Internet2 - Router Configuration
|
|
Last Run: Mon Nov 23 17:35:23 UTC 2009
|
Internet2 - Router Configuration
These are the configurations used on each of the Abilene backbone routers. Certain sections, such as the filters, SNMP, and
user login portions, have been removed for security purposes.
This data is not XML rich, so it is nothing more than a simple list.
seat
version 8.5R4.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name SEAT-re0;
}
}
re1 {
system {
host-name SEAT-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
mtu 9180;
unit <*> {
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
arp {
aging-timer 240;
}
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 5;
source-address 64.57.28.247;
}
140.182.44.69 {
timeout 5;
source-address 64.57.28.247;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive {
files 100;
}
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
host 140.182.44.73 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive {
size 1m;
files 100;
}
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
server 64.57.17.70;
}
}
chassis {
no-source-route; ## Warning: 'source-route' is deprecated
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: SALT-SEAT OC-192 | I2-SALT-SEAT-O192-03926";
family inet {
address 64.57.28.26/31;
}
family inet6 {
address 2001:468:ff:716::1/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "PNWGP Aggregate Interface";
vlan-tagging;
link-mode full-duplex;
unit 10 {
description "Pacific Northwest Gigapop | AS:101";
vlan-id 10;
family inet {
mtu 9000;
address 64.57.28.53/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:16c2::1/64;
}
}
unit 11 {
description "[CPS] Connector Pacific Northwest GigaPOP (PNWGP) IPv6";
vlan-id 11;
family inet {
address 64.57.29.73/30;
}
family inet6 {
address 2001:468:ffff:16c2::1/64;
}
}
}
xe-0/2/0 {
description "[CPS] Seattle Internet Exchange (SIX) 10GE";
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 0 {
description "[CPS] Seattle Internet Exchange (SIX) 10GE";
family inet {
mtu 1500;
address 206.81.80.67/23 {
primary;
}
}
family inet6 {
mtu 1500;
address 2001:504:16::2d11/64 {
primary;
}
}
}
}
inactive: ge-1/2/0 {
description "[CPS] Seattle Internet Exchange (SIX) OLD [NO-MONITOR]";
unit 0 {
description "[CPS] Seattle Internet Exchange (SIX) OLD [NO-MONITOR]";
family inet {
mtu 1500;
address 198.32.180.67/24 {
primary;
}
address 206.81.80.67/23;
}
family inet6 {
mtu 1500;
address 2001:0478:0180::67/64;
address 2001:504:16::2d11/64 {
primary;
}
}
}
}
ge-1/2/2 {
unit 0 {
description "[CPS] Google GigE #1";
family inet {
mtu 1500;
address 74.125.48.178/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:5/127;
}
}
}
ge-1/2/3 {
unit 0 {
description "[CPS] Google GigE #2";
family inet {
mtu 1500;
address 74.125.48.226/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:3/127;
}
}
}
inactive: ge-1/3/0 {
unit 0 {
description "[CPS] Google GigE #1";
family inet {
mtu 1500;
address 74.125.48.178/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:5/127;
}
}
}
ge-2/0/0 {
description "HP Racklan 1 Gig";
vlan-tagging;
mtu 9192;
unit 12 {
vlan-id 12;
family inet {
mtu 9000;
address 64.57.19.33/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:12::1/64;
address 2001:468:8:12::19:33/64;
}
}
}
ge-2/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.19.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:101::1/64;
address 2001:468:8:101::19:17/64;
}
}
}
ge-2/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.19.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:100::1/64;
address 2001:468:8:100::19:21/64;
}
}
}
so-2/2/0 {
description "Global Crossing";
no-keepalives;
mtu 9192;
clocking external;
encapsulation frame-relay;
sonet-options {
rfc-2615;
}
unit 16 {
description "[CPS] Global Crossing";
dlci 16;
family inet {
mtu 9000;
address 64.57.29.5/30;
}
}
unit 17 {
description "Global Crossing (IPv6 & Multicast)";
dlci 17;
family inet {
mtu 9000;
address 64.57.29.9/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:8ff::1/64;
}
}
}
inactive: ge-2/3/0 {
unit 0 {
description "[CPS] Google GigE #2";
family inet {
mtu 1500;
address 74.125.48.226/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:3/127;
}
}
}
ge-3/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "Pacific Wave 10GigE";
vlan-tagging;
mtu 9180;
unit 701 {
description "Pacific Wave Seattle Legacy (1500 MTU)";
vlan-id 701;
family inet {
mtu 1500;
address 198.32.170.43/24;
}
family inet6 {
mtu 1500;
address 2001:468:ff:16c1::1/64;
}
}
unit 706 {
description "Pacific Wave Seattle Local (9K MTU)";
vlan-id 706;
family inet {
mtu 9000;
address 207.231.240.8/25;
}
family inet6 {
mtu 9000;
address 2001:504:B:10::8/64;
}
}
unit 707 {
description "Pacific Wave Seattle Local (1500 MTU)";
vlan-id 707;
family inet {
mtu 1500;
address 207.231.242.8/25;
}
family inet6 {
mtu 1500;
address 2001:504:B:11::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 776 {
description "Pacific Wave Seattle-LA intersite (9k MTU)";
vlan-id 776;
family inet {
mtu 9000;
address 207.231.241.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:B:80::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 777 {
description "Pacific Wave Seattle-LA intersite (1500k MTU)";
vlan-id 777;
family inet {
mtu 1500;
address 207.231.243.8/24;
}
family inet6 {
mtu 1500;
address 2001:504:B:81::8/64;
}
}
unit 778 {
description "Pacific Wave Seattle-Sunnyvale intersite";
vlan-id 778;
family inet {
mtu 9000;
address 207.231.245.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:b:88::8/64;
}
}
unit 1020 {
description "CENIC via LAX-DC | AS2153";
vlan-id 1020;
family inet {
mtu 9000;
address 137.164.26.142/30;
}
family inet6 {
mtu 9000;
address 2001:468:E00:FC0::2/64;
}
}
unit 1022 {
description "[CPS] CENIC via LAX-DC IPv6 [NO-MONITOR]";
vlan-id 1022;
family inet6 {
address 2607:F380::4:0:6/126;
}
}
unit 3775 {
description "pacwave test vlan";
vlan-id 3775;
family inet {
mtu 9000;
address 192.168.1.1/30;
}
}
}
ge-3/2/0 {
description "HP Racklan 10G";
vlan-tagging;
mtu 9180;
unit 11 {
description "Observatory 10 gig uplink";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.19.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:8:11::1/64;
address 2001:468:8:11::19:1/64;
}
}
unit 20 {
description "VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.241/29;
}
family inet6 {
mtu 9000;
address 2001:468:8:20::1/64;
address 2001:468:8:20::18:241/64;
}
}
unit 21 {
description "VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.113/28;
}
family inet6 {
mtu 9000;
address 2001:468:8:21::1/64;
address 2001:468:8:21::18:113/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.57/30;
}
family inet6 {
mtu 9000;
address 2001:468:08:60::29:57/64;
address 2001:468:08:60::1/64;
}
}
}
ge-3/3/0 {
unit 0;
}
so-3/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SEAT OC-192 | I2-LOSA-SEAT-O192-03924";
family inet {
address 64.57.28.39/31;
}
family inet6 {
address 2001:468:ff:0516::1/64;
}
family mpls {
mtu 9180;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Mgmt Ethernet - unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.247/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0022.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:08::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.247/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff08::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.19.2 {
port 4200;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1600::/56;
route 2001:468:0016::/48;
route 2001:468:0008::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 67.17.81.229/32 next-hop 64.57.29.10;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.247;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface ge-1/2/0.0 {
disable;
}
interface xe-0/2/0.0 {
disable;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface so-3/3/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path SEAT->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path SEAT->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path SEAT->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path SEAT->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path HOPI-VLAN-620-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path SEAT->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path SEAT->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path HOPI-VLAN-621-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path SEAT->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path SEAT->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface so-3/3/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.247;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:08::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
multipath;
inactive: neighbor 209.124.179.1 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
neighbor 137.164.26.141 {
description "CENIC via LAX-DC";
import [ SANITY-IN CUDI-PREF SET-PREF CALREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 2153;
}
neighbor 207.231.240.7 {
description "Microsoft via Pac Wave vlan706";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 207.231.241.7 {
description "Microsoft via Pac Wave vlan776";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 64.57.28.54 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
multipath;
neighbor 2001:468:ff:16c2::2 {
description "Pacific Northwest Gigapop";
import [ SANITY6 SET-PREF PNWG-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 101;
}
neighbor 2001:468:E00:FC0::1 {
description "CENIC via LAX-DC";
import [ SANITY6 SET-PREF CALREN-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 2153;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 207.231.245.131 {
description "NREN AS24";
hold-time 30;
Authentication Data Removed
peer-as 24;
}
neighbor 207.231.240.9 {
description "DREN- AS668 Vlan706";
Authentication Data Removed
peer-as 668;
}
neighbor 207.231.240.13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:504:b:88::131 {
description "NREN AS24";
Authentication Data Removed
peer-as 24;
}
neighbor 2001:504:B:10::9 {
description "DREN AS668";
Authentication Data Removed
peer-as 668;
}
neighbor 2001:504:B:10::13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.57.29.10 {
description "Commercial Global Crossing (Multicast Only)";
Authentication Data Removed
peer-as 3549;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER AARNET-V6-IN ];
Authentication Data Removed
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 AARNET-V6-OUT ];
peer-as 7575;
}
neighbor 2001:468:ff:8ff::2 {
description "Global Crossing";
Authentication Data Removed
peer-as 3549;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
inactive: neighbor 198.32.170.47 {
description "National Univ of Singapore via PacWave";
Authentication Data Removed
peer-as 7610;
}
/* TANET2 and ASNET back each other up */
inactive: neighbor 198.32.170.34 {
description "TANET2 via Pacific Wave";
Authentication Data Removed
peer-as 7539;
}
neighbor 207.231.240.4 {
description "AARNet T320 via Pacific Wave";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.10 {
description "GEMnet 9K-MTU via Pacific Wave";
Authentication Data Removed
peer-as 23796;
}
neighbor 207.231.241.136 {
description "TransPAC2 Los Angeles via PacWave (Secondary Backup)";
peer-as 22388;
}
neighbor 207.231.240.18 {
description "REANNZ via Pacific Wave";
peer-as 38018;
}
neighbor 207.231.240.2 {
description "AARNet M120 via Pacific Wave 9K";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.6 {
description "KREONET2 via Pacific Wave Vlan706";
Authentication Data Removed
peer-as 17579;
}
neighbor 207.231.241.149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.21 {
description "CA*Net4 via PacWave 9K MTU: VLAN706 as of 6/13/09";
Authentication Data Removed
peer-as 6509;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
inactive: neighbor 2001:468:ff:16c1::4 {
description "TANET2 IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:16c1::5 {
description "GEMNET IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 4697;
}
inactive: neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
inactive: neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:b:10::18 {
description "REANNZ IPV6 |";
peer-as 38018;
}
neighbor 2001:504:b:10::6 {
description "KREOnet2 IPv6 via Pacific Wave via Vlan706";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 17579;
}
neighbor 2001:504:b:80::149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:B:10::21 {
description "CA*net via Pacific Wave vlan706 as of 6/13/09";
family inet6 {
any;
}
Authentication Data Removed
peer-as 6509;
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR] ";
local-address 64.57.28.247;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.247;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.247;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:08::1;
family inet6 {
unicast;
}
}
neighbor 64.57.19.2 {
description "V4 peering to NMS-rpsv [NO-MONITOR]";
local-address 64.57.19.1;
family inet {
unicast;
multicast;
}
cluster 64.57.19.1;
}
neighbor 2001:468:8:11::19:2 {
description "V6 peering to NMS-rpsv [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200; ## Warning: 'spf-delay' is deprecated
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* OC192 to SALT */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 913;
}
/* NMS Rack Lan */
interface ge-2/0/0.12 {
level 1 disable;
level 2 passive;
}
interface ge-2/0/1.0 {
level 1 disable;
level 2 passive;
}
interface ge-2/0/2.0 {
level 1 disable;
level 2 passive;
}
/* NOC Rack Lan */
interface ge-3/2/0.11 {
level 1 disable;
level 2 passive;
}
/* OBS Rack Lan */
interface ge-3/2/0.13 {
level 1 disable;
level 2 passive;
}
/* VINI Mgmt */
interface ge-3/2/0.20 {
level 1 disable;
level 2 passive;
}
/* VINI Data */
interface ge-3/2/0.21 {
level 1 disable;
level 2 passive;
}
interface ge-3/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* BACKBONE to LOSA */
interface so-3/3/0.0 {
level 1 disable;
level 2 metric 1342;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group ABILENE {
mode mesh-group;
local-address 64.57.28.247;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* CENIC Los Angeles Backup */
peer 137.164.24.2 {
local-address 137.164.24.3;
}
/* Pacific Northwest Gigapop */
inactive: peer 209.124.179.1 {
local-address 209.124.179.2;
}
/* CENIC via LAX-DC */
peer 137.164.26.141 {
local-address 137.164.26.142;
}
/* PNWGP (new) */
peer 64.57.28.54 {
local-address 64.57.28.53;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* DREN - AS668, loopback to loopback */
peer 138.18.12.237 {
local-address 64.57.28.247;
}
/* NREN AS24 via directly connected int */
peer 207.231.245.131 {
local-address 207.231.245.8;
}
peer 134.55.3.6 {
local-address 207.231.240.8;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
local-address 198.32.170.43;
inactive: traceoptions {
file jrd files 10;
flag all detail;
}
/* CA*NET */
peer 198.32.170.44 {
local-address 198.32.170.43;
}
/* TANET2 */
peer 198.32.170.34 {
local-address 198.32.170.43;
}
/* National Univ of Singapore */
peer 202.3.135.252 {
local-address 198.32.170.43;
}
/* KREOnet2 [NO-MONITOR] */
peer 198.32.170.33 {
local-address 198.32.170.43;
}
/* GEMnet 9K */
peer 207.231.240.10 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.193 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.194 {
local-address 207.231.240.8;
}
/* KREOnet2 Vlan706 */
peer 207.231.240.6 {
local-address 207.231.240.8;
}
/* AARNET lax-b-bb1 */
peer 207.231.241.149 {
local-address 207.231.241.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.2 {
local-address 207.231.240.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.4 {
local-address 207.231.240.8;
}
peer 207.231.240.21 {
local-address 207.231.240.8;
}
}
group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing */
peer 67.17.81.229 {
local-address 64.57.29.9;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list CALREN-PARTICIPANT {
36.0.0.0/8;
44.0.0.0/8;
63.202.49.0/24;
63.207.252.0/22;
63.247.0.0/19;
64.54.0.0/16;
67.58.32.0/19;
68.65.160.0/20;
68.181.0.0/16;
128.3.0.0/16;
128.9.0.0/16;
128.12.0.0/16;
128.32.0.0/16;
128.48.0.0/16;
128.54.0.0/16;
128.97.0.0/16;
128.111.0.0/16;
128.114.0.0/16;
128.120.0.0/16;
128.125.0.0/16;
128.149.0.0/16;
128.195.0.0/16;
128.196.0.0/16;
128.200.0.0/16;
128.218.0.0/16;
129.219.0.0/16;
130.237.14.0/23;
131.179.0.0/16;
131.215.0.0/16;
131.216.0.0/16;
131.243.0.0/16;
132.239.0.0/16;
132.249.0.0/16;
134.4.0.0/16;
134.79.0.0/16;
134.154.0.0/16;
134.173.0.0/16;
134.197.0.0/16;
136.152.0.0/16;
136.235.0.0/16;
137.78.0.0/16;
137.79.0.0/16;
137.110.0.0/16;
137.131.0.0/16;
137.164.0.0/16;
137.228.0.0/16;
138.23.0.0/16;
138.202.0.0/16;
140.148.0.0/16;
140.173.0.0/16;
149.142.0.0/16;
149.169.0.0/16;
150.135.0.0/16;
152.79.0.0/16;
153.105.0.0/16;
160.87.0.0/16;
164.67.0.0/16;
165.157.0.0/16;
169.228.0.0/16;
169.228.64.0/21;
169.228.128.0/19;
169.228.160.0/20;
169.229.0.0/16;
169.230.0.0/16;
169.231.0.0/16;
169.232.0.0/16;
169.233.0.0/16;
169.234.0.0/16;
169.235.0.0/16;
169.237.0.0/16;
170.91.128.0/18;
171.64.0.0/14;
192.5.10.0/24;
192.5.19.0/24;
192.12.19.0/24;
192.12.69.0/24;
192.12.207.0/24;
192.12.234.0/24;
192.17.47.0/24;
192.26.250.0/23;
192.26.251.0/24;
192.26.252.0/23;
192.26.254.0/24;
192.31.21.0/24;
192.31.43.0/24;
192.31.95.0/24;
192.31.105.0/24;
192.31.146.0/24;
192.31.153.0/24;
192.31.161.0/24;
192.35.164.0/22;
192.35.169.0/24;
192.35.209.0/24;
192.35.210.0/24;
192.35.212.0/23;
192.35.214.0/24;
192.35.215.0/24;
192.35.221.0/26;
192.35.222.0/24;
192.35.225.0/24;
192.35.228.0/24;
192.41.208.0/24;
192.42.82.0/24;
192.58.221.0/24;
192.65.200.0/24;
192.67.20.0/24;
192.67.21.0/24;
192.67.81.0/24;
192.67.82.0/24;
192.80.43.0/24;
192.84.86.0/24;
192.100.172.0/24;
192.101.37.0/24;
192.101.42.0/24;
192.107.102.0/24;
192.107.192.0/24;
192.135.237.0/24;
192.135.238.0/24;
192.138.85.0/24;
192.150.186.0/23;
192.150.216.0/23;
192.150.216.0/24;
192.154.2.0/24;
192.154.6.0/24;
192.159.138.0/24;
192.159.141.0/24;
192.172.226.0/24;
192.251.158.0/24;
198.17.46.0/23;
198.17.47.0/24;
198.17.101.0/24;
198.32.16.0/24;
198.32.20.0/24;
198.32.248.0/24;
198.32.249.0/24;
198.32.251.0/24;
198.51.111.0/24;
198.94.52.0/24;
198.133.185.0/24;
198.134.135.0/24;
198.147.151.0/24;
198.148.64.0/21;
198.148.72.0/22;
198.151.212.0/24;
198.183.128.0/22;
198.186.182.0/24;
198.187.221.0/24;
198.187.222.0/24;
198.202.64.0/18;
198.202.126.0/23;
199.105.0.0/18;
199.120.153.0/24;
199.164.237.0/24;
199.165.16.0/24;
199.165.17.0/24;
199.165.19.0/24;
199.233.182.0/24;
200.23.5.0/24;
204.27.250.0/24;
204.48.128.0/17;
204.57.0.0/21;
204.63.224.0/21;
204.80.191.0/24;
204.88.128.0/19;
204.115.168.0/21;
204.118.32.0/24;
204.128.156.0/24;
204.250.96.0/20;
205.143.88.0/21;
205.153.156.0/24;
205.153.157.0/24;
205.153.158.0/24;
205.153.159.0/24;
205.159.27.0/24;
205.167.46.0/23;
205.173.40.0/21;
205.174.240.0/20;
206.78.128.0/19;
206.78.144.0/21;
206.78.232.0/22;
206.117.32.0/24;
206.194.0.0/18;
206.197.121.0/24;
206.207.0.0/24;
206.207.42.0/24;
206.213.128.0/18;
207.31.0.0/18;
207.31.128.0/17;
207.197.0.0/18;
207.197.64.0/18;
208.1.64.0/19;
208.68.28.0/22;
208.75.160.0/21;
208.94.60.0/22;
209.68.128.0/19;
}
prefix-list CALREN-CORPORATE {
192.6.26.0/24;
192.101.37.0/24;
}
prefix-list CALREN-SPONSORED {
134.114.0.0/16;
140.252.0.0/16;
192.33.140.0/23;
192.174.2.0/24;
192.174.3.0/24;
192.175.48.0/24;
199.104.148.0/22;
199.104.152.0/21;
199.111.161.0/24;
204.107.152.0/24;
204.152.100.0/22;
206.197.219.0/24;
207.241.224.0/20;
208.70.24.0/21;
209.242.165.0/24;
209.242.165.32/27;
209.242.165.128/25;
209.242.166.0/24;
209.242.166.160/27;
216.230.176.0/20;
}
prefix-list CALREN-SEGP {
63.199.32.0/21;
63.247.0.0/19;
64.39.112.0/20;
76.78.96.0/19;
129.8.0.0/16;
129.65.0.0/16;
130.17.0.0/16;
130.65.0.0/16;
130.86.0.0/16;
130.150.0.0/16;
130.157.0.0/16;
130.166.0.0/16;
130.182.0.0/16;
130.191.0.0/16;
130.212.0.0/16;
132.241.0.0/16;
134.71.0.0/16;
134.89.0.0/16;
134.139.0.0/16;
134.154.0.0/16;
136.168.0.0/16;
137.145.0.0/16;
137.150.0.0/16;
137.151.0.0/16;
137.159.0.0/16;
137.159.192.0/18;
138.202.0.0/16;
139.182.0.0/16;
140.144.0.0/16;
143.254.0.0/16;
144.37.0.0/16;
146.244.0.0/16;
147.144.0.0/16;
153.18.0.0/16;
155.135.0.0/16;
156.1.0.0/16;
156.3.0.0/16;
157.233.0.0/16;
159.115.0.0/16;
160.227.0.0/16;
163.150.0.0/16;
165.196.0.0/16;
169.199.0.0/16;
169.236.0.0/16;
192.30.115.0/24;
192.55.87.0/24;
192.77.116.0/24;
192.78.182.0/24;
192.86.78.0/24;
192.103.56.0/24;
192.104.166.0/24;
192.111.213.0/24;
192.138.184.0/24;
192.189.45.0/24;
192.189.46.0/24;
192.189.47.0/24;
192.189.48.0/24;
192.190.38.0/24;
192.190.45.0/24;
192.195.41.0/24;
192.195.153.0/24;
192.195.154.0/23;
192.207.184.0/24;
198.49.104.0/24;
198.62.142.0/24;
198.102.103.0/24;
198.133.204.0/24;
198.137.147.0/24;
198.137.151.0/24;
198.137.152.0/23;
198.137.152.0/24;
198.137.153.0/24;
198.137.224.0/24;
198.175.250.0/24;
198.175.251.0/24;
198.175.252.0/24;
198.181.223.0/24;
198.181.224.0/23;
198.181.226.0/24;
198.188.0.0/16;
198.189.0.0/16;
198.202.144.0/24;
198.202.145.0/24;
198.207.153.0/24;
198.207.154.0/24;
198.207.155.0/24;
198.207.156.0/24;
199.88.11.0/24;
199.88.104.0/23;
199.88.112.0/24;
199.230.32.0/20;
199.230.48.0/22;
199.245.155.0/24;
199.253.32.0/20;
199.253.48.0/21;
204.17.179.0/24;
204.17.189.0/24;
204.62.200.0/24;
204.69.0.0/21;
204.75.249.0/24;
204.75.250.0/24;
204.75.251.0/24;
204.75.252.0/24;
204.75.253.0/24;
204.75.254.0/24;
204.75.255.0/24;
204.100.0.0/16;
204.100.64.0/18;
204.100.128.0/17;
204.102.0.0/16;
204.102.78.0/24;
204.129.0.0/16;
204.147.16.0/20;
204.155.0.0/20;
204.238.95.0/24;
204.238.101.0/24;
205.154.0.0/16;
205.154.240.0/23;
205.154.241.0/24;
205.154.242.0/24;
205.155.0.0/16;
205.174.208.0/20;
206.15.224.0/19;
206.78.0.0/19;
206.78.32.0/19;
206.78.64.0/19;
206.78.96.0/20;
206.78.128.0/20;
206.78.144.0/22;
206.78.148.0/23;
206.78.151.0/24;
206.78.153.0/24;
206.78.154.0/23;
206.78.156.0/22;
206.78.160.0/19;
206.78.192.0/19;
206.78.224.0/20;
206.78.240.0/20;
206.117.0.0/16;
206.201.240.0/20;
206.211.32.0/19;
206.211.128.0/19;
206.227.0.0/18;
207.7.139.0/24;
207.7.144.0/24;
207.21.33.0/24;
207.21.34.0/24;
207.31.128.0/18;
207.62.0.0/16;
207.99.128.0/18;
207.157.128.0/17;
207.166.0.0/18;
207.212.206.0/23;
207.233.0.0/17;
208.71.24.0/22;
209.66.192.0/19;
209.79.64.0/19;
209.79.154.0/23;
209.79.156.0/23;
209.129.0.0/16;
209.129.38.0/23;
209.129.40.0/22;
209.129.44.0/23;
209.132.144.0/24;
209.147.0.0/18;
209.188.128.0/17;
209.232.36.0/22;
209.232.144.0/20;
216.100.88.0/21;
216.102.12.0/22;
216.102.72.0/21;
216.102.80.0/22;
}
prefix-list HAWAII-PARTICIPANT {
128.171.0.0/16;
132.160.0.0/16;
/* NOAA */
140.90.183.0/24;
/* NOAA */
140.90.184.0/24;
/* NOAA */
140.90.201.0/24;
166.122.0.0/16;
168.105.0.0/16;
205.166.204.0/23;
}
prefix-list HAWAII-SPONSORED;
prefix-list HAWAII-SEGP {
165.248.0.0/16;
208.65.120.0/22;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list PACIFICNORTHWESTGP-PARTICIPANTS6 {
2001:1860::/34;
2001:1860:4000::/34;
2001:1860:8000::/34;
2001:1860:c000::/34;
2607:f278::/32;
2610:10::/32;
}
prefix-list PNWG-PARTICIPANT {
/* Portland State University */
38.103.168.0/22;
69.91.128.0/17;
128.95.0.0/16;
/* University of Hawaii */
128.171.0.0/16;
128.208.0.0/16;
129.95.0.0/16;
129.101.0.0/16;
/* Pacific Northwest National Laboratory */
130.20.0.0/16;
131.252.0.0/16;
/* University of Hawaii */
132.160.0.0/16;
137.53.0.0/16;
140.32.128.0/24;
/* NOAA via U Hawaii */
140.90.183.0/24;
/* NOAA via U Hawaii */
140.90.184.0/24;
/* NOAA via U Hawaii */
140.90.201.0/24;
140.142.0.0/16;
150.131.0.0/16;
/* University of Hawaii */
166.122.0.0/16;
/* University of Hawaii */
168.105.0.0/16;
/* University of Washington */
192.26.136.0/24;
192.35.99.0/24;
/* Pacific Northwest National Laboratory */
192.35.193.0/24;
192.46.80.0/24;
192.68.161.0/24;
192.73.48.0/24;
192.94.21.0/24;
/* Pacific Northwest Natioanal Laboratory */
192.101.100.0/22;
/* Pacific Northwest Natioanal Laboratory */
192.101.104.0/22;
/* Pacific Northwest Natioanal Laboratory */
192.101.108.0/23;
/* Pacific Northwest National Laboratory */
192.148.93.0/24;
/* Pacific Northwest National Laboratory */
192.148.96.0/23;
192.160.47.0/24;
192.207.124.0/24;
192.220.239.0/24;
192.231.192.0/24;
198.17.13.0/24;
198.32.40.0/24;
198.32.170.0/23;
198.48.64.0/19;
198.48.76.0/22;
198.104.160.0/20;
198.207.188.0/24;
199.33.240.0/24;
199.165.64.0/18;
199.184.112.0/22;
199.184.116.0/23;
199.245.238.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
204.128.243.0/24;
204.201.0.0/20;
204.201.112.0/20;
204.203.128.0/19;
204.203.240.0/22;
/* University of Hawaii */
205.166.204.0/23;
205.175.96.0/19;
205.175.112.0/24;
207.196.128.0/17;
207.196.155.0/24;
207.196.156.0/24;
207.196.158.0/23;
207.196.167.0/24;
207.196.168.0/22;
207.196.172.0/23;
207.196.175.0/24;
207.196.200.0/23;
207.196.202.0/23;
207.196.204.0/22;
/* PNW Gigapop */
209.124.176.0/21;
/* PNW Gigapop */
209.124.184.0/21;
}
prefix-list PNWG-CORPORATE {
131.107.151.0/24;
}
prefix-list PNWG-SPONSORED {
/* Comotiv Systems */
128.241.65.0/24;
134.39.60.0/24;
153.90.0.0/16;
161.55.0.0/16;
168.156.80.0/20;
168.156.96.0/19;
192.31.215.0/24;
192.42.7.0/24;
192.46.80.0/24;
192.105.205.0/24;
192.150.88.0/24;
207.196.128.0/24;
207.196.130.0/23;
207.196.150.0/23;
207.196.152.0/24;
207.196.160.0/24;
207.196.161.0/24;
207.196.162.0/23;
207.196.164.0/24;
207.196.165.0/24;
207.196.166.0/24;
207.196.179.0/24;
207.196.208.0/21;
207.196.216.0/22;
207.196.220.0/23;
207.196.240.0/20;
/* Comotive Systems */
209.162.207.0/24;
}
prefix-list PNWG-SEGP {
66.96.64.0/20;
/* Washington state k-20 telecomm network */
68.179.192.0/19;
/* Washington State K20 Network */
69.56.64.0/18;
/* Washington State K-20 Educational Telecommunications Network */
69.166.32.0/19;
72.233.128.0/17;
134.39.0.0/16;
134.121.0.0/16;
/* Alaska Distance Education Consortium */
137.229.0.0/16;
140.160.0.0/16;
146.187.0.0/16;
/* Pacific Lutheran University */
152.117.0.0/16;
152.157.0.0/16;
162.78.0.0/16;
164.116.0.0/16;
/* via University of Hawaii */
165.248.0.0/16;
168.99.0.0/16;
168.156.0.0/16;
168.212.0.0/16;
169.204.0.0/16;
192.31.216.0/24;
/* Whitman University */
192.34.239.0/24;
192.56.246.0/23;
192.56.248.0/21;
/* Communications Technology Ctr, ctc.edu */
192.64.1.0/24;
192.94.22.0/24;
192.102.5.0/24;
192.124.98.0/24;
192.138.182.0/24;
192.160.133.0/24;
192.206.201.0/24;
192.207.104.0/24;
192.211.16.0/20;
192.222.32.0/19;
192.247.128.0/17;
/* Whitworth College, Spokane */
198.29.0.0/22;
198.104.64.0/18;
198.104.232.0/21;
/* Whitman College */
199.89.174.0/23;
206.193.0.0/18;
/* Washington State SEGP */
207.108.56.0/24;
/* Washington State K20 Network */
207.180.96.0/19;
/* Washington State K20 Network */
207.180.96.0/20;
207.207.96.0/19;
207.207.126.0/24;
207.207.127.0/24;
/* Hawaii segp */
208.65.120.0/22;
216.186.0.0/17;
216.186.0.0/18;
216.186.0.0/19;
216.186.64.0/20;
}
prefix-list CENIC-PARTICIPANT6 {
2620:000:0CE0::/48;
2620:0:DD0::/48;
}
prefix-list CALREN-PARTICIPANT6 {
2001:448:3::/48;
2001:468:0e00::/40;
2001:478:ff00::/40;
2001:478:ff00::/48;
2001:1878::/32;
2001:48d0::/32;
2001:48d0:c000::/34;
2607:f010::/32;
2607:F088::/32;
2607:F140::/32;
2607:F290::/32;
2607:f378::/32;
2607:F380::/32;
2607:F6D0::/32;
2607:F720::/32;
2620:000:0CE0::/48;
2620:0:DD0::/48;
2800:10:10::/48;
2800:10:11::/48;
2800:10:16::/48;
}
prefix-list GOOGLE-PARTICIPANT6 {
2001:4860:1::/48;
}
prefix-list CPS-PNWG {
38.103.168.0/22;
63.230.184.0/23;
63.230.186.0/24;
63.230.187.0/24;
66.96.64.0/20;
66.96.69.192/27;
67.201.192.0/18;
68.179.192.0/19;
69.56.64.0/18;
69.56.64.0/20;
69.91.128.0/17;
69.166.32.0/19;
72.14.32.0/19;
72.14.60.0/24;
72.14.61.0/24;
72.14.62.0/24;
72.233.128.0/17;
128.95.0.0/16;
128.208.0.0/16;
129.95.0.0/16;
129.101.0.0/16;
130.20.0.0/16;
131.252.0.0/16;
132.160.0.0/17;
134.39.0.0/16;
134.121.0.0/16;
137.53.0.0/16;
137.229.0.0/16;
140.107.0.0/16;
140.142.0.0/16;
140.160.0.0/16;
146.76.0.0/16;
146.79.0.0/16;
146.187.0.0/16;
147.55.0.0/16;
147.56.0.0/16;
150.131.0.0/16;
152.113.0.0/16;
152.157.0.0/16;
152.157.64.0/20;
153.90.0.0/16;
155.67.0.0/16;
156.74.0.0/16;
156.74.249.0/24;
156.74.250.0/24;
157.201.0.0/16;
159.1.0.0/16;
161.55.0.0/16;
162.78.0.0/16;
164.110.0.0/16;
164.116.0.0/16;
165.151.0.0/16;
166.122.0.0/16;
167.72.0.0/16;
168.99.0.0/16;
168.156.0.0/16;
168.156.80.0/20;
168.156.96.0/20;
168.156.112.0/20;
168.212.0.0/16;
168.212.244.0/22;
169.204.0.0/16;
192.31.215.0/24;
192.31.216.0/24;
192.35.193.0/24;
192.42.7.0/24;
192.46.80.128/26;
192.56.248.0/21;
192.64.1.0/24;
192.73.48.0/24;
192.94.21.0/24;
192.94.22.0/24;
192.94.25.0/24;
192.101.100.0/22;
192.101.104.0/22;
192.101.108.0/23;
192.102.5.0/24;
192.105.205.0/24;
192.124.98.0/24;
192.138.182.0/24;
192.148.93.0/24;
192.148.96.0/23;
192.149.56.0/24;
192.150.88.0/24;
192.150.143.0/24;
192.160.47.0/24;
192.160.133.0/24;
192.190.33.0/24;
192.206.201.0/24;
192.207.104.0/24;
192.207.124.0/24;
192.209.32.0/20;
192.209.48.0/21;
192.209.56.0/22;
192.209.60.0/23;
192.211.16.0/20;
192.230.0.0/20;
192.231.192.0/24;
192.247.128.0/17;
198.1.16.0/21;
198.1.24.0/23;
198.7.64.0/19;
198.17.13.0/24;
198.29.0.0/22;
198.32.170.0/24;
198.32.180.0/24;
198.32.195.0/24;
198.48.64.0/19;
198.48.76.0/22;
198.62.236.0/24;
198.99.100.0/23;
198.105.128.0/20;
198.135.121.0/24;
198.180.4.0/22;
198.181.251.0/24;
198.186.220.0/23;
198.187.0.0/22;
198.207.188.0/24;
198.238.0.0/16;
198.239.0.0/16;
199.47.32.0/22;
199.47.36.0/24;
199.165.64.0/18;
199.165.68.0/24;
199.184.112.0/22;
199.184.116.0/23;
199.233.108.0/24;
199.245.112.0/23;
199.245.238.0/24;
199.248.159.0/24;
199.248.160.0/23;
199.248.162.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
204.128.243.0/24;
204.134.149.0/24;
205.143.49.0/24;
205.159.96.0/24;
205.175.96.0/19;
206.193.0.0/18;
206.194.128.0/18;
206.208.64.0/21;
207.180.96.0/19;
207.183.0.0/19;
207.196.128.0/24;
207.196.130.0/23;
207.196.150.0/23;
207.196.152.0/24;
207.196.155.0/24;
207.196.156.0/24;
207.196.158.0/23;
207.196.160.0/24;
207.196.161.0/24;
207.196.162.0/23;
207.196.164.0/24;
207.196.165.0/24;
207.196.166.0/24;
207.196.167.0/24;
207.196.168.0/22;
207.196.172.0/23;
207.196.175.0/24;
207.196.179.0/24;
207.196.208.0/21;
207.196.216.0/22;
207.196.220.0/23;
207.196.240.0/20;
207.207.125.0/24;
207.207.127.0/24;
207.231.240.0/25;
207.231.241.0/24;
208.146.45.96/27;
209.74.192.0/19;
209.124.176.0/21;
209.124.176.128/27;
209.124.176.160/27;
209.124.176.208/32;
209.124.176.209/32;
209.124.176.210/32;
209.124.176.211/32;
209.124.176.212/32;
209.124.176.213/32;
209.124.176.214/32;
209.124.176.215/32;
209.124.176.216/32;
209.124.176.217/32;
209.124.176.218/32;
209.124.176.224/31;
209.124.176.226/31;
209.124.176.228/31;
209.124.177.160/28;
209.124.177.177/32;
209.124.177.178/32;
209.124.177.181/32;
209.124.178.128/28;
209.124.179.68/30;
209.124.180.0/25;
209.124.180.128/26;
209.124.182.0/25;
209.124.183.0/28;
209.124.183.16/28;
209.124.183.32/28;
209.124.183.48/28;
209.124.183.64/28;
209.124.183.80/28;
209.124.183.96/28;
209.124.183.128/28;
209.124.183.160/28;
209.124.183.192/28;
209.124.183.208/28;
209.124.184.0/21;
209.124.184.0/27;
209.124.184.128/26;
209.124.185.0/26;
209.124.186.0/24;
209.124.189.0/24;
216.186.0.0/17;
216.210.0.0/18;
}
policy-statement AARNET-ITN-IN {
term hawaii-participant {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then next policy;
}
term hawaii-segp {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SEGP;
next policy;
}
}
term hawaii-sponsored {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement AARNET-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term allow-inet6.2 {
from protocol bgp;
to rib inet6.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement AARNET-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
term accept {
from {
protocol bgp;
rib inet6.2;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement BLOCK-FACEBOOK {
term block {
from {
route-filter 69.63.176.0/20 exact;
}
then reject;
}
term not-facebook {
then next policy;
}
}
/* Calren backup peering. Be sure to add any prefixes to LA prefix list, too! */
policy-statement CALREN-IN {
term participant {
from {
prefix-list-filter CALREN-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter CALREN-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter CALREN-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term corporate {
from {
prefix-list-filter CALREN-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement CALREN-IN6 {
term accept {
from {
family inet6;
route-filter 2001:448:3::/48 exact;
route-filter 2001:468:0e00::/40 upto /48;
/* Nicaragua via CENIC */
route-filter 2800:10:16::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:11::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:10::/48 exact;
/* SDSC */
route-filter 2001:48d0::/32 exact;
/* Allow SDSC more specific, but tagged with no-export */
route-filter 2001:48d0::/32 prefix-length-range /33-/35 {
community add NO-EXPORT;
}
/* UC Berkeley via CENIC */
route-filter 2607:F140::/32 exact;
/* UCLA via CENIC */
route-filter 2607:f010::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS11274-OUT {
term match {
from community CPS-AS11274-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11404-OUT {
term match {
from community CPS-AS11404-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11666-OUT {
term match {
from community CPS-AS11666-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS12111-OUT {
term match {
from community CPS-AS12111-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13680-OUT {
term match {
from community CPS-AS13680-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term match {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15133-OUT {
term match {
from community CPS-AS15133-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS16509-OUT {
term match {
from community CPS-AS16509-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1785-OUT {
term match {
from community CPS-AS1785-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19029-OUT {
term match {
from community CPS-AS19029-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19080-OUT {
term match {
from community CPS-AS19080-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS21947-OUT {
term match {
from community CPS-AS21947-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS23260-OUT {
term match {
from community CPS-AS23260-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS23504-OUT {
term match {
from community CPS-AS23504-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS25973-OUT {
term match {
from community CPS-AS25973-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27008-OUT {
term match {
from community CPS-AS27008-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27345-OUT {
term match {
from community CPS-AS27345-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term match {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36824-OUT {
term match {
from community CPS-AS36824-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term match {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term match {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6456-OUT {
term match {
from community CPS-AS6456-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6539-OUT {
term match {
from community CPS-AS6539-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8047-OUT {
term match {
from community CPS-AS8047-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CENIC-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter CENIC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-GOOGLE-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter GOOGLE-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PNWG-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-PNWG orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PNWG-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter PACIFICNORTHWESTGP-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement CUDI-PREF {
term pref {
from {
protocol bgp;
as-path CUDI;
}
to rib inet.2;
then {
local-preference subtract 101;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FROM-MICROSOFT {
term block-commercial-asns {
from {
as-path [ COMMERCIAL PRIVATE ];
family inet;
}
then reject;
}
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
term allow-v4-unicast {
from {
family inet;
route-filter 64.4.0.0/18 upto /28;
route-filter 64.41.193.0/24 upto /28;
route-filter 65.52.0.0/15 upto /28;
route-filter 65.52.0.0/14 upto /28;
route-filter 65.54.96.0/20 upto /28;
route-filter 65.54.112.0/20 upto /28;
route-filter 65.54.128.0/19 upto /28;
route-filter 65.54.160.0/19 upto /28;
route-filter 65.54.192.0/19 upto /28;
route-filter 65.54.224.0/19 upto /28;
route-filter 65.55.0.0/16 upto /28;
route-filter 65.59.232.0/24 upto /28;
route-filter 65.59.233.0/24 upto /28;
route-filter 65.59.234.0/24 upto /28;
route-filter 131.107.0.0/16 upto /28;
route-filter 157.54.0.0/15 upto /28;
route-filter 157.56.0.0/14 upto /28;
route-filter 157.60.0.0/16 upto /28;
route-filter 167.220.0.0/16 upto /28;
route-filter 199.2.137.0/24 upto /28;
route-filter 199.103.90.0/23 upto /28;
route-filter 204.79.135.0/24 upto /28;
route-filter 204.79.188.0/24 upto /28;
route-filter 204.79.252.0/24 upto /28;
route-filter 204.95.96.0/20 upto /28;
route-filter 204.182.144.0/24 upto /28;
route-filter 204.255.244.0/23 upto /28;
route-filter 205.248.96.0/19 upto /28;
route-filter 206.138.168.0/21 upto /28;
route-filter 207.46.0.0/16 upto /28;
route-filter 207.46.32.0/20 upto /28;
route-filter 207.46.96.0/20 upto /28;
route-filter 207.46.96.0/19 upto /28;
route-filter 207.46.128.0/18 upto /28;
route-filter 207.46.192.0/18 upto /28;
route-filter 207.68.128.0/18 upto /28;
route-filter 207.68.160.0/19 upto /28;
route-filter 207.68.167.0/24 upto /28;
route-filter 207.82.250.0/23 upto /28;
route-filter 207.82.252.0/23 upto /28;
route-filter 209.1.15.0/24 upto /28;
route-filter 209.1.112.0/24 upto /28;
route-filter 209.1.113.0/24 upto /28;
route-filter 209.185.128.0/24 upto /28;
route-filter 209.185.129.0/24 upto /28;
route-filter 209.185.130.0/23 upto /28;
route-filter 209.185.240.0/22 upto /28;
route-filter 209.240.192.0/19 upto /28;
route-filter 209.240.204.0/22 upto /28;
route-filter 209.240.211.0/24 upto /28;
route-filter 216.32.180.0/22 upto /28;
route-filter 216.32.240.0/22 upto /28;
route-filter 216.33.148.0/22 upto /28;
route-filter 216.33.151.0/24 upto /28;
route-filter 216.33.236.0/22 upto /28;
route-filter 216.33.240.0/22 upto /28;
route-filter 216.34.51.0/24 upto /28;
route-filter 216.200.206.0/24 upto /28;
}
then {
community add CONNECTOR-ONLY;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MICROSOFT-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
community [ FEDNET ITN NONITN ];
}
then reject;
}
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER BLOCK-TO-COMMERCIAL ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PNWG-IN {
term participant {
from {
prefix-list-filter PNWG-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter PNWG-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter PNWG-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term corporate {
from {
prefix-list-filter PNWG-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PNWG-IN6 {
term accept {
from {
family inet6;
/* Pacific Northwest Gigapop */
route-filter 2001:1860::/32 exact;
/* University of Hawaii */
route-filter 2001:468:1c00::/40 exact;
/* Microsoft */
route-filter 2001:4898::/32 exact;
/* PNWGP */
route-filter 2001:1860:C000::/34 exact;
/* PNWGP */
route-filter 2001:1860::/34 exact;
/* U of Hawaii */
route-filter 2607:F278::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement TEMP-OBSERVATORY-MSDP-BLOCK {
term bad-sources {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:0016::/48 longer;
route-filter 2001:468:ff:1600::/56 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/2/0.0 so-0/0/0.0 so-3/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS10310-OUT members *:10310;
community CPS-AS11274-OUT members *:11274;
community CPS-AS11404-OUT members *:11404;
community CPS-AS11666-OUT members *:11666;
community CPS-AS12111-OUT members *:12111;
community CPS-AS13645-OUT members *:13645;
community CPS-AS13680-OUT members *:13680;
community CPS-AS13768-OUT members *:13768;
community CPS-AS14361-OUT members *:14361;
community CPS-AS15133-OUT members *:15133;
community CPS-AS15169-OUT members *:15169;
community CPS-AS15290-OUT members *:15290;
community CPS-AS16509-OUT members *:16509;
community CPS-AS1784-OUT members *:1784;
community CPS-AS1785-OUT members *:1785;
community CPS-AS19029-OUT members *:19029;
community CPS-AS19080-OUT members *:19080;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS21947-OUT members *:21947;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS23260-OUT members *:23260;
community CPS-AS23342-OUT members *:23342;
community CPS-AS23352-OUT members *:23352;
community CPS-AS23504-OUT members *:23504;
community CPS-AS25973-OUT members *:25973;
community CPS-AS27008-OUT members *:27008;
community CPS-AS27345-OUT members *:27345;
community CPS-AS27524-OUT members *:27524;
community CPS-AS3303-OUT members *:3303;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36561-OUT members *:36561;
community CPS-AS36824-OUT members *:36824;
community CPS-AS4181-OUT members *:4181;
community CPS-AS4513-OUT members *:4513;
community CPS-AS4565-OUT members *:4565;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6432-OUT members *:6432;
community CPS-AS6456-OUT members *:6456;
community CPS-AS6539-OUT members *:6539;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8047-OUT members *:8047;
community CPS-AS9318-OUT members *:9318;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path ABILENE ".* 11537 .*";
as-path CUDI " .* 2153 18592 .* ";
as-path NLR ".* 19401 .*";
as-path HAWAII-AS ".* 6360 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
inactive: class-of-service {
classifiers {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-points 110;
}
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
drop-profiles {
basic {
fill-level 100 drop-probability 100;
}
}
rewrite-rules {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
basic {
forwarding-class best-effort scheduler best-effort;
forwarding-class network-control scheduler network-control;
forwarding-class assured-forwarding scheduler LSP-L2;
forwarding-class expedited-forwarding scheduler expedited-forwarding;
}
}
schedulers {
LSP-L2 {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
network-control {
transmit-rate percent 5;
buffer-size percent 5;
priority strict-high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
best-effort {
transmit-rate percent 85;
buffer-size percent 85;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
expedited-forwarding {
transmit-rate percent 0;
buffer-size percent 0;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
}
}
Firewall Stanza Removed removed
newy32aoa
## Last commit: 2009-09-25 16:14:04 UTC by litvanyi
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name NEWY-re0;
}
}
re1 {
system {
host-name NEWY-re1;
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 2;
source-address 64.57.28.242;
}
140.182.44.69 {
timeout 2;
source-address 64.57.28.242;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-CHIC 10GE | I2-CHIC-NEWY32AOA-10GE-05239";
family inet {
address 64.57.28.73/31;
}
family inet6 {
address 2001:468:ff:602::1/64;
}
}
}
xe-0/1/0 {
description "[CPS] Direct interface to PAIX-NY exchange fabric";
vlan-tagging;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 6 {
description "[CPS] PAIX New York Public Switch (10G)";
vlan-id 6;
family inet {
mtu 1500;
address 198.32.118.55/24;
}
family inet6 {
address 2001:504:f::37/48;
}
}
}
xe-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Northern Crossroads (NOX) via I2-BOST-NEWY32AOA-10GE-04181";
vlan-tagging;
mtu 9192;
unit 110 {
description "Northern Crossroads (NOX) R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 192.5.89.222/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0646::2/64;
}
}
unit 111 {
description "[CPS] Northern Crossroads (NOX)";
vlan-id 111;
family inet {
mtu 9000;
address 207.210.142.2/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:0646::2/64;
}
}
}
xe-0/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.18/31;
}
family inet6 {
address 2001:468:ff:906::1/64;
}
family mpls {
mtu 9174;
}
}
}
xe-1/1/0 {
description "Internet2 CPS switch (via Internet2 New York Metro Infinera Ring)";
vlan-tagging;
mtu 9134;
unit 11 {
description "PAIX NY Management Subnet";
vlan-id 11;
family inet {
address 64.57.28.161/28;
}
}
unit 100 {
description "[CPS] Global Crossing Private v4/v6 peering";
vlan-id 100;
family inet {
filter {
input connector-in;
}
address 64.208.110.26/30;
}
family inet6 {
address 2001:450:2008:2B::2/64;
}
}
unit 101 {
description "[CPS] Global Crossing Private Multicast-Only Peering";
vlan-id 101;
family inet {
filter {
input connector-in;
}
address 64.208.110.186/30;
}
family inet6 {
address 2001:450:2008:21::2/64;
}
}
unit 102 {
description "[CPS] Google private peering";
vlan-id 102;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.20/31;
}
family inet6 {
mtu 1500;
address 2001:4860:1:1:0:2D11:0:7/127;
}
}
}
xe-1/2/0 {
apply-groups INTERFACE-CONNECTOR;
mtu 9192;
unit 0 {
description Nysernet;
family inet {
mtu 9000;
address 199.109.4.154/30;
}
family inet6 {
mtu 9000;
address 2001:468:900:315::2/64;
}
}
}
xe-1/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.74/31;
}
family inet6 {
address 2001:468:ff:6f9::1/64;
}
}
}
xe-2/1/0 {
description "RESERVED FOR FUTURE CPS [NO-MONITOR]";
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "MAGPI via I2-NEWY32AOA-PHIL-10GE-05205";
vlan-tagging;
mtu 9192;
unit 12 {
description "MAGPI IP Connection";
vlan-id 12;
family inet {
mtu 9000;
address 216.27.100.54/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0658::1/64;
}
}
unit 38 {
description "[CPS] MAGPI";
vlan-id 38;
family inet {
mtu 1500;
address 216.27.100.62/30;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:0658::1/64;
}
}
}
xe-2/3/0 {
inactive: apply-groups INTERFACE-CONNECTOR;
description sw.manlan.internet2.edu:Te11/3;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 1 {
description "MANLAN Rack Lan";
vlan-id 1;
family inet {
mtu 1500;
filter {
output manlan-management;
}
address 198.32.154.6/25;
address 198.32.14.129/27;
}
family iso;
}
unit 16 {
description "DRAC Project";
vlan-id 16;
family inet {
mtu 9000;
address 198.32.154.133/30;
}
}
unit 102 {
description "GEANT | AS:20965";
vlan-id 102;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.50/31;
}
family iso;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c5::1/64;
}
}
unit 104 {
description CAnet-Toronto;
vlan-id 104;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.117/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:23::2/64;
}
}
unit 107 {
description SINET;
vlan-id 107;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 150.99.200.194/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:2f8:1:ff::e/126;
}
}
unit 108 {
description QATAR;
vlan-id 108;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 80.231.134.30/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
unit 109 {
description CAnet-Montreal;
vlan-id 109;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.93/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:24::2/64;
}
}
unit 110 {
description CERN;
vlan-id 110;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.85/30;
}
}
unit 112 {
description ESnet;
vlan-id 112;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.124.216.158/30;
}
}
unit 113 {
description ESnet-v6-only;
vlan-id 199;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c6::1/64;
}
}
unit 114 {
description "MCIT/ENERGI (Egypt)";
vlan-id 114;
family inet {
mtu 1486;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.65/30;
}
}
unit 115 {
description "USLHCnet (CERN)";
vlan-id 115;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.69/30;
}
}
unit 116 {
description "ANKABUT (United Arab Emirates) [NO-MONITOR]";
vlan-id 116;
family inet {
filter {
input connector-in;
output interface-out;
}
address 198.32.11.109/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c3::1/64;
}
}
unit 117 {
description "TWAREN| AS:7539";
vlan-id 117;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 211.79.48.158/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:E10:FFFF:307::2/64;
}
}
unit 120 {
description "SURFnet | AS:1103";
vlan-id 120;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.65/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c2::1/64;
}
}
unit 456 {
description "RedClara via MANLAN and AtlanticWave | AS:27750 [NO-MONITOR]";
vlan-id 456;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 200.0.207.10/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:1348:4:3::2/64;
}
}
unit 2130 {
description "Peer QATAR 2nd Connection via MAN LAN";
vlan-id 2130;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 86.36.105.178/30;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
unit 4003 {
encapsulation vlan-ccc;
vlan-id 4003;
}
}
ge-9/0/0 {
description "Observatory 1G via lan.newy32aoa:A21";
vlan-tagging;
mtu 9192;
unit 10 {
description "RackLan #1 Master Gateway";
vlan-id 10;
family inet {
filter {
output racklan-access;
}
address 64.57.24.254/24 {
vrrp-group 60 {
virtual-address 64.57.24.254;
priority 255;
preempt;
}
}
}
}
unit 12 {
description "NEWY Observatory 1G vlan";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:12::1/64;
address 2001:468:6:12::17:97/64;
}
}
}
ge-9/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.17.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:101::1/64;
address 2001:468:6:101::17:81/64;
}
}
}
ge-9/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.17.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:100::1/64;
address 2001:468:6:100::17:85/64;
}
}
}
xe-9/2/0 {
description "Observatory 10G via lan.newy32aoa:F2";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 11 {
description "NEWY Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:11::1/64;
address 2001:468:6:11::17:65/64;
}
}
unit 20 {
description "NEWT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.225/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:20::1/64;
address 2001:468:6:20::18:225/64;
}
}
unit 21 {
description "NEWT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.81/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:21::1/64;
address 2001:468:6:21::18:81/64;
}
}
unit 30 {
description "NEWY 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.81/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:30::1/64;
address 2001:468:6:30::23:81/64;
}
}
unit 31 {
description "NEWY 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.113/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:31::1/64;
address 2001:468:6:31::23:113/64;
}
}
unit 32 {
description "NEWY 100x100 NetFPGA";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.49/29;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.33/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:60::29:33/64;
address 2001:468:6:60::1/64;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
}
gr-9/3/0 {
/* IPv6-over-IPv4 Tunnel for Egypt/ENERGI */
unit 0 {
tunnel {
source 198.32.11.65;
destination 198.32.11.66;
}
family inet6 {
mtu 1414;
address 2001:468:ff:6c1::1/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.242/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0021.00;
address 49.0000.0000.0000.0030.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:6::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.242/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff06::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.71 {
port 4195;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:000f::/48;
route 2001:468:0006::/48;
route 2001:468:ff:0f00::/56;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
route 67.17.81.229/32 next-hop 64.208.110.185;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.242;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path NEWY->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path NEWY->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path NEWY->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path NEWY->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path NEWY->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path NEWY->LOSA {
to 64.57.28.248;
fast-reroute;
}
label-switched-path NEWY->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path NEWY->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
bgp {
log-updown;
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 192.5.89.221 {
description NOX;
import [ SANITY-IN SET-PREF NOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10578;
}
neighbor 199.109.4.153 {
description Nysernet;
import [ SANITY-IN SET-PREF NYSERNET-IN CONNECTOR-IN ];
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 LEAK-NMS1 ];
peer-as 3754;
}
neighbor 216.27.100.53 {
description MAGPI;
import [ SANITY-IN SET-PREF MAGPI-IN CONNECTOR-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
peer-as 10466;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:900:315::1 {
description "NYsernet-New York";
import [ SANITY6 SET-PREF NYSERNET-IN6 ];
/* export policy to allow more specifics for dual-homed load-balancing purposes */
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6-WITH-SPECIFICS ];
peer-as 3754;
}
neighbor 2001:468:ff:0646::1 {
description NOX;
import [ SANITY6 SET-PREF NOX-IN6 ];
Authentication Data Removed
peer-as 10578;
}
neighbor 2001:468:ff:0658::2 {
description MAGPI;
import [ SANITY6 SET-PREF MAGPI-IN6 ];
Authentication Data Removed
peer-as 10466;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.124.216.157 {
description "ESnet via MANLAN";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:15c6::2 {
description ESNET;
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.208.110.185 {
description "Commercial Global Crossing via Private Peering (Multicast Only) [NO-MONITOR]";
Authentication Data Removed
peer-as 3549;
}
}
inactive: group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 80.231.134.29 {
description QATAR;
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
neighbor 205.189.32.94 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 205.189.32.118 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 150.99.200.193 {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 198.32.11.66 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
neighbor 198.32.11.51 {
description "GEANT M160 via MANLAN 10GigE";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT ORIGINATE4 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.70 {
description "USLHCNet (CERN)";
Authentication Data Removed
peer-as 1297;
}
neighbor 211.79.48.157 {
description "TWAREN | AS:7539";
Authentication Data Removed
peer-as 7539;
}
neighbor 198.32.11.86 {
description CERN;
Authentication Data Removed
peer-as 513;
}
neighbor 64.57.28.66 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 200.0.207.9 {
description "RedCLARA via MANLAN and AtlanticWave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ESNET-TO-AMPATH ];
peer-as 27750;
}
neighbor 198.32.11.110 {
description "ANKABUT via MANLAN | AS:47862 [NO-MONITOR]";
family inet {
any {
prefix-limit {
maximum 5;
teardown 60;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 86.36.105.177 {
description "QATAR 2nd Connection [NO-MONITOR]";
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:410:101:23::1 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:410:101:24::1 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:468:ff:15c5::2 {
description GEANT;
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:E10:FFFF:307::1 {
description TWAREN;
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:6c2::2 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 2001:2f8:1:ff::d {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 2001:1348:4:3::1 {
description "RedCLARA via MANLAN and AtlanticWave";
import REJECT-ALL;
Authentication Data Removed
peer-as 27750;
}
neighbor 2001:468:ff:6c3::2 {
description "ANKABUT via ManLan | AS:47862 [NO-MONITOR]";
family inet6 {
any {
prefix-limit {
maximum 100;
teardown 95;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 2001:468:ff:6c1::2 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
remove-private;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 64.57.17.71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
local-address 64.57.17.65;
family inet {
unicast;
multicast;
}
cluster 64.57.17.65;
}
neighbor 2001:468:6:11::17:71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.242;
hold-time 65535;
family inet {
unicast;
}
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
group INTERNET2 {
type internal;
local-address 64.57.28.242;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:6::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group MULTICAST-ONLY {
type external;
metric-out igp;
import [ SANITY-LIST SET-LOCPREF-PEERS FROM-ITN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC 10GE */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 1001;
}
/* BACKBONE TO WASH 10GE #1 */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE TO WASH 10GE #2 */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 280;
}
interface xe-2/3/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* ESNET */
peer 134.55.3.3 {
local-address 198.124.216.158;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CAnet-Montreal */
peer 205.189.32.94 {
local-address 205.189.32.93;
}
/* CAnet-Toronto */
peer 205.189.32.118 {
local-address 205.189.32.117;
}
/* TWAREN via Manlan vlan 117 */
peer 211.79.48.157 {
local-address 211.79.48.158;
}
/* SURFnet via MANLAN */
peer 64.57.28.66 {
local-address 64.57.28.65;
}
/* GEANT 10GE via MANLAN */
peer 198.32.11.51 {
local-address 198.32.11.50;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* Nysernet */
peer 199.109.4.153 {
local-address 199.109.4.154;
}
/* NOX */
peer 192.5.89.221 {
local-address 192.5.89.222;
}
/* MAGPI */
peer 216.27.100.53 {
local-address 216.27.100.54;
}
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.242;
/* CHIC */
peer 64.57.28.241;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing (private peering) */
peer 67.17.81.229 {
local-address 64.208.110.186;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list NYSERNET-PARTICIPANT {
67.20.192.0/19;
67.99.160.0/21;
67.99.160.0/22;
67.99.168.0/22;
128.59.0.0/16;
128.84.0.0/16;
128.113.0.0/16;
128.113.11.0/24;
128.122.0.0/16;
128.151.0.0/16;
128.205.0.0/16;
128.213.0.0/16;
128.226.0.0/16;
128.228.0.0/16;
128.230.0.0/16;
128.253.0.0/16;
129.5.0.0/16;
129.21.0.0/16;
129.49.0.0/16;
129.161.0.0/16;
129.236.0.0/16;
130.245.0.0/16;
132.236.0.0/16;
134.74.0.0/16;
140.251.0.0/16;
146.95.0.0/16;
146.96.0.0/16;
146.111.0.0/16;
146.245.0.0/16;
148.84.0.0/16;
149.4.0.0/16;
149.125.0.0/16;
150.210.0.0/16;
156.111.0.0/16;
156.145.0.0/16;
157.139.0.0/16;
160.39.0.0/16;
163.238.0.0/16;
169.226.0.0/16;
192.5.43.0/24;
192.5.53.0/24;
192.12.82.0/24;
192.12.89.0/24;
192.12.90.0/24;
192.35.82.0/24;
192.35.210.0/24;
192.42.55.0/24;
192.76.177.0/24;
192.77.9.0/24;
192.77.173.0/24;
192.86.139.0/24;
198.61.16.0/20;
198.83.28.0/22;
198.83.112.0/20;
198.180.141.0/24;
199.89.214.0/24;
199.109.0.0/16;
199.109.2.0/24;
199.109.4.0/24;
199.109.5.0/24;
199.109.6.0/30;
199.109.8.0/22;
199.109.12.0/22;
199.109.16.0/22;
199.109.20.0/22;
199.109.24.0/22;
199.109.28.0/22;
199.109.32.0/22;
199.109.40.0/22;
199.109.44.0/22;
199.109.100.0/24;
199.109.200.0/21;
199.219.128.0/18;
199.219.192.0/20;
199.219.208.0/21;
199.219.216.0/24;
204.9.168.0/22;
204.168.181.0/24;
204.168.182.0/23;
204.168.184.0/21;
205.232.16.0/21;
207.10.4.0/24;
207.10.5.0/24;
207.10.6.0/24;
207.10.7.0/24;
207.10.196.0/24;
207.10.197.0/24;
207.10.198.0/24;
207.10.199.0/24;
207.127.120.0/21;
207.127.224.0/22;
207.159.192.0/18;
209.2.48.0/22;
209.2.54.0/23;
216.165.0.0/17;
}
prefix-list NYSERNET-CORPORATE {
129.34.0.0/16;
198.81.209.0/24;
198.83.46.0/24;
198.180.207.0/24;
198.182.248.0/24;
199.164.149.0/24;
199.181.149.0/24;
199.222.58.0/24;
199.222.59.0/24;
199.222.71.0/24;
204.107.83.0/24;
}
prefix-list NYSERNET-SPONSORED {
205.232.8.0/21;
209.2.160.0/21;
216.73.240.0/20;
}
prefix-list NYSERNET-SEGP {
38.96.188.0/24;
63.144.174.0/24;
63.144.175.0/24;
65.88.72.0/22;
65.88.88.0/23;
66.195.169.96/27;
67.99.185.0/24;
128.153.0.0/16;
129.85.0.0/16;
129.98.0.0/16;
137.143.0.0/16;
137.238.0.0/16;
138.92.0.0/16;
139.127.0.0/16;
146.203.0.0/16;
147.4.0.0/16;
148.100.0.0/16;
149.31.0.0/16;
149.123.0.0/16;
163.153.0.0/16;
168.169.0.0/16;
170.158.0.0/16;
170.161.0.0/16;
192.31.156.0/24;
192.33.253.0/24;
192.231.122.0/23;
192.231.124.0/23;
192.246.178.0/24;
192.246.224.0/22;
192.246.228.0/23;
192.246.231.0/24;
192.246.232.0/22;
192.246.235.0/24;
192.246.239.0/24;
192.246.253.0/24;
198.22.176.0/24;
198.105.32.0/20;
198.180.129.0/24;
198.199.181.0/24;
199.190.222.0/23;
199.190.224.0/23;
204.97.72.0/24;
204.168.248.0/21;
205.232.96.0/20;
207.10.8.0/21;
207.127.176.0/21;
216.162.16.0/20;
216.182.132.0/24;
216.182.136.0/22;
216.226.96.0/19;
}
prefix-list NYSERNET6-PARTICIPANT {
2001:468:900::/40;
2001:468:1100::/40;
2001:468:1508::/48;
2001:18d8::/32;
2607:F600::/32;
2620:0000:1A50::/48;
}
prefix-list NOX-PARTICIPANT {
12.0.48.0/20;
12.6.208.0/20;
18.0.0.0/8;
63.164.11.0/24;
/* Temporary route - remove after 08-11-08 - JD */
64.251.112.0/20;
65.112.0.0/20;
67.221.64.0/19;
72.164.152.0/24;
74.112.8.0/21;
75.130.96.0/24;
128.30.0.0/15;
128.36.0.0/16;
128.52.0.0/16;
128.103.0.0/16;
128.119.0.0/16;
128.148.0.0/16;
128.197.0.0/16;
129.10.0.0/16;
129.55.0.0/16;
129.64.0.0/16;
129.170.0.0/16;
130.64.0.0/16;
130.111.0.0/16;
130.132.0.0/16;
130.189.0.0/16;
130.215.0.0/16;
131.128.0.0/16;
131.142.0.0/16;
132.177.0.0/16;
132.183.0.0/16;
132.198.0.0/16;
134.174.0.0/16;
136.167.0.0/16;
136.244.0.0/16;
137.99.0.0/16;
138.16.0.0/16;
138.29.0.0/16;
140.234.0.0/16;
140.247.0.0/16;
141.133.0.0/16;
148.85.0.0/16;
155.33.0.0/16;
155.37.0.0/16;
155.41.0.0/16;
155.41.96.0/19;
155.41.128.0/17;
155.52.0.0/16;
160.79.139.0/24;
167.206.156.0/24;
168.122.0.0/16;
170.223.0.0/16;
192.5.66.0/24;
192.5.89.0/24;
192.5.136.0/22;
192.5.140.0/23;
192.5.206.0/23;
192.5.208.0/24;
192.5.224.0/24;
192.12.185.0/24;
192.12.186.0/23;
192.12.188.0/22;
192.26.149.0/24;
192.26.150.0/24;
192.52.61.0/24;
192.52.62.0/23;
192.52.64.0/23;
192.54.223.0/24;
192.54.224.0/24;
192.73.31.0/24;
192.80.66.0/24;
192.80.83.0/24;
192.131.102.0/24;
192.160.243.0/24;
192.160.244.0/24;
192.189.138.0/24;
192.231.246.0/24;
198.113.29.0/24;
199.93.245.0/24;
199.94.0.0/16;
199.94.32.0/19;
199.94.48.0/24;
204.8.152.0/21;
204.139.0.0/21;
204.167.52.0/24;
204.197.0.0/17;
207.188.245.0/24;
207.210.142.0/24;
207.210.143.0/24;
208.95.188.0/22;
208.247.102.0/24;
}
prefix-list NOX-CORPORATE {
167.216.167.0/26;
204.179.122.0/24;
}
prefix-list NOX-SPONSORED {
38.111.225.0/27;
66.9.106.224/27;
66.9.198.0/24;
66.9.199.0/24;
66.220.243.0/24;
68.112.227.0/24;
68.184.42.64/27;
128.128.0.0/16;
129.44.167.0/24;
131.229.0.0/16;
134.88.230.0/24;
134.88.231.0/24;
134.88.235.0/24;
138.110.0.0/16;
148.45.0.0/16;
158.65.0.0/16;
158.136.0.0/16;
192.80.61.0/24;
192.133.12.0/24;
192.133.83.0/24;
199.92.170.0/24;
}
prefix-list NOX-SEGP {
12.6.252.0/24;
12.16.126.192/26;
63.145.155.0/24;
64.45.64.0/18;
64.80.89.0/24;
64.147.48.0/20;
64.202.80.0/20;
64.251.48.0/20;
64.251.60.0/22;
64.254.160.0/20;
65.18.0.0/18;
65.18.64.0/19;
65.18.96.0/20;
66.181.224.0/20;
66.206.128.0/19;
66.218.144.0/20;
67.218.80.0/20;
69.16.0.0/17;
69.43.113.0/24;
69.43.114.0/24;
69.43.120.0/24;
69.173.64.0/18;
72.10.96.0/19;
72.19.64.0/18;
76.78.80.0/22;
129.5.0.0/16;
129.63.0.0/16;
129.133.0.0/16;
129.161.0.0/16;
131.109.0.0/16;
134.88.0.0/16;
134.181.0.0/16;
134.241.0.0/16;
134.241.27.0/24;
134.241.32.0/24;
134.241.140.0/22;
137.49.0.0/16;
137.146.0.0/16;
139.140.0.0/16;
140.232.0.0/16;
141.114.0.0/16;
146.189.0.0/16;
148.166.0.0/16;
149.130.0.0/16;
149.152.0.0/16;
155.36.0.0/16;
155.43.0.0/16;
155.47.0.0/16;
157.252.0.0/16;
158.121.0.0/16;
158.123.0.0/17;
158.123.128.0/17;
159.247.232.0/22;
159.247.236.0/23;
167.206.156.0/24;
169.244.0.0/16;
192.31.112.0/24;
192.31.236.0/24;
192.33.12.0/24;
192.43.249.0/24;
192.83.228.0/24;
192.101.188.0/24;
192.107.38.0/24;
192.107.134.0/24;
192.124.153.0/24;
192.132.64.0/24;
192.135.181.0/24;
192.136.22.0/24;
192.138.176.0/24;
192.138.177.0/24;
192.138.178.0/24;
192.152.243.0/24;
192.188.67.0/24;
192.195.196.0/24;
198.7.224.0/19;
198.102.172.0/24;
198.102.211.0/24;
198.148.217.0/24;
198.182.161.0/24;
198.182.162.0/23;
198.183.156.0/24;
198.202.151.0/24;
199.33.141.0/24;
199.184.247.0/24;
199.249.227.0/24;
204.17.79.64/27;
204.17.80.0/27;
205.172.224.0/22;
206.208.184.0/21;
207.159.160.0/19;
207.166.224.0/19;
207.210.128.0/19;
208.47.162.0/23;
208.47.164.0/23;
209.80.128.0/17;
209.166.112.0/20;
209.222.192.0/19;
216.19.112.0/20;
216.20.0.0/17;
216.87.96.0/19;
}
prefix-list NOX6-PARTICIPANT {
2001:468:600::/40;
2001:468:1e00::/40;
/* Worcester Polytec Inst */
2607:F5C0::/32;
/* Harvard */
2607:FB60::/32;
/* University of Main */
2610:48::/32;
2610:58::/32;
2620:0:650::/48;
2620:0:DF0::/48;
}
prefix-list MAGPI-PARTICIPANT {
12.161.8.0/21;
66.36.56.0/21;
66.180.176.0/20;
66.250.44.0/24;
128.4.0.0/16;
128.6.0.0/16;
128.91.0.0/16;
128.112.0.0/16;
128.175.0.0/16;
128.180.0.0/16;
128.235.0.0/16;
129.25.0.0/16;
129.32.0.0/16;
130.91.0.0/16;
130.219.0.0/16;
140.180.0.0/16;
140.208.0.0/16;
144.118.0.0/16;
147.31.0.0/16;
149.150.0.0/16;
155.247.0.0/16;
158.130.0.0/16;
159.14.0.0/16;
165.123.0.0/16;
165.230.0.0/16;
192.12.88.0/24;
192.76.178.0/24;
192.84.2.0/24;
198.32.42.0/24;
198.32.242.128/25;
198.151.130.0/24;
199.65.255.0/24;
204.52.215.0/24;
204.153.48.0/22;
205.172.164.0/24;
216.27.97.0/24;
216.27.99.0/24;
216.27.100.0/22;
216.27.100.0/23;
}
prefix-list MAGPI-CORPORATE {
12.144.59.0/24;
}
prefix-list MAGPI-SPONSORED {
12.151.0.0/23;
12.151.1.0/24;
38.115.60.0/24;
66.28.32.0/23;
131.249.0.0/16;
147.140.0.0/16;
153.104.0.0/16;
167.21.180.0/22;
167.21.184.0/22;
192.231.162.0/23;
192.231.164.0/24;
192.231.210.0/24;
198.138.53.0/24;
198.138.54.0/23;
198.138.56.0/22;
198.138.60.0/24;
204.14.12.0/22;
204.75.178.0/24;
204.108.128.0/17;
207.103.37.0/24;
207.103.38.0/24;
207.103.55.0/24;
207.103.56.0/24;
207.103.72.0/24;
207.103.89.0/24;
207.103.90.0/24;
207.103.91.0/24;
207.103.189.0/24;
207.103.190.0/24;
207.103.191.0/24;
207.103.192.0/24;
207.103.218.0/24;
207.103.219.0/24;
209.18.48.0/20;
209.50.137.0/24;
209.50.138.0/24;
209.71.5.0/24;
209.71.6.0/24;
209.71.7.0/24;
209.71.10.0/24;
209.71.25.0/24;
209.71.46.0/24;
216.27.98.0/23;
216.27.102.0/24;
216.162.80.0/20;
216.228.128.0/20;
}
prefix-list MAGPI-SEGP {
8.10.208.0/24;
65.170.110.0/24;
65.194.220.0/22;
65.194.224.0/24;
66.17.183.0/24;
67.200.60.0/24;
67.200.61.0/24;
67.200.63.0/24;
72.2.96.0/20;
74.116.20.0/22;
74.214.96.0/19;
76.74.64.0/24;
76.74.65.0/24;
76.74.66.0/24;
76.74.67.0/24;
76.74.68.0/24;
76.74.69.0/24;
76.74.70.0/24;
76.74.71.0/24;
76.74.72.0/24;
76.74.73.0/24;
76.74.77.0/24;
130.68.0.0/16;
130.156.0.0/16;
131.125.0.0/16;
132.238.0.0/16;
134.198.0.0/16;
134.210.0.0/16;
139.147.0.0/16;
146.94.0.0/16;
147.106.0.0/16;
149.150.0.0/16;
149.151.0.0/16;
150.250.0.0/16;
151.198.52.0/24;
151.198.208.96/27;
155.246.0.0/16;
159.91.0.0/16;
167.21.6.0/24;
167.21.7.0/24;
167.21.8.0/24;
167.21.9.0/24;
167.21.254.0/24;
170.235.0.0/16;
192.16.204.0/24;
192.100.64.0/24;
192.107.43.0/24;
192.107.45.0/24;
192.107.108.0/24;
192.108.16.0/24;
192.108.106.0/24;
192.112.54.0/24;
192.133.105.0/24;
192.135.209.0/24;
192.150.150.0/24;
192.154.128.0/23;
192.154.130.0/24;
192.231.202.0/24;
192.231.207.0/24;
192.245.88.0/24;
198.22.129.0/24;
198.133.170.0/24;
198.138.207.0/24;
198.138.208.0/23;
198.138.210.0/24;
198.244.0.0/21;
198.244.8.0/23;
199.2.216.0/24;
204.13.204.0/22;
204.96.142.0/24;
204.96.143.0/24;
204.108.251.0/24;
204.108.251.0/25;
204.108.251.128/25;
204.139.52.0/22;
204.143.61.0/24;
204.143.62.0/23;
204.143.64.0/22;
204.143.68.0/24;
204.152.148.0/23;
204.186.48.64/27;
204.186.79.96/27;
204.186.112.0/27;
204.186.112.32/27;
204.186.112.64/27;
204.186.135.0/24;
204.186.151.0/24;
204.186.159.0/24;
204.186.161.0/24;
204.186.174.0/24;
204.186.191.128/27;
205.173.168.0/21;
205.174.96.0/20;
205.235.32.0/19;
205.238.205.0/24;
205.247.245.0/24;
206.82.16.0/20;
206.219.64.0/19;
207.200.160.0/20;
207.200.170.0/24;
207.200.171.0/24;
208.67.140.0/22;
208.70.120.0/22;
208.73.176.0/22;
208.82.152.0/21;
208.87.76.0/24;
208.87.77.0/24;
208.87.78.0/24;
208.87.79.0/24;
209.50.141.32/27;
209.50.150.128/26;
209.50.152.0/25;
209.50.153.32/27;
209.50.153.96/27;
209.50.153.160/27;
209.50.153.224/27;
209.173.1.96/27;
209.173.1.192/27;
209.173.4.0/27;
209.173.6.128/25;
209.173.7.96/27;
209.173.10.32/27;
209.173.11.0/27;
209.173.14.160/27;
209.173.14.192/27;
209.173.16.0/24;
209.173.17.64/26;
209.173.17.192/26;
209.173.18.0/24;
209.242.176.0/20;
216.27.98.0/23;
216.144.162.64/27;
216.144.170.0/26;
216.144.170.64/27;
216.144.171.160/27;
216.144.171.192/27;
216.158.60.0/24;
216.162.80.0/20;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list MAGPI-PARTICIPANT6 {
2001:468:1800::/40;
2607:F3B0::/32;
2607:F470::/32;
2620:0:D60::/46;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAGPI-CPS {
128.91.0.0/16;
128.180.0.0/16;
130.91.0.0/16;
158.130.0.0/16;
165.123.0.0/16;
198.32.42.0/24;
216.27.100.0/23;
}
prefix-list QUERY-HOSTS;
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Resolver */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* DNS Resolver */
134.68.1.9/32;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
134.68.220.127/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hosts */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
140.182.45.56/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
/* NEWY 111 8th Racklan */
149.165.253.0/28;
/* VPN Groups */
156.56.175.0/27;
156.56.245.1/32;
156.56.247.193/32;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OARNETRACKLAN-ACCESS {
192.148.251.0/24;
199.18.152.96/28;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list NOC-PARTICIPANT;
prefix-list MANLAN-ACCESS {
64.57.16.0/20;
129.79.5.18/32;
129.79.5.100/32;
129.79.5.225/32;
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
134.68.1.9/32;
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hoss */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* radius3.grnoc.iu.edu */
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* radius2.grnoc.iu.edu */
140.182.45.56/32;
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
156.56.175.0/27;
192.12.206.196/32;
192.12.206.228/32;
}
prefix-list GOOGLE-PARTICIPANT6 {
2001:4860:1::/48;
}
prefix-list KAN-ED-2-SCHOOLS {
68.225.152.0/24;
70.165.96.0/23;
70.165.102.0/23;
70.183.128.0/21;
98.175.200.0/24;
}
policy-statement ADD-GBLX-NY-COMM {
term add-comm {
then {
community add GBLX-NY;
next policy;
}
}
}
policy-statement AMPATH-TO-ESNET {
term FROM-REACCIUN {
from as-path REACCIUN;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-ANSP {
from as-path ANSP;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-RETINA {
from as-path RETINA;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement BLOCK-COMM-ASN {
term block-commercial-as {
from as-path COMMERCIAL;
then reject;
}
then next policy;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS12989-OUT {
term match {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13030-OUT {
term match {
from community CPS-AS13030-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15412-OUT {
term match {
from community CPS-AS15412-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1784-OUT {
term match {
from community CPS-AS1784-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22773-OUT {
term match {
from community CPS-AS22773-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS29791-OUT {
term match {
from community CPS-AS29791-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term match {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term match {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36619-OUT {
term match {
from community CPS-AS36619-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term match {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term match {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term match {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6102-OUT {
term match {
from community CPS-AS6102-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term match {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term match {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS812-OUT {
term match {
from community CPS-AS812-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9505-OUT {
term match {
from community CPS-AS9505-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-COX-IN-EXCEPTION {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term prepend-KanEd {
from {
prefix-list-filter KAN-ED-2-SCHOOLS orlonger;
}
then {
as-path-prepend "11537 11537 11537";
next term;
}
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-GOOGLE-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter GOOGLE-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MAGPI-CPS orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
prefix-list-filter NOX-SPONSORED orlonger;
prefix-list-filter NOX-SEGP orlonger;
prefix-list-filter NOX-CORPORATE orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement GEANT-LOWER-PREF {
term depref {
then {
local-preference 40;
next policy;
}
}
}
policy-statement GEANT-TO-ESNET {
term FROM-GEANT {
from as-path GEANT;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement IFTN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
community add IFTN;
accept;
}
}
}
policy-statement IFTN-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-multicast {
from {
protocol bgp;
rib inet.2;
}
then accept;
}
term block {
from {
protocol bgp;
community [ NONITN CONNECTOR-ONLY ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement IU_to_TU-DRESDEN {
term TU-DRESDEN {
from {
route-filter 141.30.0.0/16 exact;
}
then {
local-preference 200;
next policy;
}
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement MAGPI-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAGPI-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter MAGPI-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAGPI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter MAGPI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term segp-exception {
from {
protocol bgp;
route-filter 208.67.140.0/30 exact;
}
then {
community add SEGP;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MAGPI-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NEXT-v4-v6-self {
from protocol bgp;
then {
next-hop 198.32.9.193;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NOX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NOX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NOX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NOX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement NREN-TO-GEANT {
term FROM {
from as-path NREN;
then accept;
}
}
policy-statement NYSERNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NYSERNET-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NYSERNET-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NYSERNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NYSERNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant-exception {
from {
protocol bgp;
route-filter 199.109.200.0/21 upto /28;
}
then next policy;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NYSERNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
/* Redistribute aggregates from static into BGP - do not block more specifics */
policy-statement ORIGINATE6-WITH-SPECIFICS {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
}
policy-statement PREF-IEEAF-12 {
then {
metric 2;
}
}
policy-statement PREF-IEEAF-192 {
then {
metric 1;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
policy-statement REMOVE-GBXv6 {
/* remove global-crossing v6 advertisements to geant--ticket 8032 */
term is-gbx {
from as-path GBX;
then reject;
}
term not-gbx {
then next term;
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-BACKUP {
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
/* USGS ITN routes allowed to GEANT per UCAID 12231:45 */
policy-statement USGS-TO-GEANT {
term FROM-USGS {
from as-path USGS;
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1500::/56 longer;
route-filter 2001:468:0015::/48 longer;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-1/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS12989-OUT members *:12989;
community CPS-AS13030-OUT members *:13030;
community CPS-AS15169-OUT members *:15169;
community CPS-AS15412-OUT members *:15412;
community CPS-AS1784-OUT members *:1784;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS29791-OUT members *:29791;
community CPS-AS32934-OUT members *:32934;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36619-OUT members *:36619;
community CPS-AS4436-OUT members *:4436;
community CPS-AS4565-OUT members *:4565;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6102-OUT members *:6102;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8075-OUT members *:8075;
community CPS-AS812-OUT members *:812;
community CPS-AS9505-OUT members *:9505;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community GBLX-NY members 11537:23549;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL-IGRID ".*1.* | .*174.* | .*209.* | .*701.* | .*1239.* | .*1673.* | .*1740.* | .*1800.* | .*1833.* | .*2551.* | .*2548.* | .*2685.* | .*2914.* | .*3549.* | .*3561.* | .*3847.* | .*3951.* | .*3967.* | .*4183.* | .*4200.* | .*5683.* | .*6113.* | .*6172.* | .*6461.* | .*7018.*";
as-path COMM1 .*3265.*;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
/* temporary for ESNET->GEANT advertisements */
as-path ESNET "293 .*";
as-path ABILENE ".* 11537 .*";
as-path GEANT "20965 .*";
as-path REACCIUN "20312 .*";
as-path ANSP "1251 .*";
as-path RETINA "3597 .*";
as-path GBX ".* 3549 .*";
as-path NREN "24 .*";
as-path NLR ".* 19401 .*";
as-path USGS "1842 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
Firewall Stanza Removed removed
wash
## Last commit: 2009-09-23 20:27:48 UTC by cdavisal
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name WASH-re0;
}
}
re1 {
system {
host-name WASH-re1;
}
}
MSDP-STRICT {
protocols {
msdp {
group CONNECTOR {
peer <*> {
active-source-limit {
maximum 2000;
threshold 1800;
}
}
}
group ITN {
peer <*> {
active-source-limit {
maximum 500;
threshold 450;
}
}
}
group FEDNET {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
group NONITN {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
source-address 64.57.28.249;
}
140.182.44.69 {
source-address 64.57.28.249;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH 10GE | I2-CHIC-WASH-10GE-05250";
family inet {
address 64.57.28.13/31;
}
family inet6 {
address 2001:468:ff:0209::1/64;
}
}
}
xe-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.19/31;
}
family inet6 {
address 2001:468:ff:906::2/64;
}
}
}
xe-0/2/0 {
description "[CPS] Equinix Ashburn Switch for public peerings";
vlan-tagging;
mtu 9134;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 61 {
description "Mgmt vlan to CPS equinix ashburn";
vlan-id 61;
family inet {
mtu 9000;
address 64.57.28.209/28;
}
}
unit 62 {
description "[CPS] Equinix Public Peering at Ashburn";
vlan-id 62;
family inet {
mtu 1500;
address 206.223.115.131/24;
}
family inet6 {
address 2001:504:0:2::1:1537:1/64;
}
}
}
xe-0/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Merit via Internet2 DWS | I2-CLEV-WASH-10GE-004179";
vlan-tagging;
mtu 9192;
unit 352 {
description "OSCnet mcast-only peering vlan";
vlan-id 352;
family inet {
mtu 9000;
address 199.18.156.242/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:9c2::1/64;
}
}
unit 359 {
description "OSCnet R&E VLAN";
vlan-id 359;
family inet {
mtu 9000;
address 192.88.192.138/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:d4b::1/64;
}
}
unit 921 {
description "OSCnet [CPS]";
vlan-id 921;
family inet {
mtu 9000;
address 199.18.156.246/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:d4b::1/64;
}
}
unit 1004 {
description "Merit R&E via Cleveland";
vlan-id 1004;
family inet {
mtu 9000;
address 192.122.183.10/30;
}
family inet6 {
address 2001:468:ff:954::1/64;
}
}
unit 1005 {
description "[CPS] Merit via Cleveland";
vlan-id 1005;
family inet {
mtu 9000;
address 198.109.37.22/30;
}
family inet6 {
address 2001:468:ffff:954::1/64;
}
}
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE | I2-ATLA-WASH-10GE-05133";
family inet {
address 64.57.28.59/31;
}
family inet6 {
address 2001:468:ff:0901::2/64;
}
}
}
xe-1/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE B | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.75/31;
}
family inet6 {
address 2001:468:ff:6f9::2/64;
}
}
}
xe-1/2/0 {
description "[CPS] Equinix Ashburn Switch for private peerings";
vlan-tagging;
mtu 9134;
unit 15 {
description "[CPS] Google 10GE PNI via Ashburn";
vlan-id 15;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.78/31;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:19ff::1/64;
}
}
unit 16 {
description "[CPS] LimeLight 10GE PNI [NO-MONITOR]";
vlan-id 16;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.81/30;
}
}
unit 17 {
description "[CPS] Akamai 10GE PNI via Ashburn [NO-MONITOR]";
vlan-id 17;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.85/30;
}
}
}
xe-1/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Mid-Atlantic Crossroads (MAX)";
vlan-tagging;
mtu 9192;
framing {
lan-phy;
}
unit 263 {
description "Mid-Atlantic Crossroads (MAX)";
vlan-id 263;
family inet {
mtu 9000;
address 206.196.178.46/30;
}
family inet6 {
mtu 9000;
address 2001:468:c00:ffee::2/64;
}
}
unit 264 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) Primary IPv6";
vlan-id 264;
family inet6 {
address 2001:468:ffff:9c4::1/64;
}
}
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE B | I2-ATLA-WASH-10GE-05251";
family inet {
address 64.57.28.7/31;
}
family inet6 {
address 2001:468:ff:109::2/64;
}
}
}
xe-2/1/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "NGIX-EAST via Movaz LVL3->CLPK";
vlan-tagging;
mtu 9192;
unit 88 {
description "redCLARA via NGIX and AWave-FIU";
vlan-id 88;
family inet {
mtu 9100;
filter {
input connector-in;
}
address 198.32.11.105/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c5::1/64;
}
}
unit 98 {
description "RNP via Atlantic Wave";
vlan-id 98;
family inet {
mtu 9000;
address 64.57.28.61/30;
}
}
unit 166 {
description "NREN via UMD NGIX | AS24";
vlan-id 166;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.32.11.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c2::1/64;
}
}
unit 183 {
description "MAX backup peering via NGIX-East";
vlan-id 183;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 206.196.177.106/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:185c::1/64;
}
}
unit 187 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) via NGIX-East Backup IPv6";
vlan-id 187;
family inet6 {
address 2001:468:ffff:185c::1/64;
}
}
unit 194 {
description "ESNET via NGIX";
vlan-id 194;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.124.194.10/30;
}
}
unit 195 {
description "ESNET IPv6 via NGIX";
vlan-id 195;
family inet6 {
mtu 9000;
address 2001:468:ff:9c3::1/64;
}
}
unit 202 {
description "GEANT (Frankfurt OC-192)";
vlan-id 202;
family inet {
mtu 9000;
filter {
input connector-in-from-geant;
}
address 62.40.125.18/30;
}
family inet6 {
mtu 9000;
address 2001:0798:0014:10AA::12/126;
}
}
unit 297 {
description "NISN (via UMD NGIX) | AS:297";
vlan-id 173;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 192.84.8.254/30;
}
}
unit 668 {
description "DREN - Washington DC | AS:668";
vlan-id 174;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c4::1/64;
}
}
unit 669 {
description "Wright-Patterson AFB/Wright State Univ ctr in Dayton via DREN";
vlan-id 164;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.42/30;
}
}
unit 901 {
description "NREN backup via NGIX | AS24";
vlan-id 901;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 64.57.28.40/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:09c1::1/64;
}
}
unit 987 {
description "DREN v6-only, AS668";
vlan-id 987;
family inet {
mtu 1500;
address 10.254.254.9/31;
}
family inet6 {
mtu 1500;
address 2001:468:ff:18c3::1/64;
}
}
unit 1842 {
description "US Geological Survey ( via UMD NGIX)) | AS:1842";
vlan-id 162;
family inet {
mtu 4470;
filter {
input connector-in;
}
address 137.227.2.182/30;
}
}
}
xe-2/3/0 {
apply-groups INTERFACE-CONNECTOR;
description mss.wash.net.internet2.edu:1-A-7-1-1;
vlan-tagging;
mtu 9192;
unit 3 {
description "Drexel University IPv4 R&E [I2-PHIL-WASH-VLAN-04191]";
vlan-id 3;
family inet {
mtu 9000;
address 204.238.76.6/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0960::1/64;
}
}
unit 4 {
description "[CPS] Drexel University [I2-PHIL-WASH-VLAN-04525]";
vlan-id 4;
family inet {
mtu 9000;
address 204.238.76.2/30;
}
}
unit 5 {
description "[CPS] Drexel University IPv6 [I2-PHIL-WASH-VLAN-04526]";
vlan-id 5;
family inet6 {
mtu 9000;
address 2001:468:ffff:960::1/64;
}
}
unit 506 {
description "3ROX/PSC IPv4 R&E [I2-PITT-WASH-VLAN-04178]";
vlan-id 506;
family inet {
mtu 9000;
address 192.88.115.25/31;
}
family inet6 {
address 2001:5e8:0:fffd:0:2:2:2/120;
}
}
unit 507 {
description "[CPS] 3ROX/PSC [I2-PITT-WASH-VLAN-04225]";
vlan-id 507;
family inet {
mtu 1500;
address 192.88.115.117/31;
}
}
unit 509 {
description "[CPS] 3ROX/PSC IPv6 [I2-PITT-WASH-VLAN-04224]";
vlan-id 509;
family inet6 {
mtu 1500;
address 2001:5E8:0:FFFD:0:2:3:2/120;
}
}
}
ge-9/0/0 {
description "Observatory 1G via lan.wash:C23";
vlan-tagging;
mtu 9192;
unit 12 {
description "Observatory 1G VLAN";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.33/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:12::1/64;
address 2001:468:9:12::16:33/64;
}
}
}
ge-9/0/1 {
mtu 9192;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.16.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:101::1/64;
address 2001:468:9:101::16:17/64;
}
}
}
ge-9/0/2 {
mtu 9192;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.16.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:100::1/64;
address 2001:468:9:100::16:21/64;
}
}
}
ge-9/0/3 {
description "NOT IN USE [NO-MONITOR]";
}
ge-9/1/0 {
apply-groups INTERFACE-CONNECTOR;
unit 0 {
description "NSF DRAGON";
family inet {
address 140.173.1.238/30;
}
}
}
ge-9/1/1 {
description "NOT IN USE [NO-MONITOR]";
}
xe-9/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Observatory 10GE to HP5406zl B3";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description WASH-OOB;
vlan-id 10;
family inet {
address 64.57.24.254/24;
}
}
unit 11 {
description "WASH Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:11::1/64;
address 2001:468:9:11::16:1/64;
}
}
unit 13 {
description "HOPI WASH Management";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.23.1/28;
}
}
unit 20 {
description "WASH VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.249/29;
}
}
unit 21 {
description "WASH VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.129/28;
}
}
unit 30 {
description "WASH SPP Port 8";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.193/30 {
arp 64.57.23.194 mac 00:00:5e:04:aa:08;
}
}
}
unit 31 {
description "WASH SPP Port 9";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.197/30 {
arp 64.57.23.198 mac 00:00:5e:04:aa:09;
}
}
}
unit 32 {
description "WASH SPP Port 10";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.201/30 {
arp 64.57.23.202 mac 00:00:5e:04:aa:0a;
}
}
}
unit 33 {
description "WASH GENI Mgmt network";
vlan-id 33;
family inet {
mtu 9000;
address 64.57.23.161/28;
}
}
unit 40 {
description "WASH 100x100 Inband";
vlan-id 40;
family inet {
mtu 9000;
address 64.57.23.89/29;
}
}
unit 41 {
description "WASH 100x100 NetFPGA ";
vlan-id 41;
family inet {
mtu 9000;
address 64.57.23.57/29;
}
}
unit 42 {
description "WASH 100x100 Mgmt";
vlan-id 42;
family inet {
mtu 9000;
address 64.57.23.121/29;
}
}
unit 50 {
description "ISIS vlan";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.37/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:60::29:37/64;
address 2001:468:9:60::1/64;
}
}
}
dsc {
unit 0 {
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.249/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0300.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:9::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.249/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff09::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.4 {
port 4196;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1200::/56;
route 2001:468:0012::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.249;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path WASH->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path WASH->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path WASH->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path WASH->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path WASH->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path WASH->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path WASH->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path WASH->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.249;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:9::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 64.57.16.4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 64.57.16.1;
family inet {
unicast;
multicast;
}
cluster 64.57.16.1;
}
neighbor 2001:468:9:11::16:4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 2001:468:9:11::1;
family inet6 {
unicast;
multicast;
}
}
neighbor 134.68.246.51 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
multihop {
ttl 10;
}
local-address 64.57.28.249;
hold-time 65535;
family inet {
unicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 206.196.178.45 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 192.88.192.137 {
description OSCnet;
import [ SANITY-IN SET-PREF OARNET-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 3112;
}
neighbor 204.238.76.5 {
description "Drexel University";
import [ SANITY-IN SET-PREF DREXEL-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 36412;
}
neighbor 192.88.115.24 {
description 3ROX;
import [ SANITY-IN SET-PREF PSC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 5050;
}
neighbor 206.196.177.105 {
description "Mid-Atlantic Crossroads BACKUP peering through NGIX-East";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 138.18.47.41 {
description "Wright State Univ campus inside of Wright-Patterson AFB, Dayton, through DREN/MCI";
import [ SANITY-IN SET-PREF WSU-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 668;
}
neighbor 199.18.156.241 {
description "OSCnet mcast-only for their non-I2 customers";
import [ SANITY-IN SET-PREF OARNET-MULTICAST-IN ];
family inet {
multicast;
}
Authentication Data Removed
peer-as 600;
}
neighbor 192.122.183.9 {
description "MERIT via CLEV R&E";
import [ SANITY-IN SET-PREF MERIT-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 237;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:c00:ffee::1 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
/* turned down temporarily - see ticket 10397 */
inactive: neighbor 2001:468:ff:d4b::2 {
description OSCnet;
import [ SANITY6 SET-PREF OARNET-IN6 ];
Authentication Data Removed
peer-as 3112;
}
neighbor 2001:5e8:0:fffd:0:2:2:1 {
description "Three Rivers Optical Exchange (3ROX)";
import [ SANITY6 SET-PREF PSC-IN6 ];
Authentication Data Removed
peer-as 5050;
}
neighbor 2001:468:ff:185c::2 {
description "Mid-Atlantic Crossroads BACKUP via NGIX-E";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
neighbor 2001:468:ff:0960::2 {
description Drexel;
import [ SANITY6 SET-PREF DREXEL-IN6 ];
Authentication Data Removed
peer-as 36412;
}
neighbor 2001:468:ff:9c2::2 {
description "OSCnet IPv6 Multicast";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 600;
}
neighbor 2001:468:ff:954::2 {
description "Merit R&E IPv6 via WASH";
import [ SANITY6 SET-PREF MERIT-IN6 ];
Authentication Data Removed
peer-as 237;
}
}
inactive: group ISP-MCAST {
import [ SANITY-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 140.173.1.237 {
description DRAGON;
/* treated as a connector */
import [ SANITY-IN SET-PREF DRAGON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7082;
include-mp-next-hop;
}
neighbor 192.84.8.253 {
description NISN;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FROM-CUDI FEDNET-OUT ];
peer-as 297;
}
neighbor 138.18.47.33 {
description "Dren (Worldcom via UMD NGIX)";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.22 {
description "NREN-Goddard via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 64.57.28.41 {
description "NREN-McLEAN via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 198.124.194.9 {
description "ESNET via NGIX";
Authentication Data Removed
peer-as 293;
}
neighbor 137.227.2.181 {
description "US Geological Survey";
Authentication Data Removed
peer-as 22284;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
/* ESNET routes exported to GEANT as backup per UCAID agreement with Dante */
neighbor 62.40.125.17 {
description "GEANT (Frankfurt) via MAX";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ DATATAG-DEMO SANITY-OUT ORIGINATE4 ORIGINATE6 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.106 {
description "redCLARA via NGIX and Awave-FIU";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 27750;
}
neighbor 64.57.28.62 {
description "RNP via Atlantic Wave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 1916;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:0798:0014:10AA::11 {
description "GEANT - Frankfurt IPv6";
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:468:ff:18c5::2 {
description "redCLARA via NGIX & Awave-FIU";
Authentication Data Removed
peer-as 27750;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:18c2::2 {
description "NREN-Goddard via NGIX";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:18c4::2 {
description "DREN network";
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:09c1::2 {
description "NREN-McLean via NGIX & Dragon";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:9c3::2 {
description "ESNET IPv6 via NGIX";
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 905;
}
/* BACKBONE TO NEWY: R&E Only */
interface xe-0/1/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE to ATLA: CPS Primary and R&E Failover */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 701;
}
/* BACKBONE TO NEWY: CPS Primary and R&E Failover */
interface xe-1/1/0.0 {
level 1 disable;
level 2 metric 280;
}
/* BACKBONE to ATLA: R&E Only */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 700;
}
/* Run IS-IS Passively on all interface */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.249;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* MAX */
peer 206.196.178.45 {
local-address 206.196.178.46;
}
/* OARNET */
peer 192.88.192.137 {
local-address 192.88.192.138;
}
/* OARNET MCAST-ONLY */
peer 199.18.156.241 {
local-address 199.18.156.242;
}
/* MAX backup peering via NGIX-E */
peer 206.196.177.105 {
local-address 206.196.177.106;
}
/* Drexel University */
peer 204.238.76.5 {
local-address 204.238.76.6;
}
/* Three Rivers Optical Exchange (3ROX) */
peer 192.88.115.24 {
local-address 192.88.115.25;
}
/* MERIT */
peer 192.122.183.9 {
local-address 192.122.183.10;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN (via NGIX-E) */
peer 192.84.8.253 {
local-address 192.84.8.254;
}
/* DREN (via NGIX-E) */
peer 138.18.9.253 {
local-address 138.18.47.34;
}
/* NREN (via NGIX-E) */
peer 198.32.11.22 {
local-address 198.32.11.21;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CLARA via NGIX-AWave */
peer 198.32.11.106 {
local-address 198.32.11.105;
}
/* RNP via Atlantic Wave */
peer 64.57.28.62 {
local-address 64.57.28.61;
}
/* GEANT - Frankfort */
peer 62.40.125.17 {
local-address 62.40.125.18;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
134.68.107.113/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list INGIG;
prefix-list CPS-INGIG {
/* Ball State University */
12.159.195.0/24;
/* Ball State University */
12.159.206.0/23;
/* Ball State University */
12.159.209.0/24;
/* Monroe County Community School Corporation */
66.244.122.0/23;
/* Purdue University Calumet */
69.51.160.0/19;
/* CSPAN Archives */
72.12.215.0/24;
/* Purdue University */
128.10.0.0/16;
/* Purdue University */
128.46.0.0/16;
/* Purdue University */
128.210.0.0/16;
/* Purdue University */
128.211.0.0/16;
/* Indiana University */
129.79.0.0/16;
/* Saint Joseph's College */
131.93.0.0/16;
/* Indiana University */
134.68.0.0/16;
/* Indiana State University */
139.102.0.0/16;
/* Indiana University */
140.182.0.0/16;
/* Saint Mary's College */
147.53.0.0/16;
/* Ball State University */
147.226.0.0/16;
/* Indiana University */
149.159.0.0/16;
/* Indiana University */
149.160.0.0/14;
/* Indiana University */
149.164.0.0/16;
/* Indiana University */
149.165.0.0/16;
/* Indiana University */
149.166.0.0/16;
/* Valparaiso University */
152.228.0.0/16;
/* Indiana University */
156.56.0.0/16;
/* IHETS */
157.91.0.0/16;
/* Earlham College */
159.28.0.0/16;
/* Vincennes University */
159.218.0.0/16;
/* DePauw University */
163.120.0.0/16;
/* Purdue University North Central */
163.245.0.0/16;
/* IHETS */
165.138.0.0/16;
/* IHETS */
165.139.0.0/16;
/* Indianapolis Public Schools */
167.217.0.0/16;
/* IVYTech Community College of Indiana */
168.91.0.0/16;
/* Indiana Purdue Fort Wayne */
168.102.0.0/17;
/* State of Indiana */
192.104.19.0/24;
/* University of Indianapolis */
192.146.191.0/24;
/* University of Indianapolis */
192.146.192.0/24;
/* Manchester College */
192.189.3.0/24;
/* Hanover College */
192.200.128.0/21;
/* University of Southern Indiana */
192.206.9.0/24;
/* University of Southern Indiana */
192.206.10.0/23;
/* Franklin College of Indiana */
192.207.174.0/23;
/* Franklin College of Indiana */
192.207.176.0/23;
/* Franklin College of Indiana */
192.207.178.0/24;
/* Goshen College */
198.51.243.0/24;
/* Goshen College */
198.51.244.0/24;
/* Private Academic Library Network of Indiana */
198.62.84.0/24;
/* Tri-State University */
198.62.98.0/24;
/* IHETS */
199.8.0.0/16;
/* Purdue University - Agriculture Information Technology */
204.52.32.0/20;
/* Purdue University - Agriculture Information Technology */
204.52.48.0/20;
/* Vigo County School Corp. */
205.137.32.0/20;
/* Purdue University Calumet */
205.215.64.0/18;
/* Indiana State Library */
208.119.0.0/16;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAX-PARTICIPANT {
63.164.28.0/22;
63.171.236.0/24;
63.239.135.0/24;
65.113.61.0/24;
65.114.168.0/24;
65.114.169.0/24;
65.123.202.0/24;
65.160.123.0/24;
65.162.18.0/23;
65.172.14.0/24;
65.172.70.0/24;
66.208.61.0/24;
128.8.0.0/16;
128.82.0.0/16;
128.143.0.0/16;
128.150.0.0/16;
128.164.0.0/16;
128.172.0.0/16;
128.173.0.0/16;
128.177.16.0/23;
128.177.18.0/24;
128.220.0.0/16;
128.231.0.0/16;
128.239.0.0/16;
128.244.0.0/16;
129.2.0.0/16;
129.43.0.0/16;
129.165.0.0/16;
129.174.0.0/16;
130.14.0.0/16;
130.129.0.0/16;
134.231.0.0/16;
136.242.0.0/16;
137.54.0.0/16;
137.187.0.0/16;
137.198.0.0/16;
138.220.0.0/16;
139.70.0.0/16;
140.90.0.0/16;
140.147.0.0/16;
140.173.153.0/29;
140.173.170.0/24;
140.173.174.0/26;
140.173.180.0/24;
141.142.204.0/24;
141.161.0.0/16;
141.166.0.0/16;
147.9.0.0/16;
148.129.0.0/16;
148.129.64.0/19;
148.129.128.0/19;
152.130.0.0/16;
155.206.0.0/16;
156.40.0.0/16;
157.98.0.0/16;
159.230.0.0/16;
161.253.0.0/16;
162.99.224.0/19;
162.129.0.0/16;
164.106.0.0/16;
164.114.0.0/16;
165.112.0.0/16;
167.102.0.0/16;
169.154.0.0/17;
169.154.128.0/17;
170.93.0.0/16;
170.99.0.0/16;
192.5.215.0/24;
192.12.209.0/24;
192.26.10.0/24;
192.35.48.0/24;
192.35.49.0/24;
192.35.129.0/24;
192.52.179.0/24;
192.54.96.0/24;
192.58.3.0/24;
192.58.232.0/24;
192.64.69.0/24;
192.70.187.0/24;
192.86.97.0/24;
192.86.98.0/24;
192.86.99.0/24;
192.86.100.0/24;
192.86.101.0/24;
192.86.102.0/24;
192.86.103.0/24;
192.86.104.0/24;
192.86.105.0/24;
192.86.106.0/24;
192.102.88.0/24;
192.107.190.0/24;
192.107.195.0/24;
192.124.118.0/24;
192.153.43.0/24;
192.156.228.0/24;
192.231.145.0/24;
192.231.146.0/24;
192.231.147.0/24;
192.239.66.0/24;
198.10.49.0/24;
198.31.12.0/24;
198.62.77.0/24;
198.77.76.0/24;
198.77.177.0/24;
198.82.0.0/16;
198.118.0.0/15;
198.181.231.0/24;
198.186.238.0/23;
198.206.32.0/20;
198.206.48.0/21;
199.0.138.0/23;
199.26.254.0/24;
199.75.86.0/23;
199.79.165.0/24;
199.79.166.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.125.175.0/24;
199.248.201.0/24;
199.249.158.0/24;
204.91.114.0/24;
204.145.182.0/24;
204.192.128.0/17;
204.194.224.0/22;
204.194.228.0/23;
205.128.154.0/23;
205.131.248.0/21;
205.156.0.0/19;
205.156.32.0/20;
205.156.48.0/21;
205.160.38.0/23;
205.253.57.0/24;
206.196.160.0/19;
206.196.176.0/21;
206.229.212.0/22;
206.241.0.0/22;
206.241.3.0/24;
206.241.145.0/24;
206.241.148.0/23;
206.241.252.0/24;
206.241.253.0/24;
207.77.112.0/20;
207.245.162.0/24;
208.16.73.0/24;
208.22.77.0/24;
208.22.78.0/24;
208.35.27.64/26;
216.38.95.0/24;
}
prefix-list MAX-SPONSORED {
65.127.220.0/23;
67.133.232.0/23;
160.111.0.0/16;
160.253.0.0/16;
192.12.83.0/24;
192.207.234.0/24;
192.239.84.0/24;
192.245.136.0/24;
198.91.32.0/21;
198.91.40.0/23;
199.33.3.0/24;
199.133.3.0/24;
199.133.32.0/24;
199.133.35.0/24;
199.133.38.0/24;
199.133.45.0/24;
199.133.46.0/24;
199.133.47.0/24;
199.133.48.0/24;
199.133.49.0/24;
199.133.51.0/24;
199.133.52.0/24;
199.133.54.0/24;
199.133.55.0/24;
199.133.56.0/24;
199.133.57.0/24;
199.133.58.0/24;
199.133.59.0/24;
199.133.60.0/24;
199.133.61.0/24;
199.133.62.0/24;
199.133.63.0/24;
199.133.64.0/24;
199.133.66.0/24;
199.133.67.0/24;
199.133.69.0/24;
199.133.72.0/24;
199.133.74.0/24;
199.133.75.0/24;
199.133.153.0/24;
199.133.179.0/24;
205.128.219.0/24;
205.128.220.0/22;
}
prefix-list MAX-SEGP {
4.17.88.0/21;
4.79.201.0/26;
64.5.128.0/20;
64.5.141.0/24;
64.5.144.0/24;
64.5.145.0/24;
64.5.147.0/24;
64.5.148.0/24;
64.5.152.0/24;
64.5.155.0/24;
64.5.159.0/24;
64.26.64.0/18;
65.160.148.0/23;
65.168.144.0/24;
66.250.190.0/24;
66.250.191.0/24;
76.7.54.0/23;
130.85.0.0/16;
131.118.0.0/16;
131.171.0.0/16;
134.192.0.0/16;
136.160.0.0/16;
137.45.0.0/16;
138.78.0.0/16;
151.188.0.0/16;
158.103.0.0/16;
169.156.0.0/16;
192.33.115.0/24;
192.33.116.0/24;
192.33.117.0/24;
192.131.232.0/24;
192.146.226.0/24;
192.188.199.0/24;
198.38.16.0/20;
198.51.208.0/24;
198.69.82.0/24;
198.200.181.0/24;
198.202.0.0/21;
199.88.192.0/24;
204.52.128.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.152.152.0/23;
204.153.76.0/22;
207.86.27.160/27;
208.27.92.0/22;
208.40.149.48/28;
208.40.161.64/27;
208.40.177.0/24;
208.40.194.0/24;
208.91.160.0/22;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.8/29;
209.114.187.240/29;
209.116.253.32/27;
209.243.32.0/20;
216.54.48.0/23;
216.152.80.0/20;
}
prefix-list MAX-PARTICIPANTS6 {
2001:468:C00::/40;
2001:468:ffff:9c4::/64;
2001:468:ffff:185c::/64;
2001:04d0:9c00::/40;
2610:20:8000::/35;
2610:D8::/32;
2620:0000:0bc0::/48;
}
prefix-list OARNET-PARTICIPANT {
64.247.64.0/18;
128.146.0.0/16;
129.22.0.0/16;
129.137.0.0/16;
130.101.0.0/16;
130.108.0.0/16;
131.123.0.0/16;
131.183.0.0/16;
132.235.0.0/16;
136.247.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
169.240.0.0/16;
192.5.109.0/24;
192.5.110.0/24;
192.5.111.0/24;
192.5.112.0/24;
192.5.113.0/24;
192.88.191.0/24;
192.88.192.0/24;
192.88.193.0/24;
192.88.194.0/24;
192.88.195.0/24;
192.132.213.0/24;
192.138.88.0/24;
192.148.235.0/24;
192.148.236.0/22;
192.148.240.0/21;
192.148.244.0/24;
192.148.248.0/22;
192.148.250.0/24;
192.148.251.0/24;
192.153.27.0/24;
192.153.28.0/24;
192.153.36.0/24;
192.153.37.0/24;
192.153.38.0/24;
/* Ohio Supercomputing Center */
192.153.39.0/24;
192.153.40.0/24;
192.153.41.0/24;
192.157.5.0/24;
192.232.26.0/23;
/* OSU */
192.232.26.0/24;
/* OSU */
192.232.27.0/24;
192.232.28.0/24;
/* OARnet */
198.30.86.0/24;
/* OARnet */
198.30.87.0/24;
199.26.250.0/24;
199.190.226.0/24;
199.249.228.0/24;
204.128.178.0/24;
/* OSCnet */
206.244.46.0/24;
/* OARnet */
206.244.200.0/21;
}
prefix-list OARNET-SPONSORED {
204.152.48.0/24;
204.152.49.0/24;
205.142.196.0/24;
205.142.197.0/24;
205.142.198.0/24;
205.142.199.0/24;
}
prefix-list OARNET-SEGP {
64.18.32.0/20;
64.113.176.0/20;
64.113.176.0/21;
64.113.184.0/21;
64.254.64.0/20;
65.182.112.0/20;
66.114.0.0/19;
66.144.22.0/24;
66.144.23.0/24;
66.145.194.0/24;
66.145.203.0/24;
66.203.16.0/20;
66.203.32.0/19;
129.1.0.0/16;
131.187.0.0/16;
131.238.0.0/16;
132.162.0.0/16;
134.53.0.0/16;
136.227.0.0/16;
137.148.0.0/16;
138.28.0.0/16;
140.103.0.0/16;
140.106.0.0/16;
140.141.0.0/16;
140.220.0.0/16;
140.228.0.0/16;
141.110.0.0/16;
141.139.0.0/16;
143.105.0.0/16;
143.206.0.0/16;
144.50.0.0/16;
146.78.0.0/16;
146.85.0.0/16;
149.143.0.0/16;
150.134.0.0/16;
156.63.57.0/24;
156.63.144.0/24;
156.63.176.0/24;
157.134.0.0/16;
163.11.0.0/16;
164.83.0.0/16;
192.42.153.0/24;
192.55.234.0/24;
192.68.223.0/24;
192.70.252.0/24;
192.131.123.0/24;
192.150.115.0/24;
192.153.31.0/24;
192.153.32.0/24;
192.153.33.0/24;
192.153.34.0/24;
/* The National Underground Railroad Freedom Center (NURFC) */
192.153.35.0/24;
192.232.30.0/24;
198.30.0.0/16;
198.140.201.0/24;
198.203.64.0/18;
198.234.184.0/23;
198.234.187.0/24;
198.234.188.0/22;
198.234.192.0/22;
198.234.196.0/23;
198.234.200.0/21;
199.18.0.0/16;
/* Mount Union College */
199.18.32.0/20;
/* Mount Union College */
199.18.204.0/22;
/* Mount Union College */
199.18.208.0/22;
/* Mount Union College */
199.18.234.0/23;
/* Mount Union College */
199.18.236.0/22;
/* Mount Union College */
199.18.238.0/24;
/* Mount Union College */
199.18.239.0/24;
199.120.181.0/24;
199.218.0.0/16;
204.9.144.0/21;
204.10.216.0/21;
204.10.217.0/24;
204.10.218.0/24;
204.10.219.0/24;
204.10.220.0/24;
204.10.221.0/24;
204.10.222.0/24;
204.10.223.0/24;
204.11.184.0/21;
204.11.184.0/24;
204.11.185.0/24;
204.11.186.0/24;
204.11.187.0/24;
204.11.188.0/24;
204.11.189.0/24;
204.11.190.0/24;
204.11.191.0/24;
204.89.239.0/24;
204.128.217.0/24;
205.133.0.0/16;
206.21.0.0/16;
206.244.0.0/16;
/* Mount Union College */
206.244.128.0/22;
/* Cleveland Institute of Art */
208.50.108.0/24;
208.71.72.0/21;
208.108.0.0/16;
208.108.4.0/22;
208.108.80.0/20;
208.108.80.0/24;
208.108.81.0/24;
208.108.82.0/24;
208.108.83.0/24;
208.108.84.0/24;
208.108.85.0/24;
208.108.86.0/24;
208.108.87.0/24;
208.108.88.0/24;
208.108.89.0/24;
208.108.90.0/24;
208.108.91.0/24;
208.108.92.0/24;
208.108.93.0/24;
208.108.94.0/24;
208.108.95.0/24;
208.108.96.0/20;
208.108.112.0/21;
208.108.120.0/21;
208.108.128.0/21;
208.108.136.0/21;
208.108.144.0/21;
208.108.152.0/21;
208.108.160.0/21;
208.108.168.0/21;
208.108.176.0/21;
208.108.184.0/21;
208.108.192.0/21;
208.108.192.0/24;
208.108.193.0/24;
208.108.194.0/24;
208.108.195.0/24;
208.108.196.0/24;
208.108.197.0/24;
208.108.198.0/24;
208.108.199.0/24;
208.108.200.0/21;
208.108.208.0/20;
208.108.224.0/22;
208.108.228.0/24;
208.108.236.0/24;
208.108.239.0/24;
208.122.64.0/19;
208.122.96.0/20;
209.34.112.0/20;
209.34.112.0/24;
209.34.113.0/24;
209.34.114.0/24;
209.34.115.0/24;
209.34.116.0/24;
209.34.117.0/24;
209.34.118.0/24;
209.34.119.0/24;
209.34.120.0/24;
209.34.121.0/24;
209.34.122.0/24;
209.34.123.0/24;
209.34.124.0/24;
209.34.125.0/24;
209.34.126.0/24;
209.34.127.0/24;
209.57.6.0/24;
209.57.142.0/24;
216.48.128.0/20;
216.48.128.0/21;
}
prefix-list OARNET-PARTICIPANTS6 {
2001:468:b00::/40;
2001:468:B06::/48;
2001:468:1100::/40;
2610:a8::/32;
2620:0:1A10::/48;
}
prefix-list DREXEL-PARTICIPANT {
129.25.0.0/16;
144.118.0.0/16;
192.54.238.0/24;
198.17.30.0/24;
204.238.76.0/24;
}
prefix-list DREXEL-SEGP {
144.26.0.0/16;
/* West Chester University */
144.80.0.0/16;
147.64.0.0/16;
148.137.0.0/16;
151.161.0.0/16;
156.12.0.0/16;
157.62.0.0/16;
157.160.0.0/16;
158.83.0.0/16;
166.66.0.0/16;
192.147.113.0/24;
192.148.218.0/24;
192.148.234.0/24;
192.149.243.0/24;
192.152.127.0/24;
192.153.187.0/24;
192.190.237.0/24;
192.206.29.0/24;
192.234.172.0/24;
198.206.191.0/24;
199.5.197.0/24;
199.5.198.0/23;
199.5.200.0/24;
204.108.160.0/19;
204.235.144.0/21;
204.235.148.0/23;
204.235.158.0/23;
204.235.160.0/20;
205.149.64.0/19;
206.225.96.0/19;
209.250.192.0/19;
}
prefix-list PSC-PARTICIPANT {
63.118.64.0/23;
64.83.144.0/21;
66.71.0.0/17;
75.102.64.0/18;
128.2.0.0/16;
128.118.0.0/16;
128.182.0.0/16;
128.237.0.0/16;
130.49.0.0/16;
130.203.0.0/16;
136.142.0.0/16;
146.186.0.0/16;
147.73.0.0/16;
150.212.0.0/16;
150.231.0.0/16;
157.182.0.0/16;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.12.32.0/24;
192.52.163.0/24;
192.52.164.0/23;
192.52.240.0/24;
192.58.107.0/24;
192.68.217.0/24;
192.80.210.0/24;
192.88.99.0/24;
192.88.114.0/24;
192.88.115.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.101.139.0/24;
192.101.140.0/24;
198.32.224.0/24;
199.111.112.0/20;
199.164.236.0/24;
204.155.176.0/20;
204.194.24.0/22;
204.194.28.0/22;
208.40.174.0/24;
}
prefix-list PSC-SPONSORED {
147.72.107.0/24;
147.72.108.0/22;
147.72.112.0/22;
147.72.116.0/23;
147.72.118.0/24;
192.124.34.0/24;
198.206.16.0/20;
}
prefix-list PSC-SEGP {
63.133.224.0/24;
63.133.225.0/24;
63.133.226.0/24;
63.133.227.0/24;
63.133.228.0/24;
63.133.229.0/24;
63.133.230.0/24;
63.133.231.0/24;
63.133.232.0/24;
63.133.233.0/24;
63.133.234.0/24;
63.133.235.0/24;
63.133.236.0/24;
63.133.237.0/24;
63.133.238.0/24;
63.133.239.0/24;
63.133.240.0/24;
63.133.241.0/24;
63.133.242.0/24;
63.133.243.0/24;
63.133.244.0/24;
63.133.245.0/24;
63.133.246.0/24;
63.133.247.0/24;
63.133.248.0/24;
63.133.249.0/24;
63.133.250.0/24;
63.133.251.0/24;
63.133.252.0/24;
63.133.253.0/24;
63.133.254.0/24;
63.133.255.0/24;
64.83.132.0/24;
64.83.133.0/24;
64.83.134.0/24;
64.83.135.0/24;
64.83.136.0/24;
64.83.137.0/24;
64.83.138.0/24;
64.83.140.0/24;
64.83.141.0/24;
64.83.142.0/24;
64.83.143.0/24;
64.83.144.0/21;
64.83.152.0/24;
64.83.153.0/24;
64.83.154.0/24;
64.83.155.0/24;
64.83.158.0/24;
65.110.114.0/24;
65.170.110.0/24;
66.146.224.0/24;
66.146.225.0/24;
66.146.226.0/24;
66.146.227.0/24;
66.146.228.0/24;
66.146.229.0/24;
66.230.74.32/28;
69.7.100.0/24;
69.7.104.0/24;
69.7.105.0/24;
69.7.106.0/24;
69.7.107.0/24;
69.7.108.0/24;
69.7.110.0/24;
69.7.111.0/24;
72.23.246.0/24;
72.237.88.0/22;
147.72.67.192/26;
150.232.0.0/16;
199.2.216.0/24;
204.96.142.0/24;
204.96.143.0/24;
205.144.32.0/20;
208.40.128.0/24;
208.40.149.48/28;
208.40.161.64/27;
208.40.167.0/24;
208.40.174.0/24;
208.40.177.0/24;
208.40.180.0/24;
208.40.194.0/24;
209.114.140.0/23;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.240/29;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list SOX-BACKUP-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.24.0/24;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.90.0.0/16;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
}
prefix-list SOX-BACKUP-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-BACKUP-SPONSORED {
66.187.234.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/18;
152.97.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
prefix-list SOX-BACKUP-SEGP {
64.56.80.0/23;
72.158.165.0/24;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.232.128.0/18;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-BACKUP-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-BACKUP-EXCEPTION-FEDNET {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-BACKUP-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list OARNET-CPSONLY {
12.41.33.0/24;
64.18.32.0/20;
64.31.64.0/18;
64.31.64.0/19;
65.163.228.0/23;
66.100.144.0/24;
66.100.145.0/24;
66.100.146.0/24;
66.100.147.0/24;
66.100.148.0/24;
66.100.149.0/24;
66.100.150.0/24;
70.63.30.0/23;
128.156.0.0/16;
131.167.0.0/16;
134.243.0.0/16;
139.88.0.0/16;
162.50.0.0/16;
192.12.205.0/24;
192.55.90.0/23;
192.58.246.0/24;
192.68.143.0/24;
192.131.246.0/24;
192.148.236.0/24;
192.148.237.0/24;
192.148.238.0/24;
192.148.239.0/24;
192.153.26.0/23;
192.153.26.0/24;
192.153.28.0/22;
192.153.29.0/24;
192.153.30.0/24;
192.232.16.0/20;
198.4.94.0/24;
198.179.229.0/24;
198.242.35.0/24;
199.0.140.0/22;
199.26.177.0/24;
199.74.236.0/24;
199.74.237.0/24;
199.176.156.0/24;
199.178.128.0/18;
204.29.170.0/24;
204.90.74.0/24;
206.131.208.0/20;
207.42.216.0/24;
208.93.208.0/22;
209.11.224.0/20;
216.28.31.0/24;
}
prefix-list PSC-PARTICIPANT6 {
2001:468:200::/40;
2001:5e8::/32;
2001:5e8::/33;
2002::/16;
2607:FB28:0:0:0:0:0:0/32;
2607:fb28::/40;
2610:8::/32;
2620:0:DB0::/48;
}
prefix-list WSU-PARTICIPANT {
192.148.236.0/24;
}
prefix-list WSU-EXCEPTION {
138.18.22.16/30;
}
prefix-list DRAGON-PARTICIPANT {
140.173.0.0/16;
}
prefix-list DREXEL-PARTICIPANTS6 {
2001:468:2000::/40;
/* For Pennsylvania SEGP */
2001:49D8:40::/42;
}
prefix-list OARNET-MULTICAST-ROUTES {
128.146.0.0/16;
129.22.0.0/16;
131.123.0.0/16;
131.123.0.0/19;
131.123.32.0/20;
131.123.48.0/20;
131.123.64.0/19;
131.123.96.0/19;
131.123.128.0/17;
137.148.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
192.5.109.0/24;
192.12.205.0/24;
192.68.143.0/24;
192.148.244.0/24;
192.150.115.0/24;
192.153.26.0/24;
192.153.41.0/24;
199.18.139.0/24;
199.18.140.0/24;
199.18.141.0/24;
206.21.72.0/24;
206.21.144.0/24;
206.21.145.0/24;
206.21.146.0/23;
206.21.148.0/22;
206.21.152.0/21;
206.244.152.0/22;
}
prefix-list PSC-EXCEPTION-SEGP {
208.40.149.48/28;
208.40.161.64/27;
209.114.187.8/29;
209.114.187.240/29;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list CPS-3ROX-CPS-ONLY {
12.169.112.0/24;
63.118.64.0/23;
147.72.64.0/18;
147.128.0.0/16;
147.128.68.0/22;
150.212.0.0/16;
158.83.0.0/16;
162.51.0.0/16;
163.129.0.0/16;
169.144.0.0/16;
192.88.115.0/24;
192.231.242.0/24;
204.9.144.0/21;
209.131.80.0/20;
216.152.144.0/20;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list CPS-MERIT {
35.0.0.0/8;
64.107.0.0/16;
64.109.158.0/23;
64.150.0.0/17;
65.79.0.0/17;
65.174.34.0/23;
66.99.0.0/16;
66.158.0.0/17;
66.202.192.0/19;
66.202.224.0/19;
69.176.128.0/19;
71.154.188.0/23;
72.3.0.0/17;
72.14.226.0/24;
131.230.0.0/16;
139.67.0.0/18;
141.209.0.0/16;
141.210.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
143.43.0.0/17;
143.195.0.0/16;
143.207.0.0/16;
144.74.0.0/16;
146.9.0.0/16;
146.163.0.0/16;
147.124.0.0/16;
147.126.64.0/19;
148.61.0.0/16;
155.139.0.0/16;
157.178.0.0/16;
158.80.0.0/16;
158.80.0.0/21;
158.80.64.0/21;
161.57.0.0/16;
163.191.0.0/19;
163.191.32.0/19;
163.191.64.0/19;
163.191.96.0/19;
163.191.128.0/19;
163.191.160.0/19;
163.191.192.0/19;
163.191.224.0/19;
164.68.96.0/19;
164.68.128.0/17;
164.76.0.0/16;
165.68.0.0/16;
165.188.0.0/16;
167.141.0.0/16;
167.165.0.0/16;
170.27.0.0/16;
192.35.161.0/24;
192.35.162.0/23;
192.35.170.0/24;
192.41.229.0/24;
192.41.232.0/22;
192.41.236.0/23;
192.41.238.0/24;
192.77.125.0/24;
192.86.159.0/24;
192.88.242.0/24;
192.94.173.0/24;
192.101.250.0/24;
192.108.188.0/24;
192.108.189.0/24;
192.108.190.0/24;
192.108.191.0/24;
192.122.181.0/24;
192.122.183.0/24;
192.122.184.0/24;
192.122.186.0/24;
192.122.200.0/24;
192.138.137.0/24;
192.153.163.0/24;
192.153.192.0/24;
192.160.165.0/24;
192.175.20.0/24;
192.188.100.0/24;
192.188.118.0/24;
192.203.136.0/23;
192.203.195.0/24;
192.231.113.0/24;
192.231.253.0/24;
192.234.14.0/23;
192.234.16.0/24;
192.245.252.0/24;
192.245.254.0/24;
198.17.130.0/23;
198.17.132.0/23;
198.17.134.0/24;
198.40.16.0/20;
198.49.116.0/23;
198.49.118.0/24;
198.108.0.0/14;
198.108.140.0/23;
198.111.209.0/24;
198.111.220.0/24;
199.15.0.0/21;
199.20.8.0/21;
199.89.229.0/24;
199.189.8.0/21;
204.38.0.0/15;
204.106.17.0/24;
204.238.189.0/24;
206.166.0.0/17;
207.63.0.0/16;
207.72.0.0/14;
207.74.92.0/24;
207.74.239.0/24;
207.246.160.0/19;
208.68.24.0/22;
209.7.0.0/16;
209.174.0.0/16;
209.175.0.0/16;
216.24.124.0/22;
216.124.0.0/16;
216.125.0.0/16;
216.182.144.0/20;
216.240.208.0/20;
}
prefix-list MERIT-CORPORATE {
136.1.0.0/16;
136.2.0.0/16;
136.8.32.0/22;
165.215.0.0/16;
192.195.245.0/24;
}
prefix-list MERIT-PARTICIPANT {
35.0.0.0/8;
65.174.34.0/23;
67.194.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
146.9.0.0/16;
155.139.0.0/16;
192.12.80.0/24;
192.31.238.0/24;
192.35.164.0/22;
192.35.169.0/24;
192.41.229.0/24;
192.41.230.0/23;
192.41.232.0/22;
192.41.236.0/23;
/* Alma College */
192.101.250.0/24;
192.122.182.0/23;
192.122.200.0/24;
192.203.195.0/24;
192.231.253.0/24;
198.30.180.0/23;
198.108.0.0/14;
198.108.0.0/24;
198.108.1.0/24;
198.108.2.0/24;
198.108.5.0/24;
198.108.18.0/23;
/* Michigan Information Technology Center Foundation (MICT) */
198.108.26.0/23;
/* UMichigan */
198.108.60.0/22;
198.108.62.0/24;
198.108.63.0/24;
198.108.95.0/24;
198.108.96.0/24;
198.108.182.0/24;
198.108.184.0/24;
/* Alma College */
198.108.232.0/24;
198.109.65.0/24;
198.109.240.0/20;
198.110.192.0/20;
198.110.216.0/21;
198.111.172.0/24;
198.111.212.0/23;
198.111.224.0/22;
204.38.0.0/15;
204.38.0.0/22;
204.38.16.0/21;
204.38.56.0/21;
204.38.160.0/23;
204.38.166.0/23;
204.38.168.0/22;
204.38.172.0/23;
204.38.174.0/24;
204.38.181.0/24;
204.38.182.0/23;
204.38.184.0/21;
204.38.192.0/20;
207.72.0.0/14;
207.73.136.0/23;
207.73.152.0/21;
207.73.208.0/24;
207.73.212.0/23;
207.74.72.0/22;
207.75.140.0/24;
207.75.144.0/20;
207.75.164.0/23;
207.75.166.0/23;
}
prefix-list MERIT-PARTICIPANT6 {
2001:468:1100::/40;
2001:468:1400::/40;
2001:468:1f09::/48;
2001:48A8::/32;
2607:f388::/32;
}
prefix-list MERIT-SPONSORED {
/* NOAA/GLERL */
192.94.173.0/24;
198.108.7.0/24;
/* Ithaca Harbors, Inc */
198.108.24.0/24;
198.108.102.0/23;
/* MERIT-NOAA Thunder Bay National Marine Sanctuary */
198.108.237.0/24;
/* Van Andel Institute */
198.110.167.0/24;
/* Macomb Community College MICH-858 */
198.111.56.0/23;
/* NOAA/GLERL */
207.74.57.0/24;
207.75.32.0/21;
}
prefix-list MERIT-SEGP {
63.175.128.0/23;
/* Kent Intermediate School District */
64.49.112.0/20;
64.90.128.0/20;
65.174.34.0/23;
66.202.192.0/18;
/* Hillsdale College MichNet SEGP */
69.58.32.0/19;
136.181.0.0/16;
141.209.0.0/16;
141.210.0.0/16;
/* Andrews University */
143.207.0.0/16;
147.124.0.0/16;
148.61.0.0/16;
148.149.0.0/16;
155.138.0.0/16;
158.80.0.0/16;
161.57.0.0/16;
162.108.0.0/16;
164.76.0.0/16;
167.240.0.0/16;
192.65.215.0/24;
192.88.242.0/24;
192.122.181.0/24;
192.138.137.0/24;
192.245.252.0/24;
192.245.254.0/24;
/* OHIO SEGP */
198.30.112.0/24;
198.108.4.0/24;
198.108.8.0/21;
198.108.20.0/24;
198.108.25.0/24;
198.108.26.0/23;
198.108.28.0/22;
/* Washtenaw Community College */
198.108.48.0/23;
/* Washtenaw Community College */
198.108.50.0/24;
198.108.51.0/24;
198.108.52.0/22;
198.108.64.0/20;
/* Adrian College */
198.108.80.0/21;
/* Washtenaw Community College */
198.108.97.0/24;
198.108.101.0/24;
/* Kalamazoo Regional Educational Service Agency */
198.108.158.0/24;
/* Calhoun ISD */
198.108.176.0/20;
198.108.192.0/24;
/* Northwestern Michigan College */
198.108.196.0/22;
198.108.208.0/23;
/* Northwestern Michigan College */
198.108.212.0/23;
/* Northwestern Michigan College */
198.108.218.0/24;
/* Alpena Community College */
198.108.228.0/22;
/* Saginaw ISD */
198.108.234.0/24;
/* Madonna University */
198.109.72.0/22;
198.109.172.0/23;
/* Hillsdale College */
198.109.208.0/24;
198.109.220.0/22;
198.109.229.0/24;
198.109.230.0/23;
198.109.232.0/21;
198.110.0.0/21;
198.110.11.0/24;
198.110.12.0/22;
198.110.24.0/21;
/* Grand Rapids Community College */
198.110.72.0/21;
/* Grand Rapids Community College */
198.110.83.0/24;
/* Grand Rapids Community College */
198.110.88.0/23;
198.110.92.0/24;
/* Hope College */
198.110.96.0/20;
198.110.132.0/22;
198.110.136.0/21;
198.110.149.0/24;
198.110.150.0/23;
198.110.152.0/24;
198.110.156.0/22;
/* Saginaw ISD */
198.110.163.0/24;
/* Saginaw ISD */
198.110.164.0/24;
198.110.168.0/21;
198.110.176.0/21;
/* Saginaw ISD */
198.110.224.0/21;
198.111.36.0/22;
198.111.64.0/21;
198.111.72.0/22;
198.111.76.0/23;
198.111.79.0/24;
/* MMNET */
198.111.152.0/21;
198.111.160.0/21;
198.111.168.0/24;
/* Washtenaw Community College */
198.111.171.0/24;
198.111.175.0/24;
/* Washtenaw Community College */
198.111.176.0/23;
198.111.180.0/24;
/* Alpena Community College */
198.111.182.0/24;
198.111.196.0/22;
/* Saginaw ISD */
198.111.208.0/24;
/* Saginaw ISD */
198.111.214.0/23;
198.111.240.0/21;
198.111.250.0/23;
198.111.252.0/22;
198.151.162.0/24;
199.33.196.0/24;
204.22.0.0/15;
204.24.0.0/15;
/* Saginaw ISD */
204.38.33.0/24;
204.38.36.0/23;
204.38.38.0/24;
/* Saginaw ISD */
204.38.46.0/23;
/* Northwestern Michigan College */
204.38.128.0/20;
/* Kalamazoo Regional Educational Service Agency */
204.38.208.0/20;
204.39.0.0/17;
204.39.128.0/18;
204.39.194.0/24;
204.75.208.0/20;
206.57.128.0/17;
/* Washtenaw Community College */
207.72.2.0/23;
/* Washtenaw Community College */
207.72.4.0/23;
207.72.6.0/24;
207.72.34.0/23;
207.72.36.0/22;
207.72.40.0/23;
207.72.48.0/24;
207.72.64.0/22;
207.72.68.0/24;
207.72.72.0/24;
207.72.76.0/22;
207.73.32.0/19;
207.73.64.0/23;
207.73.68.0/23;
/* Calhoun ISD */
207.73.96.0/20;
/* Kalamazoo Regional Educational Service Agency */
207.73.116.0/22;
/* Kalamazoo Regional Educational Service Agency */
207.73.120.0/21;
207.73.128.0/21;
207.73.136.0/24;
207.73.138.0/23;
207.73.140.0/22;
/* MMNET */
207.73.144.0/23;
/* Calhoun ISD */
207.73.152.0/22;
/* Calhoun ISD */
207.73.156.0/23;
/* Calhoun ISD */
207.73.158.0/24;
/* Calhoun ISD */
207.73.159.0/24;
207.73.160.0/21;
207.73.174.0/23;
207.73.180.0/22;
207.73.184.0/21;
207.73.219.0/24;
207.73.240.0/21;
207.73.248.0/22;
207.73.252.0/22;
207.74.0.0/24;
207.74.4.0/22;
207.74.8.0/21;
207.74.22.0/23;
/* Grand Rapids Community College */
207.74.24.0/21;
207.74.24.0/22;
/* Grand Rapids Community College */
207.74.29.0/24;
/* Grand Rapids Community College */
207.74.30.0/23;
207.74.67.0/24;
207.74.69.0/24;
207.74.77.32/27;
207.74.84.0/22;
/* MMNET */
207.74.84.0/23;
207.74.88.0/23;
207.74.94.0/23;
207.74.104.0/22;
207.74.115.0/24;
207.74.118.0/23;
207.74.138.0/23;
207.74.140.0/22;
/* Oakland University */
207.74.149.0/24;
/* Madonna University */
207.74.168.0/24;
207.74.189.0/24;
/* Northwestern Michigan College */
207.74.224.0/22;
/* Northwestern Michigan College */
207.74.232.0/21;
207.75.55.0/24;
207.75.96.0/24;
207.75.112.0/24;
/* Washtenaw Community College */
207.75.132.0/22;
/* Washtenaw Community College */
207.75.136.0/24;
207.75.160.0/22;
207.75.208.0/20;
207.75.226.0/23;
207.75.228.0/23;
208.68.24.0/22;
216.11.0.0/16;
}
policy-statement CLARA-TO-NREN {
term FROM-CLARA {
from as-path CLARA;
then accept;
}
}
/* generic import policy for all connectors */
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
prefix-list-filter PSC-SEGP orlonger;
prefix-list-filter PSC-SPONSORED orlonger;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
prefix-list-filter CPS-3ROX-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS12989-OUT {
term match {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term match {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS14361-OUT {
term match {
from community CPS-AS14361-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS16509-OUT {
term match {
from community CPS-AS16509-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19080-OUT {
term match {
from community CPS-AS19080-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27524-OUT {
term match {
from community CPS-AS27524-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term match {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3303-OUT {
term match {
from community CPS-AS3303-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS33739-OUT {
term match {
from community CPS-AS33739-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36248-OUT {
term match {
from community CPS-AS36248-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS40009-OUT {
term match {
from community CPS-AS40009-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term match {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term match {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term match {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9002-OUT {
term match {
from community CPS-AS9002-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-MERIT orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MERIT-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-OARNET-IN {
term accept {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
prefix-list-filter OARNET-SPONSORED orlonger;
prefix-list-filter OARNET-SEGP orlonger;
prefix-list-filter OARNET-CPSONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-OSCNET-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then accept;
}
term leak-specifics {
from {
protocol bgp;
route-filter 2001:468:c00::/40 exact;
}
then accept;
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement DATATAG-DEMO {
term 1 {
from {
protocol static;
route-filter 198.32.154.144/28 exact;
}
then accept;
}
}
policy-statement DRAGON-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DRAGON-PARTICIPANT orlonger;
}
then accept;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DREXEL-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter DREXEL-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* import policy for IPv6 FEDNET peers */
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FROM-CUDI {
term FROM {
/* allow NISN-CUDI transit via I2, ticket#11664 */
from as-path CUDI;
then accept;
}
}
policy-statement GEANT-TO-NREN {
term FROM-GEANT {
from as-path GEANT;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for mcast-only peerings with commerical ISPs */
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-F-root-international {
from {
route-filter 192.5.5.0/24 orlonger;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
/* import policy for IPv6 ITN peerings */
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MAX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAX-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MAX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement MAX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term accept-v6-transit {
from {
as-path MAX-V6-TRANSIT;
family inet6;
}
then {
local-preference 100;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MERIT-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MERIT-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MERIT-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MERIT-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term corporate {
from {
protocol bgp;
prefix-list-filter MERIT-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement MERIT-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MERIT-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
/* import policy for IPv6 NONITN peerings */
policy-statement NONITN-IN6 {
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NREN-TO-GEANT {
term FROM-NREN {
from as-path NREN;
then accept;
}
}
policy-statement OARNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter OARNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter OARNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement OARNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement OARNET-MULTICAST-IN {
term allow-muticast {
from {
prefix-list OARNET-MULTICAST-ROUTES;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute IPv4 aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute IPv6 Aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PSC-IN {
term participant {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter PSC-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter PSC-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_segp {
from {
protocol bgp;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-participant {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-PARTICIPANT orlonger;
}
then next policy;
}
term sox-backup-corporate {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sox-backup-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term sox-backup-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sox-backup-exception-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-fednet {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-FEDNET orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PSC-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
/* Block IPv6 routes that should never been accepted or announced */
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement TU-DRESDEN_to-IU {
term IU {
from {
route-filter 149.165.128.0/17 exact;
}
then {
as-path-prepend 11537;
next policy;
}
}
}
/* USGS ITN routes allowed to GEANT per UCAID 12231:45 */
policy-statement USGS-TO-GEANT {
term FROM-USGS {
from as-path USGS;
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1200::/56 longer;
route-filter 2001:468:0012::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement WSU-IN {
term participant {
from {
protocol bgp;
prefix-list-filter WSU-PARTICIPANT orlonger;
}
then next policy;
}
term exception_participant {
from {
protocol bgp;
prefix-list-filter WSU-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
interface [ so-0/0/0.0 so-3/0/0.0 so-1/1/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS12989-OUT members *:12989;
community CPS-AS13768-OUT members *:13768;
community CPS-AS14361-OUT members *:14361;
community CPS-AS15169-OUT members *:15169;
community CPS-AS16509-OUT members *:16509;
community CPS-AS19080-OUT members *:19080;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22822-OUT members *:22822;
community CPS-AS27524-OUT members *:27524;
community CPS-AS32934-OUT members *:32934;
community CPS-AS3303-OUT members *:3303;
community CPS-AS33739-OUT members *:33739;
community CPS-AS36248-OUT members *:36248;
community CPS-AS40009-OUT members *:40009;
community CPS-AS4436-OUT members *:4436;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8075-OUT members *:8075;
community CPS-AS9002-OUT members *:9002;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path ABILENE ".* 11537 .*";
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path NLR ".* 19401 .*";
as-path GEANT "20965 .*";
as-path CLARA "27750 .*";
as-path ESNET "293 .*";
as-path NREN "24 .*";
as-path MAX-V6-TRANSIT "10886 (293|2914|3257|4788|6939|10745|13645|23504|30071|33437)+ .*";
as-path USGS "1842 .*";
as-path CUDI "18592 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
Firewall Stanza Removed removed
chic
version 8.5R4.3;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit <*> {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
re0 {
system {
host-name CHIC-re0;
}
}
re1 {
system {
host-name CHIC-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
radius-server {
140.182.44.69 {
timeout 5;
source-address 64.57.28.241;
}
140.182.45.56 {
timeout 5;
source-address 64.57.28.241;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive {
files 100;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
host 140.182.44.73 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive {
size 1m;
files 100;
}
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route; ## Warning: 'source-route' is deprecated
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
ge-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-NEWY 10GE | I2-CHIC-NEWY32AOA-10GE-05239";
family inet {
address 64.57.28.72/31;
}
family inet6 {
address 2001:468:ff:602::2/64;
}
}
}
ge-0/1/0 {
inactive: apply-groups INTERFACE-CONNECTOR;
description "HP 5406 10GigE";
vlan-tagging;
mtu 9180;
unit 10 {
description "Racklan #2";
vlan-id 10;
family inet {
mtu 9000;
filter {
output racklan-access;
}
address 64.57.25.254/24;
}
family iso {
mtu 1497;
}
}
unit 11 {
description "Observatory 10 gig uplink";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.1/28;
address 198.32.10.201/30;
}
family inet6 {
mtu 9000;
address 2001:0468:0002:0011::1/64;
address 2001:0468:0002:0011::17:1/64;
}
}
unit 20 {
description "VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.193/29;
}
family inet6 {
mtu 9000;
address 2001:0468:0002:0020::1/64;
address 2001:0468:0002:0020::18:193/64;
}
}
unit 21 {
description "VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.17/29;
}
family inet6 {
mtu 9000;
address 2001:0468:0002:0021::1/64;
address 2001:0468:0002:0021::18:17/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.41/30;
}
family inet6 {
mtu 9000;
address 2001:468:2:60::29:41/64;
address 2001:468:2:60::1/64;
}
}
}
inactive: so-0/2/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH OC-192 | I2-CHIC-WASH-O192-03915 [NO-MONITOR]";
family inet {
filter {
input backbone-in-chic-wash;
}
address 64.57.28.12/31;
}
family inet6 {
address 2001:468:ff:0209::2/64;
}
}
}
gr-0/3/0 {
unit 1 {
description "V6 Tunnel to OARnet";
tunnel {
source 64.57.28.241;
destination 192.88.191.249;
}
family inet6 {
address 2001:468:FF:1D4B::1/64;
}
}
inactive: unit 5 {
description "V6 Tunnel to Workshop/Tradeshow [NO-MONITOR]";
tunnel {
source 64.57.28.241;
destination 134.68.11.59;
}
family inet {
address 10.0.33.33/24;
}
family inet6 {
address 2001:468:FF:1B1D::2/64;
}
}
}
ip-0/3/0 {
unit 2 {
description "SINET v6 Tunnel [NO-MONITOR]";
tunnel {
source 64.57.28.241;
destination 150.99.111.244;
}
family inet {
address 10.0.12.12/24;
}
}
unit 4 {
description "Singaren v6 Tunnel";
tunnel {
source 64.57.28.241;
destination 202.8.95.253;
}
family inet6 {
address 2001:208:1:FD05::2/64;
}
}
}
ge-1/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "MREN via Internet2 Chicago Metro Infinera Ring";
vlan-tagging;
mtu 9192;
unit 107 {
description "MREN via Chicago Metro Infinera Ring";
vlan-id 107;
family inet {
mtu 9000;
address 198.32.11.97/30;
}
family iso {
mtu 2447;
}
family inet6 {
mtu 9000;
address 2001:468:ff:fc3::1/64;
}
}
unit 443 {
description "[CPS] MREN via Chicago Metro Infinera Ring";
vlan-id 443;
family inet {
address 206.220.240.86/30;
}
}
unit 444 {
description "[CPS] Customer6 MREN via Chicago Metro Infinera Ring";
vlan-id 444;
family inet6 {
address 2001:468:ffff:fc3::1/64;
}
}
unit 2043 {
description "[CPS] MERIT via MREN from CIC";
vlan-id 2043;
family inet {
address 207.72.112.34/30;
}
}
unit 2059 {
description "MERIT via MREN from CIC";
vlan-id 2059;
family inet {
address 192.122.183.30/30;
}
family inet6 {
address 2001:468:ff:254::1/64;
}
}
}
ge-1/1/0 {
apply-groups INTERFACE-CONNECTOR;
unit 0 {
description "Nysernet via Internet2 DWS | I2-BUFF-CHIC-10GE-04190";
family inet {
address 199.109.11.2/30;
}
family inet6 {
address 2001:468:900:1101::2/64;
}
}
}
so-1/2/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-KANS OC-192 #2 | I2-CHIC-KANS-O192-03919";
family inet {
address 64.57.28.37/31;
}
family inet6 {
address 2001:468:ff:0204:8000::1/65;
}
}
}
ge-1/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-CHIC 10GE | I2-ATLA-CHIC-10GE-05419";
family inet {
address 64.57.28.5/31;
}
family inet6 {
address 2001:468:ff:102::2/64;
}
}
}
inactive: so-1/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-NEWY OC192 | I2-CHIC-NEWY32AOA-O192-03913 [NO-MONITOR]";
family inet {
address 64.57.28.14/31;
}
family inet6 {
address 2001:468:ff:206::1/64;
}
}
}
ge-2/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "CIC via Internet2 Chicago Metro Infinera Ring";
vlan-tagging;
unit 980 {
description "University of Wisconsin-Madison R&E IPv4";
vlan-id 980;
family inet {
address 144.92.233.117/30;
}
}
unit 981 {
description "University of Wisconsin-Madison R&E IPv6";
vlan-id 981;
family inet6 {
address 2001:468:FF:02C3::1/64;
}
}
unit 2036 {
description "[CPS] Connector WiscREN via CIC Backup IPv6";
vlan-id 2036;
family inet6 {
address 2001:468:ffff:24f::1/64;
}
}
unit 2037 {
description "[CPS] Connector WiscREN via CIC Primary IPv6";
vlan-id 2037;
family inet6 {
address 2001:468:ffff:2c1::1/64;
}
}
unit 2038 {
description "[CPS] UMN IPv6 via CIC";
vlan-id 2038;
family inet6 {
address 2001:468:ffff:259::1/64;
}
}
unit 2039 {
description "[CPS] WiscREN via CIC Backup";
vlan-id 2039;
family inet {
address 205.213.119.14/30;
}
}
unit 2040 {
description "[CPS] UMN via CIC;";
vlan-id 2040;
family inet {
mtu 9000;
address 192.35.86.9/30;
}
}
unit 2041 {
description "[CPS] Wisconsin-Milwaukee via CIC";
vlan-id 2041;
family inet {
address 205.213.118.10/30;
}
}
unit 2042 {
description "[CPS] UIUC via CIC";
vlan-id 2042;
family inet {
address 72.36.127.138/30;
}
family inet6 {
address 2620:0:e10:600e::2/64;
}
}
unit 2044 {
description "[CPS] University of Iowa via CIC";
vlan-id 2044;
family inet {
address 198.49.182.7/31;
}
family inet6 {
address 2001:468:ffff:2c2::1/64;
}
}
unit 2045 {
description "[CPS] Indiana Gigapop via CIC";
vlan-id 2045;
family inet {
address 149.165.254.7/31;
}
}
unit 2046 {
description "Wiscren via CIC 1G";
vlan-id 2046;
family inet {
address 205.213.118.6/30;
}
family inet6 {
address 2001:468:ff:24f::1/64;
}
}
unit 2047 {
description "Wiscren via their CIC 10G";
vlan-id 2047;
family inet {
mtu 9000;
address 205.213.119.10/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:2c1::1/64;
}
}
unit 2048 {
description "[CPS] Connector Indiana GigaPOP via CIC IPv6";
vlan-id 2048;
family inet6 {
address 2001:468:ffff:244::1/64;
}
}
unit 2051 {
description "OSCnet via CIC";
vlan-id 2051;
family inet {
mtu 9000;
address 192.88.192.134/30;
}
family inet6 {
mtu 9000;
}
}
unit 2055 {
description "Northern Lights 10G via CIC | AS57";
vlan-id 2055;
family inet {
mtu 9000;
address 146.57.253.54/30;
}
family inet6 {
mtu 9000;
address 2001:468:1900:16::2/64;
}
}
unit 2056 {
description "[CPS] MERIT via CIC";
vlan-id 2056;
family inet {
address 207.72.112.38/30;
}
family inet6 {
address 2001:468:ffff:254::1/64;
}
}
unit 2058 {
description "MERIT via CIC";
vlan-id 2058;
family inet {
mtu 9000;
address 192.122.183.46/30;
}
}
unit 2061 {
description "University of Iowa via CIC";
vlan-id 2061;
family inet {
address 198.49.182.5/31;
}
family inet6 {
address 2001:468:ff:2c2::1/64;
}
}
unit 2063 {
description "Indiana Gigapop via CIC";
vlan-id 2063;
family inet {
filter {
output interface-out-ingig;
}
address 149.165.254.3/31;
}
family inet6 {
address 2001:468:ff:244::1/64;
}
}
unit 2065 {
description "UIUC via CIC";
vlan-id 2065;
family inet {
mtu 9000;
address 72.36.127.158/30;
}
family inet6 {
address 2001:468:ff:2c4::1/64;
}
}
unit 2067 {
description "UIC/ICCN via CIC";
vlan-id 2067;
family inet {
mtu 9000;
address 72.36.127.162/30;
}
family inet6 {
mtu 9000;
address 2620:0:e10:6013::2/64;
}
}
unit 2069 {
description "University of Chicago via CIC OMniPOP [NO-MONITOR]";
vlan-id 2069;
family inet {
mtu 9000;
address 128.135.247.125/30;
}
}
unit 2072 {
description "[CPS] UIC/ICCN via CIC";
vlan-id 2072;
family inet {
mtu 9000;
address 72.36.127.166/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:2c5::1/64;
}
}
unit 2074 {
description "OSCnet [CPS]";
vlan-id 2074;
family inet {
mtu 9000;
address 199.18.156.130/30;
}
family inet6 {
mtu 9000;
address 2610:a8:1cab:2::2/64;
}
}
unit 2076 {
description "OSC/OARnet mcast and V6 peering [NO-MONITOR]";
vlan-id 2076;
family inet {
mtu 9000;
address 199.18.156.134/30;
}
family inet6 {
mtu 9000;
address 2610:a8:1cab:3::2/64;
}
}
unit 2299 {
description "CIC OmniPOP Testpoint PC";
vlan-id 2299;
family inet {
mtu 9000;
address 64.57.17.25/30;
}
}
}
ge-2/1/0 {
description "Starlight via I2-CHIC-STAR-I2-05148";
vlan-tagging;
mtu 9192;
encapsulation vlan-ccc;
unit 103 {
apply-groups INTERFACE-CONNECTOR;
description "StarLight M10 via StarLight | AS:10764";
vlan-id 103;
family inet {
mtu 9174;
address 198.32.11.101/30;
}
family iso;
family inet6 {
mtu 9174;
address 2001:468:ff:fc2::1/64;
}
}
unit 104 {
apply-groups INTERFACE-CONNECTOR;
description "USLHCNet (CERN) Backup ";
vlan-id 104;
family inet {
mtu 9174;
address 64.57.28.69/30;
}
}
unit 121 {
apply-groups INTERFACE-CONNECTOR;
description "CERN (1Gbs, primary v4 link) via Starlight | AS513";
vlan-id 121;
family inet {
mtu 9174;
address 192.91.246.125/30;
}
}
unit 135 {
apply-groups INTERFACE-CONNECTOR;
description "CA*net-Winnepeg via StarLight | AS6509";
vlan-id 135;
family inet {
mtu 9174;
address 198.32.11.29/30;
}
family iso;
family inet6 {
mtu 9174;
address 2001:410:101:20::2/64;
}
}
unit 144 {
apply-groups INTERFACE-CONNECTOR;
description "CA*net-Toronto via Starlight | AS6509";
vlan-id 144;
family inet {
mtu 9174;
address 205.189.32.97/30;
}
family inet6 {
mtu 9174;
address 2001:410:101:21::2/64;
}
family mpls {
mtu 9174;
}
}
inactive: unit 152 {
apply-groups INTERFACE-CONNECTOR;
description "DTF (James) via StarLight | AS75";
vlan-id 152;
family inet {
mtu 9174;
address 192.5.175.134/20;
}
family inet6 {
mtu 9174;
address 2001:468:ff:fc1::1/64;
}
family mpls {
mtu 9174;
}
}
unit 159 {
description "ASNet (Taiwan) via StarLight | AS:9264";
vlan-id 159;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 117.103.111.153/30;
}
inactive: family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:288:3B0:1::1A/127;
}
}
unit 178 {
apply-groups INTERFACE-CONNECTOR;
description "HARNET | AS3662";
vlan-id 178;
family inet {
mtu 4470;
address 192.245.196.110/30;
}
family inet6 {
mtu 4470;
address 2001:468:ff:12c3::1/64;
}
}
unit 179 {
description "DREN via StarLight | AS668";
vlan-id 179;
family inet {
mtu 9000;
address 138.18.155.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:fc7::1/64;
}
}
unit 188 {
description "CERN DataTAG (v6 only) | AS:513";
vlan-id 188;
family inet {
filter {
input connector-in;
output interface-out;
}
address 10.254.254.4/31;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:1458:E100:1000::0005:0012/126;
}
}
unit 191 {
description "6Tap via Starlight | AS3425";
vlan-id 191;
family inet {
mtu 1482;
address 10.254.254.6/31;
}
family inet6 {
mtu 1482;
address 3FFE:3900:A7::2/64;
address 2001:400:2005:7::3/64 {
preferred;
}
}
}
unit 205 {
apply-groups INTERFACE-CONNECTOR;
description "FranceTelecom, multicast-only | AS5511";
vlan-id 205;
family inet {
mtu 9000;
/* For DATATAG Demo. remove after 3/18 */
filter {
input connector-in;
output interface-out;
}
address 198.32.11.13/30;
}
family inet6 {
address 2001:0688:0000:0004::0019/127;
}
}
unit 212 {
description "NISN via Starlight | AS:297";
vlan-id 212;
family inet {
mtu 9000;
address 192.150.29.6/30;
}
}
unit 250 {
description "KREOnet2 via Starlight";
vlan-id 250;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 134.75.108.46/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:468:FF:12C2::1/64;
}
}
unit 258 {
description "CERN production IPv6 via STARLIGHT | AS:513";
vlan-id 258;
family inet6 {
mtu 9000;
address 2001:1458:E100:1000::0005:0002/126;
}
}
unit 281 {
description "TANET2 | AS:7539";
vlan-id 281;
family inet {
filter {
input connector-in;
output interface-out;
}
address 211.79.48.178/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:E10:FFFF:304::2/64;
}
}
unit 345 {
apply-groups INTERFACE-CONNECTOR;
description "HOPI Management VLAN (default gw)";
vlan-id 345;
family inet {
mtu 1500;
address 198.32.14.65/27;
}
}
unit 348 {
apply-groups INTERFACE-CONNECTOR;
description "Ultralight Project via Starlight";
vlan-id 348;
family inet {
mtu 9000;
address 198.32.11.45/30;
}
family inet6 {
mtu 9000;
address 2001:468:0e9c:0084::2/126;
}
}
unit 356 {
apply-groups INTERFACE-CONNECTOR;
description "APAN via JGN2 Hitachi via Starlight | AS7660";
vlan-id 356;
family inet {
mtu 9000;
address 203.181.248.141/30;
}
family iso;
family inet6 {
mtu 9000;
address 2001:468:ff:0fc6::1/64;
}
}
unit 397 {
description "USGS M7i via Starlight | AS1842";
vlan-id 397;
family inet {
mtu 9000;
address 192.41.213.113/30;
}
}
unit 402 {
description "GLORIAD-new | AS20388";
vlan-id 402;
family inet {
mtu 9174;
address 192.31.99.134/30;
}
}
unit 423 {
description "ESNET via Starlight (backup connection)";
vlan-id 423;
family inet {
mtu 9000;
address 198.125.140.230/30;
}
}
unit 432 {
vlan-id 432;
family inet {
mtu 9000;
address 64.57.18.26/30;
}
}
inactive: unit 601 {
description "DREN ipv6 only | AS668";
vlan-id 601;
family inet {
mtu 1500;
address 10.254.254.8/31;
}
family inet6 {
mtu 1500;
address 2001:468:ff:fc4::1/64;
}
}
}
ge-2/2/0 {
description sw.eqch.net.internet2.edu:A1;
vlan-tagging;
mtu 9192;
unit 10 {
description "EQCH Management Subnet";
vlan-id 10;
family inet {
mtu 1500;
address 198.32.10.190/28;
}
}
unit 11 {
description "[CPS] Equinix Chicago Public Switch";
vlan-id 11;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 206.223.119.120/25;
}
family inet6 {
address 2001:504:0:4::1:1537:1/64;
}
}
unit 12 {
description "[CPS] Global Crossing Private Peering";
vlan-id 12;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.208.110.198/30;
}
}
unit 13 {
description "[CPS] NLayer Private Peering";
vlan-id 13;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 69.31.111.90/30;
}
}
unit 14 {
description "[CPS] Peer Yahoo Private Peering";
vlan-id 14;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.17/30;
}
}
inactive: unit 15 {
description "[CPS] Google Private Peering";
vlan-id 15;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 74.125.48.106/30;
}
}
unit 16 {
description "[CPS] Global Crossing Private Peering Link2";
vlan-id 16;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.208.110.190/30;
}
}
unit 17 {
description "[CPS] BitGravity Private Peering";
vlan-id 17;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 209.131.107.142/30;
}
}
}
inactive: so-2/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-CHIC OC-192 | I2-ATLA-CHIC-O192-03917 [NO-MONITOR]";
family inet {
address 64.57.28.5/31;
}
family inet6 {
address 2001:468:ff:102::2/64;
}
}
}
ge-4/0/0 {
description "HP mgmt 1G interface";
vlan-tagging;
mtu 9180;
unit 12 {
description "Observatory 1 gig uplink";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.33/28;
}
family inet6 {
mtu 9000;
address 2001:0468:0002:0012::1/64;
address 2001:0468:0002:0012::17:33/64;
}
}
}
ge-4/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.17.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:2:101::1/64;
address 2001:468:2:101::17:17/64;
}
}
}
ge-4/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.17.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:2:100::1/64;
address 2001:468:2:100::17:21/64;
}
}
}
so-4/1/0 {
apply-groups INTERFACE-CONNECTOR;
description mss.chic.net.internet2.edu:1-A-16-1;
dce;
encapsulation frame-relay;
unit 20 {
description "University of Memphis R&E DLCI";
dlci 20;
family inet {
mtu 9000;
address 141.225.250.26/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:15b::1/64;
}
}
unit 100 {
description "[CPS] University of Memphis CPS DLCI";
dlci 100;
family inet {
mtu 9000;
address 141.225.250.30/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:15b::1/64;
}
}
}
so-5/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-KANS OC-192 #1 | I2-CHIC-KANS-O192-03918";
family inet {
address 64.57.28.17/31;
}
family inet6 {
address 2001:468:ff:0204::1/65;
}
}
}
so-5/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "ESNET OC-192 (primary connection)";
unit 0 {
family inet {
address 198.125.140.54/30;
}
}
}
xe-5/2/0 {
description "[CPS] 10GE to Equinix for private peerings";
vlan-tagging;
mtu 9134;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 15 {
description "[CPS] Google Private Peering";
vlan-id 15;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 74.125.48.106/30;
}
family inet6 {
mtu 1500;
address 2001:4860:1:1:0:2d11:0:9/127;
}
}
unit 18 {
description "[CPS] Yahoo second 1G";
vlan-id 18;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.25/30;
}
}
unit 19 {
description "[CPS] Limelight PNI";
vlan-id 19;
family inet {
filter {
input connector-in;
}
address 208.111.156.82/30;
}
family inet6 {
address 2607:f4e8:2::2/64;
}
}
unit 100 {
description "[CPS] GBLX 10GE PNI";
vlan-id 100;
family inet {
filter {
input connector-in;
}
address 64.208.110.38/30;
}
family inet6 {
address 2001:450:2008:2A::2/64;
}
}
unit 101 {
description "GBLX 10GE PNI multicast-only vlan in R&E";
vlan-id 101;
family inet {
filter {
input connector-in;
}
address 64.215.195.42/30;
}
}
}
xe-5/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH 10GE | I2-CHIC-WASH-10GE-05250";
family inet {
address 64.57.28.12/31;
}
family inet6 {
address 2001:468:ff:0209::2/64;
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.28.241/32 {
preferred;
}
address 198.32.8.238/32;
}
family iso {
address 49.0000.0000.0000.0050.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:2::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.241/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff02::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.7 {
port 4194;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:0f00::/56;
route 2001:468:000f::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
/* to FranceTelecom mcast-only msdp peer */
route 193.251.128.23/32 next-hop 198.32.11.14;
/* to FranceTelecom mcast-only msdp peer */
route 193.251.128.3/32 next-hop 198.32.11.14;
/* WiscEdu free-iperf.wiscnet.net */
route 216.56.4.19/32 next-hop 205.213.118.5;
route 198.32.12.0/22 {
discard;
community 11537:950;
}
/* to CzechLight for VINI connectivity [10278:45] */
route 195.113.222.88/29 next-hop 64.57.18.25;
/* Global Crossing loopback used for Multihop peering */
route 64.215.195.157/32 next-hop 64.208.110.189;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.241;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface ge-2/2/0.11 {
disable;
}
}
rsvp {
/* BACKBONE to ATLA */
inactive: interface so-2/3/0.0;
/* BACKBONE to KANS */
interface so-5/0/0.0;
/* BACKBONE to NEWY */
interface ge-0/0/0.0;
/* BACKBONE to WASH */
interface xe-5/3/0.0;
/* BACKBONE to ATLA */
interface ge-1/3/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path CHIC->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path CHIC->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path CHIC->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path CHIC->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path CHIC->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path CHIC->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
primary via-SALT;
}
label-switched-path CHIC->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path CHIC->SEAT {
to 64.57.28.247;
fast-reroute;
}
path via-SALT {
64.57.28.246 loose;
}
/* BACKBONE to ATLA */
inactive: interface so-2/3/0.0;
/* BACKBONE to KANS */
interface so-5/0/0.0;
/* BACKBONE to NEWY */
interface ge-0/0/0.0;
/* BACKBONE to WASH */
interface xe-5/3/0.0;
/* BACKBONE to ATLA */
interface ge-1/3/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.241;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
inactive: neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:2::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
inactive: neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 198.32.11.102 {
description STARLIGHT;
family inet {
any {
prefix-limit {
maximum 8000;
teardown 90 idle-timeout 1;
}
}
}
peer-as 10764;
}
neighbor 198.32.11.30 {
description "CA*net - Winnipeg";
Authentication Data Removed
peer-as 6509;
}
neighbor 205.189.32.98 {
description "CA*net - Toronto";
Authentication Data Removed
peer-as 6509;
}
neighbor 192.245.196.109 {
description HARnet;
Authentication Data Removed
peer-as 3662;
}
neighbor 134.75.108.45 {
description KREONet2;
Authentication Data Removed
peer-as 17579;
}
neighbor 211.79.48.177 {
description TANET2;
Authentication Data Removed
peer-as 7539;
}
neighbor 192.31.99.133 {
description "GLORIAD-new via Starlight";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NO-KREONET-VIA-GLORIAD ITN-IN ];
peer-as 20388;
}
/* ASNet and TANET2 back each other up */
neighbor 117.103.111.154 {
description "ASNet (Taiwan)";
Authentication Data Removed
peer-as 24167;
}
neighbor 203.181.248.142 {
description "APAN via JGN2 Hitachi switch (via Starlight)";
import [ FROM-APAN-SPECIAL SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER IFTN-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 IFTN-OUT ];
peer-as 7660;
}
neighbor 64.57.28.70 {
description "USLHCNet (CERN) Backup";
Authentication Data Removed
peer-as 1297;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:468:ff:fc2::2 {
description STARLIGHT;
peer-as 10764;
}
inactive: neighbor 2001:288:3B0:1::1B {
description "ASNet (Taiwan)";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 9264;
}
neighbor 2001:468:ff:12c3::2 {
description HARnet;
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 3662;
}
inactive: neighbor 2001:798:2022:10AA::d {
description "GEANT (Amsterdam) via Eurolink Circuit - contact SURFnet";
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:468:FF:12C2::2 {
description "Kreonet2 via Starlight";
Authentication Data Removed
peer-as 17579;
}
neighbor 2001:468:FF:fc6::2 {
description "APAN via JGN2 Hitachi via Starlight";
Authentication Data Removed
peer-as 7660;
}
inactive: neighbor 2001:400:2005:7::1 {
description "6TAP @ Starlight [no-monitor]";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 3425;
}
neighbor 2001:410:101:20::1 {
description "CA*net - Winnipeg";
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:410:101:21::1 {
description "CA*net - Toronto";
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:E10:FFFF:304::1 {
description TANET2;
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:208:1:FD05::1 {
description "Singaren v6 tunnel [NO-MONITOR]";
Authentication Data Removed
peer-as 7610;
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 192.91.246.126 {
description "CERN (1Gbps)";
import [ SANITY-IN SET-PREF CERN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 513;
}
neighbor 198.32.11.46 {
description "Ultralight Project via Starlight";
import [ SANITY-IN SET-PREF ULTRALIGHT-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 32361;
}
neighbor 198.32.11.98 {
description MREN;
import [ SANITY-IN SET-PREF MREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 22335;
}
neighbor 199.109.11.1 {
description "Nysernet via Buffalo";
import [ SANITY-IN SET-PREF NYSERNET-IN CONNECTOR-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 LEAK-NMS1 ];
peer-as 3754;
}
neighbor 149.165.254.2 {
description "Indiana Gigapop via CIC";
import [ SANITY-IN SET-PREF INTERNET2-MOSS INDIANAGIGAPOP-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 19782;
}
neighbor 205.213.118.5 {
description WiscREN;
import [ SANITY-IN SET-PREF WISCREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 2381;
}
neighbor 192.122.183.29 {
description "MERIT through MREN from CIC";
import [ SANITY-IN SET-PREF MERIT-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 237;
bfd-liveness-detection {
minimum-interval 100;
multiplier 3;
}
}
neighbor 198.49.182.4 {
description "U Iowa via CIC";
import [ SANITY-IN SET-PREF IOWA-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 3676;
}
neighbor 72.36.127.157 {
description "UIUC via CIC";
import [ SANITY-IN SET-PREF UIUC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 40387;
}
neighbor 205.213.119.9 {
description "WiscREN-EQCH 10G via CIC";
import [ SANITY-IN SET-PREF WISCREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 2381;
}
neighbor 192.88.192.133 {
description "OSC/OARnet Backup connection";
import [ SANITY-IN SET-PREF CONNECTOR-IN OARNET-IN ];
Authentication Data Removed
peer-as 3112;
}
neighbor 199.18.156.133 {
description "OSCnet mcast-only [NO-MONITOR]";
import [ SANITY-IN SET-PREF OARNET-MULTICAST-IN ];
family inet {
multicast;
}
Authentication Data Removed
peer-as 600;
}
neighbor 192.122.183.45 {
description "MERIT via CIC [NO-MONITOR]";
import [ SANITY-IN SET-PREF MERIT-IN CONNECTOR-IN ];
peer-as 237;
}
neighbor 128.135.247.126 {
description "UOC via CIC [NO-MONITOR]";
import [ SANITY-IN SET-PREF UOC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 160;
}
neighbor 144.92.233.118 {
description "University of Wisconsin-Madison IPv4";
import [ SANITY-IN SET-PREF UW-MADISON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 59;
}
neighbor 72.36.127.161 {
description "ICCN via CIC UIC 10G secondary connection";
import [ SANITY-IN SET-PREF UIUC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 40387;
}
neighbor 146.57.253.53 {
description "NorthernLights Gigapop via CIC, 10G [NO-MONITOR]";
import [ SANITY-IN SET-PREF NORTHERNLIGHTS-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 57;
}
neighbor 141.225.250.25 {
description "University of Memphis R&E IPv4";
import [ SANITY-IN SET-PREF MEMPHIS-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 14048;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
/* CERN will sometimes advertise subsets of their larger, production v6 /32 here */
neighbor 2001:1458:E100:1000::0005:0011 {
description "CERN DataTAG";
import [ SANITY6 SET-PREF CERN-IN6 ];
Authentication Data Removed
peer-as 513;
}
neighbor 2001:1458:E100:1000::0005:0001 {
description "CERN Primary IPv6";
import [ SANITY6 SET-PREF CERN-IN6 ];
Authentication Data Removed
peer-as 513;
}
neighbor 2001:468:0e9c:0084::1 {
description "Ultralight via Starlight v6";
import [ SANITY6 SET-PREF ULTRALIGHT-IN6 ];
Authentication Data Removed
peer-as 32361;
}
neighbor 2001:468:ff:fc3::2 {
description MREN;
import [ SANITY6 SET-PREF MREN-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 22335;
}
neighbor 2001:468:900:1101::1 {
description "Nysernet via Buffalo";
import [ SANITY6 SET-PREF NYSERNET-IN6 ];
Authentication Data Removed
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6-WITH-SPECIFICS ];
peer-as 3754;
}
neighbor 2001:468:FF:1D4B::2 {
description "OARnet v6 - Moved from v6 ipls tunnel router";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 3112;
}
neighbor 2001:468:ff:244::2 {
description "Indiana Gigapop via CIC";
import [ SANITY6 SET-PREF INDIANAGIGAPOP-IN6 ];
Authentication Data Removed
peer-as 19782;
}
neighbor 2001:468:ff:24f::2 {
description "Wiscren-1G via CIC";
import [ SANITY6 SET-PREF WISCREN-IN6 ];
Authentication Data Removed
peer-as 2381;
}
neighbor 2001:468:ff:254::2 {
description "MERIT through MREN from CIC [NO-MONITOR]";
import [ SANITY6 SET-PREF MERIT-IN6 ];
peer-as 237;
}
neighbor 2001:468:ff:2c1::2 {
description "Wiscren-10G via CIC";
import [ SANITY6 SET-PREF WISCREN-IN6 ];
Authentication Data Removed
peer-as 2381;
}
neighbor 2001:468:ff:2c2::2 {
description "UIowa-10G via CIC";
import [ SANITY6 SET-PREF UIOWA-IN6 ];
Authentication Data Removed
peer-as 3676;
}
neighbor 2610:a8:1cab:3::1 {
description "OSCnet IPv6 Multicast [NO-MONITOR]";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 600;
}
neighbor 2001:468:FF:02C3::2 {
description "University of Wisconsin-Madison R&E IPv6";
import [ SANITY6 SET-PREF UW-MADISON-IN6 ];
Authentication Data Removed
peer-as 59;
}
neighbor 2620:0:e10:6013::1 {
description "ICCN (Illinois state R&E net) secondary via CIC UIC";
import [ SANITY6 SET-PREF UIUC-IN6 ];
Authentication Data Removed
peer-as 40387;
}
neighbor 2001:468:ff:2c4::2 {
description "ICCN (Illinois state R&E net) primary via CIC UIUC";
import [ SANITY6 SET-PREF UIUC-IN6 ];
Authentication Data Removed
peer-as 40387;
}
neighbor 2001:468:1900:16::1 {
description "NorthernLights Gigapop via CIC, 10G [NO-MONITOR]";
import [ SANITY6 SET-PREF NORTHERNLIGHTS-IN6 ];
Authentication Data Removed
peer-as 57;
}
neighbor 2001:468:FF:15B::2 {
description "University of Memphis R&E IPv6";
import [ SANITY6 SET-PREF MEMPHIS-IN6 ];
Authentication Data Removed
peer-as 14048;
}
}
group OTHER {
metric-out igp;
remove-private;
neighbor 128.223.51.102 {
description "RouteViews #1 - help@routeviews.org";
multihop {
ttl 15;
}
local-address 64.57.28.241;
import REJECT-ALL;
peer-as 6447;
}
neighbor 128.223.51.108 {
description "RouteViews #2 - help@routeviews.org";
multihop {
ttl 15;
}
local-address 64.57.28.241;
import REJECT-ALL;
peer-as 6447;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 138.18.155.33 {
description DREN;
Authentication Data Removed
peer-as 668;
}
neighbor 192.150.29.5 {
description "NISN - Chicago";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FROM-CUDI FEDNET-OUT ];
peer-as 297;
}
neighbor 192.41.213.114 {
description "USGS M7i via StarLight";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 REDCLARA-TO-USGS GEANT-TO-USGS FEDNET-OUT ];
peer-as 1842;
}
neighbor 198.125.140.229 {
description "ESNET via Starlight";
metric-out igp 1;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
neighbor 198.125.140.53 {
description "ESNET via OC192 (primary bgp)";
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:fc7::2 {
description DREN-new;
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 198.32.11.14 {
description "France Telecom, multicast-only";
Authentication Data Removed
peer-as 5511;
}
neighbor 64.215.195.41 {
description "GBLX multicast-only [NO-MONITOR]";
Authentication Data Removed
peer-as 3549;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:0688:0000:0004::0018 {
description "France Telecom";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 5511;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.241;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.241;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 64.57.17.7 {
description "nms-rpsv.chic.net.internet2.edu zebra bgpd [NO-MONITOR]";
local-address 64.57.17.1;
family inet {
unicast;
multicast;
}
cluster 64.57.17.1;
}
neighbor 2001:0468:0002:0011::17:7 {
description "nms-rpsv.chic.net.internet2.edu zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.241;
hold-time 65535;
family inet {
unicast;
}
}
}
group OTHER6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
neighbor 2001:468:FF:1B1D::1 {
description "WORKSHOP V6 peer moved from ipls v6 tunnel router [NO-MONITOR]";
import [ SANITY6 SET-PREF WORKSHOP-IN6 ];
peer-as 65501;
}
neighbor 2001:468:d01:33::80df:330f {
description "Routviews R&Ev6 [NO-MONITOR]";
multihop {
ttl 15;
}
local-address 2001:468:2::1;
import REJECT-ALL;
peer-as 6447;
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200; ## Warning: 'spf-delay' is deprecated
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* BACKBONE to NEWY */
interface ge-0/0/0.0 {
level 1 disable;
level 2 metric 1001;
}
interface ge-0/1/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* OC-192 #2 to KANS - R/E Traffic only */
interface so-1/2/0.0 {
level 1 disable;
level 2 metric 689;
}
/* BACKBONE to ATLA */
interface ge-1/3/0.0 {
level 1 disable;
level 2 metric 1045;
}
/* BACKBONE to ATLA */
inactive: interface so-2/3/0.0 {
level 1 disable;
level 2 metric 1045;
}
/* OC-192 #1 to KANS - CPS and R/E failover */
interface so-5/0/0.0 {
level 1 disable;
level 2 metric 690;
}
/* BACKBONE to WASH */
interface xe-5/3/0.0 {
level 1 disable;
level 2 metric 905;
}
/* Run IS-IS Passively on All Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
}
inactive: traceoptions {
file msdp-debug size 256k files 5;
flag state;
flag general;
}
source 0.0.0.0/0 {
active-source-limit {
maximum 2000;
threshold 2000;
}
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.241;
/* STTLng */
inactive: peer 198.32.8.200;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* Nysernet via Buffalo */
peer 199.109.11.1 {
local-address 199.109.11.2;
}
/* WISCREN */
peer 205.213.118.5 {
local-address 205.213.118.6;
}
/* Indiana Gigapop */
peer 149.165.254.2 {
local-address 149.165.254.3;
}
/* MERIT */
peer 192.122.183.29 {
local-address 192.122.183.30;
}
/* Iowa via CIC */
peer 198.49.182.4 {
local-address 198.49.182.5;
}
/* MREN */
peer 198.32.11.98 {
local-address 198.32.11.97;
}
/* UIUC */
peer 130.126.0.145 {
local-address 192.17.10.45;
}
peer 205.213.119.9 {
local-address 205.213.119.10;
}
/* UltraLight */
peer 198.32.11.46 {
local-address 198.32.11.45;
}
/* MERIT via CIC */
peer 192.122.183.45 {
local-address 192.122.183.46;
}
/* University of Wisconsin-Madison */
peer 144.92.233.118 {
local-address 144.92.233.117;
}
/* ICCN (Illinois state R&E net) secondary via CIC UIC */
peer 72.36.127.157 {
local-address 72.36.127.158;
}
/* UMN/NL */
peer 146.57.253.53 {
local-address 146.57.253.54;
}
/* OARNET */
peer 199.18.156.133 {
local-address 199.18.156.134;
}
/* University of Memphis */
peer 141.225.250.25 {
local-address 141.225.250.26;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* DTF */
inactive: peer 192.5.175.5 {
local-address 192.5.175.6;
}
/* STARLIGHT */
inactive: peer 206.220.240.220 {
local-address 198.32.8.193;
}
/* CANET Winnepeg */
peer 198.32.11.30 {
local-address 198.32.11.29;
}
/* CANET Toronto */
peer 205.189.32.98 {
local-address 205.189.32.97;
}
/* GLORIAD */
peer 195.209.4.253 {
local-address 195.209.4.254;
}
/* HARnet */
peer 192.245.196.109 {
local-address 192.245.196.110;
}
/* FranceTelecom NYKAR1 node--see also accompanying static route to make this reachable */
peer 193.251.128.23 {
local-address 198.32.11.13;
}
/* FranceTelecom PASBB1 node--see also accompanying static route to make this reachable */
peer 193.251.128.3 {
local-address 198.32.11.13;
}
/* CERNET (multihopviaSTARLIGHT) */
inactive: peer 202.38.117.128 {
local-address 198.32.8.193;
}
/* KREONet2 via StarLight */
peer 134.75.108.45 {
local-address 134.75.108.46;
}
/* TANET2 */
peer 211.79.48.177 {
local-address 211.79.48.178;
}
/* GLORIAD */
peer 192.31.99.253 {
local-address 192.31.99.134;
traceoptions {
file gloriad-msdp size 1m files 3;
flag state send receive detail;
flag keepalive detail;
flag general detail;
flag normal detail;
flag policy detail;
}
}
/* ASNnet (Tiawan) */
peer 117.103.111.154 {
local-address 117.103.111.153;
}
/* APAN via JGN2 Hitatchi */
peer 203.181.248.142 {
local-address 203.181.248.141;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* DREN - AS668. loopback to loopback */
peer 138.18.11.253 {
local-address 64.57.28.241;
}
/* NISN */
peer 192.150.29.5 {
local-address 192.150.29.6;
}
/* USGS m7i at starlight */
peer 192.41.213.114 {
local-address 192.41.213.113;
}
/* ESNET via Starlight */
peer 198.125.140.229 {
local-address 198.125.140.230;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list CERN-PARTICIPANT {
128.141.0.0/16;
128.142.0.0/16;
137.138.0.0/16;
188.184.0.0/15;
192.16.155.0/24;
192.16.164.0/23;
192.16.166.0/24;
192.65.184.0/21;
192.91.236.0/22;
192.91.240.0/22;
192.91.244.0/23;
192.91.246.0/24;
194.12.128.0/21;
}
prefix-list CERN-IN6 {
2001:1458::/32;
}
prefix-list ULTRALIGHT-PARTICIPANT {
192.41.230.0/23;
192.84.86.0/24;
198.32.43.0/24;
198.32.44.0/24;
}
prefix-list ULTRALIGHT-PARTICIPANT6 {
2001:468:0e9c::/48;
}
prefix-list MREN-CORPORATE {
165.215.0.0/16;
192.195.245.0/24;
}
prefix-list MREN-SPONSORED {
65.79.120.0/22;
192.41.245.0/24;
192.42.83.0/24;
192.94.173.0/24;
192.206.213.0/24;
192.206.214.0/24;
192.206.215.0/24;
198.37.16.0/21;
198.37.24.0/22;
198.108.237.0/24;
198.110.167.0/24;
198.111.56.0/23;
207.74.57.0/24;
207.75.32.0/21;
216.47.128.0/19;
}
prefix-list MREN-SEGP {
63.175.128.0/23;
64.107.0.0/16;
65.79.0.0/17;
65.174.34.0/23;
66.99.211.0/25;
69.58.32.0/19;
74.207.32.0/19;
131.210.0.0/16;
134.161.0.0/16;
137.28.0.0/16;
137.81.0.0/16;
137.104.0.0/16;
138.49.0.0/16;
138.74.0.0/16;
139.135.0.0/16;
139.225.0.0/16;
140.104.0.0/16;
140.146.0.0/16;
140.189.0.0/16;
141.106.0.0/16;
141.233.0.0/16;
143.44.0.0/16;
143.109.0.0/16;
143.200.0.0/16;
143.207.0.0/16;
143.235.0.0/16;
143.236.0.0/16;
144.13.0.0/16;
144.62.0.0/16;
144.89.0.0/16;
147.92.0.0/18;
147.92.240.0/20;
147.124.0.0/16;
148.8.0.0/16;
158.80.0.0/16;
160.32.0.0/16;
161.210.0.0/16;
165.128.0.0/16;
165.206.0.0/16;
192.35.81.0/24;
192.88.242.0/24;
192.122.181.0/24;
192.133.95.0/24;
192.138.137.0/24;
192.149.231.0/24;
192.203.196.0/24;
192.206.48.0/24;
192.227.32.0/19;
192.231.219.0/24;
192.234.16.0/24;
192.236.16.0/21;
192.236.24.0/23;
192.245.252.0/24;
192.245.254.0/24;
192.251.94.0/24;
192.251.163.0/24;
198.40.16.0/20;
198.51.130.0/24;
198.101.32.0/21;
198.101.40.0/21;
198.102.147.0/24;
198.108.20.0/24;
198.108.48.0/23;
198.108.50.0/24;
198.108.80.0/21;
198.108.97.0/24;
198.108.158.0/24;
198.108.176.0/20;
198.108.192.0/24;
198.108.196.0/22;
198.108.208.0/23;
198.108.212.0/23;
198.108.218.0/24;
198.108.228.0/22;
198.108.234.0/24;
198.109.72.0/22;
198.109.208.0/24;
198.109.220.0/22;
198.110.0.0/21;
198.110.11.0/24;
198.110.12.0/22;
198.110.24.0/21;
198.110.72.0/21;
198.110.83.0/24;
198.110.88.0/23;
198.110.92.0/24;
198.110.163.0/24;
198.110.164.0/24;
198.110.168.0/21;
198.110.176.0/21;
198.110.224.0/21;
198.111.36.0/22;
198.111.64.0/21;
198.111.72.0/22;
198.111.76.0/23;
198.111.79.0/24;
198.111.171.0/24;
198.111.176.0/23;
198.111.182.0/24;
198.111.208.0/24;
198.111.214.0/23;
198.133.77.0/24;
198.133.187.0/24;
198.133.188.0/23;
199.197.64.0/18;
199.201.203.0/24;
199.242.176.0/24;
204.8.36.0/22;
204.38.33.0/24;
204.38.36.0/23;
204.38.38.0/24;
204.38.46.0/23;
204.38.128.0/20;
204.38.208.0/20;
204.39.194.0/24;
204.144.106.0/24;
205.221.0.0/16;
205.221.30.0/24;
205.221.206.0/23;
207.28.0.0/16;
207.28.96.0/20;
207.28.112.0/22;
207.28.116.0/23;
207.28.128.0/21;
207.28.136.0/22;
207.28.209.0/24;
207.28.210.0/24;
207.72.2.0/23;
207.72.4.0/23;
207.72.34.0/23;
207.72.36.0/22;
207.72.40.0/23;
207.72.72.0/24;
207.73.64.0/23;
207.73.68.0/23;
207.73.96.0/20;
207.73.116.0/22;
207.73.120.0/21;
207.73.152.0/22;
207.73.156.0/23;
207.73.158.0/24;
207.73.159.0/24;
207.73.160.0/21;
207.73.174.0/23;
207.73.180.0/22;
207.73.184.0/21;
207.73.240.0/21;
207.73.248.0/22;
207.73.252.0/22;
207.74.0.0/24;
207.74.4.0/22;
207.74.8.0/21;
207.74.22.0/23;
207.74.24.0/21;
207.74.24.0/22;
207.74.29.0/24;
207.74.30.0/23;
207.74.104.0/22;
207.74.115.0/24;
207.74.118.0/23;
207.74.138.0/23;
207.74.140.0/22;
207.74.149.0/24;
207.74.168.0/24;
207.74.189.0/24;
207.74.224.0/22;
207.74.232.0/21;
207.75.112.0/24;
207.75.132.0/22;
207.75.136.0/24;
207.75.226.0/23;
207.75.228.0/23;
207.165.0.0/16;
207.165.40.0/21;
207.165.48.0/21;
209.56.0.0/16;
209.56.53.0/24;
209.56.96.0/21;
209.56.144.0/21;
209.56.253.0/24;
216.11.0.0/16;
216.56.0.0/16;
216.159.0.0/17;
216.159.85.0/24;
216.159.128.0/18;
216.159.180.0/24;
216.159.184.0/23;
216.159.192.0/19;
216.159.223.0/24;
}
prefix-list MREN-PARTICIP