pst0���1234����� �����
version 8.5R4.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
<ge-*> {
mtu 9192;
unit 0 {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
<xe-*> {
mtu 9192;
unit 0 {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
re0 {
system {
host-name SALT-re0;
}
}
re1 {
system {
host-name SALT-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
encapsulation atm-snap;
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name abilene.ucaid.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.44.69 {
timeout 5;
source-address 64.57.28.246;
}
140.182.45.56 {
timeout 5;
source-address 64.57.28.246;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive {
files 100;
}
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
host 140.182.44.73 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive {
size 1m;
files 100;
}
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route; ## Warning: 'source-route' is deprecated
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: KANS-SALT OC-192 | I2-KANS-SALT-O192-03920";
family inet {
address 64.57.28.24/31;
}
family inet6 {
address 2001:468:ff:0407::2/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description mss.salt.net.internet2.edu:1-A-6-1-1;
vlan-tagging;
mtu 9192;
unit 81 {
description "NGIX IPv6 R&E 9KB [I2-SALT-SUNN-VLAN-04535]";
vlan-id 81;
family inet6 {
mtu 9000;
address 2001:478:6663:100::205/64;
}
}
unit 82 {
description "NGIX IPv6 R&E 1500B [I2-SALT-SUNN-VLAN-04536]";
vlan-id 82;
family inet6 {
mtu 1500;
/* temp addr from i2 space before ngix had numbers */
address 2001:468:ff:17c4::1/64;
/* from ngix address space--this is the addr that should be used here */
address 2001:478:6663:200::205/64;
}
}
unit 153 {
description "NGIX IPv4 R&E 1500B [I2-SALT-SUNN-VLAN-04540]";
vlan-id 153;
family inet {
mtu 9000;
filter {
output interface-out;
}
address 198.32.153.205/24;
}
family inet6 {
mtu 9000;
address 2001:468:FF:17C1::1/64;
}
}
unit 166 {
description "NREN R&E [I2-SALT-SUNN-VLAN-04537]";
vlan-id 166;
family inet {
mtu 9000;
address 198.32.11.80/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:17c6::1/64;
}
}
unit 201 {
description "MIX Multicast Exchange IPv4 R&E 1500B [I2-SALT-SUNN-VLAN-04538]";
vlan-id 201;
family inet {
mtu 1500;
address 198.9.201.205/24;
}
}
unit 202 {
description "MIX Multicast Exchange IPv4 R&E 9KB [I2-SALT-SUNN-VLAN-04539]";
vlan-id 202;
family inet {
mtu 9174;
address 198.9.202.205/24;
}
}
unit 505 {
description "University of New Mexico R&E [I2-ALBU-SALT-VLAN-04527]";
vlan-id 505;
family inet {
mtu 9000;
address 208.77.76.130/30;
}
}
unit 506 {
description "[CPS] University of New Mexico [I2-ALBU-SALT-VLAN-04530]";
vlan-id 506;
family inet {
mtu 9000;
address 208.77.76.138/30;
}
}
unit 603 {
description "Temporary LONI R&E [NO-MONITOR]";
vlan-id 603;
family inet {
mtu 9000;
address 208.100.127.90/30 {
arp 208.100.127.89 mac 00:14:f1:5b:b4:00;
}
}
}
unit 612 {
description "[CPS] Temporary LONI CPS [NO-MONITOR]";
vlan-id 612;
family inet {
mtu 9000;
address 208.100.127.94/30 {
arp 208.100.127.93 mac 00:14:f1:5b:b4:00;
}
}
}
}
ge-0/2/0 {
description "HP5406 10GE";
vlan-tagging;
mtu 9180;
unit 11 {
description "SALT Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.193/28;
}
family inet6 {
mtu 9000;
address 2001:468:7:11::1/64;
address 2001:468:7:11::17:193/64;
}
}
unit 20 {
description "SALT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.233/29;
}
}
unit 21 {
description "SALT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.97/28;
}
}
unit 30 {
description "SALT SPP Port 8";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.209/30 {
arp 64.57.23.210 mac 00:00:5e:02:aa:08;
}
}
}
unit 31 {
description "SALT SPP Port 9";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.213/30 {
arp 64.57.23.214 mac 00:00:5e:02:aa:09;
}
}
}
unit 32 {
description "SALT SPP Port 10";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.217/30 {
arp 64.57.23.218 mac 00:00:5e:02:aa:0a;
}
}
}
unit 33 {
description "SALT GENI Mgmt network";
vlan-id 33;
family inet {
mtu 9000;
address 64.57.23.145/28;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.53/30;
}
family inet6 {
mtu 9000;
address 2001:468:07:60::29:53/64;
address 2001:468:07:60::1/64;
}
}
}
so-1/0/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-1/1/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-1/2/0 {
description "Unused OC48 [NO-MONITOR]";
}
ge-2/2/0 {
description lan.salt.net.internet2.edu:A23;
vlan-tagging;
mtu 9180;
unit 10 {
description "Racklan #4 Default Gateway";
vlan-id 10;
family inet {
filter {
output racklan-access;
}
address 64.57.27.20/24 {
vrrp-group 50 {
virtual-address 64.57.27.254;
}
}
}
}
unit 12 {
description "SALT Obs 1Gig";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.225/28;
}
family inet6 {
mtu 9000;
address 2001:468:7:12::1/64;
address 2001:468:7:12::17:225/64;
}
}
}
ge-2/2/1 {
mtu 9180;
unit 0 {
description "nms-rthr1.salt p2p connection";
family inet {
mtu 9000;
address 64.57.17.209/30;
}
family inet6 {
mtu 9000;
address 2001:468:7:101::1/64;
address 2001:468:7:101::17:209/64;
}
}
}
ge-2/2/2 {
mtu 9180;
unit 0 {
description "nms-rthr2.salt p2p connection";
family inet {
mtu 9000;
address 64.57.17.213/30;
}
family inet6 {
mtu 9000;
address 2001:468:7:100::1/64;
address 2001:468:7:100::17:213/64;
}
}
}
so-3/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: SALT-SEAT OC-192 | I2-SALT-SEAT-O192-03926";
family inet {
address 64.57.28.27/31;
}
family inet6 {
address 2001:468:ff:716::2/64;
}
family mpls {
mtu 9180;
}
}
}
so-3/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SALT OC-192 | I2-LOSA-SALT-O192-03925";
family inet {
address 64.57.28.47/31;
}
family inet6 {
address 2001:468:ff:0507::2/64;
}
family mpls {
mtu 9180;
}
}
}
xe-3/2/0 {
description "UEN/FRGP via NLR";
vlan-tagging;
mtu 9180;
unit 845 {
description "[CPS] Utah Education Network (UEN)";
vlan-id 845;
family inet {
mtu 9000;
address 64.57.29.65/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:748::1/64;
}
}
unit 851 {
description "Front Range Gigpop (FRGP) IPv4 Multicast & IPv6 Unicast";
vlan-id 851;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.20/31;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:745::1/64;
}
}
unit 855 {
description "Utah Education Network (UEN)";
vlan-id 855;
family inet {
mtu 9000;
address 64.57.28.29/30 {
preferred;
}
}
family iso;
family inet6 {
mtu 9000;
address 2001:468:ff:748::1/64;
}
}
unit 860 {
description "Front Range Gigapop (FRGP)";
vlan-id 860;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.33/30;
}
family iso;
}
unit 871 {
description "[CPS] Customer Front Range Gigapop (FRGP)";
vlan-id 871;
family inet {
mtu 9000;
address 64.57.28.77/31;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:745::1/64;
}
}
}
xe-3/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: KANS-SALT 10GE | I2-KANS-SALT-10GE-05138";
family inet {
address 64.57.28.9/31;
}
family inet6 {
address 2001:468:ff:0704::2/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.246/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0014.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:7::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.246/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff07::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.194 {
port 4203;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:e00::/56;
route 2001:468:000e::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 4.68.0.251/32 next-hop 198.9.201.24;
route 129.250.0.242/32 next-hop 198.9.201.89;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.246;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
inactive: traceoptions {
file jd-igmp-packet;
flag packets;
}
interface all {
version 2;
}
interface ge-2/2/0.12 {
version 2;
static {
group 233.4.200.18;
}
}
}
mld {
interface all;
}
router-advertisement {
interface ge-2/2/0.11 {
no-other-stateful-configuration;
prefix 2001:468:e:1::1/64;
}
interface ge-2/2/0.12 {
no-other-stateful-configuration;
prefix 2001:468:e:2::1/64;
}
interface ge-2/2/0.13 {
no-other-stateful-configuration;
prefix 2001:468:e:3::1/64;
}
interface ge-2/2/1.0 {
no-other-stateful-configuration;
prefix 2001:468:e:4::1/64;
}
interface ge-2/2/0.15 {
no-other-stateful-configuration;
prefix 2001:468:e:5::1/64;
}
interface ge-2/2/3.0 {
no-other-stateful-configuration;
prefix 2001:468:e:7::1/64;
}
interface ge-2/2/0.16 {
no-other-stateful-configuration;
prefix 2001:468:e:8::1/64;
}
}
rsvp {
/* BACKBONE to KANS */
interface xe-3/3/0.0;
/* OC192 to STTLng */
interface so-3/0/0.0;
/* BACKBONE to LOSA */
interface so-3/1/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
inactive: label-switched-path SALT->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path SALT->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path SALT->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path SALT->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path SALT->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path SALT->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path SALT->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path SALT->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path SALT->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE to KANS */
interface xe-3/3/0.0;
/* OC192 to STTLng */
interface so-3/0/0.0;
/* BACKBONE to LOSA */
interface so-3/1/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.246;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
inactive: neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:7::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
inactive: neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.246;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.246;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6 [NO-MONITOR]";
multihop {
ttl 10;
}
local-address 2001:468:e::1;
family inet6 {
unicast;
}
}
neighbor 64.57.17.194 {
description "nms-rpsv.salt zebra bgpd [NO-MONITOR]";
local-address 64.57.17.193;
family inet {
unicast;
multicast;
}
cluster 64.57.17.193;
}
neighbor 2001:468:7:11::17:194 {
description "nms-rpsv.salt zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 208.77.76.129 {
description "University of New Mexico";
import [ SANITY-IN SET-PREF UNM-IN CONNECTOR-IN ];
peer-as 40498;
}
neighbor 64.57.28.30 {
description "Utah Education Network";
import [ SANITY-IN SET-PREF UEN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 210;
}
neighbor 64.57.28.34 {
description "Front Range Gigapop (FRGP - Treat as Participant)";
import [ SANITY-IN SET-PREF FRGP-IN4 CONNECTOR-IN ];
Authentication Data Removed
peer-as 14041;
}
neighbor 64.57.28.21 {
description "Front Range Gigapop Multicast (FRGP - Treat as Participant)";
import [ SANITY-IN SET-PREF FRGP-IN4 CONNECTOR-IN ];
Authentication Data Removed
peer-as 14041;
}
inactive: neighbor 208.100.127.89 {
description "Temporary LONI R&E";
import [ SANITY-IN SET-PREF LONI-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 32440;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:ff:748::2 {
description "UEN/Intermountain Gigapop";
import [ SANITY6 SET-PREF UEN-IN6 ];
Authentication Data Removed
peer-as 210;
}
neighbor 2001:468:ff:745::2 {
description "Front Range Gigapop IPv6 (FRGP - Treat as Participant)";
import [ SANITY6 SET-PREF FRGP-IN6 ];
Authentication Data Removed
peer-as 14041;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.32.153.3 {
description "NISN via NGIX";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FROM-CUDI FEDNET-OUT ];
peer-as 297;
}
neighbor 198.32.153.121 {
description "USGS via NGIX";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 REDCLARA-TO-USGS FEDNET-OUT ];
peer-as 22284;
}
neighbor 198.32.153.25 {
description "DREN via NGIX";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.81 {
description "NREN via NGIX vlan 166";
hold-time 30;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:FF:17c1::2 {
description DREN/NGIX;
family inet6 {
unicast;
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:17c6::2 {
description "NREN/NGIX 166";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 24;
}
}
group ISP-MCAST {
type external;
description "Commercial FIX/MBONE via MIX (Multicast Only)";
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 198.9.201.11 {
description "Commercial Sprint via MIX (Multicast Only)";
peer-as 1239;
}
neighbor 198.9.201.89 {
description "Commercial NTT via MIX (Multicast Only)";
Authentication Data Removed
peer-as 2914;
}
neighbor 198.9.201.254 {
description "Commercial FIX/MBONE via MIX (Multicast Only)";
peer-as 10888;
}
neighbor 198.9.202.89 {
description "Commercial NTT via MIX (Multicast Only)";
Authentication Data Removed
peer-as 2914;
}
neighbor 198.9.202.24 {
description "Commercial Level(3) via MIX/AIX-NG (Multicast Only)";
peer-as 3356;
}
/* . */
neighbor 198.9.201.181 {
description "Commercial ISC (Multicast Only) - Contact Greg Shepherd";
family inet {
multicast {
prefix-limit {
maximum 13000;
teardown 90;
}
}
}
peer-as 1280;
}
}
inactive: group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:478:6663:100::89 {
description NTT-jumbo;
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 2914;
}
neighbor 2001:478:6663:200::89 {
description "NTT via ames v6 lan";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 2914;
}
neighbor 2001:478:6663:200::11 {
description "Sprint via MIX v6";
family inet6 {
unicast;
}
peer-as 1239;
}
}
inactive: group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
remove-private;
}
inactive: group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
}
}
isis {
export V6-IGP-AGG;
spf-delay 200; ## Warning: 'spf-delay' is deprecated
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* OC192 to KANS */
interface so-0/0/0.0 {
level 2 metric 1330;
level 1 disable;
}
interface ge-0/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* OC192 to STTLng */
interface so-3/0/0.0 {
level 1 disable;
level 2 metric 913;
}
/* BACKBONE to LOSA */
interface so-3/1/0.0 {
level 1 disable;
level 2 metric 1303;
}
/* 10GE Circuit to KANS: CPS Primary and R&E Failover */
interface xe-3/3/0.0 {
level 1 disable;
level 2 metric 1331;
}
/* Run IS-IS Passively on All Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.246;
/* HSTNng */
peer 198.32.8.195;
/* KSCYng */
peer 198.32.8.197;
/* LOSAng */
peer 198.32.8.198;
/* STTLng */
inactive: peer 198.32.8.200;
/* SNVAng */
peer 198.32.8.201;
/* ATLA-M5 */
peer 198.32.8.203;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* University of New Mexico */
peer 208.77.76.129 {
local-address 208.77.76.130;
}
/* UEN/Intermountain GP */
peer 64.57.28.30 {
local-address 64.57.28.29;
}
/* Front Range Gigapop */
peer 64.57.28.34 {
local-address 64.57.28.33;
}
/* Front Range Gigapop - Multicast (vlan 851) */
peer 64.57.28.21 {
local-address 64.57.28.20;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN via NGIX */
peer 198.32.153.3 {
local-address 198.32.153.205;
}
/* NREN 166 */
peer 198.32.11.81 {
local-address 198.32.11.80;
}
/* DREN */
peer 138.18.12.253 {
local-address 64.57.28.246;
}
}
inactive: group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
inactive: group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
group MIX {
export MSDP-FILTER;
import MSDP-FILTER;
/* NREN at MIX */
peer 198.9.201.2 {
local-address 198.9.201.205;
}
/* Sprint at MIX */
peer 198.9.201.11 {
local-address 198.9.201.205;
}
/* FIX-W/mbone at MIX */
peer 198.9.201.254 {
local-address 198.9.201.205;
}
/* New Level3 at MIX - static route to reach this RP */
peer 4.68.0.251 {
local-address 198.9.202.205;
}
/* FIX-W/mbone at MIX-ng */
peer 198.9.202.253 {
local-address 198.9.202.205;
}
/* Verio at MIX--static route to reach this RP */
peer 129.250.0.242 {
local-address 64.57.28.246;
}
/* shepfarm via MIX */
peer 198.9.201.181 {
local-address 198.9.201.205;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list UNM-PARTICIPANT {
64.106.0.0/17;
64.234.170.0/23;
74.112.228.0/22;
128.123.0.0/16;
128.165.0.0/16;
129.24.0.0/16;
129.138.0.0/16;
146.88.0.0/16;
192.41.211.0/24;
192.65.77.0/24;
192.65.95.0/24;
192.67.132.0/24;
192.88.137.0/24;
192.88.138.0/24;
192.88.139.0/24;
192.88.140.0/24;
198.59.97.0/24;
198.59.130.0/24;
198.59.131.0/24;
198.59.132.0/24;
198.59.133.0/24;
198.59.134.0/24;
198.59.145.0/24;
198.59.152.0/24;
198.59.154.0/24;
198.59.155.0/24;
198.59.169.0/24;
198.59.186.0/24;
198.168.1.0/24;
198.168.2.0/24;
198.168.3.0/24;
198.168.4.0/24;
198.168.5.0/24;
198.168.6.0/24;
198.252.187.0/24;
204.69.153.0/24;
204.121.0.0/16;
206.206.150.0/24;
206.206.151.0/24;
206.206.152.0/21;
208.77.76.0/22;
}
prefix-list UNM-SPONSORED {
216.161.32.0/23;
}
prefix-list UNM-SEGP {
63.225.1.0/24;
64.234.128.0/18;
192.56.77.0/24;
192.65.78.0/24;
192.94.216.0/24;
192.132.89.0/24;
192.136.110.0/24;
192.207.226.0/24;
198.59.106.0/23;
198.59.108.0/24;
198.59.153.0/24;
198.59.187.0/24;
198.59.188.0/23;
198.59.190.0/24;
198.176.219.0/24;
198.187.251.0/24;
204.134.48.0/23;
204.134.50.0/24;
204.134.54.0/23;
204.134.56.0/23;
204.134.66.0/24;
204.134.67.0/24;
204.134.68.0/24;
204.134.85.0/24;
204.134.102.0/24;
204.134.103.0/24;
205.167.120.0/23;
206.192.128.0/18;
206.206.136.0/21;
206.206.144.0/20;
}
prefix-list UNM-EXCEPTION-SPONSORED {
169.203.194.240/29;
}
prefix-list UNM-FEDNET {
128.165.0.0/16;
192.65.95.0/24;
204.121.0.0/16;
}
prefix-list UEN-PARTICIPANT {
128.110.0.0/16;
128.116.0.0/16;
128.117.0.0/16;
128.138.0.0/16;
128.187.0.0/16;
128.198.0.0/16;
129.19.0.0/16;
129.19.0.0/18;
129.19.6.0/24;
129.72.0.0/16;
129.82.0.0/16;
129.123.0.0/16;
130.253.0.0/16;
132.163.0.0/16;
132.194.0.0/16;
134.20.0.0/16;
134.50.0.0/16;
137.75.0.0/16;
138.67.0.0/16;
140.172.0.0/16;
140.226.0.0/16;
155.97.0.0/16;
155.98.0.0/16;
155.99.0.0/16;
155.100.0.0/15;
157.132.0.0/16;
168.179.0.0/16;
192.12.240.0/24;
192.26.83.0/24;
192.43.217.0/24;
192.43.244.0/24;
192.52.106.0/24;
192.77.14.0/24;
192.149.148.0/24;
192.150.224.0/24;
192.207.159.0/24;
192.207.160.0/24;
198.11.16.0/20;
198.59.7.0/24;
198.59.55.0/24;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/24;
198.59.83.0/24;
198.60.217.0/24;
198.60.218.0/23;
198.60.220.0/22;
198.60.224.0/22;
198.60.226.0/24;
198.60.238.0/24;
198.118.206.0/24;
199.4.250.0/23;
199.104.18.0/24;
199.104.23.0/24;
199.104.32.0/24;
199.104.93.0/24;
204.89.132.0/23;
204.99.159.0/24;
204.99.160.0/20;
204.99.176.0/23;
204.134.131.0/24;
204.134.132.0/24;
204.134.133.0/24;
204.134.134.0/24;
204.134.135.0/24;
204.134.136.0/24;
204.134.137.0/24;
204.134.138.0/24;
204.134.144.0/24;
204.134.150.0/24;
204.134.194.0/23;
204.134.217.0/24;
204.134.219.0/24;
204.134.220.0/24;
204.134.251.0/24;
204.134.252.0/22;
204.228.64.0/24;
204.228.67.0/24;
204.228.68.0/24;
204.228.78.0/24;
204.228.80.0/24;
204.228.186.0/24;
204.228.192.0/24;
204.228.201.0/24;
204.228.208.0/23;
204.228.211.0/24;
205.124.252.0/24;
205.170.168.0/21;
206.206.18.0/24;
206.207.64.0/20;
206.207.72.0/23;
206.207.74.0/24;
206.207.96.0/24;
206.207.104.0/24;
206.207.113.0/24;
206.207.114.0/23;
206.207.118.0/24;
206.207.125.0/24;
207.70.27.0/24;
207.70.35.0/24;
207.70.40.0/24;
207.70.42.0/24;
207.70.44.0/23;
207.70.47.0/24;
207.70.53.0/24;
207.252.94.0/23;
207.252.204.0/23;
209.19.140.0/24;
209.186.50.0/23;
209.186.50.0/24;
209.186.51.0/24;
209.223.6.0/24;
209.223.250.0/23;
}
prefix-list UEN-SPONSORED {
138.67.0.0/16;
138.86.0.0/16;
192.26.83.0/24;
}
prefix-list UEN-SEGP {
134.250.0.0/16;
137.190.0.0/16;
144.17.0.0/16;
144.35.0.0/16;
144.38.0.0/16;
144.39.0.0/16;
146.86.0.0/16;
158.91.0.0/16;
160.7.0.0/16;
161.28.0.0/16;
161.119.0.0/16;
163.6.0.0/16;
163.248.0.0/16;
165.239.0.0/16;
168.177.0.0/16;
168.178.0.0/15;
168.180.0.0/16;
192.41.70.0/24;
192.41.96.0/22;
192.84.171.0/24;
192.120.193.0/24;
198.60.0.0/23;
198.60.1.0/24;
198.60.2.0/24;
198.60.4.0/23;
198.60.8.0/21;
198.60.16.0/24;
198.60.64.0/19;
199.104.0.0/18;
199.104.69.0/24;
199.104.76.0/23;
199.104.76.0/24;
199.104.87.0/24;
199.104.88.0/23;
204.99.128.0/18;
204.99.153.0/24;
204.99.154.0/23;
204.113.0.0/16;
204.228.210.0/23;
205.118.0.0/15;
205.120.0.0/13;
}
prefix-list UEN6-PARTICIPANT {
2001:468:0800::/40;
2001:1948::/32;
}
prefix-list FRGP-PARTICIPANT {
128.116.0.0/16;
128.117.0.0/16;
128.138.0.0/16;
129.19.0.0/16;
129.19.0.0/18;
129.19.6.0/24;
129.72.0.0/16;
129.82.0.0/16;
132.163.0.0/16;
132.194.0.0/16;
137.75.0.0/16;
138.67.0.0/16;
140.172.0.0/16;
140.226.0.0/16;
157.132.0.0/16;
192.12.240.0/24;
192.26.83.0/24;
192.43.217.0/24;
192.43.244.0/24;
192.52.106.0/24;
192.149.148.0/24;
192.150.224.0/24;
198.11.16.0/20;
198.59.7.0/24;
198.59.54.0/24;
198.59.55.0/24;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/24;
198.59.83.0/24;
198.118.206.0/24;
199.4.250.0/23;
204.89.132.0/23;
204.131.58.0/24;
204.131.62.0/24;
204.131.208.0/24;
204.131.247.0/24;
204.132.224.0/20;
204.228.67.0/24;
204.228.68.0/24;
204.228.69.0/24;
204.228.78.0/24;
204.228.80.0/24;
}
prefix-list FRGP-PARTICIPANT-EXCEPTION {
192.43.217.165/32;
}
prefix-list FRGP-SPONSORED {
69.44.86.0/24;
69.44.87.0/24;
138.67.0.0/16;
138.86.0.0/16;
140.226.0.0/16;
192.26.83.0/24;
204.228.64.0/24;
}
prefix-list FRGP-PARTICIPANT6 {
2001:468:500::/40;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Server */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* DNS Resolver */
134.68.1.9/32;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
134.68.220.127/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hosts */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
140.182.45.56/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
149.165.134.64/32;
149.165.253.0/28;
/* VPN Groups */
156.56.175.0/27;
/* l2tpvpn-iub */
156.56.245.1/32;
156.56.247.193/32;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list LONI-PARTICIPANT4 {
76.165.24.0/22;
76.165.28.0/22;
76.165.240.0/20;
129.81.0.0/16;
130.18.0.0/16;
130.39.0.0/16;
130.74.0.0/16;
131.95.0.0/16;
143.132.0.0/16;
155.58.0.0/16;
192.195.100.0/24;
192.203.199.0/24;
192.203.200.0/24;
192.208.128.0/20;
192.208.139.0/24;
192.208.144.0/21;
192.208.152.0/22;
192.208.156.0/23;
198.49.215.0/24;
198.62.89.0/24;
198.182.205.0/24;
199.190.249.0/24;
199.190.250.0/24;
199.190.251.0/24;
199.190.252.0/24;
199.233.131.0/24;
204.90.32.0/20;
204.90.48.0/22;
204.196.106.0/23;
204.196.160.0/21;
205.166.221.0/24;
206.176.160.0/19;
208.100.64.0/18;
}
prefix-list LONI-SPONSORED {
138.47.0.0/16;
208.69.128.0/22;
}
prefix-list LONI-SEGP {
130.70.0.0/16;
137.30.0.0/16;
147.174.0.0/16;
162.75.0.0/24;
192.102.223.0/24;
192.135.131.0/24;
192.207.173.0/24;
192.251.100.0/24;
192.251.101.0/24;
192.251.102.0/24;
192.251.103.0/24;
198.62.88.0/24;
198.99.190.0/24;
198.135.204.0/24;
198.176.252.192/26;
198.202.242.0/24;
198.232.231.0/24;
199.181.176.0/24;
199.184.64.0/22;
199.184.68.0/24;
199.184.208.0/23;
199.190.250.0/23;
204.130.214.0/24;
204.196.60.0/24;
204.196.69.0/24;
204.196.81.0/24;
204.196.86.0/23;
204.196.180.0/22;
204.196.184.0/22;
204.196.204.0/22;
204.196.208.0/23;
204.196.252.0/27;
208.100.64.0/22;
208.100.68.0/22;
208.100.72.0/22;
208.100.76.0/22;
208.100.80.0/22;
208.100.84.0/22;
}
prefix-list LONI-PARTICIPANT4-EXCEPTION {
162.75.0.4/30;
}
prefix-list CPS-LONI-CPS-ONLY {
192.251.100.0/24;
192.251.101.0/24;
192.251.102.0/24;
192.251.103.0/24;
198.62.88.0/24;
198.136.130.0/24;
}
prefix-list FRGP-SEGP {
72.166.150.0/24;
/* CO Ed Inst */
128.198.0.0/16;
129.19.0.0/19;
129.19.6.0/24;
/* CO Ed Inst */
129.19.32.0/19;
129.19.92.0/23;
129.19.104.0/22;
129.19.108.0/22;
129.19.128.0/20;
129.19.150.0/24;
129.19.151.0/24;
129.19.152.0/24;
129.19.153.0/24;
129.19.154.0/24;
129.19.155.0/24;
129.19.176.0/20;
/* CO Ed Inst */
129.82.177.0/24;
/* CO Ed Inst */
130.253.0.0/16;
147.153.0.0/16;
/* CO Ed Inst */
156.108.0.0/16;
/* CO Ed Inst */
158.142.0.0/16;
161.97.0.0/16;
161.98.0.0/16;
164.104.0.0/16;
/* CO Ed Inst */
165.127.0.0/16;
/* CO Ed Inst */
192.55.229.0/24;
/* CO Ed Inst */
192.70.175.0/24;
192.111.53.0/24;
/* CO Ed Inst */
192.136.70.0/24;
192.188.155.0/24;
198.49.6.0/24;
198.59.2.0/24;
198.59.46.0/24;
198.59.47.0/24;
198.59.48.0/24;
198.59.49.0/24;
204.228.78.0/24;
}
policy-statement CLARA-TO-NREN {
/* CLARA<->NREN transit (ucaid approved) */
term FROM {
from as-path CLARA;
then accept;
}
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS1239-OUT {
term match {
from community CPS-AS1239-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS2914-OUT {
term match {
from community CPS-AS2914-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-FRGP-IN4 {
term participant {
from {
prefix-list-filter FRGP-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter FRGP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term SEGP {
from {
protocol bgp;
prefix-list-filter FRGP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant_exception {
from {
prefix-list-filter FRGP-PARTICIPANT-EXCEPTION exact;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement CPS-FRGP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter FRGP-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-LONI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter LONI-PARTICIPANT4 orlonger;
prefix-list-filter LONI-SPONSORED orlonger;
prefix-list-filter LONI-SEGP orlonger;
prefix-list-filter CPS-LONI-CPS-ONLY exact;
prefix-list-filter LONI-PARTICIPANT4-EXCEPTION exact;
}
then next policy;
}
then reject;
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-UEN-IN {
term accept {
from {
protocol bgp;
prefix-list-filter UEN-PARTICIPANT orlonger;
prefix-list-filter UEN-SPONSORED orlonger;
prefix-list-filter UEN-SEGP orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-UEN-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter UEN6-PARTICIPANT orlonger;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-UNM-IN {
term accept {
from {
protocol bgp;
prefix-list-filter UNM-PARTICIPANT orlonger;
prefix-list-filter UNM-SPONSORED orlonger;
prefix-list-filter UNM-SEGP orlonger;
prefix-list-filter UNM-FEDNET orlonger;
prefix-list-filter UNM-EXCEPTION-SPONSORED exact;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FRGP-IN4 {
term participant {
from {
prefix-list-filter FRGP-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter FRGP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term SEGP {
from {
protocol bgp;
prefix-list-filter FRGP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant_exception {
from {
prefix-list-filter FRGP-PARTICIPANT-EXCEPTION exact;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement FRGP-IN6 {
term accept {
from {
family inet6;
prefix-list-filter FRGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement FROM-CUDI {
term FROM {
/* allow NISN-CUDI transit via I2, ticket#11664 */
from as-path CUDI;
then accept;
}
}
policy-statement GEANT-TO-NREN {
from as-path GEANT;
then accept;
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement LONI-IN {
term participant {
from {
prefix-list-filter LONI-PARTICIPANT4 orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter LONI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter LONI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception {
from {
prefix-list-filter LONI-PARTICIPANT4-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 239.0.0.0/8 orlonger;
route-filter 232.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement REDCLARA-TO-USGS {
term FROM-REDCLARA {
from as-path CLARA;
then accept;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement UEN-IN {
term participant {
from {
protocol bgp;
prefix-list-filter UEN-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter UEN-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter UEN-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement UEN-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter UEN6-PARTICIPANT orlonger;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement UNM-IN {
term participant {
from {
protocol bgp;
prefix-list-filter UNM-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter UNM-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter UNM-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term fednet {
from {
protocol bgp;
prefix-list-filter UNM-FEDNET orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term exception-sponsored {
from {
protocol bgp;
prefix-list-filter UNM-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:e00::/56 longer;
route-filter 2001:468:e::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement pim-join-filter {
term internal-links {
from {
interface [ so-0/0/0.0 so-3/0/0.0 so-3/1/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS1239-OUT members *:1239;
community CPS-AS2914-OUT members *:2914;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path PRIVATE ".* (64512-65535) .*";
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path ABILENE ".* 11537 .*";
as-path NLR ".* 19401 .*";
as-path CLARA "27750 .*";
as-path GEANT "20965 .*";
as-path CUDI "18592 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
inactive: class-of-service {
classifiers {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-points 110;
}
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
drop-profiles {
basic {
fill-level 100 drop-probability 100;
}
}
rewrite-rules {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
basic {
forwarding-class best-effort scheduler best-effort;
forwarding-class network-control scheduler network-control;
forwarding-class assured-forwarding scheduler LSP-L2;
forwarding-class expedited-forwarding scheduler expedited-forwarding;
}
}
schedulers {
LSP-L2 {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
network-control {
transmit-rate percent 5;
buffer-size percent 5;
priority strict-high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
best-effort {
transmit-rate percent 85;
buffer-size percent 85;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
expedited-forwarding {
transmit-rate percent 0;
buffer-size percent 0;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
}
}
Firewall Stanza Removed removed
����salt�ã
��
## Last commit: 2009-09-25 16:14:04 UTC by litvanyi
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
<ge-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
<xe-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<xe-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name NEWY-re0;
}
}
re1 {
system {
host-name NEWY-re1;
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 2;
source-address 64.57.28.242;
}
140.182.44.69 {
timeout 2;
source-address 64.57.28.242;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-CHIC 10GE | I2-CHIC-NEWY32AOA-10GE-05239";
family inet {
address 64.57.28.73/31;
}
family inet6 {
address 2001:468:ff:602::1/64;
}
}
}
xe-0/1/0 {
description "[CPS] Direct interface to PAIX-NY exchange fabric";
vlan-tagging;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 6 {
description "[CPS] PAIX New York Public Switch (10G)";
vlan-id 6;
family inet {
mtu 1500;
address 198.32.118.55/24;
}
family inet6 {
address 2001:504:f::37/48;
}
}
}
xe-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Northern Crossroads (NOX) via I2-BOST-NEWY32AOA-10GE-04181";
vlan-tagging;
mtu 9192;
unit 110 {
description "Northern Crossroads (NOX) R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 192.5.89.222/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0646::2/64;
}
}
unit 111 {
description "[CPS] Northern Crossroads (NOX)";
vlan-id 111;
family inet {
mtu 9000;
address 207.210.142.2/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:0646::2/64;
}
}
}
xe-0/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.18/31;
}
family inet6 {
address 2001:468:ff:906::1/64;
}
family mpls {
mtu 9174;
}
}
}
xe-1/1/0 {
description "Internet2 CPS switch (via Internet2 New York Metro Infinera Ring)";
vlan-tagging;
mtu 9134;
unit 11 {
description "PAIX NY Management Subnet";
vlan-id 11;
family inet {
address 64.57.28.161/28;
}
}
unit 100 {
description "[CPS] Global Crossing Private v4/v6 peering";
vlan-id 100;
family inet {
filter {
input connector-in;
}
address 64.208.110.26/30;
}
family inet6 {
address 2001:450:2008:2B::2/64;
}
}
unit 101 {
description "[CPS] Global Crossing Private Multicast-Only Peering";
vlan-id 101;
family inet {
filter {
input connector-in;
}
address 64.208.110.186/30;
}
family inet6 {
address 2001:450:2008:21::2/64;
}
}
unit 102 {
description "[CPS] Google private peering";
vlan-id 102;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.20/31;
}
family inet6 {
mtu 1500;
address 2001:4860:1:1:0:2D11:0:7/127;
}
}
}
xe-1/2/0 {
apply-groups INTERFACE-CONNECTOR;
mtu 9192;
unit 0 {
description Nysernet;
family inet {
mtu 9000;
address 199.109.4.154/30;
}
family inet6 {
mtu 9000;
address 2001:468:900:315::2/64;
}
}
}
xe-1/3/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.74/31;
}
family inet6 {
address 2001:468:ff:6f9::1/64;
}
}
}
xe-2/1/0 {
description "RESERVED FOR FUTURE CPS [NO-MONITOR]";
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "MAGPI via I2-NEWY32AOA-PHIL-10GE-05205";
vlan-tagging;
mtu 9192;
unit 12 {
description "MAGPI IP Connection";
vlan-id 12;
family inet {
mtu 9000;
address 216.27.100.54/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0658::1/64;
}
}
unit 38 {
description "[CPS] MAGPI";
vlan-id 38;
family inet {
mtu 1500;
address 216.27.100.62/30;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:0658::1/64;
}
}
}
xe-2/3/0 {
inactive: apply-groups INTERFACE-CONNECTOR;
description sw.manlan.internet2.edu:Te11/3;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 1 {
description "MANLAN Rack Lan";
vlan-id 1;
family inet {
mtu 1500;
filter {
output manlan-management;
}
address 198.32.154.6/25;
address 198.32.14.129/27;
}
family iso;
}
unit 16 {
description "DRAC Project";
vlan-id 16;
family inet {
mtu 9000;
address 198.32.154.133/30;
}
}
unit 102 {
description "GEANT | AS:20965";
vlan-id 102;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.50/31;
}
family iso;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c5::1/64;
}
}
unit 104 {
description CAnet-Toronto;
vlan-id 104;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.117/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:23::2/64;
}
}
unit 107 {
description SINET;
vlan-id 107;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 150.99.200.194/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:2f8:1:ff::e/126;
}
}
unit 108 {
description QATAR;
vlan-id 108;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 80.231.134.30/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
unit 109 {
description CAnet-Montreal;
vlan-id 109;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.93/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:24::2/64;
}
}
unit 110 {
description CERN;
vlan-id 110;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.85/30;
}
}
unit 112 {
description ESnet;
vlan-id 112;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.124.216.158/30;
}
}
unit 113 {
description ESnet-v6-only;
vlan-id 199;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c6::1/64;
}
}
unit 114 {
description "MCIT/ENERGI (Egypt)";
vlan-id 114;
family inet {
mtu 1486;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.65/30;
}
}
unit 115 {
description "USLHCnet (CERN)";
vlan-id 115;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.69/30;
}
}
unit 116 {
description "ANKABUT (United Arab Emirates) [NO-MONITOR]";
vlan-id 116;
family inet {
filter {
input connector-in;
output interface-out;
}
address 198.32.11.109/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c3::1/64;
}
}
unit 117 {
description "TWAREN| AS:7539";
vlan-id 117;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 211.79.48.158/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:E10:FFFF:307::2/64;
}
}
unit 120 {
description "SURFnet | AS:1103";
vlan-id 120;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.65/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c2::1/64;
}
}
unit 456 {
description "RedClara via MANLAN and AtlanticWave | AS:27750 [NO-MONITOR]";
vlan-id 456;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 200.0.207.10/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:1348:4:3::2/64;
}
}
unit 2130 {
description "Peer QATAR 2nd Connection via MAN LAN";
vlan-id 2130;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 86.36.105.178/30;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
unit 4003 {
encapsulation vlan-ccc;
vlan-id 4003;
}
}
ge-9/0/0 {
description "Observatory 1G via lan.newy32aoa:A21";
vlan-tagging;
mtu 9192;
unit 10 {
description "RackLan #1 Master Gateway";
vlan-id 10;
family inet {
filter {
output racklan-access;
}
address 64.57.24.254/24 {
vrrp-group 60 {
virtual-address 64.57.24.254;
priority 255;
preempt;
}
}
}
}
unit 12 {
description "NEWY Observatory 1G vlan";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:12::1/64;
address 2001:468:6:12::17:97/64;
}
}
}
ge-9/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.17.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:101::1/64;
address 2001:468:6:101::17:81/64;
}
}
}
ge-9/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.17.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:100::1/64;
address 2001:468:6:100::17:85/64;
}
}
}
xe-9/2/0 {
description "Observatory 10G via lan.newy32aoa:F2";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 11 {
description "NEWY Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:11::1/64;
address 2001:468:6:11::17:65/64;
}
}
unit 20 {
description "NEWT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.225/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:20::1/64;
address 2001:468:6:20::18:225/64;
}
}
unit 21 {
description "NEWT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.81/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:21::1/64;
address 2001:468:6:21::18:81/64;
}
}
unit 30 {
description "NEWY 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.81/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:30::1/64;
address 2001:468:6:30::23:81/64;
}
}
unit 31 {
description "NEWY 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.113/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:31::1/64;
address 2001:468:6:31::23:113/64;
}
}
unit 32 {
description "NEWY 100x100 NetFPGA";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.49/29;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.33/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:60::29:33/64;
address 2001:468:6:60::1/64;
}
}
unit 3903 {
description "ESNet I2 Phoebus Trial";
encapsulation vlan-ccc;
vlan-id 3903;
family ccc;
}
}
gr-9/3/0 {
/* IPv6-over-IPv4 Tunnel for Egypt/ENERGI */
unit 0 {
tunnel {
source 198.32.11.65;
destination 198.32.11.66;
}
family inet6 {
mtu 1414;
address 2001:468:ff:6c1::1/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.242/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0021.00;
address 49.0000.0000.0000.0030.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:6::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.242/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff06::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.71 {
port 4195;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:000f::/48;
route 2001:468:0006::/48;
route 2001:468:ff:0f00::/56;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
route 67.17.81.229/32 next-hop 64.208.110.185;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.242;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path NEWY->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path NEWY->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path NEWY->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path NEWY->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path NEWY->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path NEWY->LOSA {
to 64.57.28.248;
fast-reroute;
}
label-switched-path NEWY->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path NEWY->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE TO CHIC */
interface xe-0/0/0.0;
/* BACKBONE TO WASH #2 */
interface xe-2/0/0.0;
}
bgp {
log-updown;
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 192.5.89.221 {
description NOX;
import [ SANITY-IN SET-PREF NOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10578;
}
neighbor 199.109.4.153 {
description Nysernet;
import [ SANITY-IN SET-PREF NYSERNET-IN CONNECTOR-IN ];
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 LEAK-NMS1 ];
peer-as 3754;
}
neighbor 216.27.100.53 {
description MAGPI;
import [ SANITY-IN SET-PREF MAGPI-IN CONNECTOR-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
peer-as 10466;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:900:315::1 {
description "NYsernet-New York";
import [ SANITY6 SET-PREF NYSERNET-IN6 ];
/* export policy to allow more specifics for dual-homed load-balancing purposes */
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6-WITH-SPECIFICS ];
peer-as 3754;
}
neighbor 2001:468:ff:0646::1 {
description NOX;
import [ SANITY6 SET-PREF NOX-IN6 ];
Authentication Data Removed
peer-as 10578;
}
neighbor 2001:468:ff:0658::2 {
description MAGPI;
import [ SANITY6 SET-PREF MAGPI-IN6 ];
Authentication Data Removed
peer-as 10466;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.124.216.157 {
description "ESnet via MANLAN";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:15c6::2 {
description ESNET;
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.208.110.185 {
description "Commercial Global Crossing via Private Peering (Multicast Only) [NO-MONITOR]";
Authentication Data Removed
peer-as 3549;
}
}
inactive: group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 80.231.134.29 {
description QATAR;
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
neighbor 205.189.32.94 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 205.189.32.118 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 150.99.200.193 {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 198.32.11.66 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
neighbor 198.32.11.51 {
description "GEANT M160 via MANLAN 10GigE";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT ORIGINATE4 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.70 {
description "USLHCNet (CERN)";
Authentication Data Removed
peer-as 1297;
}
neighbor 211.79.48.157 {
description "TWAREN | AS:7539";
Authentication Data Removed
peer-as 7539;
}
neighbor 198.32.11.86 {
description CERN;
Authentication Data Removed
peer-as 513;
}
neighbor 64.57.28.66 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 200.0.207.9 {
description "RedCLARA via MANLAN and AtlanticWave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ESNET-TO-AMPATH ];
peer-as 27750;
}
neighbor 198.32.11.110 {
description "ANKABUT via MANLAN | AS:47862 [NO-MONITOR]";
family inet {
any {
prefix-limit {
maximum 5;
teardown 60;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 86.36.105.177 {
description "QATAR 2nd Connection [NO-MONITOR]";
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:410:101:23::1 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:410:101:24::1 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:468:ff:15c5::2 {
description GEANT;
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:E10:FFFF:307::1 {
description TWAREN;
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:6c2::2 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
neighbor 2001:2f8:1:ff::d {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 2001:1348:4:3::1 {
description "RedCLARA via MANLAN and AtlanticWave";
import REJECT-ALL;
Authentication Data Removed
peer-as 27750;
}
neighbor 2001:468:ff:6c3::2 {
description "ANKABUT via ManLan | AS:47862 [NO-MONITOR]";
family inet6 {
any {
prefix-limit {
maximum 100;
teardown 95;
}
}
}
Authentication Data Removed
peer-as 47862;
}
neighbor 2001:468:ff:6c1::2 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
remove-private;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 64.57.17.71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
local-address 64.57.17.65;
family inet {
unicast;
multicast;
}
cluster 64.57.17.65;
}
neighbor 2001:468:6:11::17:71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.242;
hold-time 65535;
family inet {
unicast;
}
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
group INTERNET2 {
type internal;
local-address 64.57.28.242;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:6::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group MULTICAST-ONLY {
type external;
metric-out igp;
import [ SANITY-LIST SET-LOCPREF-PEERS FROM-ITN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC 10GE */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 1001;
}
/* BACKBONE TO WASH 10GE #1 */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE TO WASH 10GE #2 */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 280;
}
interface xe-2/3/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* ESNET */
peer 134.55.3.3 {
local-address 198.124.216.158;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CAnet-Montreal */
peer 205.189.32.94 {
local-address 205.189.32.93;
}
/* CAnet-Toronto */
peer 205.189.32.118 {
local-address 205.189.32.117;
}
/* TWAREN via Manlan vlan 117 */
peer 211.79.48.157 {
local-address 211.79.48.158;
}
/* SURFnet via MANLAN */
peer 64.57.28.66 {
local-address 64.57.28.65;
}
/* GEANT 10GE via MANLAN */
peer 198.32.11.51 {
local-address 198.32.11.50;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* Nysernet */
peer 199.109.4.153 {
local-address 199.109.4.154;
}
/* NOX */
peer 192.5.89.221 {
local-address 192.5.89.222;
}
/* MAGPI */
peer 216.27.100.53 {
local-address 216.27.100.54;
}
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.242;
/* CHIC */
peer 64.57.28.241;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing (private peering) */
peer 67.17.81.229 {
local-address 64.208.110.186;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list NYSERNET-PARTICIPANT {
67.20.192.0/19;
67.99.160.0/21;
67.99.160.0/22;
67.99.168.0/22;
128.59.0.0/16;
128.84.0.0/16;
128.113.0.0/16;
128.113.11.0/24;
128.122.0.0/16;
128.151.0.0/16;
128.205.0.0/16;
128.213.0.0/16;
128.226.0.0/16;
128.228.0.0/16;
128.230.0.0/16;
128.253.0.0/16;
129.5.0.0/16;
129.21.0.0/16;
129.49.0.0/16;
129.161.0.0/16;
129.236.0.0/16;
130.245.0.0/16;
132.236.0.0/16;
134.74.0.0/16;
140.251.0.0/16;
146.95.0.0/16;
146.96.0.0/16;
146.111.0.0/16;
146.245.0.0/16;
148.84.0.0/16;
149.4.0.0/16;
149.125.0.0/16;
150.210.0.0/16;
156.111.0.0/16;
156.145.0.0/16;
157.139.0.0/16;
160.39.0.0/16;
163.238.0.0/16;
169.226.0.0/16;
192.5.43.0/24;
192.5.53.0/24;
192.12.82.0/24;
192.12.89.0/24;
192.12.90.0/24;
192.35.82.0/24;
192.35.210.0/24;
192.42.55.0/24;
192.76.177.0/24;
192.77.9.0/24;
192.77.173.0/24;
192.86.139.0/24;
198.61.16.0/20;
198.83.28.0/22;
198.83.112.0/20;
198.180.141.0/24;
199.89.214.0/24;
199.109.0.0/16;
199.109.2.0/24;
199.109.4.0/24;
199.109.5.0/24;
199.109.6.0/30;
199.109.8.0/22;
199.109.12.0/22;
199.109.16.0/22;
199.109.20.0/22;
199.109.24.0/22;
199.109.28.0/22;
199.109.32.0/22;
199.109.40.0/22;
199.109.44.0/22;
199.109.100.0/24;
199.109.200.0/21;
199.219.128.0/18;
199.219.192.0/20;
199.219.208.0/21;
199.219.216.0/24;
204.9.168.0/22;
204.168.181.0/24;
204.168.182.0/23;
204.168.184.0/21;
205.232.16.0/21;
207.10.4.0/24;
207.10.5.0/24;
207.10.6.0/24;
207.10.7.0/24;
207.10.196.0/24;
207.10.197.0/24;
207.10.198.0/24;
207.10.199.0/24;
207.127.120.0/21;
207.127.224.0/22;
207.159.192.0/18;
209.2.48.0/22;
209.2.54.0/23;
216.165.0.0/17;
}
prefix-list NYSERNET-CORPORATE {
129.34.0.0/16;
198.81.209.0/24;
198.83.46.0/24;
198.180.207.0/24;
198.182.248.0/24;
199.164.149.0/24;
199.181.149.0/24;
199.222.58.0/24;
199.222.59.0/24;
199.222.71.0/24;
204.107.83.0/24;
}
prefix-list NYSERNET-SPONSORED {
205.232.8.0/21;
209.2.160.0/21;
216.73.240.0/20;
}
prefix-list NYSERNET-SEGP {
38.96.188.0/24;
63.144.174.0/24;
63.144.175.0/24;
65.88.72.0/22;
65.88.88.0/23;
66.195.169.96/27;
67.99.185.0/24;
128.153.0.0/16;
129.85.0.0/16;
129.98.0.0/16;
137.143.0.0/16;
137.238.0.0/16;
138.92.0.0/16;
139.127.0.0/16;
146.203.0.0/16;
147.4.0.0/16;
148.100.0.0/16;
149.31.0.0/16;
149.123.0.0/16;
163.153.0.0/16;
168.169.0.0/16;
170.158.0.0/16;
170.161.0.0/16;
192.31.156.0/24;
192.33.253.0/24;
192.231.122.0/23;
192.231.124.0/23;
192.246.178.0/24;
192.246.224.0/22;
192.246.228.0/23;
192.246.231.0/24;
192.246.232.0/22;
192.246.235.0/24;
192.246.239.0/24;
192.246.253.0/24;
198.22.176.0/24;
198.105.32.0/20;
198.180.129.0/24;
198.199.181.0/24;
199.190.222.0/23;
199.190.224.0/23;
204.97.72.0/24;
204.168.248.0/21;
205.232.96.0/20;
207.10.8.0/21;
207.127.176.0/21;
216.162.16.0/20;
216.182.132.0/24;
216.182.136.0/22;
216.226.96.0/19;
}
prefix-list NYSERNET6-PARTICIPANT {
2001:468:900::/40;
2001:468:1100::/40;
2001:468:1508::/48;
2001:18d8::/32;
2607:F600::/32;
2620:0000:1A50::/48;
}
prefix-list NOX-PARTICIPANT {
12.0.48.0/20;
12.6.208.0/20;
18.0.0.0/8;
63.164.11.0/24;
/* Temporary route - remove after 08-11-08 - JD */
64.251.112.0/20;
65.112.0.0/20;
67.221.64.0/19;
72.164.152.0/24;
74.112.8.0/21;
75.130.96.0/24;
128.30.0.0/15;
128.36.0.0/16;
128.52.0.0/16;
128.103.0.0/16;
128.119.0.0/16;
128.148.0.0/16;
128.197.0.0/16;
129.10.0.0/16;
129.55.0.0/16;
129.64.0.0/16;
129.170.0.0/16;
130.64.0.0/16;
130.111.0.0/16;
130.132.0.0/16;
130.189.0.0/16;
130.215.0.0/16;
131.128.0.0/16;
131.142.0.0/16;
132.177.0.0/16;
132.183.0.0/16;
132.198.0.0/16;
134.174.0.0/16;
136.167.0.0/16;
136.244.0.0/16;
137.99.0.0/16;
138.16.0.0/16;
138.29.0.0/16;
140.234.0.0/16;
140.247.0.0/16;
141.133.0.0/16;
148.85.0.0/16;
155.33.0.0/16;
155.37.0.0/16;
155.41.0.0/16;
155.41.96.0/19;
155.41.128.0/17;
155.52.0.0/16;
160.79.139.0/24;
167.206.156.0/24;
168.122.0.0/16;
170.223.0.0/16;
192.5.66.0/24;
192.5.89.0/24;
192.5.136.0/22;
192.5.140.0/23;
192.5.206.0/23;
192.5.208.0/24;
192.5.224.0/24;
192.12.185.0/24;
192.12.186.0/23;
192.12.188.0/22;
192.26.149.0/24;
192.26.150.0/24;
192.52.61.0/24;
192.52.62.0/23;
192.52.64.0/23;
192.54.223.0/24;
192.54.224.0/24;
192.73.31.0/24;
192.80.66.0/24;
192.80.83.0/24;
192.131.102.0/24;
192.160.243.0/24;
192.160.244.0/24;
192.189.138.0/24;
192.231.246.0/24;
198.113.29.0/24;
199.93.245.0/24;
199.94.0.0/16;
199.94.32.0/19;
199.94.48.0/24;
204.8.152.0/21;
204.139.0.0/21;
204.167.52.0/24;
204.197.0.0/17;
207.188.245.0/24;
207.210.142.0/24;
207.210.143.0/24;
208.95.188.0/22;
208.247.102.0/24;
}
prefix-list NOX-CORPORATE {
167.216.167.0/26;
204.179.122.0/24;
}
prefix-list NOX-SPONSORED {
38.111.225.0/27;
66.9.106.224/27;
66.9.198.0/24;
66.9.199.0/24;
66.220.243.0/24;
68.112.227.0/24;
68.184.42.64/27;
128.128.0.0/16;
129.44.167.0/24;
131.229.0.0/16;
134.88.230.0/24;
134.88.231.0/24;
134.88.235.0/24;
138.110.0.0/16;
148.45.0.0/16;
158.65.0.0/16;
158.136.0.0/16;
192.80.61.0/24;
192.133.12.0/24;
192.133.83.0/24;
199.92.170.0/24;
}
prefix-list NOX-SEGP {
12.6.252.0/24;
12.16.126.192/26;
63.145.155.0/24;
64.45.64.0/18;
64.80.89.0/24;
64.147.48.0/20;
64.202.80.0/20;
64.251.48.0/20;
64.251.60.0/22;
64.254.160.0/20;
65.18.0.0/18;
65.18.64.0/19;
65.18.96.0/20;
66.181.224.0/20;
66.206.128.0/19;
66.218.144.0/20;
67.218.80.0/20;
69.16.0.0/17;
69.43.113.0/24;
69.43.114.0/24;
69.43.120.0/24;
69.173.64.0/18;
72.10.96.0/19;
72.19.64.0/18;
76.78.80.0/22;
129.5.0.0/16;
129.63.0.0/16;
129.133.0.0/16;
129.161.0.0/16;
131.109.0.0/16;
134.88.0.0/16;
134.181.0.0/16;
134.241.0.0/16;
134.241.27.0/24;
134.241.32.0/24;
134.241.140.0/22;
137.49.0.0/16;
137.146.0.0/16;
139.140.0.0/16;
140.232.0.0/16;
141.114.0.0/16;
146.189.0.0/16;
148.166.0.0/16;
149.130.0.0/16;
149.152.0.0/16;
155.36.0.0/16;
155.43.0.0/16;
155.47.0.0/16;
157.252.0.0/16;
158.121.0.0/16;
158.123.0.0/17;
158.123.128.0/17;
159.247.232.0/22;
159.247.236.0/23;
167.206.156.0/24;
169.244.0.0/16;
192.31.112.0/24;
192.31.236.0/24;
192.33.12.0/24;
192.43.249.0/24;
192.83.228.0/24;
192.101.188.0/24;
192.107.38.0/24;
192.107.134.0/24;
192.124.153.0/24;
192.132.64.0/24;
192.135.181.0/24;
192.136.22.0/24;
192.138.176.0/24;
192.138.177.0/24;
192.138.178.0/24;
192.152.243.0/24;
192.188.67.0/24;
192.195.196.0/24;
198.7.224.0/19;
198.102.172.0/24;
198.102.211.0/24;
198.148.217.0/24;
198.182.161.0/24;
198.182.162.0/23;
198.183.156.0/24;
198.202.151.0/24;
199.33.141.0/24;
199.184.247.0/24;
199.249.227.0/24;
204.17.79.64/27;
204.17.80.0/27;
205.172.224.0/22;
206.208.184.0/21;
207.159.160.0/19;
207.166.224.0/19;
207.210.128.0/19;
208.47.162.0/23;
208.47.164.0/23;
209.80.128.0/17;
209.166.112.0/20;
209.222.192.0/19;
216.19.112.0/20;
216.20.0.0/17;
216.87.96.0/19;
}
prefix-list NOX6-PARTICIPANT {
2001:468:600::/40;
2001:468:1e00::/40;
/* Worcester Polytec Inst */
2607:F5C0::/32;
/* Harvard */
2607:FB60::/32;
/* University of Main */
2610:48::/32;
2610:58::/32;
2620:0:650::/48;
2620:0:DF0::/48;
}
prefix-list MAGPI-PARTICIPANT {
12.161.8.0/21;
66.36.56.0/21;
66.180.176.0/20;
66.250.44.0/24;
128.4.0.0/16;
128.6.0.0/16;
128.91.0.0/16;
128.112.0.0/16;
128.175.0.0/16;
128.180.0.0/16;
128.235.0.0/16;
129.25.0.0/16;
129.32.0.0/16;
130.91.0.0/16;
130.219.0.0/16;
140.180.0.0/16;
140.208.0.0/16;
144.118.0.0/16;
147.31.0.0/16;
149.150.0.0/16;
155.247.0.0/16;
158.130.0.0/16;
159.14.0.0/16;
165.123.0.0/16;
165.230.0.0/16;
192.12.88.0/24;
192.76.178.0/24;
192.84.2.0/24;
198.32.42.0/24;
198.32.242.128/25;
198.151.130.0/24;
199.65.255.0/24;
204.52.215.0/24;
204.153.48.0/22;
205.172.164.0/24;
216.27.97.0/24;
216.27.99.0/24;
216.27.100.0/22;
216.27.100.0/23;
}
prefix-list MAGPI-CORPORATE {
12.144.59.0/24;
}
prefix-list MAGPI-SPONSORED {
12.151.0.0/23;
12.151.1.0/24;
38.115.60.0/24;
66.28.32.0/23;
131.249.0.0/16;
147.140.0.0/16;
153.104.0.0/16;
167.21.180.0/22;
167.21.184.0/22;
192.231.162.0/23;
192.231.164.0/24;
192.231.210.0/24;
198.138.53.0/24;
198.138.54.0/23;
198.138.56.0/22;
198.138.60.0/24;
204.14.12.0/22;
204.75.178.0/24;
204.108.128.0/17;
207.103.37.0/24;
207.103.38.0/24;
207.103.55.0/24;
207.103.56.0/24;
207.103.72.0/24;
207.103.89.0/24;
207.103.90.0/24;
207.103.91.0/24;
207.103.189.0/24;
207.103.190.0/24;
207.103.191.0/24;
207.103.192.0/24;
207.103.218.0/24;
207.103.219.0/24;
209.18.48.0/20;
209.50.137.0/24;
209.50.138.0/24;
209.71.5.0/24;
209.71.6.0/24;
209.71.7.0/24;
209.71.10.0/24;
209.71.25.0/24;
209.71.46.0/24;
216.27.98.0/23;
216.27.102.0/24;
216.162.80.0/20;
216.228.128.0/20;
}
prefix-list MAGPI-SEGP {
8.10.208.0/24;
65.170.110.0/24;
65.194.220.0/22;
65.194.224.0/24;
66.17.183.0/24;
67.200.60.0/24;
67.200.61.0/24;
67.200.63.0/24;
72.2.96.0/20;
74.116.20.0/22;
74.214.96.0/19;
76.74.64.0/24;
76.74.65.0/24;
76.74.66.0/24;
76.74.67.0/24;
76.74.68.0/24;
76.74.69.0/24;
76.74.70.0/24;
76.74.71.0/24;
76.74.72.0/24;
76.74.73.0/24;
76.74.77.0/24;
130.68.0.0/16;
130.156.0.0/16;
131.125.0.0/16;
132.238.0.0/16;
134.198.0.0/16;
134.210.0.0/16;
139.147.0.0/16;
146.94.0.0/16;
147.106.0.0/16;
149.150.0.0/16;
149.151.0.0/16;
150.250.0.0/16;
151.198.52.0/24;
151.198.208.96/27;
155.246.0.0/16;
159.91.0.0/16;
167.21.6.0/24;
167.21.7.0/24;
167.21.8.0/24;
167.21.9.0/24;
167.21.254.0/24;
170.235.0.0/16;
192.16.204.0/24;
192.100.64.0/24;
192.107.43.0/24;
192.107.45.0/24;
192.107.108.0/24;
192.108.16.0/24;
192.108.106.0/24;
192.112.54.0/24;
192.133.105.0/24;
192.135.209.0/24;
192.150.150.0/24;
192.154.128.0/23;
192.154.130.0/24;
192.231.202.0/24;
192.231.207.0/24;
192.245.88.0/24;
198.22.129.0/24;
198.133.170.0/24;
198.138.207.0/24;
198.138.208.0/23;
198.138.210.0/24;
198.244.0.0/21;
198.244.8.0/23;
199.2.216.0/24;
204.13.204.0/22;
204.96.142.0/24;
204.96.143.0/24;
204.108.251.0/24;
204.108.251.0/25;
204.108.251.128/25;
204.139.52.0/22;
204.143.61.0/24;
204.143.62.0/23;
204.143.64.0/22;
204.143.68.0/24;
204.152.148.0/23;
204.186.48.64/27;
204.186.79.96/27;
204.186.112.0/27;
204.186.112.32/27;
204.186.112.64/27;
204.186.135.0/24;
204.186.151.0/24;
204.186.159.0/24;
204.186.161.0/24;
204.186.174.0/24;
204.186.191.128/27;
205.173.168.0/21;
205.174.96.0/20;
205.235.32.0/19;
205.238.205.0/24;
205.247.245.0/24;
206.82.16.0/20;
206.219.64.0/19;
207.200.160.0/20;
207.200.170.0/24;
207.200.171.0/24;
208.67.140.0/22;
208.70.120.0/22;
208.73.176.0/22;
208.82.152.0/21;
208.87.76.0/24;
208.87.77.0/24;
208.87.78.0/24;
208.87.79.0/24;
209.50.141.32/27;
209.50.150.128/26;
209.50.152.0/25;
209.50.153.32/27;
209.50.153.96/27;
209.50.153.160/27;
209.50.153.224/27;
209.173.1.96/27;
209.173.1.192/27;
209.173.4.0/27;
209.173.6.128/25;
209.173.7.96/27;
209.173.10.32/27;
209.173.11.0/27;
209.173.14.160/27;
209.173.14.192/27;
209.173.16.0/24;
209.173.17.64/26;
209.173.17.192/26;
209.173.18.0/24;
209.242.176.0/20;
216.27.98.0/23;
216.144.162.64/27;
216.144.170.0/26;
216.144.170.64/27;
216.144.171.160/27;
216.144.171.192/27;
216.158.60.0/24;
216.162.80.0/20;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list MAGPI-PARTICIPANT6 {
2001:468:1800::/40;
2607:F3B0::/32;
2607:F470::/32;
2620:0:D60::/46;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAGPI-CPS {
128.91.0.0/16;
128.180.0.0/16;
130.91.0.0/16;
158.130.0.0/16;
165.123.0.0/16;
198.32.42.0/24;
216.27.100.0/23;
}
prefix-list QUERY-HOSTS;
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Resolver */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* DNS Resolver */
134.68.1.9/32;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
134.68.220.127/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hosts */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
140.182.45.56/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
/* NEWY 111 8th Racklan */
149.165.253.0/28;
/* VPN Groups */
156.56.175.0/27;
156.56.245.1/32;
156.56.247.193/32;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OARNETRACKLAN-ACCESS {
192.148.251.0/24;
199.18.152.96/28;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list NOC-PARTICIPANT;
prefix-list MANLAN-ACCESS {
64.57.16.0/20;
129.79.5.18/32;
129.79.5.100/32;
129.79.5.225/32;
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
134.68.1.9/32;
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI login hoss */
140.182.44.16/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* radius3.grnoc.iu.edu */
140.182.44.69/32;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB login hosts */
140.182.45.16/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* radius2.grnoc.iu.edu */
140.182.45.56/32;
149.165.129.24/32;
/* jump.grnoc.iu.edu */
149.165.134.64/32;
156.56.175.0/27;
192.12.206.196/32;
192.12.206.228/32;
}
prefix-list GOOGLE-PARTICIPANT6 {
2001:4860:1::/48;
}
prefix-list KAN-ED-2-SCHOOLS {
68.225.152.0/24;
70.165.96.0/23;
70.165.102.0/23;
70.183.128.0/21;
98.175.200.0/24;
}
policy-statement ADD-GBLX-NY-COMM {
term add-comm {
then {
community add GBLX-NY;
next policy;
}
}
}
policy-statement AMPATH-TO-ESNET {
term FROM-REACCIUN {
from as-path REACCIUN;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-ANSP {
from as-path ANSP;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-RETINA {
from as-path RETINA;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement BLOCK-COMM-ASN {
term block-commercial-as {
from as-path COMMERCIAL;
then reject;
}
then next policy;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS12989-OUT {
term match {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13030-OUT {
term match {
from community CPS-AS13030-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15412-OUT {
term match {
from community CPS-AS15412-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS1784-OUT {
term match {
from community CPS-AS1784-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22773-OUT {
term match {
from community CPS-AS22773-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS29791-OUT {
term match {
from community CPS-AS29791-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term match {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term match {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36619-OUT {
term match {
from community CPS-AS36619-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term match {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term match {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term match {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6102-OUT {
term match {
from community CPS-AS6102-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term match {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term match {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS812-OUT {
term match {
from community CPS-AS812-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9505-OUT {
term match {
from community CPS-AS9505-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-COX-IN-EXCEPTION {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term prepend-KanEd {
from {
prefix-list-filter KAN-ED-2-SCHOOLS orlonger;
}
then {
as-path-prepend "11537 11537 11537";
next term;
}
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-GOOGLE-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter GOOGLE-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MAGPI-CPS orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
prefix-list-filter NOX-SPONSORED orlonger;
prefix-list-filter NOX-SEGP orlonger;
prefix-list-filter NOX-CORPORATE orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
/* Allows only longer connector prefixes from peers */
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement GEANT-LOWER-PREF {
term depref {
then {
local-preference 40;
next policy;
}
}
}
policy-statement GEANT-TO-ESNET {
term FROM-GEANT {
from as-path GEANT;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement IFTN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
community add IFTN;
accept;
}
}
}
policy-statement IFTN-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-multicast {
from {
protocol bgp;
rib inet.2;
}
then accept;
}
term block {
from {
protocol bgp;
community [ NONITN CONNECTOR-ONLY ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement IU_to_TU-DRESDEN {
term TU-DRESDEN {
from {
route-filter 141.30.0.0/16 exact;
}
then {
local-preference 200;
next policy;
}
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement MAGPI-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAGPI-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter MAGPI-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAGPI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter MAGPI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term segp-exception {
from {
protocol bgp;
route-filter 208.67.140.0/30 exact;
}
then {
community add SEGP;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MAGPI-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NEXT-v4-v6-self {
from protocol bgp;
then {
next-hop 198.32.9.193;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NOX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NOX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NOX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NOX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement NREN-TO-GEANT {
term FROM {
from as-path NREN;
then accept;
}
}
policy-statement NYSERNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NYSERNET-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NYSERNET-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NYSERNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NYSERNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant-exception {
from {
protocol bgp;
route-filter 199.109.200.0/21 upto /28;
}
then next policy;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NYSERNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
/* Redistribute aggregates from static into BGP - do not block more specifics */
policy-statement ORIGINATE6-WITH-SPECIFICS {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
}
policy-statement PREF-IEEAF-12 {
then {
metric 2;
}
}
policy-statement PREF-IEEAF-192 {
then {
metric 1;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
policy-statement REMOVE-GBXv6 {
/* remove global-crossing v6 advertisements to geant--ticket 8032 */
term is-gbx {
from as-path GBX;
then reject;
}
term not-gbx {
then next term;
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-BACKUP {
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
/* USGS ITN routes allowed to GEANT per UCAID 12231:45 */
policy-statement USGS-TO-GEANT {
term FROM-USGS {
from as-path USGS;
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1500::/56 longer;
route-filter 2001:468:0015::/48 longer;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-1/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS12989-OUT members *:12989;
community CPS-AS13030-OUT members *:13030;
community CPS-AS15169-OUT members *:15169;
community CPS-AS15412-OUT members *:15412;
community CPS-AS1784-OUT members *:1784;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS29791-OUT members *:29791;
community CPS-AS32934-OUT members *:32934;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36619-OUT members *:36619;
community CPS-AS4436-OUT members *:4436;
community CPS-AS4565-OUT members *:4565;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6102-OUT members *:6102;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8075-OUT members *:8075;
community CPS-AS812-OUT members *:812;
community CPS-AS9505-OUT members *:9505;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community GBLX-NY members 11537:23549;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL-IGRID ".*1.* | .*174.* | .*209.* | .*701.* | .*1239.* | .*1673.* | .*1740.* | .*1800.* | .*1833.* | .*2551.* | .*2548.* | .*2685.* | .*2914.* | .*3549.* | .*3561.* | .*3847.* | .*3951.* | .*3967.* | .*4183.* | .*4200.* | .*5683.* | .*6113.* | .*6172.* | .*6461.* | .*7018.*";
as-path COMM1 .*3265.*;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
/* temporary for ESNET->GEANT advertisements */
as-path ESNET "293 .*";
as-path ABILENE ".* 11537 .*";
as-path GEANT "20965 .*";
as-path REACCIUN "20312 .*";
as-path ANSP "1251 .*";
as-path RETINA "3597 .*";
as-path GBX ".* 3549 .*";
as-path NREN "24 .*";
as-path NLR ".* 19401 .*";
as-path USGS "1842 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
Firewall Stanza Removed removed
���newy32aoa�!r��
## Last commit: 2009-09-23 20:27:48 UTC by cdavisal
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
<ge-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
<xe-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<xe-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
re0 {
system {
host-name WASH-re0;
}
}
re1 {
system {
host-name WASH-re1;
}
}
MSDP-STRICT {
protocols {
msdp {
group CONNECTOR {
peer <*> {
active-source-limit {
maximum 2000;
threshold 1800;
}
}
}
group ITN {
peer <*> {
active-source-limit {
maximum 500;
threshold 450;
}
}
}
group FEDNET {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
group NONITN {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
source-address 64.57.28.249;
}
140.182.44.69 {
source-address 64.57.28.249;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH 10GE | I2-CHIC-WASH-10GE-05250";
family inet {
address 64.57.28.13/31;
}
family inet6 {
address 2001:468:ff:0209::1/64;
}
}
}
xe-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE | I2-NEWY32AOA-WASH-10GE-04643";
family inet {
address 64.57.28.19/31;
}
family inet6 {
address 2001:468:ff:906::2/64;
}
}
}
xe-0/2/0 {
description "[CPS] Equinix Ashburn Switch for public peerings";
vlan-tagging;
mtu 9134;
gigether-options {
ethernet-switch-profile {
mac-learn-enable;
}
}
unit 61 {
description "Mgmt vlan to CPS equinix ashburn";
vlan-id 61;
family inet {
mtu 9000;
address 64.57.28.209/28;
}
}
unit 62 {
description "[CPS] Equinix Public Peering at Ashburn";
vlan-id 62;
family inet {
mtu 1500;
address 206.223.115.131/24;
}
family inet6 {
address 2001:504:0:2::1:1537:1/64;
}
}
}
xe-0/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Merit via Internet2 DWS | I2-CLEV-WASH-10GE-004179";
vlan-tagging;
mtu 9192;
unit 352 {
description "OSCnet mcast-only peering vlan";
vlan-id 352;
family inet {
mtu 9000;
address 199.18.156.242/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:9c2::1/64;
}
}
unit 359 {
description "OSCnet R&E VLAN";
vlan-id 359;
family inet {
mtu 9000;
address 192.88.192.138/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:d4b::1/64;
}
}
unit 921 {
description "OSCnet [CPS]";
vlan-id 921;
family inet {
mtu 9000;
address 199.18.156.246/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:d4b::1/64;
}
}
unit 1004 {
description "Merit R&E via Cleveland";
vlan-id 1004;
family inet {
mtu 9000;
address 192.122.183.10/30;
}
family inet6 {
address 2001:468:ff:954::1/64;
}
}
unit 1005 {
description "[CPS] Merit via Cleveland";
vlan-id 1005;
family inet {
mtu 9000;
address 198.109.37.22/30;
}
family inet6 {
address 2001:468:ffff:954::1/64;
}
}
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE | I2-ATLA-WASH-10GE-05133";
family inet {
address 64.57.28.59/31;
}
family inet6 {
address 2001:468:ff:0901::2/64;
}
}
}
xe-1/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH 10GE B | I2-NEWY32AOA-WASH-10GE-05242";
family inet {
address 64.57.28.75/31;
}
family inet6 {
address 2001:468:ff:6f9::2/64;
}
}
}
xe-1/2/0 {
description "[CPS] Equinix Ashburn Switch for private peerings";
vlan-tagging;
mtu 9134;
unit 15 {
description "[CPS] Google 10GE PNI via Ashburn";
vlan-id 15;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.78/31;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:19ff::1/64;
}
}
unit 16 {
description "[CPS] LimeLight 10GE PNI [NO-MONITOR]";
vlan-id 16;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.81/30;
}
}
unit 17 {
description "[CPS] Akamai 10GE PNI via Ashburn [NO-MONITOR]";
vlan-id 17;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.85/30;
}
}
}
xe-1/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "Mid-Atlantic Crossroads (MAX)";
vlan-tagging;
mtu 9192;
framing {
lan-phy;
}
unit 263 {
description "Mid-Atlantic Crossroads (MAX)";
vlan-id 263;
family inet {
mtu 9000;
address 206.196.178.46/30;
}
family inet6 {
mtu 9000;
address 2001:468:c00:ffee::2/64;
}
}
unit 264 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) Primary IPv6";
vlan-id 264;
family inet6 {
address 2001:468:ffff:9c4::1/64;
}
}
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE B | I2-ATLA-WASH-10GE-05251";
family inet {
address 64.57.28.7/31;
}
family inet6 {
address 2001:468:ff:109::2/64;
}
}
}
xe-2/1/0 {
description "NOT IN USE [NO-MONITOR]";
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "NGIX-EAST via Movaz LVL3->CLPK";
vlan-tagging;
mtu 9192;
unit 88 {
description "redCLARA via NGIX and AWave-FIU";
vlan-id 88;
family inet {
mtu 9100;
filter {
input connector-in;
}
address 198.32.11.105/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c5::1/64;
}
}
unit 98 {
description "RNP via Atlantic Wave";
vlan-id 98;
family inet {
mtu 9000;
address 64.57.28.61/30;
}
}
unit 166 {
description "NREN via UMD NGIX | AS24";
vlan-id 166;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.32.11.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c2::1/64;
}
}
unit 183 {
description "MAX backup peering via NGIX-East";
vlan-id 183;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 206.196.177.106/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:185c::1/64;
}
}
unit 187 {
description "[CPS] Connector Mid-Atlantic Crossroads (MAX) via NGIX-East Backup IPv6";
vlan-id 187;
family inet6 {
address 2001:468:ffff:185c::1/64;
}
}
unit 194 {
description "ESNET via NGIX";
vlan-id 194;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.124.194.10/30;
}
}
unit 195 {
description "ESNET IPv6 via NGIX";
vlan-id 195;
family inet6 {
mtu 9000;
address 2001:468:ff:9c3::1/64;
}
}
unit 202 {
description "GEANT (Frankfurt OC-192)";
vlan-id 202;
family inet {
mtu 9000;
filter {
input connector-in-from-geant;
}
address 62.40.125.18/30;
}
family inet6 {
mtu 9000;
address 2001:0798:0014:10AA::12/126;
}
}
unit 297 {
description "NISN (via UMD NGIX) | AS:297";
vlan-id 173;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 192.84.8.254/30;
}
}
unit 668 {
description "DREN - Washington DC | AS:668";
vlan-id 174;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c4::1/64;
}
}
unit 669 {
description "Wright-Patterson AFB/Wright State Univ ctr in Dayton via DREN";
vlan-id 164;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.42/30;
}
}
unit 901 {
description "NREN backup via NGIX | AS24";
vlan-id 901;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 64.57.28.40/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:09c1::1/64;
}
}
unit 987 {
description "DREN v6-only, AS668";
vlan-id 987;
family inet {
mtu 1500;
address 10.254.254.9/31;
}
family inet6 {
mtu 1500;
address 2001:468:ff:18c3::1/64;
}
}
unit 1842 {
description "US Geological Survey ( via UMD NGIX)) | AS:1842";
vlan-id 162;
family inet {
mtu 4470;
filter {
input connector-in;
}
address 137.227.2.182/30;
}
}
}
xe-2/3/0 {
apply-groups INTERFACE-CONNECTOR;
description mss.wash.net.internet2.edu:1-A-7-1-1;
vlan-tagging;
mtu 9192;
unit 3 {
description "Drexel University IPv4 R&E [I2-PHIL-WASH-VLAN-04191]";
vlan-id 3;
family inet {
mtu 9000;
address 204.238.76.6/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0960::1/64;
}
}
unit 4 {
description "[CPS] Drexel University [I2-PHIL-WASH-VLAN-04525]";
vlan-id 4;
family inet {
mtu 9000;
address 204.238.76.2/30;
}
}
unit 5 {
description "[CPS] Drexel University IPv6 [I2-PHIL-WASH-VLAN-04526]";
vlan-id 5;
family inet6 {
mtu 9000;
address 2001:468:ffff:960::1/64;
}
}
unit 506 {
description "3ROX/PSC IPv4 R&E [I2-PITT-WASH-VLAN-04178]";
vlan-id 506;
family inet {
mtu 9000;
address 192.88.115.25/31;
}
family inet6 {
address 2001:5e8:0:fffd:0:2:2:2/120;
}
}
unit 507 {
description "[CPS] 3ROX/PSC [I2-PITT-WASH-VLAN-04225]";
vlan-id 507;
family inet {
mtu 1500;
address 192.88.115.117/31;
}
}
unit 509 {
description "[CPS] 3ROX/PSC IPv6 [I2-PITT-WASH-VLAN-04224]";
vlan-id 509;
family inet6 {
mtu 1500;
address 2001:5E8:0:FFFD:0:2:3:2/120;
}
}
}
ge-9/0/0 {
description "Observatory 1G via lan.wash:C23";
vlan-tagging;
mtu 9192;
unit 12 {
description "Observatory 1G VLAN";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.33/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:12::1/64;
address 2001:468:9:12::16:33/64;
}
}
}
ge-9/0/1 {
mtu 9192;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.16.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:101::1/64;
address 2001:468:9:101::16:17/64;
}
}
}
ge-9/0/2 {
mtu 9192;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.16.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:100::1/64;
address 2001:468:9:100::16:21/64;
}
}
}
ge-9/0/3 {
description "NOT IN USE [NO-MONITOR]";
}
ge-9/1/0 {
apply-groups INTERFACE-CONNECTOR;
unit 0 {
description "NSF DRAGON";
family inet {
address 140.173.1.238/30;
}
}
}
ge-9/1/1 {
description "NOT IN USE [NO-MONITOR]";
}
xe-9/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Observatory 10GE to HP5406zl B3";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description WASH-OOB;
vlan-id 10;
family inet {
address 64.57.24.254/24;
}
}
unit 11 {
description "WASH Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:11::1/64;
address 2001:468:9:11::16:1/64;
}
}
unit 13 {
description "HOPI WASH Management";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.23.1/28;
}
}
unit 20 {
description "WASH VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.249/29;
}
}
unit 21 {
description "WASH VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.129/28;
}
}
unit 30 {
description "WASH SPP Port 8";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.193/30 {
arp 64.57.23.194 mac 00:00:5e:04:aa:08;
}
}
}
unit 31 {
description "WASH SPP Port 9";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.197/30 {
arp 64.57.23.198 mac 00:00:5e:04:aa:09;
}
}
}
unit 32 {
description "WASH SPP Port 10";
vlan-id 32;
family inet {
mtu 9000;
address 64.57.23.201/30 {
arp 64.57.23.202 mac 00:00:5e:04:aa:0a;
}
}
}
unit 33 {
description "WASH GENI Mgmt network";
vlan-id 33;
family inet {
mtu 9000;
address 64.57.23.161/28;
}
}
unit 40 {
description "WASH 100x100 Inband";
vlan-id 40;
family inet {
mtu 9000;
address 64.57.23.89/29;
}
}
unit 41 {
description "WASH 100x100 NetFPGA ";
vlan-id 41;
family inet {
mtu 9000;
address 64.57.23.57/29;
}
}
unit 42 {
description "WASH 100x100 Mgmt";
vlan-id 42;
family inet {
mtu 9000;
address 64.57.23.121/29;
}
}
unit 50 {
description "ISIS vlan";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.37/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:60::29:37/64;
address 2001:468:9:60::1/64;
}
}
}
dsc {
unit 0 {
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.249/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0300.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:9::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.249/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff09::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.4 {
port 4196;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1200::/56;
route 2001:468:0012::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.249;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
interface fxp0.0 {
disable;
}
}
mld {
interface all;
interface fxp0.0 {
disable;
}
}
rsvp {
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path WASH->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path WASH->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path WASH->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path WASH->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path WASH->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path WASH->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path WASH->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path WASH->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE to ATLA */
interface xe-1/0/0.0;
/* BACKBONE to NEWY */
interface xe-1/1/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.249;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:9::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 64.57.16.4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 64.57.16.1;
family inet {
unicast;
multicast;
}
cluster 64.57.16.1;
}
neighbor 2001:468:9:11::16:4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 2001:468:9:11::1;
family inet6 {
unicast;
multicast;
}
}
neighbor 134.68.246.51 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
multihop {
ttl 10;
}
local-address 64.57.28.249;
hold-time 65535;
family inet {
unicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 206.196.178.45 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 192.88.192.137 {
description OSCnet;
import [ SANITY-IN SET-PREF OARNET-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 3112;
}
neighbor 204.238.76.5 {
description "Drexel University";
import [ SANITY-IN SET-PREF DREXEL-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 36412;
}
neighbor 192.88.115.24 {
description 3ROX;
import [ SANITY-IN SET-PREF PSC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 5050;
}
neighbor 206.196.177.105 {
description "Mid-Atlantic Crossroads BACKUP peering through NGIX-East";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 138.18.47.41 {
description "Wright State Univ campus inside of Wright-Patterson AFB, Dayton, through DREN/MCI";
import [ SANITY-IN SET-PREF WSU-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 668;
}
neighbor 199.18.156.241 {
description "OSCnet mcast-only for their non-I2 customers";
import [ SANITY-IN SET-PREF OARNET-MULTICAST-IN ];
family inet {
multicast;
}
Authentication Data Removed
peer-as 600;
}
neighbor 192.122.183.9 {
description "MERIT via CLEV R&E";
import [ SANITY-IN SET-PREF MERIT-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 237;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:c00:ffee::1 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
/* turned down temporarily - see ticket 10397 */
inactive: neighbor 2001:468:ff:d4b::2 {
description OSCnet;
import [ SANITY6 SET-PREF OARNET-IN6 ];
Authentication Data Removed
peer-as 3112;
}
neighbor 2001:5e8:0:fffd:0:2:2:1 {
description "Three Rivers Optical Exchange (3ROX)";
import [ SANITY6 SET-PREF PSC-IN6 ];
Authentication Data Removed
peer-as 5050;
}
neighbor 2001:468:ff:185c::2 {
description "Mid-Atlantic Crossroads BACKUP via NGIX-E";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
neighbor 2001:468:ff:0960::2 {
description Drexel;
import [ SANITY6 SET-PREF DREXEL-IN6 ];
Authentication Data Removed
peer-as 36412;
}
neighbor 2001:468:ff:9c2::2 {
description "OSCnet IPv6 Multicast";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 600;
}
neighbor 2001:468:ff:954::2 {
description "Merit R&E IPv6 via WASH";
import [ SANITY6 SET-PREF MERIT-IN6 ];
Authentication Data Removed
peer-as 237;
}
}
inactive: group ISP-MCAST {
import [ SANITY-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 140.173.1.237 {
description DRAGON;
/* treated as a connector */
import [ SANITY-IN SET-PREF DRAGON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7082;
include-mp-next-hop;
}
neighbor 192.84.8.253 {
description NISN;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FROM-CUDI FEDNET-OUT ];
peer-as 297;
}
neighbor 138.18.47.33 {
description "Dren (Worldcom via UMD NGIX)";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.22 {
description "NREN-Goddard via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 64.57.28.41 {
description "NREN-McLEAN via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 198.124.194.9 {
description "ESNET via NGIX";
Authentication Data Removed
peer-as 293;
}
neighbor 137.227.2.181 {
description "US Geological Survey";
Authentication Data Removed
peer-as 22284;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
/* ESNET routes exported to GEANT as backup per UCAID agreement with Dante */
neighbor 62.40.125.17 {
description "GEANT (Frankfurt) via MAX";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ DATATAG-DEMO SANITY-OUT ORIGINATE4 ORIGINATE6 ESNET-TO-GEANT NREN-TO-GEANT USGS-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.106 {
description "redCLARA via NGIX and Awave-FIU";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 27750;
}
neighbor 64.57.28.62 {
description "RNP via Atlantic Wave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 1916;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:0798:0014:10AA::11 {
description "GEANT - Frankfurt IPv6";
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:468:ff:18c5::2 {
description "redCLARA via NGIX & Awave-FIU";
Authentication Data Removed
peer-as 27750;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:18c2::2 {
description "NREN-Goddard via NGIX";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:18c4::2 {
description "DREN network";
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:09c1::2 {
description "NREN-McLean via NGIX & Dragon";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:9c3::2 {
description "ESNET IPv6 via NGIX";
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
}
isis {
export V6-IGP-AGG;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE TO CHIC */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 905;
}
/* BACKBONE TO NEWY: R&E Only */
interface xe-0/1/0.0 {
level 1 disable;
level 2 metric 279;
}
/* BACKBONE to ATLA: CPS Primary and R&E Failover */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 701;
}
/* BACKBONE TO NEWY: CPS Primary and R&E Failover */
interface xe-1/1/0.0 {
level 1 disable;
level 2 metric 280;
}
/* BACKBONE to ATLA: R&E Only */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 700;
}
/* Run IS-IS Passively on all interface */
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.249;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* MAX */
peer 206.196.178.45 {
local-address 206.196.178.46;
}
/* OARNET */
peer 192.88.192.137 {
local-address 192.88.192.138;
}
/* OARNET MCAST-ONLY */
peer 199.18.156.241 {
local-address 199.18.156.242;
}
/* MAX backup peering via NGIX-E */
peer 206.196.177.105 {
local-address 206.196.177.106;
}
/* Drexel University */
peer 204.238.76.5 {
local-address 204.238.76.6;
}
/* Three Rivers Optical Exchange (3ROX) */
peer 192.88.115.24 {
local-address 192.88.115.25;
}
/* MERIT */
peer 192.122.183.9 {
local-address 192.122.183.10;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN (via NGIX-E) */
peer 192.84.8.253 {
local-address 192.84.8.254;
}
/* DREN (via NGIX-E) */
peer 138.18.9.253 {
local-address 138.18.47.34;
}
/* NREN (via NGIX-E) */
peer 198.32.11.22 {
local-address 198.32.11.21;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CLARA via NGIX-AWave */
peer 198.32.11.106 {
local-address 198.32.11.105;
}
/* RNP via Atlantic Wave */
peer 64.57.28.62 {
local-address 64.57.28.61;
}
/* GEANT - Frankfort */
peer 62.40.125.17 {
local-address 62.40.125.18;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
134.68.107.113/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* discvenue.internet2.edu */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list INGIG;
prefix-list CPS-INGIG {
/* Ball State University */
12.159.195.0/24;
/* Ball State University */
12.159.206.0/23;
/* Ball State University */
12.159.209.0/24;
/* Monroe County Community School Corporation */
66.244.122.0/23;
/* Purdue University Calumet */
69.51.160.0/19;
/* CSPAN Archives */
72.12.215.0/24;
/* Purdue University */
128.10.0.0/16;
/* Purdue University */
128.46.0.0/16;
/* Purdue University */
128.210.0.0/16;
/* Purdue University */
128.211.0.0/16;
/* Indiana University */
129.79.0.0/16;
/* Saint Joseph's College */
131.93.0.0/16;
/* Indiana University */
134.68.0.0/16;
/* Indiana State University */
139.102.0.0/16;
/* Indiana University */
140.182.0.0/16;
/* Saint Mary's College */
147.53.0.0/16;
/* Ball State University */
147.226.0.0/16;
/* Indiana University */
149.159.0.0/16;
/* Indiana University */
149.160.0.0/14;
/* Indiana University */
149.164.0.0/16;
/* Indiana University */
149.165.0.0/16;
/* Indiana University */
149.166.0.0/16;
/* Valparaiso University */
152.228.0.0/16;
/* Indiana University */
156.56.0.0/16;
/* IHETS */
157.91.0.0/16;
/* Earlham College */
159.28.0.0/16;
/* Vincennes University */
159.218.0.0/16;
/* DePauw University */
163.120.0.0/16;
/* Purdue University North Central */
163.245.0.0/16;
/* IHETS */
165.138.0.0/16;
/* IHETS */
165.139.0.0/16;
/* Indianapolis Public Schools */
167.217.0.0/16;
/* IVYTech Community College of Indiana */
168.91.0.0/16;
/* Indiana Purdue Fort Wayne */
168.102.0.0/17;
/* State of Indiana */
192.104.19.0/24;
/* University of Indianapolis */
192.146.191.0/24;
/* University of Indianapolis */
192.146.192.0/24;
/* Manchester College */
192.189.3.0/24;
/* Hanover College */
192.200.128.0/21;
/* University of Southern Indiana */
192.206.9.0/24;
/* University of Southern Indiana */
192.206.10.0/23;
/* Franklin College of Indiana */
192.207.174.0/23;
/* Franklin College of Indiana */
192.207.176.0/23;
/* Franklin College of Indiana */
192.207.178.0/24;
/* Goshen College */
198.51.243.0/24;
/* Goshen College */
198.51.244.0/24;
/* Private Academic Library Network of Indiana */
198.62.84.0/24;
/* Tri-State University */
198.62.98.0/24;
/* IHETS */
199.8.0.0/16;
/* Purdue University - Agriculture Information Technology */
204.52.32.0/20;
/* Purdue University - Agriculture Information Technology */
204.52.48.0/20;
/* Vigo County School Corp. */
205.137.32.0/20;
/* Purdue University Calumet */
205.215.64.0/18;
/* Indiana State Library */
208.119.0.0/16;
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAX-PARTICIPANT {
63.164.28.0/22;
63.171.236.0/24;
63.239.135.0/24;
65.113.61.0/24;
65.114.168.0/24;
65.114.169.0/24;
65.123.202.0/24;
65.160.123.0/24;
65.162.18.0/23;
65.172.14.0/24;
65.172.70.0/24;
66.208.61.0/24;
128.8.0.0/16;
128.82.0.0/16;
128.143.0.0/16;
128.150.0.0/16;
128.164.0.0/16;
128.172.0.0/16;
128.173.0.0/16;
128.177.16.0/23;
128.177.18.0/24;
128.220.0.0/16;
128.231.0.0/16;
128.239.0.0/16;
128.244.0.0/16;
129.2.0.0/16;
129.43.0.0/16;
129.165.0.0/16;
129.174.0.0/16;
130.14.0.0/16;
130.129.0.0/16;
134.231.0.0/16;
136.242.0.0/16;
137.54.0.0/16;
137.187.0.0/16;
137.198.0.0/16;
138.220.0.0/16;
139.70.0.0/16;
140.90.0.0/16;
140.147.0.0/16;
140.173.153.0/29;
140.173.170.0/24;
140.173.174.0/26;
140.173.180.0/24;
141.142.204.0/24;
141.161.0.0/16;
141.166.0.0/16;
147.9.0.0/16;
148.129.0.0/16;
148.129.64.0/19;
148.129.128.0/19;
152.130.0.0/16;
155.206.0.0/16;
156.40.0.0/16;
157.98.0.0/16;
159.230.0.0/16;
161.253.0.0/16;
162.99.224.0/19;
162.129.0.0/16;
164.106.0.0/16;
164.114.0.0/16;
165.112.0.0/16;
167.102.0.0/16;
169.154.0.0/17;
169.154.128.0/17;
170.93.0.0/16;
170.99.0.0/16;
192.5.215.0/24;
192.12.209.0/24;
192.26.10.0/24;
192.35.48.0/24;
192.35.49.0/24;
192.35.129.0/24;
192.52.179.0/24;
192.54.96.0/24;
192.58.3.0/24;
192.58.232.0/24;
192.64.69.0/24;
192.70.187.0/24;
192.86.97.0/24;
192.86.98.0/24;
192.86.99.0/24;
192.86.100.0/24;
192.86.101.0/24;
192.86.102.0/24;
192.86.103.0/24;
192.86.104.0/24;
192.86.105.0/24;
192.86.106.0/24;
192.102.88.0/24;
192.107.190.0/24;
192.107.195.0/24;
192.124.118.0/24;
192.153.43.0/24;
192.156.228.0/24;
192.231.145.0/24;
192.231.146.0/24;
192.231.147.0/24;
192.239.66.0/24;
198.10.49.0/24;
198.31.12.0/24;
198.62.77.0/24;
198.77.76.0/24;
198.77.177.0/24;
198.82.0.0/16;
198.118.0.0/15;
198.181.231.0/24;
198.186.238.0/23;
198.206.32.0/20;
198.206.48.0/21;
199.0.138.0/23;
199.26.254.0/24;
199.75.86.0/23;
199.79.165.0/24;
199.79.166.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.125.175.0/24;
199.248.201.0/24;
199.249.158.0/24;
204.91.114.0/24;
204.145.182.0/24;
204.192.128.0/17;
204.194.224.0/22;
204.194.228.0/23;
205.128.154.0/23;
205.131.248.0/21;
205.156.0.0/19;
205.156.32.0/20;
205.156.48.0/21;
205.160.38.0/23;
205.253.57.0/24;
206.196.160.0/19;
206.196.176.0/21;
206.229.212.0/22;
206.241.0.0/22;
206.241.3.0/24;
206.241.145.0/24;
206.241.148.0/23;
206.241.252.0/24;
206.241.253.0/24;
207.77.112.0/20;
207.245.162.0/24;
208.16.73.0/24;
208.22.77.0/24;
208.22.78.0/24;
208.35.27.64/26;
216.38.95.0/24;
}
prefix-list MAX-SPONSORED {
65.127.220.0/23;
67.133.232.0/23;
160.111.0.0/16;
160.253.0.0/16;
192.12.83.0/24;
192.207.234.0/24;
192.239.84.0/24;
192.245.136.0/24;
198.91.32.0/21;
198.91.40.0/23;
199.33.3.0/24;
199.133.3.0/24;
199.133.32.0/24;
199.133.35.0/24;
199.133.38.0/24;
199.133.45.0/24;
199.133.46.0/24;
199.133.47.0/24;
199.133.48.0/24;
199.133.49.0/24;
199.133.51.0/24;
199.133.52.0/24;
199.133.54.0/24;
199.133.55.0/24;
199.133.56.0/24;
199.133.57.0/24;
199.133.58.0/24;
199.133.59.0/24;
199.133.60.0/24;
199.133.61.0/24;
199.133.62.0/24;
199.133.63.0/24;
199.133.64.0/24;
199.133.66.0/24;
199.133.67.0/24;
199.133.69.0/24;
199.133.72.0/24;
199.133.74.0/24;
199.133.75.0/24;
199.133.153.0/24;
199.133.179.0/24;
205.128.219.0/24;
205.128.220.0/22;
}
prefix-list MAX-SEGP {
4.17.88.0/21;
4.79.201.0/26;
64.5.128.0/20;
64.5.141.0/24;
64.5.144.0/24;
64.5.145.0/24;
64.5.147.0/24;
64.5.148.0/24;
64.5.152.0/24;
64.5.155.0/24;
64.5.159.0/24;
64.26.64.0/18;
65.160.148.0/23;
65.168.144.0/24;
66.250.190.0/24;
66.250.191.0/24;
76.7.54.0/23;
130.85.0.0/16;
131.118.0.0/16;
131.171.0.0/16;
134.192.0.0/16;
136.160.0.0/16;
137.45.0.0/16;
138.78.0.0/16;
151.188.0.0/16;
158.103.0.0/16;
169.156.0.0/16;
192.33.115.0/24;
192.33.116.0/24;
192.33.117.0/24;
192.131.232.0/24;
192.146.226.0/24;
192.188.199.0/24;
198.38.16.0/20;
198.51.208.0/24;
198.69.82.0/24;
198.200.181.0/24;
198.202.0.0/21;
199.88.192.0/24;
204.52.128.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.152.152.0/23;
204.153.76.0/22;
207.86.27.160/27;
208.27.92.0/22;
208.40.149.48/28;
208.40.161.64/27;
208.40.177.0/24;
208.40.194.0/24;
208.91.160.0/22;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.8/29;
209.114.187.240/29;
209.116.253.32/27;
209.243.32.0/20;
216.54.48.0/23;
216.152.80.0/20;
}
prefix-list MAX-PARTICIPANTS6 {
2001:468:C00::/40;
2001:468:ffff:9c4::/64;
2001:468:ffff:185c::/64;
2001:04d0:9c00::/40;
2610:20:8000::/35;
2610:D8::/32;
2620:0000:0bc0::/48;
}
prefix-list OARNET-PARTICIPANT {
64.247.64.0/18;
128.146.0.0/16;
129.22.0.0/16;
129.137.0.0/16;
130.101.0.0/16;
130.108.0.0/16;
131.123.0.0/16;
131.183.0.0/16;
132.235.0.0/16;
136.247.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
169.240.0.0/16;
192.5.109.0/24;
192.5.110.0/24;
192.5.111.0/24;
192.5.112.0/24;
192.5.113.0/24;
192.88.191.0/24;
192.88.192.0/24;
192.88.193.0/24;
192.88.194.0/24;
192.88.195.0/24;
192.132.213.0/24;
192.138.88.0/24;
192.148.235.0/24;
192.148.236.0/22;
192.148.240.0/21;
192.148.244.0/24;
192.148.248.0/22;
192.148.250.0/24;
192.148.251.0/24;
192.153.27.0/24;
192.153.28.0/24;
192.153.36.0/24;
192.153.37.0/24;
192.153.38.0/24;
/* Ohio Supercomputing Center */
192.153.39.0/24;
192.153.40.0/24;
192.153.41.0/24;
192.157.5.0/24;
192.232.26.0/23;
/* OSU */
192.232.26.0/24;
/* OSU */
192.232.27.0/24;
192.232.28.0/24;
/* OARnet */
198.30.86.0/24;
/* OARnet */
198.30.87.0/24;
199.26.250.0/24;
199.190.226.0/24;
199.249.228.0/24;
204.128.178.0/24;
/* OSCnet */
206.244.46.0/24;
/* OARnet */
206.244.200.0/21;
}
prefix-list OARNET-SPONSORED {
204.152.48.0/24;
204.152.49.0/24;
205.142.196.0/24;
205.142.197.0/24;
205.142.198.0/24;
205.142.199.0/24;
}
prefix-list OARNET-SEGP {
64.18.32.0/20;
64.113.176.0/20;
64.113.176.0/21;
64.113.184.0/21;
64.254.64.0/20;
65.182.112.0/20;
66.114.0.0/19;
66.144.22.0/24;
66.144.23.0/24;
66.145.194.0/24;
66.145.203.0/24;
66.203.16.0/20;
66.203.32.0/19;
129.1.0.0/16;
131.187.0.0/16;
131.238.0.0/16;
132.162.0.0/16;
134.53.0.0/16;
136.227.0.0/16;
137.148.0.0/16;
138.28.0.0/16;
140.103.0.0/16;
140.106.0.0/16;
140.141.0.0/16;
140.220.0.0/16;
140.228.0.0/16;
141.110.0.0/16;
141.139.0.0/16;
143.105.0.0/16;
143.206.0.0/16;
144.50.0.0/16;
146.78.0.0/16;
146.85.0.0/16;
149.143.0.0/16;
150.134.0.0/16;
156.63.57.0/24;
156.63.144.0/24;
156.63.176.0/24;
157.134.0.0/16;
163.11.0.0/16;
164.83.0.0/16;
192.42.153.0/24;
192.55.234.0/24;
192.68.223.0/24;
192.70.252.0/24;
192.131.123.0/24;
192.150.115.0/24;
192.153.31.0/24;
192.153.32.0/24;
192.153.33.0/24;
192.153.34.0/24;
/* The National Underground Railroad Freedom Center (NURFC) */
192.153.35.0/24;
192.232.30.0/24;
198.30.0.0/16;
198.140.201.0/24;
198.203.64.0/18;
198.234.184.0/23;
198.234.187.0/24;
198.234.188.0/22;
198.234.192.0/22;
198.234.196.0/23;
198.234.200.0/21;
199.18.0.0/16;
/* Mount Union College */
199.18.32.0/20;
/* Mount Union College */
199.18.204.0/22;
/* Mount Union College */
199.18.208.0/22;
/* Mount Union College */
199.18.234.0/23;
/* Mount Union College */
199.18.236.0/22;
/* Mount Union College */
199.18.238.0/24;
/* Mount Union College */
199.18.239.0/24;
199.120.181.0/24;
199.218.0.0/16;
204.9.144.0/21;
204.10.216.0/21;
204.10.217.0/24;
204.10.218.0/24;
204.10.219.0/24;
204.10.220.0/24;
204.10.221.0/24;
204.10.222.0/24;
204.10.223.0/24;
204.11.184.0/21;
204.11.184.0/24;
204.11.185.0/24;
204.11.186.0/24;
204.11.187.0/24;
204.11.188.0/24;
204.11.189.0/24;
204.11.190.0/24;
204.11.191.0/24;
204.89.239.0/24;
204.128.217.0/24;
205.133.0.0/16;
206.21.0.0/16;
206.244.0.0/16;
/* Mount Union College */
206.244.128.0/22;
/* Cleveland Institute of Art */
208.50.108.0/24;
208.71.72.0/21;
208.108.0.0/16;
208.108.4.0/22;
208.108.80.0/20;
208.108.80.0/24;
208.108.81.0/24;
208.108.82.0/24;
208.108.83.0/24;
208.108.84.0/24;
208.108.85.0/24;
208.108.86.0/24;
208.108.87.0/24;
208.108.88.0/24;
208.108.89.0/24;
208.108.90.0/24;
208.108.91.0/24;
208.108.92.0/24;
208.108.93.0/24;
208.108.94.0/24;
208.108.95.0/24;
208.108.96.0/20;
208.108.112.0/21;
208.108.120.0/21;
208.108.128.0/21;
208.108.136.0/21;
208.108.144.0/21;
208.108.152.0/21;
208.108.160.0/21;
208.108.168.0/21;
208.108.176.0/21;
208.108.184.0/21;
208.108.192.0/21;
208.108.192.0/24;
208.108.193.0/24;
208.108.194.0/24;
208.108.195.0/24;
208.108.196.0/24;
208.108.197.0/24;
208.108.198.0/24;
208.108.199.0/24;
208.108.200.0/21;
208.108.208.0/20;
208.108.224.0/22;
208.108.228.0/24;
208.108.236.0/24;
208.108.239.0/24;
208.122.64.0/19;
208.122.96.0/20;
209.34.112.0/20;
209.34.112.0/24;
209.34.113.0/24;
209.34.114.0/24;
209.34.115.0/24;
209.34.116.0/24;
209.34.117.0/24;
209.34.118.0/24;
209.34.119.0/24;
209.34.120.0/24;
209.34.121.0/24;
209.34.122.0/24;
209.34.123.0/24;
209.34.124.0/24;
209.34.125.0/24;
209.34.126.0/24;
209.34.127.0/24;
209.57.6.0/24;
209.57.142.0/24;
216.48.128.0/20;
216.48.128.0/21;
}
prefix-list OARNET-PARTICIPANTS6 {
2001:468:b00::/40;
2001:468:B06::/48;
2001:468:1100::/40;
2610:a8::/32;
2620:0:1A10::/48;
}
prefix-list DREXEL-PARTICIPANT {
129.25.0.0/16;
144.118.0.0/16;
192.54.238.0/24;
198.17.30.0/24;
204.238.76.0/24;
}
prefix-list DREXEL-SEGP {
144.26.0.0/16;
/* West Chester University */
144.80.0.0/16;
147.64.0.0/16;
148.137.0.0/16;
151.161.0.0/16;
156.12.0.0/16;
157.62.0.0/16;
157.160.0.0/16;
158.83.0.0/16;
166.66.0.0/16;
192.147.113.0/24;
192.148.218.0/24;
192.148.234.0/24;
192.149.243.0/24;
192.152.127.0/24;
192.153.187.0/24;
192.190.237.0/24;
192.206.29.0/24;
192.234.172.0/24;
198.206.191.0/24;
199.5.197.0/24;
199.5.198.0/23;
199.5.200.0/24;
204.108.160.0/19;
204.235.144.0/21;
204.235.148.0/23;
204.235.158.0/23;
204.235.160.0/20;
205.149.64.0/19;
206.225.96.0/19;
209.250.192.0/19;
}
prefix-list PSC-PARTICIPANT {
63.118.64.0/23;
64.83.144.0/21;
66.71.0.0/17;
75.102.64.0/18;
128.2.0.0/16;
128.118.0.0/16;
128.182.0.0/16;
128.237.0.0/16;
130.49.0.0/16;
130.203.0.0/16;
136.142.0.0/16;
146.186.0.0/16;
147.73.0.0/16;
150.212.0.0/16;
150.231.0.0/16;
157.182.0.0/16;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.12.32.0/24;
192.52.163.0/24;
192.52.164.0/23;
192.52.240.0/24;
192.58.107.0/24;
192.68.217.0/24;
192.80.210.0/24;
192.88.99.0/24;
192.88.114.0/24;
192.88.115.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.101.139.0/24;
192.101.140.0/24;
198.32.224.0/24;
199.111.112.0/20;
199.164.236.0/24;
204.155.176.0/20;
204.194.24.0/22;
204.194.28.0/22;
208.40.174.0/24;
}
prefix-list PSC-SPONSORED {
147.72.107.0/24;
147.72.108.0/22;
147.72.112.0/22;
147.72.116.0/23;
147.72.118.0/24;
192.124.34.0/24;
198.206.16.0/20;
}
prefix-list PSC-SEGP {
63.133.224.0/24;
63.133.225.0/24;
63.133.226.0/24;
63.133.227.0/24;
63.133.228.0/24;
63.133.229.0/24;
63.133.230.0/24;
63.133.231.0/24;
63.133.232.0/24;
63.133.233.0/24;
63.133.234.0/24;
63.133.235.0/24;
63.133.236.0/24;
63.133.237.0/24;
63.133.238.0/24;
63.133.239.0/24;
63.133.240.0/24;
63.133.241.0/24;
63.133.242.0/24;
63.133.243.0/24;
63.133.244.0/24;
63.133.245.0/24;
63.133.246.0/24;
63.133.247.0/24;
63.133.248.0/24;
63.133.249.0/24;
63.133.250.0/24;
63.133.251.0/24;
63.133.252.0/24;
63.133.253.0/24;
63.133.254.0/24;
63.133.255.0/24;
64.83.132.0/24;
64.83.133.0/24;
64.83.134.0/24;
64.83.135.0/24;
64.83.136.0/24;
64.83.137.0/24;
64.83.138.0/24;
64.83.140.0/24;
64.83.141.0/24;
64.83.142.0/24;
64.83.143.0/24;
64.83.144.0/21;
64.83.152.0/24;
64.83.153.0/24;
64.83.154.0/24;
64.83.155.0/24;
64.83.158.0/24;
65.110.114.0/24;
65.170.110.0/24;
66.146.224.0/24;
66.146.225.0/24;
66.146.226.0/24;
66.146.227.0/24;
66.146.228.0/24;
66.146.229.0/24;
66.230.74.32/28;
69.7.100.0/24;
69.7.104.0/24;
69.7.105.0/24;
69.7.106.0/24;
69.7.107.0/24;
69.7.108.0/24;
69.7.110.0/24;
69.7.111.0/24;
72.23.246.0/24;
72.237.88.0/22;
147.72.67.192/26;
150.232.0.0/16;
199.2.216.0/24;
204.96.142.0/24;
204.96.143.0/24;
205.144.32.0/20;
208.40.128.0/24;
208.40.149.48/28;
208.40.161.64/27;
208.40.167.0/24;
208.40.174.0/24;
208.40.177.0/24;
208.40.180.0/24;
208.40.194.0/24;
209.114.140.0/23;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.240/29;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list SOX-BACKUP-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.24.0/24;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.90.0.0/16;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
}
prefix-list SOX-BACKUP-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-BACKUP-SPONSORED {
66.187.234.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/18;
152.97.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
prefix-list SOX-BACKUP-SEGP {
64.56.80.0/23;
72.158.165.0/24;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.232.128.0/18;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-BACKUP-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-BACKUP-EXCEPTION-FEDNET {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-BACKUP-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list OARNET-CPSONLY {
12.41.33.0/24;
64.18.32.0/20;
64.31.64.0/18;
64.31.64.0/19;
65.163.228.0/23;
66.100.144.0/24;
66.100.145.0/24;
66.100.146.0/24;
66.100.147.0/24;
66.100.148.0/24;
66.100.149.0/24;
66.100.150.0/24;
70.63.30.0/23;
128.156.0.0/16;
131.167.0.0/16;
134.243.0.0/16;
139.88.0.0/16;
162.50.0.0/16;
192.12.205.0/24;
192.55.90.0/23;
192.58.246.0/24;
192.68.143.0/24;
192.131.246.0/24;
192.148.236.0/24;
192.148.237.0/24;
192.148.238.0/24;
192.148.239.0/24;
192.153.26.0/23;
192.153.26.0/24;
192.153.28.0/22;
192.153.29.0/24;
192.153.30.0/24;
192.232.16.0/20;
198.4.94.0/24;
198.179.229.0/24;
198.242.35.0/24;
199.0.140.0/22;
199.26.177.0/24;
199.74.236.0/24;
199.74.237.0/24;
199.176.156.0/24;
199.178.128.0/18;
204.29.170.0/24;
204.90.74.0/24;
206.131.208.0/20;
207.42.216.0/24;
208.93.208.0/22;
209.11.224.0/20;
216.28.31.0/24;
}
prefix-list PSC-PARTICIPANT6 {
2001:468:200::/40;
2001:5e8::/32;
2001:5e8::/33;
2002::/16;
2607:FB28:0:0:0:0:0:0/32;
2607:fb28::/40;
2610:8::/32;
2620:0:DB0::/48;
}
prefix-list WSU-PARTICIPANT {
192.148.236.0/24;
}
prefix-list WSU-EXCEPTION {
138.18.22.16/30;
}
prefix-list DRAGON-PARTICIPANT {
140.173.0.0/16;
}
prefix-list DREXEL-PARTICIPANTS6 {
2001:468:2000::/40;
/* For Pennsylvania SEGP */
2001:49D8:40::/42;
}
prefix-list OARNET-MULTICAST-ROUTES {
128.146.0.0/16;
129.22.0.0/16;
131.123.0.0/16;
131.123.0.0/19;
131.123.32.0/20;
131.123.48.0/20;
131.123.64.0/19;
131.123.96.0/19;
131.123.128.0/17;
137.148.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
192.5.109.0/24;
192.12.205.0/24;
192.68.143.0/24;
192.148.244.0/24;
192.150.115.0/24;
192.153.26.0/24;
192.153.41.0/24;
199.18.139.0/24;
199.18.140.0/24;
199.18.141.0/24;
206.21.72.0/24;
206.21.144.0/24;
206.21.145.0/24;
206.21.146.0/23;
206.21.148.0/22;
206.21.152.0/21;
206.244.152.0/22;
}
prefix-list PSC-EXCEPTION-SEGP {
208.40.149.48/28;
208.40.161.64/27;
209.114.187.8/29;
209.114.187.240/29;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list CPS-3ROX-CPS-ONLY {
12.169.112.0/24;
63.118.64.0/23;
147.72.64.0/18;
147.128.0.0/16;
147.128.68.0/22;
150.212.0.0/16;
158.83.0.0/16;
162.51.0.0/16;
163.129.0.0/16;
169.144.0.0/16;
192.88.115.0/24;
192.231.242.0/24;
204.9.144.0/21;
209.131.80.0/20;
216.152.144.0/20;
}
prefix-list OBSERVATORY-SSH {
/* leap.grnoc.iu.edu */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list CPS-MERIT {
35.0.0.0/8;
64.107.0.0/16;
64.109.158.0/23;
64.150.0.0/17;
65.79.0.0/17;
65.174.34.0/23;
66.99.0.0/16;
66.158.0.0/17;
66.202.192.0/19;
66.202.224.0/19;
69.176.128.0/19;
71.154.188.0/23;
72.3.0.0/17;
72.14.226.0/24;
131.230.0.0/16;
139.67.0.0/18;
141.209.0.0/16;
141.210.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
143.43.0.0/17;
143.195.0.0/16;
143.207.0.0/16;
144.74.0.0/16;
146.9.0.0/16;
146.163.0.0/16;
147.124.0.0/16;
147.126.64.0/19;
148.61.0.0/16;
155.139.0.0/16;
157.178.0.0/16;
158.80.0.0/16;
158.80.0.0/21;
158.80.64.0/21;
161.57.0.0/16;
163.191.0.0/19;
163.191.32.0/19;
163.191.64.0/19;
163.191.96.0/19;
163.191.128.0/19;
163.191.160.0/19;
163.191.192.0/19;
163.191.224.0/19;
164.68.96.0/19;
164.68.128.0/17;
164.76.0.0/16;
165.68.0.0/16;
165.188.0.0/16;
167.141.0.0/16;
167.165.0.0/16;
170.27.0.0/16;
192.35.161.0/24;
192.35.162.0/23;
192.35.170.0/24;
192.41.229.0/24;
192.41.232.0/22;
192.41.236.0/23;
192.41.238.0/24;
192.77.125.0/24;
192.86.159.0/24;
192.88.242.0/24;
192.94.173.0/24;
192.101.250.0/24;
192.108.188.0/24;
192.108.189.0/24;
192.108.190.0/24;
192.108.191.0/24;
192.122.181.0/24;
192.122.183.0/24;
192.122.184.0/24;
192.122.186.0/24;
192.122.200.0/24;
192.138.137.0/24;
192.153.163.0/24;
192.153.192.0/24;
192.160.165.0/24;
192.175.20.0/24;
192.188.100.0/24;
192.188.118.0/24;
192.203.136.0/23;
192.203.195.0/24;
192.231.113.0/24;
192.231.253.0/24;
192.234.14.0/23;
192.234.16.0/24;
192.245.252.0/24;
192.245.254.0/24;
198.17.130.0/23;
198.17.132.0/23;
198.17.134.0/24;
198.40.16.0/20;
198.49.116.0/23;
198.49.118.0/24;
198.108.0.0/14;
198.108.140.0/23;
198.111.209.0/24;
198.111.220.0/24;
199.15.0.0/21;
199.20.8.0/21;
199.89.229.0/24;
199.189.8.0/21;
204.38.0.0/15;
204.106.17.0/24;
204.238.189.0/24;
206.166.0.0/17;
207.63.0.0/16;
207.72.0.0/14;
207.74.92.0/24;
207.74.239.0/24;
207.246.160.0/19;
208.68.24.0/22;
209.7.0.0/16;
209.174.0.0/16;
209.175.0.0/16;
216.24.124.0/22;
216.124.0.0/16;
216.125.0.0/16;
216.182.144.0/20;
216.240.208.0/20;
}
prefix-list MERIT-CORPORATE {
136.1.0.0/16;
136.2.0.0/16;
136.8.32.0/22;
165.215.0.0/16;
192.195.245.0/24;
}
prefix-list MERIT-PARTICIPANT {
35.0.0.0/8;
65.174.34.0/23;
67.194.0.0/16;
141.211.0.0/16;
141.212.0.0/16;
141.213.0.0/16;
141.214.0.0/16;
141.215.0.0/16;
141.216.0.0/16;
141.217.0.0/16;
141.218.0.0/16;
141.219.0.0/16;
146.9.0.0/16;
155.139.0.0/16;
192.12.80.0/24;
192.31.238.0/24;
192.35.164.0/22;
192.35.169.0/24;
192.41.229.0/24;
192.41.230.0/23;
192.41.232.0/22;
192.41.236.0/23;
/* Alma College */
192.101.250.0/24;
192.122.182.0/23;
192.122.200.0/24;
192.203.195.0/24;
192.231.253.0/24;
198.30.180.0/23;
198.108.0.0/14;
198.108.0.0/24;
198.108.1.0/24;
198.108.2.0/24;
198.108.5.0/24;
198.108.18.0/23;
/* Michigan Information Technology Center Foundation (MICT) */
198.108.26.0/23;
/* UMichigan */
198.108.60.0/22;
198.108.62.0/24;
198.108.63.0/24;
198.108.95.0/24;
198.108.96.0/24;
198.108.182.0/24;
198.108.184.0/24;
/* Alma College */
198.108.232.0/24;
198.109.65.0/24;
198.109.240.0/20;
198.110.192.0/20;
198.110.216.0/21;
198.111.172.0/24;
198.111.212.0/23;
198.111.224.0/22;
204.38.0.0/15;
204.38.0.0/22;
204.38.16.0/21;
204.38.56.0/21;
204.38.160.0/23;
204.38.166.0/23;
204.38.168.0/22;
204.38.172.0/23;
204.38.174.0/24;
204.38.181.0/24;
204.38.182.0/23;
204.38.184.0/21;
204.38.192.0/20;
207.72.0.0/14;
207.73.136.0/23;
207.73.152.0/21;
207.73.208.0/24;
207.73.212.0/23;
207.74.72.0/22;
207.75.140.0/24;
207.75.144.0/20;
207.75.164.0/23;
207.75.166.0/23;
}
prefix-list MERIT-PARTICIPANT6 {
2001:468:1100::/40;
2001:468:1400::/40;
2001:468:1f09::/48;
2001:48A8::/32;
2607:f388::/32;
}
prefix-list MERIT-SPONSORED {
/* NOAA/GLERL */
192.94.173.0/24;
198.108.7.0/24;
/* Ithaca Harbors, Inc */
198.108.24.0/24;
198.108.102.0/23;
/* MERIT-NOAA Thunder Bay National Marine Sanctuary */
198.108.237.0/24;
/* Van Andel Institute */
198.110.167.0/24;
/* Macomb Community College MICH-858 */
198.111.56.0/23;
/* NOAA/GLERL */
207.74.57.0/24;
207.75.32.0/21;
}
prefix-list MERIT-SEGP {
63.175.128.0/23;
/* Kent Intermediate School District */
64.49.112.0/20;
64.90.128.0/20;
65.174.34.0/23;
66.202.192.0/18;
/* Hillsdale College MichNet SEGP */
69.58.32.0/19;
136.181.0.0/16;
141.209.0.0/16;
141.210.0.0/16;
/* Andrews University */
143.207.0.0/16;
147.124.0.0/16;
148.61.0.0/16;
148.149.0.0/16;
155.138.0.0/16;
158.80.0.0/16;
161.57.0.0/16;
162.108.0.0/16;
164.76.0.0/16;
167.240.0.0/16;
192.65.215.0/24;
192.88.242.0/24;
192.122.181.0/24;
192.138.137.0/24;
192.245.252.0/24;
192.245.254.0/24;
/* OHIO SEGP */
198.30.112.0/24;
198.108.4.0/24;
198.108.8.0/21;
198.108.20.0/24;
198.108.25.0/24;
198.108.26.0/23;
198.108.28.0/22;
/* Washtenaw Community College */
198.108.48.0/23;
/* Washtenaw Community College */
198.108.50.0/24;
198.108.51.0/24;
198.108.52.0/22;
198.108.64.0/20;
/* Adrian College */
198.108.80.0/21;
/* Washtenaw Community College */
198.108.97.0/24;
198.108.101.0/24;
/* Kalamazoo Regional Educational Service Agency */
198.108.158.0/24;
/* Calhoun ISD */
198.108.176.0/20;
198.108.192.0/24;
/* Northwestern Michigan College */
198.108.196.0/22;
198.108.208.0/23;
/* Northwestern Michigan College */
198.108.212.0/23;
/* Northwestern Michigan College */
198.108.218.0/24;
/* Alpena Community College */
198.108.228.0/22;
/* Saginaw ISD */
198.108.234.0/24;
/* Madonna University */
198.109.72.0/22;
198.109.172.0/23;
/* Hillsdale College */
198.109.208.0/24;
198.109.220.0/22;
198.109.229.0/24;
198.109.230.0/23;
198.109.232.0/21;
198.110.0.0/21;
198.110.11.0/24;
198.110.12.0/22;
198.110.24.0/21;
/* Grand Rapids Community College */
198.110.72.0/21;
/* Grand Rapids Community College */
198.110.83.0/24;
/* Grand Rapids Community College */
198.110.88.0/23;
198.110.92.0/24;
/* Hope College */
198.110.96.0/20;
198.110.132.0/22;
198.110.136.0/21;
198.110.149.0/24;
198.110.150.0/23;
198.110.152.0/24;
198.110.156.0/22;
/* Saginaw ISD */
198.110.163.0/24;
/* Saginaw ISD */
198.110.164.0/24;
198.110.168.0/21;
198.110.176.0/21;
/* Saginaw ISD */
198.110.224.0/21;
198.111.36.0/22;
198.111.64.0/21;
198.111.72.0/22;
198.111.76.0/23;
198.111.79.0/24;
/* MMNET */
198.111.152.0/21;
198.111.160.0/21;
198.111.168.0/24;
/* Washtenaw Community College */
198.111.171.0/24;
198.111.175.0/24;
/* Washtenaw Community College */
198.111.176.0/23;
198.111.180.0/24;
/* Alpena Community College */
198.111.182.0/24;
198.111.196.0/22;
/* Saginaw ISD */
198.111.208.0/24;
/* Saginaw ISD */
198.111.214.0/23;
198.111.240.0/21;
198.111.250.0/23;
198.111.252.0/22;
198.151.162.0/24;
199.33.196.0/24;
204.22.0.0/15;
204.24.0.0/15;
/* Saginaw ISD */
204.38.33.0/24;
204.38.36.0/23;
204.38.38.0/24;
/* Saginaw ISD */
204.38.46.0/23;
/* Northwestern Michigan College */
204.38.128.0/20;
/* Kalamazoo Regional Educational Service Agency */
204.38.208.0/20;
204.39.0.0/17;
204.39.128.0/18;
204.39.194.0/24;
204.75.208.0/20;
206.57.128.0/17;
/* Washtenaw Community College */
207.72.2.0/23;
/* Washtenaw Community College */
207.72.4.0/23;
207.72.6.0/24;
207.72.34.0/23;
207.72.36.0/22;
207.72.40.0/23;
207.72.48.0/24;
207.72.64.0/22;
207.72.68.0/24;
207.72.72.0/24;
207.72.76.0/22;
207.73.32.0/19;
207.73.64.0/23;
207.73.68.0/23;
/* Calhoun ISD */
207.73.96.0/20;
/* Kalamazoo Regional Educational Service Agency */
207.73.116.0/22;
/* Kalamazoo Regional Educational Service Agency */
207.73.120.0/21;
207.73.128.0/21;
207.73.136.0/24;
207.73.138.0/23;
207.73.140.0/22;
/* MMNET */
207.73.144.0/23;
/* Calhoun ISD */
207.73.152.0/22;
/* Calhoun ISD */
207.73.156.0/23;
/* Calhoun ISD */
207.73.158.0/24;
/* Calhoun ISD */
207.73.159.0/24;
207.73.160.0/21;
207.73.174.0/23;
207.73.180.0/22;
207.73.184.0/21;
207.73.219.0/24;
207.73.240.0/21;
207.73.248.0/22;
207.73.252.0/22;
207.74.0.0/24;
207.74.4.0/22;
207.74.8.0/21;
207.74.22.0/23;
/* Grand Rapids Community College */
207.74.24.0/21;
207.74.24.0/22;
/* Grand Rapids Community College */
207.74.29.0/24;
/* Grand Rapids Community College */
207.74.30.0/23;
207.74.67.0/24;
207.74.69.0/24;
207.74.77.32/27;
207.74.84.0/22;
/* MMNET */
207.74.84.0/23;
207.74.88.0/23;
207.74.94.0/23;
207.74.104.0/22;
207.74.115.0/24;
207.74.118.0/23;
207.74.138.0/23;
207.74.140.0/22;
/* Oakland University */
207.74.149.0/24;
/* Madonna University */
207.74.168.0/24;
207.74.189.0/24;
/* Northwestern Michigan College */
207.74.224.0/22;
/* Northwestern Michigan College */
207.74.232.0/21;
207.75.55.0/24;
207.75.96.0/24;
207.75.112.0/24;
/* Washtenaw Community College */
207.75.132.0/22;
/* Washtenaw Community College */
207.75.136.0/24;
207.75.160.0/22;
207.75.208.0/20;
207.75.226.0/23;
207.75.228.0/23;
208.68.24.0/22;
216.11.0.0/16;
}
policy-statement CLARA-TO-NREN {
term FROM-CLARA {
from as-path CLARA;
then accept;
}
}
/* generic import policy for all connectors */
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
prefix-list-filter PSC-SEGP orlonger;
prefix-list-filter PSC-SPONSORED orlonger;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
prefix-list-filter CPS-3ROX-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS12989-OUT {
term match {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS13768-OUT {
term match {
from community CPS-AS13768-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS14361-OUT {
term match {
from community CPS-AS14361-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS16509-OUT {
term match {
from community CPS-AS16509-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19080-OUT {
term match {
from community CPS-AS19080-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS19151-OUT {
term match {
from community CPS-AS19151-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22212-OUT {
term match {
from community CPS-AS22212-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS27524-OUT {
term match {
from community CPS-AS27524-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS32934-OUT {
term match {
from community CPS-AS32934-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3303-OUT {
term match {
from community CPS-AS3303-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS33739-OUT {
term match {
from community CPS-AS33739-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36248-OUT {
term match {
from community CPS-AS36248-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS40009-OUT {
term match {
from community CPS-AS40009-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4436-OUT {
term match {
from community CPS-AS4436-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term match {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS8075-OUT {
term match {
from community CPS-AS8075-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9002-OUT {
term match {
from community CPS-AS9002-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-MERIT orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MERIT-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MERIT-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-OARNET-IN {
term accept {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
prefix-list-filter OARNET-SPONSORED orlonger;
prefix-list-filter OARNET-SEGP orlonger;
prefix-list-filter OARNET-CPSONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-OSCNET-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-IN-DEPREF {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
local-preference 90;
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT-DEPREF {
term block-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then {
as-path-prepend 11537;
next policy;
}
}
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then {
as-path-prepend 11537;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-IN {
term strip-communities {
then {
community delete ALL-COMMS;
next term;
}
}
term reject-Internet2-space {
from {
route-filter 2001:468::/32 upto /39;
route-filter 2001:468:ff00::/40 orlonger;
}
then reject;
}
term accept {
from protocol bgp;
to rib cps.inet6.0;
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER6-OUT {
term originate {
from {
protocol static;
route-filter 2001:468:ff00::/40 exact;
route-filter 2001:468::/32 exact;
}
then accept;
}
term leak-specifics {
from {
protocol bgp;
route-filter 2001:468:c00::/40 exact;
}
then accept;
}
term block-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
family inet6;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
term block-martians {
from {
route-filter 0.0.0.0/0 exact;
route-filter 10.0.0.0/8 orlonger;
route-filter 127.0.0.0/8 orlonger;
route-filter 169.254.0.0/16 orlonger;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.0.2.0/24 orlonger;
route-filter 192.88.99.1/32 exact;
route-filter 192.168.0.0/16 orlonger;
route-filter 198.18.0.0/15 orlonger;
route-filter 224.0.0.0/4 orlonger;
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
policy-statement CPS-V6-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
community delete EQUAL-TO-PEERS;
community delete LOWER-THAN-PEERS;
}
}
}
policy-statement DATATAG-DEMO {
term 1 {
from {
protocol static;
route-filter 198.32.154.144/28 exact;
}
then accept;
}
}
policy-statement DRAGON-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DRAGON-PARTICIPANT orlonger;
}
then accept;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DREXEL-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter DREXEL-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* import policy for IPv6 FEDNET peers */
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FROM-CUDI {
term FROM {
/* allow NISN-CUDI transit via I2, ticket#11664 */
from as-path CUDI;
then accept;
}
}
policy-statement GEANT-TO-NREN {
term FROM-GEANT {
from as-path GEANT;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for mcast-only peerings with commerical ISPs */
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-F-root-international {
from {
route-filter 192.5.5.0/24 orlonger;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
/* import policy for IPv6 ITN peerings */
policy-statement ITN-IN6 {
term reject-commercial {
from as-path COMMERCIAL6;
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MAX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAX-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MAX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement MAX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term accept-v6-transit {
from {
as-path MAX-V6-TRANSIT;
family inet6;
}
then {
local-preference 100;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MERIT-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MERIT-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MERIT-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MERIT-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term corporate {
from {
protocol bgp;
prefix-list-filter MERIT-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement MERIT-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MERIT-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
/* import policy for IPv6 NONITN peerings */
policy-statement NONITN-IN6 {
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NREN-TO-GEANT {
term FROM-NREN {
from as-path NREN;
then accept;
}
}
policy-statement OARNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter OARNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter OARNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement OARNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement OARNET-MULTICAST-IN {
term allow-muticast {
from {
prefix-list OARNET-MULTICAST-ROUTES;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute IPv4 aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute IPv6 Aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PSC-IN {
term participant {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter PSC-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter PSC-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_segp {
from {
protocol bgp;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-participant {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-PARTICIPANT orlonger;
}
then next policy;
}
term sox-backup-corporate {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sox-backup-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term sox-backup-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sox-backup-exception-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-fednet {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-FEDNET orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PSC-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
/* Block IPv6 routes that should never been accepted or announced */
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement TU-DRESDEN_to-IU {
term IU {
from {
route-filter 149.165.128.0/17 exact;
}
then {
as-path-prepend 11537;
next policy;
}
}
}
/* USGS ITN routes allowed to GEANT per UCAID 12231:45 */
policy-statement USGS-TO-GEANT {
term FROM-USGS {
from as-path USGS;
then accept;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1200::/56 longer;
route-filter 2001:468:0012::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement WSU-IN {
term participant {
from {
protocol bgp;
prefix-list-filter WSU-PARTICIPANT orlonger;
}
then next policy;
}
term exception_participant {
from {
protocol bgp;
prefix-list-filter WSU-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
interface [ so-0/0/0.0 so-3/0/0.0 so-1/1/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community ALL-COMMS members *:*;
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS12989-OUT members *:12989;
community CPS-AS13768-OUT members *:13768;
community CPS-AS14361-OUT members *:14361;
community CPS-AS15169-OUT members *:15169;
community CPS-AS16509-OUT members *:16509;
community CPS-AS19080-OUT members *:19080;
community CPS-AS19151-OUT members *:19151;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22212-OUT members *:22212;
community CPS-AS22822-OUT members *:22822;
community CPS-AS27524-OUT members *:27524;
community CPS-AS32934-OUT members *:32934;
community CPS-AS3303-OUT members *:3303;
community CPS-AS33739-OUT members *:33739;
community CPS-AS36248-OUT members *:36248;
community CPS-AS40009-OUT members *:40009;
community CPS-AS4436-OUT members *:4436;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6939-OUT members *:6939;
community CPS-AS8075-OUT members *:8075;
community CPS-AS9002-OUT members *:9002;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path ABILENE ".* 11537 .*";
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path NLR ".* 19401 .*";
as-path GEANT "20965 .*";
as-path CLARA "27750 .*";
as-path ESNET "293 .*";
as-path NREN "24 .*";
as-path MAX-V6-TRANSIT "10886 (293|2914|3257|4788|6939|10745|13645|23504|30071|33437)+ .*";
as-path USGS "1842 .*";
as-path CUDI "18592 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
}
Firewall Stanza Removed removed
����wash�«§��
## Last commit: 2009-09-28 17:54:40 UTC by cdavisal
version 9.3R3.8;
groups {
INTERFACE-BACKBONE {
interfaces {
<ge-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
<xe-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
INTERFACE-CONNECTOR {
interfaces {
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<xe-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
MSDP-STRICT {
protocols {
msdp {
group CONNECTOR {
peer <*> {
active-source-limit {
maximum 2000;
threshold 1800;
}
}
}
group ITN {
peer <*> {
active-source-limit {
maximum 500;
threshold 450;
}
}
}
group FEDNET {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
group NONITN {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
}
}
}
re0 {
system {
host-name ATLA-re0;
}
}
re1 {
system {
host-name ATLA-re1;
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.45.56 {
timeout 2;
source-address 64.57.28.243;
}
140.182.44.69 {
timeout 2;
source-address 64.57.28.243;
}
}
Login Stanza Removed services {
bandwidth 10g;
}
}
}
network-services ip;
}
interfaces {
xe-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-CHIC 10GE | I2-ATLA-CHIC-10GE-05419";
family inet {
address 64.57.28.4/31;
}
family inet6 {
address 2001:468:ff:102::1/64;
}
}
}
xe-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE B | I2-ATLA-WASH-10GE-05251";
family inet {
address 64.57.28.6/31;
}
family inet6 {
address 2001:468:ff:109::1/64;
}
}
}
xe-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Indiana Gigapop via Internet2 DWS | I2-INDI-ATLA-10GE-04182";
vlan-tagging;
mtu 9192;
unit 110 {
description "Indiana Gigapop R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 149.165.254.21/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:144::1/64;
}
}
unit 111 {
description "[CPS] Indiana Gigapop";
vlan-id 111;
family inet {
mtu 9000;
address 149.165.254.23/31;
}
}
unit 112 {
description "Indiana GigaPoP CPS-IPv6";
vlan-id 112;
family inet6 {
address 2001:468:ffff:144::1/64;
}
}
}
xe-0/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "USF/FLR via Internet2 DWS | I2-ATLA-JACK-10GE-05129";
vlan-tagging;
unit 1300 {
description "USF/FLR R&E VLAN";
vlan-id 1300;
family inet {
address 198.32.173.194/30;
}
family inet6 {
address 2001:468:ff:1c1::1/64;
}
}
unit 1301 {
description "[CPS] FLR IPv6";
vlan-id 1301;
family inet6 {
address 2001:468:ffff:1c1::1/64;
}
}
unit 1801 {
description "AMPATH via FLR R&E IPv4";
vlan-id 1801;
family inet {
address 198.32.252.238/30 {
primary;
}
address 198.32.252.254/30;
}
family inet6 {
address 2001:468:ff:e47::1/64;
}
}
unit 1824 {
description "[CPS] AMPATH via FLR CPS IPv6";
vlan-id 1824;
family inet6 {
address 2001:468:ffff:e47::1/64;
}
}
}
xe-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-HOUS 10GE | I2-ATLA-HOUS-10GE-05423";
family inet {
address 64.57.28.42/31;
}
family inet6 {
address 2001:468:ff:0103::2/64;
}
}
}
xe-1/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "KyRON via Internet2 DWS | I2-LOUS-ATLA-10GE-04183";
vlan-tagging;
mtu 9192;
unit 501 {
description "KyRON R&E VLAN";
vlan-id 501;
family inet {
mtu 9000;
address 216.249.136.198/30;
}
family inet6 {
mtu 9000;
address 2610:01E0:1000:6010::2/64;
}
}
unit 503 {
description "[CPS] KyRON";
vlan-id 503;
family inet {
mtu 9000;
address 216.249.136.134/30;
}
family inet6 {
mtu 9000;
address 2610:01E0:1000:4010::2/64;
}
}
}
xe-1/3/0 {
apply-groups INTERFACE-CONNECTOR;
description MCNC;
vlan-tagging;
mtu 9192;
unit 10 {
description "MCNC via Internet2 DWS | I2-ATLA-RALE-10GE-04187";
vlan-id 10;
family inet {
mtu 9000;
address 198.86.17.66/30;
}
family inet6 {
mtu 9000;
address 2610:28:10E:1::2/64;
}
}
unit 580 {
description "[CPS] MCNC via Internet2 DWS";
vlan-id 580;
family inet {
mtu 9000;
address 198.86.53.2/30;
}
}
unit 585 {
description "[CPS] IPv6 Peering MCNC";
vlan-id 585;
family inet6 {
address 2001:468:ffff:155::1/64;
}
}
}
xe-2/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH 10GE | I2-ATLA-WASH-10GE-05133";
family inet {
address 64.57.28.58/31;
}
family inet6 {
address 2001:468:ff:0901::1/64;
}
}
}
xe-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "SOX via Internet2-owned metro fiber";
vlan-tagging;
mtu 9192;
unit 193 {
description SOX;
vlan-id 193;
family inet {
mtu 9000;
address 143.215.193.10/30;
}
family inet6 {
address 2001:468:FF:e43::1/64;
}
}
unit 194 {
description "Southern Crossroads (SOX) CPS IPv6";
vlan-id 194;
family inet6 {
address 2001:468:ffff:e43::1/64;
}
}
unit 195 {
description "SOX-Vanderbilt Phoebus Bypass [NO-MONITOR]";
vlan-id 195;
family inet {
mtu 9000;
address 64.57.23.21/30;
}
}
inactive: unit 1801 {
description "AMPATH via SOX";
vlan-id 1801;
family inet {
mtu 9000;
address 198.32.252.238/30 {
primary;
}
address 198.32.252.254/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:e47::1/64;
}
}
inactive: unit 1824 {
description "[CPS] AMPATH via SOX";
vlan-id 1824;
family inet6 {
mtu 9000;
address 2001:468:ffff:e47::1/64;
}
}
}
ge-9/0/0 {
description "1G Observatory via lan.atla.net.internet2.edu:A23";
vlan-tagging;
mtu 9192;
unit 12 {
description "Observatory 1 Gig";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:1:12::1/64;
address 2001:468:1:12::16:97/64;
}
}
}
ge-9/0/1 {
description "to nms-rtr1";
mtu 9192;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:1:101::1/64;
address 2001:468:1:101::16:81/64;
}
}
}
ge-9/0/2 {
description "to nms-rtr2";
mtu 9192;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:1:100::1/64;
address 2001:468:1:100::16:85/64;
}
}
}
xe-9/2/0 {
description "Observatory 10G via lan.atla:B2";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description "Racklan #2";
vlan-id 10;
family inet {
address 64.57.25.254/24;
}
}
unit 11 {
description "ATLA Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:1:11::1/64;
}
}
unit 13 {
description "test ISIS feed to nms-rpsv";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.16.89/30;
}
family iso;
}
unit 20 {
description "ATLA VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.185/29;
}
}
unit 21 {
description "ATLA VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.1/28;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.29/30;
}
family inet6 {
mtu 9000;
address 2001:468:1:60::29:29/64;
address 2001:468:1:60::1/64;
}
}
}
dsc {
unit 0 {
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.243/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0001.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:1::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.243/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff01::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.68 {
port 4193;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
14.0.0.0/8 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
/* Abilene Backbone */
route 198.32.8.0/22 {
discard;
community 11537:950;
}
/* MANLAN */
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
/* Internet2 Backbone */
route 64.57.16.0/20 {
discard;
community 11537:950;
}
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
14.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.243;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to WASH */
interface xe-2/0/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
/* BACKBONE to HOUS */
interface xe-1/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path ATLA->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path ATLA->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path ATLA->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path ATLA->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path ATLA->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path ATLA->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path ATLA->HOUS {
to 64.57.28.244;
fast-reroute;
}
label-switched-path ATLA->SEAT {
to 64.57.28.247;
fast-reroute;
}
/* BACKBONE to WASH */
interface xe-2/0/0.0;
/* BACKBONE to CHIC */
interface xe-0/0/0.0;
/* BACKBONE to HOUS */
interface xe-1/0/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.243;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:1::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
remove-private;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.243;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.243;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.243;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:1::1;
family inet6 {
unicast;
}
}
neighbor 64.57.16.68 {
description "nms-rpsv.atla zebra bgpd [NO-MONITOR]";
local-address 64.57.16.65;
family inet {
unicast;
multicast;
}
cluster 64.57.16.65;
}
neighbor 2001:468:1:11::16:68 {
description "nms-rpsv.atla zebra bgpd [NO-MONITOR]";
local-address 2001:468:1:11::1;
family inet6 {
unicast;
multicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 149.165.254.20 {
description "Indiana Gigapop";
import [ SANITY-IN SET-PREF INTERNET2-MOSS INDIANAGIGAPOP-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 19782;
}
neighbor 198.32.252.237 {
description "AMPATH via SOX";
import [ SANITY-IN SET-PREF SFGP-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 20080;
}
neighbor 143.215.193.9 {
description SoX;
import [ SANITY-IN SET-PREF SOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10490;
}
neighbor 198.86.17.65 {
description "MCNC via Internet2 DWS I2-ATLA-RALE-I2-00126";
import [ SANITY-IN SET-PREF MCNC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 81;
}
neighbor 216.249.136.197 {
description "KyRON NEW";
local-address 216.249.136.198;
import [ SANITY-IN SET-PREF KyRON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 30700;
}
neighbor 198.32.173.193 {
description "Florida Lambda Rail R&E IPv4";
import [ SANITY-IN SET-PREF FLR-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 11096;
}
}
group CONNECTOR6 {
type external;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:ff:144::2 {
description "Indiana Gigapop";
import [ SANITY6 SET-PREF INDIANAGIGAPOP-IN6 ];
Authentication Data Removed
peer-as 19782;
}
neighbor 2001:468:FF:e43::2 {
description SOXv6;
import [ SANITY6 SET-PREF SOX-IN6 ];
Authentication Data Removed
peer-as 10490;
}
neighbor 2001:468:FF:E47::2 {
description "South Florida Gigapop";
import [ SANITY6 SET-PREF SFGP-IN6 ];
Authentication Data Removed
peer-as 20080;
}
neighbor 2610:28:10E:1::1 {
description "MCNC via Internet2 DWS | ATLA-RALE-I2-00126 [NO-MONITOR]";
import [ SANITY6 SET-PREF MCNC-IN6 ];
Authentication Data Removed
peer-as 81;
}
neighbor 2610:01E0:1000:6010::1 {
description "KyRON NEW";
local-address 2610:01E0:1000:6010::2;
import [ SANITY6 SET-PREF KyRON-IN6 ];
Authentication Data Removed
peer-as 30700;
}
neighbor 2001:468:ff:1c1::2 {
description "Florida Lambda Rail R&E IPv6";
import [ SANITY6 SET-PREF FLR-IN6 ];
Authentication Data Removed
peer-as 11096;
}
}
inactive: group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ESNET-MEDS ORIGINATE4 FEDNET-OUT ];
remove-private;
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6-NEW {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
remove-private;
neighbor 198.32.252.242 {
description "REACCIUN Venezuela (via AMPATH)";
multihop {
ttl 2;
}
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER legit-REACCIUN ITN-IN ];
Authentication Data Removed
peer-as 27807;
}
neighbor 198.32.252.230 {
description "ANSP (Brazil) (via AMPATH)";
multihop {
ttl 2;
}
Authentication Data Removed
peer-as 1251;
}
inactive: neighbor 198.32.252.222 {
description "RNP (Brazil) (via AMPATH)";
multihop {
ttl 3;
}
Authentication Data Removed
peer-as 1916;
}
}
}
isis {
export V6-IGP-AGG;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
spf-options delay 200;
level 2 wide-metrics-only;
/* BACKBONE to CHIC */
interface xe-0/0/0.0 {
level 1 disable;
level 2 metric 1045;
}
/* BACKBONE to WASH 10GE A R&E only */
interface xe-0/1/0.0 {
level 1 disable;
level 2 metric 700;
}
/* BACKBONE to HOUS */
interface xe-1/0/0.0 {
level 1 disable;
level 2 metric 1385;
}
/* BACKBONE to WASH 10GE B CPS & R&E failover */
interface xe-2/0/0.0 {
level 1 disable;
level 2 metric 701;
}
interface xe-9/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
interface all {
level 1 disable;
level 2 passive;
}
interface fxp0.0 {
disable;
}
}
msdp {
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.243;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
peer 149.165.254.20 {
local-address 149.165.254.21;
}
/* AMPATH via SOX/FLR */
peer 198.32.252.237 {
local-address 198.32.252.238;
}
/* SoX */
peer 143.215.194.253 {
local-address 64.57.28.243;
}
/* MCNC */
peer 198.86.17.65 {
local-address 198.86.17.66;
}
peer 216.249.136.197 {
local-address 216.249.136.198;
}
/* Florida Lambda Rail */
peer 198.32.173.193 {
local-address 198.32.173.194;
}
}
inactive: group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* Retina via Ampath */
peer 198.32.252.234 {
local-address 198.32.252.254;
}
/* RNP (Brazil,AS1916); multihop through AMPATH */
inactive: peer 198.32.252.238 {
local-address 198.32.252.254;
}
/* ANSP (Brazil), multihopped via AMPATH, AS1251 */
peer 198.32.252.230 {
local-address 198.32.252.254;
}
/* RNP; multihop through AMPATH */
inactive: peer 200.143.254.9 {
local-address 198.32.252.254;
}
/* REACCIUN via AMPATH */
peer 198.32.252.242 {
local-address 198.32.252.238;
}
}
group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* IUPUI login + SNMP hosts */
140.182.44.0/28;
/* IUPUI SNMP hosts */
140.182.44.32/28;
/* IUB login + SNMP hosts */
140.182.45.0/28;
/* IUB SNMP hosts */
140.182.45.32/28;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* New Jump Address */
149.165.134.64/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* ndb2-blmt for PerfSONAR link status */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list CPS-BGP-PEERS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list RADIUS-SERVERS {
140.182.44.69/32;
140.182.45.56/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list INDIANAGIGAPOP-PARTICIPANT {
65.254.96.0/20;
66.205.160.0/20;
66.254.224.0/19;
72.12.215.0/24;
128.10.0.0/16;
128.46.0.0/16;
128.210.0.0/16;
128.211.0.0/16;
128.252.0.0/16;
129.74.0.0/16;
129.79.0.0/16;
134.68.0.0/16;
/* University of Louisville */
136.165.0.0/16;
140.182.0.0/16;
149.159.0.0/16;
149.160.0.0/14;
149.160.0.0/16;
149.161.0.0/16;
149.162.0.0/16;
149.163.0.0/16;
149.164.0.0/16;
149.165.0.0/16;
149.166.0.0/16;
156.56.0.0/16;
157.91.0.0/16;
159.242.0.0/16;
165.134.0.0/16;
192.12.206.0/24;
192.88.99.0/24;
192.245.116.0/24;
/* University of Louisville */
199.120.154.0/24;
204.52.32.0/20;
205.137.32.0/20;
}
prefix-list INDIANAGIGAPOP-SEGP {
12.159.195.0/24;
12.159.206.0/23;
12.159.209.0/24;
69.51.160.0/19;
131.93.0.0/16;
137.112.0.0/16;
139.102.0.0/16;
147.53.0.0/16;
147.226.0.0/16;
152.228.0.0/16;
157.91.0.0/19;
157.91.48.0/20;
157.91.64.0/18;
157.91.128.0/17;
159.28.0.0/16;
159.218.0.0/16;
159.242.0.0/16;
161.32.0.0/16;
163.120.0.0/16;
163.245.0.0/16;
165.138.0.0/16;
165.139.0.0/16;
167.217.0.0/16;
168.91.0.0/16;
168.102.0.0/16;
192.146.191.0/24;
192.146.192.0/24;
192.189.3.0/24;
192.195.225.0/24;
192.195.226.0/23;
192.195.228.0/23;
192.195.230.0/24;
192.200.128.0/21;
192.206.9.0/24;
192.206.10.0/23;
192.207.174.0/23;
192.207.176.0/23;
192.207.178.0/24;
198.51.243.0/24;
198.51.244.0/24;
198.62.84.0/24;
198.62.98.0/24;
199.8.0.0/16;
204.52.48.0/20;
205.215.64.0/18;
208.96.144.0/20;
208.119.0.0/16;
}
prefix-list INDIANAGIGAPOP-SPONSORED {
149.165.251.0/24;
216.88.164.0/24;
}
prefix-list INDIANAGIGAPOP-PARTICIPANTS6 {
2001:468:400::/40;
2001:18e8::/32;
2002::/16;
}
prefix-list SFGP-PARTICIPANT {
65.38.194.0/24;
65.38.195.0/24;
67.17.206.0/24;
129.171.0.0/16;
131.91.0.0/16;
131.94.0.0/16;
134.202.0.0/16;
136.145.0.0/16;
146.226.0.0/16;
146.226.0.0/17;
146.226.0.0/18;
146.226.31.0/24;
146.226.64.0/18;
146.226.128.0/18;
146.226.192.0/18;
146.226.244.0/24;
192.31.89.0/24;
192.65.176.0/24;
192.70.171.0/24;
192.160.174.0/23;
192.160.176.0/24;
192.231.92.0/22;
192.239.208.0/24;
198.32.252.0/24;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.68.64.0/19;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
206.240.22.0/24;
208.4.181.0/27;
208.4.181.32/27;
208.4.181.128/27;
208.4.181.224/27;
208.222.241.0/24;
209.42.43.0/24;
216.79.60.0/23;
}
prefix-list SFGP-SPONSORED {
139.229.0.0/16;
160.111.132.0/22;
160.111.230.0/24;
160.111.232.0/21;
192.231.93.0/24;
192.231.95.0/24;
}
prefix-list SFGP-EXCEPTION {
129.171.0.0/28;
129.171.32.0/28;
129.171.64.0/28;
129.171.128.0/28;
129.171.160.0/28;
129.171.192.0/28;
129.171.224.0/28;
192.80.53.0/30;
}
prefix-list SOX-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
67.159.64.0/26;
70.33.64.0/18;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.96.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.17.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.15.0/24;
165.6.24.0/24;
168.62.16.0/21;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.73.4.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.188.181.0/24;
192.249.0.0/20;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.78.112.0/22;
199.90.0.0/16;
199.201.155.0/24;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.57.72.0/21;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
/* U Tenn Knoxville */
216.96.128.0/17;
}
prefix-list SOX-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-SPONSORED {
64.56.95.0/24;
/* Georgia Aquarium */
66.20.220.0/24;
66.187.234.0/24;
70.42.183.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/17;
152.97.0.0/16;
/* College of Charleston */
153.9.0.0/16;
155.31.0.0/16;
155.225.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
/* Meharry Medical College */
192.136.67.0/24;
192.153.129.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
/* SOX provides backup to MCNC. Their routes are mixed in with these */
prefix-list SOX-SEGP {
64.56.80.0/23;
64.56.87.0/24;
64.56.94.0/24;
64.147.208.0/20;
64.214.127.128/27;
65.213.184.0/22;
66.4.0.0/15;
66.194.104.0/23;
66.195.118.0/23;
72.158.165.0/24;
72.162.224.0/19;
72.250.224.0/20;
72.250.230.0/24;
72.250.245.0/24;
74.254.70.0/24;
96.4.0.0/15;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.43.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
162.114.37.0/24;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.46.0/23;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.62.72.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.58.28.0/22;
199.80.8.0/21;
199.88.16.0/20;
199.190.174.0/24;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.137.240.0/20;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.57.72.0/21;
206.81.164.0/22;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.191.176.0/20;
207.232.128.0/18;
208.87.72.0/22;
208.182.0.0/15;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list SOX-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-ORNL {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-PARTICIPANT6 {
2001:468:300::/40;
2607:F7B8::/32;
2607:F808::/32;
2610:0148::/32;
}
prefix-list NCREN-PARTICIPANT6 {
2001:468:1500::/40;
2610:28::/32;
}
prefix-list SFGP-PARTICIPANT6 {
2001:468:700::/40;
}
prefix-list FLR-PARTICIPANT6 {
2001:468:1e00::/40;
2607:F5D8::/32;
2620:0:c30::0/48;
}
prefix-list MCNC-PARTICIPANT {
67.159.64.0/18;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/12;
152.16.0.0/16;
152.17.0.0/16;
152.19.0.0/16;
204.211.0.0/16;
}
prefix-list MCNC-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list MCNC-SPONSORED {
192.67.134.0/24;
192.153.129.0/24;
204.62.251.0/24;
205.167.24.0/24;
205.167.25.0/24;
}
prefix-list MCNC-SEGP {
24.199.205.0/24;
64.147.208.0/20;
66.194.217.0/24;
72.250.224.0/20;
72.250.230.0/24;
72.250.245.0/24;
128.109.0.0/16;
149.168.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.26.18.0/24;
152.26.48.0/24;
152.32.0.0/12;
152.36.0.0/16;
152.44.1.0/24;
152.53.0.0/19;
152.54.0.0/20;
168.190.0.0/16;
192.73.4.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.154.33.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.46.0/23;
192.154.54.0/24;
192.154.55.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.65.0/24;
192.154.78.0/24;
192.189.244.0/24;
198.62.72.0/24;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.90.0.0/16;
199.190.174.0/24;
204.84.0.0/15;
204.85.191.0/24;
204.85.192.0/18;
204.238.30.0/24;
206.219.96.0/19;
207.4.0.0/16;
207.192.0.0/18;
208.90.172.0/22;
}
prefix-list MCNC-PARTICIPANT6 {
2001:468:1500::/40;
2610:28::/32;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*:*>";
}
prefix-list CPS-MCNC-CPS-ONLY {
12.169.197.0/24;
24.199.205.0/24;
72.250.240.0/20;
152.26.48.0/24;
152.48.0.0/14;
152.48.0.0/16;
156.143.0.0/16;
192.154.40.0/24;
192.154.95.0/24;
199.120.166.0/23;
204.69.248.0/24;
204.152.2.0/23;
206.219.96.0/19;
209.95.64.0/19;
216.105.128.0/19;
}
prefix-list OBSERVATORY-SSH {
/* leap */
129.79.217.202/32;
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH-BLOCK {
0.0.0.0/0;
}
prefix-list KyRON {
66.209.160.0/20;
136.165.0.0/16;
168.111.0.0/16;
199.76.192.0/24;
199.120.154.0/24;
204.198.76.0/23;
204.240.24.0/22;
216.69.0.0/18;
216.249.128.0/22;
216.249.136.0/23;
216.249.140.0/22;
}
prefix-list KyRON-PARTICIPANT6 {
2610:01E0::/32;
}
prefix-list KyRON-SPONSORED {
66.209.160.0/22;
216.249.128.0/24;
216.249.129.0/24;
216.249.130.0/23;
216.249.130.0/24;
216.249.131.0/24;
216.249.141.0/27;
216.249.142.0/24;
216.249.143.0/24;
}
prefix-list KyRON-SEGP {
98.17.253.0/24;
128.163.0.0/16;
147.133.0.0/16;
157.89.0.0/16;
161.6.0.0/16;
162.114.37.0/24;
170.180.0.0/14;
192.122.237.0/24;
199.76.144.0/20;
199.76.160.0/19;
204.198.72.0/22;
205.204.238.0/24;
216.249.132.0/22;
216.249.132.0/24;
216.249.133.0/24;
216.249.134.0/24;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list USF-SEGP {
150.176.0.0/16;
168.213.0.0/16;
168.254.0.0/16;
169.139.0.0/16;
192.216.34.0/24;
199.164.64.0/18;
204.122.128.0/17;
204.193.0.0/19;
204.194.32.0/21;
205.176.88.0/24;
207.156.0.0/17;
}
prefix-list FLR-TEST {
192.5.2.0/24;
}
prefix-list FLR-PARTICIPANT {
8.6.244.0/23;
64.56.80.0/23;
64.56.84.0/24;
64.56.85.0/24;
64.56.95.0/24;
65.115.176.0/24;
65.118.160.0/20;
67.17.206.0/24;
128.186.0.0/16;
128.227.0.0/16;
129.171.0.0/16;
131.91.0.0/16;
131.94.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
144.174.0.0/16;
146.201.0.0/17;
147.70.0.0/16;
159.178.0.0/16;
168.223.0.0/16;
192.5.2.0/24;
192.26.251.0/24;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.123.0/24;
198.32.155.0/24;
198.32.156.0/24;
198.32.166.0/24;
198.32.173.0/24;
199.242.231.0/24;
199.242.232.0/23;
204.68.64.0/19;
204.145.157.0/24;
}
prefix-list FLR-SPONSORED {
12.174.210.0/23;
137.52.0.0/16;
139.62.0.0/16;
163.118.0.0/16;
}
prefix-list FLR-SEGP {
6.4.0.0/15;
64.56.83.0/24;
64.56.87.0/24;
64.56.90.0/24;
64.56.94.0/24;
65.213.184.0/22;
66.194.104.0/23;
66.195.118.0/23;
69.88.160.0/19;
96.4.0.0/15;
143.88.0.0/16;
155.31.0.0/16;
165.138.0.0/15;
167.217.0.0/16;
168.102.0.0/17;
168.184.0.0/16;
199.44.67.0/24;
199.44.72.0/24;
199.58.28.0/22;
205.137.32.0/20;
205.137.240.0/20;
206.81.164.0/22;
206.224.192.0/19;
207.191.176.0/20;
208.182.0.0/15;
216.114.80.0/20;
}
prefix-list FLR {
146.201.192.0/18;
}
prefix-list MCNC-SEGP6 {
2610:28:1900::/48;
}
prefix-list USF-PARTICIPANT6 {
2001:468:1600::/40;
2620:0000:0c30::0/48;
}
prefix-list USF-PARTICIPANT {
131.247.0.0/16;
}
prefix-list USF-SPONSORED {
12.174.210.0/23;
66.194.104.0/23;
155.31.0.0/16;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-FLR-IN6 {
term accept {
from {
family inet6;
prefix-list-filter FLR-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
then reject;
}
policy-statement CPS-IMPORT {
term gblx {
from community GBLX-NY;
then {
local-preference 90;
next term;
}
}
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-INDIANAGIGAPOP-IN {
term accept {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANT orlonger;
prefix-list-filter INDIANAGIGAPOP-SPONSORED orlonger;
prefix-list-filter INDIANAGIGAPOP-SEGP orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-INDIANAGIGAPOP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-KyRON-IN {
term accept {
from {
protocol bgp;
prefix-list-filter KyRON orlonger;
prefix-list-filter KyRON-SEGP orlonger;
prefix-list-filter KyRON-SPONSORED orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-KyRON-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter KyRON-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-MCNC-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MCNC-PARTICIPANT orlonger;
prefix-list-filter MCNC-SEGP orlonger;
prefix-list-filter MCNC-SPONSORED orlonger;
prefix-list-filter MCNC-CORPORATE orlonger;
prefix-list-filter CPS-MCNC-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MCNC-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term accept-segp {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-SEGP6 orlonger;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-SFGP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-SOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter SOX-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FLR-IN {
term participant {
from {
prefix-list-filter FLR-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter FLR-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter FLR-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
then reject;
}
policy-statement FLR-IN6 {
term participant {
from {
family inet6;
prefix-list-filter FLR-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
then reject;
}
policy-statement INDIANAGIGAPOP-IN {
term participant {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement INDIANAGIGAPOP-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement INTERNET2-MOSS {
term accept-MOSS-routes {
from community INTERNET2-INFINERA;
then accept;
}
then next policy;
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-F-root-international {
from {
route-filter 192.5.5.0/24 orlonger;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement KyRON-IN {
term PARTICIPANT {
from {
prefix-list-filter KyRON orlonger;
}
then {
community add PARTICIPANT;
next policy;
}
}
term SPONSORED {
from {
prefix-list-filter KyRON-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term SEGP {
from {
protocol bgp;
prefix-list-filter KyRON-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term REJECT {
then reject;
}
}
policy-statement KyRON-IN6 {
term participant {
from {
prefix-list-filter KyRON-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
term accept {
from family inet6;
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement MCNC-IN {
term participant {
from {
prefix-list-filter MCNC-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
prefix-list-filter MCNC-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
prefix-list-filter MCNC-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter MCNC-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MCNC-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term segp {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-SEGP6 orlonger;
}
then {
community add SEGP;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-CPS-V6 {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement SFGP-IN {
term participant {
from {
prefix-list-filter SFGP-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter SFGP-SPONSORED orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term exception_participant {
from {
prefix-list-filter SFGP-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement SFGP-IN6 {
term accept-sfgp {
from {
family inet6;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
/* if not SFGP's prefix, then treat as a peer, with SET-PREF-PEER community->pref settings(so itn prefixes won't get SFGP's connector preference) and the ITN community. else reject */
term accept-ampath-highpref {
from {
community HIGH-PEERS;
family inet6;
}
then {
local-preference 160;
community add ITN;
accept;
}
}
term accept-ampath-lowpref {
from {
community LOW-PEERS;
family inet6;
}
then {
local-preference 40;
community add ITN;
accept;
}
}
term accept-ampath-itnpref {
from family inet6;
then {
local-preference 100;
community add ITN;
accept;
}
}
term reject {
then reject;
}
}
policy-statement SOX-IN {
term remove_fednet_community {
then {
community delete FEDNET;
next term;
}
}
term participant {
from {
prefix-list-filter SOX-PARTICIPANT orlonger;
prefix-list-filter SFGP-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
prefix-list-filter SOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
prefix-list-filter SOX-SPONSORED orlonger;
prefix-list-filter SFGP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter SOX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_participant {
from {
prefix-list-filter SFGP-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term exception_sponsored {
from {
prefix-list-filter SOX-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term exception_segp {
from {
prefix-list-filter SOX-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term ORNL {
from {
prefix-list-filter SOX-ORNL orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement SOX-IN6 {
term participant {
from {
prefix-list-filter SOX-PARTICIPANT6 exact;
prefix-list-filter NCREN-PARTICIPANT6 exact;
prefix-list-filter FLR-PARTICIPANT6 exact;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
term accept {
from family inet6;
}
}
policy-statement USF-IN {
term participant {
from {
protocol bgp;
prefix-list-filter USF-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter USF-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter USF-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement USF-IN6 {
term participant {
from {
prefix-list-filter USF-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement legit-REACCIUN {
term accept {
from as-path legit-REACCIUN;
then next policy;
}
term reject {
then reject;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-0/2/0.0 so-3/1/0.0 ge-2/3/1.0 so-4/0/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community GBLX-NY members 11537:23549;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community INTERNET2-INFINERA members 19782:65533;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community RHCPP members 11537:4000;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path ABILENE ".* 11537 .*";
as-path NLR ".* 19401 .*";
as-path ESNET "293 .*";
as-path COMMERCIAL6 ".* (701|1273|1836|2497|2516|2914|3257|3549|3561|4691|6939|7018|15169|15412|17554|17990) .*";
as-path legit-REACCIUN "27807+ (27686|20312|19192|23007|27892|11694|27890|27891|27893|27771)*$";
}
Firewall Stanza Removed removed
����atla�rl��
version "8.5I0 [builder]";
groups {
INTERFACE-BACKBONE {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit <*> {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
<ge-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
re0 {
system {
host-name HOUS-re0;
}
}
re1 {
system {
host-name HOUS-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
140.182.44.69 {
timeout 5;
source-address 64.57.28.244;
}
140.182.45.56 {
timeout 5;
source-address 64.57.28.244;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive {
files 100;
}
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
host 140.182.44.73 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive {
size 1m;
files 100;
}
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route; ## Warning: 'source-route' is deprecated
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: HOUS-LOSA OC-192 | I2-HOUS-LOSA-O192-03923";
family inet {
address 64.57.28.45/31;
}
family inet6 {
address 2001:468:ff:0304::1/64;
}
}
}
so-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: HOUS-KANS OC-192 | I2-HOUS-KANS-O192-03921";
family inet {
address 64.57.28.57/31;
}
family inet6 {
filter {
input v6-capture;
}
address 2001:468:ff:0403::2/64;
}
}
}
inactive: ge-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "LEARN via 10GE Level3 Metro Circuit | HSTQTX02-HSTPTXVH-00014";
vlan-tagging;
mtu 9192;
unit 722 {
description "CUDI via TX-LEARN";
vlan-id 722;
family inet {
mtu 9000;
address 200.23.60.122/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:03c1::1/64;
}
}
unit 3018 {
description "TX-LEARN R&E";
vlan-id 3018;
family inet {
mtu 9000;
address 74.200.187.5/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:115e::1/64;
}
}
}
ge-1/0/0 {
description "Unused 2xGE [NO-MONITOR]";
}
so-1/2/0 {
description "Unused 4xOC3 [NO-MONITOR]";
}
so-1/3/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-2/0/0 {
description "Unused 4xOC12 [NO-MONITOR]";
}
ge-2/1/1 {
description lan.hous.net.internet2.edu:A23;
vlan-tagging;
mtu 9180;
unit 10 {
description "Racklan #3 Backup Gateway";
vlan-id 10;
family inet {
mtu 9000;
filter {
output racklan-access;
}
address 64.57.26.85/24 {
vrrp-group 40 {
virtual-address 64.57.26.254;
}
}
}
}
unit 12 {
description "Observatory 1G";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.161/28;
}
family inet6 {
mtu 9000;
address 2001:468:3:12::1/64;
address 2001:468:3:12::16:161/64;
}
}
}
ge-2/1/2 {
description "nms-rthr1 p2p connection";
mtu 9180;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.145/30;
}
family inet6 {
mtu 9000;
address 2001:468:3:101::1/64;
address 2001:468:3:101::16:145/64;
}
}
}
ge-2/1/3 {
description "nms-rthr2 p2p connection";
mtu 9180;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.149/30;
}
family inet6 {
mtu 9000;
address 2001:468:3:100::1/64;
address 2001:468:3:100::16:149/64;
}
}
}
ge-3/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "LONI via Internet2 DWS | I2-BATO-HOUS-10GE-04569";
traceoptions {
flag event;
}
vlan-tagging;
mtu 9192;
unit 600 {
description "LONI R&E";
vlan-id 600;
family inet {
mtu 9000;
address 208.100.127.33/30;
}
}
unit 601 {
description "LONI R&Ev6";
vlan-id 601;
family inet6 {
mtu 9000;
address 2607:F390:0001:1001::0001/64;
}
}
unit 610 {
description "[CPS] LONI";
vlan-id 610;
family inet {
mtu 9000;
address 208.100.127.37/30;
}
}
unit 611 {
description "[CPS] LONIv6";
vlan-id 611;
family inet6 {
mtu 9000;
address 2607:F390:0001:1002::0001/64;
}
}
unit 620 {
description "LONI R&E testing [NO-MONITOR]";
vlan-id 620;
family inet {
mtu 9000;
address 10.1.1.1/30;
}
}
}
ge-3/1/0 {
description "to LAN.HOUS port D1";
vlan-tagging;
mtu 9180;
unit 11 {
description "Observatory 10G";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.129/28;
}
family inet6 {
mtu 9000;
address 2001:468:3:11::1/64;
address 2001:468:3:11::16:129/64;
}
}
unit 20 {
description "HOUS VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.201/29;
}
}
unit 21 {
description "HOUS VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.33/28;
}
}
unit 30 {
description "HOUS 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.73/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:30::1/64;
address 2001:468:3:30::23:73/64;
}
}
unit 31 {
description "HOUS 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.105/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:31::1/64;
address 2001:468:3:31::23:105/64;
}
}
unit 32 {
description "HOUS 100x100 NetFPGA";
vlan-id 32;
family inet {
mtu 9000;
policer {
arp 32k;
}
address 64.57.23.41/29;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
family inet6 {
mtu 9000;
address 2001:468:3:50::1/64;
}
}
unit 51 {
description "[CPS] test v6 feed to the Observatory";
vlan-id 51;
family inet6 {
mtu 9000;
address 2001:468:ff03:51::1/64;
}
}
unit 60 {
description "[CPS] Connection to nms-rpsv [NO-MONITOR]";
vlan-id 60;
family inet {
mtu 9000;
address 64.57.29.49/30;
}
family inet6 {
mtu 9000;
address 2001:468:03:60::29:49/64;
address 2001:468:03:60::1/64;
}
}
unit 141 {
apply-groups INTERFACE-CONNECTOR;
description "Fall 2009 MM - temporary to 15 Oct 2009 - R&E";
vlan-id 141;
family inet {
mtu 9000;
address 64.57.28.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:115f::1/64;
}
}
unit 147 {
apply-groups INTERFACE-CONNECTOR;
description "[CPS] Fall 2009 MM - temporary to 15 Oct 2009 - CPS";
vlan-id 147;
family inet {
mtu 9000;
address 64.57.29.93/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:115f::1/64;
}
}
}
so-3/2/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-HOUS OC-192 | I2-HOUS-LOSA-O192-05458";
family inet {
address 64.57.28.85/31;
}
}
}
ge-3/3/0 {
vlan-tagging;
mtu 9192;
unit 722 {
description "