kiwi/oav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a096ce07cf5e22912f2b1eb01dff179dc2c3aae4
oav/tmp/other.txt
Charlie Root a096ce07cf Current oav website
2023-03-20 12:18:38 +01:00

2068 lines
63 KiB
Plaintext
Raw Blame History

version 7.0R2.7;
groups {
re0 {
system {
host-name jr1.sea-re0;
}
}
re1 {
system {
host-name jr1.sea-re1;
}
}
interface-options {
interfaces {
<*> {
unit <*> {
family inet {
filter {
input cflow;
}
}
}
}
}
}
}
apply-groups [ re0 re1 interface-options ];
system {
domain-name llnw.net;
domain-search [ llnw.net. sea.llnw.net. . ];
time-zone America/Phoenix;
default-address-selection;
no-redirects;
mirror-flash-on-disk;
authentication-order [ radius password ];
location {
country-code US;
postal-code 98121;
npa-nxx 206-448;
lata 722;
}
root-authentication {
encrypted-password "$1$Ae8yzVd4$DT0VItxNuv2eWXFXRNId60"; ## SECRET-DATA
}
name-server {
69.28.148.102;
}
radius-server {
208.48.140.13 {
secret "$9$RpZSrvdVYgJGregJGDmPIEhcKMVb2oJD"; ## SECRET-DATA
timeout 5;
}
}
login {
message "\njr1.sea Authorized Users Only\n\n";
class rancid {
permissions [ field interface network routing snmp system view firewall ];
allow-commands ping;
}
user admin {
uid 2000;
class superuser;
authentication {
authentication {
encrypted-password "$1$pHL6uzuv$2YevXezgJ3PUeNmlNbS2J0"; ## SECRET-DATA
}
}
user remote {
uid 2001;
class superuser;
}
}
services {
ssh {
root-login allow;
}
}
syslog {
archive size 5m files 5 world-readable;
user * {
any emergency;
}
host 208.48.140.16 {
authorization any;
cron any;
daemon notice;
kernel any;
user any;
firewall any;
pfe any;
conflict-log any;
change-log notice;
facility-override local4;
}
file messages {
any notice;
authorization info;
daemon any;
kernel any;
archive size 1m files 5 no-world-readable;
}
file firewall-logs {
firewall any;
archive size 1m files 2 no-world-readable;
}
}
ntp {
boot-server 132.246.168.148;
server 208.111.137.72;
server 69.28.133.10;
server 69.28.137.99;
}
}
chassis {
no-source-route;
redundancy {
routing-engine 0 master;
routing-engine 1 backup;
failover on-loss-of-keepalives;
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
description "TRKR swh1.sea A1";
disable;
vlan-tagging;
gigether-options {
no-flow-control;
}
}
ge-0/1/0 {
description "TRKR a2.swh1.sea";
disable;
vlan-tagging;
gigether-options {
no-flow-control;
}
unit 777 {
description "TRKR ge3-1.fr3.sea2";
vlan-id 777;
family inet {
address 69.28.171.238/30;
}
family iso;
}
}
ge-0/2/0 {
description "TRKR b1.swh1.sea";
disable;
vlan-tagging;
gigether-options {
no-flow-control;
}
unit 20 {
description "BKUP BBGX SEA-SJC";
vlan-id 20;
family inet {
address 69.28.172.34/30;
}
family iso;
}
}
ge-0/3/0 {
description "TRKR b2.swh1.sea";
disable;
vlan-tagging;
gigether-options {
no-flow-control;
}
}
dsc {
unit 0 {
family inet {
address 10.10.10.1/32 {
destination 10.10.10.2;
}
}
}
}
fxp1 {
description "fxp1 router-internal communication";
unit 0 {
description "fxp1.0 router-internal communication";
}
}
lo0 {
unit 0 {
family inet {
filter {
input router-input;
}
address 127.0.0.1/32;
address 68.142.92.194/32 {
preferred;
}
}
family iso {
address 49.0001.0681.4209.2194.00;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 20000;
run-length 2;
}
}
output {
cflowd 68.142.99.10 {
port 8777;
version 5;
autonomous-system-type origin;
}
inactive: cflowd 69.28.128.140 {
port 9997;
version 8;
autonomous-system-type peer;
aggregation {
source-destination-prefix;
}
}
}
}
hash-key {
family inet {
layer-3;
layer-4;
}
}
}
snmp {
community lime4pub {
authorization read-only;
clients {
208.48.140.0/25;
69.28.128.140/32;
69.28.148.103/32;
68.142.99.38/32;
68.142.99.39/32;
208.111.137.117/32;
}
}
}
routing-options {
interface-routes {
rib-group inet if-rib;
}
static {
/* Necessary for BGP default route origination */
route 0.0.0.0/0 discard;
/* LON route hack */
inactive: route 68.142.84.0/22 next-hop 67.17.159.65;
inactive: route 69.28.128.0/18 {
discard;
metric 15;
community 22822:5013;
}
inactive: route 68.142.64.0/18 {
discard;
metric 15;
community 22822:5013;
}
/* LLNW customers on GBLX sourced /24 */
route 69.28.190.0/23 next-hop 67.17.159.65;
/* LLNW customers on GBLX sourced /24 */
route 69.28.189.0/24 next-hop 67.17.159.65;
/* LLNW customers on GBLX sourced /24 */
route 68.142.75.0/24 next-hop 67.17.159.65;
route 68.142.100.0/22 next-hop 67.17.159.65;
/* Valve moved to fr3.sea2 */
inactive: route 68.142.92.64/28 next-hop 68.142.92.34;
inactive: route 68.142.92.0/23 {
discard;
metric 15;
community 22822:6013;
}
inactive: route 68.142.94.0/24 {
discard;
metric 15;
community 22822:6013;
}
}
rib-groups {
pim-rib {
export-rib inet.2;
import-rib inet.2;
}
if-rib {
import-rib [ inet.0 inet.2 ];
}
}
route-record;
autonomous-system 22822;
forwarding-table {
export load-balancing-policy;
}
}
protocols {
bgp {
advertise-inactive;
log-updown;
inactive: group CUST {
type external;
local-preference 200;
import reject-all;
family inet {
unicast {
prefix-limit {
maximum 500;
teardown idle-timeout 60;
}
}
}
export reject-all;
remove-private;
inactive: neighbor 68.142.92.202 {
description "CUST: swift ventures";
import [ deny-rfc1918 set-customer-comm CUST:AS25700 ];
family inet {
unicast;
multicast;
}
/* MD5 Key: g5U8i9er4tcF */
authentication-key "$9$XKR-VYJGD.fQkq39Au1IylKW7V24aDHm8XbY"; ## SECRET-DATA
/* regular is swift-add-pref. swift-temp is temp fix for sjc problems 12/13 */
export swift-add-pref;
peer-as 25700;
}
inactive: neighbor 68.142.92.206 {
description "CUST: swift ventures";
import [ deny-rfc1918 set-customer-comm CUST:AS25700 ];
family inet {
unicast;
multicast;
}
/* MD5 Key: g5U8i9er4tcF */
authentication-key "$9$gAJGiP5Q/Aun6BEcrvM7-VsoGHqmQ39YgUi"; ## SECRET-DATA
/* regular is swift-add-pref. swift-temp is temp fix for sjc problems 12/13 */
export swift-add-pref;
peer-as 25700;
}
}
group RS {
type internal;
multihop;
local-address 68.142.92.194;
advertise-inactive;
log-updown;
import reject-all;
family inet {
unicast;
multicast;
}
export transit-all;
remove-private;
peer-as 22822;
neighbor 69.28.128.218;
}
group BACKBONE {
type internal;
local-address 68.142.92.194;
log-updown;
import ibgp-set-localpref;
family inet {
unicast;
multicast;
}
export [ local-bgp transit-all ];
peer-as 22822;
neighbor 69.28.139.222;
neighbor 69.28.156.233;
neighbor 68.142.72.222;
neighbor 69.28.148.234;
neighbor 69.28.144.250;
neighbor 69.28.152.250;
neighbor 69.28.128.221;
neighbor 69.28.128.222;
neighbor 68.142.120.250;
neighbor 69.28.156.234;
neighbor 69.28.152.249;
neighbor 68.142.88.222;
neighbor 68.142.88.221;
neighbor 68.142.84.233;
neighbor 68.142.84.234;
neighbor 68.142.72.223;
neighbor 68.142.120.249;
neighbor 69.28.139.221;
neighbor 69.28.128.223;
neighbor 69.28.139.193;
neighbor 203.77.184.222;
neighbor 68.142.100.222;
neighbor 68.142.100.223;
neighbor 68.142.119.222;
neighbor 68.142.119.223;
neighbor 69.28.148.193;
neighbor 69.28.139.194;
neighbor 69.28.171.1;
neighbor 69.28.171.2;
neighbor 69.28.171.3;
neighbor 69.28.171.4;
neighbor 69.28.171.5;
neighbor 69.28.171.7;
neighbor 69.28.171.8;
neighbor 69.28.171.9;
neighbor 69.28.171.6;
neighbor 69.28.171.11;
neighbor 203.77.188.129;
neighbor 69.28.171.15;
}
group NULLRS {
type internal;
neighbor 208.48.140.7 {
description "INTERNAL: Null route server";
local-address 68.142.92.194;
log-updown;
import null-import;
export reject-all;
peer-as 22822;
}
}
group BACKBONE-INTRA {
type internal;
local-address 68.142.92.194;
log-updown;
family inet {
unicast;
}
export [ local-bgp transit-all ];
peer-as 22822;
neighbor 69.28.171.12;
}
}
isis {
traceoptions {
file isis;
flag error;
}
export isis-export;
no-authentication-check;
no-ipv6-routing;
multicast-topology; ## Warning: 'multicast-topology' is deprecated
level 1 disable;
level 2 wide-metrics-only;
/* jr1.sea to fr3.sea2 */
interface ge-0/1/0.777 {
level 1 disable;
level 2 metric 40;
}
/* SEA-SJC backup only GE over wrm1.sea */
interface ge-0/2/0.20 {
level 1 disable;
level 2 metric 999;
}
interface lo0.0;
}
pim {
rib-group inet pim-rib;
rp {
static {
address 69.28.144.234;
}
}
interface all {
mode sparse;
}
}
}
policy-options {
prefix-list admin-nets {
68.15.185.160/27;
69.28.128.0/25;
69.28.188.0/24;
199.1.1.0/24;
208.48.140.0/25;
208.48.141.224/27;
}
prefix-list snmp-hosts {
68.142.99.38/32;
68.142.99.39/32;
69.28.128.0/24;
69.28.148.103/32;
208.48.140.0/25;
208.111.137.117/32;
}
prefix-list local-interfaces {
68.142.92.0/28;
68.142.92.194/32;
69.28.191.64/26;
}
prefix-list bgp-peers {
12.127.70.32/30;
63.216.14.64/30;
67.17.159.64/30;
157.130.190.136/30;
198.32.180.0/24;
}
prefix-list bgp-customers {
68.142.92.192/26;
}
prefix-list bgp-internal {
68.142.72.222/32;
68.142.72.223/32;
68.142.84.233/32;
68.142.92.194/32;
68.142.96.248/29;
68.142.99.0/24;
68.142.100.222/32;
68.142.100.223/32;
68.142.119.222/32;
68.142.119.223/32;
68.142.120.249/32;
68.142.120.250/32;
69.28.128.36/32;
69.28.128.218/32;
69.28.128.220/32;
69.28.128.222/32;
69.28.128.223/32;
69.28.139.193/32;
69.28.139.194/32;
69.28.139.221/32;
69.28.139.222/32;
69.28.144.233/32;
69.28.144.250/32;
69.28.148.233/32;
69.28.148.234/32;
69.28.148.236/32;
69.28.152.233/32;
69.28.152.250/32;
69.28.156.233/32;
69.28.156.234/32;
69.28.171.0/24;
69.28.173.99/32;
203.77.184.222/32;
208.48.140.7/32;
}
prefix-list icmp-nets {
68.15.185.160/27;
69.28.128.0/25;
69.28.128.128/27;
69.28.136.99/32;
69.28.136.103/32;
69.28.144.99/32;
69.28.144.103/32;
69.28.148.99/32;
69.28.148.103/32;
69.28.152.99/32;
69.28.152.103/32;
69.28.156.99/32;
69.28.156.103/32;
69.28.172.0/24;
69.28.188.0/24;
199.1.1.0/24;
208.48.140.0/24;
208.48.141.224/27;
}
prefix-list vendor-nets {
/* whiterock */
65.192.92.128/26;
}
prefix-list tftp-servers {
69.28.128.16/32;
69.28.144.103/32;
69.58.152.103/32;
}
policy-statement static {
term static {
from {
protocol [ static direct ];
route-filter 69.28.191.64/26 exact;
route-filter 69.28.151.0/24 exact;
route-filter 69.28.176.0/22 exact;
route-filter 69.28.148.0/22 exact;
}
then {
community set local-static;
accept;
}
}
then {
next policy;
reject;
}
}
policy-statement bgp-default-route {
term accept {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
then reject;
}
policy-statement reject-all {
then reject;
}
policy-statement CUST:AS25700 {
term accept {
from {
route-filter 38.116.0.0/23 upto /27;
route-filter 64.40.36.0/24 upto /27;
route-filter 64.246.160.0/21 upto /27;
route-filter 64.246.168.0/24 upto /27;
route-filter 64.246.169.0/24 upto /27;
route-filter 64.246.170.0/24 upto /27;
route-filter 64.246.171.0/24 upto /27;
route-filter 64.246.172.0/24 upto /27;
route-filter 64.246.173.0/24 upto /27;
route-filter 64.246.176.0/24 upto /27;
route-filter 64.246.177.0/24 upto /27;
route-filter 64.246.178.0/24 upto /27;
route-filter 64.246.179.0/24 upto /27;
route-filter 66.45.219.0/24 upto /27;
route-filter 66.228.192.0/24 upto /27;
route-filter 66.228.193.0/24 upto /27;
route-filter 66.228.194.0/24 upto /27;
route-filter 66.228.199.0/24 upto /27;
route-filter 66.228.203.0/24 upto /27;
route-filter 66.228.205.0/24 upto /27;
route-filter 66.228.206.0/24 upto /27;
route-filter 66.228.208.0/24 upto /27;
route-filter 66.228.211.0/24 upto /27;
route-filter 66.228.212.0/24 upto /27;
route-filter 66.228.213.0/24 upto /27;
route-filter 66.228.214.0/24 upto /27;
route-filter 66.228.215.0/24 upto /27;
route-filter 69.28.244.0/22 upto /27;
route-filter 69.90.112.0/22 upto /27;
route-filter 192.147.164.0/24 upto /27;
route-filter 192.147.172.0/23 upto /27;
route-filter 199.254.229.0/24 upto /27;
route-filter 204.17.223.0/24 upto /27;
route-filter 204.174.34.0/24 upto /27;
route-filter 204.238.107.0/24 upto /27;
route-filter 207.229.64.0/18 upto /27;
route-filter 207.229.71.0/24 upto /27;
route-filter 207.229.72.0/24 upto /27;
route-filter 207.229.73.0/24 upto /27;
route-filter 207.229.74.0/24 upto /27;
route-filter 207.229.103.0/24 upto /27;
route-filter 208.192.40.0/24 upto /27;
route-filter 208.192.41.0/24 upto /27;
route-filter 208.192.42.0/24 upto /27;
route-filter 208.192.43.0/24 upto /27;
route-filter 208.192.46.0/24 upto /27;
route-filter 209.16.128.0/18 upto /27;
route-filter 209.16.149.0/24 upto /27;
route-filter 209.162.128.0/19 upto /27;
route-filter 216.145.0.0/19 upto /27;
route-filter 216.176.176.0/20 upto /27;
route-filter 216.228.64.0/21 upto /27;
route-filter 66.228.216.0/21 upto /27;
route-filter 66.228.210.0/24 upto /27;
route-filter 66.228.204.0/22 upto /27;
route-filter 66.228.202.0/24 upto /27;
route-filter 66.228.208.0/20 upto /27;
route-filter 64.246.174.0/32 upto /27;
route-filter 66.228.209.0/24 upto /27;
route-filter 66.228.192.0/19 upto /27;
route-filter 66.249.24.0/21 upto /27;
route-filter 64.246.160.0/20 upto /27;
route-filter 64.246.176.0/22 upto /27;
route-filter 64.246.180.0/23 upto /27;
route-filter 208.192.40.0/21 upto /27;
route-filter 66.249.16.0/23 upto /24;
route-filter 64.246.182.0/24 upto /27;
route-filter 64.246.183.0/24 upto /27;
route-filter 64.246.184.0/24 upto /27;
route-filter 64.246.185.0/24 upto /27;
route-filter 64.246.186.0/24 upto /27;
route-filter 204.8.32.0/22 upto /24;
route-filter 216.127.33.0/24 upto /27;
route-filter 66.152.64.0/19 upto /27;
route-filter 64.246.187.0/24 upto /27;
route-filter 64.246.188.0/24 upto /27;
route-filter 209.59.220.0/22 upto /27;
route-filter 209.59.216.0/22 upto /27;
route-filter 209.59.218.0/23 upto /27;
route-filter 209.59.214.0/23 upto /27;
route-filter 209.59.222.0/23 upto /27;
route-filter 209.59.192.0/18 upto /27;
route-filter 64.246.189.0/24 upto /27;
route-filter 64.246.190.0/24 upto /27;
route-filter 64.246.191.0/24 upto /27;
route-filter 206.41.112.0/20 upto /27;
route-filter 207.14.112.0/20 upto /27;
route-filter 66.228.222.0/24 upto /27;
route-filter 204.13.164.0/22 upto /27;
route-filter 204.14.120.0/22 upto /27;
route-filter 209.59.194.0/24 upto /27;
route-filter 209.59.195.0/24 upto /27;
route-filter 209.59.206.0/24 upto /27;
route-filter 72.21.128.0/20 upto /24;
route-filter 72.21.64.0/20 upto /24;
route-filter 216.18.224.0/20 upto /27;
route-filter 204.15.224.0/21 upto /27;
route-filter 192.147.172.0/24 upto /27;
route-filter 192.147.173.0/24 upto /27;
route-filter 192.34.239.0/24 upto /27;
route-filter 199.89.174.0/23 upto /27;
route-filter 204.57.191.0/24 upto /27;
route-filter 204.57.192.0/24 upto /27;
route-filter 206.126.16.0/20 upto /27;
route-filter 206.126.21.0/24 upto /27;
route-filter 206.63.201.0/24 upto /27;
route-filter 206.63.202.0/24 upto /27;
route-filter 209.213.0.0/20 upto /27;
route-filter 209.213.0.0/24 upto /27;
route-filter 209.213.2.0/23 upto /27;
route-filter 209.213.5.0/24 upto /27;
route-filter 209.213.6.0/23 upto /27;
route-filter 209.213.8.0/21 upto /27;
route-filter 216.186.100.0/22 upto /27;
route-filter 216.215.53.0/24 upto /27;
route-filter 63.174.180.0/24 upto /27;
route-filter 64.146.245.0/24 upto /27;
route-filter 64.185.120.0/21 upto /27;
route-filter 64.185.96.0/19 upto /27;
route-filter 66.29.152.0/24 upto /27;
route-filter 66.29.153.0/24 upto /27;
route-filter 66.62.142.0/23 upto /27;
route-filter 66.62.164.0/23 upto /27;
route-filter 66.97.64.0/19 upto /27;
route-filter 66.97.64.0/24 upto /27;
route-filter 66.97.66.0/24 upto /27;
route-filter 67.130.92.0/24 upto /27;
route-filter 72.10.0.0/20 upto /27;
route-filter 72.10.2.0/24 upto /27;
route-filter 72.10.3.0/24 upto /27;
route-filter 72.10.4.0/24 upto /27;
route-filter 199.79.200.0/24 upto /27;
route-filter 203.27.111.0/24 upto /27;
route-filter 207.229.75.0/24 upto /27;
route-filter 72.10.0.0/19 upto /27;
route-filter 204.57.142.0/24 upto /27;
route-filter 206.253.218.0/24 upto /27;
route-filter 206.253.219.0/24 upto /27;
route-filter 206.191.172.0/24 upto /27;
route-filter 207.244.144.0/20 upto /27;
route-filter 209.90.224.0/20 upto /27;
route-filter 208.64.240.0/21 upto /27;
route-filter 207.14.34.0/24 upto /27;
route-filter 208.99.192.0/19 upto /24;
}
then accept;
}
then reject;
}
policy-statement set-customer-comm {
then {
local-preference 500;
community add local-customer;
next policy;
}
}
policy-statement deny-rfc1918 {
term rfc1918 {
from {
route-filter 10.0.0.0/8 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bogons {
from {
route-filter 0.0.0.0/0 exact;
route-filter 127.0.0.0/8 orlonger;
route-filter 206.223.115.0/24 orlonger;
route-filter 206.223.116.0/23 orlonger;
route-filter 206.223.119.0/24 orlonger;
route-filter 198.32.0.0/16 orlonger;
route-filter 195.66.224.0/24 orlonger;
route-filter 193.203.5.0/24 orlonger;
route-filter 195.69.144.0/22 orlonger;
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
then next policy;
}
policy-statement set-gblx-comm {
then {
metric 0;
community add local-gblx;
next policy;
reject;
}
}
policy-statement transit-all {
term accept {
from {
protocol [ static bgp ];
community transit-all;
}
then accept;
}
term samepop-only {
from community transit-customers-samepop-only;
then accept;
}
then reject;
}
policy-statement transit-customers {
term accept {
from {
protocol [ static bgp ];
community transit-customers;
}
then accept;
}
term samepop-only {
from community transit-customers-samepop-only;
then accept;
}
term no-export-us-peers {
from {
protocol bgp;
community no-export-us-peers;
}
then reject;
}
term gblx-only {
from community gblx-only;
then reject;
}
then reject;
}
policy-statement load-balancing-policy {
then {
load-balance per-packet;
}
}
policy-statement set-aol-comm {
then {
community set local-aol;
next policy;
reject;
}
}
policy-statement deny-internal {
from {
route-filter 69.28.128.0/18 orlonger;
route-filter 68.142.64.0/19 orlonger;
route-filter 0.0.0.0/0 exact;
}
then {
next policy;
reject;
}
}
policy-statement att-prefer {
term accept {
from {
protocol bgp;
as-path ATDN;
}
then {
local-preference add 50;
accept;
}
}
then next policy;
}
policy-statement atdn-prepend {
term anycast {
from {
route-filter 69.28.143.0/24 exact;
}
then as-path-prepend 22822;
}
then next policy;
}
policy-statement denylongerthan24 {
term denylonger {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
then next policy;
}
policy-statement isis-export {
term direct {
from protocol direct;
then accept;
}
term static-tagged {
from tag 1515;
then accept;
}
}
policy-statement set-btn-comm {
then {
metric 0;
community add local-btn;
next policy;
reject;
}
}
policy-statement btn-pref {
term pref-btncust {
from {
protocol bgp;
community btn-customers;
}
then {
local-preference 300;
accept;
}
}
inactive: term pref {
from {
protocol bgp;
as-path QWEST;
}
then {
local-preference 300;
accept;
}
}
inactive: term depref-all-rest {
from {
protocol bgp;
as-path [ ATDN BTN-UU-kludge UUNET UUNET702 QWEST VERIO BELLSOUTH ];
}
then {
local-preference 47;
accept;
}
}
then next policy;
}
policy-statement btn-prepend {
term alltraffic {
then as-path-prepend 22822;
}
then next policy;
}
policy-statement set-att-comm {
then {
metric 0;
community add local-att;
next policy;
reject;
}
}
policy-statement att-pref {
term pref {
from {
protocol bgp;
as-path [ ATT-7015 ATT-7725 LEVEL3 QWEST ];
}
then {
local-preference add 50;
accept;
}
}
then next policy;
}
policy-statement set-mci-comm {
then {
community add local-mci;
next policy;
reject;
}
}
policy-statement mci-pref {
term pref {
from {
protocol bgp;
as-path [ SPRINT SPRINTDIAL QWEST ];
}
then {
local-preference add 50;
accept;
}
}
term depref {
from {
protocol bgp;
as-path NONE;
}
then {
local-preference subtract 50;
accept;
}
}
then next policy;
}
policy-statement atdn-depref {
term depref {
from {
protocol bgp;
as-path DEMON;
}
then {
local-preference subtract 50;
accept;
}
}
term pref {
from {
protocol bgp;
as-path NONE;
}
then {
local-preference add 50;
accept;
}
}
then next policy;
}
policy-statement gblx-pref {
term pref {
from {
protocol bgp;
as-path DEMON;
}
then {
local-preference add 50;
accept;
}
}
/* interferes with routing decisions in other pops */
inactive: term override-peer {
from {
protocol bgp;
as-path AS-BSO;
}
then {
local-preference 330;
accept;
}
}
then next policy;
}
policy-statement null-import {
term blackhole {
from community blackhole;
then {
next-hop 10.10.10.2;
accept;
}
}
then reject;
}
policy-statement ibgp-set-localpref {
term accept-internal {
from {
protocol bgp;
community ibgp-internal-50xx;
}
then accept;
}
term accept-peers {
from {
protocol bgp;
community ibgp-peer-1xxx;
}
then accept;
}
term accept-cust {
from {
protocol bgp;
community ibgp-cust-4xxx;
}
then accept;
}
term accept-cust-samepop {
from {
protocol bgp;
community ibgp-cust-samepop-6xxx;
}
then accept;
}
inactive: term temp-reject-east-coast-peers {
from {
protocol bgp;
community [ ibgp-peer-lon-1x6x ibgp-peer-lga-1x3x ];
local-preference 40;
}
then accept;
}
then reject;
}
policy-statement mci-set-blackhole-comm {
term llnwblackhole {
from {
protocol bgp;
community blackhole;
}
then {
community set mci-blackhole;
accept;
}
}
then next policy;
}
policy-statement prepend-once {
then {
as-path-prepend 22822;
next policy;
}
}
policy-statement prepend-twice {
then {
as-path-prepend "22822 22822";
next policy;
}
}
policy-statement transit-customers-regionpref {
term sameregion {
from community transit-customers-thisregion;
then accept;
}
term otherregion {
from community transit-customers;
then {
as-path-prepend 22822;
accept;
}
}
then reject;
}
policy-statement set-sixpeering-comm {
then {
metric 0;
local-preference 320;
community set local-sixpeering;
}
}
policy-statement export-mci-customers {
term prepend0 {
from {
protocol [ bgp static ];
community mci-prepend0;
}
then reject;
}
term prepend1 {
from {
protocol [ bgp static ];
community mci-prepend1;
}
then {
community delete mci-prepend1;
as-path-prepend 22822;
next term;
}
}
term prepend2 {
from {
protocol [ bgp static ];
community mci-prepend2;
}
then {
community delete mci-prepend2;
as-path-prepend "22822 22822";
next term;
}
}
term prepend3 {
from {
protocol [ bgp static ];
community mci-prepend3;
}
then {
community delete mci-prepend3;
as-path-prepend "22822 22822 22822";
next term;
}
}
term prepend9 {
from {
protocol [ bgp static ];
community mci-prepend9;
}
then {
community delete mci-prepend9;
community add no-export;
next term;
}
}
term accept-cust {
from community transit-customers;
then accept;
}
term accept-samepop-only {
from community transit-customers-samepop-only;
then accept;
}
then reject;
}
policy-statement export-att-customers {
term prepend0 {
from {
protocol [ bgp static ];
community att-prepend0;
}
then reject;
}
term prepend1 {
from {
protocol [ bgp static ];
community att-prepend1;
}
then {
community delete att-prepend1;
as-path-prepend 22822;
next term;
}
}
term prepend2 {
from {
protocol [ bgp static ];
community att-prepend2;
}
then {
community delete att-prepend2;
as-path-prepend "22822 22822";
next term;
}
}
term prepend3 {
from {
protocol [ bgp static ];
community att-prepend3;
}
then {
community delete att-prepend3;
as-path-prepend "22822 22822 22822";
next term;
}
}
term prepend9 {
from {
protocol [ bgp static ];
community att-prepend9;
}
then {
community delete att-prepend9;
community add no-export;
next term;
}
}
term accept-cust {
from community transit-customers;
then accept;
}
term accept-samepop-only {
from community transit-customers-samepop-only;
then accept;
}
term gblx-only {
from community gblx-only;
then reject;
}
then reject;
}
policy-statement export-gblx-customers {
term prepend0 {
from {
protocol [ bgp static ];
community gblx-prepend0;
}
then reject;
}
term prepend1 {
from {
protocol [ bgp static ];
community gblx-prepend1;
}
then {
community delete gblx-prepend1;
as-path-prepend 22822;
next term;
}
}
term prepend2 {
from {
protocol [ bgp static ];
community gblx-prepend2;
}
then {
community delete gblx-prepend2;
as-path-prepend "22822 22822";
next term;
}
}
term prepend3 {
from {
protocol [ bgp static ];
community gblx-prepend3;
}
then {
community delete gblx-prepend3;
as-path-prepend "22822 22822 22822";
next term;
}
}
term prepend9 {
from {
protocol [ bgp static ];
community gblx-prepend9;
}
then {
community delete gblx-prepend9;
community add 3549:666;
community add no-export;
accept;
}
}
term accept-cust {
from community transit-customers;
then accept;
}
term accept-samepop-only {
from community transit-customers-samepop-only;
then accept;
}
term cenic-3549 {
from community cenic-3549;
then {
community delete cenic-3549;
accept;
}
}
term cenic-7018 {
from community cenic-7018;
then {
community delete cenic-7018;
accept;
}
}
then reject;
}
policy-statement export-btn-customers {
term prepend0 {
from {
protocol [ bgp static ];
community btn-prepend0;
}
then reject;
}
term prepend1 {
from {
protocol [ bgp static ];
community btn-prepend1;
}
then {
community delete btn-prepend1;
as-path-prepend 22822;
next term;
}
}
term prepend2 {
from {
protocol [ bgp static ];
community btn-prepend2;
}
then {
community delete btn-prepend2;
as-path-prepend "22822 22822";
next term;
}
}
term prepend3 {
from {
protocol [ bgp static ];
community btn-prepend3;
}
then {
community delete btn-prepend3;
as-path-prepend "22822 22822 22822";
next term;
}
}
term prepend9 {
from {
protocol [ bgp static ];
community btn-prepend9;
}
then {
community delete btn-prepend9;
community add no-export;
next term;
}
}
term accept-cust {
from community transit-customers;
then accept;
}
term accept-samepop-only {
from community transit-customers-samepop-only;
then accept;
}
then reject;
}
policy-statement export-twtelecom-customers {
term prepend0 {
from {
protocol [ bgp static ];
community twtelecom-prepend0;
}
then reject;
}
term prepend1 {
from {
protocol [ bgp static ];
community twtelecom-prepend1;
}
then {
community delete twtelecom-prepend1;
as-path-prepend 22822;
next term;
}
}
term prepend2 {
from {
protocol [ bgp static ];
community twtelecom-prepend2;
}
then {
community delete twtelecom-prepend2;
as-path-prepend "22822 22822";
next term;
}
}
term prepend3 {
from {
protocol [ bgp static ];
community twtelecom-prepend3;
}
then {
community delete twtelecom-prepend3;
as-path-prepend "22822 22822 22822";
next term;
}
}
term prepend9 {
from {
protocol [ bgp static ];
community twtelecom-prepend9;
}
then {
community delete twtelecom-prepend9;
community add no-export;
next term;
}
}
term accept-cust {
from community transit-customers;
then accept;
}
term accept-samepop-only {
from community transit-customers-samepop-only;
then accept;
}
then reject;
}
policy-statement swift-add-pref {
term llnw-internal {
from community transit-customers;
then {
community add swift-pref;
accept;
}
}
term peers-west {
from community swift-peers-west;
then {
community add swift-pref;
accept;
}
}
term pref {
from {
protocol bgp;
as-path [ UUNET-701-ONLY UUNET-701702 WV BTN ATT-EXACT ATT-ONEASN ];
}
then {
community set swift-pref;
accept;
}
}
term accept-transit-all {
from community transit-all;
then accept;
}
then reject;
}
policy-statement swift-temp {
term local {
from {
protocol bgp;
as-path [ GBLX BTN ATT ];
}
then {
community set swift-pref;
accept;
}
}
term six {
from {
protocol bgp;
community local-sixpeering;
}
then {
community set swift-pref;
accept;
}
}
inactive: term internal {
from {
protocol bgp;
community transit-customers;
}
then {
community set swift-pref;
accept;
}
}
term default {
then reject;
}
then reject;
}
policy-statement local-bgp {
term local {
from {
protocol [ bgp static ];
community local-bgp;
}
then accept;
}
then next policy;
}
policy-statement isolate-sea-peering {
term block-peer-routes {
from {
protocol bgp;
community ibgp-peer-1xxx;
}
then reject;
}
then next policy;
}
policy-statement PEER:AS12222 {
term accept {
from {
route-filter 65.19.187.0/24 exact;
route-filter 80.67.74.0/24 exact;
route-filter 216.218.251.0/24 exact;
route-filter 67.29.168.0/24 exact;
route-filter 80.67.72.0/24 exact;
route-filter 166.90.150.0/24 exact;
route-filter 193.108.95.0/24 exact;
route-filter 206.61.136.0/23 exact;
route-filter 64.124.118.0/23 upto /24;
route-filter 64.124.187.0/24 exact;
route-filter 207.126.107.0/24 exact;
route-filter 209.249.114.0/24 exact;
route-filter 209.249.115.0/24 exact;
}
then accept;
}
then reject;
}
policy-statement set-sixpeering-comm-acceptmeds {
then {
local-preference 320;
community add local-sixpeering;
}
}
community 3549:666 members 3549:666;
community att-prepend0 members 22822:9030;
community att-prepend1 members 22822:9031;
community att-prepend2 members 22822:9032;
community att-prepend3 members 22822:9033;
community att-prepend9 members 22822:9039;
community blackhole members 22822:666;
community btn-customers members "3491:[12]00$";
community btn-prepend0 members 22822:9110;
community btn-prepend1 members 22822:9111;
community btn-prepend2 members 22822:9112;
community btn-prepend3 members 22822:9113;
community btn-prepend9 members 22822:9119;
community cenic-3549 members 2512:3549;
community cenic-7018 members 2512:7018;
community gblx-only members 22822:9991;
community gblx-prepend0 members 22822:9010;
community gblx-prepend1 members 22822:9011;
community gblx-prepend2 members 22822:9012;
community gblx-prepend3 members 22822:9013;
community gblx-prepend9 members 22822:9019;
community ibgp-cust-4xxx members 22822:4...;
community ibgp-cust-samepop-6xxx members 22822:6...;
community ibgp-internal-50xx members 22822:50..;
community ibgp-peer-1xxx members 22822:1...;
community ibgp-peer-lga-1x3x members 22822:1.30;
community ibgp-peer-lon-1x6x members 22822:1.6.;
community local-aol members 22822:2313;
community local-att members 22822:2113;
community local-bgp members 22822:66..;
community local-btn members 22822:3413;
community local-customer members 22822:4013;
community local-customer-samepop-only members 22822:6013;
community local-gblx members 22822:2013;
community local-mci members 22822:2213;
community local-sixpeering members 22822:1013;
community local-static members 22822:5013;
community mci-blackhole members 701:9999;
community mci-prepend0 members 22822:9020;
community mci-prepend1 members 22822:9021;
community mci-prepend2 members 22822:9022;
community mci-prepend3 members 22822:9023;
community mci-prepend9 members 22822:9029;
community no-export members no-export;
community no-export-us-peers members 22822:9701;
community swift-depref members 22822:9997;
community swift-peers-west members 22822:1...;
community swift-pref members 22822:9998;
community transit-all members "22822:[12345]...";
community transit-customers members "22822:[45]...";
community transit-customers-samepop-only members 22822:6013;
community transit-customers-thisregion members "22822:[45].1.";
community twtelecom-prepend0 members 22822:9180;
community twtelecom-prepend1 members 22822:9181;
community twtelecom-prepend2 members 22822:9182;
community twtelecom-prepend3 members 22822:9183;
community twtelecom-prepend9 members 22822:9189;
as-path ATT ".* 7018 .*";
as-path LEVEL3 ".* 3356 .*";
as-path CW ".* 3561 .*";
as-path DEMON ".* (5417|2529) .*";
as-path QWEST ".* 209 .*";
as-path BBN ".* 1 .*";
as-path VERIO ".* 2914 .*";
as-path VER-AVE ".* 22385";
as-path PSINET ".* 174 .*";
as-path ATDN ".* 1668 .*";
as-path SPRINT ".* 1239 .*";
as-path UUNET ".* 701 .*";
as-path SPRINTDIAL ".* 4999 .*";
as-path EARTHLINK ".* 3703 .*";
as-path GLOBIX ".* 4513 .*";
as-path ALL .*;
as-path NONE "^$";
as-path UUNET-ATTGNS ".* 701 6389 .*";
as-path WCG ".* 7911 .*";
as-path UUNET702 ".* 702 .*";
as-path CHINANET ".* 4134 .*";
as-path MIXNET ".* 5006 .*";
as-path BESTBUY ".* 11596 .*";
as-path BTN-UU701 "3491 701";
as-path BTN-UU-longaspath "3491 701 (.) .*";
as-path BTN-UU-kludge "3491 701 (8000-40000) .*";
as-path GBLX ".* 3549 .*";
as-path BTN ".* 3491 .*";
as-path UUNET-EXACT "^701$";
as-path SERVICECO ".* (11426|10796|13343) .*";
as-path ROADRUNNER ".* 11427 .*";
as-path XCOM ".* 10753 .*";
as-path OPTUS ".* 7474 .*";
as-path IS ".* 3741 .*";
as-path MIX ".* 5006 .*";
as-path CERNET ".* 4265 .*";
as-path ATT-EXACT "^7018$";
as-path ATT-DATA ".* 2383 .*";
as-path ATT-6478 ".* 6478 .*";
as-path CHARTER ".* (20115|19444) .*";
as-path COX ".* 19108 .*";
as-path COMCAST ".* (22909|7015|7757) .*";
as-path OPENTRANSIT ".* 5511 .*";
as-path TELIA ".* 1299 .*";
as-path AP-REACH ".* 4637 .*";
as-path BELLSOUTH ".* 5002|13546|6389|619[78] .*";
as-path DACOM ".* 3786 .*";
as-path ABOVENET ".* 6461 .*";
as-path XO ".* 2828 .*";
as-path SBC ".* 7132 .*";
as-path UUNET-701702 "^701 702 .*";
as-path UUNET-701-ONLY "^701$";
as-path WV ".* 19151 .*";
as-path ATT-ONEASN "^7018 (1-65000)$";
as-path ATT-7015 ".* 7015 .*";
as-path ATT-7725 ".* 7725 .*";
as-path AS-BSO ".* 6386 .*";
}
firewall {
policer 2meg {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 10k;
}
then discard;
}
policer router-default {
if-exceeding {
bandwidth-limit 50k;
burst-size-limit 5k;
}
then discard;
}
policer traceroute {
if-exceeding {
bandwidth-limit 35k;
burst-size-limit 2k;
}
then discard;
}
filter cflow {
term all {
then {
count count1;
sample;
accept;
}
}
}
filter log-rpf-failures {
term default {
then {
count rpf-failures;
log;
reject;
}
}
}
filter router-input {
term ntp {
from {
protocol [ tcp udp ];
port ntp;
}
then accept;
}
term illegal-proto {
from {
protocol [ 0 134-255 ];
}
then {
count illegal-proto;
discard;
}
}
term udp {
from {
protocol udp;
destination-port 80;
}
then {
count udp-80;
discard;
}
}
term tcp {
from {
protocol tcp;
destination-port 80;
}
then {
count tcp-80;
discard;
}
}
term ssh {
from {
source-address {
69.28.128.0/25;
208.48.140.0/24;
199.1.1.0/24;
206.165.137.0/27;
69.28.188.0/24;
68.15.185.160/27;
68.230.81.44/32;
}
protocol tcp;
destination-port [ 22 23 ];
}
then accept;
}
term reject-ssh {
from {
protocol tcp;
destination-port 22;
}
then {
count reject-ssh;
reject;
}
}
term snmp {
from {
source-address {
69.28.148.103/32;
69.28.128.0/25;
208.48.140.0/24;
69.28.128.128/25;
68.142.96.248/29;
68.142.99.0/24;
208.111.137.117/32;
}
protocol udp;
destination-port snmp;
}
then accept;
}
term reject-snmp {
from {
protocol udp;
destination-port snmp;
}
then {
count reject-snmp;
discard;
}
}
term nolimit-icmp {
from {
source-prefix-list {
icmp-nets;
}
protocol icmp;
}
then {
count router-icmpnolimit;
accept;
}
}
term limit-icmp {
from {
protocol icmp;
}
then {
policer 2meg;
count router-icmp;
accept;
}
}
term bgp {
from {
prefix-list {
bgp-customers;
bgp-peers;
bgp-internal;
}
protocol tcp;
port 179;
}
then accept;
}
term bgp-reject {
from {
protocol tcp;
destination-port 179;
}
then {
count bgp-reject;
discard;
}
}
term dns-radius {
from {
address {
208.48.140.0/24;
206.165.6.12/32;
69.28.148.102/32;
}
}
then accept;
}
term special-proto {
from {
protocol [ igmp pim gre ];
}
then {
count router-special;
accept;
}
}
term high-tcp {
from {
protocol tcp;
destination-port 1025-65534;
}
then {
count router-high-tcp;
discard;
}
}
term traceroute {
from {
protocol udp;
destination-port 33434-33475;
}
then {
policer traceroute;
count traceroute;
accept;
}
}
term high-udp {
from {
protocol udp;
destination-port 4854-65534;
}
then {
count router-high-udp;
discard;
}
}
term udp-frag {
from {
is-fragment;
protocol udp;
}
then {
count udp-frag;
discard;
}
}
term all {
then {
policer router-default;
count router-all;
discard;
}
}
term bgp-in {
from {
source-address {
69.28.148.193/32;
}
}
}
term bgp-out {
from {
source-address {
69.28.148.193/32;
}
}
}
}
filter admin-networks {
term internal {
from {
source-prefix-list {
admin-nets;
local-interfaces;
vendor-nets;
}
}
then accept;
}
term snmp {
from {
source-prefix-list {
snmp-hosts;
}
protocol udp;
destination-port snmp;
}
then accept;
}
term ntp {
from {
protocol [ tcp udp ];
port ntp;
}
then accept;
}
term tftp {
from {
source-prefix-list {
tftp-servers;
}
protocol udp;
}
then accept;
}
term icmp {
from {
protocol icmp;
}
then accept;
}
term default {
then {
discard;
}
}
}
filter log-all {
term all {
then {
log;
accept;
}
}
}
filter swift-temp {
term 64.246.168.50 {
from {
destination-address {
64.246.168.50/32;
}
protocol tcp;
destination-port 337;
}
then {
count swift-337;
discard;
}
}
term default {
then accept;
}
}
filter swift-udp {
term scan-block {
from {
destination-address {
204.15.225.38/32;
}
protocol udp;
destination-port 6667;
}
then {
discard;
}
}
term ip-filter {
from {
source-address {
69.72.230.162/32;
216.16.246.33/32;
}
}
then {
discard;
}
}
term ICMP-UDP {
from {
destination-address {
208.99.210.20/30;
}
protocol [ icmp udp ];
}
then {
discard;
}
}
term default {
then accept;
}
}
}
Reference in New Issue View Git Blame Copy Permalink