by andrew
+## Last commit: 2017-04-03 13:33:00 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -7099,7 +7099,7 @@
route-filter 0.0.0.0/0 exact;
}
then {
- as-path-prepend "64517 64517";
+ as-path-expand last-as count 2;
accept;
}
}
@@ -9455,16 +9455,13 @@
route 192.168.36.0/24 next-hop 10.199.6.10;
route 192.168.37.0/24 next-hop 10.199.6.10;
route 192.168.38.0/24 next-hop 10.199.6.10;
- route 192.168.111.0/24 next-hop 10.199.6.14;
- route 192.168.112.0/24 next-hop 10.199.6.14;
- route 192.168.113.0/24 next-hop 10.199.6.14;
}
}
protocols {
bgp {
group EBGP-LEGAL-AID {
neighbor 10.199.6.14 {
- description "EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800-LR [ORDERED]";
+ description EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800-LR;
import EBGP-LEGAL-AID-IMPORT;
# authentication-#key <removed>;
export EBGP-LEGAL-AID-EXPORT;
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 152082)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -102,7 +102,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down up
+#ge-0/0/0 down down
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/legal-aid-okc.client.onenet.net
===================================================================
--- configs/legal-aid-okc.client.onenet.net (revision 152082)
+++ configs/legal-aid-okc.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show system commit
+# 2017-04-03 13:40:28 CDT by andrew via cli
+# 2017-04-03 13:30:58 CDT by andrew via cli
+# 2017-04-03 13:25:00 CDT by andrew via cli commit confirmed, rollback in 5mins
+# 2017-04-03 13:19:24 CDT by andrew via cli
+# 2017-04-03 13:15:51 CDT by andrew via cli
# 2017-04-03 11:28:28 CDT by andrew via cli commit confirmed, rollback in 5mins
-# 2017-04-03 11:07:32 CDT by andrew via cli
-# 2017-04-03 11:01:57 CDT by andrew via cli
-# 2017-04-03 10:27:45 CDT by andrew via cli
-# 2017-04-03 10:24:39 CDT by andrew via cli
-# 2017-04-03 10:24:12 CDT by andrew via cli
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -117,7 +117,7 @@
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show system uptime
# System booted: 2016-11-08 16:48 CST
# Protocols started: 2016-11-08 16:52 CST
-# Last configured: 2017-04-03 11:28 CDT by andrew
+# Last configured: 2017-04-03 13:40 CDT by andrew
#
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show interface terse
#Interface Admin Link
@@ -192,10 +192,11 @@
#tap up up
#vlan up up
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show configuration
-## Last commit: 2017-04-03 11:28:28 CDT by andrew
+## Last commit: 2017-04-03 13:40:28 CDT by andrew
version 12.1X46-D40.2;
system {
host-name LEGAL-AID-OKC-SRX240-MR;
+ auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -601,10 +602,6 @@
routing-options {
static {
route 0.0.0.0/0 next-hop 164.58.28.57;
- route 192.168.42.0/24 next-hop 10.199.6.1;
- route 192.168.36.0/24 next-hop 10.199.6.1;
- route 192.168.37.0/24 next-hop 10.199.6.1;
- route 192.168.38.0/24 next-hop 10.199.6.1;
route 10.199.6.0/25 next-hop 10.199.6.1;
route 10.100.100.0/24 next-hop 10.255.255.254;
route 10.100.120.0/22 next-hop st0.0;
@@ -622,17 +619,6 @@
route 192.168.134.0/24 next-hop st0.22;
route 192.168.132.0/24 next-hop st0.13;
route 192.168.146.0/24 next-hop st0.21;
- route 192.168.111.0/24 next-hop 10.199.6.1;
- route 192.168.112.0/24 next-hop 10.199.6.1;
- route 192.168.113.0/24 next-hop 10.199.6.1;
- route 192.168.43.0/24 next-hop 10.199.6.1;
- route 192.168.44.0/24 next-hop 10.199.6.1;
- route 192.168.2.0/24 next-hop 10.199.6.1;
- route 192.168.10.0/24 next-hop 10.199.6.1;
- route 192.168.11.0/24 next-hop 10.199.6.1;
- route 192.168.12.0/24 next-hop 10.199.6.1;
- route 192.168.13.0/24 next-hop 10.199.6.1;
- route 192.168.14.0/24 next-hop 10.199.6.1;
}
autonomous-system 64517;
}
@@ -640,7 +626,7 @@
bgp {
group EBGP-ONENET-L3VPN {
neighbor 10.199.6.1 {
- description "EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119 [ORDERED]";
+ description EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119;
import EBGP-LEGAL-AID-IMPORT;
# authentication-#key <removed>;
export EBGP-LEGAL-AID-EXPORT;
@@ -648,12 +634,6 @@
}
}
}
- ospf {
- export EXPORT-TO-OSPF;
- area 0.0.0.0 {
- interface ge-0/0/14.0;
- }
- }
lldp {
interface all;
}
@@ -701,31 +681,6 @@
then reject;
}
}
- policy-statement EXPORT-TO-OSPF {
- term REJECT-DEFAULT {
- from {
- route-filter 0.0.0.0/0 exact;
- }
- then reject;
- }
- term REJECT-BATESVILLE {
- from {
- route-filter 10.100.100.0/24 exact;
- }
- then reject;
- }
- term SEND-STATIC {
- from protocol static;
- then accept;
- }
- term SEND-DIRECT {
- from protocol direct;
- then accept;
- }
- term REJECT-ALL-ELSE {
- then reject;
- }
- }
}
security {
ike {
@@ -1214,6 +1169,20 @@
}
}
}
+ rule-set MPLS-TO-UNTRUST-NAT {
+ from zone MPLS;
+ to zone UNTRUST;
+ rule NAT-MPLS-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
}
static {
rule-set SNAT-UNTRUST {
@@ -1344,21 +1313,74 @@
}
}
}
+ from-zone MPLS to-zone TRUST {
+ policy MPLS-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone MPLS to-zone UNTRUST {
+ policy MPLS-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit {
+ application-services {
+ utm-policy junos-wf-policy;
+ }
+ }
+ }
+ }
+ }
+ from-zone TRUST to-zone MPLS {
+ policy TRUST-TO-MPLS {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone MPLS to-zone VPN {
+ policy MPLS-TO-VPN {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone VPN to-zone MPLS {
+ policy VPN-TO-MPLS {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
interfaces {
- ge-0/0/0.501 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- protocols {
- bgp;
- }
- }
- }
ge-0/0/15.1 {
host-inbound-traffic {
system-services {
@@ -1404,9 +1426,6 @@
ping;
traceroute;
}
- protocols {
- ospf;
- }
}
}
ge-0/0/13.0 {
@@ -1567,6 +1586,21 @@
}
}
}
+ security-zone MPLS {
+ interfaces {
+ ge-0/0/0.501 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ https;
+ snmp;
+ }
+ }
+ }
+ }
+ }
}
}
firewall {
@@ -1709,8 +1743,7 @@
}
}
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show ospf neighbor
-# Address Interface State ID Pri Dead
-# 172.31.253.130 ge-0/0/14.0 Full 192.168.253.1
+# OSPF instance is not running
#
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show bfd session
More information about the Nocrancid
mailing list