Internet2 - Router Configuration
|
|
Last Run: Wed Feb 10 00:36:06 UTC 2010
|
Internet2 - Router Configuration
These are the configurations used on each of the Abilene backbone routers. Certain sections, such as the filters, SNMP, and
user login portions, have been removed for security purposes.
This data is not XML rich, so it is nothing more than a simple list.
seat
## Last commit: 2010-02-09 15:28:24 UTC by addlema
version 8.5S4;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
re0 {
system {
host-name SEAT-re0;
}
}
re1 {
system {
host-name SEAT-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
{
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
mtu 9180;
unit <*> {
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
arp {
aging-timer 240;
}
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 5;
source-address 64.57.28.247;
}
140.182.44.69 {
timeout 5;
source-address 64.57.28.247;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive {
files 100;
}
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
host 140.182.44.73 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive {
size 1m;
files 100;
}
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
server 64.57.17.70;
}
}
chassis {
no-source-route; ## Warning: 'source-route' is deprecated
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: SALT-SEAT OC-192 | I2-SALT-SEAT-O192-03926";
family inet {
address 64.57.28.26/31;
}
family inet6 {
address 2001:468:ff:716::1/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "PNWGP Aggregate Interface";
vlan-tagging;
link-mode full-duplex;
unit 10 {
description "Pacific Northwest Gigapop | AS:101";
vlan-id 10;
family inet {
mtu 9000;
address 64.57.28.53/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:16c2::1/64;
}
}
unit 11 {
description "[CPS] Connector Pacific Northwest GigaPOP (PNWGP) IPv6";
vlan-id 11;
family inet {
address 64.57.29.73/30;
}
family inet6 {
address 2001:468:ffff:16c2::1/64;
}
}
}
xe-0/2/0 {
description "[CPS] Seattle Internet Exchange (SIX) 10GE";
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 0 {
description "[CPS] Seattle Internet Exchange (SIX) 10GE";
family inet {
mtu 1500;
address 206.81.80.67/23 {
primary;
}
}
family inet6 {
mtu 1500;
address 2001:504:16::2d11/64 {
primary;
}
}
}
}
ge-1/2/0 {
description "PNI to Global Crossing";
vlan-tagging;
mtu 9134;
unit 100 {
description "[CPS] Global Crossing Private v4/v6 peering";
vlan-id 100;
family inet {
filter {
input connector-in;
}
address 64.57.29.97/30;
}
family inet6 {
address 2001:468:ffff:8ff::1/64;
}
}
unit 101 {
description "[CPS] Global Crossing Private Multicast-Only Peering";
vlan-id 101;
family inet {
filter {
input connector-in;
}
address 64.57.28.89/30;
}
}
}
ge-1/2/2 {
unit 0 {
description "[CPS] Google GigE #1";
family inet {
mtu 1500;
address 74.125.48.178/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:5/127;
}
}
}
ge-1/2/3 {
unit 0 {
description "[CPS] Google GigE #2";
family inet {
mtu 1500;
address 74.125.48.226/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:3/127;
}
}
}
inactive: ge-1/3/0 {
unit 0 {
description "[CPS] Google GigE #1";
family inet {
mtu 1500;
address 74.125.48.178/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:5/127;
}
}
}
ge-2/0/0 {
description "HP Racklan 1 Gig";
vlan-tagging;
mtu 9192;
unit 12 {
vlan-id 12;
family inet {
mtu 9000;
address 64.57.19.33/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:12::1/64;
address 2001:468:8:12::19:33/64;
}
}
}
ge-2/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.19.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:101::1/64;
address 2001:468:8:101::19:17/64;
}
}
}
ge-2/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.19.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:8:100::1/64;
address 2001:468:8:100::19:21/64;
}
}
}
inactive: so-2/2/0 {
description "Retired Global Crossing [NO-MONITOR]";
no-keepalives;
mtu 9192;
clocking external;
encapsulation frame-relay;
sonet-options {
rfc-2615;
}
unit 16 {
description "[CPS] Retired Global Crossing [NO-MONITOR]";
dlci 16;
family inet {
mtu 9000;
address 64.57.29.5/30;
}
}
unit 17 {
description "Retired Global Crossing [NO-MONITOR]";
dlci 17;
family inet {
mtu 9000;
address 64.57.29.9/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:8ff::1/64;
}
}
}
inactive: ge-2/3/0 {
unit 0 {
description "[CPS] Google GigE #2";
family inet {
mtu 1500;
address 74.125.48.226/30;
}
family inet6 {
address 2001:4860:1:1:0:2D11:0:3/127;
}
}
}
ge-3/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "Pacific Wave 10GigE";
vlan-tagging;
mtu 9180;
unit 701 {
description "Pacific Wave Seattle Legacy (1500 MTU)";
vlan-id 701;
family inet {
mtu 1500;
address 198.32.170.43/24;
}
family inet6 {
mtu 1500;
address 2001:468:ff:16c1::1/64;
}
}
unit 706 {
description "Pacific Wave Seattle Local (9K MTU)";
vlan-id 706;
family inet {
mtu 9000;
address 207.231.240.8/25;
}
family inet6 {
mtu 9000;
address 2001:504:B:10::8/64;
}
}
unit 707 {
description "Pacific Wave Seattle Local (1500 MTU)";
vlan-id 707;
family inet {
mtu 1500;
address 207.231.242.8/25;
}
family inet6 {
mtu 1500;
address 2001:504:B:11::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 776 {
description "Pacific Wave Seattle-LA intersite (9k MTU)";
vlan-id 776;
family inet {
mtu 9000;
address 207.231.241.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:B:80::8/64;
}
}
/* NOTE: intersite VLANs are to be used for backup traffic only. LA peers cannot prefer this VLAN or connect solely to Seattle */
unit 777 {
description "Pacific Wave Seattle-LA intersite (1500k MTU)";
vlan-id 777;
family inet {
mtu 1500;
address 207.231.243.8/24;
}
family inet6 {
mtu 1500;
address 2001:504:B:81::8/64;
}
}
unit 778 {
description "Pacific Wave Seattle-Sunnyvale intersite";
vlan-id 778;
family inet {
mtu 9000;
address 207.231.245.8/24;
}
family inet6 {
mtu 9000;
address 2001:504:b:88::8/64;
}
}
unit 1020 {
description "CENIC via LAX-DC | AS2153";
vlan-id 1020;
family inet {
mtu 9000;
address 137.164.26.142/30;
}
family inet6 {
mtu 9000;
address 2001:468:E00:FC0::2/64;
}
}
unit 1022 {
description "[CPS] CENIC via LAX-DC IPv6 [NO-MONITOR]";
vlan-id 1022;
family inet6 {
address 2607:F380::4:0:6/126;
}
}
unit 3775 {
description "pacwave test vlan";
vlan-id 3775;
family inet {
mtu 9000;
address 192.168.1.1/30;
}
}
}
ge-3/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: SALT-SEAT 1 | I2-SALT-SEAT-10GE-05573 [NO-MONITOR]";
family inet {
address 64.57.28.105/31;
}
family inet6 {
address 2001:468:ff:717::2/64;
}
}
}
ge-3/2/0 {
description "HP Racklan 10G";
vlan-tagging;
mtu 9180;
unit 11 {
description "Observatory 10 gig uplink";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.19.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:8:11::1/64;
address 2001:468:8:11::19:1/64;
}
}
unit 20 {
description "VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.241/29;
}
family inet6 {
mtu 9000;
address 2001:468:8:20::1/64;
address 2001:468:8:20::18:241/64;
}
}
unit 21 {
description "VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.113/28;
}
family inet6 {
mtu 9000;
address 2001:468:8:21::1/64;
address 2001:468:8:21::18:113/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.57/30;
}
family inet6 {
mtu 9000;
address 2001:468:08:60::29:57/64;
address 2001:468:08:60::1/64;
}
}
}
ge-3/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SEAT 10GE | I2-LOSA-SEAT-10GE-05564";
family inet {
address 64.57.28.39/31;
}
family inet6 {
address 2001:468:ff:0516::1/64;
}
}
}
xe-7/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SEAT 10GE | I2-LOSA-SEAT-10GE-05572";
family inet {
address 64.57.28.93/31;
}
family inet6 {
address 2001:468:ff:0522::2/64;
}
}
}
ge-7/1/0 {
apply-groups INTERFACE-CONNECTOR;
vlan-tagging;
mtu 9192;
unit 210 {
description "[CPS] Customer TransitRail trial [PENDING]";
vlan-id 210;
family inet {
mtu 1500;
address 137.164.131.86/30;
}
family inet6 {
mtu 1500;
address 2001:1860:110:2005::2/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Mgmt Ethernet - unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.247/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0022.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:08::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.247/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff08::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.19.2 {
port 4200;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1600::/56;
route 2001:468:0016::/48;
route 2001:468:0008::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 67.17.81.229/32 next-hop 64.57.29.10;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.247;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface ge-1/2/0.0 {
disable;
}
interface xe-0/2/0.0 {
disable;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface xe-7/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path SEAT->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path SEAT->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path SEAT->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path SEAT->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path HOPI-VLAN-620-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path SEAT->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path SEAT->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path HOPI-VLAN-621-SEAT-to-LOSA {
to 64.57.28.248;
}
label-switched-path SEAT->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path SEAT->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to SALT */
interface so-0/0/0.0;
/* BACKBONE to LOSA */
interface xe-7/0/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.247;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:08::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
multipath;
inactive: neighbor 209.124.179.1 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
neighbor 137.164.26.141 {
description "CENIC via LAX-DC";
import [ SANITY-IN CUDI-PREF SET-PREF CALREN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 2153;
}
neighbor 207.231.240.7 {
description "Microsoft via Pac Wave vlan706";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 207.231.241.7 {
description "Microsoft via Pac Wave vlan776";
import [ SANITY-IN SET-PREF FROM-MICROSOFT ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 MICROSOFT-OUT ];
peer-as 8075;
}
neighbor 64.57.28.54 {
description "Pacific Northwest Gigapop;";
import [ SANITY-IN SET-PREF PNWG-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 101;
}
neighbor 140.221.251.133 {
description "SC09 core-rtr-2 Te0/6/0/6 [PENDING]";
import [ SANITY-IN SET-PREF SC-IN CONNECTOR-SC-IN ];
peer-as 14031;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
multipath;
neighbor 2001:468:ff:16c2::2 {
description "Pacific Northwest Gigapop";
import [ SANITY6 SET-PREF PNWG-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 101;
}
neighbor 2001:468:E00:FC0::1 {
description "CENIC via LAX-DC";
import [ SANITY6 SET-PREF CALREN-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 2153;
}
neighbor 2001:468:1f07:1091::133 {
description "Scinet [PENDING]";
import [ SANITY6 SET-PREF SC6 ];
family inet6 {
any;
}
peer-as 14031;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 207.231.245.131 {
description "NREN AS24";
hold-time 30;
Authentication Data Removed
peer-as 24;
}
neighbor 207.231.240.9 {
description "DREN- AS668 Vlan706";
Authentication Data Removed
peer-as 668;
}
neighbor 207.231.240.13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:504:b:88::131 {
description "NREN AS24";
Authentication Data Removed
peer-as 24;
}
neighbor 2001:504:B:10::9 {
description "DREN AS668";
Authentication Data Removed
peer-as 668;
}
neighbor 2001:504:B:10::13 {
description "ESNET Seattle via Pacific Wave";
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
inactive: neighbor 64.57.29.10 {
description "Retired Global Crossing multicast-only [NO-MONITOR]";
import [ SANITY-IN REMOVE-COMMS-IN SET-DEPREF-PEER ISP-MCAST-IN ];
Authentication Data Removed
peer-as 3549;
}
neighbor 64.57.28.90 {
description "Commercial Global Crossing (Multicast Only)";
Authentication Data Removed
peer-as 3549;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER AARNET-V6-IN ];
Authentication Data Removed
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 AARNET-V6-OUT ];
peer-as 7575;
}
inactive: neighbor 2001:468:ff:8ff::2 {
description "Global Crossing [NO-MONITOR]";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-GBLX6 ISP-V6-IN ];
Authentication Data Removed
peer-as 3549;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
inactive: neighbor 198.32.170.47 {
description "National Univ of Singapore via PacWave";
Authentication Data Removed
peer-as 7610;
}
/* TANET2 and ASNET back each other up */
inactive: neighbor 198.32.170.34 {
description "TANET2 via Pacific Wave";
Authentication Data Removed
peer-as 7539;
}
neighbor 207.231.240.4 {
description "AARNet T320 via Pacific Wave";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.10 {
description "GEMnet 9K-MTU via Pacific Wave";
Authentication Data Removed
peer-as 23796;
}
neighbor 207.231.241.136 {
description "TransPAC2 Los Angeles via PacWave (Secondary Backup)";
peer-as 22388;
}
neighbor 207.231.240.18 {
description "REANNZ via Pacific Wave";
peer-as 38018;
}
neighbor 207.231.240.2 {
description "AARNet M120 via Pacific Wave 9K";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.6 {
description "KREONET2 via Pacific Wave Vlan706";
Authentication Data Removed
peer-as 17579;
}
neighbor 207.231.241.149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER AARNET-ITN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7575;
}
neighbor 207.231.240.21 {
description "CA*Net4 via PacWave 9K MTU: VLAN706 as of 6/13/09";
Authentication Data Removed
peer-as 6509;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
inactive: neighbor 2001:468:ff:16c1::4 {
description "TANET2 IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:16c1::5 {
description "GEMNET IPv6 via Pacific Wave";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 4697;
}
inactive: neighbor 2001:504:b:10::4 {
description "AARNET IPv6 T320 via PacWave";
Authentication Data Removed
peer-as 7575;
}
inactive: neighbor 2001:504:B:11::2 {
description "AARNet Cisco VXR via Pacific Wave";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:b:10::18 {
description "REANNZ IPV6 |";
peer-as 38018;
}
neighbor 2001:504:b:10::6 {
description "KREOnet2 IPv6 via Pacific Wave via Vlan706";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 17579;
}
neighbor 2001:504:b:80::149 {
description "AARnet 1Gbps backup via Pacific Wave and Equinix";
Authentication Data Removed
peer-as 7575;
}
neighbor 2001:504:B:10::21 {
description "CA*net via Pacific Wave vlan706 as of 6/13/09";
family inet6 {
any;
}
Authentication Data Removed
peer-as 6509;
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR] ";
local-address 64.57.28.247;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.247;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 129.79.43.198 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.247;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:33:250:56ff:fea9:320c {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:08::1;
family inet6 {
unicast;
}
}
neighbor 64.57.19.2 {
description "V4 peering to NMS-rpsv [NO-MONITOR]";
local-address 64.57.19.1;
family inet {
unicast;
multicast;
}
cluster 64.57.19.1;
}
neighbor 2001:468:8:11::19:2 {
description "V6 peering to NMS-rpsv [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200; ## Warning: 'spf-delay' is deprecated
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* OC192 to SALT */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 913;
}
/* NMS Rack Lan */
interface ge-2/0/0.12 {
level 1 disable;
level 2 passive;
}
interface ge-2/0/1.0 {
level 1 disable;
level 2 passive;
}
interface ge-2/0/2.0 {
level 1 disable;
level 2 passive;
}
/* NOC Rack Lan */
interface ge-3/2/0.11 {
level 1 disable;
level 2 passive;
}
/* OBS Rack Lan */
interface ge-3/2/0.13 {
level 1 disable;
level 2 passive;
}
/* VINI Mgmt */
interface ge-3/2/0.20 {
level 1 disable;
level 2 passive;
}
/* VINI Data */
interface ge-3/2/0.21 {
level 1 disable;
level 2 passive;
}
interface ge-3/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* BACKBONE to LOSA */
interface ge-3/3/0.0 {
level 1 disable;
level 2 metric 1343;
}
/* BACKBONE to LOSA 2 */
interface xe-7/0/0.0 {
level 1 disable;
level 2 metric 1344;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group ABILENE {
mode mesh-group;
local-address 64.57.28.247;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* CENIC Los Angeles Backup */
peer 137.164.24.2 {
local-address 137.164.24.3;
}
/* Pacific Northwest Gigapop */
inactive: peer 209.124.179.1 {
local-address 209.124.179.2;
}
/* CENIC via LAX-DC */
peer 137.164.26.141 {
local-address 137.164.26.142;
}
/* PNWGP (new) */
peer 64.57.28.54 {
local-address 64.57.28.53;
}
/* rp.sc09.org */
peer 140.221.251.226 {
local-address 140.221.251.134;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* DREN - AS668, loopback to loopback */
peer 138.18.12.237 {
local-address 64.57.28.247;
}
/* NREN AS24 via directly connected int */
peer 207.231.245.131 {
local-address 207.231.245.8;
}
peer 134.55.3.6 {
local-address 207.231.240.8;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
local-address 198.32.170.43;
inactive: traceoptions {
file jrd files 10;
flag all detail;
}
/* CA*NET */
peer 198.32.170.44 {
local-address 198.32.170.43;
}
/* TANET2 */
peer 198.32.170.34 {
local-address 198.32.170.43;
}
/* National Univ of Singapore */
peer 202.3.135.252 {
local-address 198.32.170.43;
}
/* KREOnet2 [NO-MONITOR] */
peer 198.32.170.33 {
local-address 198.32.170.43;
}
/* GEMnet 9K */
peer 207.231.240.10 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.193 {
local-address 207.231.240.8;
}
/* REANNZ */
peer 210.7.36.194 {
local-address 207.231.240.8;
}
/* KREOnet2 Vlan706 */
peer 207.231.240.6 {
local-address 207.231.240.8;
}
/* AARNET lax-b-bb1 */
peer 207.231.241.149 {
local-address 207.231.241.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.2 {
local-address 207.231.240.8;
}
/* AARNET sea-a-bb1 */
peer 207.231.240.4 {
local-address 207.231.240.8;
}
peer 207.231.240.21 {
local-address 207.231.240.8;
}
}
group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* new Global Crossing */
peer 67.17.81.229 {
local-address 64.57.28.89;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list CALREN-PARTICIPANT {
36.0.0.0/8;
44.0.0.0/8;
63.202.49.0/24;
63.207.252.0/22;
63.225.1.0/24;
63.247.0.0/19;
64.54.0.0/16;
64.106.0.0/17;
64.106.0.0/18;
64.234.128.0/18;
67.58.32.0/19;
68.65.160.0/20;
68.181.0.0/16;
69.196.32.0/19;
74.112.228.0/22;
128.3.0.0/16;
128.9.0.0/16;
128.12.0.0/16;
128.32.0.0/16;
128.48.0.0/16;
128.54.0.0/16;
128.97.0.0/16;
128.111.0.0/16;
128.114.0.0/16;
128.120.0.0/16;
128.123.0.0/16;
128.125.0.0/16;
128.149.0.0/16;
128.165.0.0/16;
128.195.0.0/16;
128.196.0.0/16;
128.200.0.0/16;
128.218.0.0/16;
129.24.0.0/16;
129.24.232.0/21;
129.138.0.0/16;
129.219.0.0/16;
130.55.0.0/16;
130.237.14.0/23;
131.179.0.0/16;
131.215.0.0/16;
131.216.0.0/16;
131.243.0.0/16;
132.239.0.0/16;
132.249.0.0/16;
134.4.0.0/16;
134.69.0.0/16;
134.79.0.0/16;
134.154.0.0/16;
134.173.0.0/16;
134.197.0.0/16;
136.152.0.0/16;
136.235.0.0/16;
137.78.0.0/16;
137.79.0.0/16;
137.110.0.0/16;
137.131.0.0/16;
137.164.0.0/16;
137.228.0.0/16;
138.23.0.0/16;
138.202.0.0/16;
140.148.0.0/16;
140.173.0.0/16;
146.88.0.0/16;
149.142.0.0/16;
149.169.0.0/16;
150.135.0.0/16;
152.79.0.0/16;
153.105.0.0/16;
160.87.0.0/16;
164.67.0.0/16;
165.157.0.0/16;
169.228.0.0/16;
169.228.64.0/21;
169.228.128.0/19;
169.228.160.0/20;
169.229.0.0/16;
169.230.0.0/16;
169.231.0.0/16;
169.232.0.0/16;
169.233.0.0/16;
169.234.0.0/16;
169.235.0.0/16;
169.237.0.0/16;
170.91.128.0/18;
171.64.0.0/14;
171.67.234.0/25;
192.5.10.0/24;
192.5.19.0/24;
192.12.19.0/24;
192.12.69.0/24;
192.12.207.0/24;
192.12.234.0/24;
192.17.47.0/24;
192.26.250.0/23;
192.26.251.0/24;
192.26.252.0/23;
192.26.254.0/24;
192.31.21.0/24;
192.31.43.0/24;
192.31.95.0/24;
192.31.105.0/24;
192.31.146.0/24;
192.31.153.0/24;
192.31.161.0/24;
192.35.164.0/22;
192.35.169.0/24;
192.35.209.0/24;
192.35.210.0/24;
192.35.212.0/23;
192.35.214.0/24;
192.35.215.0/24;
192.35.216.0/24;
192.35.217.0/24;
192.35.221.0/26;
192.35.222.0/24;
192.35.225.0/24;
192.35.228.0/24;
192.41.208.0/24;
192.41.211.0/24;
192.42.82.0/24;
192.58.221.0/24;
192.65.77.0/24;
192.65.78.0/24;
192.65.95.0/24;
192.65.200.0/24;
192.67.20.0/24;
192.67.21.0/24;
192.67.81.0/24;
192.67.82.0/24;
192.67.132.0/24;
192.80.43.0/24;
192.84.86.0/24;
192.88.137.0/24;
192.88.138.0/24;
192.88.139.0/24;
192.88.140.0/24;
192.94.216.0/24;
192.100.172.0/24;
192.101.37.0/24;
192.101.42.0/24;
192.107.102.0/24;
192.107.192.0/24;
192.132.89.0/24;
192.135.237.0/24;
192.135.238.0/24;
192.136.110.0/24;
192.138.85.0/24;
192.150.186.0/23;
192.150.216.0/23;
192.150.216.0/24;
192.154.1.0/24;
192.154.2.0/24;
192.154.6.0/24;
192.159.138.0/24;
192.159.141.0/24;
192.172.226.0/24;
192.207.226.0/24;
192.251.158.0/24;
198.17.46.0/23;
198.17.47.0/24;
198.17.101.0/24;
198.32.16.0/24;
198.32.20.0/24;
198.32.248.0/24;
198.32.249.0/24;
198.32.251.0/24;
198.51.111.0/24;
198.59.97.0/24;
198.59.106.0/24;
198.59.108.0/24;
198.59.130.0/24;
198.59.133.0/24;
198.59.145.0/24;
198.59.152.0/24;
198.59.153.0/24;
198.59.154.0/24;
198.59.155.0/24;
198.59.187.0/24;
198.59.188.0/24;
198.59.190.0/24;
198.94.52.0/24;
198.133.185.0/24;
198.134.135.0/24;
198.147.151.0/24;
198.148.64.0/21;
198.148.72.0/22;
198.151.212.0/24;
198.176.219.0/24;
198.183.128.0/22;
198.186.182.0/24;
198.187.221.0/24;
198.187.222.0/24;
198.187.251.0/24;
198.202.64.0/18;
198.202.126.0/23;
199.105.0.0/18;
199.120.153.0/24;
199.164.237.0/24;
199.165.16.0/24;
199.165.17.0/24;
199.165.19.0/24;
199.233.182.0/24;
200.23.5.0/24;
204.27.250.0/24;
204.48.128.0/17;
204.57.0.0/21;
204.63.224.0/21;
204.69.153.0/24;
204.80.191.0/24;
204.88.128.0/19;
204.115.168.0/21;
204.118.32.0/24;
204.121.0.0/16;
204.128.156.0/24;
204.134.48.0/24;
204.134.50.0/24;
204.134.54.0/24;
204.134.56.0/24;
204.134.66.0/24;
204.134.68.0/24;
204.134.85.0/24;
204.134.102.0/24;
204.250.96.0/20;
205.143.88.0/21;
205.153.156.0/24;
205.153.157.0/24;
205.153.158.0/24;
205.153.159.0/24;
205.159.27.0/24;
205.167.46.0/23;
205.167.120.0/23;
205.173.40.0/21;
205.174.240.0/20;
206.78.128.0/19;
206.78.144.0/21;
206.78.232.0/22;
206.117.32.0/24;
206.192.128.0/18;
206.194.0.0/18;
206.197.121.0/24;
206.206.136.0/21;
206.206.144.0/20;
206.207.0.0/24;
206.207.42.0/24;
206.213.128.0/18;
206.224.224.0/19;
207.31.0.0/18;
207.31.128.0/17;
207.197.0.0/18;
207.197.64.0/18;
208.1.64.0/19;
208.68.28.0/22;
208.75.160.0/21;
208.77.76.0/22;
208.94.60.0/22;
209.68.128.0/19;
216.161.32.0/23;
}
prefix-list CALREN-CORPORATE {
192.6.26.0/24;
192.101.37.0/24;
}
prefix-list CALREN-SPONSORED {
134.114.0.0/16;
140.252.0.0/16;
192.33.140.0/23;
192.174.2.0/24;
192.174.3.0/24;
192.175.48.0/24;
199.104.148.0/22;
199.104.152.0/21;
199.111.161.0/24;
204.107.152.0/24;
204.152.100.0/22;
206.197.219.0/24;
207.241.224.0/20;
208.70.24.0/21;
209.242.165.0/24;
209.242.165.32/27;
209.242.165.128/25;
209.242.166.0/24;
209.242.166.160/27;
216.230.176.0/20;
}
prefix-list CALREN-SEGP {
63.199.32.0/21;
63.247.0.0/19;
64.39.112.0/20;
76.78.96.0/19;
129.8.0.0/16;
129.65.0.0/16;
130.17.0.0/16;
130.65.0.0/16;
130.86.0.0/16;
130.150.0.0/16;
130.157.0.0/16;
130.166.0.0/16;
130.182.0.0/16;
130.191.0.0/16;
130.212.0.0/16;
132.241.0.0/16;
134.71.0.0/16;
134.89.0.0/16;
134.139.0.0/16;
134.154.0.0/16;
136.168.0.0/16;
137.145.0.0/16;
137.150.0.0/16;
137.151.0.0/16;
137.159.0.0/16;
137.159.192.0/18;
138.202.0.0/16;
139.182.0.0/16;
140.144.0.0/16;
143.254.0.0/16;
144.37.0.0/16;
146.244.0.0/16;
147.144.0.0/16;
153.18.0.0/16;
155.135.0.0/16;
156.1.0.0/16;
156.3.0.0/16;
157.233.0.0/16;
159.115.0.0/16;
160.227.0.0/16;
163.150.0.0/16;
165.196.0.0/16;
169.199.0.0/16;
169.236.0.0/16;
192.30.115.0/24;
192.55.87.0/24;
192.77.116.0/24;
192.78.182.0/24;
192.84.86.0/24;
192.86.78.0/24;
192.103.56.0/24;
192.104.166.0/24;
192.111.213.0/24;
192.138.184.0/24;
192.189.45.0/24;
192.189.46.0/24;
192.189.47.0/24;
192.189.48.0/24;
192.190.38.0/24;
192.190.45.0/24;
192.195.41.0/24;
192.195.153.0/24;
192.195.154.0/23;
192.207.184.0/24;
198.32.43.0/24;
198.32.44.0/24;
198.32.45.0/24;
198.49.104.0/24;
198.59.107.0/24;
198.59.189.0/24;
198.62.142.0/24;
198.102.103.0/24;
198.133.204.0/24;
198.137.147.0/24;
198.137.151.0/24;
198.137.152.0/23;
198.137.152.0/24;
198.137.153.0/24;
198.137.224.0/24;
198.175.250.0/24;
198.175.251.0/24;
198.175.252.0/24;
198.181.223.0/24;
198.181.224.0/23;
198.181.226.0/24;
198.188.0.0/16;
198.189.0.0/16;
198.202.144.0/24;
198.202.145.0/24;
198.207.153.0/24;
198.207.154.0/24;
198.207.155.0/24;
198.207.156.0/24;
199.88.11.0/24;
199.88.104.0/23;
199.88.112.0/24;
199.230.32.0/20;
199.230.48.0/22;
199.245.155.0/24;
199.253.32.0/20;
199.253.48.0/21;
204.17.179.0/24;
204.17.189.0/24;
204.62.200.0/24;
204.69.0.0/21;
204.75.249.0/24;
204.75.250.0/24;
204.75.251.0/24;
204.75.252.0/24;
204.75.253.0/24;
204.75.254.0/24;
204.75.255.0/24;
204.100.0.0/16;
204.100.64.0/18;
204.100.128.0/17;
204.102.0.0/16;
204.102.78.0/24;
204.129.0.0/16;
204.147.16.0/20;
204.155.0.0/20;
204.238.95.0/24;
204.238.101.0/24;
205.154.0.0/16;
205.154.240.0/23;
205.154.241.0/24;
205.154.242.0/24;
205.155.0.0/16;
205.174.208.0/20;
206.15.224.0/19;
206.78.0.0/19;
206.78.32.0/19;
206.78.64.0/19;
206.78.96.0/20;
206.78.128.0/20;
206.78.144.0/22;
206.78.148.0/23;
206.78.151.0/24;
206.78.153.0/24;
206.78.154.0/23;
206.78.156.0/22;
206.78.160.0/19;
206.78.192.0/19;
206.78.224.0/20;
206.78.240.0/20;
206.117.0.0/16;
206.201.240.0/20;
206.211.32.0/19;
206.211.128.0/19;
206.227.0.0/18;
207.7.139.0/24;
207.7.144.0/24;
207.21.33.0/24;
207.21.34.0/24;
207.31.128.0/18;
207.62.0.0/16;
207.99.128.0/18;
207.157.128.0/17;
207.166.0.0/18;
207.212.206.0/23;
207.233.0.0/17;
208.71.24.0/22;
209.66.192.0/19;
209.79.64.0/19;
209.79.154.0/23;
209.79.156.0/23;
209.129.0.0/16;
209.129.38.0/23;
209.129.40.0/22;
209.129.44.0/23;
209.132.144.0/24;
209.147.0.0/18;
209.188.128.0/17;
209.232.36.0/22;
209.232.144.0/20;
216.100.88.0/21;
216.102.12.0/22;
216.102.72.0/21;
216.102.80.0/22;
}
prefix-list HAWAII-PARTICIPANT {
128.171.0.0/16;
132.160.0.0/16;
/* NOAA */
140.90.183.0/24;
/* NOAA */
140.90.184.0/24;
/* NOAA */
140.90.201.0/24;
166.122.0.0/16;
168.105.0.0/16;
205.166.204.0/23;
}
prefix-list HAWAII-SPONSORED;
prefix-list HAWAII-SEGP {
165.248.0.0/16;
208.65.120.0/22;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list PACIFICNORTHWESTGP-PARTICIPANTS6 {
2001:1860::/34;
2001:1860:4000::/34;
2001:1860:8000::/34;
2001:1860:c000::/34;
2607:f278::/32;
2610:10::/32;
}
prefix-list PNWG-PARTICIPANT {
/* Portland State University */
38.103.168.0/22;
69.91.128.0/17;
128.95.0.0/16;
/* University of Hawaii */
128.171.0.0/16;
128.208.0.0/16;
129.95.0.0/16;
129.101.0.0/16;
/* Pacific Northwest National Laboratory */
130.20.0.0/16;
131.252.0.0/16;
/* University of Hawaii */
132.160.0.0/16;
137.53.0.0/16;
140.32.128.0/24;
/* NOAA via U Hawaii */
140.90.183.0/24;
/* NOAA via U Hawaii */
140.90.184.0/24;
/* NOAA via U Hawaii */
140.90.201.0/24;
140.142.0.0/16;
150.131.0.0/16;
/* University of Hawaii */
166.122.0.0/16;
/* University of Hawaii */
168.105.0.0/16;
/* University of Washington */
192.26.136.0/24;
192.35.99.0/24;
/* Pacific Northwest National Laboratory */
192.35.193.0/24;
192.46.80.0/24;
192.68.161.0/24;
192.73.48.0/24;
192.94.21.0/24;
/* Pacific Northwest Natioanal Laboratory */
192.101.100.0/22;
/* Pacific Northwest Natioanal Laboratory */
192.101.104.0/22;
/* Pacific Northwest Natioanal Laboratory */
192.101.108.0/23;
/* Pacific Northwest National Laboratory */
192.148.93.0/24;
/* Pacific Northwest National Laboratory */
192.148.96.0/23;
192.160.47.0/24;
192.207.124.0/24;
192.220.239.0/24;
192.231.192.0/24;
198.17.13.0/24;
198.32.40.0/24;
198.32.170.0/23;
198.48.64.0/19;
198.48.76.0/22;
198.104.160.0/20;
198.207.188.0/24;
199.33.240.0/24;
199.165.64.0/18;
199.184.112.0/22;
199.184.116.0/23;
199.245.238.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
204.128.243.0/24;
204.201.0.0/20;
204.201.112.0/20;
204.203.128.0/19;
204.203.240.0/22;
/* University of Hawaii */
205.166.204.0/23;
205.175.96.0/19;
205.175.112.0/24;
207.196.128.0/17;
207.196.129.0/24;
207.196.132.0/22;
207.196.136.0/22;
207.196.140.0/22;
207.196.144.0/22;
207.196.148.0/23;
207.196.153.0/24;
207.196.154.0/23;
207.196.155.0/24;
207.196.156.0/24;
207.196.158.0/23;
207.196.167.0/24;
207.196.168.0/22;
207.196.172.0/23;
207.196.174.0/24;
207.196.175.0/24;
207.196.176.0/23;
207.196.178.0/24;
207.196.180.0/22;
207.196.184.0/21;
207.196.192.0/21;
207.196.196.0/22;
207.196.200.0/22;
207.196.200.0/23;
207.196.202.0/23;
207.196.204.0/22;
/* PNW Gigapop */
209.124.176.0/21;
/* PNW Gigapop */
209.124.184.0/21;
}
prefix-list PNWG-CORPORATE {
131.107.151.0/24;
}
prefix-list PNWG-SPONSORED {
/* Comotiv Systems */
128.241.65.0/24;
134.39.60.0/24;
153.90.0.0/16;
161.55.0.0/16;
168.156.80.0/20;
168.156.96.0/19;
192.31.215.0/24;
192.42.7.0/24;
192.46.80.0/24;
192.105.205.0/24;
192.150.88.0/24;
207.196.128.0/24;
207.196.130.0/23;
207.196.150.0/23;
207.196.152.0/24;
207.196.160.0/24;
207.196.161.0/24;
207.196.162.0/23;
207.196.164.0/24;
207.196.165.0/24;
207.196.166.0/24;
207.196.179.0/24;
207.196.208.0/21;
207.196.216.0/22;
207.196.220.0/23;
207.196.240.0/20;
/* Comotive Systems */
209.162.207.0/24;
}
prefix-list PNWG-SEGP {
12.12.12.0/24;
66.96.64.0/20;
/* Washington state k-20 telecomm network */
68.179.192.0/19;
/* Washington State K20 Network */
69.56.64.0/18;
/* Washington State K-20 Educational Telecommunications Network */
69.166.32.0/19;
72.233.128.0/17;
74.118.176.0/22;
134.39.0.0/16;
134.121.0.0/16;
/* Alaska Distance Education Consortium */
137.229.0.0/16;
140.160.0.0/16;
146.187.0.0/16;
/* Pacific Lutheran University */
152.117.0.0/16;
152.157.0.0/16;
162.78.0.0/16;
164.116.0.0/16;
/* via University of Hawaii */
165.248.0.0/16;
168.99.0.0/16;
168.156.0.0/16;
168.212.0.0/16;
169.204.0.0/16;
192.31.216.0/24;
/* Whitman University */
192.34.239.0/24;
192.56.246.0/23;
192.56.248.0/21;
/* Communications Technology Ctr, ctc.edu */
192.64.1.0/24;
192.94.22.0/24;
192.102.5.0/24;
192.124.98.0/24;
192.138.182.0/24;
192.160.133.0/24;
192.206.201.0/24;
192.207.104.0/24;
192.211.16.0/20;
192.222.32.0/19;
192.247.128.0/17;
/* Whitworth College, Spokane */
198.29.0.0/22;
198.104.64.0/18;
198.104.232.0/21;
/* Whitman College */
199.89.174.0/23;
206.193.0.0/18;
/* Washington State SEGP */
207.108.56.0/24;
/* Washington State K20 Network */
207.180.96.0/19;
/* Washington State K20 Network */
207.180.96.0/20;
207.207.96.0/19;
207.207.126.0/24;
207.207.127.0/24;
/* Hawaii segp */
208.65.120.0/22;
216.186.0.0/17;
216.186.0.0/18;
216.186.0.0/19;
216.186.64.0/20;
}
prefix-list CENIC-PARTICIPANT6 {
2620:000:0CE0::/48;
2620:0:DD0::/48;
}
prefix-list CALREN-PARTICIPANT6 {
2001:448:3::/48;
2001:468:0e00::/40;
2001:478:ff00::/40;
2001:478:ff00::/48;
2001:1878::/32;
2001:48d0::/32;
2001:48d0:c000::/34;
2607:f010::/32;
2607:F088::/32;
2607:F140::/32;
2607:F290::/32;
2607:f378::/32;
2607:F380::/32;
2607:F6D0::/32;
2607:F720::/32;
2607:F810::/32;
2620:000:0CE0::/48;
2620:0:DD0::/48;
2800:10:10::/48;
2800:10:11::/48;
2800:10:16::/48;
}
prefix-list GOOGLE-PARTICIPANT6 {
2001:4860:1::/48;
}
prefix-list CPS-PNWG {
38.103.168.0/22;
63.230.184.0/23;
63.230.186.0/24;
63.230.187.0/24;
66.96.64.0/20;
66.96.69.192/27;
67.201.192.0/18;
68.179.192.0/19;
69.56.64.0/18;
69.56.64.0/20;
69.91.128.0/17;
69.166.32.0/19;
72.14.32.0/19;
72.14.60.0/24;
72.14.61.0/24;
72.14.62.0/24;
72.233.128.0/17;
128.95.0.0/16;
128.208.0.0/16;
129.95.0.0/16;
129.101.0.0/16;
130.20.0.0/16;
131.252.0.0/16;
132.160.0.0/17;
134.39.0.0/16;
134.121.0.0/16;
137.53.0.0/16;
137.229.0.0/16;
140.107.0.0/16;
140.142.0.0/16;
140.160.0.0/16;
146.76.0.0/16;
146.79.0.0/16;
146.187.0.0/16;
147.55.0.0/16;
147.56.0.0/16;
150.131.0.0/16;
152.113.0.0/16;
152.157.0.0/16;
152.157.64.0/20;
153.90.0.0/16;
155.67.0.0/16;
156.74.0.0/16;
156.74.249.0/24;
156.74.250.0/24;
157.201.0.0/16;
159.1.0.0/16;
161.55.0.0/16;
162.78.0.0/16;
164.110.0.0/16;
164.116.0.0/16;
165.151.0.0/16;
166.122.0.0/16;
167.72.0.0/16;
168.99.0.0/16;
168.156.0.0/16;
168.156.80.0/20;
168.156.96.0/20;
168.156.112.0/20;
168.212.0.0/16;
168.212.244.0/22;
169.204.0.0/16;
192.31.215.0/24;
192.31.216.0/24;
192.35.193.0/24;
192.42.7.0/24;
192.46.80.128/26;
192.56.248.0/21;
192.64.1.0/24;
192.73.48.0/24;
192.94.21.0/24;
192.94.22.0/24;
192.94.25.0/24;
192.101.100.0/22;
192.101.104.0/22;
192.101.108.0/23;
192.102.5.0/24;
192.105.205.0/24;
192.124.98.0/24;
192.138.182.0/24;
192.148.93.0/24;
192.148.96.0/23;
192.149.56.0/24;
192.150.88.0/24;
192.150.143.0/24;
192.160.47.0/24;
192.160.133.0/24;
192.190.33.0/24;
192.206.201.0/24;
192.207.104.0/24;
192.207.124.0/24;
192.209.32.0/20;
192.209.48.0/21;
192.209.56.0/22;
192.209.60.0/23;
192.211.16.0/20;
192.230.0.0/20;
192.231.192.0/24;
192.247.128.0/17;
198.1.16.0/21;
198.1.24.0/23;
198.7.64.0/19;
198.17.13.0/24;
198.29.0.0/22;
198.32.170.0/24;
198.32.180.0/24;
198.32.195.0/24;
198.48.64.0/19;
198.48.76.0/22;
198.62.236.0/24;
198.99.100.0/23;
198.105.128.0/20;
198.135.121.0/24;
198.180.4.0/22;
198.181.251.0/24;
198.186.220.0/23;
198.187.0.0/22;
198.207.188.0/24;
198.238.0.0/16;
198.239.0.0/16;
199.47.32.0/22;
199.47.36.0/24;
199.165.64.0/18;
199.165.68.0/24;
199.184.112.0/22;
199.184.116.0/23;
199.233.108.0/24;
199.245.112.0/23;
199.245.238.0/24;
199.248.159.0/24;
199.248.160.0/23;
199.248.162.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
204.128.243.0/24;
204.134.149.0/24;
205.143.49.0/24;
205.159.96.0/24;
205.175.96.0/19;
206.193.0.0/18;
206.194.128.0/18;
206.208.64.0/21;
207.180.96.0/19;
207.183.0.0/19;
207.196.128.0/24;
207.196.130.0/23;
207.196.150.0/23;
207.196.152.0/24;
207.196.155.0/24;
207.196.156.0/24;
207.196.158.0/23;
207.196.160.0/24;
207.196.161.0/24;
207.196.162.0/23;
207.196.164.0/24;
207.196.165.0/24;
207.196.166.0/24;
207.196.167.0/24;
207.196.168.0/22;
207.196.172.0/23;
207.196.175.0/24;
207.196.179.0/24;
207.196.208.0/21;
207.196.216.0/22;
207.196.220.0/23;
207.196.240.0/20;
207.207.125.0/24;
207.207.127.0/24;
207.231.240.0/25;
207.231.241.0/24;
208.146.45.96/27;
209.74.192.0/19;
209.124.176.0/21;
209.124.176.128/27;
209.124.176.160/27;
209.124.176.208/32;
209.124.176.209/32;
209.124.176.210/32;
209.124.176.211/32;
209.124.176.212/32;
209.124.176.213/32;
209.124.176.214/32;
209.124.176.215/32;
209.124.176.216/32;
209.124.176.217/32;
209.124.176.218/32;
209.124.176.224/31;
209.124.176.226/31;
209.124.176.228/31;
209.124.177.160/28;
209.124.177.177/32;
209.124.177.178/32;
209.124.177.181/32;
209.124.178.128/28;
209.124.179.68/30;
209.124.180.0/25;
209.124.180.128/26;
209.124.182.0/25;
209.124.183.0/28;
209.124.183.16/28;
209.124.183.32/28;
209.124.183.48/28;
209.124.183.64/28;
209.124.183.80/28;
209.124.183.96/28;
209.124.183.128/28;
209.124.183.160/28;
209.124.183.192/28;
209.124.183.208/28;
209.124.184.0/21;
209.124.184.0/27;
209.124.184.128/26;
209.124.185.0/26;
209.124.186.0/24;
209.124.189.0/24;
216.186.0.0/17;
216.210.0.0/18;
}
prefix-list SC {
140.221.128.0/17;
140.221.221.240/28;
}
prefix-list SC6 {
2001:468:1f07::/48;
}
prefix-list CPS-TR6 {
2001:468:E00::/40;
2001:1860::/32;
2001:1878::/32;
2001:48D0::/32;
2607:F010::/32;
2607:F088::/32;
2607:F140::/32;
2607:F278::/32;
2607:F290::/32;
2607:F378::/32;
2607:F6D0::/32;
2610:10::/32;
2610:128::/32;
2620:0:DD0::/48;
}
prefix-list CPS-TR-TEST {
64.57.23.224/28;
}
prefix-list CPS-TR-TEST-IN {
24.196.128.0/19;
137.164.18.0/24;
}
prefix-list CPS-TR {
8.6.244.0/23;
12.4.228.0/24;
12.169.112.0/24;
12.169.197.0/24;
12.174.210.0/23;
13.7.128.0/21;
24.123.189.0/24;
24.199.205.0/24;
38.103.168.0/22;
38.114.142.0/23;
38.118.194.0/24;
38.118.211.0/24;
44.0.0.0/8;
59.191.208.0/20;
63.81.164.0/22;
63.118.64.0/23;
63.193.200.0/24;
63.199.32.0/21;
63.199.40.0/22;
63.199.44.0/24;
63.202.49.0/24;
63.207.252.0/22;
63.230.184.0/22;
63.247.0.0/19;
64.39.112.0/20;
64.54.0.0/16;
64.56.80.0/20;
64.69.144.0/20;
64.89.97.0/24;
64.92.176.0/20;
64.112.240.0/20;
64.147.208.0/20;
64.163.132.0/22;
64.185.120.0/21;
64.191.244.0/24;
65.115.176.0/23;
65.170.110.0/24;
65.197.4.0/22;
65.213.184.0/22;
66.4.0.0/15;
66.64.64.0/19;
66.71.0.0/17;
66.96.64.0/20;
66.186.144.0/20;
66.194.104.0/23;
66.194.217.0/24;
66.195.118.0/23;
66.244.0.0/18;
66.244.122.0/23;
67.17.206.0/24;
67.58.32.0/19;
67.159.64.0/18;
67.201.0.0/16;
67.230.192.0/20;
68.65.160.0/20;
68.115.226.0/24;
68.179.192.0/19;
68.181.0.0/16;
68.208.127.0/24;
69.41.16.0/20;
69.44.86.0/23;
69.56.64.0/18;
69.65.160.0/19;
69.88.160.0/19;
69.91.128.0/17;
69.147.139.0/24;
69.166.32.0/19;
69.196.32.0/19;
70.33.64.0/18;
70.63.88.0/24;
72.10.8.0/22;
72.14.32.0/19;
72.162.224.0/19;
72.166.150.0/24;
72.233.128.0/17;
72.237.88.0/22;
72.250.224.0/19;
74.51.115.0/24;
74.117.168.0/22;
74.119.168.0/22;
74.214.64.0/19;
75.102.64.0/18;
76.78.96.0/19;
76.165.0.0/16;
96.4.0.0/15;
97.107.64.0/20;
128.2.0.0/16;
128.3.0.0/16;
128.9.0.0/16;
128.12.0.0/16;
128.32.0.0/16;
128.48.0.0/16;
128.54.0.0/16;
128.61.0.0/16;
128.62.0.0/16;
128.82.0.0/15;
128.95.0.0/16;
128.97.0.0/16;
128.99.0.0/16;
128.109.0.0/16;
128.110.0.0/15;
128.110.0.0/16;
128.114.0.0/16;
128.116.0.0/15;
128.118.0.0/16;
128.120.0.0/16;
128.125.0.0/16;
128.138.0.0/16;
128.143.0.0/16;
128.147.0.0/16;
128.149.0.0/16;
128.169.0.0/16;
128.171.0.0/16;
128.173.0.0/16;
128.182.0.0/16;
128.184.0.0/16;
128.186.0.0/15;
128.187.0.0/16;
128.192.0.0/16;
128.194.0.0/16;
128.195.0.0/16;
128.198.0.0/16;
128.200.0.0/16;
128.208.0.0/16;
128.218.0.0/16;
128.227.0.0/16;
128.237.0.0/16;
128.241.65.0/24;
128.250.0.0/16;
129.4.0.0/16;
129.8.0.0/16;
129.15.0.0/16;
129.19.0.0/16;
129.65.0.0/16;
129.66.0.0/16;
129.72.0.0/16;
129.78.0.0/16;
129.81.0.0/16;
129.82.0.0/16;
129.94.0.0/15;
129.95.0.0/16;
129.96.0.0/16;
129.101.0.0/16;
129.106.0.0/15;
129.108.0.0/14;
129.113.0.0/16;
129.114.0.0/15;
129.116.0.0/15;
129.123.0.0/16;
129.127.0.0/16;
129.171.0.0/16;
129.180.0.0/16;
129.193.0.0/16;
129.207.0.0/16;
129.244.0.0/16;
130.17.0.0/16;
130.18.0.0/16;
130.20.0.0/16;
130.39.0.0/16;
130.49.0.0/16;
130.56.0.0/16;
130.65.0.0/16;
130.70.0.0/16;
130.74.0.0/16;
130.85.0.0/16;
130.86.0.0/16;
130.95.0.0/16;
130.102.0.0/16;
130.116.0.0/16;
130.127.0.0/16;
130.130.0.0/16;
130.150.0.0/16;
130.152.0.0/16;
130.155.0.0/16;
130.157.0.0/16;
130.166.0.0/16;
130.182.0.0/16;
130.184.0.0/16;
130.191.0.0/16;
130.194.0.0/16;
130.203.0.0/16;
130.207.0.0/16;
130.212.0.0/16;
130.218.0.0/16;
130.220.0.0/15;
130.253.0.0/16;
130.254.0.0/16;
131.91.0.0/16;
131.94.0.0/15;
131.118.0.0/16;
131.144.0.0/16;
131.170.0.0/16;
131.171.0.0/16;
131.172.0.0/16;
131.179.0.0/16;
131.181.0.0/16;
131.185.0.0/16;
131.204.0.0/16;
131.215.0.0/16;
131.216.0.0/15;
131.236.0.0/16;
131.242.0.0/16;
131.243.0.0/16;
131.244.0.0/15;
131.247.0.0/16;
131.252.0.0/16;
132.160.0.0/16;
132.163.0.0/16;
132.170.0.0/16;
132.194.0.0/16;
132.234.0.0/16;
132.239.0.0/16;
132.241.0.0/16;
132.249.0.0/16;
134.4.0.0/16;
134.7.0.0/16;
134.39.0.0/16;
134.45.0.0/16;
134.50.0.0/16;
134.69.0.0/16;
134.70.0.0/15;
134.79.0.0/16;
134.89.0.0/16;
134.115.0.0/16;
134.121.0.0/16;
134.139.0.0/16;
134.148.0.0/16;
134.154.0.0/16;
134.173.0.0/16;
134.178.0.0/16;
134.187.32.0/24;
134.192.0.0/16;
134.197.0.0/16;
134.224.0.0/16;
134.250.0.0/16;
135.23.0.0/16;
135.154.0.0/16;
136.142.0.0/16;
136.152.0.0/16;
136.154.0.0/16;
136.160.0.0/16;
136.168.0.0/15;
136.186.0.0/16;
136.235.0.0/16;
136.242.0.0/16;
137.30.0.0/16;
137.52.0.0/15;
137.53.0.0/16;
137.54.0.0/16;
137.75.0.0/16;
137.78.0.0/15;
137.92.0.0/16;
137.110.0.0/15;
137.131.0.0/16;
137.145.0.0/16;
137.150.0.0/15;
137.154.0.0/16;
137.157.0.0/16;
137.159.0.0/16;
137.164.0.0/16;
137.166.0.0/16;
137.190.0.0/16;
137.219.0.0/16;
137.220.0.0/16;
137.228.0.0/15;
137.229.0.0/16;
138.7.0.0/16;
138.23.0.0/16;
138.25.0.0/16;
138.26.0.0/16;
138.44.0.0/16;
138.47.0.0/16;
138.67.0.0/16;
138.77.0.0/16;
138.78.0.0/16;
138.80.0.0/16;
138.86.0.0/16;
138.194.0.0/16;
138.202.0.0/16;
139.52.0.0/16;
139.59.0.0/16;
139.62.0.0/16;
139.78.0.0/16;
139.86.0.0/16;
139.94.0.0/16;
139.132.0.0/16;
139.182.0.0/16;
139.229.0.0/16;
139.230.0.0/16;
140.32.128.0/24;
140.79.0.0/16;
140.90.0.0/16;
140.107.0.0/16;
140.142.0.0/16;
140.144.0.0/16;
140.158.0.0/16;
140.159.0.0/16;
140.160.0.0/16;
140.171.0.0/16;
140.172.0.0/16;
140.197.0.0/16;
140.221.128.0/17;
140.226.0.0/16;
140.253.0.0/16;
141.132.0.0/16;
141.165.0.0/16;
143.88.0.0/16;
143.100.0.0/16;
143.111.0.0/16;
143.132.0.0/16;
143.215.0.0/16;
143.254.0.0/16;
144.6.0.0/16;
144.17.0.0/16;
144.30.0.0/16;
144.35.0.0/16;
144.37.0.0/16;
144.38.0.0/15;
144.97.0.0/16;
144.110.0.0/16;
144.120.0.0/16;
144.167.0.0/16;
144.174.0.0/16;
144.205.0.0/16;
144.215.0.0/16;
146.6.0.0/16;
146.76.0.0/16;
146.79.0.0/16;
146.79.42.0/24;
146.79.44.0/24;
146.79.51.0/24;
146.79.72.0/24;
146.79.80.0/24;
146.79.253.0/24;
146.79.254.0/24;
146.86.0.0/16;
146.118.0.0/16;
146.129.0.0/16;
146.186.0.0/15;
146.201.0.0/16;
146.221.0.0/16;
146.229.0.0/16;
146.244.0.0/16;
147.26.0.0/16;
147.55.0.0/16;
147.56.0.0/16;
147.70.0.0/16;
147.72.0.0/15;
147.97.0.0/16;
147.128.68.0/22;
147.144.0.0/16;
147.153.0.0/16;
147.174.0.0/16;
148.231.0.0/16;
149.142.0.0/16;
149.144.0.0/16;
149.168.0.0/16;
149.171.0.0/16;
150.131.0.0/16;
150.176.0.0/16;
150.182.128.0/17;
150.185.0.0/16;
150.186.0.0/15;
150.188.0.0/15;
150.212.0.0/16;
150.216.0.0/16;
150.231.0.0/16;
150.232.0.0/16;
151.132.0.0/16;
151.195.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
152.79.0.0/16;
152.113.0.0/16;
152.157.0.0/16;
153.18.0.0/16;
153.90.0.0/16;
153.105.0.0/16;
155.31.0.0/16;
155.58.0.0/16;
155.67.0.0/16;
155.97.0.0/16;
155.98.0.0/15;
155.100.0.0/15;
155.135.0.0/16;
156.1.0.0/16;
156.3.0.0/16;
156.74.0.0/16;
156.108.0.0/16;
156.110.0.0/16;
156.143.0.0/16;
157.142.0.0/16;
157.149.0.0/16;
157.182.0.0/16;
157.201.0.0/16;
157.233.0.0/16;
157.242.0.0/16;
158.83.0.0/16;
158.91.0.0/17;
158.91.128.0/18;
158.93.0.0/16;
158.142.0.0/16;
159.1.0.0/16;
159.115.0.0/16;
159.150.0.0/16;
159.178.0.0/16;
160.7.0.0/16;
160.7.0.0/17;
160.7.128.0/18;
160.10.0.0/16;
160.36.0.0/16;
160.64.0.0/16;
160.87.0.0/16;
160.227.0.0/16;
161.28.0.0/16;
161.50.0.0/16;
161.55.0.0/16;
161.97.0.0/16;
161.98.0.0/16;
161.119.0.0/16;
162.51.0.0/16;
162.58.0.0/16;
162.78.0.0/16;
162.89.0.0/16;
163.6.0.0/16;
163.40.0.0/16;
163.118.0.0/16;
163.129.0.0/16;
163.150.0.0/16;
163.246.0.0/16;
163.248.0.0/16;
164.47.0.0/16;
164.58.0.0/16;
164.67.0.0/16;
164.104.0.0/16;
164.110.0.0/15;
164.110.0.0/16;
164.116.0.0/16;
165.6.0.0/16;
165.12.219.0/24;
165.12.253.0/24;
165.24.0.0/16;
165.74.16.0/20;
165.91.0.0/16;
165.95.0.0/16;
165.127.0.0/16;
165.138.0.0/15;
165.151.0.0/16;
165.161.0.0/16;
165.196.0.0/16;
165.239.0.0/16;
165.248.0.0/16;
166.122.0.0/16;
167.72.0.0/16;
167.102.0.0/16;
167.217.0.0/16;
168.8.0.0/13;
168.16.0.0/12;
168.62.16.0/21;
168.99.0.0/16;
168.102.0.0/17;
168.105.0.0/16;
168.156.0.0/16;
168.177.0.0/16;
168.178.0.0/15;
168.180.0.0/16;
168.184.0.0/16;
168.190.0.0/16;
168.212.0.0/15;
168.212.0.0/16;
168.223.0.0/16;
168.254.0.0/16;
169.133.0.0/16;
169.139.0.0/16;
169.199.0.0/16;
169.204.0.0/16;
169.228.0.0/14;
169.232.0.0/15;
169.234.0.0/16;
169.235.0.0/16;
169.236.0.0/15;
170.91.128.0/18;
170.93.0.0/16;
170.99.0.0/16;
170.140.0.0/16;
170.157.0.0/16;
170.190.40.0/22;
171.64.0.0/14;
172.31.254.0/23;
192.0.32.0/20;
192.5.2.0/24;
192.5.10.0/24;
192.5.12.0/24;
192.5.19.0/24;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.5.197.0/24;
192.6.26.0/24;
192.6.70.0/24;
192.12.10.0/24;
192.12.19.0/24;
192.12.22.0/24;
192.12.32.0/24;
192.12.44.0/24;
192.12.56.0/24;
192.12.83.0/24;
192.12.84.0/22;
192.12.121.0/24;
192.12.207.0/24;
192.12.234.0/24;
192.12.240.0/24;
192.16.72.0/24;
192.16.176.0/24;
192.16.180.0/24;
192.26.83.0/24;
192.26.136.0/24;
192.26.250.0/23;
192.26.251.0/24;
192.26.252.0/23;
192.26.254.0/24;
192.30.115.0/24;
192.30.208.0/24;
192.31.21.0/24;
192.31.39.0/24;
192.31.43.0/24;
192.31.83.0/24;
192.31.89.0/24;
192.31.95.0/24;
192.31.105.0/24;
192.31.107.0/24;
192.31.146.0/24;
192.31.153.0/24;
192.31.161.0/24;
192.31.215.0/24;
192.31.216.0/24;
192.33.115.0/24;
192.33.116.0/23;
192.34.239.0/24;
192.35.48.0/23;
192.35.95.0/24;
192.35.96.0/23;
192.35.98.0/24;
192.35.155.0/24;
192.35.162.0/23;
192.35.164.0/22;
192.35.169.0/24;
192.35.193.0/24;
192.35.209.0/24;
192.35.210.0/23;
192.35.210.0/24;
192.35.212.0/22;
192.35.216.0/22;
192.35.221.0/24;
192.35.222.0/23;
192.35.224.0/22;
192.35.225.0/24;
192.35.228.0/24;
192.35.248.0/24;
192.41.70.0/24;
192.41.96.0/22;
192.41.146.0/24;
192.41.208.0/24;
192.42.7.0/24;
192.42.60.0/23;
192.42.62.0/24;
192.42.82.0/24;
192.42.108.0/24;
192.43.207.0/24;
192.43.208.0/23;
192.43.217.0/24;
192.43.226.0/23;
192.43.228.0/23;
192.43.230.0/24;
192.43.239.0/24;
192.43.244.0/24;
192.45.0.0/16;
192.46.80.0/24;
192.48.109.0/24;
192.48.110.0/24;
192.52.106.0/24;
192.52.163.0/24;
192.52.164.0/23;
192.52.240.0/24;
192.54.105.0/24;
192.54.106.0/24;
192.55.87.0/24;
192.55.98.0/24;
192.55.190.0/24;
192.55.219.0/24;
192.55.229.0/24;
192.56.246.0/23;
192.56.248.0/21;
192.58.107.0/24;
192.58.109.0/24;
192.58.110.0/23;
192.58.112.0/22;
192.58.116.0/23;
192.58.221.0/24;
192.64.1.0/24;
192.65.130.0/24;
192.65.200.0/24;
192.67.11.0/24;
192.67.12.0/24;
192.67.20.0/23;
192.67.81.0/24;
192.67.82.0/24;
192.67.134.0/24;
192.68.132.0/24;
192.68.161.0/24;
192.70.135.0/24;
192.70.171.0/24;
192.70.175.0/24;
192.70.216.0/24;
192.73.4.0/24;
192.73.22.0/24;
192.73.48.0/24;
192.76.122.0/24;
192.77.14.0/24;
192.77.116.0/24;
192.78.4.0/24;
192.78.182.0/24;
192.80.27.0/24;
192.80.53.0/24;
192.80.210.0/24;
192.82.111.0/24;
192.82.140.0/24;
192.82.161.0/24;
192.83.123.0/24;
192.83.238.0/24;
192.84.171.0/24;
192.86.78.0/24;
192.88.11.0/24;
192.88.99.0/24;
192.88.107.0/24;
192.88.111.0/24;
192.88.114.0/23;
192.88.122.0/24;
192.88.124.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.92.124.0/24;
192.94.21.0/24;
192.94.22.0/24;
192.94.25.0/24;
192.94.62.0/23;
192.94.64.0/24;
192.94.74.0/24;
192.94.208.0/23;
192.94.227.0/24;
192.94.243.0/24;
192.94.244.0/24;
192.100.16.0/24;
192.101.19.0/24;
192.101.20.0/22;
192.101.24.0/24;
192.101.42.0/24;
192.101.45.0/24;
192.101.58.0/24;
192.101.100.0/22;
192.101.104.0/22;
192.101.108.0/23;
192.101.139.0/24;
192.101.140.0/24;
192.102.5.0/24;
192.102.223.0/24;
192.102.239.0/24;
192.102.250.0/23;
192.103.56.0/24;
192.104.166.0/24;
192.104.174.0/24;
192.105.205.0/24;
192.105.235.0/24;
192.107.9.0/24;
192.107.44.0/24;
192.107.102.0/24;
192.107.180.0/23;
192.111.32.0/24;
192.111.46.0/24;
192.111.53.0/24;
192.111.112.0/24;
192.111.123.0/24;
192.111.213.0/24;
192.120.193.0/24;
192.122.176.0/24;
192.124.98.0/24;
192.124.100.0/24;
192.124.117.0/24;
192.124.152.0/24;
192.124.225.0/24;
192.124.226.0/23;
192.124.228.0/23;
192.124.230.0/24;
192.131.232.0/24;
192.131.251.0/24;
192.132.253.0/24;
192.133.17.0/24;
192.133.41.0/24;
192.135.131.0/24;
192.135.141.0/24;
192.135.237.0/24;
192.135.238.0/24;
192.136.70.0/24;
192.137.210.0/24;
192.138.85.0/24;
192.138.100.0/24;
192.138.168.0/24;
192.138.182.0/24;
192.138.184.0/24;
192.138.240.0/21;
192.146.206.0/24;
192.146.226.0/24;
192.147.30.0/24;
192.147.163.0/24;
192.148.93.0/24;
192.148.96.0/23;
192.148.223.0/24;
192.148.224.0/22;
192.148.228.0/23;
192.148.230.0/24;
192.149.36.0/24;
192.149.56.0/24;
192.149.148.0/24;
192.149.244.0/24;
192.150.88.0/24;
192.150.93.0/24;
192.150.103.0/24;
192.150.130.0/23;
192.150.132.0/23;
192.150.137.0/24;
192.150.138.0/23;
192.150.143.0/24;
192.150.147.0/24;
192.150.186.0/23;
192.150.202.0/24;
192.150.216.0/23;
192.151.82.0/24;
192.151.113.0/24;
192.152.10.0/24;
192.153.43.0/24;
192.153.53.0/24;
192.153.129.0/24;
192.154.1.0/24;
192.154.2.0/24;
192.154.4.0/23;
192.154.6.0/24;
192.154.32.0/19;
192.154.64.0/19;
192.156.134.0/24;
192.156.215.0/24;
192.159.128.0/22;
192.159.138.0/24;
192.160.47.0/24;
192.160.49.0/24;
192.160.133.0/24;
192.160.205.0/24;
192.160.253.0/24;
192.170.96.0/19;
192.172.226.0/24;
192.173.32.0/19;
192.173.32.0/20;
192.173.48.0/22;
192.174.0.0/16;
192.188.101.0/24;
192.188.155.0/24;
192.188.186.0/24;
192.189.45.0/24;
192.189.46.0/23;
192.189.48.0/24;
192.189.244.0/24;
192.190.33.0/24;
192.190.38.0/24;
192.190.45.0/24;
192.195.41.0/24;
192.195.74.0/24;
192.195.86.0/23;
192.195.100.0/24;
192.195.153.0/24;
192.195.154.0/23;
192.195.170.0/24;
192.195.222.0/24;
192.198.4.0/22;
192.203.127.0/24;
192.203.164.0/24;
192.203.199.0/24;
192.203.200.0/24;
192.203.235.0/24;
192.206.65.0/24;
192.206.171.0/24;
192.206.201.0/24;
192.206.244.0/22;
192.207.33.0/24;
192.207.104.0/24;
192.207.124.0/24;
192.207.156.0/22;
192.207.160.0/23;
192.207.173.0/24;
192.207.184.0/24;
192.207.197.0/24;
192.207.198.0/24;
192.207.232.0/24;
192.208.128.0/20;
192.208.144.0/21;
192.208.152.0/22;
192.208.156.0/23;
192.209.32.0/19;
192.209.32.0/20;
192.209.48.0/21;
192.209.56.0/22;
192.209.60.0/23;
192.211.16.0/20;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/23;
192.216.34.0/24;
192.216.173.0/24;
192.220.192.0/24;
192.220.200.0/21;
192.222.32.0/19;
192.228.79.0/24;
192.230.0.0/20;
192.231.3.0/24;
192.231.41.0/24;
192.231.56.0/24;
192.231.127.0/24;
192.231.166.0/23;
192.231.179.0/24;
192.231.191.0/24;
192.231.192.0/24;
192.231.212.0/24;
192.231.242.0/24;
192.234.12.0/23;
192.235.0.0/20;
192.237.67.0/24;
192.245.165.0/24;
192.245.210.0/23;
192.245.212.0/22;
192.245.216.0/23;
192.245.221.0/24;
192.245.222.0/23;
192.245.224.0/24;
192.247.128.0/17;
192.248.180.0/24;
192.249.0.0/20;
192.251.207.0/24;
196.13.32.0/22;
198.1.16.0/21;
198.1.24.0/23;
198.7.64.0/19;
198.11.4.0/22;
198.11.16.0/20;
198.17.13.0/24;
198.17.46.0/23;
198.17.101.0/24;
198.17.195.0/24;
198.17.223.0/24;
198.22.91.0/24;
198.29.0.0/22;
198.32.16.0/24;
198.32.20.0/24;
198.32.64.0/24;
198.32.155.0/24;
198.32.166.0/24;
198.32.170.0/23;
198.32.173.0/24;
198.32.216.0/24;
198.32.224.0/24;
198.32.248.0/23;
198.32.251.0/24;
198.32.252.0/24;
198.38.64.0/21;
198.48.64.0/19;
198.49.6.0/24;
198.49.31.0/24;
198.49.104.0/24;
198.49.166.0/24;
198.49.215.0/24;
198.49.222.0/24;
198.51.111.0/24;
198.51.208.0/24;
198.55.8.0/21;
198.59.0.0/16;
198.59.2.0/24;
198.59.7.0/24;
198.59.46.0/23;
198.59.48.0/23;
198.59.54.0/23;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/23;
198.59.87.0/24;
198.59.89.0/24;
198.59.93.0/24;
198.60.0.0/16;
198.60.0.0/18;
198.60.64.0/19;
198.60.96.0/20;
198.60.112.0/21;
198.60.217.0/24;
198.60.218.0/23;
198.60.220.0/22;
198.60.224.0/22;
198.60.238.0/24;
198.62.72.0/24;
198.62.77.0/24;
198.62.88.0/23;
198.62.142.0/24;
198.62.236.0/24;
198.72.64.0/21;
198.72.72.0/22;
198.82.0.0/16;
198.85.0.0/16;
198.86.0.0/16;
198.97.62.0/24;
198.99.93.0/24;
198.99.100.0/23;
198.99.201.0/24;
198.102.159.0/24;
198.104.0.0/17;
198.104.64.0/18;
198.104.160.0/20;
198.104.232.0/21;
198.105.128.0/20;
198.118.206.0/24;
198.133.185.0/24;
198.133.204.0/24;
198.134.135.0/24;
198.135.121.0/24;
198.135.235.0/24;
198.136.8.0/21;
198.136.130.0/24;
198.137.16.0/20;
198.137.147.0/24;
198.137.151.0/24;
198.137.152.0/23;
198.137.167.0/24;
198.137.224.0/24;
198.144.160.0/20;
198.147.64.0/18;
198.147.138.0/23;
198.147.151.0/24;
198.147.237.0/24;
198.147.238.0/24;
198.148.64.0/21;
198.148.72.0/22;
198.148.76.0/24;
198.153.169.0/24;
198.173.134.0/24;
198.175.158.0/24;
198.175.250.0/24;
198.175.251.0/24;
198.175.252.0/24;
198.178.194.0/24;
198.178.254.0/24;
198.179.130.0/24;
198.180.4.0/22;
198.180.132.0/22;
198.181.220.0/24;
198.181.223.0/24;
198.181.224.0/23;
198.181.226.0/24;
198.181.251.0/24;
198.182.205.0/24;
198.183.128.0/22;
198.183.248.0/23;
198.184.147.0/24;
198.184.209.0/24;
198.186.182.0/24;
198.186.216.0/24;
198.186.220.0/23;
198.187.0.0/22;
198.187.154.0/24;
198.187.221.0/24;
198.187.222.0/24;
198.188.0.0/15;
198.200.158.0/24;
198.200.160.0/24;
198.202.0.0/21;
198.202.64.0/18;
198.202.65.0/24;
198.202.66.0/23;
198.202.68.0/23;
198.202.70.0/24;
198.202.144.0/23;
198.202.201.0/24;
198.202.202.0/24;
198.202.242.0/24;
198.203.153.0/24;
198.204.126.0/24;
198.206.16.0/20;
198.207.138.0/23;
198.207.153.0/24;
198.207.156.0/24;
198.207.188.0/24;
198.207.222.0/24;
198.213.0.0/16;
198.214.0.0/15;
198.216.0.0/16;
198.232.64.0/19;
198.232.96.0/21;
198.232.136.0/24;
198.232.231.0/24;
198.238.0.0/15;
198.243.6.0/24;
198.245.16.0/20;
198.251.100.0/22;
199.2.216.0/24;
199.5.154.0/23;
199.6.12.0/24;
199.20.16.0/20;
199.27.8.0/21;
199.33.130.0/23;
199.33.132.0/23;
199.33.134.0/24;
199.44.67.0/24;
199.44.72.0/24;
199.47.32.0/22;
199.47.36.0/24;
199.58.28.0/22;
199.65.254.0/24;
199.77.128.0/17;
199.79.165.0/24;
199.79.166.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.88.94.0/24;
199.88.95.0/24;
199.88.96.0/23;
199.88.99.0/24;
199.88.100.0/22;
199.88.112.0/24;
199.88.119.0/24;
199.88.122.0/23;
199.88.124.0/23;
199.88.126.0/24;
199.88.192.0/24;
199.89.174.0/23;
199.90.0.0/16;
199.104.0.0/16;
199.104.18.0/24;
199.104.23.0/24;
199.104.32.0/19;
199.104.64.0/18;
199.105.0.0/18;
199.111.17.0/24;
199.111.18.0/23;
199.111.56.0/24;
199.111.160.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.120.0.0/21;
199.120.8.0/22;
199.120.153.0/24;
199.120.166.0/23;
199.164.64.0/18;
199.164.236.0/23;
199.164.236.0/24;
199.164.253.0/24;
199.165.16.0/20;
199.165.64.0/18;
199.181.88.0/22;
199.184.64.0/22;
199.184.68.0/24;
199.184.112.0/22;
199.184.116.0/23;
199.184.200.0/22;
199.184.205.0/24;
199.184.208.0/23;
199.190.128.0/23;
199.190.174.0/24;
199.190.249.0/24;
199.190.250.0/23;
199.190.252.0/24;
199.223.171.0/24;
199.230.32.0/20;
199.230.48.0/22;
199.233.108.0/24;
199.233.119.0/24;
199.233.182.0/24;
199.237.64.0/19;
199.237.160.0/19;
199.242.201.0/24;
199.242.231.0/24;
199.242.232.0/23;
199.245.112.0/23;
199.245.131.0/24;
199.245.155.0/24;
199.245.163.0/24;
199.245.164.0/23;
199.245.166.0/24;
199.245.187.0/24;
199.245.238.0/24;
199.245.246.0/24;
199.248.134.0/23;
199.248.159.0/24;
199.248.160.0/23;
199.248.162.0/24;
199.248.173.0/24;
199.248.174.0/23;
199.248.176.0/23;
199.248.178.0/24;
199.248.201.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
199.253.32.0/20;
199.253.48.0/21;
200.93.241.0/24;
202.0.67.0/24;
202.0.68.0/24;
202.0.98.0/24;
202.6.3.0/24;
202.6.4.0/24;
202.6.74.0/24;
202.6.77.0/24;
202.6.83.0/24;
202.6.91.0/24;
202.6.112.0/24;
202.6.115.0/24;
202.8.32.0/21;
202.9.0.0/20;
202.12.92.0/24;
202.12.120.0/23;
202.14.0.0/22;
202.14.66.0/24;
202.158.192.0/19;
203.0.1.0/24;
203.0.19.0/24;
203.0.40.0/24;
203.0.68.0/23;
203.0.88.0/23;
203.0.93.0/24;
203.0.95.0/24;
203.0.100.0/24;
203.0.141.0/24;
203.0.153.0/24;
203.1.29.0/24;
203.1.30.0/23;
203.1.32.0/19;
203.1.64.0/24;
203.1.110.0/23;
203.1.224.0/20;
203.2.32.0/19;
203.2.80.0/20;
203.2.136.0/22;
203.3.164.0/23;
203.4.144.0/22;
203.4.164.0/22;
203.4.189.0/24;
203.4.200.0/22;
203.5.12.0/24;
203.5.64.0/21;
203.5.75.0/24;
203.5.112.0/24;
203.5.122.0/24;
203.5.216.0/23;
203.5.220.0/22;
203.5.224.0/20;
203.5.240.0/22;
203.6.3.0/24;
203.6.4.0/24;
203.6.60.0/24;
203.6.64.0/24;
203.6.141.0/24;
203.6.144.0/24;
203.6.243.0/24;
203.6.255.0/24;
203.7.128.0/24;
203.7.140.0/22;
203.7.168.0/24;
203.7.170.0/24;
203.7.242.0/24;
203.8.0.0/24;
203.8.68.0/24;
203.9.128.0/21;
203.9.156.0/24;
203.10.33.0/24;
203.10.40.0/22;
203.10.44.0/24;
203.10.46.0/23;
203.10.48.0/22;
203.10.52.0/23;
203.10.54.0/24;
203.10.57.0/24;
203.10.90.0/23;
203.10.105.0/24;
203.10.217.0/24;
203.11.110.0/23;
203.11.221.0/24;
203.12.26.0/23;
203.12.122.0/23;
203.12.128.0/24;
203.13.192.0/23;
203.13.204.0/22;
203.13.230.0/24;
203.14.107.0/24;
203.15.65.0/24;
203.15.109.0/24;
203.15.122.0/23;
203.15.226.0/24;
203.16.40.0/21;
203.17.144.0/22;
203.17.179.0/24;
203.17.189.0/24;
203.18.60.0/23;
203.18.200.0/22;
203.18.205.0/24;
203.18.207.0/24;
203.18.230.0/23;
203.19.110.0/24;
203.19.150.0/24;
203.20.18.0/24;
203.20.160.0/19;
203.21.37.0/24;
203.21.121.0/24;
203.21.130.0/23;
203.22.64.0/24;
203.22.81.0/24;
203.22.86.0/24;
203.22.108.0/23;
203.22.212.0/24;
203.22.220.0/23;
203.22.236.0/22;
203.23.136.0/24;
203.23.178.0/24;
203.24.69.0/24;
203.24.97.0/24;
203.25.1.0/24;
203.25.92.0/22;
203.26.93.0/24;
203.26.118.0/24;
203.26.134.0/24;
203.27.11.0/24;
203.27.71.0/24;
203.27.81.0/24;
203.27.109.0/24;
203.27.220.0/23;
203.28.18.0/24;
203.28.79.0/24;
203.28.150.0/24;
203.28.206.0/24;
203.28.230.0/23;
203.28.240.0/20;
203.29.104.0/21;
203.29.220.0/24;
203.29.249.0/24;
203.30.193.0/24;
203.31.26.0/23;
203.31.247.0/24;
203.32.106.0/23;
203.34.41.0/24;
203.34.133.0/24;
203.34.148.0/24;
203.34.251.0/24;
203.55.2.0/23;
203.55.4.0/24;
203.55.54.0/23;
203.57.160.0/19;
203.62.0.0/17;
203.62.232.0/23;
203.100.0.0/19;
203.110.252.0/22;
203.143.160.0/20;
204.9.100.0/22;
204.9.144.0/21;
204.17.178.0/23;
204.17.189.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.29.164.0/24;
204.48.128.0/17;
204.52.128.0/22;
204.56.128.0/17;
204.57.0.0/21;
204.61.0.0/21;
204.61.8.0/22;
204.61.12.0/23;
204.62.16.0/21;
204.62.24.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.62.200.0/22;
204.62.204.0/23;
204.62.211.0/24;
204.62.251.0/24;
204.63.176.0/21;
204.63.216.0/24;
204.63.218.0/23;
204.63.220.0/22;
204.63.222.0/23;
204.63.224.0/21;
204.68.64.0/19;
204.69.0.0/21;
204.69.248.0/24;
204.74.68.0/23;
204.75.249.0/24;
204.75.250.0/23;
204.75.252.0/22;
204.80.191.0/24;
204.84.0.0/15;
204.87.64.0/18;
204.87.213.0/24;
204.87.241.0/24;
204.88.128.0/19;
204.88.192.0/19;
204.89.8.0/21;
204.90.32.0/20;
204.90.48.0/22;
204.96.142.0/23;
204.99.0.0/16;
204.99.128.0/18;
204.100.0.0/16;
204.102.0.0/16;
204.107.130.0/24;
204.107.152.0/24;
204.107.242.0/24;
204.108.64.0/18;
204.110.32.0/20;
204.110.48.0/22;
204.113.0.0/16;
204.115.168.0/21;
204.118.32.0/24;
204.122.128.0/17;
204.126.2.0/23;
204.126.138.0/23;
204.126.144.0/23;
204.126.162.0/23;
204.126.186.0/23;
204.126.188.0/22;
204.128.156.0/24;
204.128.243.0/24;
204.129.0.0/16;
204.130.214.0/24;
204.131.37.0/24;
204.131.38.0/23;
204.131.58.0/24;
204.131.62.0/24;
204.131.208.0/24;
204.131.232.0/24;
204.131.247.0/24;
204.132.224.0/20;
204.133.235.0/24;
204.134.149.0/24;
204.134.194.0/23;
204.134.217.0/24;
204.134.219.0/24;
204.134.251.0/24;
204.134.252.0/22;
204.140.128.0/17;
204.145.157.0/24;
204.145.182.0/24;
204.145.202.0/24;
204.147.16.0/20;
204.152.2.0/23;
204.152.60.0/23;
204.152.100.0/22;
204.154.112.0/21;
204.155.0.0/20;
204.158.0.0/16;
204.193.0.0/19;
204.194.28.0/22;
204.194.32.0/21;
204.196.106.0/24;
204.196.161.0/24;
204.196.162.0/23;
204.196.167.0/24;
204.200.84.0/24;
204.200.98.0/24;
204.201.0.0/20;
204.201.112.0/20;
204.211.0.0/16;
204.228.64.0/24;
204.228.67.0/24;
204.228.68.0/23;
204.228.68.0/24;
204.228.71.0/24;
204.228.78.0/23;
204.228.78.0/24;
204.228.80.0/24;
204.228.82.0/23;
204.228.186.0/24;
204.228.192.0/22;
204.228.201.0/24;
204.228.208.0/22;
204.228.208.0/23;
204.228.210.0/24;
204.228.212.0/24;
204.235.176.0/24;
204.238.30.0/24;
204.238.95.0/24;
204.238.101.0/24;
204.249.106.0/23;
204.250.96.0/20;
205.118.0.0/15;
205.120.0.0/13;
205.132.248.0/21;
205.137.32.0/20;
205.137.240.0/20;
205.141.128.0/18;
205.143.48.0/21;
205.143.49.0/24;
205.143.88.0/21;
205.143.136.0/21;
205.143.216.0/21;
205.147.0.0/18;
205.153.156.0/22;
205.153.220.0/22;
205.154.0.0/15;
205.159.27.0/24;
205.159.96.0/24;
205.159.237.0/24;
205.165.0.0/16;
205.166.67.0/24;
205.166.205.0/24;
205.166.221.0/24;
205.167.24.0/23;
205.167.46.0/23;
205.167.162.0/23;
205.168.225.0/24;
205.169.17.0/24;
205.169.112.0/24;
205.169.136.0/23;
205.169.160.0/24;
205.169.205.0/24;
205.169.206.0/24;
205.169.208.0/24;
205.170.168.0/21;
205.170.235.0/24;
205.173.40.0/21;
205.174.48.0/20;
205.174.208.0/20;
205.174.240.0/20;
205.175.96.0/19;
205.176.88.0/24;
205.186.32.0/19;
205.187.33.0/24;
205.199.200.0/23;
205.234.0.0/22;
205.235.80.0/20;
205.235.84.0/23;
205.235.88.0/23;
205.235.91.0/24;
205.241.232.0/21;
206.15.224.0/19;
206.17.20.0/22;
206.17.24.0/21;
206.17.32.0/22;
206.17.94.0/23;
206.40.176.0/20;
206.57.72.0/21;
206.61.156.0/24;
206.72.224.0/19;
206.76.0.0/15;
206.78.0.0/16;
206.81.164.0/22;
206.82.224.0/19;
206.110.0.0/16;
206.117.0.0/16;
206.124.224.0/19;
206.126.128.0/19;
206.176.160.0/19;
206.188.32.0/19;
206.193.0.0/18;
206.194.0.0/18;
206.194.128.0/18;
206.196.160.0/19;
206.197.121.0/24;
206.201.240.0/20;
206.202.192.0/18;
206.203.81.0/24;
206.204.40.0/24;
206.206.0.0/15;
206.206.18.0/24;
206.207.64.0/21;
206.207.72.0/23;
206.207.74.0/24;
206.207.96.0/24;
206.207.104.0/24;
206.207.113.0/24;
206.207.114.0/23;
206.207.118.0/24;
206.207.125.0/24;
206.208.64.0/21;
206.209.192.0/20;
206.210.224.0/19;
206.211.32.0/19;
206.211.128.0/19;
206.213.128.0/18;
206.219.96.0/19;
206.220.76.0/22;
206.220.144.0/22;
206.224.192.0/19;
206.224.224.0/19;
206.227.0.0/18;
206.240.192.0/19;
206.254.0.0/16;
207.4.0.0/16;
207.7.0.0/16;
207.31.0.0/18;
207.31.128.0/18;
207.62.0.0/16;
207.64.0.0/15;
207.70.27.0/24;
207.70.35.0/24;
207.70.40.0/24;
207.70.42.0/24;
207.70.44.0/23;
207.70.47.0/24;
207.70.53.0/24;
207.80.0.0/16;
207.99.128.0/17;
207.104.84.0/24;
207.136.128.0/19;
207.142.10.0/24;
207.151.0.0/16;
207.155.242.0/24;
207.156.0.0/17;
207.157.0.0/17;
207.157.128.0/17;
207.163.0.0/16;
207.166.0.0/18;
207.167.128.0/19;
207.180.96.0/19;
207.183.0.0/19;
207.191.176.0/20;
207.192.0.0/18;
207.196.128.0/17;
207.197.0.0/17;
207.207.96.0/19;
207.212.206.0/23;
207.233.0.0/17;
208.8.54.0/24;
208.40.174.0/24;
208.65.120.0/22;
208.69.128.0/22;
208.71.24.0/22;
208.72.72.0/22;
208.75.160.0/21;
208.83.176.0/21;
208.84.136.0/22;
208.87.72.0/22;
208.90.104.0/21;
208.90.172.0/22;
208.94.60.0/22;
208.100.64.0/18;
208.119.0.0/16;
208.182.0.0/15;
208.239.232.0/21;
209.19.140.0/24;
209.21.112.0/20;
209.55.64.0/18;
209.63.94.0/23;
209.63.96.0/22;
209.66.160.0/19;
209.66.192.0/19;
209.68.128.0/19;
209.73.64.0/18;
209.74.192.0/19;
209.79.64.0/19;
209.79.154.0/23;
209.79.156.0/23;
209.95.64.0/19;
209.124.176.0/20;
209.129.0.0/16;
209.131.80.0/20;
209.132.128.0/19;
209.147.0.0/18;
209.149.56.0/22;
209.162.207.0/24;
209.188.128.0/17;
209.208.43.0/24;
209.210.40.0/23;
209.210.42.0/24;
209.232.36.0/22;
209.232.116.0/24;
209.232.144.0/20;
209.232.168.0/24;
209.241.222.0/23;
209.243.32.0/20;
210.5.32.0/21;
210.8.192.0/22;
216.7.224.0/19;
216.24.182.0/23;
216.24.192.0/20;
216.38.84.0/22;
216.64.224.0/20;
216.96.128.0/17;
216.100.88.0/21;
216.102.12.0/22;
216.102.72.0/21;
216.102.80.0/22;
216.109.0.0/18;
216.114.80.0/20;
216.152.144.0/20;
216.153.0.0/17;
216.186.0.0/17;
216.190.20.0/23;
216.210.0.0/18;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/23;
216.228.240.0/20;
216.230.176.0/20;
}
policy-statement AARNET-ITN-IN {
term hawaii-participant {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then next policy;
}
term hawaii-segp {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SEGP;
next policy;
}
}
term hawaii-sponsored {
from {
as-path HAWAII-AS;
prefix-list-filter HAWAII-PARTICIPANT orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement AARNET-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term allow-inet6.2 {
from protocol bgp;
to rib inet6.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement AARNET-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
term accept {
from {
protocol bgp;
rib inet6.2;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement BLOCK-FACEBOOK {
term block {
from {
route-filter 69.63.176.0/20 exact;
}
then reject;
}
term not-facebook {
then next policy;
}
}
/* Calren backup peering. Be sure to add any prefixes to LA prefix list, too! */
policy-statement CALREN-IN {
term participant {
from {
prefix-list-filter CALREN-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter CALREN-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter CALREN-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term corporate {
from {
prefix-list-filter CALREN-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement CALREN-IN6 {
term accept {
from {
family inet6;
route-filter 2001:448:3::/48 exact;
route-filter 2001:468:0e00::/40 upto /48;
/* Nicaragua via CENIC */
route-filter 2800:10:16::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:11::/48 exact;
/* Nicaragua via CENIC */
route-filter 2800:10:10::/48 exact;
/* SDSC */
route-filter 2001:48d0::/32 exact;
/* Allow SDSC more specific, but tagged with no-export */
route-filter 2001:48d0::/32 prefix-length-range /33-/35 {
community add NO-EXPORT;
}
/* UC Berkeley via CENIC */
route-filter 2607:F140::/32 exact;
/* UCLA via CENIC */
route-filter 2607:f010::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CONNECTOR-SC-IN {
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
community add NO-EXPORT;
next-hop 198.32.11.7;
accept;
}
}
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /28;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /28;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS11164-OUT {
term reject {
from community CPS-BLOCK-AS11164-OUT;
then reject;
}
term prepend {
from community CPS-AS11164-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11274-OUT {
term reject {
from community CPS-BLOCK-AS11274-OUT;
then reject;
}
term prepend {
from community CPS-AS11274-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11404-OUT {
term reject {
from community CPS-BLOCK-AS11404-OUT;
then reject;
}
term prepend {
from community CPS-AS11404-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS11666-OUT {
term reject {
from community CPS-BLOCK-AS11666-OUT;
then reject;
}
term prepend {
from community CPS-AS11666-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS12111-OUT {
term reject {
from community CPS-BLOCK-AS12111-OUT;
then reject;
}
term prepend {
from community CPS-AS12111-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13680-OUT {
term reject {
from community CPS-BLOCK-AS13680-OUT;
then reject;
}
term prepend {
from community CPS-AS13680-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term reject {
from community CPS-BLOCK-AS13768-OUT;
then reject;
}
term prepend {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15133-OUT {
term reject {
from community CPS-BLOCK-AS15133-OUT;
then reject;
}
term prepend {
from community CPS-AS15133-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term reject {
from community CPS-BLOCK-AS15169-OUT;
then reject;
}
term prepend {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS16509-OUT {
term reject {
from community CPS-BLOCK-AS16509-OUT;
then reject;
}
term prepend {
from community CPS-AS16509-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1785-OUT {
term reject {
from community CPS-BLOCK-AS1785-OUT;
then reject;
}
term prepend {
from community CPS-AS1785-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19029-OUT {
term reject {
from community CPS-BLOCK-AS19029-OUT;
then reject;
}
term prepend {
from community CPS-AS19029-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19080-OUT {
term reject {
from community CPS-BLOCK-AS19080-OUT;
then reject;
}
term prepend {
from community CPS-AS19080-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term reject {
from community CPS-BLOCK-AS19151-OUT;
then reject;
}
term prepend {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term reject {
from community CPS-BLOCK-AS20940-OUT;
then reject;
}
term prepend {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS21947-OUT {
term reject {
from community CPS-BLOCK-AS21947-OUT;
then reject;
}
term prepend {
from community CPS-AS21947-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term reject {
from community CPS-BLOCK-AS22212-OUT;
then reject;
}
term prepend {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term reject {
from community CPS-BLOCK-AS22822-OUT;
then reject;
}
term prepend {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS23504-OUT {
term reject {
from community CPS-BLOCK-AS23504-OUT;
then reject;
}
term prepend {
from community CPS-AS23504-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS25973-OUT {
term reject {
from community CPS-BLOCK-AS25973-OUT;
then reject;
}
term prepend {
from community CPS-AS25973-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27008-OUT {
term reject {
from community CPS-BLOCK-AS27008-OUT;
then reject;
}
term prepend {
from community CPS-AS27008-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27345-OUT {
term reject {
from community CPS-BLOCK-AS27345-OUT;
then reject;
}
term prepend {
from community CPS-AS27345-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term reject {
from community CPS-BLOCK-AS3549-OUT;
then reject;
}
term prepend {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36824-OUT {
term reject {
from community CPS-BLOCK-AS36824-OUT;
then reject;
}
term prepend {
from community CPS-AS36824-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term reject {
from community CPS-BLOCK-AS4565-OUT;
then reject;
}
term prepend {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term reject {
from community CPS-BLOCK-AS6327-OUT;
then reject;
}
term prepend {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6456-OUT {
term reject {
from community CPS-BLOCK-AS6456-OUT;
then reject;
}
term prepend {
from community CPS-AS6456-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6539-OUT {
term reject {
from community CPS-BLOCK-AS6539-OUT;
then reject;
}
term prepend {
from community CPS-AS6539-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term reject {
from community CPS-BLOCK-AS6939-OUT;
then reject;
}
term prepend {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8047-OUT {
term reject {
from community CPS-BLOCK-AS8047-OUT;
then reject;
}
term prepend {
from community CPS-AS8047-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CENIC-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter CENIC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-GOOGLE-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter GOOGLE-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Block Transitrail Connector routes */
term block-tr {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
/* Block Transitrail Connector routes */
term block-tr {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PNWG-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-PNWG orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PNWG-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter PACIFICNORTHWESTGP-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-TR-CONNECTOR-IN {
term discard {
from {
community DISCARD;
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
community add NO-EXPORT;
next-hop discard;
accept;
}
}
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-TR-CONNECTOR-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term announce-peers {
from {
protocol bgp;
as-path [ RCCI GBX ];
community CPS-PEERS;
}
then next policy;
}
term block-east {
from {
protocol bgp;
as-path BLOCKEAST;
}
then reject;
}
term announce-connectors {
from {
protocol bgp;
community CPS-CONNECTOR;
}
then {
metric 20000;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement CPS-TR-CONNECTOR-OUT6 {
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term announce-peers {
from {
protocol bgp;
as-path [ RCCI GBX ];
community CPS-PEERS;
}
then next policy;
}
term block-east {
from {
protocol bgp;
as-path BLOCKEAST;
}
then reject;
}
term announce-connectors {
from {
protocol bgp;
community CPS-CONNECTOR;
}
then {
metric 20000;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement CPS-TR-IN {
term accept-tr-connectors {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
prefix-list-filter CPS-TR orlonger;
}
then next policy;
}
term accept-tr-peers {
from {
protocol bgp;
as-path TRPEERS;
}
then {
community add CPS-PEERS;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement CPS-TR-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter CPS-TR6 orlonger;
}
then {
community add CPS-TR-CONNECTOR;
community delete CPS-CONNECTOR;
accept;
}
}
term accept-peers {
from {
protocol bgp;
as-path TRPEERS;
}
then {
community add CPS-PEERS;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement CPS-TR-PEER-OUT {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community [ CPS-CONNECTOR CPS-TR-CONNECTOR ];
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-TR-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community [ CPS-CONNECTOR CPS-TR-CONNECTOR ];
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement CUDI-PREF {
term pref {
from {
protocol bgp;
as-path CUDI;
}
to rib inet.2;
then {
local-preference subtract 101;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FROM-MICROSOFT {
term block-commercial-asns {
from {
as-path [ COMMERCIAL PRIVATE ];
family inet;
}
then reject;
}
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
term allow-v4-unicast {
from {
family inet;
route-filter 64.4.0.0/18 upto /28;
route-filter 64.41.193.0/24 upto /28;
route-filter 65.52.0.0/15 upto /28;
route-filter 65.52.0.0/14 upto /28;
route-filter 65.54.96.0/20 upto /28;
route-filter 65.54.112.0/20 upto /28;
route-filter 65.54.128.0/19 upto /28;
route-filter 65.54.160.0/19 upto /28;
route-filter 65.54.192.0/19 upto /28;
route-filter 65.54.224.0/19 upto /28;
route-filter 65.55.0.0/16 upto /28;
route-filter 65.59.232.0/24 upto /28;
route-filter 65.59.233.0/24 upto /28;
route-filter 65.59.234.0/24 upto /28;
route-filter 131.107.0.0/16 upto /28;
route-filter 157.54.0.0/15 upto /28;
route-filter 157.56.0.0/14 upto /28;
route-filter 157.60.0.0/16 upto /28;
route-filter 167.220.0.0/16 upto /28;
route-filter 199.2.137.0/24 upto /28;
route-filter 199.103.90.0/23 upto /28;
route-filter 204.79.135.0/24 upto /28;
route-filter 204.79.188.0/24 upto /28;
route-filter 204.79.252.0/24 upto /28;
route-filter 204.95.96.0/20 upto /28;
route-filter 204.182.144.0/24 upto /28;
route-filter 204.255.244.0/23 upto /28;
route-filter 205.248.96.0/19 upto /28;
route-filter 206.138.168.0/21 upto /28;
route-filter 207.46.0.0/16 upto /28;
route-filter 207.46.32.0/20 upto /28;
route-filter 207.46.96.0/20 upto /28;
route-filter 207.46.96.0/19 upto /28;
route-filter 207.46.128.0/18 upto /28;
route-filter 207.46.192.0/18 upto /28;
route-filter 207.68.128.0/18 upto /28;
route-filter 207.68.160.0/19 upto /28;
route-filter 207.68.167.0/24 upto /28;
route-filter 207.82.250.0/23 upto /28;
route-filter 207.82.252.0/23 upto /28;
route-filter 209.1.15.0/24 upto /28;
route-filter 209.1.112.0/24 upto /28;
route-filter 209.1.113.0/24 upto /28;
route-filter 209.185.128.0/24 upto /28;
route-filter 209.185.129.0/24 upto /28;
route-filter 209.185.130.0/23 upto /28;
route-filter 209.185.240.0/22 upto /28;
route-filter 209.240.192.0/19 upto /28;
route-filter 209.240.204.0/22 upto /28;
route-filter 209.240.211.0/24 upto /28;
route-filter 216.32.180.0/22 upto /28;
route-filter 216.32.240.0/22 upto /28;
route-filter 216.33.148.0/22 upto /28;
route-filter 216.33.151.0/24 upto /28;
route-filter 216.33.236.0/22 upto /28;
route-filter 216.33.240.0/22 upto /28;
route-filter 216.34.51.0/24 upto /28;
route-filter 216.200.206.0/24 upto /28;
}
then {
community add CONNECTOR-ONLY;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MICROSOFT-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
community [ FEDNET ITN NONITN ];
}
then reject;
}
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER BLOCK-TO-COMMERCIAL ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PNWG-IN {
term participant {
from {
prefix-list-filter PNWG-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter PNWG-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter PNWG-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term corporate {
from {
prefix-list-filter PNWG-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PNWG-IN6 {
term accept {
from {
family inet6;
/* Pacific Northwest Gigapop */
route-filter 2001:1860::/32 exact;
/* University of Hawaii */
route-filter 2001:468:1c00::/40 exact;
/* Microsoft */
route-filter 2001:4898::/32 exact;
/* PNWGP */
route-filter 2001:1860:C000::/34 exact;
/* PNWGP */
route-filter 2001:1860::/34 exact;
/* U of Hawaii */
route-filter 2607:F278::/32 exact;
/* PNWGP */
route-filter 2607:FA78::/32 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
policy-statement REJECT-TR-IN {
term allow {
from {
protocol bgp;
prefix-list-filter CPS-TR-TEST-IN exact;
}
then {
local-preference 130;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-TR-OUT {
term announce-static {
from {
protocol static;
prefix-list-filter CPS-TR-TEST exact;
}
then accept;
}
term reject {
then reject;
}
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement SC-IN {
term participant {
from {
prefix-list-filter SC orlonger;
}
then next policy;
}
}
policy-statement SC6 {
term accept {
from {
family inet6;
route-filter 2001:468:1f07::/48 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-DEPREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 90;
}
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-TR-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term TRPeer {
from {
protocol bgp;
community CPS-PEERS;
}
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 130;
next policy;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-GBLX6 {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 75;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement SET-TR-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term peer {
from {
protocol bgp;
community CPS-PEERS;
}
then {
local-preference 100;
next policy;
}
}
term normal {
then {
local-preference 130;
next policy;
}
}
}
policy-statement TEMP-OBSERVATORY-MSDP-BLOCK {
term bad-sources {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:0016::/48 longer;
route-filter 2001:468:ff:1600::/56 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/2/0.0 so-0/0/0.0 so-3/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS10310-OUT members *:10310;
community CPS-AS11164-OUT members *:11164;
community CPS-AS11274-OUT members *:11274;
community CPS-AS11404-OUT members *:11404;
community CPS-AS11666-OUT members *:11666;
community CPS-AS12111-OUT members *:12111;
community CPS-AS13645-OUT members *:13645;
community CPS-AS13680-OUT members *:13680;
community CPS-AS13768-OUT members *:13768;
community CPS-AS14361-OUT members *:14361;
community CPS-AS15133-OUT members *:15133;
community CPS-AS15169-OUT members *:15169;
community CPS-AS15290-OUT members *:15290;
community CPS-AS16509-OUT members *:16509;
community CPS-AS1784-OUT members *:1784;
community CPS-AS1785-OUT members *:1785;
community CPS-AS19029-OUT members *:19029;
community CPS-AS19080-OUT members *:19080;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS21947-OUT members *:21947;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS23342-OUT members *:23342;
community CPS-AS23352-OUT members *:23352;
community CPS-AS23504-OUT members *:23504;
community CPS-AS25973-OUT members *:25973;
community CPS-AS27008-OUT members *:27008;
community CPS-AS27345-OUT members *:27345;
community CPS-AS27524-OUT members *:27524;
community CPS-AS3303-OUT members *:3303;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36561-OUT members *:36561;
community CPS-AS36824-OUT members *:36824;
community CPS-AS4181-OUT members *:4181;
community CPS-AS4513-OUT members *:4513;
community CPS-AS4565-OUT members *:4565;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6432-OUT members *:6432;
community CPS-AS6456-OUT members *:6456;
community CPS-AS6539-OUT members *:6539;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8047-OUT members *:8047;
community CPS-AS9318-OUT members *:9318;
community CPS-BLOCK members 65000:*;
community CPS-BLOCK-AS11164-OUT members 65000:11164;
community CPS-BLOCK-AS11274-OUT members 65000:11274;
community CPS-BLOCK-AS11404-OUT members 65000:11404;
community CPS-BLOCK-AS11666-OUT members 65000:11666;
community CPS-BLOCK-AS12111-OUT members 65000:12111;
community CPS-BLOCK-AS13680-OUT members 65000:13680;
community CPS-BLOCK-AS13768-OUT members 65000:13768;
community CPS-BLOCK-AS15133-OUT members 65000:15133;
community CPS-BLOCK-AS15169-OUT members 65000:15169;
community CPS-BLOCK-AS16509-OUT members 65000:16509;
community CPS-BLOCK-AS1785-OUT members 65000:1785;
community CPS-BLOCK-AS19029-OUT members 65000:19029;
community CPS-BLOCK-AS19080-OUT members 65000:19080;
community CPS-BLOCK-AS19151-OUT members 65000:19151;
community CPS-BLOCK-AS20940-OUT members 65000:20940;
community CPS-BLOCK-AS21947-OUT members 65000:21947;
community CPS-BLOCK-AS22212-OUT members 65000:22212;
community CPS-BLOCK-AS22822-OUT members 65000:22822;
community CPS-BLOCK-AS23504-OUT members 65000:23504;
community CPS-BLOCK-AS25973-OUT members 65000:25973;
community CPS-BLOCK-AS27008-OUT members 65000:27008;
community CPS-BLOCK-AS27345-OUT members 65000:27345;
community CPS-BLOCK-AS3549-OUT members 65000:3549;
community CPS-BLOCK-AS36824-OUT members 65000:36824;
community CPS-BLOCK-AS4565-OUT members 65000:4565;
community CPS-BLOCK-AS6327-OUT members 65000:6327;
community CPS-BLOCK-AS6456-OUT members 65000:6456;
community CPS-BLOCK-AS6539-OUT members 65000:6539;
community CPS-BLOCK-AS6939-OUT members 65000:6939;
community CPS-BLOCK-AS8047-OUT members 65000:8047;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community CPS-TR-CONNECTOR members 11537:25300;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path ABILENE ".* 11537 .*";
as-path CUDI " .* 2153 18592 .* ";
as-path NLR ".* 19401 .*";
as-path HAWAII-AS ".* 6360 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
as-path GBX ".* 3549 .*";
as-path RCCI "812 .*";
as-path TRPEERS "11164 (7922|6461|174|7843|5650|7385|4355|20115|3786|4134|2497) .*";
as-path BLOCKEAST "(600|19782|10578|81|237|5050) .*";
}
inactive: class-of-service {
classifiers {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-points 110;
}
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
drop-profiles {
basic {
fill-level 100 drop-probability 100;
}
}
rewrite-rules {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
basic {
forwarding-class best-effort scheduler best-effort;
forwarding-class network-control scheduler network-control;
forwarding-class assured-forwarding scheduler LSP-L2;
forwarding-class expedited-forwarding scheduler expedited-forwarding;
}
}
schedulers {
LSP-L2 {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
network-control {
transmit-rate percent 5;
buffer-size percent 5;
priority strict-high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
best-effort {
transmit-rate percent 85;
buffer-size percent 85;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
expedited-forwarding {
transmit-rate percent 0;
buffer-size percent 0;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
}
}
Firewall Stanza Removed removed
newy32aoa
## Last commit: 2010-02-02 18:23:53 UTC by addlema
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name NEWY-re0;
}
}
re1 {
system {
host-name NEWY-re1;
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 2;
source-address 64.57.28.242;
}
140.182.44.69 {
timeout 2;
source-address 64.57.28.242;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-CHIC 10GE | I2-CHIC-NEWY32AOA-10GE-05239";
family inet {
address 64.57.28.73/31;
}
family inet6 {
address 2001:468:ff:602::1/64;
}
}
}
xe-0/1/0 {
description "[CPS] Direct interface to PAIX-NY exchange fabric";
vlan-tagging;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 6 {
description "[CPS] PAIX New York Public Switch (10G)";
vlan-id 6;
family inet {
mtu 1500;
address 198.32.118.55/24;
}
family inet6 {
address 2001:504:f::37/48;
}
}
}
xe-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Northern Crossroads (NOX) via I2-BOST-NEWY32AOA-10GE-04181";
vlan-tagging;
mtu 9192;
unit 110 {
description "Northern Crossroads (NOX) R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 192.5.89.222/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0646::2/64;
}
}
unit 111 {
description "[CPS] Northern Crossroads (NOX)";
vlan-id 111;
family inet {
mtu 9000;
address 207.210.142.2/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:0646::2/64;
}
}
}
xe-0/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.18/31;
}
family inet6 {
address 2001:468:ff:906::1/64;
}
family mpls {
mtu 9174;
}
}
}
xe-1/1/0 {
description "sw.newytelx.net.internet2.edu:B1 | I2-NEWY32AOA-NEWYTELX-10GE-05576";
vlan-tagging;
mtu 9134;
unit 11 {
description "PAIX NY Management Subnet";
vlan-id 11;
family inet {
address 64.57.28.161/28;
}
}
unit 17 {
description "[CPS] Akamai private peering";
vlan-id 17;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.89/30;
}
}
unit 100 {
description "[CPS] Global Crossing Private v4/v6 peering";
vlan-id 100;
family inet {
filter {
input connector-in;
}
address 64.208.110.26/30;
}
family inet6 {
address 2001:450:2008:2B::2/64;
}
}
unit 101 {
description "[CPS] Global Crossing Private Multicast-Only Peering";
vlan-id 101;
family inet {
filter {
input connector-in;
}
address 64.208.110.186/30;
}
family inet6 {
address 2001:450:2008:21::2/64;
}
}
unit 102 {
description "[CPS] Google private peering";
vlan-id 102;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.20/31;
}
family inet6 {
mtu 1500;
address 2001:4860:1:1:0:2D11:0:7/127;
}
}
}
xe-1/2/0 {
apply-groups INTERFACE-CONNECTOR;
vlan-tagging;
mtu 9192;
unit 15 {
description Nysernet;
vlan-id 15;
family inet {
mtu 9000;
address 199.109.4.154/30;
}
family inet6 {
mtu 9000;
address 2001:468:900:315::2/64;
}
}
unit 35 {
description "[CPS] Customer6 NYSERNET";
vlan-id 35;
family inet6 {
mtu 9000;
address 2001:468:0900:0303::2/64;
}
}
}
xe-1/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.74/31;
}
family inet6 {
address 2001:468:ff:6f9::1/64;
}
}
}
xe-2/1/0 {
description "RESERVED FOR FUTURE CPS [NO-MONITOR]";
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "MAGPI via I2-NEWY32AOA-PHIL-10GE-05205";
vlan-tagging;
mtu 9192;
unit 12 {
description "MAGPI IP Connection";
vlan-id 12;
family inet {
mtu 9000;
address 216.27.100.54/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0658::1/64;
}
}
unit 38 {
description "[CPS] MAGPI";
vlan-id 38;
family inet {
mtu 1500;
address 216.27.100.62/30;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:0658::1/64;
}
}
}
xe-2/3/0 {
inactive: apply-groups INTERFACE-CONNECTOR;
description sw.manlan.internet2.edu:Te11/3;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 1 {
description "MANLAN Rack Lan";
vlan-id 1;
family inet {
mtu 1500;
filter {
output manlan-management;
}
address 198.32.154.6/25;
address 198.32.14.129/27;
}
family iso;
}
unit 16 {
description "DRAC Project";
vlan-id 16;
family inet {
mtu 9000;
address 198.32.154.133/30;
}
}
unit 102 {
description "GEANT | AS:20965";
vlan-id 102;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.50/31;
}
family iso;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c5::1/64;
}
}
unit 104 {
description CAnet-Toronto;
vlan-id 104;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.117/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:23::2/64;
}
}
unit 107 {
description SINET;
vlan-id 107;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 150.99.200.194/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:2f8:1:ff::e/126;
}
}
unit 108 {
description QATAR;
vlan-id 108;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 80.231.134.30/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
unit 109 {
description CAnet-Montreal;
vlan-id 109;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.93/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:24::2/64;
}
}
unit 110 {
description CERN;
vlan-id 110;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.85/30;
}
}
unit 112 {
description ESnet;
vlan-id 112;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.124.216.158/30;
}
}
unit 113 {
description ESnet-v6-only;
vlan-id 199;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c6::1/64;
}
}
unit 114 {
description "MCIT/ENERGI (Egypt)";
vlan-id 114;
family inet {
mtu 1486;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.65/30;
}
}
unit 115 {
description "USLHCnet (CERN)";
vlan-id 115;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.69/30;
}
}
unit 116 {
description "ANKABUT (United Arab Emirates) [NO-MONITOR]";
vlan-id 116;
family inet {
filter {
input connector-in;
output interface-out;
}
address 198.32.11.109/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c3::1/64;
}
}
unit 117 {
description "TWAREN| AS:7539";
vlan-id 117;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 211.79.48.158/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:E10:FFFF:307::2/64;
}
}
unit 120 {
description "SURFnet | AS:1103";
vlan-id 120;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.65/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c2::1/64;
}
}
unit 156 {
description "I2-NLR Telepresence Peering";
vlan-id 156;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.98/31;
}
}
unit 456 {
description "RedClara via MANLAN and AtlanticWave | AS:27750 [NO-MONITOR]";
vlan-id 456;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 200.0.207.10/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:1348:4:3::2/64;
}
}
unit 2130 {
description "Peer QATAR 2nd Connection via MAN LAN";
vlan-id 2130;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 86.36.105.178/30;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
unit 4003 {
encapsulation vlan-ccc;
vlan-id 4003;
}
}
ge-9/0/0 {
description "Observatory 1G via lan.newy32aoa:A21";
vlan-tagging;
mtu 9192;
unit 10 {
description "RackLan #1 Master Gateway";
vlan-id 10;
family inet {
filter {
output racklan-access;
}
address 64.57.24.254/24 {
vrrp-group 60 {
virtual-address 64.57.24.254;
priority 255;
preempt;
}
}
}
}
unit 12 {
description "NEWY Observatory 1G vlan";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:12::1/64;
address 2001:468:6:12::17:97/64;
}
}
}
ge-9/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.17.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:101::1/64;
address 2001:468:6:101::17:81/64;
}
}
}
ge-9/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.17.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:100::1/64;
address 2001:468:6:100::17:85/64;
}
}
}
xe-9/2/0 {
description "Observatory 10G via lan.newy32aoa:F2";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 11 {
description "NEWY Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:11::1/64;
address 2001:468:6:11::17:65/64;
}
}
unit 20 {
description "NEWT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.225/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:20::1/64;
address 2001:468:6:20::18:225/64;
}
}
unit 21 {
description "NEWT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.81/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:21::1/64;
address 2001:468:6:21::18:81/64;
}
}
unit 30 {
description "NEWY 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.81/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:30::1/64;
address 2001:468:6:30::23:81/64;
}
}
unit 31 {
description "NEWY 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.113/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:31::1/64;
address 2001:468:6:31::23:113/64;
}
}
unit 32 {
description "NEWY 100x100 NetFPGA";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.49/29;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.33/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:60::29:33/64;
address 2001:468:6:60::1/64;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
}
gr-9/3/0 {
/* IPv6-over-IPv4 Tunnel for Egypt/ENERGI */
unit 0 {
tunnel {
source 198.32.11.65;
destination 198.32.11.66;
}
family inet6 {
mtu 1414;
address 2001:468:ff:6c1::1/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.242/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0021.00;
address 49.0000.0000.0000.0030.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:6::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.242/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff06::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.71 {
port 4195;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:000f::/48;
route 2001:468:0006::/48;
route 2001:468:ff:0f00::/56;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
route 67.17.81.229/32 next-hop 64.208.110.185;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.242;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path NEWY->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path NEWY->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path NEWY->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path NEWY->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path NEWY->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path NEWY->LOSA {
to 64.57.28.248;
fast-reroute;
}
label-switched-path NEWY->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path NEWY->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
bgp {
log-updown;
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 192.5.89.221 {
description NOX;
import [ SANITY-IN SET-PREF NOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10578;
}
neighbor 199.109.4.153 {
description Nysernet;
import [ SANITY-IN SET-PREF NYSERNET-IN CONNECTOR-IN ];
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 LEAK-NMS1 ];
peer-as 3754;
}
neighbor 216.27.100.53 {
description MAGPI;
import [ SANITY-IN SET-PREF MAGPI-IN CONNECTOR-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
peer-as 10466;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:900:315::1 {
description "NYsernet-New York";
import [ SANITY6 SET-PREF NYSERNET-IN6 ];
/* export policy to allow more specifics for dual-homed load-balancing purposes */
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6-WITH-SPECIFICS ];
peer-as 3754;
}
neighbor 2001:468:ff:0646::1 {
description NOX;
import [ SANITY6 SET-PREF NOX-IN6 ];
Authentication Data Removed
peer-as 10578;
}
neighbor 2001:468:ff:0658::2 {
description MAGPI;
import [ SANITY6 SET-PREF MAGPI-IN6 ];
Authentication Data Removed
peer-as 10466;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.124.216.157 {
description "ESnet via MANLAN";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:15c6::2 {
description ESNET;
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.208.110.185 {
description "Commercial Global Crossing via Private Peering (Multicast Only) [NO-MONITOR]";
Authentication Data Removed
peer-as 3549;
}
}
inactive: group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 80.231.134.29 {
description QATAR;
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
neighbor 205.189.32.94 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 205.189.32.118 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 150.99.200.193 {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 198.32.11.66 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
neighbor 198.32.11.51 {
description "GEANT M160 via MANLAN 10GigE";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT ORIGINATE4 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-SC-OUT ];
peer-as 20965;
}
neighbor 198.32.11.70 {
description "USLHCNet (CERN)";
Authentication Data Removed
peer-as 1297;
}
neighbor 211.79.48.157 {
description "TWAREN | AS:7539";
Authentication Data Removed
peer-as 7539;
}
neighbor 198.32.11.86 {
description CERN;
Authentication Data Removed
peer-as 513;
}
neighbor 64.57.28.66 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 200.0.207.9 {
description "RedCLARA via MANLAN and AtlanticWave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ESNET-TO-AMPATH ];
peer-as 27750;
}
neighbor 198.32.11.110 {
description "ANKABUT via MANLAN | AS:47862 [NO-MONITOR]";
family inet {
any {
prefix-limit {
maximum 5;
teardown 60;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 86.36.105.177 {
description "QATAR 2nd Connection [NO-MONITOR]";
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:410:101:23::1 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:410:101:24::1 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:468:ff:15c5::2 {
description GEANT;
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:E10:FFFF:307::1 {
description TWAREN;
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:6c2::2 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 2001:2f8:1:ff::d {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 2001:1348:4:3::1 {
description "RedCLARA via MANLAN and AtlanticWave";
import REJECT-ALL;
Authentication Data Removed
peer-as 27750;
}
neighbor 2001:468:ff:6c3::2 {
description "ANKABUT via ManLan | AS:47862 [NO-MONITOR]";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ANKABUT-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 100;
teardown 95;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 2001:468:ff:6c1::2 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
group OTHER {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
remove-private;
neighbor 64.57.28.99 {
description "NLR Telepresence SBC KANS Peering";
import [ SANITY-NLR-IN NLR-IN ];
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE-NLR ];
peer-as 19401;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 64.57.17.71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
local-address 64.57.17.65;
family inet {
unicast;
multicast;
}
cluster 64.57.17.65;
}
neighbor 2001:468:6:11::17:71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
neighbor 129.79.43.198 {
description "IU ANML monitor--contact Ripley | [NO-MONITOR]";
multihop {
ttl 10;
}
local-address 64.57.28.242;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:33:250:56ff:fea9:320c {
description "IU ANML monitor--contact Ripley | [NO-MONITOR]";
family inet6 {
unicast;
}
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
group INTERNET2 {
type internal;
local-address 64.57.28.242;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:6::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group MULTICAST-ONLY {
type external;
metric-out igp;
import [ SANITY-LIST SET-LOCPREF-PEERS FROM-ITN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC 10GE */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 1001;
}
/* BACKBONE TO WASH 10GE #1 */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE TO WASH 10GE #2 */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 280;
}
interface xe-9/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* ESNET */
peer 134.55.3.3 {
local-address 198.124.216.158;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CAnet-Montreal */
peer 205.189.32.94 {
local-address 205.189.32.93;
}
/* CAnet-Toronto */
peer 205.189.32.118 {
local-address 205.189.32.117;
}
/* TWAREN via Manlan vlan 117 */
peer 211.79.48.157 {
local-address 211.79.48.158;
}
/* SURFnet via MANLAN */
peer 64.57.28.66 {
local-address 64.57.28.65;
}
/* GEANT 10GE via MANLAN */
peer 198.32.11.51 {
local-address 198.32.11.50;
}
peer 200.0.207.9 {
local-address 200.0.207.10;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* Nysernet */
peer 199.109.4.153 {
local-address 199.109.4.154;
}
/* NOX */
peer 192.5.89.221 {
local-address 192.5.89.222;
}
/* MAGPI */
peer 216.27.100.53 {
local-address 216.27.100.54;
}
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.242;
/* CHIC */
peer 64.57.28.241;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing (private peering) */
peer 67.17.81.229 {
local-address 64.208.110.186;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list NYSERNET-PARTICIPANT {
67.20.192.0/19;
67.99.160.0/21;
67.99.160.0/22;
67.99.168.0/22;
128.59.0.0/16;
128.84.0.0/16;
128.113.0.0/16;
128.113.11.0/24;
128.122.0.0/16;
128.151.0.0/16;
128.205.0.0/16;
128.213.0.0/16;
128.226.0.0/16;
128.228.0.0/16;
128.230.0.0/16;
128.253.0.0/16;
129.5.0.0/16;
129.21.0.0/16;
129.49.0.0/16;
129.161.0.0/16;
129.236.0.0/16;
130.245.0.0/16;
132.236.0.0/16;
134.74.0.0/16;
140.251.0.0/16;
146.95.0.0/16;
146.96.0.0/16;
146.111.0.0/16;
146.245.0.0/16;
148.84.0.0/16;
149.4.0.0/16;
149.125.0.0/16;
150.210.0.0/16;
156.111.0.0/16;
156.145.0.0/16;
157.139.0.0/16;
160.39.0.0/16;
163.238.0.0/16;
169.226.0.0/16;
192.5.43.0/24;
192.5.53.0/24;
192.12.82.0/24;
192.12.89.0/24;
192.12.90.0/24;
192.35.82.0/24;
192.35.210.0/24;
192.42.55.0/24;
192.76.177.0/24;
192.77.9.0/24;
192.77.173.0/24;
192.86.139.0/24;
198.61.16.0/20;
198.83.28.0/22;
198.83.112.0/20;
198.180.141.0/24;
199.89.214.0/24;
199.109.0.0/16;
199.109.2.0/24;
199.109.4.0/24;
199.109.5.0/24;
199.109.6.0/30;
199.109.8.0/22;
199.109.12.0/22;
199.109.16.0/22;
199.109.20.0/22;
199.109.24.0/22;
199.109.28.0/22;
199.109.32.0/22;
199.109.40.0/22;
199.109.44.0/22;
199.109.100.0/24;
199.109.200.0/21;
199.219.128.0/18;
199.219.192.0/20;
199.219.208.0/21;
199.219.216.0/24;
204.9.168.0/22;
204.168.181.0/24;
204.168.182.0/23;
204.168.184.0/21;
205.232.16.0/21;
207.10.4.0/24;
207.10.5.0/24;
207.10.6.0/24;
207.10.7.0/24;
207.10.196.0/24;
207.10.197.0/24;
207.10.198.0/24;
207.10.199.0/24;
207.127.120.0/21;
207.127.224.0/22;
207.159.192.0/18;
209.2.48.0/22;
209.2.54.0/23;
216.165.0.0/17;
}
prefix-list NYSERNET-CORPORATE {
129.34.0.0/16;
198.81.209.0/24;
198.83.46.0/24;
198.180.207.0/24;
198.182.248.0/24;
199.164.149.0/24;
199.181.149.0/24;
199.222.58.0/24;
199.222.59.0/24;
199.222.71.0/24;
204.107.83.0/24;
}
prefix-list NYSERNET-SPONSORED {
205.232.8.0/21;
209.2.160.0/21;
216.73.240.0/20;
}
prefix-list NYSERNET-SEGP {
38.96.188.0/24;
63.144.174.0/24;
63.144.175.0/24;
65.88.72.0/22;
65.88.88.0/23;
66.195.169.96/27;
67.99.185.0/24;
128.153.0.0/16;
129.85.0.0/16;
129.98.0.0/16;
137.143.0.0/16;
137.238.0.0/16;
138.92.0.0/16;
139.127.0.0/16;
146.203.0.0/16;
147.4.0.0/16;
148.100.0.0/16;
149.31.0.0/16;
149.43.0.0/16;
149.123.0.0/16;
163.153.0.0/16;
168.169.0.0/16;
168.170.0.0/16;
170.158.0.0/16;
170.161.0.0/16;
173.46.96.0/19;
192.31.156.0/24;
192.33.253.0/24;
192.76.239.0/24;
192.83.253.0/24;
192.231.122.0/23;
192.231.124.0/23;
192.246.178.0/24;
192.246.224.0/22;
192.246.228.0/23;
192.246.231.0/24;
192.246.232.0/22;
192.246.235.0/24;
198.22.176.0/24;
198.105.32.0/20;
198.180.129.0/24;
198.199.181.0/24;
198.252.164.0/24;
199.190.222.0/23;
199.190.224.0/23;
204.97.72.0/24;
204.168.248.0/21;
205.232.96.0/20;
207.10.8.0/21;
207.127.176.0/21;
216.162.16.0/20;
216.182.132.0/24;
216.182.136.0/22;
216.226.96.0/19;
}
prefix-list NYSERNET-PARTICIPANT6 {
2001:468:900::/40;
2001:468:1100::/40;
2001:468:1508::/48;
2001:18d8::/32;
2607:F600::/32;
2620:0000:1A50::/48;
2620:0:2BD0::/48;
2620:0:5080::/48;
}
prefix-list NOX-PARTICIPANT {
12.0.48.0/20;
12.6.208.0/20;
18.0.0.0/8;
63.164.11.0/24;
/* Temporary route - remove after 08-11-08 - JD */
64.251.112.0/20;
65.112.0.0/20;
67.221.64.0/19;
72.164.152.0/24;
74.112.8.0/21;
75.130.96.0/24;
128.30.0.0/15;
128.36.0.0/16;
128.52.0.0/16;
128.103.0.0/16;
128.119.0.0/16;
128.148.0.0/16;
128.197.0.0/16;
129.10.0.0/16;
129.55.0.0/16;
129.64.0.0/16;
129.170.0.0/16;
130.64.0.0/16;
130.111.0.0/16;
130.132.0.0/16;
130.189.0.0/16;
130.215.0.0/16;
131.128.0.0/16;
131.142.0.0/16;
132.177.0.0/16;
132.183.0.0/16;
132.198.0.0/16;
134.174.0.0/16;
136.167.0.0/16;
136.244.0.0/16;
137.99.0.0/16;
138.16.0.0/16;
138.29.0.0/16;
140.234.0.0/16;
140.247.0.0/16;
141.133.0.0/16;
148.85.0.0/16;
155.33.0.0/16;
155.37.0.0/16;
155.41.0.0/16;
155.41.96.0/19;
155.41.128.0/17;
155.52.0.0/16;
160.79.139.0/24;
167.206.156.0/24;
168.122.0.0/16;
170.223.0.0/16;
192.5.66.0/24;
192.5.89.0/24;
192.5.136.0/22;
192.5.140.0/23;
192.5.206.0/23;
192.5.208.0/24;
192.5.224.0/24;
192.12.185.0/24;
192.12.186.0/23;
192.12.188.0/22;
192.26.149.0/24;
192.26.150.0/24;
192.52.61.0/24;
192.52.62.0/23;
192.52.64.0/23;
192.54.223.0/24;
192.54.224.0/24;
192.73.31.0/24;
192.80.66.0/24;
192.80.83.0/24;
192.131.102.0/24;
192.160.243.0/24;
192.160.244.0/24;
192.189.138.0/24;
192.231.246.0/24;
198.113.29.0/24;
199.93.245.0/24;
199.94.0.0/16;
199.94.32.0/19;
199.94.48.0/24;
204.8.152.0/21;
204.139.0.0/21;
204.167.52.0/24;
204.197.0.0/17;
207.188.245.0/24;
207.210.142.0/24;
207.210.143.0/24;
208.95.188.0/22;
208.247.102.0/24;
}
prefix-list NOX-CORPORATE {
167.216.167.0/26;
204.179.122.0/24;
}
prefix-list NOX-SPONSORED {
38.111.225.0/27;
66.9.106.224/27;
66.9.198.0/24;
66.9.199.0/24;
66.220.243.0/24;
68.112.227.0/24;
68.184.42.64/27;
128.128.0.0/16;
129.44.167.0/24;
131.229.0.0/16;
134.88.230.0/24;
134.88.231.0/24;
134.88.235.0/24;
138.110.0.0/16;
148.45.0.0/16;
158.65.0.0/16;
158.136.0.0/16;
192.80.61.0/24;
192.133.12.0/24;
192.133.83.0/24;
199.92.170.0/24;
}
prefix-list NOX-SEGP {
12.6.252.0/24;
12.16.126.192/26;
63.145.155.0/24;
64.45.64.0/18;
64.80.89.0/24;
64.147.48.0/20;
64.202.80.0/20;
64.251.48.0/20;
64.251.60.0/22;
64.254.160.0/20;
65.18.0.0/18;
65.18.64.0/19;
65.18.96.0/20;
66.181.224.0/20;
66.206.128.0/19;
66.218.144.0/20;
67.218.80.0/20;
69.16.0.0/17;
69.43.113.0/24;
69.43.114.0/24;
69.43.120.0/24;
69.173.64.0/18;
72.10.96.0/19;
72.19.64.0/18;
76.78.80.0/22;
129.5.0.0/16;
129.63.0.0/16;
129.133.0.0/16;
129.161.0.0/16;
131.109.0.0/16;
134.88.0.0/16;
134.181.0.0/16;
134.241.0.0/16;
134.241.27.0/24;
134.241.32.0/24;
134.241.140.0/22;
137.49.0.0/16;
137.146.0.0/16;
139.140.0.0/16;
140.232.0.0/16;
141.114.0.0/16;
146.189.0.0/16;
148.166.0.0/16;
149.130.0.0/16;
149.152.0.0/16;
155.36.0.0/16;
155.43.0.0/16;
155.47.0.0/16;
157.252.0.0/16;
158.121.0.0/16;
158.123.0.0/17;
158.123.128.0/17;
159.247.232.0/22;
159.247.236.0/23;
167.206.156.0/24;
169.244.0.0/16;
192.31.112.0/24;
192.31.236.0/24;
192.33.12.0/24;
192.43.249.0/24;
192.83.228.0/24;
192.101.188.0/24;
192.107.38.0/24;
192.107.134.0/24;
192.124.153.0/24;
192.132.64.0/24;
192.135.181.0/24;
192.136.22.0/24;
192.138.176.0/24;
192.138.177.0/24;
192.138.178.0/24;
192.152.243.0/24;
192.188.67.0/24;
192.195.196.0/24;
198.7.224.0/19;
198.102.172.0/24;
198.102.211.0/24;
198.148.217.0/24;
198.182.161.0/24;
198.182.162.0/23;
198.183.156.0/24;
198.202.151.0/24;
199.33.141.0/24;
199.184.247.0/24;
199.249.227.0/24;
204.17.79.64/27;
204.17.80.0/27;
204.167.95.0/24;
205.172.224.0/22;
206.208.184.0/21;
207.159.160.0/19;
207.166.224.0/19;
207.210.128.0/19;
208.47.162.0/23;
208.47.164.0/23;
209.80.128.0/17;
209.166.112.0/20;
209.222.192.0/19;
216.19.112.0/20;
216.20.0.0/17;
216.87.96.0/19;
}
prefix-list NOX6-PARTICIPANT {
2001:468:600::/40;
2001:468:1e00::/40;
2607:F460::/32;
/* Worcester Polytec Inst */
2607:F5C0::/32;
/* Harvard */
2607:FB60::/32;
/* University of Main */
2610:48::/32;
2610:58::/32;
2620:0:650::/48;
2620:0:DF0::/48;
}
prefix-list MAGPI-PARTICIPANT {
12.161.8.0/21;
66.36.56.0/21;
66.180.176.0/20;
66.250.44.0/24;
128.4.0.0/16;
128.6.0.0/16;
128.91.0.0/16;
128.112.0.0/16;
128.175.0.0/16;
128.180.0.0/16;
128.235.0.0/16;
129.25.0.0/16;
129.32.0.0/16;
130.91.0.0/16;
130.219.0.0/16;
140.180.0.0/16;
140.208.0.0/16;
144.118.0.0/16;
147.31.0.0/16;
155.247.0.0/16;
158.130.0.0/16;
159.14.0.0/16;
165.123.0.0/16;
165.230.0.0/16;
168.62.16.0/21;
192.12.88.0/24;
192.76.178.0/24;
192.84.2.0/24;
198.32.42.0/24;
198.32.242.128/25;
198.151.130.0/24;
199.65.255.0/24;
204.52.215.0/24;
204.153.48.0/22;
205.172.164.0/24;
216.27.97.0/24;
216.27.99.0/24;
216.27.100.0/22;
216.27.100.0/23;
}
prefix-list MAGPI-CORPORATE {
12.144.59.0/24;
}
prefix-list MAGPI-SPONSORED {
12.151.0.0/23;
12.151.1.0/24;
38.115.60.0/24;
66.28.32.0/23;
131.249.0.0/16;
147.140.0.0/16;
153.104.0.0/16;
167.21.180.0/22;
167.21.184.0/22;
192.231.162.0/23;
192.231.164.0/24;
192.231.210.0/24;
198.138.53.0/24;
198.138.54.0/23;
198.138.56.0/22;
198.138.60.0/24;
204.14.12.0/22;
204.75.178.0/24;
204.108.128.0/17;
207.103.37.0/24;
207.103.38.0/24;
207.103.55.0/24;
207.103.56.0/24;
207.103.72.0/24;
207.103.89.0/24;
207.103.90.0/24;
207.103.91.0/24;
207.103.189.0/24;
207.103.190.0/24;
207.103.191.0/24;
207.103.192.0/24;
207.103.218.0/24;
207.103.219.0/24;
209.18.48.0/20;
209.50.137.0/24;
209.50.138.0/24;
209.71.5.0/24;
209.71.6.0/24;
209.71.7.0/24;
209.71.10.0/24;
209.71.25.0/24;
209.71.46.0/24;
216.27.98.0/23;
216.27.102.0/24;
216.162.80.0/20;
216.228.128.0/20;
}
prefix-list MAGPI-SEGP {
8.10.208.0/24;
65.170.110.0/24;
65.194.220.0/22;
65.194.224.0/24;
66.17.183.0/24;
67.200.60.0/24;
67.200.61.0/24;
67.200.63.0/24;
72.2.96.0/20;
74.116.20.0/22;
74.214.96.0/19;
76.74.64.0/24;
76.74.65.0/24;
76.74.66.0/24;
76.74.67.0/24;
76.74.68.0/24;
76.74.69.0/24;
76.74.70.0/24;
76.74.71.0/24;
76.74.72.0/24;
76.74.73.0/24;
76.74.77.0/24;
130.68.0.0/16;
130.156.0.0/16;
131.125.0.0/16;
131.249.0.0/17;
132.238.0.0/16;
134.198.0.0/16;
134.210.0.0/16;
139.147.0.0/16;
146.94.0.0/16;
147.106.0.0/16;
149.150.0.0/16;
149.151.0.0/16;
150.250.0.0/16;
151.198.52.0/24;
151.198.208.96/27;
155.246.0.0/16;
159.91.0.0/16;
167.21.6.0/24;
167.21.7.0/24;
167.21.8.0/24;
167.21.9.0/24;
167.21.254.0/24;
170.235.0.0/16;
192.16.204.0/24;
192.48.95.0/24;
192.100.64.0/24;
192.107.43.0/24;
192.107.45.0/24;
192.107.108.0/24;
192.108.16.0/24;
192.108.106.0/24;
192.112.54.0/24;
192.133.105.0/24;
192.135.209.0/24;
192.150.150.0/24;
192.154.128.0/23;
192.154.130.0/24;
192.231.202.0/24;
192.231.207.0/24;
192.245.88.0/24;
198.22.129.0/24;
198.133.170.0/24;
198.138.207.0/24;
198.138.208.0/23;
198.138.210.0/24;
198.244.0.0/21;
198.244.8.0/23;
199.2.216.0/24;
204.13.204.0/22;
204.96.142.0/24;
204.96.143.0/24;
204.108.251.0/24;
204.108.251.0/25;
204.108.251.128/25;
204.139.52.0/22;
204.143.61.0/24;
204.143.62.0/23;
204.143.64.0/22;
204.143.68.0/24;
204.152.148.0/23;
204.186.48.64/27;
204.186.79.96/27;
204.186.112.0/27;
204.186.112.32/27;
204.186.112.64/27;
204.186.135.0/24;
204.186.151.0/24;
204.186.159.0/24;
204.186.161.0/24;
204.186.174.0/24;
204.186.191.128/27;
205.173.168.0/21;
205.174.96.0/20;
205.235.32.0/19;
205.238.205.0/24;
205.247.245.0/24;
206.82.16.0/20;
206.219.64.0/19;
207.200.160.0/20;
207.200.170.0/24;
207.200.171.0/24;
208.67.140.0/22;
208.70.120.0/22;
208.73.176.0/22;
208.82.152.0/21;
208.87.76.0/24;
208.87.77.0/24;
208.87.78.0/24;
208.87.79.0/24;
209.50.141.32/27;
209.50.150.128/26;
209.50.152.0/25;
209.50.153.32/27;
209.50.153.96/27;
209.50.153.160/27;
209.50.153.224/27;
209.173.1.96/27;
209.173.1.192/27;
209.173.4.0/27;
209.173.6.128/25;
209.173.7.96/27;
209.173.10.32/27;
209.173.11.0/27;
209.173.14.160/27;
209.173.14.192/27;
209.173.16.0/24;
209.173.17.64/26;
209.173.17.192/26;
209.173.18.0/24;
209.242.176.0/20;
216.27.98.0/23;
216.144.162.64/27;
216.144.170.0/26;
216.144.170.64/27;
216.144.171.160/27;
216.144.171.192/27;
216.158.60.0/24;
216.162.80.0/20;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list MAGPI-PARTICIPANT6 {
2001:468:1800::/40;
2607:F3B0::/32;
2607:F470::/32;
2620:0:D60::/46;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAGPI-CPS {
128.91.0.0/16;
128.180.0.0/16;
130.91.0.0/16;
158.130.0.0/16;
165.123.0.0/16;
198.32.42.0/24;
216.27.100.0/23;
}
prefix-list QUERY-HOSTS;
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Resolver */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* DNS Resolver */
134.68.1.9/32;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
134.68.220.127/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hosts */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
140.182.44.69/32;
140.182.44.70/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
140.182.45.56/32;
140.182.45.57/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
/* NEWY 111 8th Racklan */
149.165.253.0/28;
/* GlobalNOC Testlab Network */
156.56.5.0/24;
/* GRNOC Network Test Lab Management Network */
156.56.6.0/24;
/* GlobalNOC Testlab Network */
156.56.72.0/25;
/* VPN Groups */
156.56.175.0/27;
156.56.245.1/32;
156.56.247.193/32;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OARNETRACKLAN-ACCESS {
192.148.251.0/24;
199.18.152.96/28;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list NOC-PARTICIPANT;
prefix-list MANLAN-ACCESS {
64.57.16.0/20;
129.79.5.18/32;
129.79.5.100/32;
129.79.5.225/32;
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
134.68.1.9/32;
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hoss */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* radius3.grnoc.iu.edu */
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* radius2.grnoc.iu.edu */
140.182.45.56/32;
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
156.56.175.0/27;
192.12.206.196/32;
192.12.206.228/32;
}
prefix-list GOOGLE-PARTICIPANT6 {
2001:4860:1::/48;
}
prefix-list KAN-ED-2-SCHOOLS {
68.225.152.0/24;
70.165.96.0/23;
70.165.102.0/23;
70.183.128.0/21;
98.175.200.0/24;
}
prefix-list ANKABUT6 {
2001:8f8::/32;
}
prefix-list TELEPRESENCE {
128.103.0.0/16;
199.94.0.0/19;
}
prefix-list NYSERNET-SEGP6 {
2620:0:1A50::/48;
}
policy-statement ADD-GBLX-NY-COMM {
term add-comm {
then {
community add GBLX-NY;
next policy;
}
}
}
policy-statement AMPATH-TO-ESNET {
term FROM-REACCIUN {
from as-path REACCIUN;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-ANSP {
from as-path ANSP;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-RETINA {
from as-path RETINA;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement ANKABUT-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter ANKABUT6 orlonger;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement BLOCK-COMM-ASN {
term block-commercial-as {
from as-path COMMERCIAL;
then reject;
}
then next policy;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS1273-OUT {
term reject {
from community CPS-BLOCK-AS1273-OUT;
then reject;
}
term prepend {
from community CPS-AS1273-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS12989-OUT {
term reject {
from community CPS-BLOCK-AS12989-OUT;
then reject;
}
term prepend {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13030-OUT {
term reject {
from community CPS-BLOCK-AS13030-OUT;
then reject;
}
term prepend {
from community CPS-AS13030-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term reject {
from community CPS-BLOCK-AS15169-OUT;
then reject;
}
term prepend {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15412-OUT {
term reject {
from community CPS-BLOCK-AS15412-OUT;
then reject;
}
term prepend {
from community CPS-AS15412-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1784-OUT {
term reject {
from community CPS-BLOCK-AS1784-OUT;
then reject;
}
term prepend {
from community CPS-AS1784-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term reject {
from community CPS-BLOCK-AS19151-OUT;
then reject;
}
term prepend {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term reject {
from community CPS-BLOCK-AS20940-OUT;
then reject;
}
term prepend {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term reject {
from community CPS-BLOCK-AS22212-OUT;
then reject;
}
term prepend {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22773-OUT {
term reject {
from community CPS-BLOCK-AS22773-OUT;
then reject;
}
term prepend {
from community CPS-AS22773-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term reject {
from community CPS-BLOCK-AS22822-OUT;
then reject;
}
term prepend {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS29791-OUT {
term reject {
from community CPS-BLOCK-AS29791-OUT;
then reject;
}
term prepend {
from community CPS-AS29791-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term reject {
from community CPS-BLOCK-AS32934-OUT;
then reject;
}
term prepend {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term reject {
from community CPS-BLOCK-AS3549-OUT;
then reject;
}
term prepend {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36408-OUT {
term reject {
from community CPS-BLOCK-AS36408-OUT;
then reject;
}
term prepend {
from community CPS-AS36408-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36619-OUT {
term reject {
from community CPS-BLOCK-AS36619-OUT;
then reject;
}
term prepend {
from community CPS-AS36619-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS37958-OUT {
term reject {
from community CPS-BLOCK-AS37958-OUT;
then reject;
}
term prepend {
from community CPS-AS37958-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term reject {
from community CPS-BLOCK-AS4436-OUT;
then reject;
}
term prepend {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term reject {
from community CPS-BLOCK-AS4565-OUT;
then reject;
}
term accept {
then accept;
}
}
policy-statement CPS-AS46786-OUT {
term reject {
from community CPS-BLOCK-AS46786-OUT;
then reject;
}
term prepend {
from community CPS-AS46786-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term reject {
from community CPS-BLOCK-AS6079-OUT;
then reject;
}
term prepend {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6102-OUT {
term reject {
from community CPS-BLOCK-AS6102-OUT;
then reject;
}
term prepend {
from community CPS-AS6102-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term reject {
from community CPS-BLOCK-AS6327-OUT;
then reject;
}
term prepend {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term reject {
from community CPS-BLOCK-AS6939-OUT;
then reject;
}
term prepend {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term reject {
from community CPS-BLOCK-AS8075-OUT;
then reject;
}
term prepend {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS812-OUT {
term reject {
from community CPS-BLOCK-AS812-OUT;
then reject;
}
term prepend {
from community CPS-AS812-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8218-OUT {
term reject {
from community CPS-BLOCK-AS8218-OUT;
then reject;
}
term prepend {
from community CPS-AS8218-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9505-OUT {
term reject {
from community CPS-BLOCK-AS9505-OUT;
then reject;
}
term prepend {
from community CPS-AS9505-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-COX-IN-EXCEPTION {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term prepend-KanEd {
from {
prefix-list-filter KAN-ED-2-SCHOOLS orlonger;
}
then {
as-path-prepend "11537 11537 11537";
next term;
}
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-GOOGLE-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter GOOGLE-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MAGPI-CPS orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
prefix-list-filter NOX-SPONSORED orlonger;
prefix-list-filter NOX-SEGP orlonger;
prefix-list-filter NOX-CORPORATE orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-NYSERNET-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term accept-segp {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET-SEGP6 orlonger;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Deny TransitRail Connector prefixes */
term block-tr-connector {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
/* Block Transitrail Connector routes */
term block-tr {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-TR-PEER-OUT {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community [ CPS-CONNECTOR CPS-TR-CONNECTOR ];
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-TR-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community [ CPS-CONNECTOR CPS-TR-CONNECTOR ];
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement GEANT-LOWER-PREF {
term depref {
then {
local-preference 40;
next policy;
}
}
}
policy-statement GEANT-TO-ESNET {
term FROM-GEANT {
from as-path GEANT;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement IFTN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
community add IFTN;
accept;
}
}
}
policy-statement IFTN-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-multicast {
from {
protocol bgp;
rib inet.2;
}
then accept;
}
term block {
from {
protocol bgp;
community [ NONITN CONNECTOR-ONLY ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement ITN-SC-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /29-/32;
}
then reject;
}
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
community [ FEDNET NONITN ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
policy-statement IU_to_TU-DRESDEN {
term TU-DRESDEN {
from {
route-filter 141.30.0.0/16 exact;
}
then {
local-preference 200;
next policy;
}
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement MAGPI-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAGPI-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter MAGPI-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAGPI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter MAGPI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term segp-exception {
from {
protocol bgp;
route-filter 208.67.140.0/30 exact;
}
then {
community add SEGP;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MAGPI-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NEXT-v4-v6-self {
from protocol bgp;
then {
next-hop 198.32.9.193;
}
}
policy-statement NLR-IN {
term discard {
from {
community DISCARD;
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
community add NO-EXPORT;
next-hop 198.32.11.7;
accept;
}
}
term allow-unicast {
from {
route-filter 216.24.184.128/28 exact;
}
to rib inet.0;
then {
local-preference 130;
accept;
}
}
term reject {
then reject;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NOX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NOX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NOX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NOX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement NREN-TO-GEANT {
term FROM {
from as-path NREN;
then accept;
}
}
policy-statement NYSERNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NYSERNET-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NYSERNET-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NYSERNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NYSERNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant-exception {
from {
protocol bgp;
route-filter 199.109.200.0/21 upto /28;
}
then next policy;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NYSERNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term segp {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET-SEGP6 orlonger;
}
then {
community add SEGP;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ORIGINATE-NLR {
term telepresence {
from {
prefix-list-filter TELEPRESENCE exact;
}
then accept;
}
term reject {
then reject;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
/* Redistribute aggregates from static into BGP - do not block more specifics */
policy-statement ORIGINATE6-WITH-SPECIFICS {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
}
policy-statement PREF-IEEAF-12 {
then {
metric 2;
}
}
policy-statement PREF-IEEAF-192 {
then {
metric 1;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
policy-statement REMOVE-GBXv6 {
/* remove global-crossing v6 advertisements to geant--ticket 8032 */
term is-gbx {
from as-path GBX;
then reject;
}
term not-gbx {
then next term;
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* reject routes we should never accept */
policy-statement SANITY-NLR-IN {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term allow-nlr-telepresence {
from {
route-filter 216.24.184.128/28 exact;
}
then next policy;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-BACKUP {
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement SET-TR-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term peer {
from {
protocol bgp;
community CPS-PEERS;
}
then {
local-preference 100;
next policy;
}
}
term normal {
then {
local-preference 130;
next policy;
}
}
}
/* USGS ITN routes allowed to GEANT per UCAID 12231:45 */
policy-statement USGS-TO-GEANT {
term FROM-USGS {
from as-path USGS;
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1500::/56 longer;
route-filter 2001:468:0015::/48 longer;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-1/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS1273-OUT members *:1273;
community CPS-AS12989-OUT members *:12989;
community CPS-AS13030-OUT members *:13030;
community CPS-AS15169-OUT members *:15169;
community CPS-AS15412-OUT members *:15412;
community CPS-AS1784-OUT members *:1784;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS29791-OUT members *:29791;
community CPS-AS32934-OUT members *:32934;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36408-OUT members *:36408;
community CPS-AS36619-OUT members *:36619;
community CPS-AS37958-OUT members *:37958;
community CPS-AS4436-OUT members *:4436;
community CPS-AS4565-OUT members *:4565;
community CPS-AS46786-OUT members *:46786;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6102-OUT members *:6102;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8075-OUT members *:8075;
community CPS-AS812-OUT members *:812;
community CPS-AS8218-OUT members *:8218;
community CPS-AS9505-OUT members *:9505;
community CPS-BLOCK members 65000:*;
community CPS-BLOCK-AS1273-OUT members 65000:1273;
community CPS-BLOCK-AS12989-OUT members 65000:12989;
community CPS-BLOCK-AS13030-OUT members 65000:13030;
community CPS-BLOCK-AS15169-OUT members 65000:15169;
community CPS-BLOCK-AS15412-OUT members 65000:15412;
community CPS-BLOCK-AS1784-OUT members 65000:1784;
community CPS-BLOCK-AS19151-OUT members 65000:19151;
community CPS-BLOCK-AS20940-OUT members 65000:20940;
community CPS-BLOCK-AS22212-OUT members 65000:22212;
community CPS-BLOCK-AS22773-OUT members 65000:22773;
community CPS-BLOCK-AS22822-OUT members 65000:22822;
community CPS-BLOCK-AS29791-OUT members 65000:29791;
community CPS-BLOCK-AS32934-OUT members 65000:32934;
community CPS-BLOCK-AS3549-OUT members 65000:3549;
community CPS-BLOCK-AS36408-OUT members 65000:36408;
community CPS-BLOCK-AS36619-OUT members 65000:36619;
community CPS-BLOCK-AS37958-OUT members 65000:37958;
community CPS-BLOCK-AS4436-OUT members 65000:4436;
community CPS-BLOCK-AS4565-OUT members 65000:4565;
community CPS-BLOCK-AS46786-OUT members 65000:46786;
community CPS-BLOCK-AS6079-OUT members 65000:6079;
community CPS-BLOCK-AS6102-OUT members 65000:6102;
community CPS-BLOCK-AS6327-OUT members 65000:6327;
community CPS-BLOCK-AS6939-OUT members 65000:6939;
community CPS-BLOCK-AS8075-OUT members 65000:8075;
community CPS-BLOCK-AS812-OUT members 65000:812;
community CPS-BLOCK-AS8218-OUT members 65000:8218;
community CPS-BLOCK-AS9505-OUT members 65000:9505;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community CPS-TR-CONNECTOR members 11537:25300;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community GBLX-NY members 11537:23549;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL-IGRID ".*1.* | .*174.* | .*209.* | .*701.* | .*1239.* | .*1673.* | .*1740.* | .*1800.* | .*1833.* | .*2551.* | .*2548.* | .*2685.* | .*2914.* | .*3549.* | .*3561.* | .*3847.* | .*3951.* | .*3967.* | .*4183.* | .*4200.* | .*5683.* | .*6113.* | .*6172.* | .*6461.* | .*7018.*";
as-path COMM1 .*3265.*;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
/* temporary for ESNET->GEANT advertisements */
as-path ESNET "293 .*";
as-path ABILENE ".* 11537 .*";
as-path GEANT "20965 .*";
as-path REACCIUN "20312 .*";
as-path ANSP "1251 .*";
as-path RETINA "3597 .*";
as-path GBX ".* 3549 .*";
as-path NREN "24 .*";
as-path NLR ".* 19401 .*";
as-path USGS "1842 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
as-path RCCI "812 .*";
as-path TRPEERS "11164 (7922|6461|174|7843|5650|7385|4355|20115|3786|4143|2497) .*";
}
Firewall Stanza Removed removed
wash
## Last commit: 2010-02-03 15:26:59 UTC by gboles
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
{
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
{
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name WASH-re0;
}
}
re1 {
system {
host-name WASH-re1;
}
}
MSDP-STRICT {
protocols {
msdp {
group CONNECTOR {
peer <*> {
active-source-limit {
maximum 2000;
threshold 1800;
}
}
}
group ITN {
peer <*> {
active-source-limit {
maximum 500;
threshold 450;
}
}
}
group FEDNET {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
group NONITN {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
source-address 64.57.28.249;
}
140.182.44.69 {
source-address 64.57.28.249;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH 10GE | I2-CHIC-WASH-10GE-05250";
family inet {
address 64.57.28.13/31;
}
family inet6 {
address 2001:468:ff:0209::1/64;
}
}
}
xe-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.19/31;
}
family inet6 {
address 2001:468:ff:906::2/64;
}
}
}
xe-0/2/0 {
description "[CPS] Equinix Ashburn Switch for public peerings";
vlan-tagging;
mtu 9134;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 61 {
description "Mgmt vlan to CPS equinix ashburn";
vlan-id 61;
family inet {
mtu 9000;
address 64.57.28.209/28;
}
}
unit 62 {
description "[CPS] Equinix Public Peering at Ashburn";
vlan-id 62;
family inet {
mtu 1500;
address 206.223.115.131/24;
}
family inet6 {
address 2001:504:0:2::1:1537:1/64;
}
}
}
xe-0/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Merit via Internet2 DWS | I2-CLEV-WASH-10GE-004179";
vlan-tagging;
mtu 9192;
unit 352 {
description "OSCnet mcast-only peering vlan";
vlan-id 352;
family inet {
mtu 9000;
address 199.18.156.242/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:9c2::1/64;
}
}
unit 359 {
description "OSCnet R&E VLAN";
vlan-id 359;
family inet {
mtu 9000;
address 192.88.192.138/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:d4b::1/64;
}
}
unit 921 {
description "OSCnet [CPS]";
vlan-id 921;
family inet {
mtu 9000;
address 199.18.156.246/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:d4b::1/64;
}
}
unit 1004 {
description "Merit R&E via Cleveland";
vlan-id 1004;
family inet {
mtu 9000;
address 192.122.183.10/30;
}
family inet6 {
address 2001:468:ff:954::1/64;
}
}
unit 1005 {
description "[CPS] Merit via Cleveland";
vlan-id 1005;
family inet {
mtu 9000;
address 198.109.37.22/30;
}
family inet6 {
address 2001:468:ffff:954::1/64;
}
}
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE | I2-ATLA-WASH-10GE-05133";
family inet {
address 64.57.28.59/31;
}
family inet6 {
address 2001:468:ff:0901::2/64;
}
}
}
xe-1/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE B | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.75/31;
}
family inet6 {
address 2001:468:ff:6f9::2/64;
}
}
}
xe-1/2/0 {
description "[CPS] Equinix Ashburn Switch for private peerings";
vlan-tagging;
mtu 9134;
unit 15 {
description "[CPS] Google 10GE PNI via Ashburn";
vlan-id 15;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.78/31;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:19ff::1/64;
}
}
unit 16 {
description "[CPS] LimeLight 10GE PNI [NO-MONITOR]";
vlan-id 16;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.81/30;
}
}
unit 17 {
description "[CPS] Akamai 10GE PNI via Ashburn [NO-MONITOR]";
vlan-id 17;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.85/30;
}
}
}
xe-1/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Mid-Atlantic Crossroads (MAX)";
vlan-tagging;
mtu 9192;
framing {
lan-phy;
}
unit 263 {
description "Mid-Atlantic Crossroads (MAX)";
vlan-id 263;
family inet {
mtu 9000;
address 206.196.178.46/30;
}
family inet6 {
mtu 9000;
address 2001:468:c00:ffee::2/64;
}
}
unit 264 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) Primary IPv6";
vlan-id 264;
family inet6 {
address 2001:468:ffff:9c4::1/64;
}
}
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE B | I2-ATLA-WASH-10GE-05251";
family inet {
address 64.57.28.7/31;
}
family inet6 {
address 2001:468:ff:109::2/64;
}
}
}
xe-2/1/0 {
apply-groups INTERFACE-CONNECTOR;
vlan-tagging;
mtu 9192;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 210 {
description "[CPS] Connector TransitRail trial [PENDING]";
vlan-id 210;
family inet {
mtu 1500;
address 137.164.131.78/30;
}
family inet6 {
mtu 1500;
address 2001:1860:110:2205::2/64;
}
}
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "NGIX-EAST via Movaz LVL3->CLPK";
vlan-tagging;
mtu 9192;
unit 88 {
description "redCLARA via NGIX and AWave-FIU";
vlan-id 88;
family inet {
mtu 9100;
filter {
input connector-in;
}
address 198.32.11.105/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c5::1/64;
}
}
unit 98 {
description "RNP via Atlantic Wave";
vlan-id 98;
family inet {
mtu 9000;
address 64.57.28.61/30;
}
}
unit 166 {
description "NREN via UMD NGIX | AS24";
vlan-id 166;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.32.11.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c2::1/64;
}
}
unit 183 {
description "MAX backup peering via NGIX-East";
vlan-id 183;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 206.196.177.106/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:185c::1/64;
}
}
unit 187 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) via NGIX-East Backup IPv6";
vlan-id 187;
family inet6 {
address 2001:468:ffff:185c::1/64;
}
}
unit 194 {
description "ESNET via NGIX";
vlan-id 194;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.124.194.10/30;
}
}
unit 195 {
description "ESNET IPv6 via NGIX";
vlan-id 195;
family inet6 {
mtu 9000;
address 2001:468:ff:9c3::1/64;
}
}
unit 202 {
description "GEANT (Frankfurt OC-192)";
vlan-id 202;
family inet {
mtu 9000;
filter {
input connector-in-from-geant;
}
address 62.40.125.18/30;
}
family inet6 {
mtu 9000;
address 2001:0798:0014:10AA::12/126;
}
}
unit 297 {
description "NISN (via UMD NGIX) | AS:297";
vlan-id 173;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 192.84.8.254/30;
}
}
unit 668 {
description "DREN - Washington DC | AS:668";
vlan-id 174;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c4::1/64;
}
}
unit 669 {
description "Wright-Patterson AFB/Wright State Univ ctr in Dayton via DREN";
vlan-id 164;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.42/30;
}
}
unit 901 {
description "NREN backup via NGIX | AS24";
vlan-id 901;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 64.57.28.40/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:09c1::1/64;
}
}
unit 987 {
description "DREN v6-only, AS668";
vlan-id 987;
family inet {
mtu 1500;
address 10.254.254.9/31;
}
family inet6 {
mtu 1500;
address 2001:468:ff:18c3::1/64;
}
}
}
xe-2/3/0 {
apply-groups INTERFACE-CONNECTOR;
description mss.wash.net.internet2.edu:1-A-7-1-1;
vlan-tagging;
mtu 9192;
unit 3 {
description "Drexel University IPv4 R&E [I2-PHIL-WASH-VLAN-04191]";
vlan-id 3;
family inet {
mtu 9000;
address 204.238.76.6/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0960::1/64;
}
}
unit 4 {
description "[CPS] Drexel University [I2-PHIL-WASH-VLAN-04525]";
vlan-id 4;
family inet {
mtu 9000;
address 204.238.76.2/30;
}
}
unit 5 {
description "[CPS] Drexel University IPv6 [I2-PHIL-WASH-VLAN-04526]";
vlan-id 5;
family inet6 {
mtu 9000;
address 2001:468:ffff:960::1/64;
}
}
unit 506 {
description "3ROX/PSC IPv4 R&E [I2-PITT-WASH-VLAN-04178]";
vlan-id 506;
family inet {
mtu 9000;
address 192.88.115.25/31;
}
family inet6 {
address 2001:5e8:0:fffd:0:2:2:2/120;
}
}
unit 507 {
description "[CPS] 3ROX/PSC [I2-PITT-WASH-VLAN-04225]";
vlan-id 507;
family inet {
mtu 1500;
address 192.88.115.117/31;
}
}
unit 509 {
description "[CPS] 3ROX/PSC IPv6 [I2-PITT-WASH-VLAN-04224]";
vlan-id 509;
family inet6 {
mtu 1500;
address 2001:5E8:0:FFFD:0:2:3:2/120;
}
}
}
xe-3/0/0 {
apply-groups INTERFACE-BACKBONE;
description "BACKBONE: CHIC-WASH 10GE B | I2-CHIC-WASH-10GE-05637";
unit 0 {
family inet {
address 64.57.28.101/31;
}
family inet6 {
address 2001:468:ff:907::2/64;
}
}
}
ge-9/0/0 {
description "Observatory 1G via lan.wash:C23";
vlan-tagging;
mtu 9192;
unit 12 {
description "Observatory 1G VLAN";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.33/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:12::1/64;
address 2001:468:9:12::16:33/64;
}
}
}
ge-9/0/1 {
mtu 9192;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.16.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:101::1/64;
address 2001:468:9:101::16:17/64;
}
}
}
ge-9/0/2 {
mtu 9192;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.16.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:100::1/64;
address 2001:468:9:100::16:21/64;
}
}
}
ge-9/0/3 {
description "NOT IN USE [NO-MONITOR]";
}
ge-9/1/0 {
apply-groups INTERFACE-CONNECTOR;
unit 0 {
description "NSF DRAGON";
family inet {
address 140.173.1.238/30;
}
}
}
ge-9/1/1 {
description "NOT IN USE [NO-MONITOR]";
}
xe-9/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Observatory 10GE to HP5406zl B3";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description WASH-OOB;
vlan-id 10;
family inet {
address 64.57.24.254/24;
}
}
unit 11 {
description "WASH Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:11::1/64;
address 2001:468:9:11::16:1/64;
}
}
unit 13 {
description "HOPI WASH Management";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.23.1/28;
}
}
unit 20 {
description "WASH VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.249/29;
}
}
unit 21 {
description "WASH VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.129/28;
}
}
unit 30 {
description "WASH SPP Port 8";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.193/30 {
arp 64.57.23.194 mac 00:00:5e:04:aa:08;
}
}
}
unit 31 {
description "WASH SPP Port 9";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.197/30 {
arp 64.57.23.198 mac 00:00:5e:04:aa:09;
}
}
}
unit 32 {
description "WASH SPP Port 10";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.201/30 {
arp 64.57.23.202 mac 00:00:5e:04:aa:0a;
}
}
}
unit 33 {
description "WASH GENI Mgmt network";
vlan-id 33;
family inet {
mtu 9000;
address 64.57.23.161/28;
}
}
unit 40 {
description "WASH 100x100 Inband";
vlan-id 40;
family inet {
mtu 9000;
address 64.57.23.89/29;
}
}
unit 41 {
description "WASH 100x100 NetFPGA ";
vlan-id 41;
family inet {
mtu 9000;
address 64.57.23.57/29;
}
}
unit 42 {
description "WASH 100x100 Mgmt";
vlan-id 42;
family inet {
mtu 9000;
address 64.57.23.121/29;
}
}
unit 50 {
description "ISIS vlan";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.37/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:60::29:37/64;
address 2001:468:9:60::1/64;
}
}
}
dsc {
unit 0 {
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.249/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0300.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:9::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.249/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff09::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.4 {
port 4196;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1200::/56;
route 2001:468:0012::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.249;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path WASH->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path WASH->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path WASH->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path WASH->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path WASH->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path WASH->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path WASH->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path WASH->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.249;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:9::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 64.57.16.4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 64.57.16.1;
family inet {
unicast;
multicast;
}
cluster 64.57.16.1;
}
neighbor 2001:468:9:11::16:4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 2001:468:9:11::1;
family inet6 {
unicast;
multicast;
}
}
neighbor 134.68.246.51 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 129.79.43.198 {
multihop {
ttl 10;
}
local-address 64.57.28.249;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:33:250:56ff:fea9:320c {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:9::1;
family inet6 {
unicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 206.196.178.45 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 192.88.192.137 {
description OSCnet;
import [ SANITY-IN SET-PREF OARNET-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 3112;
}
neighbor 204.238.76.5 {
description "Drexel University";
import [ SANITY-IN SET-PREF DREXEL-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 36412;
}
neighbor 192.88.115.24 {
description 3ROX;
import [ SANITY-IN SET-PREF PSC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 5050;
}
neighbor 206.196.177.105 {
description "Mid-Atlantic Crossroads BACKUP peering through NGIX-East";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 138.18.47.41 {
description "Wright State Univ campus inside of Wright-Patterson AFB, Dayton, through DREN/MCI";
import [ SANITY-IN SET-PREF WSU-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 668;
}
neighbor 199.18.156.241 {
description "OSCnet mcast-only for their non-I2 customers";
import [ SANITY-IN SET-PREF OARNET-MULTICAST-IN ];
family inet {
multicast;
}
Authentication Data Removed
peer-as 600;
}
neighbor 192.122.183.9 {
description "MERIT via CLEV R&E";
import [ SANITY-IN SET-PREF MERIT-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 237;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:c00:ffee::1 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
/* turned down temporarily - see ticket 10397 */
inactive: neighbor 2001:468:ff:d4b::2 {
description OSCnet;
import [ SANITY6 SET-PREF OARNET-IN6 ];
Authentication Data Removed
peer-as 3112;
}
neighbor 2001:5e8:0:fffd:0:2:2:1 {
description "Three Rivers Optical Exchange (3ROX)";
import [ SANITY6 SET-PREF PSC-IN6 ];
Authentication Data Removed
peer-as 5050;
}
neighbor 2001:468:ff:185c::2 {
description "Mid-Atlantic Crossroads BACKUP via NGIX-E";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
neighbor 2001:468:ff:0960::2 {
description Drexel;
import [ SANITY6 SET-PREF DREXEL-IN6 ];
Authentication Data Removed
peer-as 36412;
}
neighbor 2001:468:ff:9c2::2 {
description "OSCnet IPv6 Multicast";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 600;
}
neighbor 2001:468:ff:954::2 {
description "Merit R&E IPv6 via WASH";
import [ SANITY6 SET-PREF MERIT-IN6 ];
Authentication Data Removed
peer-as 237;
}
}
inactive: group ISP-MCAST {
import [ SANITY-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 140.173.1.237 {
description "DRAGON - NO NOTIFY";
/* treated as a connector */
import [ SANITY-IN SET-PREF DRAGON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7082;
include-mp-next-hop;
}
neighbor 192.84.8.253 {
description NISN;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FROM-CUDI FEDNET-OUT ];
peer-as 297;
}
neighbor 138.18.47.33 {
description "Dren (Worldcom via UMD NGIX)";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.22 {
description "NREN-Goddard via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 64.57.28.41 {
description "NREN-McLEAN via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 198.124.194.9 {
description "ESNET via NGIX";
Authentication Data Removed
peer-as 293;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
/* ESNET routes exported to GEANT as backup per UCAID agreement with Dante */
neighbor 62.40.125.17 {
description "GEANT (Frankfurt) via MAX";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ DATATAG-DEMO SANITY-OUT ORIGINATE4 ORIGINATE6 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.106 {
description "redCLARA via NGIX and Awave-FIU";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 27750;
}
neighbor 64.57.28.62 {
description "RNP via Atlantic Wave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 1916;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:0798:0014:10AA::11 {
description "GEANT - Frankfurt IPv6";
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:468:ff:18c5::2 {
description "redCLARA via NGIX & Awave-FIU";
Authentication Data Removed
peer-as 27750;
}
neighbor 2001:468:ff:9c4::2 {
description "RNP v6 via Atlantic Wave";
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 RNP-IN6 ];
Authentication Data Removed
peer-as 1916;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:18c2::2 {
description "NREN-Goddard via NGIX";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:18c4::2 {
description "DREN network";
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:09c1::2 {
description "NREN-McLean via NGIX & Dragon";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:9c3::2 {
description "ESNET IPv6 via NGIX";
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 905;
}
/* BACKBONE TO NEWY: R&E Only */
interface xe-0/1/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE to ATLA: CPS Primary and R&E Failover */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 701;
}
/* BACKBONE TO NEWY: CPS Primary and R&E Failover */
interface xe-1/1/0.0 {
level 1 disable;
level 2 metric 280;
}
/* BACKBONE to ATLA: R&E Only */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 700;
}
interface xe-3/0/0.0 {
level 1 disable;
level 2 metric 904;
}
/* OBS ISIS Logging on nms-rpsv.wash */
interface xe-9/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all interface */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.249;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* MAX */
peer 206.196.178.45 {
local-address 206.196.178.46;
}
/* OARNET */
peer 192.88.192.137 {
local-address 192.88.192.138;
}
/* OARNET MCAST-ONLY */
peer 199.18.156.241 {
local-address 199.18.156.242;
}
/* MAX backup peering via NGIX-E */
peer 206.196.177.105 {
local-address 206.196.177.106;
}
/* Drexel University */
peer 204.238.76.5 {
local-address 204.238.76.6;
}
/* Three Rivers Optical Exchange (3ROX) */
peer 192.88.115.24 {
local-address 192.88.115.25;
}
/* MERIT */
peer 192.122.183.9 {
local-address 192.122.183.10;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN (via NGIX-E) */
peer 192.84.8.253 {
local-address 192.84.8.254;
}
/* DREN (via NGIX-E) */
peer 138.18.9.253 {
local-address 138.18.47.34;
}
/* NREN (via NGIX-E) */
peer 198.32.11.22 {
local-address 198.32.11.21;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CLARA via NGIX-AWave */
peer 198.32.11.106 {
local-address 198.32.11.105;
}
/* RNP via Atlantic Wave */
peer 64.57.28.62 {
local-address 64.57.28.61;
}
/* GEANT - Frankfort */
peer 62.40.125.17 {
local-address 62.40.125.18;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
134.68.107.113/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list INGIG;
prefix-list CPS-INGIG {
/* Ball State University */
12.159.195.0/24;
/* Ball State University */
12.159.206.0/23;
/* Ball State University */
12.159.209.0/24;
/* Monroe County Community School Corporation */
66.244.122.0/23;
/* Purdue University Calumet */
69.51.160.0/19;
/* CSPAN Archives */
72.12.215.0/24;
/* Purdue University */
128.10.0.0/16;
/* Purdue University */
128.46.0.0/16;
/* Purdue University */
128.210.0.0/16;
/* Purdue University */
128.211.0.0/16;
/* Indiana University */
129.79.0.0/16;
/* Saint Joseph's College */
131.93.0.0/16;
/* Indiana University */
134.68.0.0/16;
/* Indiana State University */
139.102.0.0/16;
/* Indiana University */
140.182.0.0/16;
/* Saint Mary's College */
147.53.0.0/16;
/* Ball State University */
147.226.0.0/16;
/* Indiana University */
149.159.0.0/16;
/* Indiana University */
149.160.0.0/14;
/* Indiana University */
149.164.0.0/16;
/* Indiana University */
149.165.0.0/16;
/* Indiana University */
149.166.0.0/16;
/* Valparaiso University */
152.228.0.0/16;
/* Indiana University */
156.56.0.0/16;
/* IHETS */
157.91.0.0/16;
/* Earlham College */
159.28.0.0/16;
/* Vincennes University */
159.218.0.0/16;
/* DePauw University */
163.120.0.0/16;
/* Purdue University North Central */
163.245.0.0/16;
/* IHETS */
165.138.0.0/16;
/* IHETS */
165.139.0.0/16;
/* Indianapolis Public Schools */
167.217.0.0/16;
/* IVYTech Community College of Indiana */
168.91.0.0/16;
/* Indiana Purdue Fort Wayne */
168.102.0.0/17;
/* State of Indiana */
192.104.19.0/24;
/* University of Indianapolis */
192.146.191.0/24;
/* University of Indianapolis */
192.146.192.0/24;
/* Manchester College */
192.189.3.0/24;
/* Hanover College */
192.200.128.0/21;
/* University of Southern Indiana */
192.206.9.0/24;
/* University of Southern Indiana */
192.206.10.0/23;
/* Franklin College of Indiana */
192.207.174.0/23;
/* Franklin College of Indiana */
192.207.176.0/23;
/* Franklin College of Indiana */
192.207.178.0/24;
/* Goshen College */
198.51.243.0/24;
/* Goshen College */
198.51.244.0/24;
/* Private Academic Library Network of Indiana */
198.62.84.0/24;
/* Tri-State University */
198.62.98.0/24;
/* IHETS */
199.8.0.0/16;
/* Purdue University - Agriculture Information Technology */
204.52.32.0/20;
/* Purdue University - Agriculture Information Technology */
204.52.48.0/20;
/* Vigo County School Corp. */
205.137.32.0/20;
/* Purdue University Calumet */
205.215.64.0/18;
/* Indiana State Library */
208.119.0.0/16;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAX-PARTICIPANT {
8.21.240.0/21;
63.164.28.0/22;
63.171.236.0/24;
63.239.135.0/24;
65.113.61.0/24;
65.114.168.0/24;
65.114.169.0/24;
65.123.202.0/24;
65.160.123.0/24;
65.162.18.0/23;
65.172.14.0/24;
65.172.70.0/24;
65.254.181.0/24;
65.254.182.0/23;
66.208.61.0/24;
128.8.0.0/16;
128.82.0.0/16;
128.143.0.0/16;
128.150.0.0/16;
128.164.0.0/16;
128.172.0.0/16;
128.173.0.0/16;
128.177.16.0/23;
128.177.18.0/24;
128.220.0.0/16;
128.231.0.0/16;
128.239.0.0/16;
128.244.0.0/16;
129.2.0.0/16;
129.43.0.0/16;
129.165.0.0/16;
129.174.0.0/16;
130.14.0.0/16;
130.129.0.0/16;
134.231.0.0/16;
136.242.0.0/16;
137.54.0.0/16;
137.187.0.0/16;
137.198.0.0/16;
138.220.0.0/16;
139.70.0.0/16;
140.90.0.0/16;
140.147.0.0/16;
140.173.153.0/29;
140.173.170.0/24;
140.173.174.0/26;
140.173.180.0/24;
141.142.204.0/24;
141.161.0.0/16;
141.166.0.0/16;
147.9.0.0/16;
148.129.0.0/16;
148.129.64.0/19;
148.129.128.0/19;
152.130.0.0/16;
155.206.0.0/16;
156.40.0.0/16;
157.98.0.0/16;
159.230.0.0/16;
161.253.0.0/16;
162.99.224.0/19;
162.129.0.0/16;
164.106.0.0/16;
164.114.0.0/16;
165.112.0.0/16;
167.102.0.0/16;
169.154.0.0/17;
169.154.128.0/17;
170.93.0.0/16;
170.99.0.0/16;
192.5.215.0/24;
192.12.209.0/24;
192.26.10.0/24;
192.35.48.0/24;
192.35.49.0/24;
192.35.129.0/24;
192.52.179.0/24;
192.54.96.0/24;
192.58.3.0/24;
192.58.232.0/24;
192.64.69.0/24;
192.70.187.0/24;
192.86.97.0/24;
192.86.98.0/24;
192.86.99.0/24;
192.86.100.0/24;
192.86.101.0/24;
192.86.102.0/24;
192.86.103.0/24;
192.86.104.0/24;
192.86.105.0/24;
192.86.106.0/24;
192.102.88.0/24;
192.107.190.0/24;
192.107.195.0/24;
192.124.118.0/24;
192.153.43.0/24;
192.156.228.0/24;
192.231.145.0/24;
192.231.146.0/24;
192.231.147.0/24;
192.239.66.0/24;
198.10.49.0/24;
198.31.12.0/24;
198.62.77.0/24;
198.77.76.0/24;
198.77.177.0/24;
198.82.0.0/16;
198.118.0.0/15;
198.181.231.0/24;
198.186.238.0/23;
198.206.32.0/20;
198.206.48.0/21;
199.0.138.0/23;
199.7.91.0/24;
199.26.254.0/24;
199.75.86.0/23;
199.79.165.0/24;
199.79.166.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.125.175.0/24;
199.248.201.0/24;
199.249.158.0/24;
204.91.114.0/24;
204.145.182.0/24;
204.192.128.0/17;
204.194.224.0/22;
204.194.228.0/23;
205.128.154.0/23;
205.131.248.0/21;
205.156.0.0/19;
205.156.32.0/20;
205.156.48.0/21;
205.160.38.0/23;
205.253.57.0/24;
206.196.160.0/19;
206.196.176.0/21;
206.229.212.0/22;
206.241.0.0/22;
206.241.3.0/24;
206.241.145.0/24;
206.241.148.0/23;
206.241.252.0/24;
206.241.253.0/24;
207.77.112.0/20;
207.245.162.0/24;
208.16.73.0/24;
208.22.77.0/24;
208.22.78.0/24;
208.34.72.0/22;
208.35.27.64/26;
216.38.95.0/24;
}
prefix-list MAX-SPONSORED {
38.105.72.0/22;
38.118.3.0/24;
65.127.220.0/23;
67.133.232.0/23;
160.111.0.0/16;
160.253.0.0/16;
192.12.83.0/24;
192.207.234.0/24;
192.239.84.0/24;
192.245.136.0/24;
198.91.32.0/21;
198.91.40.0/23;
199.33.3.0/24;
199.133.3.0/24;
199.133.32.0/24;
199.133.35.0/24;
199.133.38.0/24;
199.133.45.0/24;
199.133.46.0/24;
199.133.47.0/24;
199.133.48.0/24;
199.133.49.0/24;
199.133.51.0/24;
199.133.52.0/24;
199.133.54.0/24;
199.133.55.0/24;
199.133.56.0/24;
199.133.57.0/24;
199.133.58.0/24;
199.133.59.0/24;
199.133.60.0/24;
199.133.61.0/24;
199.133.62.0/24;
199.133.63.0/24;
199.133.64.0/24;
199.133.66.0/24;
199.133.67.0/24;
199.133.69.0/24;
199.133.72.0/24;
199.133.74.0/24;
199.133.75.0/24;
199.133.153.0/24;
199.133.179.0/24;
205.128.219.0/24;
205.128.220.0/22;
}
prefix-list MAX-SEGP {
4.17.88.0/21;
4.79.201.0/26;
64.5.128.0/20;
64.5.141.0/24;
64.5.144.0/24;
64.5.145.0/24;
64.5.147.0/24;
64.5.148.0/24;
64.5.152.0/24;
64.5.155.0/24;
64.5.159.0/24;
64.26.64.0/18;
65.160.148.0/23;
65.168.144.0/24;
66.250.190.0/24;
66.250.191.0/24;
76.7.54.0/23;
130.85.0.0/16;
131.118.0.0/16;
131.171.0.0/16;
134.192.0.0/16;
136.160.0.0/16;
137.45.0.0/16;
138.78.0.0/16;
151.188.0.0/16;
158.103.0.0/16;
169.156.0.0/16;
192.33.115.0/24;
192.33.116.0/24;
192.33.117.0/24;
192.131.232.0/24;
192.146.226.0/24;
192.188.199.0/24;
198.38.16.0/20;
198.51.208.0/24;
198.69.82.0/24;
198.200.181.0/24;
198.202.0.0/21;
199.88.192.0/24;
204.52.128.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.152.152.0/23;
204.153.76.0/22;
207.86.27.160/27;
208.27.92.0/22;
208.40.149.48/28;
208.40.161.64/27;
208.40.177.0/24;
208.40.194.0/24;
208.91.160.0/22;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.8/29;
209.114.187.240/29;
209.116.253.32/27;
209.243.32.0/20;
216.54.48.0/23;
216.152.80.0/20;
}
prefix-list MAX-PARTICIPANTS6 {
2001:468:C00::/40;
2001:468:ffff:9c4::/64;
2001:468:ffff:185c::/64;
2001:04d0:9c00::/40;
2001:500:2D::/48;
2610:20:8000::/35;
2610:D8::/32;
2620:0:9D0::/48;
2620:0000:0bc0::/48;
}
prefix-list OARNET-PARTICIPANT {
64.93.128.0/17;
64.247.64.0/18;
65.43.196.0/22;
128.146.0.0/16;
129.22.0.0/16;
129.137.0.0/16;
130.101.0.0/16;
130.108.0.0/16;
131.123.0.0/16;
131.183.0.0/16;
132.235.0.0/16;
136.247.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
169.240.0.0/16;
192.5.109.0/24;
192.5.110.0/24;
192.5.111.0/24;
192.5.112.0/24;
192.5.113.0/24;
192.88.191.0/24;
192.88.192.0/24;
192.88.193.0/24;
192.88.194.0/24;
192.88.195.0/24;
192.132.213.0/24;
192.138.88.0/24;
192.148.235.0/24;
192.148.236.0/22;
192.148.240.0/21;
192.148.244.0/24;
192.148.248.0/22;
192.148.250.0/24;
192.148.251.0/24;
192.153.27.0/24;
192.153.28.0/24;
192.153.36.0/24;
192.153.37.0/24;
192.153.38.0/24;
/* Ohio Supercomputing Center */
192.153.39.0/24;
192.153.40.0/24;
192.153.41.0/24;
192.157.5.0/24;
192.232.26.0/23;
/* OSU */
192.232.26.0/24;
/* OSU */
192.232.27.0/24;
192.232.28.0/24;
/* OARnet */
198.30.86.0/24;
/* OARnet */
198.30.87.0/24;
198.206.224.0/24;
199.26.250.0/24;
199.190.226.0/24;
199.217.0.0/21;
199.249.228.0/24;
204.69.191.0/24;
204.128.178.0/24;
206.212.0.0/18;
/* OSCnet */
206.244.46.0/24;
/* OARnet */
206.244.200.0/21;
209.57.6.0/24;
209.57.142.0/24;
}
prefix-list OARNET-SPONSORED {
204.152.48.0/24;
204.152.49.0/24;
205.142.196.0/24;
205.142.197.0/24;
205.142.198.0/24;
205.142.199.0/24;
}
prefix-list OARNET-SEGP {
64.18.32.0/20;
64.113.176.0/20;
64.113.176.0/21;
64.113.184.0/21;
64.254.64.0/20;
65.182.112.0/20;
66.114.0.0/19;
66.144.22.0/24;
66.144.23.0/24;
66.145.194.0/24;
66.145.203.0/24;
66.203.16.0/20;
66.203.32.0/19;
129.1.0.0/16;
131.187.0.0/16;
131.238.0.0/16;
132.162.0.0/16;
134.53.0.0/16;
136.227.0.0/16;
137.148.0.0/16;
138.28.0.0/16;
140.103.0.0/16;
140.106.0.0/16;
140.141.0.0/16;
140.220.0.0/16;
140.228.0.0/16;
141.110.0.0/16;
141.139.0.0/16;
143.105.0.0/16;
143.206.0.0/16;
144.50.0.0/16;
146.78.0.0/16;
146.85.0.0/16;
149.143.0.0/16;
150.134.0.0/16;
156.63.57.0/24;
156.63.144.0/24;
156.63.176.0/24;
157.134.0.0/16;
163.11.0.0/16;
164.83.0.0/16;
192.42.153.0/24;
192.55.234.0/24;
192.68.223.0/24;
192.70.252.0/24;
192.131.123.0/24;
192.150.115.0/24;
192.153.31.0/24;
192.153.32.0/24;
192.153.33.0/24;
192.153.34.0/24;
/* The National Underground Railroad Freedom Center (NURFC) */
192.153.35.0/24;
192.232.30.0/24;
198.30.0.0/16;
198.140.201.0/24;
198.203.64.0/18;
198.234.184.0/23;
198.234.187.0/24;
198.234.188.0/22;
198.234.192.0/22;
198.234.196.0/23;
198.234.200.0/21;
199.18.0.0/16;
/* Mount Union College */
199.18.32.0/20;
/* Mount Union College */
199.18.204.0/22;
/* Mount Union College */
199.18.208.0/22;
/* Mount Union College */
199.18.234.0/23;
/* Mount Union College */
199.18.236.0/22;
/* Mount Union College */
199.18.238.0/24;
/* Mount Union College */
199.18.239.0/24;
199.120.181.0/24;
199.218.0.0/16;
204.9.144.0/21;
204.10.216.0/21;
204.10.217.0/24;
204.10.218.0/24;
204.10.219.0/24;
204.10.220.0/24;
204.10.221.0/24;
204.10.222.0/24;
204.10.223.0/24;
204.11.184.0/21;
204.11.184.0/24;
204.11.185.0/24;
204.11.186.0/24;
204.11.187.0/24;
204.11.188.0/24;
204.11.189.0/24;
204.11.190.0/24;
204.11.191.0/24;
204.89.239.0/24;
204.128.217.0/24;
205.133.0.0/16;
206.21.0.0/16;
206.244.0.0/16;
/* Mount Union College */
206.244.128.0/22;
/* Cleveland Institute of Art */
208.50.108.0/24;
208.71.72.0/21;
208.108.0.0/16;
208.108.4.0/22;
208.108.80.0/20;
208.108.80.0/24;
208.108.81.0/24;
208.108.82.0/24;
208.108.83.0/24;
208.108.84.0/24;
208.108.85.0/24;
208.108.86.0/24;
208.108.87.0/24;
208.108.88.0/24;
208.108.89.0/24;
208.108.90.0/24;
208.108.91.0/24;
208.108.92.0/24;
208.108.93.0/24;
208.108.94.0/24;
208.108.95.0/24;
208.108.96.0/20;
208.108.112.0/21;
208.108.120.0/21;
208.108.128.0/21;
208.108.136.0/21;
208.108.144.0/21;
208.108.152.0/21;
208.108.160.0/21;
208.108.168.0/21;
208.108.176.0/21;
208.108.184.0/21;
208.108.192.0/21;
208.108.192.0/24;
208.108.193.0/24;
208.108.194.0/24;
208.108.195.0/24;
208.108.196.0/24;
208.108.197.0/24;
208.108.198.0/24;
208.108.199.0/24;
208.108.200.0/21;
208.108.208.0/20;
208.108.224.0/22;
208.108.228.0/24;
208.108.236.0/24;
208.108.239.0/24;
208.122.64.0/19;
208.122.96.0/20;
209.34.112.0/20;
209.34.112.0/24;
209.34.113.0/24;
209.34.114.0/24;
209.34.115.0/24;
209.34.116.0/24;
209.34.117.0/24;
209.34.118.0/24;
209.34.119.0/24;
209.34.120.0/24;
209.34.121.0/24;
209.34.122.0/24;
209.34.123.0/24;
209.34.124.0/24;
209.34.125.0/24;
209.34.126.0/24;
209.34.127.0/24;
209.57.6.0/24;
209.57.142.0/24;
216.48.128.0/20;
216.48.128.0/21;
}
prefix-list OARNET-PARTICIPANTS6 {
2001:468:b00::/40;
2001:468:B06::/48;
2001:468:1100::/40;
2610:a8::/32;
2620:0:1A10::/48;
}
prefix-list DREXEL-PARTICIPANT {
129.25.0.0/16;
144.118.0.0/16;
192.54.238.0/24;
198.17.30.0/24;
204.238.76.0/24;
}
prefix-list DREXEL-SEGP {
144.26.0.0/16;
/* West Chester University */
144.80.0.0/16;
147.64.0.0/16;
148.137.0.0/16;
151.161.0.0/16;
156.12.0.0/16;
157.62.0.0/16;
157.160.0.0/16;
158.83.0.0/16;
166.66.0.0/16;
192.147.113.0/24;
192.148.218.0/24;
192.148.234.0/24;
192.149.243.0/24;
192.152.127.0/24;
192.153.187.0/24;
192.190.237.0/24;
192.206.29.0/24;
192.234.172.0/24;
198.206.191.0/24;
199.5.197.0/24;
199.5.198.0/23;
199.5.200.0/24;
204.108.160.0/19;
204.235.144.0/21;
204.235.148.0/23;
204.235.158.0/23;
204.235.160.0/20;
205.149.64.0/19;
206.225.96.0/19;
209.250.192.0/19;
}
prefix-list PSC-PARTICIPANT {
63.118.64.0/23;
64.83.144.0/21;
66.71.0.0/17;
75.102.64.0/18;
128.2.0.0/16;
128.118.0.0/16;
128.182.0.0/16;
128.237.0.0/16;
130.49.0.0/16;
130.203.0.0/16;
136.142.0.0/16;
146.186.0.0/16;
147.73.0.0/16;
150.212.0.0/16;
150.231.0.0/16;
157.182.0.0/16;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.12.32.0/24;
192.52.163.0/24;
192.52.164.0/23;
192.52.240.0/24;
192.58.107.0/24;
192.68.217.0/24;
192.80.210.0/24;
192.88.99.0/24;
192.88.114.0/24;
192.88.115.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.101.139.0/24;
192.101.140.0/24;
198.32.224.0/24;
199.111.112.0/20;
199.164.236.0/24;
204.155.176.0/20;
204.194.24.0/22;
204.194.28.0/22;
208.40.174.0/24;
}
prefix-list PSC-SPONSORED {
147.72.107.0/24;
147.72.108.0/22;
147.72.112.0/22;
147.72.116.0/23;
147.72.118.0/24;
192.124.34.0/24;
198.206.16.0/20;
}
prefix-list PSC-SEGP {
63.133.224.0/24;
63.133.225.0/24;
63.133.226.0/24;
63.133.227.0/24;
63.133.228.0/24;
63.133.229.0/24;
63.133.230.0/24;
63.133.231.0/24;
63.133.232.0/24;
63.133.233.0/24;
63.133.234.0/24;
63.133.235.0/24;
63.133.236.0/24;
63.133.237.0/24;
63.133.238.0/24;
63.133.239.0/24;
63.133.240.0/24;
63.133.241.0/24;
63.133.242.0/24;
63.133.243.0/24;
63.133.244.0/24;
63.133.245.0/24;
63.133.246.0/24;
63.133.247.0/24;
63.133.248.0/24;
63.133.249.0/24;
63.133.250.0/24;
63.133.251.0/24;
63.133.252.0/24;
63.133.253.0/24;
63.133.254.0/24;
63.133.255.0/24;
64.83.132.0/24;
64.83.133.0/24;
64.83.134.0/24;
64.83.135.0/24;
64.83.136.0/24;
64.83.137.0/24;
64.83.138.0/24;
64.83.140.0/24;
64.83.141.0/24;
64.83.142.0/24;
64.83.143.0/24;
64.83.144.0/21;
64.83.152.0/24;
64.83.153.0/24;
64.83.154.0/24;
64.83.155.0/24;
64.83.158.0/24;
65.110.114.0/24;
65.170.110.0/24;
66.146.224.0/24;
66.146.225.0/24;
66.146.226.0/24;
66.146.227.0/24;
66.146.228.0/24;
66.146.229.0/24;
66.146.231.0/24;
66.230.74.32/28;
69.7.100.0/24;
69.7.104.0/24;
69.7.105.0/24;
69.7.106.0/24;
69.7.107.0/24;
69.7.108.0/24;
69.7.110.0/24;
69.7.111.0/24;
72.23.246.0/24;
72.237.88.0/22;
147.72.67.192/26;
150.232.0.0/16;
199.2.216.0/24;
204.96.142.0/24;
204.96.143.0/24;
205.144.32.0/20;
207.255.151.0/24;
208.40.128.0/24;
208.40.149.48/28;
208.40.161.64/27;
208.40.167.0/24;
208.40.174.0/24;
208.40.177.0/24;
208.40.180.0/24;
208.40.194.0/24;
209.114.140.0/23;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.240/29;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list SOX-BACKUP-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.24.0/24;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.90.0.0/16;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
}
prefix-list SOX-BACKUP-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-BACKUP-SPONSORED {
66.187.234.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/18;
152.97.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
prefix-list SOX-BACKUP-SEGP {
64.56.80.0/23;
72.158.165.0/24;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.232.128.0/18;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-BACKUP-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-BACKUP-EXCEPTION-FEDNET {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-BACKUP-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list OARNET-CPSONLY {
12.41.33.0/24;
64.18.32.0/20;
64.31.64.0/18;
64.31.64.0/19;
65.163.228.0/23;
66.100.144.0/24;
66.100.145.0/24;
66.100.146.0/24;
66.100.147.0/24;
66.100.148.0/24;
66.100.149.0/24;
66.100.150.0/24;
70.63.30.0/23;
128.156.0.0/16;
131.167.0.0/16;
134.243.0.0/16;
139.88.0.0/16;
162.50.0.0/16;
192.12.205.0/24;
192.55.90.0/23;
192.58.246.0/24;
192.68.143.0/24;
192.131.246.0/24;
192.148.236.0/24;
192.148.237.0/24;
192.148.238.0/24;
192.148.239.0/24;
192.153.26.0/23;
192.153.26.0/24;
192.153.28.0/22;
192.153.29.0/24;
192.153.30.0/24;
192.232.16.0/20;
198.4.94.0/24;
198.179.229.0/24;
198.242.35.0/24;
199.0.140.0/22;
199.26.177.0/24;
199.74.236.0/24;
199.74.237.0/24;
199.176.156.0/24;
199.178.128.0/18;
204.29.170.0/24;
204.90.74.0/24;
206.131.208.0/20;
207.42.216.0/24;
208.93.208.0/22;
209.11.224.0/20;
216.28.31.0/24;
}
prefix-list PSC-PARTICIPANT6 {
2001:468:200::/40;
2001:5e8::/32;
2001:5e8::/33;
2002::/16;
2607:FB28:0:0:0:0:0:0/32;
2607:fb28::/40;
2610:8::/32;
2620:0:DB0::/48;
}
prefix-list WSU-PARTICIPANT {
192.148.236.0/24;
}
prefix-list WSU-EXCEPTION {
138.18.22.16/30;
}
prefix-list DRAGON-PARTICIPANT {
140.173.0.0/16;
}
prefix-list DREXEL-PARTICIPANTS6 {
2001:468:2000::/40;
/* For Pennsylvania SEGP */
2001:49D8:40::/42;
}
prefix-list OARNET-MULTICAST-ROUTES {
128.146.0.0/16;
129.22.0.0/16;
131.123.0.0/16;
131.123.0.0/19;
131.123.32.0/20;
131.123.48.0/20;
131.123.64.0/19;
131.123.96.0/19;
131.123.128.0/17;
137.148.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
192.5.109.0/24;
192.12.205.0/24;
192.68.143.0/24;
192.148.244.0/24;
192.150.115.0/24;
192.153.26.0/24;
192.153.41.0/24;
199.18.139.0/24;
199.18.140.0/24;
199.18.141.0/24;
206.21.72.0/24;
206.21.144.0/24;
206.21.145.0/24;
206.21.146.0/23;
206.21.148.0/22;
206.21.152.0/21;
206.244.152.0/22;
}
prefix-list PSC-EXCEPTION-SEGP {
208.40.149.48/28;
208.40.161.64/27;
209.114.187.8/29;
209.114.187.240/29;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list CPS-3ROX-CPS-ONLY {
12.169.112.0/24;
63.118.64.0/23;
147.72.64.0/18;
147.128.0.0/16;
147.128.68.0/22;
150.212.0.0/16;
158.83.0.0/16;
162.51.0.0/16;
163.129.0.0/16;
169.144.0.0/16;
192.88.115.0/24;
192.231.242.0/24;
204.9.144.0/21;
209.131.80.0/20;
216.152.144.0/20;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list CPS-MERIT {
35.0.0.0/8;
64.107.0.0/16;
64.109.158.0/23;
64.150.0.0/17;
65.79.0.0/17;
65.174.34.0/23;
66.99.0.0/16;
66.158.0.0/17;
66.202.192.0/19;
66.202.224.0/19;
69.176.128.0/19;
71.154.188.0/23;
72.3.0.0/17;
72.14.226.0/24;
131.230.0.0/16;
139.67.0.0/18;
141.209.0.0/16;
141.210.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
143.43.0.0/17;
143.195.0.0/16;
143.207.0.0/16;
144.74.0.0/16;
146.9.0.0/16;
146.163.0.0/16;
147.124.0.0/16;
147.126.64.0/19;
148.61.0.0/16;
155.139.0.0/16;
157.178.0.0/16;
158.80.0.0/16;
158.80.0.0/21;
158.80.64.0/21;
161.57.0.0/16;
163.191.0.0/19;
163.191.32.0/19;
163.191.64.0/19;
163.191.96.0/19;
163.191.128.0/19;
163.191.160.0/19;
163.191.192.0/19;
163.191.224.0/19;
164.68.96.0/19;
164.68.128.0/17;
164.76.0.0/16;
165.68.0.0/16;
165.188.0.0/16;
167.141.0.0/16;
167.165.0.0/16;
170.27.0.0/16;
192.35.161.0/24;
192.35.162.0/23;
192.35.170.0/24;
192.41.229.0/24;
192.41.232.0/22;
192.41.236.0/23;
192.41.238.0/24;
192.77.125.0/24;
192.86.159.0/24;
192.88.242.0/24;
192.94.173.0/24;
192.101.250.0/24;
192.108.188.0/24;
192.108.189.0/24;
192.108.190.0/24;
192.108.191.0/24;
192.122.181.0/24;
192.122.183.0/24;
192.122.184.0/24;
192.122.186.0/24;
192.122.200.0/24;
192.138.137.0/24;
192.153.163.0/24;
192.153.192.0/24;
192.160.165.0/24;
192.175.20.0/24;
192.188.100.0/24;
192.188.118.0/24;
192.203.136.0/23;
192.203.195.0/24;
192.231.113.0/24;
192.231.253.0/24;
192.234.14.0/23;
192.234.16.0/24;
192.245.252.0/24;
192.245.254.0/24;
198.17.130.0/23;
198.17.132.0/23;
198.17.134.0/24;
198.40.16.0/20;
198.49.116.0/23;
198.49.118.0/24;
198.108.0.0/14;
198.108.140.0/23;
198.111.209.0/24;
198.111.220.0/24;
199.15.0.0/21;
199.20.8.0/21;
199.89.229.0/24;
199.189.8.0/21;
204.38.0.0/15;
204.106.17.0/24;
204.238.189.0/24;
206.166.0.0/17;
207.63.0.0/16;
207.72.0.0/14;
207.74.92.0/24;
207.74.239.0/24;
207.246.160.0/19;
208.68.24.0/22;
209.7.0.0/16;
209.174.0.0/16;
209.175.0.0/16;
216.24.124.0/22;
216.124.0.0/16;
216.125.0.0/16;
216.182.144.0/20;
216.240.208.0/20;
}
prefix-list MERIT-CORPORATE {
136.1.0.0/16;
136.2.0.0/16;
136.8.32.0/22;
165.215.0.0/16;
192.195.245.0/24;
}
prefix-list MERIT-PARTICIPANT {
35.0.0.0/8;
65.174.34.0/23;
67.194.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
146.9.0.0/16;
155.139.0.0/16;
192.12.80.0/24;
192.31.238.0/24;
192.35.164.0/22;
192.35.169.0/24;
192.41.229.0/24;
192.41.230.0/23;
192.41.232.0/22;
192.41.236.0/23;
/* Alma College */
192.101.250.0/24;
192.122.182.0/23;
192.122.200.0/24;
192.203.195.0/24;
192.231.253.0/24;
198.30.180.0/23;
198.108.0.0/14;
198.108.0.0/24;
198.108.1.0/24;
198.108.2.0/24;
198.108.5.0/24;
198.108.18.0/23;
/* Michigan Information Technology Center Foundation (MICT) */
198.108.26.0/23;
/* UMichigan */
198.108.60.0/22;
198.108.62.0/24;
198.108.63.0/24;
198.108.95.0/24;
198.108.96.0/24;
198.108.182.0/24;
198.108.184.0/24;
/* Alma College */
198.108.232.0/24;
198.109.65.0/24;
198.109.240.0/20;
198.110.192.0/20;
198.110.216.0/21;
198.111.172.0/24;
198.111.212.0/23;
198.111.224.0/22;
204.38.0.0/15;
204.38.0.0/22;
204.38.16.0/21;
204.38.56.0/21;
204.38.160.0/23;
204.38.166.0/23;
204.38.168.0/22;
204.38.172.0/23;
204.38.174.0/24;
204.38.181.0/24;
204.38.182.0/23;
204.38.184.0/21;
204.38.192.0/20;
207.72.0.0/14;
207.73.136.0/23;
207.73.152.0/21;
207.73.208.0/24;
207.73.212.0/23;
207.74.72.0/22;
207.75.140.0/24;
207.75.144.0/20;
207.75.164.0/23;
207.75.166.0/23;
}
prefix-list MERIT-PARTICIPANT6 {
2001:468:1100::/40;
2001:468:1400::/40;
2001:468:1f09::/48;
2001:48A8::/32;
2607:f388::/32;
2620:0:CE0::/48;
}
prefix-list MERIT-SPONSORED {
/* NOAA/GLERL */
192.94.173.0/24;
198.108.7.0/24;
/* Ithaca Harbors, Inc */
198.108.24.0/24;
198.108.102.0/23;
/* MERIT-NOAA Thunder Bay National Marine Sanctuary */
198.108.237.0/24;
/* Van Andel Institute */
198.110.167.0/24;
/* Macomb Community College MICH-858 */
198.111.56.0/23;
/* NOAA/GLERL */
207.74.57.0/24;
207.75.32.0/21;
}
prefix-list MERIT-SEGP {
63.175.128.0/23;
/* Kent Intermediate School District */
64.49.112.0/20;
64.90.128.0/20;
65.174.34.0/23;
66.202.192.0/18;
/* Hillsdale College MichNet SEGP */
69.58.32.0/19;
136.181.0.0/16;
141.209.0.0/16;
141.210.0.0/16;
/* Andrews University */
143.207.0.0/16;
147.124.0.0/16;
148.61.0.0/16;
148.149.0.0/16;
155.138.0.0/16;
158.80.0.0/16;
161.57.0.0/16;
162.108.0.0/16;
164.76.0.0/16;
167.240.0.0/16;
192.65.215.0/24;
192.88.242.0/24;
192.122.181.0/24;
192.138.137.0/24;
192.245.252.0/24;
192.245.254.0/24;
/* OHIO SEGP */
198.30.112.0/24;
198.108.4.0/24;
198.108.8.0/21;
198.108.20.0/24;
198.108.25.0/24;
198.108.26.0/23;
198.108.28.0/22;
/* Washtenaw Community College */
198.108.48.0/23;
/* Washtenaw Community College */
198.108.50.0/24;
198.108.51.0/24;
198.108.52.0/22;
198.108.64.0/20;
/* Adrian College */
198.108.80.0/21;
/* Washtenaw Community College */
198.108.97.0/24;
198.108.101.0/24;
/* Kalamazoo Regional Educational Service Agency */
198.108.158.0/24;
/* Calhoun ISD */
198.108.176.0/20;
198.108.192.0/24;
/* Northwestern Michigan College */
198.108.196.0/22;
198.108.208.0/23;
/* Northwestern Michigan College */
198.108.212.0/23;
/* Northwestern Michigan College */
198.108.218.0/24;
/* Alpena Community College */
198.108.228.0/22;
/* Saginaw ISD */
198.108.234.0/24;
/* Madonna University */
198.109.72.0/22;
198.109.172.0/23;
/* Hillsdale College */
198.109.208.0/24;
198.109.220.0/22;
198.109.229.0/24;
198.109.230.0/23;
198.109.232.0/21;
198.110.0.0/21;
198.110.11.0/24;
198.110.12.0/22;
198.110.24.0/21;
/* Grand Rapids Community College */
198.110.72.0/21;
/* Grand Rapids Community College */
198.110.83.0/24;
/* Grand Rapids Community College */
198.110.88.0/23;
198.110.92.0/24;
/* Hope College */
198.110.96.0/20;
198.110.132.0/22;
198.110.136.0/21;
198.110.149.0/24;
198.110.150.0/23;
198.110.152.0/24;
198.110.156.0/22;
/* Saginaw ISD */
198.110.163.0/24;
/* Saginaw ISD */
198.110.164.0/24;
198.110.168.0/21;
198.110.176.0/21;
/* Saginaw ISD */
198.110.224.0/21;
198.111.36.0/22;
198.111.64.0/21;
198.111.72.0/22;
198.111.76.0/23;
198.111.79.0/24;
/* MMNET */
198.111.152.0/21;
198.111.160.0/21;
198.111.168.0/24;
/* Washtenaw Community College */
198.111.171.0/24;
198.111.175.0/24;
/* Washtenaw Community College */
198.111.176.0/23;
198.111.180.0/24;
/* Alpena Community College */
198.111.182.0/24;
198.111.196.0/22;
/* Saginaw ISD */
198.111.208.0/24;
/* Saginaw ISD */
198.111.214.0/23;
198.111.240.0/21;
198.111.250.0/23;
198.111.252.0/22;
198.151.162.0/24;
199.33.196.0/24;
204.22.0.0/15;
204.24.0.0/15;
/* Saginaw ISD */
204.38.33.0/24;
204.38.36.0/23;
204.38.38.0/24;
/* Saginaw ISD */
204.38.46.0/23;
/* Northwestern Michigan College */
204.38.128.0/20;
/* Kalamazoo Regional Educational Service Agency */
204.38.208.0/20;
204.39.0.0/17;
204.39.128.0/18;
204.39.194.0/24;
204.75.208.0/20;
206.57.128.0/17;
/* Washtenaw Community College */
207.72.2.0/23;
/* Washtenaw Community College */
207.72.4.0/23;
207.72.6.0/24;
207.72.34.0/23;
207.72.36.0/22;
207.72.40.0/23;
207.72.48.0/24;
207.72.64.0/22;
207.72.68.0/24;
207.72.72.0/24;
207.72.76.0/22;
207.73.32.0/19;
207.73.64.0/23;
207.73.68.0/23;
/* Calhoun ISD */
207.73.96.0/20;
/* Kalamazoo Regional Educational Service Agency */
207.73.116.0/22;
/* Kalamazoo Regional Educational Service Agency */
207.73.120.0/21;
207.73.128.0/21;
207.73.136.0/24;
207.73.138.0/23;
207.73.140.0/22;
/* MMNET */
207.73.144.0/23;
/* Calhoun ISD */
207.73.152.0/22;
/* Calhoun ISD */
207.73.156.0/23;
/* Calhoun ISD */
207.73.158.0/24;
/* Calhoun ISD */
207.73.159.0/24;
207.73.160.0/21;
207.73.174.0/23;
207.73.180.0/22;
207.73.184.0/21;
207.73.219.0/24;
207.73.240.0/21;
207.73.248.0/22;
207.73.252.0/22;
207.74.0.0/24;
207.74.4.0/22;
207.74.8.0/21;
207.74.22.0/23;
/* Grand Rapids Community College */
207.74.24.0/21;
207.74.24.0/22;
/* Grand Rapids Community College */
207.74.29.0/24;
/* Grand Rapids Community College */
207.74.30.0/23;
207.74.67.0/24;
207.74.69.0/24;
207.74.77.32/27;
207.74.84.0/22;
/* MMNET */
207.74.84.0/23;
207.74.88.0/23;
207.74.94.0/23;
207.74.104.0/22;
207.74.115.0/24;
207.74.118.0/23;
207.74.138.0/23;
207.74.140.0/22;
/* Oakland University */
207.74.149.0/24;
/* Madonna University */
207.74.168.0/24;
207.74.189.0/24;
/* Northwestern Michigan College */
207.74.224.0/22;
/* Northwestern Michigan College */
207.74.232.0/21;
207.75.55.0/24;
207.75.96.0/24;
207.75.112.0/24;
/* Washtenaw Community College */
207.75.132.0/22;
/* Washtenaw Community College */
207.75.136.0/24;
207.75.160.0/22;
207.75.208.0/20;
207.75.226.0/23;
207.75.228.0/23;
208.68.24.0/22;
216.11.0.0/16;
}
prefix-list CPS-TR6 {
2001:468:E00::/40;
2001:1860::/32;
2001:1878::/32;
2001:48D0::/32;
2607:F010::/32;
2607:F088::/32;
2607:F140::/32;
2607:F278::/32;
2607:F290::/32;
2607:F378::/32;
2607:F6D0::/32;
2610:10::/32;
2610:128::/32;
2620:0:DD0::/48;
}
prefix-list CPS-TR {
8.6.244.0/23;
12.4.228.0/24;
12.169.112.0/24;
12.169.197.0/24;
12.174.210.0/23;
13.7.128.0/21;
24.123.189.0/24;
24.199.205.0/24;
38.103.168.0/22;
38.114.142.0/23;
38.118.194.0/24;
38.118.211.0/24;
44.0.0.0/8;
59.191.208.0/20;
63.81.164.0/22;
63.118.64.0/23;
63.193.200.0/24;
63.199.32.0/21;
63.199.40.0/22;
63.199.44.0/24;
63.202.49.0/24;
63.207.252.0/22;
63.230.184.0/22;
63.247.0.0/19;
64.39.112.0/20;
64.54.0.0/16;
64.56.80.0/20;
64.69.144.0/20;
64.89.97.0/24;
64.92.176.0/20;
64.112.240.0/20;
64.147.208.0/20;
64.163.132.0/22;
64.185.120.0/21;
64.191.244.0/24;
65.115.176.0/23;
65.170.110.0/24;
65.197.4.0/22;
65.213.184.0/22;
66.4.0.0/15;
66.64.64.0/19;
66.71.0.0/17;
66.96.64.0/20;
66.186.144.0/20;
66.194.104.0/23;
66.194.217.0/24;
66.195.118.0/23;
66.244.0.0/18;
66.244.122.0/23;
67.17.206.0/24;
67.58.32.0/19;
67.159.64.0/18;
67.201.0.0/16;
67.230.192.0/20;
68.65.160.0/20;
68.115.226.0/24;
68.179.192.0/19;
68.181.0.0/16;
68.208.127.0/24;
69.41.16.0/20;
69.44.86.0/23;
69.56.64.0/18;
69.65.160.0/19;
69.88.160.0/19;
69.91.128.0/17;
69.147.139.0/24;
69.166.32.0/19;
69.196.32.0/19;
70.33.64.0/18;
70.63.88.0/24;
72.10.8.0/22;
72.14.32.0/19;
72.162.224.0/19;
72.166.150.0/24;
72.233.128.0/17;
72.237.88.0/22;
72.250.224.0/19;
74.51.115.0/24;
74.117.168.0/22;
74.119.168.0/22;
74.214.64.0/19;
75.102.64.0/18;
76.78.96.0/19;
76.165.0.0/16;
96.4.0.0/15;
97.107.64.0/20;
128.2.0.0/16;
128.3.0.0/16;
128.9.0.0/16;
128.12.0.0/16;
128.32.0.0/16;
128.48.0.0/16;
128.54.0.0/16;
128.61.0.0/16;
128.62.0.0/16;
128.82.0.0/15;
128.95.0.0/16;
128.97.0.0/16;
128.99.0.0/16;
128.109.0.0/16;
128.110.0.0/15;
128.110.0.0/16;
128.114.0.0/16;
128.116.0.0/15;
128.118.0.0/16;
128.120.0.0/16;
128.125.0.0/16;
128.138.0.0/16;
128.143.0.0/16;
128.147.0.0/16;
128.149.0.0/16;
128.169.0.0/16;
128.171.0.0/16;
128.173.0.0/16;
128.182.0.0/16;
128.184.0.0/16;
128.186.0.0/15;
128.187.0.0/16;
128.192.0.0/16;
128.194.0.0/16;
128.195.0.0/16;
128.198.0.0/16;
128.200.0.0/16;
128.208.0.0/16;
128.218.0.0/16;
128.227.0.0/16;
128.237.0.0/16;
128.241.65.0/24;
128.250.0.0/16;
129.4.0.0/16;
129.8.0.0/16;
129.15.0.0/16;
129.19.0.0/16;
129.65.0.0/16;
129.66.0.0/16;
129.72.0.0/16;
129.78.0.0/16;
129.81.0.0/16;
129.82.0.0/16;
129.94.0.0/15;
129.95.0.0/16;
129.96.0.0/16;
129.101.0.0/16;
129.106.0.0/15;
129.108.0.0/14;
129.113.0.0/16;
129.114.0.0/15;
129.116.0.0/15;
129.123.0.0/16;
129.127.0.0/16;
129.171.0.0/16;
129.180.0.0/16;
129.193.0.0/16;
129.207.0.0/16;
129.244.0.0/16;
130.17.0.0/16;
130.18.0.0/16;
130.20.0.0/16;
130.39.0.0/16;
130.49.0.0/16;
130.56.0.0/16;
130.65.0.0/16;
130.70.0.0/16;
130.74.0.0/16;
130.85.0.0/16;
130.86.0.0/16;
130.95.0.0/16;
130.102.0.0/16;
130.116.0.0/16;
130.127.0.0/16;
130.130.0.0/16;
130.150.0.0/16;
130.152.0.0/16;
130.155.0.0/16;
130.157.0.0/16;
130.166.0.0/16;
130.182.0.0/16;
130.184.0.0/16;
130.191.0.0/16;
130.194.0.0/16;
130.203.0.0/16;
130.207.0.0/16;
130.212.0.0/16;
130.218.0.0/16;
130.220.0.0/15;
130.253.0.0/16;
130.254.0.0/16;
131.91.0.0/16;
131.94.0.0/15;
131.118.0.0/16;
131.144.0.0/16;
131.170.0.0/16;
131.171.0.0/16;
131.172.0.0/16;
131.179.0.0/16;
131.181.0.0/16;
131.185.0.0/16;
131.204.0.0/16;
131.215.0.0/16;
131.216.0.0/15;
131.236.0.0/16;
131.242.0.0/16;
131.243.0.0/16;
131.244.0.0/15;
131.247.0.0/16;
131.252.0.0/16;
132.160.0.0/16;
132.163.0.0/16;
132.170.0.0/16;
132.194.0.0/16;
132.234.0.0/16;
132.239.0.0/16;
132.241.0.0/16;
132.249.0.0/16;
134.4.0.0/16;
134.7.0.0/16;
134.39.0.0/16;
134.45.0.0/16;
134.50.0.0/16;
134.69.0.0/16;
134.70.0.0/15;
134.79.0.0/16;
134.89.0.0/16;
134.115.0.0/16;
134.121.0.0/16;
134.139.0.0/16;
134.148.0.0/16;
134.154.0.0/16;
134.173.0.0/16;
134.178.0.0/16;
134.187.32.0/24;
134.192.0.0/16;
134.197.0.0/16;
134.224.0.0/16;
134.250.0.0/16;
135.23.0.0/16;
135.154.0.0/16;
136.142.0.0/16;
136.152.0.0/16;
136.154.0.0/16;
136.160.0.0/16;
136.168.0.0/15;
136.186.0.0/16;
136.235.0.0/16;
136.242.0.0/16;
137.30.0.0/16;
137.52.0.0/15;
137.53.0.0/16;
137.54.0.0/16;
137.75.0.0/16;
137.78.0.0/15;
137.92.0.0/16;
137.110.0.0/15;
137.131.0.0/16;
137.145.0.0/16;
137.150.0.0/15;
137.154.0.0/16;
137.157.0.0/16;
137.159.0.0/16;
137.164.0.0/16;
137.166.0.0/16;
137.190.0.0/16;
137.219.0.0/16;
137.220.0.0/16;
137.228.0.0/15;
137.229.0.0/16;
138.7.0.0/16;
138.23.0.0/16;
138.25.0.0/16;
138.26.0.0/16;
138.44.0.0/16;
138.47.0.0/16;
138.67.0.0/16;
138.77.0.0/16;
138.78.0.0/16;
138.80.0.0/16;
138.86.0.0/16;
138.194.0.0/16;
138.202.0.0/16;
139.52.0.0/16;
139.59.0.0/16;
139.62.0.0/16;
139.78.0.0/16;
139.86.0.0/16;
139.94.0.0/16;
139.132.0.0/16;
139.182.0.0/16;
139.229.0.0/16;
139.230.0.0/16;
140.32.128.0/24;
140.79.0.0/16;
140.90.0.0/16;
140.107.0.0/16;
140.142.0.0/16;
140.144.0.0/16;
140.158.0.0/16;
140.159.0.0/16;
140.160.0.0/16;
140.171.0.0/16;
140.172.0.0/16;
140.197.0.0/16;
140.221.128.0/17;
140.226.0.0/16;
140.253.0.0/16;
141.132.0.0/16;
141.165.0.0/16;
143.88.0.0/16;
143.100.0.0/16;
143.111.0.0/16;
143.132.0.0/16;
143.215.0.0/16;
143.254.0.0/16;
144.6.0.0/16;
144.17.0.0/16;
144.30.0.0/16;
144.35.0.0/16;
144.37.0.0/16;
144.38.0.0/15;
144.97.0.0/16;
144.110.0.0/16;
144.120.0.0/16;
144.167.0.0/16;
144.174.0.0/16;
144.205.0.0/16;
144.215.0.0/16;
146.6.0.0/16;
146.76.0.0/16;
146.79.0.0/16;
146.79.42.0/24;
146.79.44.0/24;
146.79.51.0/24;
146.79.72.0/24;
146.79.80.0/24;
146.79.253.0/24;
146.79.254.0/24;
146.86.0.0/16;
146.118.0.0/16;
146.129.0.0/16;
146.186.0.0/15;
146.201.0.0/16;
146.221.0.0/16;
146.229.0.0/16;
146.244.0.0/16;
147.26.0.0/16;
147.55.0.0/16;
147.56.0.0/16;
147.70.0.0/16;
147.72.0.0/15;
147.97.0.0/16;
147.128.68.0/22;
147.144.0.0/16;
147.153.0.0/16;
147.174.0.0/16;
148.231.0.0/16;
149.142.0.0/16;
149.144.0.0/16;
149.168.0.0/16;
149.171.0.0/16;
150.131.0.0/16;
150.176.0.0/16;
150.182.128.0/17;
150.185.0.0/16;
150.186.0.0/15;
150.188.0.0/15;
150.212.0.0/16;
150.216.0.0/16;
150.231.0.0/16;
150.232.0.0/16;
151.132.0.0/16;
151.195.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
152.79.0.0/16;
152.113.0.0/16;
152.157.0.0/16;
153.18.0.0/16;
153.90.0.0/16;
153.105.0.0/16;
155.31.0.0/16;
155.58.0.0/16;
155.67.0.0/16;
155.97.0.0/16;
155.98.0.0/15;
155.100.0.0/15;
155.135.0.0/16;
156.1.0.0/16;
156.3.0.0/16;
156.74.0.0/16;
156.108.0.0/16;
156.110.0.0/16;
156.143.0.0/16;
157.142.0.0/16;
157.149.0.0/16;
157.182.0.0/16;
157.201.0.0/16;
157.233.0.0/16;
157.242.0.0/16;
158.83.0.0/16;
158.91.0.0/17;
158.91.128.0/18;
158.93.0.0/16;
158.142.0.0/16;
159.1.0.0/16;
159.115.0.0/16;
159.150.0.0/16;
159.178.0.0/16;
160.7.0.0/16;
160.7.0.0/17;
160.7.128.0/18;
160.10.0.0/16;
160.36.0.0/16;
160.64.0.0/16;
160.87.0.0/16;
160.227.0.0/16;
161.28.0.0/16;
161.50.0.0/16;
161.55.0.0/16;
161.97.0.0/16;
161.98.0.0/16;
161.119.0.0/16;
162.51.0.0/16;
162.58.0.0/16;
162.78.0.0/16;
162.89.0.0/16;
163.6.0.0/16;
163.40.0.0/16;
163.118.0.0/16;
163.129.0.0/16;
163.150.0.0/16;
163.246.0.0/16;
163.248.0.0/16;
164.47.0.0/16;
164.58.0.0/16;
164.67.0.0/16;
164.104.0.0/16;
164.110.0.0/15;
164.110.0.0/16;
164.116.0.0/16;
165.6.0.0/16;
165.12.219.0/24;
165.12.253.0/24;
165.24.0.0/16;
165.74.16.0/20;
165.91.0.0/16;
165.95.0.0/16;
165.127.0.0/16;
165.138.0.0/15;
165.151.0.0/16;
165.161.0.0/16;
165.196.0.0/16;
165.239.0.0/16;
165.248.0.0/16;
166.122.0.0/16;
167.72.0.0/16;
167.102.0.0/16;
167.217.0.0/16;
168.8.0.0/13;
168.16.0.0/12;
168.62.16.0/21;
168.99.0.0/16;
168.102.0.0/17;
168.105.0.0/16;
168.156.0.0/16;
168.177.0.0/16;
168.178.0.0/15;
168.180.0.0/16;
168.184.0.0/16;
168.190.0.0/16;
168.212.0.0/15;
168.212.0.0/16;
168.223.0.0/16;
168.254.0.0/16;
169.133.0.0/16;
169.139.0.0/16;
169.199.0.0/16;
169.204.0.0/16;
169.228.0.0/14;
169.232.0.0/15;
169.234.0.0/16;
169.235.0.0/16;
169.236.0.0/15;
170.91.128.0/18;
170.93.0.0/16;
170.99.0.0/16;
170.140.0.0/16;
170.157.0.0/16;
170.190.40.0/22;
171.64.0.0/14;
172.31.254.0/23;
192.0.32.0/20;
192.5.2.0/24;
192.5.10.0/24;
192.5.12.0/24;
192.5.19.0/24;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.5.197.0/24;
192.6.26.0/24;
192.6.70.0/24;
192.12.10.0/24;
192.12.19.0/24;
192.12.22.0/24;
192.12.32.0/24;
192.12.44.0/24;
192.12.56.0/24;
192.12.83.0/24;
192.12.84.0/22;
192.12.121.0/24;
192.12.207.0/24;
192.12.234.0/24;
192.12.240.0/24;
192.16.72.0/24;
192.16.176.0/24;
192.16.180.0/24;
192.26.83.0/24;
192.26.136.0/24;
192.26.250.0/23;
192.26.251.0/24;
192.26.252.0/23;
192.26.254.0/24;
192.30.115.0/24;
192.30.208.0/24;
192.31.21.0/24;
192.31.39.0/24;
192.31.43.0/24;
192.31.83.0/24;
192.31.89.0/24;
192.31.95.0/24;
192.31.105.0/24;
192.31.107.0/24;
192.31.146.0/24;
192.31.153.0/24;
192.31.161.0/24;
192.31.215.0/24;
192.31.216.0/24;
192.33.115.0/24;
192.33.116.0/23;
192.34.239.0/24;
192.35.48.0/23;
192.35.95.0/24;
192.35.96.0/23;
192.35.98.0/24;
192.35.155.0/24;
192.35.162.0/23;
192.35.164.0/22;
192.35.169.0/24;
192.35.193.0/24;
192.35.209.0/24;
192.35.210.0/23;
192.35.210.0/24;
192.35.212.0/22;
192.35.216.0/22;
192.35.221.0/24;
192.35.222.0/23;
192.35.224.0/22;
192.35.225.0/24;
192.35.228.0/24;
192.35.248.0/24;
192.41.70.0/24;
192.41.96.0/22;
192.41.146.0/24;
192.41.208.0/24;
192.42.7.0/24;
192.42.60.0/23;
192.42.62.0/24;
192.42.82.0/24;
192.42.108.0/24;
192.43.207.0/24;
192.43.208.0/23;
192.43.217.0/24;
192.43.226.0/23;
192.43.228.0/23;
192.43.230.0/24;
192.43.239.0/24;
192.43.244.0/24;
192.45.0.0/16;
192.46.80.0/24;
192.48.109.0/24;
192.48.110.0/24;
192.52.106.0/24;
192.52.163.0/24;
192.52.164.0/23;
192.52.240.0/24;
192.54.105.0/24;
192.54.106.0/24;
192.55.87.0/24;
192.55.98.0/24;
192.55.190.0/24;
192.55.219.0/24;
192.55.229.0/24;
192.56.246.0/23;
192.56.248.0/21;
192.58.107.0/24;
192.58.109.0/24;
192.58.110.0/23;
192.58.112.0/22;
192.58.116.0/23;
192.58.221.0/24;
192.64.1.0/24;
192.65.130.0/24;
192.65.200.0/24;
192.67.11.0/24;
192.67.12.0/24;
192.67.20.0/23;
192.67.81.0/24;
192.67.82.0/24;
192.67.134.0/24;
192.68.132.0/24;
192.68.161.0/24;
192.70.135.0/24;
192.70.171.0/24;
192.70.175.0/24;
192.70.216.0/24;
192.73.4.0/24;
192.73.22.0/24;
192.73.48.0/24;
192.76.122.0/24;
192.77.14.0/24;
192.77.116.0/24;
192.78.4.0/24;
192.78.182.0/24;
192.80.27.0/24;
192.80.53.0/24;
192.80.210.0/24;
192.82.111.0/24;
192.82.140.0/24;
192.82.161.0/24;
192.83.123.0/24;
192.83.238.0/24;
192.84.171.0/24;
192.86.78.0/24;
192.88.11.0/24;
192.88.99.0/24;
192.88.107.0/24;
192.88.111.0/24;
192.88.114.0/23;
192.88.122.0/24;
192.88.124.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.92.124.0/24;
192.94.21.0/24;
192.94.22.0/24;
192.94.25.0/24;
192.94.62.0/23;
192.94.64.0/24;
192.94.74.0/24;
192.94.208.0/23;
192.94.227.0/24;
192.94.243.0/24;
192.94.244.0/24;
192.100.16.0/24;
192.101.19.0/24;
192.101.20.0/22;
192.101.24.0/24;
192.101.42.0/24;
192.101.45.0/24;
192.101.58.0/24;
192.101.100.0/22;
192.101.104.0/22;
192.101.108.0/23;
192.101.139.0/24;
192.101.140.0/24;
192.102.5.0/24;
192.102.223.0/24;
192.102.239.0/24;
192.102.250.0/23;
192.103.56.0/24;
192.104.166.0/24;
192.104.174.0/24;
192.105.205.0/24;
192.105.235.0/24;
192.107.9.0/24;
192.107.44.0/24;
192.107.102.0/24;
192.107.180.0/23;
192.111.32.0/24;
192.111.46.0/24;
192.111.53.0/24;
192.111.112.0/24;
192.111.123.0/24;
192.111.213.0/24;
192.120.193.0/24;
192.122.176.0/24;
192.124.98.0/24;
192.124.100.0/24;
192.124.117.0/24;
192.124.152.0/24;
192.124.225.0/24;
192.124.226.0/23;
192.124.228.0/23;
192.124.230.0/24;
192.131.232.0/24;
192.131.251.0/24;
192.132.253.0/24;
192.133.17.0/24;
192.133.41.0/24;
192.135.131.0/24;
192.135.141.0/24;
192.135.237.0/24;
192.135.238.0/24;
192.136.70.0/24;
192.137.210.0/24;
192.138.85.0/24;
192.138.100.0/24;
192.138.168.0/24;
192.138.182.0/24;
192.138.184.0/24;
192.138.240.0/21;
192.146.206.0/24;
192.146.226.0/24;
192.147.30.0/24;
192.147.163.0/24;
192.148.93.0/24;
192.148.96.0/23;
192.148.223.0/24;
192.148.224.0/22;
192.148.228.0/23;
192.148.230.0/24;
192.149.36.0/24;
192.149.56.0/24;
192.149.148.0/24;
192.149.244.0/24;
192.150.88.0/24;
192.150.93.0/24;
192.150.103.0/24;
192.150.130.0/23;
192.150.132.0/23;
192.150.137.0/24;
192.150.138.0/23;
192.150.143.0/24;
192.150.147.0/24;
192.150.186.0/23;
192.150.202.0/24;
192.150.216.0/23;
192.151.82.0/24;
192.151.113.0/24;
192.152.10.0/24;
192.153.43.0/24;
192.153.53.0/24;
192.153.129.0/24;
192.154.1.0/24;
192.154.2.0/24;
192.154.4.0/23;
192.154.6.0/24;
192.154.32.0/19;
192.154.64.0/19;
192.156.134.0/24;
192.156.215.0/24;
192.159.128.0/22;
192.159.138.0/24;
192.160.47.0/24;
192.160.49.0/24;
192.160.133.0/24;
192.160.205.0/24;
192.160.253.0/24;
192.170.96.0/19;
192.172.226.0/24;
192.173.32.0/19;
192.173.32.0/20;
192.173.48.0/22;
192.174.0.0/16;
192.188.101.0/24;
192.188.155.0/24;
192.188.186.0/24;
192.189.45.0/24;
192.189.46.0/23;
192.189.48.0/24;
192.189.244.0/24;
192.190.33.0/24;
192.190.38.0/24;
192.190.45.0/24;
192.195.41.0/24;
192.195.74.0/24;
192.195.86.0/23;
192.195.100.0/24;
192.195.153.0/24;
192.195.154.0/23;
192.195.170.0/24;
192.195.222.0/24;
192.198.4.0/22;
192.203.127.0/24;
192.203.164.0/24;
192.203.199.0/24;
192.203.200.0/24;
192.203.235.0/24;
192.206.65.0/24;
192.206.171.0/24;
192.206.201.0/24;
192.206.244.0/22;
192.207.33.0/24;
192.207.104.0/24;
192.207.124.0/24;
192.207.156.0/22;
192.207.160.0/23;
192.207.173.0/24;
192.207.184.0/24;
192.207.197.0/24;
192.207.198.0/24;
192.207.232.0/24;
192.208.128.0/20;
192.208.144.0/21;
192.208.152.0/22;
192.208.156.0/23;
192.209.32.0/19;
192.209.32.0/20;
192.209.48.0/21;
192.209.56.0/22;
192.209.60.0/23;
192.211.16.0/20;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/23;
192.216.34.0/24;
192.216.173.0/24;
192.220.192.0/24;
192.220.200.0/21;
192.222.32.0/19;
192.228.79.0/24;
192.230.0.0/20;
192.231.3.0/24;
192.231.41.0/24;
192.231.56.0/24;
192.231.127.0/24;
192.231.166.0/23;
192.231.179.0/24;
192.231.191.0/24;
192.231.192.0/24;
192.231.212.0/24;
192.231.242.0/24;
192.234.12.0/23;
192.235.0.0/20;
192.237.67.0/24;
192.245.165.0/24;
192.245.210.0/23;
192.245.212.0/22;
192.245.216.0/23;
192.245.221.0/24;
192.245.222.0/23;
192.245.224.0/24;
192.247.128.0/17;
192.248.180.0/24;
192.249.0.0/20;
192.251.207.0/24;
196.13.32.0/22;
198.1.16.0/21;
198.1.24.0/23;
198.7.64.0/19;
198.11.4.0/22;
198.11.16.0/20;
198.17.13.0/24;
198.17.46.0/23;
198.17.101.0/24;
198.17.195.0/24;
198.17.223.0/24;
198.22.91.0/24;
198.29.0.0/22;
198.32.16.0/24;
198.32.20.0/24;
198.32.64.0/24;
198.32.155.0/24;
198.32.166.0/24;
198.32.170.0/23;
198.32.173.0/24;
198.32.216.0/24;
198.32.224.0/24;
198.32.248.0/23;
198.32.251.0/24;
198.32.252.0/24;
198.38.64.0/21;
198.48.64.0/19;
198.49.6.0/24;
198.49.31.0/24;
198.49.104.0/24;
198.49.166.0/24;
198.49.215.0/24;
198.49.222.0/24;
198.51.111.0/24;
198.51.208.0/24;
198.55.8.0/21;
198.59.0.0/16;
198.59.2.0/24;
198.59.7.0/24;
198.59.46.0/23;
198.59.48.0/23;
198.59.54.0/23;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/23;
198.59.87.0/24;
198.59.89.0/24;
198.59.93.0/24;
198.60.0.0/16;
198.60.0.0/18;
198.60.64.0/19;
198.60.96.0/20;
198.60.112.0/21;
198.60.217.0/24;
198.60.218.0/23;
198.60.220.0/22;
198.60.224.0/22;
198.60.238.0/24;
198.62.72.0/24;
198.62.77.0/24;
198.62.88.0/23;
198.62.142.0/24;
198.62.236.0/24;
198.72.64.0/21;
198.72.72.0/22;
198.82.0.0/16;
198.85.0.0/16;
198.86.0.0/16;
198.97.62.0/24;
198.99.93.0/24;
198.99.100.0/23;
198.99.201.0/24;
198.102.159.0/24;
198.104.0.0/17;
198.104.64.0/18;
198.104.160.0/20;
198.104.232.0/21;
198.105.128.0/20;
198.118.206.0/24;
198.133.185.0/24;
198.133.204.0/24;
198.134.135.0/24;
198.135.121.0/24;
198.135.235.0/24;
198.136.8.0/21;
198.136.130.0/24;
198.137.16.0/20;
198.137.147.0/24;
198.137.151.0/24;
198.137.152.0/23;
198.137.167.0/24;
198.137.224.0/24;
198.144.160.0/20;
198.147.64.0/18;
198.147.138.0/23;
198.147.151.0/24;
198.147.237.0/24;
198.147.238.0/24;
198.148.64.0/21;
198.148.72.0/22;
198.148.76.0/24;
198.153.169.0/24;
198.173.134.0/24;
198.175.158.0/24;
198.175.250.0/24;
198.175.251.0/24;
198.175.252.0/24;
198.178.194.0/24;
198.178.254.0/24;
198.179.130.0/24;
198.180.4.0/22;
198.180.132.0/22;
198.181.220.0/24;
198.181.223.0/24;
198.181.224.0/23;
198.181.226.0/24;
198.181.251.0/24;
198.182.205.0/24;
198.183.128.0/22;
198.183.248.0/23;
198.184.147.0/24;
198.184.209.0/24;
198.186.182.0/24;
198.186.216.0/24;
198.186.220.0/23;
198.187.0.0/22;
198.187.154.0/24;
198.187.221.0/24;
198.187.222.0/24;
198.188.0.0/15;
198.200.158.0/24;
198.200.160.0/24;
198.202.0.0/21;
198.202.64.0/18;
198.202.65.0/24;
198.202.66.0/23;
198.202.68.0/23;
198.202.70.0/24;
198.202.144.0/23;
198.202.201.0/24;
198.202.202.0/24;
198.202.242.0/24;
198.203.153.0/24;
198.204.126.0/24;
198.206.16.0/20;
198.207.138.0/23;
198.207.153.0/24;
198.207.156.0/24;
198.207.188.0/24;
198.207.222.0/24;
198.213.0.0/16;
198.214.0.0/15;
198.216.0.0/16;
198.232.64.0/19;
198.232.96.0/21;
198.232.136.0/24;
198.232.231.0/24;
198.238.0.0/15;
198.243.6.0/24;
198.245.16.0/20;
198.251.100.0/22;
199.2.216.0/24;
199.5.154.0/23;
199.6.12.0/24;
199.20.16.0/20;
199.27.8.0/21;
199.33.130.0/23;
199.33.132.0/23;
199.33.134.0/24;
199.44.67.0/24;
199.44.72.0/24;
199.47.32.0/22;
199.47.36.0/24;
199.58.28.0/22;
199.65.254.0/24;
199.77.128.0/17;
199.79.165.0/24;
199.79.166.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.88.94.0/24;
199.88.95.0/24;
199.88.96.0/23;
199.88.99.0/24;
199.88.100.0/22;
199.88.112.0/24;
199.88.119.0/24;
199.88.122.0/23;
199.88.124.0/23;
199.88.126.0/24;
199.88.192.0/24;
199.89.174.0/23;
199.90.0.0/16;
199.104.0.0/16;
199.104.18.0/24;
199.104.23.0/24;
199.104.32.0/19;
199.104.64.0/18;
199.105.0.0/18;
199.111.17.0/24;
199.111.18.0/23;
199.111.56.0/24;
199.111.160.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.120.0.0/21;
199.120.8.0/22;
199.120.153.0/24;
199.120.166.0/23;
199.164.64.0/18;
199.164.236.0/23;
199.164.236.0/24;
199.164.253.0/24;
199.165.16.0/20;
199.165.64.0/18;
199.181.88.0/22;
199.184.64.0/22;
199.184.68.0/24;
199.184.112.0/22;
199.184.116.0/23;
199.184.200.0/22;
199.184.205.0/24;
199.184.208.0/23;
199.190.128.0/23;
199.190.174.0/24;
199.190.249.0/24;
199.190.250.0/23;
199.190.252.0/24;
199.223.171.0/24;
199.230.32.0/20;
199.230.48.0/22;
199.233.108.0/24;
199.233.119.0/24;
199.233.182.0/24;
199.237.64.0/19;
199.237.160.0/19;
199.242.201.0/24;
199.242.231.0/24;
199.242.232.0/23;
199.245.112.0/23;
199.245.131.0/24;
199.245.155.0/24;
199.245.163.0/24;
199.245.164.0/23;
199.245.166.0/24;
199.245.187.0/24;
199.245.238.0/24;
199.245.246.0/24;
199.248.134.0/23;
199.248.159.0/24;
199.248.160.0/23;
199.248.162.0/24;
199.248.173.0/24;
199.248.174.0/23;
199.248.176.0/23;
199.248.178.0/24;
199.248.201.0/24;
199.250.32.0/20;
199.250.48.0/21;
199.250.56.0/22;
199.253.32.0/20;
199.253.48.0/21;
200.93.241.0/24;
202.0.67.0/24;
202.0.68.0/24;
202.0.98.0/24;
202.6.3.0/24;
202.6.4.0/24;
202.6.74.0/24;
202.6.77.0/24;
202.6.83.0/24;
202.6.91.0/24;
202.6.112.0/24;
202.6.115.0/24;
202.8.32.0/21;
202.9.0.0/20;
202.12.92.0/24;
202.12.120.0/23;
202.14.0.0/22;
202.14.66.0/24;
202.158.192.0/19;
203.0.1.0/24;
203.0.19.0/24;
203.0.40.0/24;
203.0.68.0/23;
203.0.88.0/23;
203.0.93.0/24;
203.0.95.0/24;
203.0.100.0/24;
203.0.141.0/24;
203.0.153.0/24;
203.1.29.0/24;
203.1.30.0/23;
203.1.32.0/19;
203.1.64.0/24;
203.1.110.0/23;
203.1.224.0/20;
203.2.32.0/19;
203.2.80.0/20;
203.2.136.0/22;
203.3.164.0/23;
203.4.144.0/22;
203.4.164.0/22;
203.4.189.0/24;
203.4.200.0/22;
203.5.12.0/24;
203.5.64.0/21;
203.5.75.0/24;
203.5.112.0/24;
203.5.122.0/24;
203.5.216.0/23;
203.5.220.0/22;
203.5.224.0/20;
203.5.240.0/22;
203.6.3.0/24;
203.6.4.0/24;
203.6.60.0/24;
203.6.64.0/24;
203.6.141.0/24;
203.6.144.0/24;
203.6.243.0/24;
203.6.255.0/24;
203.7.128.0/24;
203.7.140.0/22;
203.7.168.0/24;
203.7.170.0/24;
203.7.242.0/24;
203.8.0.0/24;
203.8.68.0/24;
203.9.128.0/21;
203.9.156.0/24;
203.10.33.0/24;
203.10.40.0/22;
203.10.44.0/24;
203.10.46.0/23;
203.10.48.0/22;
203.10.52.0/23;
203.10.54.0/24;
203.10.57.0/24;
203.10.90.0/23;
203.10.105.0/24;
203.10.217.0/24;
203.11.110.0/23;
203.11.221.0/24;
203.12.26.0/23;
203.12.122.0/23;
203.12.128.0/24;
203.13.192.0/23;
203.13.204.0/22;
203.13.230.0/24;
203.14.107.0/24;
203.15.65.0/24;
203.15.109.0/24;
203.15.122.0/23;
203.15.226.0/24;
203.16.40.0/21;
203.17.144.0/22;
203.17.179.0/24;
203.17.189.0/24;
203.18.60.0/23;
203.18.200.0/22;
203.18.205.0/24;
203.18.207.0/24;
203.18.230.0/23;
203.19.110.0/24;
203.19.150.0/24;
203.20.18.0/24;
203.20.160.0/19;
203.21.37.0/24;
203.21.121.0/24;
203.21.130.0/23;
203.22.64.0/24;
203.22.81.0/24;
203.22.86.0/24;
203.22.108.0/23;
203.22.212.0/24;
203.22.220.0/23;
203.22.236.0/22;
203.23.136.0/24;
203.23.178.0/24;
203.24.69.0/24;
203.24.97.0/24;
203.25.1.0/24;
203.25.92.0/22;
203.26.93.0/24;
203.26.118.0/24;
203.26.134.0/24;
203.27.11.0/24;
203.27.71.0/24;
203.27.81.0/24;
203.27.109.0/24;
203.27.220.0/23;
203.28.18.0/24;
203.28.79.0/24;
203.28.150.0/24;
203.28.206.0/24;
203.28.230.0/23;
203.28.240.0/20;
203.29.104.0/21;
203.29.220.0/24;
203.29.249.0/24;
203.30.193.0/24;
203.31.26.0/23;
203.31.247.0/24;
203.32.106.0/23;
203.34.41.0/24;
203.34.133.0/24;
203.34.148.0/24;
203.34.251.0/24;
203.55.2.0/23;
203.55.4.0/24;
203.55.54.0/23;
203.57.160.0/19;
203.62.0.0/17;
203.62.232.0/23;
203.100.0.0/19;
203.110.252.0/22;
203.143.160.0/20;
204.9.100.0/22;
204.9.144.0/21;
204.17.178.0/23;
204.17.189.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.29.164.0/24;
204.48.128.0/17;
204.52.128.0/22;
204.56.128.0/17;
204.57.0.0/21;
204.61.0.0/21;
204.61.8.0/22;
204.61.12.0/23;
204.62.16.0/21;
204.62.24.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.62.200.0/22;
204.62.204.0/23;
204.62.211.0/24;
204.62.251.0/24;
204.63.176.0/21;
204.63.216.0/24;
204.63.218.0/23;
204.63.220.0/22;
204.63.222.0/23;
204.63.224.0/21;
204.68.64.0/19;
204.69.0.0/21;
204.69.248.0/24;
204.74.68.0/23;
204.75.249.0/24;
204.75.250.0/23;
204.75.252.0/22;
204.80.191.0/24;
204.84.0.0/15;
204.87.64.0/18;
204.87.213.0/24;
204.87.241.0/24;
204.88.128.0/19;
204.88.192.0/19;
204.89.8.0/21;
204.90.32.0/20;
204.90.48.0/22;
204.96.142.0/23;
204.99.0.0/16;
204.99.128.0/18;
204.100.0.0/16;
204.102.0.0/16;
204.107.130.0/24;
204.107.152.0/24;
204.107.242.0/24;
204.108.64.0/18;
204.110.32.0/20;
204.110.48.0/22;
204.113.0.0/16;
204.115.168.0/21;
204.118.32.0/24;
204.122.128.0/17;
204.126.2.0/23;
204.126.138.0/23;
204.126.144.0/23;
204.126.162.0/23;
204.126.186.0/23;
204.126.188.0/22;
204.128.156.0/24;
204.128.243.0/24;
204.129.0.0/16;
204.130.214.0/24;
204.131.37.0/24;
204.131.38.0/23;
204.131.58.0/24;
204.131.62.0/24;
204.131.208.0/24;
204.131.232.0/24;
204.131.247.0/24;
204.132.224.0/20;
204.133.235.0/24;
204.134.149.0/24;
204.134.194.0/23;
204.134.217.0/24;
204.134.219.0/24;
204.134.251.0/24;
204.134.252.0/22;
204.140.128.0/17;
204.145.157.0/24;
204.145.182.0/24;
204.145.202.0/24;
204.147.16.0/20;
204.152.2.0/23;
204.152.60.0/23;
204.152.100.0/22;
204.154.112.0/21;
204.155.0.0/20;
204.158.0.0/16;
204.193.0.0/19;
204.194.28.0/22;
204.194.32.0/21;
204.196.106.0/24;
204.196.161.0/24;
204.196.162.0/23;
204.196.167.0/24;
204.200.84.0/24;
204.200.98.0/24;
204.201.0.0/20;
204.201.112.0/20;
204.211.0.0/16;
204.228.64.0/24;
204.228.67.0/24;
204.228.68.0/23;
204.228.68.0/24;
204.228.71.0/24;
204.228.78.0/23;
204.228.78.0/24;
204.228.80.0/24;
204.228.82.0/23;
204.228.186.0/24;
204.228.192.0/22;
204.228.201.0/24;
204.228.208.0/22;
204.228.208.0/23;
204.228.210.0/24;
204.228.212.0/24;
204.235.176.0/24;
204.238.30.0/24;
204.238.95.0/24;
204.238.101.0/24;
204.249.106.0/23;
204.250.96.0/20;
205.118.0.0/15;
205.120.0.0/13;
205.132.248.0/21;
205.137.32.0/20;
205.137.240.0/20;
205.141.128.0/18;
205.143.48.0/21;
205.143.49.0/24;
205.143.88.0/21;
205.143.136.0/21;
205.143.216.0/21;
205.147.0.0/18;
205.153.156.0/22;
205.153.220.0/22;
205.154.0.0/15;
205.159.27.0/24;
205.159.96.0/24;
205.159.237.0/24;
205.165.0.0/16;
205.166.67.0/24;
205.166.205.0/24;
205.166.221.0/24;
205.167.24.0/23;
205.167.46.0/23;
205.167.162.0/23;
205.168.225.0/24;
205.169.17.0/24;
205.169.112.0/24;
205.169.136.0/23;
205.169.160.0/24;
205.169.205.0/24;
205.169.206.0/24;
205.169.208.0/24;
205.170.168.0/21;
205.170.235.0/24;
205.173.40.0/21;
205.174.48.0/20;
205.174.208.0/20;
205.174.240.0/20;
205.175.96.0/19;
205.176.88.0/24;
205.186.32.0/19;
205.187.33.0/24;
205.199.200.0/23;
205.234.0.0/22;
205.235.80.0/20;
205.235.84.0/23;
205.235.88.0/23;
205.235.91.0/24;
205.241.232.0/21;
206.15.224.0/19;
206.17.20.0/22;
206.17.24.0/21;
206.17.32.0/22;
206.17.94.0/23;
206.40.176.0/20;
206.57.72.0/21;
206.61.156.0/24;
206.72.224.0/19;
206.76.0.0/15;
206.78.0.0/16;
206.81.164.0/22;
206.82.224.0/19;
206.110.0.0/16;
206.117.0.0/16;
206.124.224.0/19;
206.126.128.0/19;
206.176.160.0/19;
206.188.32.0/19;
206.193.0.0/18;
206.194.0.0/18;
206.194.128.0/18;
206.196.160.0/19;
206.197.121.0/24;
206.201.240.0/20;
206.202.192.0/18;
206.203.81.0/24;
206.204.40.0/24;
206.206.0.0/15;
206.206.18.0/24;
206.207.64.0/21;
206.207.72.0/23;
206.207.74.0/24;
206.207.96.0/24;
206.207.104.0/24;
206.207.113.0/24;
206.207.114.0/23;
206.207.118.0/24;
206.207.125.0/24;
206.208.64.0/21;
206.209.192.0/20;
206.210.224.0/19;
206.211.32.0/19;
206.211.128.0/19;
206.213.128.0/18;
206.219.96.0/19;
206.220.76.0/22;
206.220.144.0/22;
206.224.192.0/19;
206.224.224.0/19;
206.227.0.0/18;
206.240.192.0/19;
206.254.0.0/16;
207.4.0.0/16;
207.7.0.0/16;
207.31.0.0/18;
207.31.128.0/18;
207.62.0.0/16;
207.64.0.0/15;
207.70.27.0/24;
207.70.35.0/24;
207.70.40.0/24;
207.70.42.0/24;
207.70.44.0/23;
207.70.47.0/24;
207.70.53.0/24;
207.80.0.0/16;
207.99.128.0/17;
207.104.84.0/24;
207.136.128.0/19;
207.142.10.0/24;
207.151.0.0/16;
207.155.242.0/24;
207.156.0.0/17;
207.157.0.0/17;
207.157.128.0/17;
207.163.0.0/16;
207.166.0.0/18;
207.167.128.0/19;
207.180.96.0/19;
207.183.0.0/19;
207.191.176.0/20;
207.192.0.0/18;
207.196.128.0/17;
207.197.0.0/17;
207.207.96.0/19;
207.212.206.0/23;
207.233.0.0/17;
208.8.54.0/24;
208.40.174.0/24;
208.65.120.0/22;
208.69.128.0/22;
208.71.24.0/22;
208.72.72.0/22;
208.75.160.0/21;
208.83.176.0/21;
208.84.136.0/22;
208.87.72.0/22;
208.90.104.0/21;
208.90.172.0/22;
208.94.60.0/22;
208.100.64.0/18;
208.119.0.0/16;
208.182.0.0/15;
208.239.232.0/21;
209.19.140.0/24;
209.21.112.0/20;
209.55.64.0/18;
209.63.94.0/23;
209.63.96.0/22;
209.66.160.0/19;
209.66.192.0/19;
209.68.128.0/19;
209.73.64.0/18;
209.74.192.0/19;
209.79.64.0/19;
209.79.154.0/23;
209.79.156.0/23;
209.95.64.0/19;
209.124.176.0/20;
209.129.0.0/16;
209.131.80.0/20;
209.132.128.0/19;
209.147.0.0/18;
209.149.56.0/22;
209.162.207.0/24;
209.188.128.0/17;
209.208.43.0/24;
209.210.40.0/23;
209.210.42.0/24;
209.232.36.0/22;
209.232.116.0/24;
209.232.144.0/20;
209.232.168.0/24;
209.241.222.0/23;
209.243.32.0/20;
210.5.32.0/21;
210.8.192.0/22;
216.7.224.0/19;
216.24.182.0/23;
216.24.192.0/20;
216.38.84.0/22;
216.64.224.0/20;
216.96.128.0/17;
216.100.88.0/21;
216.102.12.0/22;
216.102.72.0/21;
216.102.80.0/22;
216.109.0.0/18;
216.114.80.0/20;
216.152.144.0/20;
216.153.0.0/17;
216.186.0.0/17;
216.190.20.0/23;
216.210.0.0/18;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/23;
216.228.240.0/20;
216.230.176.0/20;
}
prefix-list RNP-INTERNATIONAL6 {
2001:12d8::/32;
2001:12F0::/32;
2001:12f0:300::/48;
2804::/32;
}
policy-statement CLARA-TO-NREN {
term FROM-CLARA {
from as-path CLARA;
then accept;
}
}
/* generic import policy for all connectors */
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
prefix-list-filter PSC-SEGP orlonger;
prefix-list-filter PSC-SPONSORED orlonger;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
prefix-list-filter CPS-3ROX-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS11164-OUT {
term reject {
from community CPS-BLOCK-AS11164-OUT;
then reject;
}
term prepend {
from community CPS-AS11164-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1273-OUT {
term reject {
from community CPS-BLOCK-AS1273-OUT;
then reject;
}
term prepend {
from community CPS-AS1273-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS12989-OUT {
term reject {
from community CPS-BLOCK-AS12989-OUT;
then reject;
}
term prepend {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term reject {
from community CPS-BLOCK-AS13768-OUT;
then reject;
}
term prepend {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS14361-OUT {
term reject {
from community CPS-BLOCK-AS14361-OUT;
then reject;
}
term prepend {
from community CPS-AS14361-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15133-OUT {
term reject {
from community CPS-BLOCK-AS15133-OUT;
then reject;
}
term prepend {
from community CPS-AS15133-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term reject {
from community CPS-BLOCK-AS15169-OUT;
then reject;
}
term prepend {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS16509-OUT {
term reject {
from community CPS-BLOCK-AS16509-OUT;
then reject;
}
term prepend {
from community CPS-AS16509-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19080-OUT {
term reject {
from community CPS-BLOCK-AS19080-OUT;
then reject;
}
term prepend {
from community CPS-AS19080-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term reject {
from community CPS-BLOCK-AS19151-OUT;
then reject;
}
term prepend {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term reject {
from community CPS-BLOCK-AS20940-OUT;
then reject;
}
term prepend {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term reject {
from community CPS-BLOCK-AS22212-OUT;
then reject;
}
term prepend {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term reject {
from community CPS-BLOCK-AS22822-OUT;
}
term prepend {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27524-OUT {
term reject {
from community CPS-BLOCK-AS27524-OUT;
then reject;
}
term prepend {
from community CPS-AS27524-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS29748-OUT {
term reject {
from community CPS-BLOCK-AS29748-OUT;
then reject;
}
term prepend {
from community CPS-AS29748-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term reject {
from community CPS-BLOCK-AS32934-OUT;
then reject;
}
term prepend {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3303-OUT {
term reject {
from community CPS-BLOCK-AS3303-OUT;
then reject;
}
term prepend {
from community CPS-AS3303-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS33739-OUT {
term reject {
from community CPS-BLOCK-AS33739-OUT;
then reject;
}
term prepend {
from community CPS-AS33739-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36248-OUT {
term reject {
from community CPS-BLOCK-AS36248-OUT;
then reject;
}
term prepend {
from community CPS-AS36248-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36408-OUT {
term reject {
from community CPS-BLOCK-AS36408-OUT;
then reject;
}
term prepend {
from community CPS-AS36408-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS40009-OUT {
term reject {
from community CPS-BLOCK-AS40009-OUT;
then reject;
}
term prepend {
from community CPS-AS40009-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term reject {
from community CPS-BLOCK-AS4436-OUT;
then reject;
}
term prepend {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS46786-OUT {
term reject {
from community CPS-BLOCK-AS46786-OUT;
then reject;
}
term prepend {
from community CPS-AS46786-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term reject {
from community CPS-BLOCK-AS6079-OUT;
then reject;
}
term prepend {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term reject {
from community CPS-BLOCK-AS6939-OUT;
then reject;
}
term prepend {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term reject {
from community CPS-BLOCK-AS8075-OUT;
then reject;
}
term prepend {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8218-OUT {
term reject {
from community CPS-BLOCK-AS8218-OUT;
then reject;
}
term prepend {
from community CPS-AS8218-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9002-OUT {
term reject {
from community CPS-BLOCK-AS9002-OUT;
then reject;
}
term prepend {
from community CPS-AS9002-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-MERIT orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MERIT-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-OARNET-IN {
term accept {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
prefix-list-filter OARNET-SPONSORED orlonger;
prefix-list-filter OARNET-SEGP orlonger;
prefix-list-filter OARNET-CPSONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-OSCNET-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Block Transitrail Connector routes */
term block-tr {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then accept;
}
term leak-specifics {
from {
protocol bgp;
route-filter 2001:468:c00::/40 exact;
}
then accept;
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term block-tr {
from {
protocol bgp;
community CPS-TR-CONNECTOR;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-TR-CONNECTOR-IN {
term discard {
from {
community DISCARD;
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
community add NO-EXPORT;
next-hop discard;
accept;
}
}
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-TR-CONNECTOR-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-f