[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Aug 9 19:05:39 CDT 2017
Index: configs/allen-public-library.client.onenet.net
===================================================================
--- configs/allen-public-library.client.onenet.net (revision 155634)
+++ configs/allen-public-library.client.onenet.net (working copy)
@@ -147,8 +147,8 @@
#ge-0/0/1.0 up down
#ge-0/0/2 up up
#ge-0/0/2.0 up up
-#ge-0/0/3 up up
-#ge-0/0/3.0 up up
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
#ge-0/0/4 up down
#ge-0/0/4.0 up down
#ge-0/0/5 up up
Index: configs/hub.chi.onenet.net
===================================================================
--- configs/hub.chi.onenet.net (revision 155634)
+++ configs/hub.chi.onenet.net (working copy)
@@ -388,7 +388,7 @@
#t3-2/0/1 down down
#ct3-2/0/2 up up
#t1-2/0/2:1 down up
-#t1-2/0/2:2 down down
+#t1-2/0/2:2 down up
#t1-2/0/2:3 down down
#t1-2/0/2:4 down down
#t1-2/0/2:5 down down
Index: configs/okc-vpn-cluster.okc.onenet.net
===================================================================
--- configs/okc-vpn-cluster.okc.onenet.net (revision 155607)
+++ configs/okc-vpn-cluster.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show system commit
+# 2017-08-09 18:55:14 CDT by andrew via cli commit confirmed, rollback in 3mins
+# 2017-08-09 18:29:32 CDT by andrew via cli
+# 2017-08-09 18:24:46 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2017-06-29 11:46:02 CDT by sky via cli
# 2017-06-07 14:27:01 CDT by sean via cli
# 2017-05-19 11:46:50 CDT by sky via cli
-# 2017-05-19 11:37:36 CDT by sky via cli
-# 2017-05-12 14:41:31 CDT by sky via cli
-# 2017-05-10 13:32:43 CDT by sky via cli
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show chassis environment
# node0:
# --------------------------------------------------------------------------
@@ -266,12 +266,12 @@
# --------------------------------------------------------------------------
# System booted: 2016-10-12 08:16 CDT
# Protocols started: 2016-10-12 08:20 CDT
-# Last configured: 2017-06-29 11:46 CDT by sky
+# Last configured: 2017-08-09 18:55 CDT by andrew
#
# node1:
# --------------------------------------------------------------------------
# System booted: 2016-10-12 08:01 CDT
-# Last configured: 2017-06-29 11:29 CDT by root
+# Last configured: 2017-08-09 18:38 CDT by root
#
# {primary:node0}
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show interface terse
@@ -304,6 +304,7 @@
#ge-0/0/15.604 up up
#ge-0/0/15.605 up up
#ge-0/0/15.606 up up
+#ge-0/0/15.607 up up
#ge-0/0/15.32767 up up
#ge-5/0/0 up down
#ge-5/0/1 up up
@@ -331,6 +332,7 @@
#ge-5/0/15.604 up up
#ge-5/0/15.605 up up
#ge-5/0/15.606 up up
+#ge-5/0/15.607 up up
#ge-5/0/15.32767 up up
#fab0 up up
#fab0.0 up up
@@ -367,6 +369,7 @@
#reth1.604 up up
#reth1.605 up up
#reth1.606 up up
+#reth1.607 up up
#reth1.32767 up up
#st0 up up
#st0.0 up up
@@ -391,12 +394,19 @@
#st0.26 up down
#st0.27 up up
#st0.28 up down
+#st0.30 up down
+#st0.31 up down
+#st0.32 up down
+#st0.33 up down
+#st0.34 up down
+#st0.35 up down
+#st0.36 up down
#swfab0 up down
#swfab1 up down
#tap up up
#vlan up down
# grnoc-mon at OKC-VPN-CLUSTER-NODE0> show configuration
-## Last commit: 2017-06-29 11:46:02 CDT by sky
+## Last commit: 2017-08-09 18:55:14 CDT by andrew
version 12.1X46-D40.2;
groups {
node0 {
@@ -712,6 +722,14 @@
address 10.119.0.21/31;
}
}
+ unit 607 {
+ description "CORE5-OKC-MHSSO [NO-MONITOR]";
+ vlan-id 607;
+ family inet {
+ mtu 1500;
+ address 10.199.28.95/31;
+ }
+ }
}
st0 {
unit 0 {
@@ -861,6 +879,55 @@
mtu 1440;
}
}
+ unit 30 {
+ description "MHSSO-ARDMORE-ADMINISTRATION [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.80/31;
+ }
+ }
+ unit 31 {
+ description "MHSSO-DURANT [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.82/31;
+ }
+ }
+ unit 32 {
+ description "MHSSO-ADA [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.84/31;
+ }
+ }
+ unit 33 {
+ description "MHSSO-ARDMORE-CRISIS [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.86/31;
+ }
+ }
+ unit 34 {
+ description "MHSSO-PAULS-VALLEY [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.88/31;
+ }
+ }
+ unit 35 {
+ description "MHSSO-SEMINOLE [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.90/31;
+ }
+ }
+ unit 36 {
+ description "MHSSO-TISHOMINGO [NO-MONITOR]";
+ family inet {
+ mtu 1440;
+ address 10.199.28.92/31;
+ }
+ }
}
}
snmp {
@@ -1195,6 +1262,41 @@
proposals PRE-G2-AES128-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-MHSSO-ARDMORE-ADMIN {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-DURANT {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-ADA {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-ARDMORE-CRISIS {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-PAULS-VALLEY {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-SEMINOLE {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-MHSSO-TISHOMINGO {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-COMANCHE-PS {
ike-policy IKE-COMANCHE-PS;
address 166.141.5.145;
@@ -1328,6 +1430,55 @@
external-interface lo0.0;
local-address 164.58.0.253;
}
+ gateway IKE-GATE-MHSSO-ARDMORE-ADMIN {
+ ike-policy IKE-MHSSO-ARDMORE-ADMIN;
+ address 12.246.241.50;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-DURANT {
+ ike-policy IKE-MHSSO-DURANT;
+ address 12.246.241.66;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-ADA {
+ ike-policy IKE-MHSSO-ADA;
+ address 12.246.241.98;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-ARDMORE-CRISIS {
+ ike-policy IKE-MHSSO-ARDMORE-CRISIS;
+ address 12.246.241.54;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-PAULS-VALLEY {
+ ike-policy IKE-MHSSO-PAULS-VALLEY;
+ address 12.246.241.90;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-SEMINOLE {
+ ike-policy IKE-MHSSO-SEMINOLE;
+ address 12.246.241.62;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
+ gateway IKE-GATE-MHSSO-TISHOMINGO {
+ ike-policy IKE-MHSSO-TISHOMINGO;
+ address 12.246.241.58;
+ dead-peer-detection;
+ external-interface lo0.0;
+ local-address 164.58.0.252;
+ }
}
ipsec {
proposal ESP-AES128-SHA {
@@ -1408,6 +1559,27 @@
policy VPN-POLICY-ODOT-DATA-EDMOND-RES {
proposals ESP-AES128-SHA;
}
+ policy VPN-POLICY-MHSSO-ARDMORE-ADMIN {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-DURANT {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-ADA {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-ARDMORE-CRISIS {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-PAULS-VALLEY {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-SEMINOLE {
+ proposals ESP-AES128-SHA;
+ }
+ policy VPN-POLICY-MHSSO-TISHOMINGO {
+ proposals ESP-AES128-SHA;
+ }
vpn IPSEC-VPN-COMANCHE-PS {
bind-interface st0.0;
ike {
@@ -1584,6 +1756,62 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-MHSSO-ARDMORE-ADMIN {
+ bind-interface st0.30;
+ ike {
+ gateway IKE-GATE-MHSSO-ARDMORE-ADMIN;
+ ipsec-policy VPN-POLICY-MHSSO-ARDMORE-ADMIN;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-DURANT {
+ bind-interface st0.31;
+ ike {
+ gateway IKE-GATE-MHSSO-DURANT;
+ ipsec-policy VPN-POLICY-MHSSO-DURANT;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-ADA {
+ bind-interface st0.32;
+ ike {
+ gateway IKE-GATE-MHSSO-ADA;
+ ipsec-policy VPN-POLICY-MHSSO-ADA;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-ARDMORE-CRISIS {
+ bind-interface st0.33;
+ ike {
+ gateway IKE-GATE-MHSSO-ARDMORE-CRISIS;
+ ipsec-policy VPN-POLICY-MHSSO-ARDMORE-CRISIS;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-PAULS-VALLEY {
+ bind-interface st0.34;
+ ike {
+ gateway IKE-GATE-MHSSO-PAULS-VALLEY;
+ ipsec-policy VPN-POLICY-MHSSO-PAULS-VALLEY;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-SEMINOLE {
+ bind-interface st0.35;
+ ike {
+ gateway IKE-GATE-MHSSO-SEMINOLE;
+ ipsec-policy VPN-POLICY-MHSSO-SEMINOLE;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-MHSSO-TISHOMINGO {
+ bind-interface st0.36;
+ ike {
+ gateway IKE-GATE-MHSSO-TISHOMINGO;
+ ipsec-policy VPN-POLICY-MHSSO-TISHOMINGO;
+ }
+ establish-tunnels immediately;
+ }
}
alg {
msrpc disable;
@@ -1743,6 +1971,18 @@
}
}
}
+ from-zone MHSSO to-zone MHSSO {
+ policy 201708091828 {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone UNTRUST {
@@ -2145,6 +2385,74 @@
}
}
}
+ security-zone MHSSO {
+ interfaces {
+ reth1.607 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.30 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.31 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.32 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.33 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.34 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.35 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.36 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
}
}
firewall {
@@ -2219,6 +2527,22 @@
}
}
}
+ MHSSO {
+ instance-type virtual-router;
+ interface reth1.607;
+ interface st0.30;
+ interface st0.31;
+ interface st0.32;
+ interface st0.33;
+ interface st0.34;
+ interface st0.35;
+ interface st0.36;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.28.94;
+ }
+ }
+ }
OMES-AGENCY-DATA {
instance-type virtual-router;
interface reth1.601;
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 155634)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 155634)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -691,7 +691,6 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/odot-stillwater-residence.client.onenet.net
===================================================================
--- configs/odot-stillwater-residence.client.onenet.net (revision 155623)
+++ configs/odot-stillwater-residence.client.onenet.net (working copy)
@@ -136,8 +136,8 @@
#ge-0/0/2.0 up down
#ge-0/0/3 up up
#ge-0/0/3.0 up up
-#ge-0/0/4 up down
-#ge-0/0/4.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
#ge-0/0/5 up down
#ge-0/0/5.0 up down
#ge-0/0/6 up up
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 155632)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2017-08-09 18:24:50 CDT by andrew via cli commit synchronize
+# 2017-08-09 18:21:19 CDT by andrew via cli commit synchronize
+# 2017-08-09 18:06:02 CDT by andrew via cli commit synchronize
# 2017-08-09 15:22:27 CDT by sean via cli commit synchronize
# 2017-08-09 12:11:04 CDT by sean via cli commit synchronize
# 2017-08-09 12:02:49 CDT by andrew via cli commit synchronize
-# 2017-08-09 11:44:45 CDT by sean via cli commit synchronize
-# 2017-08-09 11:24:57 CDT by sean via cli commit synchronize
-# 2017-08-09 11:22:10 CDT by sky via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -562,7 +562,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2016-10-12 08:16 CDT
# Protocols started: 2016-10-12 08:18 CDT
-# Last configured: 2017-08-09 15:22 CDT by sean
+# Last configured: 2017-08-09 18:24 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -1256,6 +1256,7 @@
#irb.604 up up
#irb.605 up up
#irb.606 up up
+#irb.607 up up
#lo0 up up
#lo0.0 up up
#lo0.1 up up
@@ -1289,6 +1290,7 @@
#lsi.31 up up
#lsi.32 up up
#lsi.33 up up
+#lsi.34 up up
#lsi.1048577 up up
#lsi.1048592 up up
#lsi.1048593 up up
@@ -1357,7 +1359,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2017-08-09 15:22:27 CDT by sean
+## Last commit: 2017-08-09 18:24:50 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -8651,7 +8653,7 @@
unit 0 {
family bridge {
interface-mode trunk;
- vlan-id-list 600-606;
+ vlan-id-list 600-607;
}
}
}
@@ -8660,7 +8662,7 @@
unit 0 {
family bridge {
interface-mode trunk;
- vlan-id-list 600-606;
+ vlan-id-list 600-607;
}
}
}
@@ -9726,6 +9728,12 @@
address 10.119.0.20/31;
}
}
+ unit 607 {
+ description OKC-VPN-CLUSTER-MHSSO;
+ family inet {
+ address 10.199.28.94/31;
+ }
+ }
}
lo0 {
description OKC-CORE5-MX480-Loopback;
@@ -12196,6 +12204,41 @@
load-balance per-packet;
}
}
+ policy-statement MHSSO-VRF-EXPORT {
+ term 1 {
+ from protocol static;
+ then {
+ community add MHSSO-VPN;
+ accept;
+ }
+ }
+ term 2 {
+ from protocol direct;
+ then {
+ community add MHSSO-VPN;
+ accept;
+ }
+ }
+ term 3 {
+ from protocol ospf;
+ then {
+ community add MHSSO-VPN;
+ accept;
+ }
+ }
+ }
+ policy-statement MHSSO-VRF-IMPORT {
+ term 1 {
+ from {
+ protocol bgp;
+ community MHSSO-VPN;
+ }
+ then accept;
+ }
+ term 2 {
+ then reject;
+ }
+ }
policy-statement NEXT-HOP-SELF {
term BLACKHOLE {
from community ONENET_BLACKHOLE;
@@ -12937,6 +12980,7 @@
community DPS-VPN members target:5078:2540;
community JDMC-VPN members target:5078:2670;
community KIAMICHI-FMC-VPN members target:5078:2629;
+ community MHSSO-VPN members target:5078:2643;
community NON_ONENET {
invert-match;
members 5078:*;
@@ -20204,6 +20248,23 @@
}
}
}
+ MHSSO-L3VPN {
+ description MENTAL-HEALTH-SERVICES-OF-SOUTHERN-OKLAHOMA-L3VPN;
+ instance-type vrf;
+ interface irb.607;
+ route-distinguisher 164.58.199.215:2643;
+ vrf-import MHSSO-VRF-IMPORT;
+ vrf-export MHSSO-VRF-EXPORT;
+ vrf-target target:5078:2643;
+ vrf-table-label;
+ routing-options {
+ static {
+ route 10.0.0.0/8 next-hop 10.199.28.95;
+ route 172.16.0.0/12 next-hop 10.199.28.95;
+ route 192.168.0.0/16 next-hop 10.199.28.95;
+ }
+ }
+ }
ODMHSAS-L3VPN {
description ODMHSAS-L3VPN;
instance-type vrf;
@@ -21135,6 +21196,10 @@
vlan-id 606;
routing-interface irb.606;
}
+ VLAN-607 {
+ vlan-id 607;
+ routing-interface irb.607;
+ }
VLAN_233 {
domain-type bridge;
vlan-id 233;
Index: configs/maysville-hs.client.onenet.net
===================================================================
--- configs/maysville-hs.client.onenet.net (revision 155603)
+++ configs/maysville-hs.client.onenet.net (working copy)
@@ -612,6 +612,7 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
More information about the Nocrancid
mailing list