Content-type: text/html
Internet2 - Router Configuration
|
|
Last Run: Thu Aug 21 18:36:16 UTC 2008
|
Internet2 - Router Configuration
These are the configurations used on each of the Abilene backbone routers. Certain sections, such as the filters, SNMP, and
user login portions, have been removed for security purposes.
This data is not XML rich, so it is nothing more than a simple list.
seat
## Last commit: 2008-08-19 17:53:09 UTC by wfulk
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name STTLng-re0;
}
}
re1 {
system {
host-name STTLng-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
mtu 9180;
unit <*> {
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name abilene.ucaid.edu;
time-zone UTC;
dump-on-panic;
arp {
aging-timer 240;
}
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 198.32.8.200;
}
129.79.216.162 {
timeout 5;
source-address 198.32.8.200;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
server 64.57.17.70;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: SALT-SEAT OC-192 | I2-SALT-SEAT-O192-03926";
family inet {
address 64.57.28.26/31;
}
family inet6 {
address 2001:468:ff:716::1/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
vlan-tagging;
link-mode full-duplex;
unit 10 {
description "Pacific Northwest Gigapop | AS:101";
vlan-id 10;
family inet {
mtu 9000;
address 64.57.28.53/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:16c2::1/64;
}
}
unit 11 {
description "Pacific Northwest GigaPOP (PNWGP) CPS-IPv6";
vlan-id 11;
family inet6 {
address 2001:468:ffff:16c2::1/64;
}
}
}
ge-0/2/0 {
unit 0 {
description "10GigE reserved for Oregon";
}
}
ge-1/0/0 {
unit 0 {
description "[CPS] Google GigE #1 | Qwest ID OC192-7599106";
family inet {
mtu 1500;
address 74.125.48.178/30;
}
}
}
ge-1/0/1 {
description "[CPS] Seattle Internet Exchange (SIX) | Qwest RR23.04, PNL 4, Port 21&22";
unit 0 {
description "[CPS] Seattle Internet Exchange (SIX)";
family inet {
mtu 1500;
address 198.32.180.67/24;
}
family inet6 {
mtu 1500;
address 2001:0478:0180::67/64;
}
}
}
ge-1/3/0 {
description "[CPS] Google GigE #2 | Qwest ID OC192-7702503";
unit 0 {
family inet {
mtu 1500;
address 74.125.48.226/30;
}
}
}
ge-2/0/0 {
description "STTLng Rack LAN";
vlan-tagging;
unit 11 {
description "STTLng NOC vLAN";
vlan-id 11;
family inet {
filter {
input flow-sample;
}
address 198.32.10.129/28;
}
family iso;
family inet6 {
filter {
output noclan-out6;
}
address 2001:468:16:1::1/64;
}
}
unit 12 {
description "STTLng Measurement vLAN";
vlan-id 12;
family inet {
filter {
input flow-sample;
output nmslan-out;
}
address 198.32.11.129/29;
}
family iso;
family inet6 {
filter {
output nmslan-out6;
}
address 2001:468:16:2::1/64;
}
}
unit 13 {
description "STTLng Observatory vLAN";
vlan-id 13;
family inet {
filter {
input flow-sample;
}
address 198.32.154.233/29;
}
family iso;
family inet6 {
filter {
output nmslan-out6;
}
address 2001:468:16:3::1/64;
}
}
unit 14 {
description "STTL NLANR/AMP vLAN";
vlan-id 14;
family inet {
filter {
input flow-sample;
}
address 198.32.12.145/29;
address 198.32.12.45/30;
}
family iso;
family inet6 {
address 2001:468:16:5::1/64;
}
}
unit 15 {
description "STTLng NMS Secondary Interfaces";
vlan-id 15;
family inet {
filter {
input flow-sample;
output nmslan-out;
}
address 198.32.12.153/29;
}
family iso;
family inet6 {
filter {
output nmslan-out6;
}
address 2001:468:16:6::1/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
ge-2/0/1 {
mtu 9192;
unit 0 {
description "GIGE to NMS1-STTL";
family inet {
mtu 9000;
filter {
input flow-sample;
output nmslan-out;
}
address 198.32.8.189/30;
}
family iso;
family inet6 {
mtu 9000;
filter {
output nmslan-out6;
}
address 2001:468:16:4::1/64;
}
}
}
ge-2/0/2 {
mtu 9192;
unit 0 {
description "GiGE to NMS5";
family inet {
mtu 9000;
filter {
input flow-sample;
output nmslan-out;
}
address 198.32.12.225/30;
}
family iso;
family inet6 {
mtu 9000;
filter {
output nmslan-out6;
}
address 2001:468:16:7::1/64;
}
}
}
ge-2/0/3 {
description "Reserved for PlanetLab";
}
so-2/1/0 {
description "Global Crossing";
no-keepalives;
mtu 9192;
clocking external;
encapsulation frame-relay;
sonet-options {
rfc-2615;
}
unit 16 {
description "[CPS] Global Crossing";
dlci 16;
family inet {
mtu 9000;
address 64.57.29.5/30;
}
}
unit 17 {
description "Global Crossing (IPv6 & Multicast)";
dlci 17;
family inet {
mtu 9000;
address 64.57.29.9/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:8ff::1/64;
}
}
}
ge-3/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "Pacific Wave 10GigE";
vlan-tagging;
mtu 9180;
unit 701 {
description "Pacific Wave Seattle Legacy (1500 MTU)";
vlan-id 701;
family inet {
mtu 1500;
address 198.32.170.43/24;
}
family inet6 {
mtu 1500;
address 2001:468:ff:16c1::1/64;
}
}
unit 706 {
description "Pacific Wave Seattle Local (9K MTU)";
vlan-id 706;
family inet {
mtu 9000;
address 207.231.240.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:B:10::8/64;
}
}
unit 707 {
description "Pacific Wave Seattle Local (1500 MTU)";
vlan-id 707;
family inet {
mtu 1500;
address 207.231.242.8/25;
}
family inet6 {
mtu 1500;
address 2001:504:B:11::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 776 {
description "Pacific Wave Seattle-LA intersite (9k MTU)";
vlan-id 776;
family inet {
mtu 9000;
address 207.231.241.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:B:80::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 777 {
description "Pacific Wave Seattle-LA intersite (1500k MTU)";
vlan-id 777;
family inet {
mtu 1500;
address 207.231.243.8/24;
}
family inet6 {
mtu 1500;
address 2001:504:B:81::8/64;
}
}
unit 778 {
description "Pacific Wave Seattle-Sunnyvale intersite";
vlan-id 778;
family inet {
mtu 9000;
address 207.231.245.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:b:88::8/64;
}
}
unit 1020 {
description "CENIC via LAX-DC | AS2153";
vlan-id 1020;
family inet {
mtu 9000;
address 137.164.26.129/31;
}
family inet6 {
mtu 9000;
address 2001:468:E00:FC0::2/64;
}
}
unit 1022 {
description "CENIC via LAX-DC CPS IPv6 [NO-MONITOR]";
vlan-id 1022;
family inet6 {
address 2607:F380::1:89a4:1a89/127;
}
}
}
ge-3/2/0 {
description "was HOPI Seattle Force10 - available";
vlan-tagging;
mtu 9192;
encapsulation vlan-ccc;
unit 444 {
description "HOPI PC1 to Abilene Vlan";
vlan-id 444;
family inet {
mtu 9000;
address 198.32.13.13/30;
}
family iso;
}
unit 620 {
encapsulation vlan-ccc;
vlan-id 620;
family ccc;
}
unit 621 {
encapsulation vlan-ccc;
vlan-id 621;
family ccc;
}
inactive: unit 666 {
disable;
description "BACKBONE: 10GigE to Chicago via HOPI (BACKUP)";
vlan-id 666;
family inet {
mtu 9000;
address 198.32.8.5/31;
}
family iso;
}
}
so-3/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SEAT OC-192 | I2-LOSA-SEAT-O192-03924";
family inet {
address 64.57.28.39/31;
}
family inet6 {
address 2001:468:ff:0516::1/64;
}
family mpls {
mtu 9180;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
inactive: fxp0 {
description "Mgmt Ethernet to Racklan fa0/18";
disable;
unit 0 {
family inet {
address 198.32.10.137/28;
}
}
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.200/32 {
preferred;
}
address 198.32.8.238/32;
}
family iso {
address 49.0000.0000.0000.0022.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:16::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.9.200/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff08::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 198.32.11.131 {
port 4200;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1600::/56;
route 2001:468:0016::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 67.17.81.229/32 next-hop 64.57.29.10;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 198.32.8.200;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface ge-2/0/0.12 {
version 2;
}
interface ge-1/0/1.0 {
disable;
}
}
mld {
interface all;
}
router-advertisement {
interface ge-2/0/0.11 {
no-other-stateful-configuration;
prefix 2001:468:16:1::1/64;
}
interface ge-2/0/0.12 {
no-other-stateful-configuration;
prefix 2001:468:16:2::1/64;
}
interface ge-2/0/0.13 {
no-other-stateful-configuration;
prefix 2001:468:16:3::1/64;
}
interface ge-2/0/1.0 {
no-other-stateful-configuration;
prefix 2001:468:16:4::1/64;
}
interface ge-2/0/0.15 {
no-other-stateful-configuration;
prefix 2001:468:16:6::1/64;
}
interface ge-2/0/0.14 {
no-other-stateful-configuration;
prefix 2001:468:16:5::1/64;
}
interface ge-2/0/2.0 {
no-other-stateful-configuration;
prefix 2001:468:16:7::1/64;
}
}
rsvp {
/* BACKBONE to DNVR-Qwest */
interface so-0/2/0.0;
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface so-3/3/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path STTL->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path STTL->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path STTL->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path STTL->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path HOPI-VLAN-620-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path STTL->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path STTL->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path HOPI-VLAN-621-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path STTL->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path STTL->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to DNVR-Qwest */
interface so-0/2/0.0;
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface so-3/3/0.0;
}
bgp {
log-updown;
group ABILENE {
type internal;
local-address 198.32.8.200;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group ABILENE6 {
type internal;
local-address 2001:468:16::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
multipath;
inactive: neighbor 209.124.179.1 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
neighbor 137.164.26.128 {
description "CENIC via LAX-DC";
import [ SANITY-IN CUDI-PREF SET-PREF CALREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 2153;
}
neighbor 207.231.240.7 {
description "Microsoft via Pac Wave vlan706";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 207.231.241.7 {
description "Microsoft via Pac Wave vlan776";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 64.57.28.54 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
multipath;
neighbor 2001:468:ff:16c2::2 {
description "Pacific Northwest Gigapop";
import [ SANITY6 SET-PREF PNWG-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 101;
}
neighbor 2001:468:E00:FC0::1 {
description "CENIC via LAX-DC";
import [ SANITY6 SET-PREF CALREN-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 2153;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 207.231.245.131 {
description "NREN AS24";
hold-time 30;
Authentication Data Removed
peer-as 24;
}
neighbor 207.231.240.9 {
description "DREN- AS668 Vlan706 [NO-MONITOR]";
Authentication Data Removed
peer-as 668;
}
neighbor 207.231.240.13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:504:b:88::131 {
description "NREN AS24";
Authentication Data Removed
peer-as 24;
}
neighbor 2001:504:B:10::9 {
description "DREN AS668";
Authentication Data Removed
peer-as 668;
}
neighbor 2001:504:B:10::13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.57.29.10 {
description "Global Crossing";
Authentication Data Removed
peer-as 3549;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER AARNET-V6-IN ];
Authentication Data Removed
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 AARNET-V6-OUT ];
peer-as 7575;
}
neighbor 2001:468:ff:8ff::2 {
description "Global Crossing";
Authentication Data Removed
peer-as 3549;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
inactive: neighbor 198.32.170.47 {
description "National Univ of Singapore via PacWave";
Authentication Data Removed
peer-as 7610;
}
/* TANET2 and ASNET back each other up */
inactive: neighbor 198.32.170.34 {
description "TANET2 via Pacific Wave";
Authentication Data Removed
peer-as 7539;
}
neighbor 207.231.240.3 {
description "CA*Net4 via PacWave 9K MTU: VLAN706";
Authentication Data Removed
peer-as 6509;
}
neighbor 207.231.240.4 {
description "AARNet T320 via Pacific Wave";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.10 {
description "GEMnet 9K-MTU via Pacific Wave";
Authentication Data Removed
peer-as 23796;
}
neighbor 207.231.241.136 {
description "TransPAC2 Los Angeles via PacWave (Secondary Backup)";
peer-as 22388;
}
neighbor 207.231.240.18 {
description "REANNZ via Pacific Wave [NO-MONITOR]";
peer-as 38018;
}
neighbor 207.231.240.2 {
description "AARNet M120 via Pacific Wave 9K [NO-MONITOR]";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.6 {
description "KREONET2 via Pacific Wave Vlan706";
Authentication Data Removed
peer-as 17579;
}
neighbor 207.231.241.149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
inactive: neighbor 2001:468:ff:16c1::4 {
description "TANET2 IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:16c1::5 {
description "GEMNET IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 4697;
}
inactive: neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
inactive: neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:b:10::18 {
description "REANNZ IPV6 | [NO-MONITOR]";
peer-as 38018;
}
neighbor 2001:504:b:10::3 {
description "CA*net via Pacific Wave vlan706 [NO-MONITOR]";
family inet6 {
any;
}
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:504:b:10::6 {
description "KREOnet2 IPv6 via Pacific Wave via Vlan706";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 17579;
}
neighbor 2001:504:b:81::149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
Authentication Data Removed
peer-as 7575;
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 198.32.12.155 {
description "NMS3-STTL Zebra BGPd";
local-address 198.32.12.153;
family inet {
unicast;
}
cluster 198.32.12.153;
}
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR] ";
local-address 198.32.8.200;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 198.32.8.200;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 198.32.8.200;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:16::1;
family inet6 {
unicast;
}
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* OC192 to SALT */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 913;
}
/* NOC Rack Lan */
interface ge-2/0/0.11 {
level 1 disable;
level 2 passive;
}
/* NMS Rack Lan */
interface ge-2/0/0.12 {
level 1 disable;
level 2 passive;
}
/* OBS Rack Lan */
interface ge-2/0/0.13 {
level 1 disable;
level 2 passive;
}
/* NLANR/AMP */
interface ge-2/0/0.14 {
level 1 disable;
level 2 passive;
}
/* NMS Secondary Interfaces */
interface ge-2/0/0.15 {
level 1 disable;
}
interface ge-2/0/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* GIG to NMS1 */
interface ge-2/0/1.0 {
level 1 disable;
level 2 passive;
}
/* GigE to NMS5 */
interface ge-2/0/2.0 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.4044 {
level 1 disable;
level 2 passive;
}
interface ge-3/2/0.444 {
level 1 disable;
level 2 passive;
}
/* 10GigE to Chicago via HOPI */
interface ge-3/2/0.666 {
level 1 disable;
level 2 metric 20000;
}
/* BACKBONE to LOSA */
interface so-3/3/0.0 {
level 1 disable;
level 2 metric 1342;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group ABILENE {
mode mesh-group;
local-address 198.32.8.200;
/* HSTNng */
peer 198.32.8.195;
/* KSCYng */
peer 198.32.8.197;
/* LOSAng */
peer 198.32.8.198;
/* SNVAng */
peer 198.32.8.201;
/* ATLAng-m5 */
peer 198.32.8.203;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* CENIC Los Angeles Backup */
peer 137.164.24.2 {
local-address 137.164.24.3;
}
/* Pacific Northwest Gigapop */
inactive: peer 209.124.179.1 {
local-address 209.124.179.2;
}
/* CENIC via LAX-DC */
peer 137.164.26.128 {
local-address 137.164.26.129;
}
/* PNWGP (new) */
peer 64.57.28.54 {
local-address 64.57.28.53;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* DREN - AS668, loopback to loopback */
peer 138.18.12.237 {
local-address 198.32.8.200;
}
/* NREN AS24 via directly connected int */
peer 207.231.245.131 {
local-address 207.231.245.8;
}
peer 134.55.3.6 {
local-address 207.231.240.8;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
local-address 198.32.170.43;
inactive: traceoptions {
file jrd files 10;
flag all detail;
}
/* CA*NET */
peer 198.32.170.44 {
local-address 198.32.170.43;
}
/* TANET2 */
peer 198.32.170.34 {
local-address 198.32.170.43;
}
/* National Univ of Singapore */
peer 202.3.135.252 {
local-address 198.32.170.43;
}
/* KREOnet2 [NO-MONITOR] */
peer 198.32.170.33 {
local-address 198.32.170.43;
}
/* CA*NET via 9K VLAN */
peer 207.231.240.3 {
local-address 207.231.240.8;
}
/* GEMnet 9K */
peer 207.231.240.10 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.193 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.194 {
local-address 207.231.240.8;
}
/* KREOnet2 Vlan706 */
peer 207.231.240.6 {
local-address 207.231.240.8;
}
/* AARNET lax-b-bb1 */
peer 207.231.241.149 {
local-address 207.231.241.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.2 {
local-address 207.231.240.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.4 {
local-address 207.231.240.8;
}
}
group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing */
peer 67.17.81.229 {
local-address 64.57.29.9;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
connections {
remote-interface-switch HOPI-VLAN-620 {
interface ge-3/2/0.620;
transmit-lsp HOPI-VLAN-620-SEAT-to-LOSA;
receive-lsp HOPI-VLAN-620-LOSA-to-SEAT;
}
remote-interface-switch HOPI-VLAN-621 {
interface ge-3/2/0.621;
transmit-lsp HOPI-VLAN-621-SEAT-to-LOSA;
receive-lsp HOPI-VLAN-621-LOSA-to-SEAT;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* snmp.grnoc.iu.edu -- SNMP Data Collection */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list HAWAII-PARTICIPANT {
128.171.0.0/16;
132.160.0.0/16;
/* NOAA */
140.90.183.0/24;
/* NOAA */
140.90.184.0/24;
/* NOAA */
140.90.201.0/24;
166.122.0.0/16;
168.105.0.0/16;
205.166.204.0/23;
}
prefix-list HAWAII-SPONSORED {
74.214.64.0/19;
216.228.240.0/20;
}
prefix-list HAWAII-SEGP {
165.248.0.0/16;
208.65.120.0/22;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list PACIFICNORTHWESTGP-PARTICIPANTS6 {
2001:1860::/34;
2001:1860:4000::/34;
2001:1860:8000::/34;
2001:1860:c000::/34;
2607:f278::/32;
2610:10::/32;
}
prefix-list CENIC-PARTICIPANT6;
policy-statement AARNET-ITN-IN {
term hawaii-participant {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then next policy;
}
term hawaii-segp {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SEGP;
next policy;
}
}
term hawaii-sponsored {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement AARNET-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term allow-inet6.2 {
from protocol bgp;
to rib inet6.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement AARNET-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
term accept {
from {
protocol bgp;
rib inet6.2;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement BLOCK-FACEBOOK {
term block {
from {
route-filter 69.63.176.0/20 exact;
}
then reject;
}
term not-facebook {
then next policy;
}
}
/* Calren backup peering. Be sure to add any prefixes to LA prefix list, too! */
policy-statement CALREN-IN {
term participant {
from {
route-filter 36.0.0.0/8 orlonger;
route-filter 44.0.0.0/8 orlonger;
route-filter 63.202.49.0/24 orlonger;
route-filter 63.207.252.0/22 orlonger;
route-filter 64.54.0.0/16 orlonger;
route-filter 128.9.0.0/16 orlonger;
route-filter 128.12.0.0/16 orlonger;
route-filter 128.32.0.0/16 orlonger;
route-filter 128.48.0.0/16 orlonger;
route-filter 128.54.0.0/16 orlonger;
route-filter 128.97.0.0/16 orlonger;
route-filter 128.111.0.0/16 orlonger;
route-filter 128.114.0.0/16 orlonger;
route-filter 128.120.0.0/16 orlonger;
route-filter 128.125.0.0/16 orlonger;
route-filter 128.149.0.0/16 orlonger;
route-filter 128.195.0.0/16 orlonger;
route-filter 128.200.0.0/16 orlonger;
route-filter 128.218.0.0/16 orlonger;
route-filter 130.237.14.0/23 orlonger;
route-filter 131.179.0.0/16 orlonger;
route-filter 131.215.0.0/16 orlonger;
route-filter 131.216.0.0/16 orlonger;
route-filter 132.239.0.0/16 orlonger;
route-filter 132.249.0.0/16 orlonger;
route-filter 134.4.0.0/16 orlonger;
route-filter 134.79.0.0/16 orlonger;
route-filter 134.154.0.0/16 orlonger;
route-filter 134.197.0.0/16 orlonger;
route-filter 136.152.0.0/16 orlonger;
route-filter 137.78.0.0/16 orlonger;
route-filter 137.79.0.0/16 orlonger;
route-filter 137.110.0.0/16 orlonger;
route-filter 137.131.0.0/16 orlonger;
route-filter 137.228.0.0/16 orlonger;
route-filter 138.23.0.0/16 orlonger;
route-filter 140.148.0.0/16 orlonger;
route-filter 140.173.0.0/16 orlonger;
route-filter 149.142.0.0/16 orlonger;
route-filter 152.79.0.0/16 orlonger;
route-filter 153.105.0.0/16 orlonger;
route-filter 160.87.0.0/16 orlonger;
route-filter 164.67.0.0/16 orlonger;
route-filter 165.157.0.0/16 orlonger;
route-filter 169.228.64.0/21 orlonger;
route-filter 169.228.128.0/19 orlonger;
route-filter 169.228.160.0/20 orlonger;
route-filter 169.229.0.0/16 orlonger;
route-filter 169.230.0.0/16 orlonger;
/* University of California OOP */
route-filter 169.231.0.0/16 orlonger;
route-filter 169.232.0.0/16 orlonger;
route-filter 169.233.0.0/16 orlonger;
route-filter 169.237.0.0/16 orlonger;
route-filter 170.91.128.0/18 orlonger;
route-filter 171.64.0.0/14 orlonger;
route-filter 192.5.10.0/24 orlonger;
/* UC-Irvine */
route-filter 192.5.19.0/24 orlonger;
route-filter 192.12.19.0/24 orlonger;
route-filter 192.12.207.0/24 orlonger;
route-filter 192.12.234.0/24 orlonger;
route-filter 192.17.47.0/24 orlonger;
/* Next 14 are from SDSC */
route-filter 192.26.250.0/23 orlonger;
route-filter 192.26.251.0/24 orlonger;
route-filter 192.26.252.0/23 orlonger;
route-filter 192.26.254.0/24 orlonger;
route-filter 192.31.21.0/24 orlonger;
route-filter 192.31.43.0/24 orlonger;
route-filter 192.31.95.0/24 orlonger;
route-filter 192.31.105.0/24 orlonger;
route-filter 192.31.146.0/24 orlonger;
route-filter 192.31.153.0/24 orlonger;
route-filter 192.31.161.0/24 orlonger;
route-filter 192.35.209.0/24 orlonger;
route-filter 192.35.210.0/24 orlonger;
route-filter 192.35.212.0/23 orlonger;
route-filter 192.35.214.0/24 orlonger;
route-filter 192.35.215.0/24 orlonger;
route-filter 192.35.221.0/26 orlonger;
route-filter 192.41.208.0/24 orlonger;
route-filter 192.42.82.0/24 orlonger;
route-filter 192.58.221.0/24 orlonger;
route-filter 192.65.200.0/24 orlonger;
route-filter 192.67.20.0/24 orlonger;
route-filter 192.67.21.0/24 orlonger;
route-filter 192.67.81.0/24 orlonger;
route-filter 192.67.82.0/24 orlonger;
route-filter 192.84.86.0/24 orlonger;
route-filter 192.100.172.0/24 orlonger;
route-filter 192.101.37.0/24 orlonger;
route-filter 192.101.42.0/24 orlonger;
route-filter 192.107.102.0/24 orlonger;
route-filter 192.107.192.0/24 orlonger;
route-filter 192.135.237.0/24 orlonger;
route-filter 192.135.238.0/24 orlonger;
route-filter 192.138.85.0/24 orlonger;
route-filter 192.150.186.0/23 orlonger;
route-filter 192.150.216.0/24 orlonger;
/* UC Santa Barbara */
route-filter 192.150.216.0/23 orlonger;
/* UC Berkely */
route-filter 192.154.6.0/24 orlonger;
route-filter 192.159.138.0/24 orlonger;
route-filter 192.159.141.0/24 orlonger;
route-filter 192.172.226.0/24 orlonger;
route-filter 192.251.158.0/24 orlonger;
route-filter 198.17.46.0/23 orlonger;
route-filter 198.17.47.0/24 orlonger;
route-filter 198.17.101.0/24 orlonger;
route-filter 198.32.16.0/24 orlonger;
route-filter 198.32.248.0/24 orlonger;
route-filter 198.32.249.0/24 orlonger;
route-filter 198.51.111.0/24 orlonger;
route-filter 198.94.52.0/24 orlonger;
route-filter 198.133.185.0/24 orlonger;
route-filter 198.134.135.0/24 orlonger;
route-filter 198.147.151.0/24 orlonger;
route-filter 198.148.64.0/21 orlonger;
route-filter 198.148.72.0/22 orlonger;
route-filter 198.183.128.0/22 orlonger;
route-filter 198.186.182.0/24 orlonger;
route-filter 198.187.221.0/24 orlonger;
route-filter 198.187.222.0/24 orlonger;
route-filter 198.202.64.0/18 orlonger;
route-filter 198.202.126.0/23 orlonger;
route-filter 199.105.0.0/18 orlonger;
route-filter 199.120.153.0/24 orlonger;
route-filter 199.164.237.0/24 orlonger;
route-filter 199.165.16.0/24 orlonger;
route-filter 199.165.17.0/24 orlonger;
route-filter 199.165.19.0/24 orlonger;
route-filter 199.233.182.0/24 orlonger;
route-filter 200.23.5.0/24 orlonger;
route-filter 204.48.128.0/17 orlonger;
route-filter 204.57.0.0/21 orlonger;
route-filter 204.88.128.0/19 orlonger;
route-filter 204.115.168.0/21 orlonger;
route-filter 204.118.32.0/24 orlonger;
route-filter 204.128.156.0/24 orlonger;
route-filter 204.250.96.0/20 orlonger;
route-filter 205.143.88.0/21 orlonger;
/* Palomar College */
route-filter 205.153.156.0/24 orlonger;
/* Palomar College */
route-filter 205.153.157.0/24 orlonger;
/* Palomar College */
route-filter 205.153.158.0/24 orlonger;
/* Palomar College */
route-filter 205.153.159.0/24 orlonger;
route-filter 205.159.27.0/24 orlonger;
route-filter 205.167.46.0/23 orlonger;
route-filter 205.173.40.0/21 orlonger;
route-filter 205.174.240.0/20 orlonger;
route-filter 206.78.128.0/19 orlonger;
route-filter 206.78.144.0/21 orlonger;
route-filter 206.78.232.0/22 orlonger;
route-filter 206.194.0.0/18 orlonger;
route-filter 206.197.121.0/24 orlonger;
route-filter 206.213.128.0/18 orlonger;
route-filter 207.31.0.0/18 orlonger;
route-filter 207.31.128.0/17 orlonger;
route-filter 207.197.0.0/18 orlonger;
route-filter 207.197.64.0/18 orlonger;
route-filter 208.1.64.0/19 orlonger;
route-filter 209.68.128.0/19 orlonger;
route-filter 137.164.0.0/16 orlonger;
route-filter 198.32.251.0/24 orlonger;
/* Claremont colleges */
route-filter 134.173.0.0/16 orlonger;
/* ASU */
route-filter 129.219.0.0/16 orlonger;
/* ASU */
route-filter 149.169.0.0/16 orlonger;
/* Univ or Arizona */
route-filter 208.68.28.0/22 orlonger;
/* University of San Francisco */
route-filter 138.202.0.0/16 orlonger;
/* UCSD */
route-filter 169.228.0.0/16 orlonger;
/* University of Arizona Maricopa Agricultural Center */
route-filter 198.151.212.0/24 orlonger;
route-filter 204.27.250.0/24 orlonger;
/* UCSD */
route-filter 67.58.32.0/19 upto /24;
route-filter 208.75.160.0/21 orlonger;
/* UC Irvine */
route-filter 169.234.0.0/16 orlonger;
route-filter 192.154.2.0/24 orlonger;
route-filter 192.35.225.0/24 orlonger;
}
then next policy;
}
term UArizona-backup {
from {
route-filter 128.196.0.0/16 orlonger;
route-filter 150.135.0.0/16 orlonger;
route-filter 192.12.69.0/24 orlonger;
route-filter 192.80.43.0/24 orlonger;
route-filter 206.207.42.0/24 orlonger;
}
then next policy;
}
term corporate {
from {
/* Hewlett Packard Palo Alto Labs */
route-filter 192.6.26.0/24 orlonger;
route-filter 192.101.37.0/24 orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
route-filter 199.111.161.0/24 orlonger;
route-filter 204.107.152.0/24 orlonger;
/* The Research Libraries Group */
route-filter 204.152.100.0/22 orlonger;
route-filter 209.242.165.0/24 orlonger;
route-filter 209.242.165.32/27 orlonger;
route-filter 209.242.165.128/25 orlonger;
route-filter 209.242.166.0/24 orlonger;
route-filter 209.242.166.160/27 orlonger;
/* ADEC Distance Education Sites */
route-filter 216.230.176.0/20 orlonger;
/* Northern Arizona Univ, nau.ed */
route-filter 134.114.0.0/16 orlonger;
/* Internet Archive */
route-filter 207.241.224.0/20 orlonger;
/* The Internet Archive */
route-filter 208.70.24.0/21 orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term UArizona-backup-sponsored {
from {
route-filter 140.252.0.0/16 orlonger;
route-filter 192.33.140.0/23 orlonger;
route-filter 199.104.148.0/22 orlonger;
route-filter 199.104.152.0/21 orlonger;
route-filter 206.197.219.0/24 orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
route-filter 63.199.32.0/21 orlonger;
route-filter 64.39.112.0/20 orlonger;
route-filter 129.8.0.0/16 orlonger;
route-filter 129.65.0.0/16 orlonger;
route-filter 130.17.0.0/16 orlonger;
route-filter 130.65.0.0/16 orlonger;
route-filter 130.86.0.0/16 orlonger;
route-filter 130.150.0.0/16 orlonger;
route-filter 130.157.0.0/16 orlonger;
route-filter 130.166.0.0/16 orlonger;
route-filter 130.182.0.0/16 orlonger;
route-filter 130.191.0.0/16 orlonger;
route-filter 130.212.0.0/16 orlonger;
route-filter 132.241.0.0/16 orlonger;
route-filter 134.71.0.0/16 orlonger;
route-filter 134.139.0.0/16 orlonger;
route-filter 134.154.0.0/16 orlonger;
route-filter 136.168.0.0/16 orlonger;
route-filter 137.145.0.0/16 orlonger;
route-filter 137.150.0.0/16 orlonger;
route-filter 137.151.0.0/16 orlonger;
route-filter 139.182.0.0/16 orlonger;
route-filter 140.144.0.0/16 orlonger;
route-filter 144.37.0.0/16 orlonger;
route-filter 146.244.0.0/16 orlonger;
route-filter 147.144.0.0/16 orlonger;
route-filter 153.18.0.0/16 orlonger;
route-filter 155.135.0.0/16 orlonger;
route-filter 156.1.0.0/16 orlonger;
route-filter 157.233.0.0/16 orlonger;
route-filter 159.115.0.0/16 orlonger;
route-filter 160.227.0.0/16 orlonger;
route-filter 163.150.0.0/16 orlonger;
route-filter 165.196.0.0/16 orlonger;
route-filter 169.199.0.0/16 orlonger;
route-filter 169.236.0.0/16 orlonger;
route-filter 192.30.115.0/24 orlonger;
route-filter 192.78.182.0/24 orlonger;
route-filter 192.86.78.0/24 orlonger;
route-filter 192.103.56.0/24 orlonger;
route-filter 192.104.166.0/24 orlonger;
route-filter 192.111.213.0/24 orlonger;
route-filter 192.138.184.0/24 orlonger;
route-filter 192.189.45.0/24 orlonger;
route-filter 192.189.46.0/24 orlonger;
route-filter 192.189.47.0/24 orlonger;
route-filter 192.189.48.0/24 orlonger;
route-filter 192.190.38.0/24 orlonger;
route-filter 192.190.45.0/24 orlonger;
route-filter 192.195.41.0/24 orlonger;
route-filter 192.207.184.0/24 orlonger;
route-filter 198.49.104.0/24 orlonger;
route-filter 198.62.142.0/24 orlonger;
route-filter 198.102.103.0/24 orlonger;
route-filter 198.133.204.0/24 orlonger;
route-filter 198.137.147.0/24 orlonger;
route-filter 198.137.151.0/24 orlonger;
route-filter 198.137.152.0/24 orlonger;
route-filter 198.137.152.0/23 orlonger;
route-filter 198.137.153.0/24 orlonger;
route-filter 198.137.224.0/24 orlonger;
route-filter 198.175.250.0/24 orlonger;
route-filter 198.181.223.0/24 orlonger;
route-filter 198.181.224.0/23 orlonger;
route-filter 198.181.226.0/24 orlonger;
route-filter 198.188.0.0/16 orlonger;
route-filter 198.189.0.0/16 orlonger;
route-filter 198.202.144.0/24 orlonger;
route-filter 198.202.145.0/24 orlonger;
route-filter 198.207.153.0/24 orlonger;
route-filter 198.207.154.0/24 orlonger;
route-filter 198.207.155.0/24 orlonger;
route-filter 198.207.156.0/24 orlonger;
route-filter 199.88.104.0/23 orlonger;
route-filter 199.230.32.0/20 orlonger;
route-filter 199.230.48.0/22 orlonger;
route-filter 199.245.155.0/24 orlonger;
route-filter 199.253.32.0/20 orlonger;
route-filter 199.253.48.0/21 orlonger;
route-filter 204.17.179.0/24 orlonger;
route-filter 204.17.189.0/24 orlonger;
route-filter 204.62.200.0/24 orlonger;
route-filter 204.69.0.0/21 orlonger;
route-filter 204.75.249.0/24 orlonger;
route-filter 204.75.250.0/24 orlonger;
route-filter 204.75.251.0/24 orlonger;
route-filter 204.75.252.0/24 orlonger;
route-filter 204.75.253.0/24 orlonger;
route-filter 204.75.254.0/24 orlonger;
route-filter 204.75.255.0/24 orlonger;
route-filter 204.100.64.0/18 orlonger;
route-filter 204.100.128.0/17 orlonger;
route-filter 204.102.0.0/16 orlonger;
route-filter 204.102.78.0/24 orlonger;
route-filter 204.129.0.0/16 orlonger;
route-filter 204.147.16.0/20 orlonger;
route-filter 204.155.0.0/20 orlonger;
route-filter 204.238.95.0/24 orlonger;
route-filter 204.238.101.0/24 orlonger;
route-filter 205.154.0.0/16 orlonger;
route-filter 205.154.240.0/23 orlonger;
route-filter 205.154.241.0/24 orlonger;
route-filter 205.154.242.0/24 orlonger;
route-filter 205.155.0.0/16 orlonger;
route-filter 205.174.208.0/20 orlonger;
route-filter 206.15.224.0/19 orlonger;
route-filter 206.78.0.0/19 orlonger;
route-filter 206.78.64.0/19 orlonger;
route-filter 206.78.96.0/20 orlonger;
route-filter 206.78.128.0/20 orlonger;
route-filter 206.78.144.0/22 orlonger;
route-filter 206.78.148.0/23 orlonger;
route-filter 206.78.151.0/24 orlonger;
route-filter 206.78.153.0/24 orlonger;
route-filter 206.78.154.0/23 orlonger;
route-filter 206.78.156.0/22 orlonger;
route-filter 206.78.160.0/19 orlonger;
route-filter 206.78.224.0/20 orlonger;
route-filter 206.78.240.0/20 orlonger;
/* Los Nettos */
route-filter 206.117.0.0/16 orlonger;
route-filter 206.201.240.0/20 orlonger;
route-filter 206.211.32.0/19 orlonger;
route-filter 206.227.0.0/18 orlonger;
/* United Layer/San Francisco Exploratorium */
route-filter 207.7.139.0/24 orlonger;
/* United Layer/San Francisco Exploratorium */
route-filter 207.7.144.0/24 orlonger;
route-filter 207.21.33.0/24 orlonger;
route-filter 207.21.34.0/24 orlonger;
route-filter 207.31.128.0/18 orlonger;
route-filter 207.62.0.0/16 orlonger;
route-filter 207.99.128.0/18 orlonger;
route-filter 207.157.128.0/17 orlonger;
route-filter 207.166.0.0/18 orlonger;
route-filter 207.212.206.0/23 orlonger;
route-filter 207.233.0.0/17 orlonger;
route-filter 209.66.192.0/19 orlonger;
route-filter 209.79.64.0/19 orlonger;
route-filter 209.79.154.0/23 orlonger;
route-filter 209.79.156.0/23 orlonger;
route-filter 209.129.0.0/16 orlonger;
route-filter 209.129.38.0/23 orlonger;
route-filter 209.129.40.0/22 orlonger;
route-filter 209.129.44.0/23 orlonger;
route-filter 209.132.144.0/24 orlonger;
route-filter 209.147.0.0/18 orlonger;
route-filter 209.188.128.0/17 orlonger;
route-filter 209.232.36.0/22 orlonger;
route-filter 209.232.144.0/20 orlonger;
route-filter 216.100.88.0/21 orlonger;
route-filter 216.102.12.0/22 orlonger;
route-filter 216.102.72.0/21 orlonger;
route-filter 216.102.80.0/22 orlonger;
/* Fresno County Office of Education */
route-filter 206.78.32.0/19 orlonger;
/* Kings County Office of Education */
route-filter 206.78.192.0/19 orlonger;
/* Los Angeles County Office of Education */
route-filter 156.3.0.0/16 orlonger;
/* 4CNET */
route-filter 192.195.153.0/24 orlonger;
/* 4CNET */
route-filter 192.195.154.0/23 orlonger;
/* 4CNET */
route-filter 192.55.87.0/24 orlonger;
/* 4CNET */
route-filter 208.71.24.0/22 orlonger;
/* CENIC SEGP */
route-filter 134.89.0.0/16 orlonger;
route-filter 138.202.0.0/16 orlonger;
route-filter 76.78.96.0/19 orlonger;
route-filter 137.159.0.0/16 orlonger;
route-filter 137.159.192.0/18 orlonger;
/* 4CNET */
route-filter 63.247.0.0/19 orlonger;
route-filter 143.254.0.0/16 orlonger;
route-filter 199.88.112.0/24 orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_sponsored {
from {
/* AS112 Project advertisement */
route-filter 192.175.48.0/24 exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement CALREN-IN6 {
term accept {
from {
family inet6;
route-filter 2001:448:3::/48 exact;
route-filter 2001:468:0e00::/40 upto /48;
/* Nicaragua via CENIC */
route-filter 2800:10:16::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:11::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:10::/48 exact;
/* SDSC */
route-filter 2001:48d0::/32 exact;
/* Allow SDSC more specific, but tagged with no-export */
route-filter 2001:48d0::/32 prefix-length-range /33-/35 {
community add NO-EXPORT;
}
/* UC Berkeley via CENIC */
route-filter 2607:F140::/32 exact;
/* UCLA via CENIC */
route-filter 2607:f010::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS11274-OUT {
term match {
from community CPS-AS11274-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11404-OUT {
term match {
from community CPS-AS11404-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS12111-OUT {
term match {
from community CPS-AS12111-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13680-OUT {
term match {
from community CPS-AS13680-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term match {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19029-OUT {
term match {
from community CPS-AS19029-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS21947-OUT {
term match {
from community CPS-AS21947-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS23260-OUT {
term match {
from community CPS-AS23260-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS23504-OUT {
term match {
from community CPS-AS23504-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS25973-OUT {
term match {
from community CPS-AS25973-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27008-OUT {
term match {
from community CPS-AS27008-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27345-OUT {
term match {
from community CPS-AS27345-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term match {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36824-OUT {
term match {
from community CPS-AS36824-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term match {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term match {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6456-OUT {
term match {
from community CPS-AS6456-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6539-OUT {
term match {
from community CPS-AS6539-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS7228-OUT {
term match {
from community CPS-AS7228-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8047-OUT {
term match {
from community CPS-AS8047-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CENIC-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter CENIC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PNWG-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter PACIFICNORTHWESTGP-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CUDI-PREF {
term pref {
from {
protocol bgp;
as-path CUDI;
}
to rib inet.2;
then {
local-preference subtract 101;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FROM-MICROSOFT {
term block-commercial-asns {
from {
as-path [ COMMERCIAL PRIVATE ];
family inet;
}
then reject;
}
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
term allow-v4-unicast {
from {
family inet;
route-filter 64.4.0.0/18 upto /28;
route-filter 64.41.193.0/24 upto /28;
route-filter 65.52.0.0/15 upto /28;
route-filter 65.52.0.0/14 upto /28;
route-filter 65.54.96.0/20 upto /28;
route-filter 65.54.112.0/20 upto /28;
route-filter 65.54.128.0/19 upto /28;
route-filter 65.54.160.0/19 upto /28;
route-filter 65.54.192.0/19 upto /28;
route-filter 65.54.224.0/19 upto /28;
route-filter 65.55.0.0/16 upto /28;
route-filter 65.59.232.0/24 upto /28;
route-filter 65.59.233.0/24 upto /28;
route-filter 65.59.234.0/24 upto /28;
route-filter 131.107.0.0/16 upto /28;
route-filter 157.54.0.0/15 upto /28;
route-filter 157.56.0.0/14 upto /28;
route-filter 157.60.0.0/16 upto /28;
route-filter 167.220.0.0/16 upto /28;
route-filter 199.2.137.0/24 upto /28;
route-filter 199.103.90.0/23 upto /28;
route-filter 204.79.135.0/24 upto /28;
route-filter 204.79.188.0/24 upto /28;
route-filter 204.79.252.0/24 upto /28;
route-filter 204.95.96.0/20 upto /28;
route-filter 204.182.144.0/24 upto /28;
route-filter 204.255.244.0/23 upto /28;
route-filter 205.248.96.0/19 upto /28;
route-filter 206.138.168.0/21 upto /28;
route-filter 207.46.0.0/16 upto /28;
route-filter 207.46.32.0/20 upto /28;
route-filter 207.46.96.0/20 upto /28;
route-filter 207.46.96.0/19 upto /28;
route-filter 207.46.128.0/18 upto /28;
route-filter 207.46.192.0/18 upto /28;
route-filter 207.68.128.0/18 upto /28;
route-filter 207.68.160.0/19 upto /28;
route-filter 207.68.167.0/24 upto /28;
route-filter 207.82.250.0/23 upto /28;
route-filter 207.82.252.0/23 upto /28;
route-filter 209.1.15.0/24 upto /28;
route-filter 209.1.112.0/24 upto /28;
route-filter 209.1.113.0/24 upto /28;
route-filter 209.185.128.0/24 upto /28;
route-filter 209.185.129.0/24 upto /28;
route-filter 209.185.130.0/23 upto /28;
route-filter 209.185.240.0/22 upto /28;
route-filter 209.240.192.0/19 upto /28;
route-filter 209.240.204.0/22 upto /28;
route-filter 209.240.211.0/24 upto /28;
route-filter 216.32.180.0/22 upto /28;
route-filter 216.32.240.0/22 upto /28;
route-filter 216.33.148.0/22 upto /28;
route-filter 216.33.151.0/24 upto /28;
route-filter 216.33.236.0/22 upto /28;
route-filter 216.33.240.0/22 upto /28;
route-filter 216.34.51.0/24 upto /28;
route-filter 216.200.206.0/24 upto /28;
}
then {
community add CONNECTOR-ONLY;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MICROSOFT-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
community [ FEDNET ITN NONITN ];
}
then reject;
}
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER BLOCK-TO-COMMERCIAL ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PNWG-IN {
term participant {
from {
route-filter 128.95.0.0/16 orlonger;
route-filter 128.208.0.0/16 orlonger;
route-filter 129.95.0.0/16 orlonger;
route-filter 129.101.0.0/16 orlonger;
/* Pacific Northwest National Laboratory */
route-filter 130.20.0.0/16 orlonger;
route-filter 131.252.0.0/16 orlonger;
route-filter 137.53.0.0/16 orlonger;
route-filter 140.32.128.0/24 orlonger;
route-filter 140.142.0.0/16 orlonger;
route-filter 150.131.0.0/16 orlonger;
/* University of Washington */
route-filter 192.26.136.0/24 orlonger;
route-filter 192.35.99.0/24 orlonger;
/* Pacific Northwest National Laboratory */
route-filter 192.35.193.0/24 orlonger;
route-filter 192.46.80.0/24 orlonger;
route-filter 192.68.161.0/24 orlonger;
route-filter 192.73.48.0/24 orlonger;
route-filter 192.94.21.0/24 orlonger;
/* Pacific Northwest Natioanal Laboratory */
route-filter 192.101.100.0/22 orlonger;
/* Pacific Northwest Natioanal Laboratory */
route-filter 192.101.104.0/22 orlonger;
/* Pacific Northwest Natioanal Laboratory */
route-filter 192.101.108.0/23 orlonger;
/* Pacific Northwest National Laboratory */
route-filter 192.148.93.0/24 orlonger;
/* Pacific Northwest National Laboratory */
route-filter 192.148.96.0/23 orlonger;
route-filter 192.160.47.0/24 orlonger;
route-filter 192.207.124.0/24 orlonger;
route-filter 192.220.239.0/24 orlonger;
route-filter 192.231.192.0/24 orlonger;
route-filter 198.17.13.0/24 orlonger;
route-filter 198.32.40.0/24 orlonger;
route-filter 198.32.170.0/23 orlonger;
route-filter 198.48.64.0/19 orlonger;
route-filter 198.48.76.0/22 orlonger;
route-filter 198.104.160.0/20 orlonger;
route-filter 198.207.188.0/24 orlonger;
route-filter 199.33.240.0/24 orlonger;
route-filter 199.165.64.0/18 orlonger;
route-filter 199.184.112.0/22 orlonger;
route-filter 199.184.116.0/23 orlonger;
route-filter 199.245.238.0/24 orlonger;
route-filter 199.250.32.0/20 orlonger;
route-filter 199.250.48.0/21 orlonger;
route-filter 199.250.56.0/22 orlonger;
route-filter 204.128.243.0/24 orlonger;
route-filter 204.201.0.0/20 orlonger;
route-filter 204.201.112.0/20 orlonger;
route-filter 204.203.128.0/19 orlonger;
route-filter 204.203.240.0/22 orlonger;
route-filter 205.175.96.0/19 orlonger;
route-filter 205.175.112.0/24 orlonger;
route-filter 207.196.155.0/24 orlonger;
route-filter 207.196.156.0/24 orlonger;
route-filter 207.196.158.0/23 orlonger;
route-filter 207.196.167.0/24 orlonger;
route-filter 207.196.168.0/22 orlonger;
route-filter 207.196.172.0/23 orlonger;
route-filter 207.196.175.0/24 orlonger;
route-filter 207.196.200.0/23 orlonger;
route-filter 207.196.202.0/23 orlonger;
route-filter 207.196.204.0/22 orlonger;
/* PNW Gigapop */
route-filter 209.124.176.0/21 orlonger;
/* PNW Gigapop */
route-filter 209.124.184.0/21 orlonger;
/* University of Hawaii */
route-filter 128.171.0.0/16 orlonger;
/* University of Hawaii */
route-filter 132.160.0.0/16 orlonger;
/* University of Hawaii */
route-filter 166.122.0.0/16 orlonger;
/* University of Hawaii */
route-filter 168.105.0.0/16 orlonger;
/* University of Hawaii */
route-filter 205.166.204.0/23 orlonger;
route-filter 69.91.128.0/17 orlonger;
/* NOAA via U Hawaii */
route-filter 140.90.183.0/24 orlonger;
/* NOAA via U Hawaii */
route-filter 140.90.184.0/24 orlonger;
/* NOAA via U Hawaii */
route-filter 140.90.201.0/24 orlonger;
route-filter 207.196.128.0/17 orlonger;
}
then next policy;
}
term corporate {
from {
route-filter 131.107.151.0/24 orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
/* Comotiv Systems */
route-filter 128.241.65.0/24 orlonger;
route-filter 134.39.60.0/24 orlonger;
route-filter 161.55.0.0/16 orlonger;
route-filter 168.156.80.0/20 orlonger;
route-filter 168.156.96.0/19 orlonger;
route-filter 192.46.80.0/24 orlonger;
/* via University of Hawaii */
route-filter 216.228.240.0/20 orlonger;
/* Comotive Systems */
route-filter 209.162.207.0/24 orlonger;
route-filter 153.90.0.0/16 orlonger;
route-filter 192.31.215.0/24 orlonger;
route-filter 192.42.7.0/24 orlonger;
route-filter 192.105.205.0/24 orlonger;
route-filter 192.150.88.0/24 orlonger;
route-filter 207.196.128.0/24 orlonger;
route-filter 207.196.130.0/23 orlonger;
route-filter 207.196.150.0/23 orlonger;
route-filter 207.196.152.0/24 orlonger;
route-filter 207.196.160.0/24 orlonger;
route-filter 207.196.161.0/24 orlonger;
route-filter 207.196.162.0/23 orlonger;
route-filter 207.196.164.0/24 orlonger;
route-filter 207.196.165.0/24 orlonger;
route-filter 207.196.166.0/24 orlonger;
route-filter 207.196.179.0/24 orlonger;
route-filter 207.196.208.0/21 orlonger;
route-filter 207.196.216.0/22 orlonger;
route-filter 207.196.220.0/23 orlonger;
route-filter 207.196.240.0/20 orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
route-filter 66.96.64.0/20 orlonger;
/* Washington State K20 Network */
route-filter 69.56.64.0/18 orlonger;
route-filter 134.39.0.0/16 orlonger;
route-filter 134.121.0.0/16 orlonger;
route-filter 140.160.0.0/16 orlonger;
route-filter 146.187.0.0/16 orlonger;
/* Pacific Lutheran University */
route-filter 152.117.0.0/16 orlonger;
route-filter 152.157.0.0/16 orlonger;
route-filter 162.78.0.0/16 orlonger;
route-filter 164.116.0.0/16 orlonger;
route-filter 168.99.0.0/16 orlonger;
route-filter 168.156.0.0/16 orlonger;
route-filter 168.212.0.0/16 orlonger;
route-filter 169.204.0.0/16 orlonger;
route-filter 192.31.216.0/24 orlonger;
/* Communications Technology Ctr, ctc.edu */
route-filter 192.64.1.0/24 orlonger;
route-filter 192.94.22.0/24 orlonger;
route-filter 192.102.5.0/24 orlonger;
route-filter 192.138.182.0/24 orlonger;
route-filter 192.160.133.0/24 orlonger;
route-filter 192.206.201.0/24 orlonger;
route-filter 192.207.104.0/24 orlonger;
route-filter 192.211.16.0/20 orlonger;
route-filter 192.220.200.0/21 orlonger;
route-filter 192.247.128.0/17 orlonger;
/* Whitworth College, Spokane */
route-filter 198.29.0.0/22 orlonger;
route-filter 198.104.64.0/18 orlonger;
route-filter 198.104.232.0/21 orlonger;
/* Whitman College */
route-filter 199.89.174.0/23 orlonger;
route-filter 199.237.64.0/19 orlonger;
route-filter 206.193.0.0/18 orlonger;
/* Washington State K20 Network */
route-filter 207.180.96.0/20 orlonger;
/* Washington State K20 Network */
route-filter 207.180.96.0/19 orlonger;
route-filter 216.186.0.0/19 orlonger;
route-filter 216.186.0.0/18 orlonger;
route-filter 216.186.0.0/17 orlonger;
route-filter 216.186.64.0/20 orlonger;
/* Whitman University */
route-filter 192.34.239.0/24 orlonger;
/* via University of Hawaii */
route-filter 165.248.0.0/16 orlonger;
/* Washington State SEGP */
route-filter 207.108.56.0/24 orlonger;
/* Washington state k-20 telecomm network */
route-filter 68.179.192.0/19 orlonger;
/* Alaska Distance Education Consortium */
route-filter 137.229.0.0/16 orlonger;
/* Hawaii segp */
route-filter 208.65.120.0/22 orlonger;
route-filter 72.233.128.0/17 orlonger;
/* Washington State K-20 Educational Telecommunications Network */
route-filter 69.166.32.0/19 orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PNWG-IN6 {
term accept {
from {
family inet6;
/* Pacific Northwest Gigapop */
route-filter 2001:1860::/32 exact;
/* University of Hawaii */
route-filter 2001:468:1c00::/40 exact;
/* Microsoft */
route-filter 2001:4898::/32 exact;
/* PNWGP */
route-filter 2001:1860:C000::/34 exact;
/* PNWGP */
route-filter 2001:1860::/34 exact;
/* U of Hawaii */
route-filter 2607:F278::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0. 