pst0���1234����������÷Y��
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name SALT-re0;
}
}
re1 {
system {
host-name SALT-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
encapsulation atm-snap;
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name abilene.ucaid.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 64.57.28.246;
}
129.79.216.162 {
timeout 5;
source-address 64.57.28.246;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: KANS-SALT OC-192 | I2-KANS-SALT-O192-03920";
family inet {
address 64.57.28.24/31;
}
family inet6 {
address 2001:468:ff:0407::2/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "10GigE to SALT Ciena";
vlan-tagging;
mtu 9192;
unit 81 {
description "VLAN 81--NGIX ipv6--9K framesize";
vlan-id 81;
family inet6 {
mtu 9000;
address 2001:478:6663:100::205/64;
}
}
unit 82 {
description "VLAN 82--NGIX ipv6--1500B framesize";
vlan-id 82;
family inet6 {
mtu 1500;
/* temp addr from i2 space before ngix had numbers */
address 2001:468:ff:17c4::1/64;
/* from ngix address space--this is the addr that should be used here */
address 2001:478:6663:200::205/64;
}
}
unit 153 {
description "VLAN 153--NGIX";
vlan-id 153;
family inet {
mtu 1500;
filter {
output interface-out;
}
address 198.32.153.205/24;
}
family inet6 {
mtu 9000;
address 2001:468:FF:17C1::1/64;
}
}
unit 166 {
description "NREN VLAN 166";
vlan-id 166;
family inet {
mtu 9000;
address 198.32.11.80/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:17c6::1/64;
}
}
unit 201 {
description "VLAN 201--MIX multicast exchange";
vlan-id 201;
family inet {
mtu 1500;
address 198.9.201.205/24;
}
}
unit 202 {
description "VLAN 202--MIX 9KMTU";
vlan-id 202;
family inet {
mtu 9174;
address 198.9.202.205/24;
}
}
unit 505 {
description "University of New Mexico R&E via Internet2 Ciena";
vlan-id 505;
family inet {
mtu 9000;
address 208.77.76.130/30;
}
}
unit 506 {
description "[CPS] University of New Mexico via Internet2 Ciena";
vlan-id 506;
family inet {
mtu 9000;
address 208.77.76.138/30;
}
}
}
ge-0/2/0 {
description "HP5406 10GE";
vlan-tagging;
mtu 9180;
unit 11 {
description "SALT Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.193/28;
}
family inet6 {
mtu 9000;
address 2001:468:7:11::1/64;
address 2001:468:7:11::17:193/64;
}
}
unit 20 {
description "SALT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.233/29;
}
}
unit 21 {
description "SALT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.97/28;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
so-1/0/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-1/1/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-1/2/0 {
description "Unused OC48 [NO-MONITOR]";
}
ge-1/3/0 {
description "UEN/FRGP via NLR";
vlan-tagging;
mtu 9180;
unit 845 {
description "[CPS] Utah Education Network (UEN)";
vlan-id 845;
family inet {
mtu 9000;
address 205.124.247.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:748::1/64;
}
}
unit 855 {
description "Utah Education Network (UEN)";
vlan-id 855;
family inet {
mtu 9000;
address 64.57.28.29/30 {
preferred;
}
}
family iso;
family inet6 {
mtu 9000;
address 2001:468:ff:748::1/64;
}
}
unit 860 {
description "Front Range Gigapop (FRGP)";
vlan-id 860;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.33/30;
}
family iso;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:745::1/64;
}
}
unit 861 {
description "[CPS] Front Range Gigapop (FRGP) IPv6 via UEN/NLR [NO-MONITOR]";
vlan-id 861;
family inet6 {
mtu 9000;
address 2001:468:ffff:745::1/64;
}
}
}
ge-2/2/0 {
description "Observatory HP5406";
vlan-tagging;
mtu 9180;
unit 10 {
description "Racklan #4 Default Gateway";
vlan-id 10;
family inet {
filter {
output racklan-access;
}
address 64.57.27.254/24;
}
}
unit 12 {
description "SALT Obs 1Gig";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.225/28;
}
family inet6 {
mtu 9000;
address 2001:468:7:12::1/64;
address 2001:468:7:12::17:225/64;
}
}
}
ge-2/2/1 {
mtu 9180;
unit 0 {
description "nms-rthr1.salt p2p connection";
family inet {
mtu 9000;
address 64.57.17.209/30;
}
family inet6 {
mtu 9000;
address 2001:468:7:101::1/64;
address 2001:468:7:101::17:209/64;
}
}
}
ge-2/2/2 {
mtu 9180;
unit 0 {
description "nms-rthr2.salt p2p connection";
family inet {
mtu 9000;
address 64.57.17.213/30;
}
family inet6 {
mtu 9000;
address 2001:468:7:100::1/64;
address 2001:468:7:100::17:213/64;
}
}
}
so-3/0/0 {
apply-groups INTERFACE-BACKBONE;
sonet-options {
rfc-2615;
}
unit 0 {
description "BACKBONE: SALT-SEAT OC-192 | I2-SALT-SEAT-O192-03926";
family inet {
address 64.57.28.27/31;
}
family inet6 {
address 2001:468:ff:716::2/64;
}
family mpls {
mtu 9180;
}
}
}
so-3/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: LOSA-SALT OC-192 | I2-LOSA-SALT-O192-03925";
family inet {
address 64.57.28.47/31;
}
family inet6 {
address 2001:468:ff:0507::2/64;
}
family mpls {
mtu 9180;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.246/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0014.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:7::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.246/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff07::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.194 {
port 4203;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:e00::/56;
route 2001:468:000e::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 4.68.0.251/32 next-hop 198.9.201.24;
route 129.250.0.242/32 next-hop 198.9.201.89;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.246;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
inactive: traceoptions {
file jd-igmp-packet;
flag packets;
}
interface all {
version 2;
}
interface ge-2/2/0.12 {
version 2;
static {
group 233.4.200.18;
}
}
}
mld {
interface all;
}
router-advertisement {
interface ge-2/2/0.11 {
no-other-stateful-configuration;
prefix 2001:468:e:1::1/64;
}
interface ge-2/2/0.12 {
no-other-stateful-configuration;
prefix 2001:468:e:2::1/64;
}
interface ge-2/2/0.13 {
no-other-stateful-configuration;
prefix 2001:468:e:3::1/64;
}
interface ge-2/2/1.0 {
no-other-stateful-configuration;
prefix 2001:468:e:4::1/64;
}
interface ge-2/2/0.15 {
no-other-stateful-configuration;
prefix 2001:468:e:5::1/64;
}
interface ge-2/2/3.0 {
no-other-stateful-configuration;
prefix 2001:468:e:7::1/64;
}
interface ge-2/2/0.16 {
no-other-stateful-configuration;
prefix 2001:468:e:8::1/64;
}
}
rsvp {
/* BACKBONE to KANS */
interface so-0/0/0.0;
/* OC192 to STTLng */
interface so-3/0/0.0;
/* BACKBONE to LOSA */
interface so-3/1/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path SALT->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path SALT->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path SALT->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path SALT->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path SALT->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path SALT->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path SALT->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path SALT->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to KANS */
interface so-0/0/0.0;
/* OC192 to STTLng */
interface so-3/0/0.0;
/* BACKBONE to LOSA */
interface so-3/1/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.246;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:7::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.246;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.246;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:e::1;
family inet6 {
unicast;
}
}
neighbor 64.57.17.194 {
description "nms-rpsv.salt zebra bgpd [NO-MONITOR]";
local-address 64.57.17.193;
family inet {
unicast;
multicast;
}
cluster 64.57.17.193;
}
neighbor 2001:468:7:11::17:194 {
description "nms-rpsv.salt zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 208.77.76.129 {
description "University of New Mexico";
import [ SANITY-IN SET-PREF UNM-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 40498;
}
neighbor 64.57.28.30 {
description "Utah Education Network";
import [ SANITY-IN SET-PREF UEN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 210;
}
neighbor 64.57.28.34 {
description "Front Range Gigapop (FRGP - Treat as Participant)";
import [ SANITY-IN SET-PREF FRGP-IN4 CONNECTOR-IN ];
Authentication Data Removed
peer-as 14041;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:ff:748::2 {
description "UEN/Intermountain Gigapop";
import [ SANITY6 SET-PREF UEN-IN6 ];
Authentication Data Removed
peer-as 210;
}
neighbor 2001:468:ff:745::2 {
description "Front Range Gigapop (FRGP)";
import [ SANITY6 SET-PREF FRGP-IN6 ];
Authentication Data Removed
peer-as 14041;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.32.153.3 {
description "NISN via NGIX";
Authentication Data Removed
peer-as 297;
}
neighbor 198.32.153.121 {
description "USGS via NGIX";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 REDCLARA-TO-USGS FEDNET-OUT ];
peer-as 22284;
}
neighbor 198.32.153.25 {
description "DREN via NGIX";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.81 {
description "NREN via NGIX vlan 166";
hold-time 30;
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:FF:17c1::2 {
description DREN/NGIX;
family inet6 {
unicast;
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:17c4::2 {
description "iDREN via NGIX-Ames";
family inet6 {
unicast;
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:17c6::2 {
description "NREN/NGIX 166";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 24;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 198.9.201.11 {
description "Sprint at MIX";
peer-as 1239;
}
neighbor 198.9.201.89 {
description "NTT at MIX";
Authentication Data Removed
peer-as 2914;
}
neighbor 198.9.201.254 {
description "FIX/mbone at MIX";
peer-as 10888;
}
/* . */
neighbor 198.9.201.180 {
description "ISC - contact Greg Shepherd";
family inet {
multicast {
prefix-limit {
maximum 13000;
teardown 90;
}
}
}
peer-as 3948;
}
neighbor 198.9.202.89 {
description "NTT at MIX";
Authentication Data Removed
peer-as 2914;
}
neighbor 198.9.202.24 {
description "Level3 at MIX/AIX-NG";
peer-as 3356;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:478:6663:100::89 {
description NTT-jumbo;
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 2914;
}
neighbor 2001:478:6663:200::89 {
description "NTT via ames v6 lan [NO-MONITOR]";
family inet6 {
unicast;
}
Authentication Data Removed
peer-as 2914;
}
neighbor 2001:478:6663:200::11 {
description "Sprint via Ames v6 vlan82-1500B MTU [NO-MONITOR]";
family inet6 {
unicast;
}
peer-as 1239;
}
}
inactive: group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
remove-private;
}
inactive: group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* OC192 to KANS */
interface so-0/0/0.0 {
level 2 metric 1330;
level 1 disable;
}
interface ge-0/2/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* OC192 to STTLng */
interface so-3/0/0.0 {
level 1 disable;
level 2 metric 913;
}
/* BACKBONE to LOSA */
interface so-3/1/0.0 {
level 1 disable;
level 2 metric 1303;
}
/* Run IS-IS Passively on All Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.246;
/* HSTNng */
peer 198.32.8.195;
/* KSCYng */
peer 198.32.8.197;
/* LOSAng */
peer 198.32.8.198;
/* STTLng */
peer 198.32.8.200;
/* SNVAng */
peer 198.32.8.201;
/* ATLA-M5 */
peer 198.32.8.203;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* University of New Mexico */
peer 208.77.76.129 {
local-address 208.77.76.130;
}
/* UEN/Intermountain GP */
peer 64.57.28.30 {
local-address 64.57.28.29;
}
/* Front Range Gigapop */
peer 64.57.28.34 {
local-address 64.57.28.33;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN via NGIX */
peer 198.32.153.3 {
local-address 198.32.153.205;
}
/* NREN 166 */
peer 198.32.11.81 {
local-address 198.32.11.80;
}
/* DREN */
peer 138.18.12.253 {
local-address 64.57.28.246;
}
}
inactive: group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
inactive: group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
group MIX {
export MSDP-FILTER;
import MSDP-FILTER;
/* NREN at MIX */
peer 198.9.201.2 {
local-address 198.9.201.205;
}
/* Sprint at MIX */
peer 198.9.201.11 {
local-address 198.9.201.205;
}
/* shepfarm via MIX */
peer 198.9.201.180 {
local-address 198.9.201.205;
}
/* FIX-W/mbone at MIX */
peer 198.9.201.254 {
local-address 198.9.201.205;
}
/* New Level3 at MIX - static route to reach this RP */
peer 4.68.0.251 {
local-address 198.9.202.205;
}
/* FIX-W/mbone at MIX-ng */
peer 198.9.202.253 {
local-address 198.9.202.205;
}
/* Verio at MIX--static route to reach this RP */
peer 129.250.0.242 {
local-address 64.57.28.246;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* dc-snmp.grnoc.iu.edu */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list UNM-PARTICIPANT {
64.106.0.0/17;
64.234.170.0/23;
128.123.0.0/16;
128.165.0.0/16;
129.24.0.0/16;
129.138.0.0/16;
146.88.0.0/16;
192.41.211.0/24;
192.65.77.0/24;
192.65.95.0/24;
192.67.132.0/24;
192.88.137.0/24;
192.88.138.0/24;
192.88.139.0/24;
192.88.140.0/24;
198.59.97.0/24;
198.59.130.0/24;
198.59.131.0/24;
198.59.132.0/24;
198.59.133.0/24;
198.59.134.0/24;
198.59.145.0/24;
198.59.152.0/24;
198.59.154.0/24;
198.59.155.0/24;
198.59.169.0/24;
198.59.186.0/24;
198.168.1.0/24;
198.168.2.0/24;
198.168.3.0/24;
198.168.4.0/24;
198.168.5.0/24;
198.168.6.0/24;
198.252.187.0/24;
204.69.153.0/24;
204.121.0.0/16;
206.206.150.0/24;
206.206.151.0/24;
206.206.152.0/21;
208.77.76.0/22;
}
prefix-list UNM-SPONSORED {
216.161.32.0/23;
}
prefix-list UNM-SEGP {
63.225.1.0/24;
64.234.128.0/18;
192.56.77.0/24;
192.65.78.0/24;
192.94.216.0/24;
192.132.89.0/24;
192.136.110.0/24;
192.207.226.0/24;
198.59.106.0/23;
198.59.108.0/24;
198.59.153.0/24;
198.59.187.0/24;
198.59.188.0/23;
198.59.190.0/24;
198.176.219.0/24;
198.187.251.0/24;
204.134.48.0/23;
204.134.50.0/24;
204.134.54.0/23;
204.134.56.0/23;
204.134.66.0/24;
204.134.67.0/24;
204.134.68.0/24;
204.134.85.0/24;
204.134.102.0/24;
204.134.103.0/24;
205.167.120.0/23;
206.192.128.0/18;
206.206.136.0/21;
206.206.144.0/20;
}
prefix-list UNM-EXCEPTION-SPONSORED {
169.203.194.240/29;
}
prefix-list UNM-FEDNET {
128.165.0.0/16;
192.65.95.0/24;
204.121.0.0/16;
}
prefix-list UEN-PARTICIPANT {
128.110.0.0/16;
128.116.0.0/16;
128.117.0.0/16;
128.138.0.0/16;
128.187.0.0/16;
128.198.0.0/16;
129.19.0.0/16;
129.19.0.0/18;
129.19.6.0/24;
129.72.0.0/16;
129.82.0.0/16;
129.123.0.0/16;
130.253.0.0/16;
132.163.0.0/16;
132.194.0.0/16;
134.20.0.0/16;
134.50.0.0/16;
137.75.0.0/16;
138.67.0.0/16;
140.172.0.0/16;
140.226.0.0/16;
155.97.0.0/16;
155.98.0.0/16;
155.99.0.0/16;
155.100.0.0/15;
157.132.0.0/16;
168.179.0.0/16;
192.12.240.0/24;
192.26.83.0/24;
192.43.217.0/24;
192.43.244.0/24;
192.52.106.0/24;
192.77.14.0/24;
192.149.148.0/24;
192.150.224.0/24;
192.207.159.0/24;
192.207.160.0/24;
198.11.16.0/20;
198.59.7.0/24;
198.59.55.0/24;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/24;
198.59.83.0/24;
198.60.217.0/24;
198.60.218.0/23;
198.60.220.0/22;
198.60.224.0/22;
198.60.226.0/24;
198.60.238.0/24;
198.118.206.0/24;
199.4.250.0/23;
199.104.18.0/24;
199.104.23.0/24;
199.104.32.0/24;
199.104.93.0/24;
204.89.132.0/23;
204.99.159.0/24;
204.99.160.0/20;
204.99.176.0/23;
204.134.131.0/24;
204.134.132.0/24;
204.134.133.0/24;
204.134.134.0/24;
204.134.135.0/24;
204.134.136.0/24;
204.134.137.0/24;
204.134.138.0/24;
204.134.144.0/24;
204.134.150.0/24;
204.134.194.0/23;
204.134.217.0/24;
204.134.219.0/24;
204.134.220.0/24;
204.134.251.0/24;
204.134.252.0/22;
204.228.64.0/24;
204.228.67.0/24;
204.228.68.0/24;
204.228.78.0/24;
204.228.80.0/24;
204.228.186.0/24;
204.228.192.0/24;
204.228.201.0/24;
204.228.208.0/23;
204.228.211.0/24;
205.124.252.0/24;
205.170.168.0/21;
206.206.18.0/24;
206.207.64.0/20;
206.207.72.0/23;
206.207.74.0/24;
206.207.96.0/24;
206.207.104.0/24;
206.207.113.0/24;
206.207.114.0/23;
206.207.118.0/24;
206.207.125.0/24;
207.70.27.0/24;
207.70.35.0/24;
207.70.40.0/24;
207.70.42.0/24;
207.70.44.0/23;
207.70.47.0/24;
207.70.53.0/24;
207.252.94.0/23;
207.252.204.0/23;
209.19.140.0/24;
209.186.50.0/23;
209.186.50.0/24;
209.186.51.0/24;
209.223.6.0/24;
209.223.250.0/23;
}
prefix-list UEN-SPONSORED {
138.67.0.0/16;
138.86.0.0/16;
192.26.83.0/24;
}
prefix-list UEN-SEGP {
134.250.0.0/16;
137.190.0.0/16;
144.17.0.0/16;
144.35.0.0/16;
144.38.0.0/16;
144.39.0.0/16;
146.86.0.0/16;
158.91.0.0/16;
160.7.0.0/16;
161.28.0.0/16;
161.119.0.0/16;
163.6.0.0/16;
163.248.0.0/16;
165.239.0.0/16;
168.177.0.0/16;
168.178.0.0/15;
168.180.0.0/16;
192.41.70.0/24;
192.41.96.0/22;
192.84.171.0/24;
192.120.193.0/24;
198.60.0.0/23;
198.60.1.0/24;
198.60.2.0/24;
198.60.4.0/23;
198.60.8.0/21;
198.60.16.0/24;
198.60.64.0/19;
199.104.0.0/18;
199.104.69.0/24;
199.104.76.0/23;
199.104.76.0/24;
199.104.87.0/24;
199.104.88.0/23;
204.99.128.0/18;
204.99.153.0/24;
204.99.154.0/23;
204.113.0.0/16;
204.228.210.0/23;
205.118.0.0/15;
205.120.0.0/13;
}
prefix-list UEN6-PARTICIPANT {
2001:468:0800::/40;
2001:1948::/32;
}
prefix-list FRGP-PARTICIPANT {
128.116.0.0/16;
128.117.0.0/16;
128.138.0.0/16;
129.19.0.0/16;
129.19.0.0/18;
129.19.6.0/24;
129.72.0.0/16;
129.82.0.0/16;
132.163.0.0/16;
132.194.0.0/16;
137.75.0.0/16;
138.67.0.0/16;
140.172.0.0/16;
140.226.0.0/16;
157.132.0.0/16;
192.12.240.0/24;
192.26.83.0/24;
192.43.217.0/24;
192.43.244.0/24;
192.52.106.0/24;
192.149.148.0/24;
192.150.224.0/24;
198.11.16.0/20;
198.59.7.0/24;
198.59.54.0/24;
198.59.55.0/24;
198.59.61.0/24;
198.59.69.0/24;
198.59.70.0/24;
198.59.81.0/24;
198.59.82.0/24;
198.59.83.0/24;
198.118.206.0/24;
199.4.250.0/23;
204.89.132.0/23;
204.131.58.0/24;
204.131.62.0/24;
204.131.208.0/24;
204.131.247.0/24;
204.132.224.0/20;
204.228.67.0/24;
204.228.68.0/24;
204.228.69.0/24;
204.228.78.0/24;
204.228.80.0/24;
}
prefix-list FRGP-PARTICIPANT-EXCEPTION {
192.43.217.165/32;
}
prefix-list FRGP-SPONSORED {
138.67.0.0/16;
138.86.0.0/16;
140.226.0.0/16;
192.26.83.0/24;
204.228.64.0/24;
}
prefix-list FRGP-PARTICIPANT6 {
2001:468:500::/40;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Server */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* VPN Groups */
156.56.175.0/27;
/* l2tpvpn-iub */
156.56.245.1/32;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OBSERVATORY-SSH {
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH6 {
0::0/0;
}
policy-statement CLARA-TO-NREN {
/* CLARA<->NREN transit (ucaid approved) */
term FROM {
from as-path CLARA;
then accept;
}
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-FRGP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter FRGP-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-UEN-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter UEN6-PARTICIPANT orlonger;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-UNM-IN {
term accept {
from {
protocol bgp;
prefix-list-filter UNM-PARTICIPANT orlonger;
prefix-list-filter UNM-SPONSORED orlonger;
prefix-list-filter UNM-SEGP orlonger;
prefix-list-filter UNM-FEDNET orlonger;
prefix-list-filter UNM-EXCEPTION-SPONSORED exact;
}
then next policy;
}
term reject {
then reject;
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement FRGP-IN4 {
term participant {
from {
prefix-list-filter FRGP-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter FRGP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term participant_exception {
from {
prefix-list-filter FRGP-PARTICIPANT-EXCEPTION exact;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement FRGP-IN6 {
term accept {
from {
family inet6;
prefix-list-filter FRGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement GEANT-TO-NREN {
from as-path GEANT;
then accept;
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 239.0.0.0/8 orlonger;
route-filter 232.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement REDCLARA-TO-USGS {
term FROM-REDCLARA {
from as-path CLARA;
then accept;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement UEN-IN {
term participant {
from {
protocol bgp;
prefix-list-filter UEN-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter UEN-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter UEN-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement UEN-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter UEN6-PARTICIPANT orlonger;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement UNM-IN {
term participant {
from {
protocol bgp;
prefix-list-filter UNM-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter UNM-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter UNM-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term fednet {
from {
protocol bgp;
prefix-list-filter UNM-FEDNET orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term exception-sponsored {
from {
protocol bgp;
prefix-list-filter UNM-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:e00::/56 longer;
route-filter 2001:468:e::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement pim-join-filter {
term internal-links {
from {
interface [ so-0/0/0.0 so-3/0/0.0 so-3/1/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community DISCARD members 11537:911;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path PRIVATE ".* (64512-65535) .*";
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path ABILENE ".* 11537 .*";
as-path NLR ".* 19401 .*";
as-path CLARA "27750 .*";
as-path GEANT "20965 .*";
}
inactive: class-of-service {
classifiers {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-points 110;
}
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
drop-profiles {
basic {
fill-level 100 drop-probability 100;
}
}
rewrite-rules {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
basic {
forwarding-class best-effort scheduler best-effort;
forwarding-class network-control scheduler network-control;
forwarding-class assured-forwarding scheduler LSP-L2;
forwarding-class expedited-forwarding scheduler expedited-forwarding;
}
}
schedulers {
LSP-L2 {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
network-control {
transmit-rate percent 5;
buffer-size percent 5;
priority strict-high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
best-effort {
transmit-rate percent 85;
buffer-size percent 85;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
expedited-forwarding {
transmit-rate percent 0;
buffer-size percent 0;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
}
}
Firewall Stanza Removed removed
����salt�*��
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit <*> {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
<ge-*> {
mtu 9192;
unit <*> {
family inet {
mtu 9174;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9174;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9174;
}
}
}
}
}
re0 {
system {
host-name NEWY-re0;
}
}
re1 {
system {
host-name NEWY-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
CONNECTOR6;
CONNECTOR;
ITN;
MSDP-SA-Limit-per-peer-group {
protocols {
msdp {
group <*> {
peer <*> {
active-source-limit {
maximum 100000;
threshold 90000;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
ports {
auxiliary type vt100;
}
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 64.57.28.242;
}
129.79.216.162 {
timeout 5;
source-address 64.57.28.242;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
server 198.32.10.252;
server 198.32.10.254;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
fpc 0 {
pic 1 {
no-concatenate;
}
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH OC-192 | I2-NEWY-WASH-O192-03914";
family inet {
address 64.57.28.10/31;
}
family inet6 {
address 2001:468:ff:609::2/64;
}
}
}
so-0/1/0 {
description "Unused OC192 [NO-MONITOR]";
}
ge-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Northern Crossroads (NOX) via Internet2 New York Metro Infinera Ring | I2-BOST-NEWY-10GE-04181";
vlan-tagging;
mtu 9192;
unit 110 {
description "Northern Crossroads (NOX) R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 192.5.89.222/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0646::2/64;
}
}
unit 111 {
description "[CPS] Northern Crossroads (NOX)";
vlan-id 111;
family inet {
mtu 9000;
address 207.210.142.2/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:0646::2/64;
}
}
}
ge-1/0/0 {
apply-groups INTERFACE-CONNECTOR;
mtu 9192;
unit 0 {
description Nysernet;
family inet {
mtu 9000;
address 199.109.4.154/30;
}
family inet6 {
mtu 9000;
address 2001:468:900:315::2/64;
}
}
}
ge-1/2/0 {
description "Internet2 CPS switch (via Internet2 New York Metro Infinera Ring)";
vlan-tagging;
unit 6 {
description "[CPS] PAIX New York Public Switch (10G)";
vlan-id 6;
family inet {
mtu 1500;
address 198.32.118.55/24;
}
}
unit 10 {
description "PAIX NY Management Subnet";
vlan-id 10;
family inet {
address 64.57.28.161/28;
}
}
unit 100 {
description "[CPS] Global Crossing Private v4 unicast peering";
vlan-id 100;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.208.110.26/30;
}
}
unit 101 {
description "[CPS] Global Crossing Private v6 and multicast peering";
vlan-id 101;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.208.110.186/30;
}
family inet6 {
mtu 1500;
address 2001:450:2008:21::2/64;
}
}
unit 102 {
description "[CPS] Google private peering";
vlan-id 102;
family inet {
mtu 1500;
filter {
input connector-in;
}
address 64.57.29.20/31;
}
}
}
so-1/3/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-NEWY OC-192 | I2-CHIC-NEWY-O192-03913";
family inet {
address 64.57.28.15/31;
}
family inet6 {
address 2001:468:ff:206::2/64;
}
}
}
ge-2/0/0 {
description racklan/HP;
vlan-tagging;
mtu 9192;
unit 12 {
description "NEWY Observatory 1G vlan";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.17.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:12::1/64;
address 2001:468:6:12::17:97/64;
}
}
}
ge-2/0/1 {
mtu 9180;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.17.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:101::1/64;
address 2001:468:6:101::17:81/64;
}
}
}
ge-2/0/2 {
mtu 9180;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.17.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:6:100::1/64;
address 2001:468:6:100::17:85/64;
}
}
}
so-2/3/0 {
apply-groups INTERFACE-CONNECTOR;
}
inactive: so-3/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE - OC-192 to CHINng";
family inet {
address 198.32.8.83/31;
}
family inet6 {
address 2001:468:ff:0f15::2/64;
}
family mpls {
mtu 9180;
}
}
}
ge-3/2/0 {
disable;
}
ge-4/0/0 {
inactive: apply-groups INTERFACE-CONNECTOR;
description sw.manlan.internet2.edu:Te11/3;
vlan-tagging;
mtu 9192;
encapsulation vlan-ccc;
unit 1 {
description "MANLAN Rack Lan";
vlan-id 1;
family inet {
mtu 1500;
filter {
output manlan-management;
}
address 198.32.154.6/25;
address 198.32.14.129/27;
}
family iso;
}
unit 16 {
description "DRAC Project";
vlan-id 16;
family inet {
mtu 9000;
address 198.32.154.133/30;
}
}
unit 102 {
description "GEANT | AS:20965";
vlan-id 102;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.50/31;
}
family iso;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c5::1/64;
}
}
unit 104 {
description CAnet-Toronto;
vlan-id 104;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.117/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:23::2/64;
}
}
unit 107 {
description SINET;
vlan-id 107;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 150.99.200.194/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
unit 108 {
description QATAR;
vlan-id 108;
family inet {
mtu 1500;
filter {
input connector-in;
output interface-out;
}
address 80.231.134.30/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
unit 109 {
description CAnet-Montreal;
vlan-id 109;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 205.189.32.93/30;
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
address 2001:410:101:24::2/64;
}
}
unit 110 {
description CERN;
vlan-id 110;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.85/30;
}
}
unit 112 {
description ESnet;
vlan-id 112;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.124.216.158/30;
}
}
unit 113 {
description ESnet-v6-only;
vlan-id 199;
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:15c6::1/64;
}
}
unit 114 {
description "MCIT/ENERGI (Egypt)";
vlan-id 114;
family inet {
mtu 1486;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.65/30;
}
family inet6 {
mtu 1486;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c1::1/64;
}
}
unit 115 {
description "LHCnet (CERN)";
vlan-id 115;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 198.32.11.69/30;
}
}
unit 117 {
description "TWAREN| AS:7539";
vlan-id 117;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 211.79.48.158/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:E10:FFFF:307::2/64;
}
}
unit 120 {
description "SURFnet | AS:1103";
vlan-id 120;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 64.57.28.65/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:6c2::1/64;
}
}
unit 4003 {
encapsulation vlan-ccc;
vlan-id 4003;
}
}
ge-4/1/0 {
description "HP 5406 Racklan Switch";
vlan-tagging;
mtu 9192;
unit 10 {
description "NEWY Racklan";
vlan-id 10;
family inet {
mtu 9000;
filter {
output racklan-access;
}
address 64.57.24.254/24;
}
}
unit 11 {
description "NEWY Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.17.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:11::1/64;
address 2001:468:6:11::17:65/64;
}
}
unit 20 {
description "NEWT VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.225/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:20::1/64;
address 2001:468:6:20::18:225/64;
}
}
unit 21 {
description "NEWT VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.81/28;
}
family inet6 {
mtu 9000;
address 2001:468:6:21::1/64;
address 2001:468:6:21::18:81/64;
}
}
unit 30 {
description "NEWY 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.81/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:30::1/64;
address 2001:468:6:30::23:81/64;
}
}
unit 31 {
description "NEWY 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.113/29;
}
family inet6 {
mtu 9000;
address 2001:468:6:31::1/64;
address 2001:468:6:31::23:113/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
ge-4/2/0 {
description "HOPI 10GigE";
vlan-tagging;
mtu 9192;
encapsulation vlan-ccc;
}
ge-4/3/0 {
apply-groups INTERFACE-CONNECTOR;
description "MAGPI via Internet2 DWS | I2-NEWY-PHIL-10GE-04177";
vlan-tagging;
mtu 9192;
unit 12 {
description "MAGPI IP Connection";
vlan-id 12;
family inet {
mtu 9000;
address 216.27.100.54/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0658::1/64;
}
}
unit 38 {
description "[CPS] MAGPI";
vlan-id 38;
family inet {
mtu 1500;
address 216.27.100.62/30;
}
family inet6 {
mtu 1500;
address 2001:468:ffff:0658::1/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.242/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0021.00;
address 49.0000.0000.0000.0030.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:6::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.242/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff06::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.17.71 {
port 4195;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:000f::/48;
route 2001:468:0006::/48;
route 2001:468:ff:0f00::/56;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
route 67.17.81.229/32 next-hop 64.208.110.185;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.242;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
/* msdp */
protocols {
igmp {
interface all {
version 3;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to WASH */
interface so-0/0/0.0;
/* BACKBONE to CHIC */
interface so-1/3/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path NEWY->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path NEWY->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path NEWY->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path NEWY->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path NEWY->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path NEWY->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path NEWY->LOSA {
to 64.57.28.248;
fast-reroute;
}
label-switched-path NEWY->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to WASH */
interface so-0/0/0.0;
/* BACKBONE to CHIC */
interface so-1/3/0.0;
}
bgp {
log-updown;
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 192.5.89.221 {
description NOX;
import [ SANITY-IN SET-PREF NOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10578;
}
neighbor 199.109.4.153 {
description Nysernet;
import [ SANITY-IN SET-PREF NYSERNET-IN CONNECTOR-IN ];
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 LEAK-NMS1 ];
peer-as 3754;
}
neighbor 216.27.100.53 {
description MAGPI;
import [ SANITY-IN SET-PREF MAGPI-IN CONNECTOR-IN ];
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
peer-as 10466;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:900:315::1 {
description "NYsernet-New York";
import [ SANITY6 SET-PREF NYSERNET-IN6 ];
/* export policy to allow more specifics for dual-homed load-balancing purposes */
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6-WITH-SPECIFICS ];
peer-as 3754;
}
neighbor 2001:468:ff:0646::1 {
description NOX;
import [ SANITY6 SET-PREF NOX-IN6 ];
Authentication Data Removed
peer-as 10578;
}
neighbor 2001:468:ff:0658::2 {
description MAGPI;
import [ SANITY6 SET-PREF MAGPI-IN6 ];
Authentication Data Removed
peer-as 10466;
}
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 198.124.216.157 {
description "ESnet via MANLAN";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 AMPATH-TO-ESNET GEANT-TO-ESNET FEDNET-OUT ];
peer-as 293;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:15c6::2 {
description ESNET;
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
neighbor 64.208.110.185 {
description "Global Crossing private peering";
Authentication Data Removed
peer-as 3549;
}
}
group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
neighbor 2001:450:2008:21::1 {
description "Global Crossing private peering";
Authentication Data Removed
peer-as 3549;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 80.231.134.29 {
description QATAR;
family inet {
unicast;
}
Authentication Data Removed
peer-as 29384;
}
neighbor 205.189.32.94 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 205.189.32.118 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 150.99.200.193 {
description SINET;
Authentication Data Removed
peer-as 2907;
}
neighbor 198.32.11.66 {
description "MCIT/ENERGI (Egypt)";
Authentication Data Removed
peer-as 33789;
}
neighbor 198.32.11.51 {
description "GEANT M160 via MANLAN 10GigE";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT ORIGINATE4 ESNET-TO-GEANT NREN-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.70 {
description "LHCNet (CERN)";
Authentication Data Removed
peer-as 1297;
}
neighbor 211.79.48.157 {
description "TWAREN | AS:7539";
Authentication Data Removed
peer-as 7539;
}
neighbor 198.32.11.86 {
description CERN;
Authentication Data Removed
peer-as 513;
}
neighbor 64.57.28.66 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:410:101:23::1 {
description CAnet-Toronto;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:410:101:24::1 {
description CAnet-Montreal;
Authentication Data Removed
peer-as 6509;
}
neighbor 2001:468:ff:15c5::2 {
description GEANT;
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:E10:FFFF:307::1 {
description TWAREN;
Authentication Data Removed
peer-as 7539;
}
neighbor 2001:468:ff:6c2::2 {
description "SURFnet Backup | AS:1103";
Authentication Data Removed
peer-as 1103;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
remove-private;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.242;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 64.57.17.71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
local-address 64.57.17.65;
family inet {
unicast;
multicast;
}
cluster 64.57.17.65;
}
neighbor 2001:468:6:11::17:71 {
description "nms-rpsv.newy zebra bgpd [NO-MONITOR]";
family inet6 {
unicast;
multicast;
}
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.242;
hold-time 65535;
family inet {
unicast;
}
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
group INTERNET2 {
type internal;
local-address 64.57.28.242;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:6::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:7::1 {
description SALT;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
inactive: group MULTICAST-ONLY {
type external;
metric-out igp;
import [ SANITY-LIST SET-LOCPREF-PEERS FROM-ITN ];
family inet {
multicast {
prefix-limit {
maximum 10000;
teardown 90;
}
}
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* BB: OC-192 to WASH */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 278;
}
/* BACKBONE to CHIC */
interface so-1/3/0.0 {
level 1 disable;
level 2 metric 1400;
}
interface ge-4/1/0.30 {
level 1 disable;
level 2 passive;
}
interface ge-4/1/0.31 {
level 2 passive;
level 1 disable;
}
interface ge-4/1/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all Interfaces */
interface all {
level 1 disable;
level 2 passive;
}
}
msdp {
apply-groups MSDP-SA-Limit-per-peer-group;
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* ESNET */
peer 134.55.3.3 {
local-address 198.124.216.158;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CAnet-Montreal */
peer 205.189.32.94 {
local-address 205.189.32.93;
}
/* CAnet-Toronto */
peer 205.189.32.118 {
local-address 205.189.32.117;
}
/* TWAREN via Manlan vlan 117 */
peer 211.79.48.157 {
local-address 211.79.48.158;
}
/* GEANT 10GE via MANLAN */
peer 62.40.114.43 {
local-address 198.32.11.50;
}
/* SURFnet via MANLAN */
peer 64.57.28.66 {
local-address 64.57.28.65;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* Nysernet */
peer 199.109.4.153 {
local-address 199.109.4.154;
}
/* NOX */
peer 192.5.89.221 {
local-address 192.5.89.222;
}
/* MAGPI */
peer 216.27.100.53 {
local-address 216.27.100.54;
}
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.242;
/* STTLng */
peer 198.32.8.200;
/* CHIC */
peer 64.57.28.241;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group ISP-MCAST {
export MSDP-FILTER;
import MSDP-FILTER;
/* Global Crossing (private peering) */
peer 67.17.81.229 {
local-address 64.208.110.186;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
interface ge-3/0/0.102 {
mode sparse;
version 2;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* snmp.grnoc.iu.edu -- SNMP Data Collection */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list NYSERNET-PARTICIPANT {
67.99.160.0/21;
67.99.160.0/22;
128.59.0.0/16;
128.84.0.0/16;
128.113.0.0/16;
128.113.11.0/24;
128.122.0.0/16;
128.151.0.0/16;
128.205.0.0/16;
128.213.0.0/16;
128.226.0.0/16;
128.228.0.0/16;
128.230.0.0/16;
128.253.0.0/16;
129.5.0.0/16;
129.21.0.0/16;
129.49.0.0/16;
129.161.0.0/16;
129.236.0.0/16;
130.245.0.0/16;
132.236.0.0/16;
134.74.0.0/16;
140.251.0.0/16;
146.95.0.0/16;
146.96.0.0/16;
146.111.0.0/16;
146.245.0.0/16;
148.84.0.0/16;
149.4.0.0/16;
149.125.0.0/16;
150.210.0.0/16;
156.111.0.0/16;
156.145.0.0/16;
157.139.0.0/16;
160.39.0.0/16;
163.238.0.0/16;
169.226.0.0/16;
192.5.43.0/24;
192.5.53.0/24;
192.12.82.0/24;
192.12.89.0/24;
192.12.90.0/24;
192.35.82.0/24;
192.35.210.0/24;
192.42.55.0/24;
192.76.177.0/24;
192.77.9.0/24;
192.77.173.0/24;
192.86.139.0/24;
198.61.16.0/20;
198.83.28.0/22;
198.83.112.0/20;
198.180.141.0/24;
199.89.214.0/24;
199.109.0.0/16;
199.109.2.0/24;
199.109.4.0/24;
199.109.5.0/24;
199.109.6.0/30;
199.109.8.0/22;
199.109.12.0/22;
199.109.16.0/22;
199.109.20.0/22;
199.109.24.0/22;
199.109.28.0/22;
199.109.32.0/22;
199.109.40.0/22;
199.109.44.0/22;
199.109.100.0/24;
199.109.200.0/21;
199.219.128.0/18;
199.219.192.0/20;
199.219.208.0/21;
199.219.216.0/24;
204.9.168.0/22;
204.168.181.0/24;
204.168.182.0/23;
204.168.184.0/21;
205.232.16.0/21;
207.10.4.0/24;
207.10.5.0/24;
207.10.6.0/24;
207.10.7.0/24;
207.10.196.0/24;
207.10.197.0/24;
207.10.198.0/24;
207.10.199.0/24;
207.127.120.0/21;
207.127.224.0/22;
207.159.192.0/18;
209.2.48.0/22;
209.2.54.0/23;
216.165.0.0/17;
}
prefix-list NYSERNET-CORPORATE {
129.34.0.0/16;
198.81.209.0/24;
198.83.46.0/24;
198.180.207.0/24;
198.182.248.0/24;
199.164.149.0/24;
199.181.149.0/24;
199.222.58.0/24;
199.222.59.0/24;
199.222.71.0/24;
204.107.83.0/24;
}
prefix-list NYSERNET-SPONSORED {
205.232.8.0/21;
209.2.160.0/21;
216.73.240.0/20;
}
prefix-list NYSERNET-SEGP {
38.96.188.0/24;
63.144.174.0/24;
63.144.175.0/24;
65.88.72.0/22;
65.88.88.0/23;
67.99.185.0/24;
128.153.0.0/16;
129.85.0.0/16;
129.98.0.0/16;
137.143.0.0/16;
137.238.0.0/16;
138.92.0.0/16;
139.127.0.0/16;
146.203.0.0/16;
147.4.0.0/16;
148.100.0.0/16;
149.31.0.0/16;
149.123.0.0/16;
168.169.0.0/16;
170.161.0.0/16;
192.31.156.0/24;
192.33.253.0/24;
192.231.122.0/23;
192.231.124.0/23;
192.246.178.0/24;
192.246.224.0/22;
192.246.228.0/23;
192.246.231.0/24;
192.246.232.0/22;
192.246.235.0/24;
192.246.239.0/24;
192.246.253.0/24;
198.22.176.0/24;
198.105.32.0/20;
198.180.129.0/24;
198.199.181.0/24;
199.190.222.0/23;
199.190.224.0/23;
204.97.72.0/24;
204.168.248.0/21;
205.232.96.0/20;
207.10.8.0/21;
207.127.176.0/21;
216.182.132.0/24;
216.182.136.0/22;
216.226.96.0/19;
}
prefix-list NYSERNET6-PARTICIPANT {
2001:468:900::/40;
2001:468:1100::/40;
2001:468:1508::/48;
2001:18d8::/32;
}
prefix-list NOX-PARTICIPANT {
12.0.48.0/20;
12.6.208.0/20;
18.0.0.0/8;
63.164.11.0/24;
/* Temporary route - remove after 08-11-08 - JD */
64.251.112.0/20;
65.112.0.0/20;
67.221.64.0/19;
72.164.152.0/24;
75.130.96.0/24;
128.30.0.0/15;
128.36.0.0/16;
128.52.0.0/16;
128.103.0.0/16;
128.119.0.0/16;
128.148.0.0/16;
128.197.0.0/16;
129.10.0.0/16;
129.55.0.0/16;
129.64.0.0/16;
129.170.0.0/16;
130.64.0.0/16;
130.111.0.0/16;
130.132.0.0/16;
130.189.0.0/16;
130.215.0.0/16;
131.128.0.0/16;
131.142.0.0/16;
132.177.0.0/16;
132.183.0.0/16;
132.198.0.0/16;
134.174.0.0/16;
136.167.0.0/16;
136.244.0.0/16;
137.99.0.0/16;
138.16.0.0/16;
138.29.0.0/16;
140.234.0.0/16;
140.247.0.0/16;
141.133.0.0/16;
148.85.0.0/16;
155.33.0.0/16;
155.37.0.0/16;
155.41.0.0/16;
155.41.96.0/19;
155.41.128.0/17;
155.52.0.0/16;
160.79.139.0/24;
168.122.0.0/16;
170.223.0.0/16;
192.5.66.0/24;
192.5.89.0/24;
192.5.136.0/22;
192.5.140.0/23;
192.5.206.0/23;
192.5.208.0/24;
192.5.224.0/24;
192.12.185.0/24;
192.12.186.0/23;
192.12.188.0/22;
192.26.149.0/24;
192.26.150.0/24;
192.52.61.0/24;
192.52.62.0/23;
192.52.64.0/23;
192.54.224.0/24;
192.73.31.0/24;
192.80.66.0/24;
192.80.83.0/24;
192.131.102.0/24;
192.160.243.0/24;
192.160.244.0/24;
192.189.138.0/24;
198.113.29.0/24;
199.93.245.0/24;
199.94.0.0/16;
199.94.32.0/19;
199.94.48.0/24;
204.8.152.0/21;
204.139.0.0/21;
204.167.52.0/24;
207.188.245.0/24;
207.210.142.0/24;
207.210.143.0/24;
}
prefix-list NOX-CORPORATE {
167.216.167.0/26;
204.179.122.0/24;
}
prefix-list NOX-SPONSORED {
64.130.229.160/27;
66.9.106.224/27;
66.9.198.0/24;
66.9.199.0/24;
66.220.243.0/24;
68.112.227.0/24;
68.184.42.64/27;
128.128.0.0/16;
129.44.167.0/24;
131.229.0.0/16;
134.88.230.0/24;
134.88.231.0/24;
134.88.235.0/24;
138.110.0.0/16;
148.45.0.0/16;
158.65.0.0/16;
158.136.0.0/16;
192.80.61.0/24;
192.133.12.0/24;
192.133.83.0/24;
199.92.170.0/24;
}
prefix-list NOX-SEGP {
12.6.252.0/24;
12.16.126.192/26;
63.145.155.0/24;
64.45.64.0/18;
64.147.48.0/20;
64.202.80.0/20;
64.251.48.0/20;
64.251.60.0/22;
64.254.160.0/20;
65.18.0.0/18;
65.18.64.0/19;
65.18.96.0/20;
66.181.224.0/20;
66.206.128.0/20;
66.206.144.0/21;
66.206.148.0/24;
66.206.152.0/22;
66.206.156.0/24;
66.206.157.0/24;
66.206.158.0/24;
66.206.159.0/24;
66.218.144.0/20;
69.16.0.0/17;
69.43.113.0/24;
69.43.114.0/24;
69.43.120.0/24;
72.10.96.0/19;
72.19.64.0/18;
76.78.80.0/22;
129.5.0.0/16;
129.63.0.0/16;
129.133.0.0/16;
129.161.0.0/16;
131.109.0.0/16;
134.88.0.0/16;
134.181.0.0/16;
134.241.0.0/16;
134.241.27.0/24;
134.241.32.0/24;
134.241.140.0/22;
137.49.0.0/16;
139.140.0.0/16;
140.232.0.0/16;
146.189.0.0/16;
148.166.0.0/16;
149.130.0.0/16;
149.152.0.0/16;
155.36.0.0/16;
155.43.0.0/16;
155.47.0.0/16;
157.252.0.0/16;
158.121.0.0/16;
158.123.0.0/17;
158.123.128.0/17;
159.247.232.0/22;
159.247.236.0/23;
169.244.0.0/16;
192.31.112.0/24;
192.33.12.0/24;
192.43.249.0/24;
192.83.228.0/24;
192.101.188.0/24;
192.107.38.0/24;
192.107.134.0/24;
192.124.153.0/24;
192.132.64.0/24;
192.135.181.0/24;
192.136.22.0/24;
192.138.176.0/24;
192.138.177.0/24;
192.138.178.0/24;
192.152.243.0/24;
192.188.67.0/24;
192.195.196.0/24;
198.7.224.0/19;
198.102.172.0/24;
198.102.211.0/24;
198.148.217.0/24;
198.182.161.0/24;
198.182.162.0/23;
198.183.156.0/24;
198.202.151.0/24;
199.33.141.0/24;
199.184.247.0/24;
204.17.79.64/27;
204.17.80.0/27;
205.172.224.0/22;
206.208.184.0/21;
207.159.160.0/19;
207.166.224.0/19;
207.210.128.0/19;
208.47.162.0/23;
208.47.164.0/23;
209.80.128.0/17;
209.166.112.0/20;
209.222.192.0/19;
216.19.112.0/20;
216.20.0.0/17;
216.87.96.0/19;
}
prefix-list NOX6-PARTICIPANT {
2001:468:600::/40;
2001:468:1e00::/40;
/* University of Main */
2610:48::/32;
2610:58::/32;
}
prefix-list MAGPI-PARTICIPANT {
12.161.8.0/21;
66.36.56.0/21;
66.180.176.0/20;
66.250.44.0/24;
128.4.0.0/16;
128.6.0.0/16;
128.91.0.0/16;
128.112.0.0/16;
128.175.0.0/16;
128.180.0.0/16;
128.235.0.0/16;
129.25.0.0/16;
129.32.0.0/16;
130.91.0.0/16;
130.219.0.0/16;
140.180.0.0/16;
140.208.0.0/16;
144.118.0.0/16;
147.31.0.0/16;
149.150.0.0/16;
155.247.0.0/16;
158.130.0.0/16;
159.14.0.0/16;
165.123.0.0/16;
165.230.0.0/16;
192.12.88.0/24;
192.76.178.0/24;
192.84.2.0/24;
198.32.42.0/24;
198.32.242.128/25;
198.151.130.0/24;
199.65.255.0/24;
204.52.215.0/24;
204.153.48.0/22;
205.172.164.0/24;
216.27.97.0/24;
216.27.99.0/24;
216.27.100.0/22;
216.27.100.0/23;
}
prefix-list MAGPI-CORPORATE {
12.144.59.0/24;
}
prefix-list MAGPI-SPONSORED {
12.151.0.0/23;
12.151.1.0/24;
38.115.60.0/24;
66.28.32.0/23;
131.249.0.0/16;
147.140.0.0/16;
153.104.0.0/16;
167.21.180.0/22;
167.21.184.0/22;
192.231.162.0/23;
192.231.164.0/24;
192.231.210.0/24;
198.138.53.0/24;
198.138.54.0/23;
198.138.56.0/22;
198.138.60.0/24;
204.14.12.0/22;
204.75.178.0/24;
204.108.128.0/17;
207.103.37.0/24;
207.103.38.0/24;
207.103.55.0/24;
207.103.56.0/24;
207.103.72.0/24;
207.103.89.0/24;
207.103.90.0/24;
207.103.91.0/24;
207.103.189.0/24;
207.103.190.0/24;
207.103.191.0/24;
207.103.192.0/24;
207.103.218.0/24;
207.103.219.0/24;
209.18.48.0/20;
209.50.137.0/24;
209.50.138.0/24;
209.71.5.0/24;
209.71.6.0/24;
209.71.7.0/24;
209.71.10.0/24;
209.71.25.0/24;
209.71.46.0/24;
216.27.98.0/23;
216.27.102.0/24;
216.162.80.0/20;
216.228.128.0/20;
}
prefix-list MAGPI-SEGP {
8.10.208.0/24;
65.170.110.0/24;
65.194.220.0/22;
65.194.224.0/24;
72.2.96.0/20;
74.214.96.0/19;
76.74.64.0/24;
76.74.65.0/24;
76.74.66.0/24;
76.74.67.0/24;
76.74.68.0/24;
76.74.69.0/24;
76.74.70.0/24;
76.74.71.0/24;
76.74.72.0/24;
76.74.73.0/24;
76.74.77.0/24;
130.68.0.0/16;
130.156.0.0/16;
131.125.0.0/16;
132.238.0.0/16;
134.198.0.0/16;
134.210.0.0/16;
139.147.0.0/16;
146.94.0.0/16;
147.106.0.0/16;
149.151.0.0/16;
150.250.0.0/16;
151.198.208.96/27;
155.246.0.0/16;
159.91.0.0/16;
167.21.6.0/24;
167.21.7.0/24;
167.21.8.0/24;
167.21.9.0/24;
167.21.254.0/24;
170.235.0.0/16;
192.16.204.0/24;
192.100.64.0/24;
192.107.43.0/24;
192.107.45.0/24;
192.107.108.0/24;
192.108.16.0/24;
192.108.106.0/24;
192.112.54.0/24;
192.133.105.0/24;
192.135.209.0/24;
192.150.150.0/24;
192.154.128.0/23;
192.154.130.0/24;
192.231.202.0/24;
192.231.207.0/24;
192.245.88.0/24;
198.22.129.0/24;
198.133.170.0/24;
198.138.207.0/24;
198.138.208.0/23;
198.138.210.0/24;
199.2.216.0/24;
204.13.204.0/22;
204.96.142.0/24;
204.96.143.0/24;
204.143.61.0/24;
204.143.62.0/23;
204.143.64.0/22;
204.143.68.0/24;
204.152.148.0/23;
204.186.48.64/27;
204.186.135.0/24;
204.186.151.0/24;
204.186.161.0/24;
204.186.191.128/27;
205.173.168.0/21;
205.174.96.0/20;
205.235.32.0/19;
205.238.205.0/24;
205.247.245.0/24;
206.82.16.0/20;
206.219.64.0/19;
207.200.160.0/20;
207.200.170.0/24;
207.200.171.0/24;
208.67.140.0/22;
208.70.120.0/22;
208.73.176.0/22;
208.87.76.0/24;
208.87.77.0/24;
208.87.78.0/24;
208.87.79.0/24;
209.50.150.128/26;
209.50.153.224/27;
209.173.1.96/27;
209.173.4.0/27;
209.173.7.96/27;
209.173.11.0/27;
209.173.14.160/27;
209.173.14.192/27;
209.173.16.0/24;
209.173.17.64/26;
209.173.17.192/26;
209.173.18.0/24;
209.242.176.0/20;
216.27.98.0/23;
216.144.171.160/27;
216.220.89.0/24;
216.220.90.0/24;
216.220.94.0/24;
216.220.95.0/24;
}
prefix-list MAGPI-PARTICIPANT6 {
2001:468:1800::/40;
2607:F3B0::/32;
2607:F470::/32;
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAGPI-CPS {
128.180.0.0/16;
198.32.42.0/24;
216.27.100.0/23;
}
prefix-list QUERY-HOSTS;
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list RACKLAN-ACCESS {
/* ARIN Allocation */
64.57.16.0/20;
/* ISI East */
65.114.168.0/24;
/* ndb2-blmt.abilene.ucaid.edu */
129.79.5.18/32;
/* DNS Resolver */
129.79.5.100/32;
/* ndb1-blmt.abilene.ucaid.edu */
129.79.5.225/32;
/* IUB */
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
/* DNS Resolver */
134.68.1.9/32;
/* IUPUI */
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* VPN Groups */
156.56.175.0/27;
/* jump.grnoc.iu.edu */
192.12.206.196/32;
/* sd-pc.grnoc.iu.edu */
192.12.206.228/32;
/* Internet2 Ann Arbor */
207.75.164.0/23;
}
prefix-list OARNETRACKLAN-ACCESS {
192.148.251.0/24;
199.18.152.96/28;
}
prefix-list OBSERVATORY-SSH {
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH6 {
0::0/0;
}
prefix-list NOC-PARTICIPANT;
prefix-list MANLAN-ACCESS {
64.57.16.0/20;
129.79.5.18/32;
129.79.5.100/32;
129.79.5.225/32;
129.79.9.0/24;
129.79.216.64/27;
129.79.216.160/27;
134.68.1.9/32;
134.68.11.0/24;
134.68.107.0/24;
134.68.142.0/24;
149.165.129.24/32;
156.56.175.0/27;
192.12.206.196/32;
192.12.206.228/32;
}
policy-statement AMPATH-TO-ESNET {
term FROM-REACCIUN {
from as-path REACCIUN;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-ANSP {
from as-path ANSP;
then {
as-path-prepend 11537;
accept;
}
}
term FROM-RETINA {
from as-path RETINA;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement BLOCK-COMM-ASN {
term block-commercial-as {
from as-path COMMERCIAL;
then reject;
}
then next policy;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-AS12989-OUT {
term match {
from community CPS-AS12989-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS15169-OUT {
term match {
from community CPS-AS15169-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS20940-OUT {
term match {
from community CPS-AS20940-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22773-OUT {
term match {
from community CPS-AS22773-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS22822-OUT {
term match {
from community CPS-AS22822-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS29791-OUT {
term match {
from community CPS-AS29791-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS3549-OUT {
term match {
from community CPS-AS3549-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS36619-OUT {
term match {
from community CPS-AS36619-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS4565-OUT {
term match {
from community CPS-AS4565-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6079-OUT {
term match {
from community CPS-AS6079-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6327-OUT {
term match {
from community CPS-AS6327-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS6939-OUT {
term match {
from community CPS-AS6939-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS812-OUT {
term match {
from community CPS-AS812-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-AS9505-OUT {
term match {
from community CPS-AS9505-OUT;
then next policy;
}
term accept {
then accept;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MAGPI-CPS orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MAGPI-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
prefix-list-filter NOX-SPONSORED orlonger;
prefix-list-filter NOX-SEGP orlonger;
prefix-list-filter NOX-CORPORATE orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-NOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEER-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Announce Connector prefixes >= /24 */
term announce {
from {
protocol bgp;
community CPS-CONNECTOR;
route-filter 0.0.0.0/0 upto /24;
}
then next policy;
}
/* Originate a BGP for our Lookback Addresses */
term originate {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-PEERCONTROLS-OUT {
term block {
from community CPS-BLOCK;
then reject;
}
term prepend1 {
from community CPS-PREPEND1;
then {
as-path-prepend 11537;
accept;
}
}
term prepend2 {
from community CPS-PREPEND2;
then {
as-path-prepend "11537 11537";
accept;
}
}
term prepend3 {
from community CPS-PREPEND3;
then {
as-path-prepend "11537 11537 11537";
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-PEERS-IN {
/* Reject any BGP prefix if a private AS is in the path */
term reject-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
term accept {
from {
protocol bgp;
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-PEERS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-REMOVE-COMMS {
term remove {
then {
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
community delete DISCARD;
community delete CPS;
}
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement GEANT-TO-ESNET {
term FROM-GEANT {
from as-path GEANT;
then {
as-path-prepend 11537;
accept;
}
}
}
policy-statement IFTN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
community add IFTN;
accept;
}
}
}
policy-statement IFTN-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow-multicast {
from {
protocol bgp;
rib inet.2;
}
then accept;
}
term block {
from {
protocol bgp;
community [ NONITN CONNECTOR-ONLY ];
}
then reject;
}
term accept {
from protocol bgp;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement MAGPI-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAGPI-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter MAGPI-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAGPI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter MAGPI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term segp-exception {
from {
protocol bgp;
route-filter 208.67.140.0/30 exact;
}
then {
community add SEGP;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MAGPI-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAGPI-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NEXT-v4-v6-self {
from protocol bgp;
then {
next-hop 198.32.9.193;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NOX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NOX-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NOX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NOX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NOX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NOX6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* ESNET->GEANT backup advertisements (UCAID approved) */
policy-statement NREN-TO-GEANT {
term FROM {
from as-path NREN;
then accept;
}
}
policy-statement NYSERNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter NYSERNET-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
protocol bgp;
prefix-list-filter NYSERNET-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter NYSERNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter NYSERNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term participant-exception {
from {
protocol bgp;
route-filter 199.109.200.0/21 upto /28;
}
then next policy;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement NYSERNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter NYSERNET6-PARTICIPANT exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
/* Redistribute aggregates from static into BGP - do not block more specifics */
policy-statement ORIGINATE6-WITH-SPECIFICS {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
}
policy-statement PREF-IEEAF-12 {
then {
metric 2;
}
}
policy-statement PREF-IEEAF-192 {
then {
metric 1;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
policy-statement REMOVE-GBXv6 {
/* remove global-crossing v6 advertisements to geant--ticket 8032 */
term is-gbx {
from as-path GBX;
then reject;
}
term not-gbx {
then next term;
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
policy-statement SET-PREF-BACKUP {
term equal-to-peers {
from community EQUAL-TO-PEERS;
then {
local-preference 100;
next policy;
}
}
term lower-than-peers {
from community LOWER-THAN-PEERS;
then {
local-preference 60;
next policy;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1500::/56 longer;
route-filter 2001:468:0015::/48 longer;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-1/3/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-AS12989-OUT members *:12989;
community CPS-AS15169-OUT members *:15169;
community CPS-AS20940-OUT members *:20940;
community CPS-AS22773-OUT members *:22773;
community CPS-AS22822-OUT members *:22822;
community CPS-AS29791-OUT members *:29791;
community CPS-AS3549-OUT members *:3549;
community CPS-AS36619-OUT members *:36619;
community CPS-AS4565-OUT members *:4565;
community CPS-AS6079-OUT members *:6079;
community CPS-AS6327-OUT members *:6327;
community CPS-AS6939-OUT members *:6939;
community CPS-AS812-OUT members *:812;
community CPS-AS9505-OUT members *:9505;
community CPS-BLOCK members 65000:*;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community CPS-PREPEND1 members 65001:*;
community CPS-PREPEND2 members 65002:*;
community CPS-PREPEND3 members 65003:*;
community DISCARD members 11537:911;
community EQUAL-TO-PEERS members 11537:100;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community LOWER-THAN-PEERS members 11537:60;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL-IGRID ".*1.* | .*174.* | .*209.* | .*701.* | .*1239.* | .*1673.* | .*1740.* | .*1800.* | .*1833.* | .*2551.* | .*2548.* | .*2685.* | .*2914.* | .*3549.* | .*3561.* | .*3847.* | .*3951.* | .*3967.* | .*4183.* | .*4200.* | .*5683.* | .*6113.* | .*6172.* | .*6461.* | .*7018.*";
as-path COMM1 .*3265.*;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
/* temporary for ESNET->GEANT advertisements */
as-path ESNET "293 .*";
as-path ABILENE ".* 11537 .*";
as-path GEANT "20965 .*";
as-path REACCIUN "20312 .*";
as-path ANSP "1251 .*";
as-path RETINA "3597 .*";
as-path GBX ".* 3549 .*";
as-path NREN "24 .*";
as-path NLR ".* 19401 .*";
}
Firewall Stanza Removed removed
���newy32aoa�Žÿ��
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name WASH-re0;
}
}
re1 {
system {
host-name WASH-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
encapsulation atm-snap;
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
MSDP {
protocols {
msdp {
group CONNECTOR {
peer <*> {
active-source-limit {
maximum 2000;
threshold 1800;
}
}
}
group ITN {
peer <*> {
active-source-limit {
maximum 500;
threshold 450;
}
}
}
group FEDNET {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
group NONITN {
peer <*> {
active-source-limit {
maximum 4000;
threshold 3600;
}
}
}
}
}
}
CONNECTOR;
}
apply-groups [ re0 re1 ];
system {
domain-name abilene.ucaid.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
129.79.5.100;
134.68.1.9;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 64.57.28.249;
}
129.79.216.162 {
timeout 5;
source-address 64.57.28.249;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: NEWY-WASH OC-192 | I2-NEWY-WASH-O192-03914";
family inet {
address 64.57.28.11/31;
}
family inet6 {
address 2001:468:ff:0609::1/64;
}
family mpls {
mtu 9180;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "NGIX-EAST via Movaz LVL3->CLPK";
vlan-tagging;
mtu 9192;
unit 88 {
description "redCLARA via NGIX and AWave-FIU";
vlan-id 88;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.32.11.105/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c5::1/64;
}
}
unit 98 {
description "RNP via Atlantic Wave";
vlan-id 98;
family inet {
mtu 9000;
address 64.57.28.61/30;
}
}
unit 166 {
description "NREN via UMD NGIX | AS24";
vlan-id 166;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.32.11.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c2::1/64;
}
}
unit 183 {
description "MAX backup peering via NGIX-East";
vlan-id 183;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 206.196.177.106/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:185c::1/64;
}
}
unit 187 {
description "Mid-Atlantic Crossroads (MAX) Back-Up viz NGIX-East CPS-IPv6";
vlan-id 187;
family inet6 {
address 2001:468:ffff:185c::1/64;
}
}
unit 188 {
description "Mid-Atlantic Crossroads (MAX) Back-Up via NGIX-East CPS-IPv4";
vlan-id 188;
family inet {
mtu 9000;
address 206.196.177.27/31;
}
}
unit 194 {
description "ESNET via NGIX";
vlan-id 194;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 198.124.194.10/30;
}
}
unit 195 {
description "ESNET IPv6 via NGIX";
vlan-id 195;
family inet6 {
mtu 9000;
address 2001:468:ff:9c3::1/64;
}
}
unit 202 {
description "GEANT (Frankfurt OC-192)";
vlan-id 202;
family inet {
mtu 9000;
address 62.40.125.18/30;
}
family inet6 {
mtu 9000;
address 2001:0798:0014:10AA::12/126;
}
}
unit 297 {
description "NISN (via UMD NGIX) | AS:297";
vlan-id 173;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 192.84.8.254/30;
}
}
unit 668 {
description "DREN - Washington DC | AS:668";
vlan-id 174;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.34/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:18c4::1/64;
}
}
unit 669 {
description "Wright-Patterson AFB/Wright State Univ ctr in Dayton via DREN";
vlan-id 164;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 138.18.47.42/30;
}
}
unit 901 {
description "NREN backup via NGIX | AS24";
vlan-id 901;
family inet {
mtu 9000;
filter {
input connector-in;
}
address 64.57.28.40/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:09c1::1/64;
}
}
unit 987 {
description "DREN v6-only, AS668";
vlan-id 987;
family inet {
mtu 1500;
address 10.254.254.9/31;
}
family inet6 {
mtu 1500;
address 2001:468:ff:18c3::1/64;
}
}
unit 1842 {
description "US Geological Survey ( via UMD NGIX)) | AS:1842";
vlan-id 162;
family inet {
mtu 4470;
filter {
input connector-in;
}
address 137.227.2.182/30;
}
}
}
ge-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Merit via Internet2 DWS | I2-CLEV-WASH-10GE-004179";
vlan-tagging;
mtu 9192;
unit 352 {
description "OSCnet mcast-only peering vlan";
vlan-id 352;
family inet {
mtu 9000;
address 199.18.156.242/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:9c2::1/64;
}
}
unit 359 {
description "OSCnet R&E VLAN";
vlan-id 359;
family inet {
mtu 9000;
address 192.88.192.138/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:d4b::1/64;
}
}
unit 921 {
description "OSCnet [CPS]";
vlan-id 921;
family inet {
mtu 9000;
address 199.18.156.246/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:d4b::1/64;
}
}
unit 1004 {
description "Merit R&E via Cleveland";
vlan-id 1004;
family inet {
mtu 9000;
address 192.122.183.10/30;
}
}
unit 1005 {
description "[CPS] Merit via Cleveland";
vlan-id 1005;
family inet {
mtu 9000;
address 198.109.37.22/30;
}
}
}
so-1/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH OC-192 | I2-ATLA-WASH-O192-03916";
family inet {
address 64.57.28.7/31;
}
family inet6 {
address 2001:468:ff:109::2/64;
}
}
}
ge-2/0/0 {
description "Racklan HP 1Gig";
vlan-tagging;
mtu 9192;
unit 12 {
description "WASH Observatory 1G vlan";
vlan-id 12;
family inet {
mtu 9000;
}
}
}
ge-2/0/1 {
mtu 9192;
unit 0 {
description "nms-rthr1 p2p connection";
family inet {
mtu 9000;
address 64.57.16.17/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:101::1/64;
address 2001:468:9:101::16:17/64;
}
}
}
ge-2/0/2 {
mtu 9192;
unit 0 {
description "nms-rthr2 p2p connection";
family inet {
mtu 9000;
address 64.57.16.21/30;
}
family inet6 {
mtu 9000;
address 2001:468:9:100::1/64;
address 2001:468:9:100::16:21/64;
}
}
}
so-2/1/0 {
apply-groups INTERFACE-CONNECTOR;
no-keepalives;
mtu 9192;
clocking internal;
encapsulation frame-relay;
sonet-options {
rfc-2615;
}
unit 110 {
description "Mid-Atlantic Crossroads (MAX)";
point-to-point;
dlci 110;
family inet {
mtu 9180;
address 206.196.178.46/30;
}
family inet6 {
mtu 9180;
address 2001:468:c00:ffee::2/64;
}
}
unit 120 {
description "Mid-Atlantic Crossroads (MAX) Primary CPS-IPv6";
dlci 120;
family inet6 {
address 2001:468:ffff:9c4::1/64;
}
}
unit 130 {
description "Mid-Atlantic Crossroads(MAX) Primary CPS-IPv4";
dlci 130;
family inet {
address 206.196.177.25/31;
}
}
}
so-2/2/0 {
apply-groups INTERFACE-CONNECTOR;
unit 0 {
description "NSF DRAGON";
family inet {
address 140.173.1.238/30;
}
}
}
so-3/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: CHIC-WASH OC-192 | I2-CHIC-WASH-O192-03915";
family inet {
address 64.57.28.13/31;
}
family inet6 {
address 2001:468:ff:0209::1/64;
}
family mpls {
mtu 9180;
}
}
}
ge-3/1/0 {
description "to HP5406 B3 10GE";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description WASH-OOB;
vlan-id 10;
family inet {
address 64.57.24.254/24;
}
}
unit 11 {
description "WASH Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.1/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:11::1/64;
address 2001:468:9:11::16:1/64;
}
}
unit 12 {
description "WASH Obs 1Gig (temp)";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.33/28;
}
family inet6 {
mtu 9000;
address 2001:468:9:12::1/64;
address 2001:468:9:12::16:33/64;
}
}
unit 13 {
description "HOPI WASH Management";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.23.1/28;
}
}
unit 20 {
description "WASH VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.249/29;
}
}
unit 21 {
description "WASH VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.129/28;
}
}
unit 30 {
description "WASH 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.89/29;
}
family inet6 {
mtu 9000;
address 2001:468:9:30::1/64;
address 2001:468:9:30::23:89/64;
}
}
unit 31 {
description "WASH 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.121/29;
}
family inet6 {
mtu 9000;
address 2001:468:9:31::1/64;
address 2001:468:9:31::23:121/64;
}
}
unit 50 {
description "ISIS vlan";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
ge-3/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "Internet2 WASH Ciena CoreDirector";
vlan-tagging;
mtu 9192;
unit 3 {
description "Drexel via Internet2 Ciena CoreDirector | I2-PHIL-WASH-VLAN-04191";
vlan-id 3;
family inet {
mtu 9000;
address 204.238.76.6/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0960::1/64;
}
}
unit 4 {
description "Drexel v4 CPS via Internet2 CienaCoreDirector|I2-PHIL-WASH-VLAN-04191 [NO-MONITOR]";
vlan-id 4;
family inet {
mtu 9000;
address 204.238.76.2/30;
}
}
unit 5 {
description "Drexel v6 CPS via Internet2 CienaCoreDirector|I2-PHIL-WASH-VLAN-04191 [NO-MONITOR]";
vlan-id 5;
family inet6 {
mtu 9000;
address 2001:468:ffff:960::1/64;
}
}
unit 506 {
description "3ROX via Internet2 Ciena CoreDirector | I2-PITT-WASH-VLAN-04178";
vlan-id 506;
family inet {
mtu 9000;
address 192.88.115.25/31;
}
family inet6 {
address 2001:5e8:0:fffd:0:2:2:2/120;
}
}
unit 507 {
description "3ROX [CPS]";
vlan-id 507;
family inet {
mtu 1500;
address 192.88.115.117/31;
}
}
unit 509 {
description "3ROX IPv6 [CPS]";
vlan-id 509;
family inet6 {
mtu 1500;
address 2001:5E8:0:FFFD:0:2:3:2/120;
}
}
}
ge-3/3/0 {
description HOPI-DC;
vlan-tagging;
mtu 9180;
encapsulation vlan-ccc;
}
dsc {
unit 0 {
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.249/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0300.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:9::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.249/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff09::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.4 {
port 4196;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
helpers {
bootp {
interface {
ge-0/2/0 {
server 64.57.24.1;
}
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:ff:1200::/56;
route 2001:468:0012::/48;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
route 198.32.154.144/28 discard;
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.249;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
interface ge-2/2/0.12 {
version 2;
static {
group 239.2.22.5;
group 239.2.22.4;
}
}
interface ge-2/2/3.0 {
version 3;
}
}
mld {
interface all;
}
router-advertisement {
interface ge-2/2/0.12 {
no-other-stateful-configuration;
prefix 2001:468:12:2::1/64;
}
interface ge-2/2/0.13 {
no-other-stateful-configuration;
prefix 2001:468:12:3::1/64;
}
interface ge-2/2/0.11 {
no-other-stateful-configuration;
prefix 2001:468:12:1::1/64;
}
interface ge-2/2/1.0 {
no-other-stateful-configuration;
prefix 2001:468:12:4::1/64;
}
interface ge-2/2/2.0 {
no-other-stateful-configuration;
prefix 2001:468:12:5::1/64;
}
interface ge-2/2/0.14 {
no-other-stateful-configuration;
prefix 2001:468:12:6::1/64;
}
interface ge-2/2/0.15 {
no-other-stateful-configuration;
prefix 2001:468:12:7::1/64;
}
interface ge-2/2/3.0 {
no-other-stateful-configuration;
prefix 2001:468:12:8::1/64;
}
}
rsvp {
/* BACKBONE to CHIC */
interface so-3/0/0.0;
/* BACKBONE to NEWY */
interface so-0/0/0.0;
/* BACKBONE TO ATLA */
interface so-1/1/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path WASH->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path WASH->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path WASH->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path WASH->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path WASH->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path WASH->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path WASH->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path WASH->HOUS {
to 64.57.28.244;
fast-reroute;
}
path toITEC {
198.86.17.65 strict;
128.109.66.2 strict;
128.109.41.254 strict;
}
/* BACKBONE TO NEWY */
interface so-0/0/0.0;
/* BACKBONE TO CHIC */
interface so-3/0/0.0;
/* BACKBONE TO ATLA */
interface so-1/1/0.0;
}
bgp {
log-updown;
/* IPv4 iBGP Peers */
group INTERNET2 {
type internal;
local-address 64.57.28.249;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
}
/* IPv6 iBGP Peers */
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:9::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 64.57.16.4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 64.57.16.1;
family inet {
unicast;
multicast;
}
cluster 64.57.16.1;
}
neighbor 2001:468:9:11::16:4 {
description "nms-rpsv.wash zebra bgpd [NO-MONITOR]";
local-address 2001:468:9:11::1;
family inet6 {
unicast;
multicast;
}
}
neighbor 134.68.246.51 {
description "rtr.wash.net.internet2.edu/REN-ISAC [NO-MONITOR]";
local-address 64.57.28.249;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
multihop {
ttl 10;
}
local-address 64.57.28.249;
hold-time 65535;
family inet {
unicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 206.196.178.45 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 192.88.192.137 {
description OSCnet;
import [ SANITY-IN SET-PREF OARNET-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 3112;
}
neighbor 204.238.76.5 {
description "Drexel University";
import [ SANITY-IN SET-PREF DREXEL-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 11834;
}
neighbor 192.88.115.24 {
description 3ROX;
import [ SANITY-IN SET-PREF PSC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 5050;
}
neighbor 206.196.177.105 {
description "Mid-Atlantic Crossroads BACKUP peering through NGIX-East";
import [ SANITY-IN SET-PREF MAX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10886;
}
neighbor 138.18.47.41 {
description "Wright State Univ campus inside of Wright-Patterson AFB, Dayton, through DREN/MCI";
import [ SANITY-IN SET-PREF WSU-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 668;
}
neighbor 199.18.156.241 {
description "OARNET mcast-only for their non-I2 customers";
import [ SANITY-IN SET-PREF OARNET-MULTICAST-IN ];
family inet {
multicast;
}
Authentication Data Removed
peer-as 600;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:c00:ffee::1 {
description "Mid-Atlantic Crossroads (MAX)";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
/* turned down temporarily - see ticket 10397 */
inactive: neighbor 2001:468:ff:d4b::2 {
description OARnet;
import [ SANITY6 SET-PREF OARNET-IN6 ];
Authentication Data Removed
peer-as 3112;
}
neighbor 2001:5e8:0:fffd:0:2:2:1 {
description "Three Rivers Optical Exchange (3ROX)";
import [ SANITY6 SET-PREF PSC-IN6 ];
Authentication Data Removed
peer-as 5050;
}
neighbor 2001:468:ff:185c::2 {
description "Mid-Atlantic Crossroads BACKUP via NGIX-E";
import [ SANITY6 SET-PREF MAX-IN6 ];
Authentication Data Removed
peer-as 10886;
}
neighbor 2001:468:ff:0960::2 {
description "Drexel [NO-MONITOR]";
import [ SANITY6 SET-PREF DREXEL-IN6 ];
Authentication Data Removed
peer-as 11834;
}
neighbor 2001:468:ff:9c2::2 {
description "OARnet IPv6 Multicast [NO-MONITOR]";
import [ SANITY6 SET-PREF OARNET-IN6 ];
family inet6 {
any;
}
Authentication Data Removed
peer-as 600;
}
}
inactive: group ISP-MCAST {
import [ SANITY-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
}
group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
neighbor 140.173.1.237 {
description DRAGON;
/* treated as a connector */
import [ SANITY-IN SET-PREF DRAGON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 7082;
include-mp-next-hop;
}
neighbor 192.84.8.253 {
description NISN;
Authentication Data Removed
peer-as 297;
}
neighbor 138.18.47.33 {
description "Dren (Worldcom via UMD NGIX)";
Authentication Data Removed
peer-as 668;
}
neighbor 198.32.11.22 {
description "NREN-Goddard via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 64.57.28.41 {
description "NREN-McLEAN via NGIX";
hold-time 30;
family inet {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 GEANT-TO-NREN CLARA-TO-NREN FEDNET-OUT ];
peer-as 24;
}
neighbor 198.124.194.9 {
description "ESNET via NGIX";
Authentication Data Removed
peer-as 293;
}
neighbor 137.227.2.181 {
description "US Geological Survey";
Authentication Data Removed
peer-as 22284;
}
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
/* ESNET routes exported to GEANT as backup per UCAID agreement with Dante */
neighbor 62.40.125.17 {
description "GEANT (Frankfurt) via MAX";
family inet {
unicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
multicast {
prefix-limit {
maximum 5000;
teardown 90;
}
}
}
Authentication Data Removed
export [ DATATAG-DEMO SANITY-OUT ORIGINATE4 ORIGINATE6 ESNET-TO-GEANT NREN-TO-GEANT ITN-OUT ];
peer-as 20965;
}
neighbor 198.32.11.106 {
description "CLARA via NGIX and Awave-FIU";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 27750;
}
neighbor 64.57.28.62 {
description "RNP via Atlantic Wave";
Authentication Data Removed
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
peer-as 1916;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:0798:0014:10AA::11 {
description "GEANT - Frankfurt IPv6";
Authentication Data Removed
peer-as 20965;
}
neighbor 2001:468:ff:18c5::2 {
description "CLARA via NGIX & Awave-FIU";
Authentication Data Removed
peer-as 27750;
}
}
group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
neighbor 2001:468:ff:18c2::2 {
description "NREN-Goddard via NGIX";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:18c3::2 {
description "DREN v6-only testbed";
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:18c4::2 {
description "DREN network";
family inet6 {
any;
}
Authentication Data Removed
peer-as 668;
}
neighbor 2001:468:ff:09c1::2 {
description "NREN-McLean via NGIX & Dragon";
family inet6 {
unicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
Authentication Data Removed
peer-as 24;
}
neighbor 2001:468:ff:9c3::2 {
description "ESNET IPv6 via NGIX [NO-MONITOR]";
family inet6 {
any;
}
Authentication Data Removed
peer-as 293;
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* BACKBONE TO NEWY */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 278;
}
/* BACKBONE TO ATLA */
interface so-1/1/0.0 {
level 1 disable;
level 2 metric 700;
}
/* BACKBONE TO CHIC */
interface so-3/0/0.0 {
level 1 disable;
level 2 metric 905;
}
interface ge-3/1/0.30 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.31 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.50 {
level 1 disable;
level 2 metric 9999;
}
/* Run IS-IS Passively on all interface */
interface all {
level 1 disable;
level 2 passive;
}
}
msdp {
inactive: apply-groups MSDP;
rib-group mcast-rpf-rg;
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.249;
/* STTLng */
peer 198.32.8.200;
/* SNVAng */
peer 198.32.8.201;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* MAX */
peer 206.196.178.45 {
local-address 206.196.178.46;
}
/* OARNET */
peer 192.88.192.137 {
local-address 192.88.192.138;
}
/* OARNET MCAST-ONLY */
peer 199.18.156.241 {
local-address 199.18.156.242;
}
/* MAX backup peering via NGIX-E */
peer 206.196.177.105 {
local-address 206.196.177.106;
}
/* Drexel University */
peer 204.238.76.5 {
local-address 204.238.76.6;
}
/* Three Rivers Optical Exchange (3ROX) */
peer 192.88.115.24 {
local-address 192.88.115.25;
}
}
group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
/* NISN (via NGIX-E) */
peer 192.84.8.253 {
local-address 192.84.8.254;
}
/* DREN (via NGIX-E) */
peer 138.18.9.253 {
local-address 138.18.47.34;
}
/* NREN (via NGIX-E) */
peer 198.32.11.22 {
local-address 198.32.11.21;
}
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CLARA via NGIX-AWave */
peer 198.32.11.106 {
local-address 198.32.11.105;
}
/* RNP via Atlantic Wave */
peer 64.57.28.62 {
local-address 64.57.28.61;
}
/* GEANT - Frankfort */
peer 62.40.125.17 {
local-address 62.40.125.18;
}
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
/* Merit shared access circuit - VC to Qwest */
interface so-2/1/2.0 {
disable;
}
}
connections {
lsp-switch U->IPLStoIPLS->WASH {
transmit-lsp IPLS->WASH; ## 'IPLS->WASH' is not defined
receive-lsp IU->IPLS;
}
lsp-switch WASH->IPLStoIPLS->IU {
transmit-lsp IPLS->IU; ## 'IPLS->IU' is not defined
receive-lsp WASH->IPLS;
}
lsp-switch ITEC->WASHtoWASH->IPLS {
transmit-lsp WASH->IPLS; ## 'WASH->IPLS' is not defined
receive-lsp ITEC->WASH;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* snmp.grnoc.iu.edu -- SNMP Data Collection */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
134.68.107.113/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* discvenue.internet2.edu */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list INGIG;
prefix-list CPS-INGIG {
/* Ball State University */
12.159.195.0/24;
/* Ball State University */
12.159.206.0/23;
/* Ball State University */
12.159.209.0/24;
/* Monroe County Community School Corporation */
66.244.122.0/23;
/* Purdue University Calumet */
69.51.160.0/19;
/* CSPAN Archives */
72.12.215.0/24;
/* Purdue University */
128.10.0.0/16;
/* Purdue University */
128.46.0.0/16;
/* Purdue University */
128.210.0.0/16;
/* Purdue University */
128.211.0.0/16;
/* Indiana University */
129.79.0.0/16;
/* Saint Joseph's College */
131.93.0.0/16;
/* Indiana University */
134.68.0.0/16;
/* Indiana State University */
139.102.0.0/16;
/* Indiana University */
140.182.0.0/16;
/* Saint Mary's College */
147.53.0.0/16;
/* Ball State University */
147.226.0.0/16;
/* Indiana University */
149.159.0.0/16;
/* Indiana University */
149.160.0.0/14;
/* Indiana University */
149.164.0.0/16;
/* Indiana University */
149.165.0.0/16;
/* Indiana University */
149.166.0.0/16;
/* Valparaiso University */
152.228.0.0/16;
/* Indiana University */
156.56.0.0/16;
/* IHETS */
157.91.0.0/16;
/* Earlham College */
159.28.0.0/16;
/* Vincennes University */
159.218.0.0/16;
/* DePauw University */
163.120.0.0/16;
/* Purdue University North Central */
163.245.0.0/16;
/* IHETS */
165.138.0.0/16;
/* IHETS */
165.139.0.0/16;
/* Indianapolis Public Schools */
167.217.0.0/16;
/* IVYTech Community College of Indiana */
168.91.0.0/16;
/* Indiana Purdue Fort Wayne */
168.102.0.0/17;
/* State of Indiana */
192.104.19.0/24;
/* University of Indianapolis */
192.146.191.0/24;
/* University of Indianapolis */
192.146.192.0/24;
/* Manchester College */
192.189.3.0/24;
/* Hanover College */
192.200.128.0/21;
/* University of Southern Indiana */
192.206.9.0/24;
/* University of Southern Indiana */
192.206.10.0/23;
/* Franklin College of Indiana */
192.207.174.0/23;
/* Franklin College of Indiana */
192.207.176.0/23;
/* Franklin College of Indiana */
192.207.178.0/24;
/* Goshen College */
198.51.243.0/24;
/* Goshen College */
198.51.244.0/24;
/* Private Academic Library Network of Indiana */
198.62.84.0/24;
/* Tri-State University */
198.62.98.0/24;
/* IHETS */
199.8.0.0/16;
/* Purdue University - Agriculture Information Technology */
204.52.32.0/20;
/* Purdue University - Agriculture Information Technology */
204.52.48.0/20;
/* Vigo County School Corp. */
205.137.32.0/20;
/* Purdue University Calumet */
205.215.64.0/18;
/* Indiana State Library */
208.119.0.0/16;
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list MAX-PARTICIPANT {
63.164.28.0/22;
63.171.236.0/24;
65.113.61.0/24;
65.114.168.128/25;
65.114.168.192/26;
65.123.202.0/25;
65.160.123.0/24;
65.162.18.0/23;
65.172.14.0/24;
65.172.70.0/24;
66.208.61.0/24;
128.8.0.0/16;
128.82.0.0/16;
128.143.0.0/16;
128.150.0.0/16;
128.164.0.0/16;
128.172.0.0/16;
128.173.0.0/16;
128.177.16.0/23;
128.177.18.0/24;
128.220.0.0/16;
128.231.0.0/16;
128.239.0.0/16;
128.244.0.0/16;
129.2.0.0/16;
129.43.0.0/16;
129.165.0.0/16;
129.174.0.0/16;
130.14.0.0/16;
130.129.0.0/16;
134.231.0.0/16;
136.242.0.0/16;
137.54.0.0/16;
137.187.0.0/16;
137.198.0.0/16;
138.220.0.0/16;
139.70.0.0/16;
140.90.0.0/16;
140.147.0.0/16;
140.173.153.0/29;
140.173.170.0/24;
140.173.174.0/26;
140.173.180.0/24;
141.142.204.0/24;
141.161.0.0/16;
141.166.0.0/16;
147.9.0.0/16;
148.129.0.0/16;
148.129.64.0/19;
148.129.128.0/19;
155.206.0.0/16;
156.40.0.0/16;
157.98.0.0/16;
159.230.0.0/16;
161.253.0.0/16;
162.99.224.0/19;
162.129.0.0/16;
164.106.0.0/16;
164.114.0.0/16;
165.112.0.0/16;
169.154.0.0/17;
169.154.128.0/17;
192.5.215.0/24;
192.12.209.0/24;
192.26.10.0/24;
192.35.48.0/24;
192.35.49.0/24;
192.35.129.0/24;
192.52.179.0/24;
192.54.96.0/24;
192.58.3.0/24;
192.58.232.0/24;
192.64.69.0/24;
192.70.187.0/24;
192.86.97.0/24;
192.86.98.0/24;
192.86.99.0/24;
192.86.100.0/24;
192.86.101.0/24;
192.86.102.0/24;
192.86.103.0/24;
192.86.104.0/24;
192.86.105.0/24;
192.86.106.0/24;
192.102.88.0/24;
192.107.190.0/24;
192.107.195.0/24;
192.124.118.0/24;
192.156.228.0/24;
192.231.145.0/24;
192.231.146.0/24;
192.231.147.0/24;
192.239.66.0/24;
198.10.49.0/24;
198.31.12.0/24;
198.62.77.0/24;
198.77.76.0/24;
198.77.177.0/24;
198.82.0.0/16;
198.118.0.0/15;
198.181.231.0/24;
198.186.238.0/23;
198.206.32.0/20;
198.206.48.0/21;
199.0.138.0/23;
199.26.254.0/24;
199.75.86.0/23;
199.79.165.0/24;
199.79.166.0/24;
199.111.162.0/23;
199.111.164.0/22;
199.111.168.0/21;
199.111.176.0/20;
199.111.192.0/18;
199.125.175.0/24;
199.249.158.0/24;
204.91.114.0/24;
204.192.128.0/17;
204.194.224.0/22;
204.194.228.0/23;
205.128.154.0/23;
205.131.248.0/21;
205.156.0.0/19;
205.156.32.0/20;
205.156.48.0/21;
205.160.38.0/23;
205.253.57.0/24;
206.196.160.0/19;
206.196.176.0/21;
206.229.212.0/22;
206.241.0.0/22;
206.241.3.0/24;
206.241.145.0/24;
206.241.148.0/23;
206.241.252.0/24;
206.241.253.0/24;
207.77.112.0/20;
207.245.162.0/24;
208.16.73.0/24;
208.22.77.0/24;
208.22.78.0/24;
208.35.27.64/26;
216.38.95.0/24;
}
prefix-list MAX-SPONSORED {
65.127.220.0/23;
67.133.232.0/23;
160.111.0.0/16;
160.253.0.0/16;
192.12.83.0/24;
192.207.234.0/24;
192.239.84.0/24;
192.245.136.0/24;
198.91.32.0/21;
198.91.40.0/23;
199.33.3.0/24;
199.133.3.0/24;
199.133.32.0/24;
199.133.35.0/24;
199.133.38.0/24;
199.133.45.0/24;
199.133.46.0/24;
199.133.47.0/24;
199.133.48.0/24;
199.133.49.0/24;
199.133.51.0/24;
199.133.52.0/24;
199.133.54.0/24;
199.133.55.0/24;
199.133.56.0/24;
199.133.57.0/24;
199.133.58.0/24;
199.133.59.0/24;
199.133.60.0/24;
199.133.61.0/24;
199.133.62.0/24;
199.133.63.0/24;
199.133.64.0/24;
199.133.66.0/24;
199.133.67.0/24;
199.133.69.0/24;
199.133.72.0/24;
199.133.74.0/24;
199.133.75.0/24;
199.133.153.0/24;
199.133.179.0/24;
205.128.219.0/24;
205.128.220.0/22;
}
prefix-list MAX-SEGP {
4.17.88.0/21;
4.79.201.0/26;
64.5.128.0/20;
64.5.141.0/24;
64.5.144.0/24;
64.5.145.0/24;
64.5.147.0/24;
64.5.148.0/24;
64.5.152.0/24;
64.5.155.0/24;
64.5.159.0/24;
64.26.64.0/18;
65.160.148.0/23;
65.168.144.0/24;
66.250.190.0/24;
66.250.191.0/24;
76.7.54.0/23;
130.85.0.0/16;
131.118.0.0/16;
131.171.0.0/16;
134.192.0.0/16;
136.160.0.0/16;
137.45.0.0/16;
138.78.0.0/16;
151.188.0.0/16;
158.103.0.0/16;
169.156.0.0/16;
192.33.115.0/24;
192.33.116.0/24;
192.33.117.0/24;
192.131.232.0/24;
192.146.226.0/24;
192.188.199.0/24;
198.38.16.0/20;
198.51.208.0/24;
198.69.82.0/24;
198.200.181.0/24;
198.202.0.0/21;
199.88.192.0/24;
204.52.128.0/22;
204.62.32.0/20;
204.62.48.0/22;
204.152.152.0/23;
204.153.76.0/22;
207.86.27.160/27;
208.27.92.0/22;
208.40.149.48/28;
208.40.161.64/27;
208.40.177.0/24;
208.40.194.0/24;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.8/29;
209.114.187.240/29;
209.116.253.32/27;
209.243.32.0/20;
216.54.48.0/23;
216.152.80.0/20;
}
prefix-list MAX-PARTICIPANTS6 {
2001:468:C00::/40;
2001:468:ffff:9c4::/64;
2001:468:ffff:185c::/64;
2001:04d0:9c00::/40;
}
prefix-list OARNET-PARTICIPANT {
64.247.64.0/18;
128.146.0.0/16;
129.22.0.0/16;
129.137.0.0/16;
130.101.0.0/16;
130.108.0.0/16;
131.123.0.0/16;
131.183.0.0/16;
132.235.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
169.240.0.0/16;
192.5.109.0/24;
192.5.110.0/24;
192.5.111.0/24;
192.5.112.0/24;
192.5.113.0/24;
192.88.191.0/24;
192.88.192.0/24;
192.88.193.0/24;
192.88.194.0/24;
192.88.195.0/24;
192.132.213.0/24;
192.138.88.0/24;
192.148.235.0/24;
192.148.236.0/22;
192.148.240.0/21;
192.148.244.0/24;
192.148.248.0/22;
192.148.250.0/24;
192.148.251.0/24;
192.153.27.0/24;
192.153.28.0/24;
192.153.36.0/24;
192.153.37.0/24;
192.153.38.0/24;
/* Ohio Supercomputing Center */
192.153.39.0/24;
192.153.40.0/24;
192.153.41.0/24;
192.157.5.0/24;
192.232.26.0/23;
/* OSU */
192.232.26.0/24;
/* OSU */
192.232.27.0/24;
192.232.28.0/24;
/* OARnet */
198.30.86.0/24;
/* OARnet */
198.30.87.0/24;
199.26.250.0/24;
199.190.226.0/24;
199.249.228.0/24;
204.128.178.0/24;
/* OARnet */
206.244.200.0/21;
}
prefix-list OARNET-SPONSORED {
204.152.48.0/24;
204.152.49.0/24;
205.142.196.0/24;
205.142.197.0/24;
205.142.198.0/24;
205.142.199.0/24;
}
prefix-list OARNET-SEGP {
64.18.32.0/20;
64.113.176.0/20;
64.254.64.0/20;
65.182.112.0/20;
66.114.0.0/19;
66.144.22.0/24;
66.144.23.0/24;
66.145.194.0/24;
66.145.203.0/24;
66.203.16.0/20;
66.203.32.0/19;
129.1.0.0/16;
131.187.0.0/16;
131.238.0.0/16;
132.162.0.0/16;
134.53.0.0/16;
136.227.0.0/16;
136.247.0.0/16;
137.148.0.0/16;
138.28.0.0/16;
140.103.0.0/16;
140.106.0.0/16;
140.141.0.0/16;
140.220.0.0/16;
140.228.0.0/16;
141.110.0.0/16;
141.139.0.0/16;
143.105.0.0/16;
143.206.0.0/16;
144.50.0.0/16;
146.78.0.0/16;
146.85.0.0/16;
149.143.0.0/16;
150.134.0.0/16;
156.63.57.0/24;
156.63.144.0/24;
156.63.176.0/24;
157.134.0.0/16;
163.11.0.0/16;
164.83.0.0/16;
192.42.153.0/24;
192.55.234.0/24;
192.68.223.0/24;
192.70.252.0/24;
192.131.123.0/24;
192.150.115.0/24;
192.153.31.0/24;
192.153.32.0/24;
192.153.33.0/24;
192.153.34.0/24;
/* The National Underground Railroad Freedom Center (NURFC) */
192.153.35.0/24;
192.232.30.0/24;
198.30.0.0/16;
198.140.201.0/24;
198.203.64.0/18;
198.234.184.0/23;
198.234.187.0/24;
198.234.188.0/22;
198.234.192.0/22;
198.234.196.0/23;
198.234.200.0/21;
199.18.0.0/16;
/* Mount Union College */
199.18.32.0/20;
/* Mount Union College */
199.18.204.0/22;
/* Mount Union College */
199.18.208.0/22;
/* Mount Union College */
199.18.234.0/23;
/* Mount Union College */
199.18.236.0/22;
/* Mount Union College */
199.18.238.0/24;
/* Mount Union College */
199.18.239.0/24;
199.120.181.0/24;
199.218.0.0/16;
204.9.144.0/21;
204.10.216.0/21;
204.11.184.0/21;
204.89.239.0/24;
204.128.217.0/24;
205.133.0.0/16;
206.21.0.0/16;
206.244.0.0/16;
/* Mount Union College */
206.244.128.0/22;
/* Cleveland Institute of Art */
208.50.108.0/24;
208.71.72.0/21;
208.108.0.0/16;
208.122.64.0/19;
208.122.96.0/20;
209.34.112.0/20;
216.48.128.0/20;
}
prefix-list OARNET-PARTICIPANTS6 {
2610:a8::/32;
}
prefix-list DREXEL-PARTICIPANT {
129.25.0.0/16;
144.118.0.0/16;
192.54.238.0/24;
198.17.30.0/24;
204.238.76.0/24;
}
prefix-list DREXEL-SEGP {
144.26.0.0/16;
/* West Chester University */
144.80.0.0/16;
147.64.0.0/16;
148.137.0.0/16;
151.161.0.0/16;
156.12.0.0/16;
157.62.0.0/16;
157.160.0.0/16;
158.83.0.0/16;
166.66.0.0/16;
192.147.113.0/24;
192.148.218.0/24;
192.148.234.0/24;
192.149.243.0/24;
192.152.127.0/24;
192.153.187.0/24;
192.190.237.0/24;
192.206.29.0/24;
192.234.172.0/24;
198.206.191.0/24;
199.5.197.0/24;
199.5.198.0/23;
199.5.200.0/24;
204.108.160.0/19;
204.235.144.0/21;
204.235.148.0/23;
204.235.158.0/23;
204.235.160.0/20;
205.149.64.0/19;
206.225.96.0/19;
209.250.192.0/19;
}
prefix-list PSC-PARTICIPANT {
63.118.64.0/23;
66.71.0.0/17;
128.2.0.0/16;
128.118.0.0/16;
128.182.0.0/16;
128.237.0.0/16;
130.49.0.0/16;
130.203.0.0/16;
136.142.0.0/16;
146.186.0.0/16;
147.73.0.0/16;
150.212.0.0/16;
150.231.0.0/16;
157.182.0.0/16;
192.5.146.0/24;
192.5.157.0/24;
192.5.159.0/24;
192.12.32.0/24;
192.58.107.0/24;
192.68.217.0/24;
192.80.210.0/24;
192.88.99.0/24;
192.88.114.0/24;
192.88.115.0/24;
192.88.209.0/24;
192.88.210.0/24;
192.101.140.0/24;
198.32.224.0/24;
199.111.112.0/20;
199.164.236.0/24;
204.155.176.0/20;
204.194.24.0/22;
204.194.28.0/22;
}
prefix-list PSC-SPONSORED {
147.72.107.0/24;
147.72.108.0/22;
147.72.112.0/22;
147.72.116.0/23;
147.72.118.0/24;
198.206.16.0/20;
}
prefix-list PSC-SEGP {
63.133.224.0/24;
63.133.225.0/24;
63.133.226.0/24;
63.133.227.0/24;
63.133.228.0/24;
63.133.229.0/24;
63.133.230.0/24;
63.133.231.0/24;
63.133.232.0/24;
63.133.233.0/24;
63.133.234.0/24;
63.133.235.0/24;
63.133.236.0/24;
63.133.237.0/24;
63.133.238.0/24;
63.133.239.0/24;
63.133.240.0/24;
63.133.241.0/24;
63.133.242.0/24;
63.133.243.0/24;
63.133.244.0/24;
63.133.245.0/24;
63.133.246.0/24;
63.133.247.0/24;
63.133.248.0/24;
63.133.249.0/24;
63.133.250.0/24;
63.133.251.0/24;
63.133.252.0/24;
63.133.253.0/24;
63.133.254.0/24;
64.83.132.0/24;
64.83.133.0/24;
64.83.134.0/24;
64.83.135.0/24;
64.83.136.0/24;
64.83.137.0/24;
64.83.138.0/24;
64.83.140.0/24;
64.83.141.0/24;
64.83.142.0/24;
64.83.143.0/24;
64.83.152.0/24;
64.83.153.0/24;
64.83.155.0/24;
64.83.158.0/24;
65.110.114.0/24;
66.230.74.32/28;
72.237.88.0/22;
147.72.67.192/26;
150.232.0.0/16;
208.40.149.48/28;
208.40.161.64/27;
208.40.177.0/24;
208.40.180.0/24;
208.40.194.0/24;
209.114.143.0/24;
209.114.144.0/23;
209.114.187.240/29;
}
prefix-list SOX-BACKUP-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.24.0/24;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.90.0.0/16;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
}
prefix-list SOX-BACKUP-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-BACKUP-SPONSORED {
66.187.234.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/18;
152.97.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
prefix-list SOX-BACKUP-SEGP {
72.158.165.0/24;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.232.128.0/18;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-BACKUP-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-BACKUP-EXCEPTION-FEDNET {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-BACKUP-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list OARNET-CPSONLY {
12.41.33.0/24;
64.18.32.0/20;
64.31.64.0/18;
64.31.64.0/19;
65.163.228.0/23;
66.100.144.0/24;
66.100.145.0/24;
66.100.146.0/24;
66.100.147.0/24;
66.100.148.0/24;
66.100.149.0/24;
66.100.150.0/24;
128.156.0.0/16;
131.167.0.0/16;
134.243.0.0/16;
139.88.0.0/16;
162.50.0.0/16;
192.12.205.0/24;
192.55.90.0/23;
192.58.246.0/24;
192.68.143.0/24;
192.131.246.0/24;
192.148.236.0/24;
192.148.237.0/24;
192.148.238.0/24;
192.148.239.0/24;
192.153.26.0/23;
192.153.26.0/24;
192.153.28.0/22;
192.153.29.0/24;
192.153.30.0/24;
192.232.16.0/20;
198.4.94.0/24;
198.179.229.0/24;
198.242.35.0/24;
199.0.140.0/22;
199.26.177.0/24;
199.74.236.0/24;
199.74.237.0/24;
199.176.156.0/24;
199.178.128.0/18;
204.29.170.0/24;
204.90.74.0/24;
206.131.208.0/20;
207.42.216.0/24;
209.11.224.0/20;
216.28.31.0/24;
}
prefix-list PSC-PARTICIPANT6 {
2001:468:200::/40;
2001:5e8::/32;
2001:5e8::/33;
2002::/16;
2610:8::/32;
}
prefix-list WSU-PARTICIPANT {
192.148.236.0/24;
}
prefix-list WSU-EXCEPTION {
138.18.22.16/30;
}
prefix-list DRAGON-PARTICIPANT {
140.173.0.0/16;
}
prefix-list DREXEL-PARTICIPANTS6 {
2001:468:2000::/40;
}
prefix-list OARNET-MULTICAST-ROUTES {
128.146.0.0/16;
129.22.0.0/16;
131.123.0.0/16;
131.123.0.0/19;
131.123.32.0/20;
131.123.48.0/20;
131.123.64.0/19;
131.123.96.0/19;
131.123.128.0/17;
137.148.0.0/16;
140.254.0.0/16;
164.107.0.0/16;
192.5.109.0/24;
192.12.205.0/24;
192.68.143.0/24;
192.148.244.0/24;
192.150.115.0/24;
192.153.26.0/24;
192.153.41.0/24;
199.18.139.0/24;
199.18.140.0/24;
199.18.141.0/24;
206.21.72.0/24;
206.21.144.0/24;
206.21.145.0/24;
206.21.146.0/23;
206.21.148.0/22;
206.21.152.0/21;
206.244.152.0/22;
}
prefix-list PSC-EXCEPTION-SEGP {
208.40.149.48/28;
208.40.161.64/27;
209.114.187.8/29;
209.114.187.240/29;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list CPS-3ROX-CPS-ONLY {
12.169.112.0/24;
63.118.64.0/23;
147.72.64.0/18;
147.128.0.0/16;
147.128.68.0/22;
150.212.0.0/16;
158.83.0.0/16;
162.51.0.0/16;
163.129.0.0/16;
169.144.0.0/16;
192.88.115.0/24;
204.9.144.0/21;
209.131.80.0/20;
216.152.144.0/20;
}
prefix-list OBSERVATORY-SSH {
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH6 {
0::0/0;
}
policy-statement CLARA-TO-NREN {
term FROM-CLARA {
from as-path CLARA;
then accept;
}
}
/* generic import policy for all connectors */
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
prefix-list-filter PSC-SEGP orlonger;
prefix-list-filter PSC-SPONSORED orlonger;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
prefix-list-filter CPS-3ROX-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-3ROX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-MAX-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MAX-PARTICIPANT orlonger;
prefix-list-filter MAX-SEGP orlonger;
prefix-list-filter MAX-SPONSORED orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MAX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-OARNET-IN {
term accept {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
prefix-list-filter OARNET-SPONSORED orlonger;
prefix-list-filter OARNET-SEGP orlonger;
prefix-list-filter OARNET-CPSONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-OSCNET-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement DATATAG-DEMO {
term 1 {
from {
protocol static;
route-filter 198.32.154.144/28 exact;
}
then accept;
}
}
policy-statement DRAGON-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DRAGON-PARTICIPANT orlonger;
}
then accept;
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN {
term participant {
from {
protocol bgp;
prefix-list-filter DREXEL-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter DREXEL-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement DREXEL-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter DREXEL-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then accept;
}
}
policy-statement ESNET-TO-GEANT {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* import policy for IPv6 FEDNET peers */
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement GEANT-TO-NREN {
term FROM-GEANT {
from as-path GEANT;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for mcast-only peerings with commerical ISPs */
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for IPv6 peerings with commercial ISPs */
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
/* import policy for IPv6 ITN peerings */
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement MAX-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MAX-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MAX-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MAX-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement MAX-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MAX-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term accept-v6-transit {
from {
as-path MAX-V6-TRANSIT;
family inet6;
}
then {
local-preference 100;
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
/* import policy for IPv6 NONITN peerings */
policy-statement NONITN-IN6 {
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement NREN-TO-GEANT {
term FROM-NREN {
from as-path NREN;
then accept;
}
}
policy-statement OARNET-IN {
term participant {
from {
protocol bgp;
prefix-list-filter OARNET-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter OARNET-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter OARNET-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
then reject;
}
}
policy-statement OARNET-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter OARNET-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement OARNET-MULTICAST-IN {
term allow-muticast {
from {
prefix-list OARNET-MULTICAST-ROUTES;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Redistribute IPv4 aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute IPv6 Aggregates from static into BGP */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement PSC-IN {
term participant {
from {
protocol bgp;
prefix-list-filter PSC-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter PSC-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
protocol bgp;
prefix-list-filter PSC-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_segp {
from {
protocol bgp;
prefix-list-filter PSC-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-participant {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-PARTICIPANT orlonger;
}
then next policy;
}
term sox-backup-corporate {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sox-backup-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term sox-backup-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sox-backup-exception-sponsored {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-segp {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term sox-backup-exception-fednet {
from {
protocol bgp;
prefix-list-filter SOX-BACKUP-EXCEPTION-FEDNET orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement PSC-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter PSC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
/* Block IPv6 routes that should never been accepted or announced */
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:1200::/56 longer;
route-filter 2001:468:0012::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
policy-statement WSU-IN {
term participant {
from {
protocol bgp;
prefix-list-filter WSU-PARTICIPANT orlonger;
}
then next policy;
}
term exception_participant {
from {
protocol bgp;
prefix-list-filter WSU-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
interface [ so-0/0/0.0 so-3/0/0.0 so-1/1/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community DISCARD members 11537:911;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path ABILENE ".* 11537 .*";
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path NLR ".* 19401 .*";
as-path GEANT "20965 .*";
as-path CLARA "27750 .*";
as-path ESNET "293 .*";
as-path NREN "24 .*";
as-path MAX-V6-TRANSIT "10886 (293|2914|3257|4788|6939|10745|13645|23504|30071|33437)+ .*";
}
class-of-service {
classifiers {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-points 110;
}
forwarding-class assured-forwarding {
loss-priority low code-points 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 010;
}
forwarding-class best-effort {
loss-priority low code-points 000;
}
}
}
drop-profiles {
basic {
fill-level 100 drop-probability 100;
}
}
interfaces {
so-0/1/0 {
scheduler-map basic;
unit 0 {
classifiers {
exp MPLS;
inet-precedence TOS;
}
rewrite-rules {
exp MPLS;
inet-precedence TOS;
}
}
}
so-0/0/0 {
scheduler-map basic;
unit 0 {
classifiers {
exp MPLS;
inet-precedence TOS;
}
rewrite-rules {
exp MPLS;
inet-precedence TOS;
}
}
}
}
rewrite-rules {
exp MPLS {
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
inet-precedence TOS {
forwarding-class network-control {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
forwarding-class assured-forwarding {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 010;
loss-priority high code-point 010;
}
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
basic {
forwarding-class best-effort scheduler best-effort;
forwarding-class network-control scheduler network-control;
forwarding-class assured-forwarding scheduler LSP-L2;
forwarding-class expedited-forwarding scheduler expedited-forwarding;
}
stanislav-map-micro {
forwarding-class best-effort scheduler stanislav-scheduler-micro;
}
stanislav-map-milli {
forwarding-class best-effort scheduler stanislav-scheduler-milli;
}
}
schedulers {
LSP-L2 {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
network-control {
transmit-rate percent 5;
buffer-size percent 5;
priority strict-high;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
best-effort {
transmit-rate percent 85;
buffer-size percent 85;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
expedited-forwarding {
transmit-rate percent 0;
buffer-size percent 0;
priority low;
drop-profile-map loss-priority any protocol any drop-profile basic;
}
stanislav-scheduler-micro {
transmit-rate percent 100;
buffer-size temporal 1;
}
stanislav-scheduler-milli {
transmit-rate percent 100;
buffer-size temporal 1024;
}
}
}
Firewall Stanza Removed removed
����wash�¨´��
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name ATLA-re0;
}
}
re1 {
system {
host-name ATLA-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 64.57.28.243;
}
129.79.216.162 {
timeout 5;
source-address 64.57.28.243;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-WASH OC-192 | I2-ATLA-WASH-O192-03916";
family inet {
address 64.57.28.6/31;
}
family inet6 {
address 2001:468:ff:109::1/64;
}
}
}
ge-0/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "Indiana Gigapop via Internet2 DWS | I2-INDI-ATLA-10GE-04182";
vlan-tagging;
mtu 9192;
unit 110 {
description "Indiana Gigapop R&E VLAN";
vlan-id 110;
family inet {
mtu 9000;
address 149.165.254.21/31;
}
family inet6 {
mtu 9000;
address 2001:468:ff:144::1/64;
}
}
unit 111 {
description "[CPS] Indiana Gigapop";
vlan-id 111;
family inet {
mtu 9000;
address 149.165.254.23/31;
}
}
unit 112 {
description "Indiana GigaPoP CPS-IPv6";
vlan-id 112;
family inet6 {
address 2001:468:ffff:144::1/64;
}
}
}
ge-0/2/0 {
apply-groups INTERFACE-CONNECTOR;
description "SOX via Internet2-owned metro fiber";
vlan-tagging;
mtu 9192;
unit 193 {
description SOX;
vlan-id 193;
family inet {
mtu 9000;
policer {
input 1G-drop;
output 1G-drop;
}
address 143.215.193.10/30;
}
family inet6 {
policer {
input 1G-drop;
output 1G-drop;
}
address 2001:468:FF:e43::1/64;
}
}
unit 194 {
description "Southern Crossroads (SOX) CPS IPv6";
vlan-id 194;
family inet6 {
address 2001:468:ffff:e43::1/64;
}
}
inactive: unit 1800 {
description "Florida LambdaRail (TREAT AS A PARTICIPANT!!!)";
vlan-id 1800;
family inet {
mtu 9000;
address 198.32.155.194/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:e5e::1/64;
}
}
unit 1801 {
description "AMPATH via SOX";
vlan-id 1801;
family inet {
mtu 9000;
address 198.32.252.238/30 {
primary;
}
address 198.32.252.254/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:e47::1/64;
}
}
}
so-1/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-CHIC OC-192 | I2-ATLA-CHIC-O192-03917";
family inet {
address 64.57.28.4/31;
}
family inet6 {
address 2001:468:ff:102::1/64;
}
}
}
ge-1/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "KyRON via Internet2 DWS | I2-LOUS-ATLA-10GE-04183";
vlan-tagging;
mtu 9192;
unit 501 {
description "KyRON R&E VLAN";
vlan-id 501;
family inet {
mtu 9000;
address 216.249.136.198/30;
}
family inet6 {
mtu 9000;
address 2610:01E0:1000:6010::2/64;
}
}
unit 503 {
description "[CPS] KyRON";
vlan-id 503;
family inet {
mtu 9000;
address 216.249.136.134/30;
}
family inet6 {
mtu 9000;
address 2610:01E0:1000:4010::2/64;
}
}
}
ge-1/3/0 {
description "Observatory HP5406";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description "Racklan #2";
vlan-id 10;
family inet {
address 64.57.25.254/24;
}
}
unit 11 {
description "ATLA Observatory vlan";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.65/28;
}
family inet6 {
mtu 9000;
address 2001:468:1:11::1/64;
}
}
unit 12 {
description "Observatory 1 Gig (temp)";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.97/28;
}
family inet6 {
mtu 9000;
address 2001:468:1:12::1/64;
address 2001:468:1:12::16:97/64;
}
}
unit 13 {
description "test ISIS feed to nms-rpsv";
vlan-id 13;
family inet {
mtu 9000;
address 64.57.16.89/30;
}
family iso;
}
unit 20 {
description "ATLA VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.185/29;
}
}
unit 21 {
description "ATLA VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.1/28;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
so-2/0/0 {
apply-groups INTERFACE-CONNECTOR;
description "University of South Florida via Internet2 DCS | USF:STS-48c:JACK:ATLA:0001";
dce;
encapsulation frame-relay;
unit 116 {
description "University of South Florida R&E DLCI";
dlci 116;
family inet {
mtu 9000;
address 131.247.47.213/30;
}
family inet6 {
mtu 9000;
address 2001:468:ff:0116::1/64;
}
}
unit 117 {
description "[CPS] University of South Florida";
dlci 117;
family inet {
mtu 9000;
address 131.247.47.225/30;
}
family inet6 {
mtu 9000;
address 2001:468:ffff:0116::1/64;
}
}
}
so-2/1/0 {
apply-groups INTERFACE-CONNECTOR;
mtu 9192;
unit 0 {
description "University of Memphis OC-48 via Internet2 Ciena | I2-ATLA-NASH-OC48-04192";
family inet {
mtu 9000;
address 141.225.250.26/30;
}
family inet6 {
mtu 9000;
address 2001:468:FF:15B::1/64;
}
}
}
ge-2/3/0 {
description "Unused 4xGE [NO-MONITOR]";
}
ge-3/0/0 {
vlan-tagging;
mtu 9192;
}
ge-3/0/1 {
description "to nms-rtr1";
mtu 9192;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.81/30;
}
family inet6 {
mtu 9000;
address 2001:468:1:101::1/64;
address 2001:468:1:101::16:81/64;
}
}
}
ge-3/0/2 {
description "to nms-rtr2";
mtu 9192;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.85/30;
}
family inet6 {
mtu 9000;
address 2001:468:1:100::1/64;
address 2001:468:1:100::16:85/64;
}
}
}
so-3/1/0 {
description "Unused 4xOC12 [NO-MONITOR]";
}
so-4/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-HOUS OC-192 | I2-ATLA-HOUS-O192-03922";
family inet {
address 64.57.28.42/31;
}
family inet6 {
address 2001:468:ff:0103::2/64;
}
}
}
ge-4/1/0 {
apply-groups INTERFACE-CONNECTOR;
description "LONI via Internet2 DWS | I2-ATLA-BATO-10GE-04186";
vlan-tagging;
mtu 9192;
unit 600 {
description "LONI R&E";
vlan-id 600;
family inet {
mtu 9000;
address 208.100.127.33/30;
}
}
unit 610 {
description "[CPS] LONI";
vlan-id 610;
family inet {
mtu 9000;
address 208.100.127.37/30;
}
}
}
ge-4/2/0 {
apply-groups INTERFACE-CONNECTOR;
description MCNC;
vlan-tagging;
mtu 9192;
unit 10 {
description "MCNC via Internet2 DWS | I2-ATLA-RALE-10GE-04187";
vlan-id 10;
family inet {
mtu 9000;
address 198.86.17.66/30;
}
family inet6 {
mtu 9000;
address 2610:28:10E:1::2/64;
}
}
unit 580 {
description "[CPS] MCNC via Internet2 DWS";
vlan-id 580;
family inet {
mtu 9000;
address 198.86.53.2/30;
}
}
unit 582 {
description "[CPS] MCNC/Duke | [NO-MONITOR]";
vlan-id 582;
family inet {
mtu 1500;
inactive: address 64.57.28.0/31;
address 152.3.167.9/30;
}
}
unit 585 {
description "[CPS] IPv6 Peering MCNC";
vlan-id 585;
family inet6 {
address 2001:468:ffff:155::1/64;
}
}
}
dsc {
unit 0 {
description "Discard Interface";
family inet {
address 198.32.11.6/32 {
destination 198.32.11.7;
}
}
}
}
fxp0 {
description "Management Ethernet - Unused";
disable;
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 198.32.8.238/32;
address 64.57.28.243/32 {
preferred;
}
}
family iso {
address 49.0000.0000.0000.0001.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:1::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF;";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.243/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff01::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.68 {
port 4193;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
/* Abilene Backbone */
route 198.32.8.0/22 {
discard;
community 11537:950;
}
/* MANLAN */
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
/* Internet2 Backbone */
route 64.57.16.0/20 {
discard;
community 11537:950;
}
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.243;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 2;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to WASH */
interface so-0/0/0.0;
/* BACKBONE to CHIC */
interface so-1/0/0.0;
/* BACKBONE to ATLA-M5 */
interface ge-2/3/1.0;
/* BACKBONE to HOUS */
interface so-4/0/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path ATLA->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path ATLA->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path ATLA->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path ATLA->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path ATLA->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path ATLA->SALT {
to 64.57.28.246;
fast-reroute;
}
label-switched-path ATLA->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path ATLA->HOUS {
to 64.57.28.244;
fast-reroute;
}
/* BACKBONE to WASH */
interface so-0/0/0.0;
/* BACKBONE to CHIC */
interface so-1/0/0.0;
/* BACKBONE to ATLA-M5 */
interface ge-2/3/1.0;
/* BACKBONE to HOUS */
interface so-4/0/0.0;
/* Internet2 connection back to Memphis */
interface so-2/1/0.513;
/* UMemphis HSIP from Level3 */
interface so-2/2/0.512;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.243;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.244 {
description HOUS;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:1::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:3::1 {
description HOUS;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
remove-private;
}
group OTHER-INTERNAL {
type internal;
import REJECT-ALL;
peer-as 11537;
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.243;
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
local-address 64.57.28.243;
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
local-address 64.57.28.243;
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:1::1;
family inet6 {
unicast;
}
}
neighbor 64.57.16.68 {
description "nms-rpsv.atla zebra bgpd [NO-MONITOR]";
local-address 64.57.16.65;
family inet {
unicast;
multicast;
}
cluster 64.57.16.65;
}
neighbor 2001:468:1:11::16:68 {
description "nms-rpsv.atla zebra bgpd [NO-MONITOR]";
local-address 2001:468:1:11::1;
family inet6 {
unicast;
multicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 149.165.254.20 {
description "Indiana Gigapop";
import [ SANITY-IN SET-PREF INTERNET2-MOSS INDIANAGIGAPOP-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 19782;
}
neighbor 198.32.252.237 {
description "AMPATH primary via SOX";
import [ SANITY-IN SET-PREF SFGP-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 20080;
}
neighbor 143.215.193.9 {
description SoX;
import [ SANITY-IN SET-PREF SOX-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 10490;
}
neighbor 141.225.250.25 {
description "University of Memphis";
import [ SANITY-IN SET-PREF MEMPHIS-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 14048;
}
neighbor 208.100.127.34 {
description LONI;
import [ SANITY-IN SET-PREF LONI-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 32440;
}
neighbor 131.247.47.214 {
description "University of South Florida";
import [ SANITY-IN SET-PREF USF-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 5661;
}
neighbor 198.86.17.65 {
description "MCNC via Internet2 DWS I2-ATLA-RALE-I2-00126 [NO-MONITOR]";
import [ SANITY-IN SET-PREF MCNC-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 81;
}
neighbor 216.249.136.197 {
description "KyRON NEW [NO-MONITOR]";
local-address 216.249.136.198;
import [ SANITY-IN SET-PREF KyRON-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 30700;
}
}
group CONNECTOR6 {
type external;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:ff:144::2 {
description "Indiana Gigapop";
import [ SANITY6 SET-PREF INDIANAGIGAPOP-IN6 ];
Authentication Data Removed
peer-as 19782;
}
neighbor 2001:468:FF:e43::2 {
description SOXv6;
import [ SANITY6 SET-PREF SOX-IN6 ];
Authentication Data Removed
peer-as 10490;
}
neighbor 2001:468:FF:E47::2 {
description "South Florida Gigapop";
import [ SANITY6 SET-PREF SFGP-IN6 ];
Authentication Data Removed
peer-as 20080;
}
neighbor 2001:468:FF:15B::2 {
description "University of Memphis";
import [ SANITY6 SET-PREF MEMPHIS-IN6 ];
Authentication Data Removed
peer-as 14048;
}
neighbor 2001:468:ff:0116::2 {
description "University of South Florida";
import [ SANITY6 SET-PREF USF-IN6 ];
Authentication Data Removed
peer-as 5661;
}
neighbor 2610:28:10E:1::1 {
description "MCNC via Internet2 DWS | ATLA-RALE-I2-00126 [NO-MONITOR]";
import [ SANITY6 SET-PREF MCNC-IN6 ];
Authentication Data Removed
peer-as 81;
}
neighbor 2610:01E0:1000:6010::1 {
description "KyRON NEW [NO-MONITOR]";
local-address 2610:01E0:1000:6010::2;
import [ SANITY6 SET-PREF KyRON-IN6 ];
Authentication Data Removed
peer-as 30700;
}
}
inactive: group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ESNET-MEDS ORIGINATE4 FEDNET-OUT ];
remove-private;
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6-NEW {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ESNET-TO-AMPATH ITN-OUT ];
remove-private;
neighbor 198.32.252.242 {
description "REACCIUN Venezuela (via AMPATH)";
multihop {
ttl 2;
}
Authentication Data Removed
peer-as 27807;
}
neighbor 198.32.252.230 {
description "ANSP (Brazil) (via AMPATH)";
multihop {
ttl 2;
}
Authentication Data Removed
peer-as 1251;
}
inactive: neighbor 198.32.252.222 {
description "RNP (Brazil) (via AMPATH)";
multihop {
ttl 3;
}
Authentication Data Removed
peer-as 1916;
}
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* BACKBONE to WASH */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 700;
}
/* BACKBONE to CHIC */
interface so-1/0/0.0 {
level 2 metric 1045;
}
interface ge-1/3/0.11 {
level 1 disable;
level 2 passive;
}
interface ge-1/3/0.12 {
level 1 disable;
level 2 passive;
}
interface ge-1/3/0.13 {
level 1 disable;
}
interface ge-1/3/0.50 {
level 1 disable;
level 2 metric 9999;
}
interface ge-3/0/1.0 {
level 1 disable;
level 2 passive;
}
interface ge-3/0/2.0 {
level 1 disable;
level 2 passive;
}
/* BACKBONE to HOUS */
interface so-4/0/0.0 {
level 1 disable;
level 2 metric 1385;
}
interface all {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
active-source-limit {
maximum 200000;
threshold 190000;
}
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.243;
/* STTLng */
peer 198.32.8.200;
/* SNVAng */
peer 198.32.8.201;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* HOUS */
peer 64.57.28.244;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
peer 149.165.254.20 {
local-address 149.165.254.21;
}
inactive: peer 198.32.252.253 {
local-address 198.32.252.254;
}
/* AMPATH via SOX/FLR */
peer 198.32.252.237 {
local-address 198.32.252.238;
}
/* SoX */
peer 143.215.194.253 {
local-address 64.57.28.243;
}
/* University of Memphis */
peer 141.225.250.25 {
local-address 141.225.250.26;
}
/* Louisiana GiagPoP via LONI */
peer 208.100.124.21 {
local-address 208.100.127.33;
}
/* University of South Florida */
peer 131.247.47.214 {
local-address 131.247.47.213;
}
/* MCNC */
peer 198.86.17.65 {
local-address 198.86.17.66;
}
peer 216.249.136.197 {
local-address 216.249.136.198;
}
}
inactive: group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* Retina via Ampath */
peer 198.32.252.234 {
local-address 198.32.252.254;
}
/* RNP (Brazil,AS1916); multihop through AMPATH */
inactive: peer 198.32.252.238 {
local-address 198.32.252.254;
}
/* ANSP (Brazil), multihopped via AMPATH, AS1251 */
peer 198.32.252.230 {
local-address 198.32.252.254;
}
/* RNP; multihop through AMPATH */
inactive: peer 200.143.254.9 {
local-address 198.32.252.254;
}
/* REACCIUN via AMPATH */
peer 198.32.252.242 {
local-address 198.32.252.238;
}
}
group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
}
connections {
interface-switch "UNIV OF MEMPHIS LEVEL3 HSIP SERVICE" {
interface so-2/1/0.513;
interface so-2/2/0.512;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* snmp.grnoc.iu.edu -- SNMP Data Collection */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* ndb2-blmt for PerfSONAR link status */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* discvenue.internet2.edu */
207.75.164.82/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list NMS1-SPECIFICS {
/* SNVA */
198.32.8.108/30;
/* WASH */
198.32.8.112/30;
/* ATLA */
198.32.8.156/30;
/* CHIN */
198.32.8.160/30;
/* DNVR */
198.32.8.164/30;
/* HSTN */
198.32.8.168/30;
/* IPLS */
198.32.8.172/30;
/* KSCY */
198.32.8.176/30;
/* LOSA */
198.32.8.180/30;
/* NYCM */
198.32.8.184/30;
/* STTL */
198.32.8.188/30;
}
prefix-list CPS-BGP-PEERS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list INDIANAGIGAPOP-PARTICIPANT {
65.254.96.0/20;
66.205.160.0/20;
66.254.224.0/19;
72.12.215.0/24;
128.10.0.0/16;
128.46.0.0/16;
128.210.0.0/16;
128.211.0.0/16;
128.252.0.0/16;
129.74.0.0/16;
129.79.0.0/16;
134.68.0.0/16;
/* University of Louisville */
136.165.0.0/16;
140.182.0.0/16;
149.159.0.0/16;
149.160.0.0/16;
149.161.0.0/16;
149.162.0.0/16;
149.163.0.0/16;
149.164.0.0/16;
149.165.0.0/16;
149.166.0.0/16;
156.56.0.0/16;
157.91.0.0/16;
165.134.0.0/16;
192.12.206.0/24;
192.88.99.0/24;
192.245.116.0/24;
/* University of Louisville */
199.120.154.0/24;
204.52.32.0/20;
205.137.32.0/20;
}
prefix-list INDIANAGIGAPOP-SEGP {
12.159.195.0/24;
12.159.206.0/23;
12.159.209.0/24;
69.51.160.0/19;
131.93.0.0/16;
137.112.0.0/16;
139.102.0.0/16;
147.53.0.0/16;
147.226.0.0/16;
152.228.0.0/16;
157.91.0.0/19;
157.91.48.0/20;
157.91.64.0/18;
157.91.128.0/17;
159.28.0.0/16;
159.218.0.0/16;
159.242.0.0/16;
161.32.0.0/16;
163.120.0.0/16;
163.245.0.0/16;
165.138.0.0/16;
165.139.0.0/16;
167.217.0.0/16;
168.91.0.0/16;
168.102.0.0/16;
192.146.191.0/24;
192.146.192.0/24;
192.189.3.0/24;
192.195.225.0/24;
192.195.226.0/23;
192.195.228.0/23;
192.195.230.0/24;
192.200.128.0/21;
192.206.9.0/24;
192.206.10.0/23;
192.207.174.0/23;
192.207.176.0/23;
192.207.178.0/24;
198.51.243.0/24;
198.51.244.0/24;
198.62.84.0/24;
198.62.98.0/24;
199.8.0.0/16;
204.52.48.0/20;
205.215.64.0/18;
208.119.0.0/16;
}
prefix-list INDIANAGIGAPOP-SPONSORED {
149.165.251.0/24;
216.88.164.0/24;
}
prefix-list INDIANAGIGAPOP-PARTICIPANTS6 {
2001:468:400::/40;
2001:18e8::/32;
2002::/16;
}
prefix-list FLR-PARTICIPANT {
8.6.244.0/23;
64.56.85.0/24;
65.118.160.0/20;
128.186.0.0/16;
128.227.0.0/16;
131.91.0.0/16;
132.170.0.0/16;
144.174.0.0/16;
146.201.0.0/17;
146.201.192.0/18;
147.70.0.0/16;
159.178.0.0/16;
168.223.0.0/16;
168.223.13.0/24;
192.5.2.0/24;
192.26.251.0/24;
192.31.89.0/24;
192.70.171.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.123.0/24;
198.32.155.0/24;
198.32.166.0/24;
198.32.173.0/24;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.68.64.0/19;
204.145.157.0/24;
209.149.48.0/20;
}
prefix-list FLR-SPONSORED {
137.52.0.0/16;
139.62.0.0/16;
139.229.0.0/16;
163.118.0.0/16;
}
prefix-list FLR-SEGP {
6.4.0.0/15;
64.56.81.0/24;
64.56.90.0/24;
66.195.118.0/23;
96.4.0.0/15;
143.88.0.0/16;
150.104.0.0/16;
150.176.0.0/16;
165.138.0.0/15;
165.161.0.0/16;
167.93.0.0/16;
167.217.0.0/16;
168.102.0.0/17;
168.184.0.0/16;
168.213.0.0/16;
168.221.0.0/16;
168.254.0.0/16;
169.139.0.0/16;
192.42.92.0/24;
192.225.128.0/20;
192.225.144.0/21;
192.225.152.0/24;
199.44.72.0/24;
199.164.64.0/18;
204.63.240.0/21;
204.78.64.0/18;
204.86.168.0/21;
204.86.176.0/21;
204.109.64.0/18;
204.122.128.0/17;
204.128.64.0/18;
204.145.32.0/24;
204.193.0.0/19;
205.137.32.0/20;
205.137.240.0/20;
205.152.72.0/24;
205.152.126.0/24;
205.152.168.0/21;
205.172.40.0/23;
205.172.42.0/24;
205.223.144.0/20;
205.223.160.0/19;
205.223.192.0/19;
/* College ctr for Lib Automation, Tallahassee */
206.224.192.0/19;
207.191.176.0/20;
207.203.12.0/24;
207.203.56.0/22;
207.203.212.0/22;
207.203.240.0/22;
207.203.244.0/23;
207.203.246.0/24;
208.60.168.0/22;
208.60.172.0/23;
208.182.0.0/15;
216.114.80.0/20;
}
prefix-list SFGP-PARTICIPANT {
67.17.206.0/24;
129.171.0.0/16;
131.91.0.0/16;
131.94.0.0/16;
134.202.0.0/16;
136.145.0.0/16;
192.31.89.0/24;
192.65.176.0/24;
192.70.171.0/24;
192.160.174.0/23;
192.160.176.0/24;
192.231.92.0/22;
192.239.208.0/24;
198.32.252.0/24;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.68.64.0/19;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
206.240.22.0/24;
208.222.241.0/24;
209.42.43.0/24;
216.79.60.0/23;
}
prefix-list SFGP-SPONSORED {
139.229.0.0/16;
160.111.132.0/22;
160.111.230.0/24;
160.111.232.0/21;
192.231.93.0/24;
192.231.95.0/24;
}
prefix-list SFGP-EXCEPTION {
129.171.0.0/28;
129.171.32.0/28;
129.171.64.0/28;
129.171.128.0/28;
129.171.160.0/28;
129.171.192.0/28;
129.171.224.0/28;
192.80.53.0/30;
}
prefix-list SOX-PARTICIPANT {
64.156.8.128/25;
64.156.216.128/25;
65.115.176.0/24;
67.159.64.0/26;
128.23.0.0/16;
128.61.0.0/16;
128.163.0.0/16;
128.163.11.0/24;
128.186.0.0/16;
128.192.0.0/16;
128.227.0.0/16;
129.59.0.0/16;
129.171.0.0/16;
129.171.0.0/19;
129.171.32.0/19;
129.171.64.0/19;
129.171.96.0/19;
129.171.128.0/19;
129.171.160.0/19;
129.171.192.0/19;
129.171.224.0/19;
129.252.0.0/16;
130.127.0.0/16;
130.160.0.0/16;
130.207.0.0/16;
131.91.0.0/16;
131.96.0.0/16;
131.144.128.0/20;
131.204.0.0/16;
131.247.0.0/16;
132.170.0.0/16;
138.26.0.0/16;
139.62.0.0/16;
143.215.0.0/16;
144.174.0.0/16;
146.201.0.0/16;
146.229.0.0/16;
149.168.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/16;
152.17.0.0/16;
152.19.0.0/16;
159.178.0.0/16;
160.36.0.0/16;
160.129.0.0/16;
163.246.0.0/16;
164.111.0.0/16;
165.6.5.0/24;
165.6.6.0/24;
165.6.7.0/24;
165.6.15.0/24;
165.6.24.0/24;
168.223.0.0/16;
170.140.0.0/16;
192.31.89.0/24;
192.70.171.0/24;
192.73.4.0/24;
192.80.53.0/24;
192.88.124.0/24;
192.111.108.0/24;
192.111.109.0/24;
192.111.110.0/24;
192.111.123.0/24;
192.188.181.0/24;
192.249.1.0/24;
192.249.2.0/23;
192.249.4.0/22;
192.249.8.0/21;
192.249.11.0/24;
198.78.192.0/19;
198.137.16.0/20;
199.4.250.0/23;
199.4.250.0/24;
199.4.251.0/24;
199.76.32.0/20;
199.76.144.0/20;
199.76.160.0/19;
199.76.192.0/24;
199.77.128.0/17;
199.78.112.0/22;
199.90.0.0/16;
199.201.155.0/24;
199.242.231.0/24;
199.242.232.0/24;
199.242.233.0/24;
204.29.106.0/23;
204.68.64.0/19;
204.85.191.0/24;
204.85.192.0/18;
204.89.132.0/23;
204.89.132.0/24;
204.89.133.0/24;
204.145.157.0/24;
204.145.215.0/24;
204.198.72.0/22;
204.198.76.0/23;
204.211.0.0/16;
204.238.30.0/24;
206.57.72.0/21;
206.240.24.0/22;
206.240.192.0/19;
206.240.216.0/24;
206.240.220.0/24;
206.240.221.0/24;
207.4.0.0/16;
207.192.0.0/18;
209.149.48.0/20;
/* U Tenn Knoxville */
216.96.128.0/17;
}
prefix-list SOX-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list SOX-SPONSORED {
/* Georgia Aquarium */
66.20.220.0/24;
66.187.234.0/24;
74.255.42.0/24;
143.88.0.0/16;
147.70.0.0/16;
150.182.128.0/18;
152.97.0.0/16;
/* College of Charleston */
153.9.0.0/16;
155.31.0.0/16;
161.45.0.0/16;
163.118.0.0/16;
192.30.208.0/24;
192.67.134.0/24;
192.83.232.0/24;
192.153.129.0/24;
204.62.251.0/24;
204.152.130.0/24;
204.152.131.0/24;
204.246.192.0/21;
205.167.24.0/24;
205.167.25.0/24;
216.64.76.0/24;
}
/* SOX provides backup to MCNC. Their routes are mixed in with these */
prefix-list SOX-SEGP {
64.56.80.0/24;
64.147.208.0/20;
64.214.127.128/27;
66.4.0.0/15;
66.194.104.0/23;
66.195.118.0/23;
72.158.165.0/24;
72.250.224.0/20;
72.250.230.0/24;
72.250.245.0/24;
74.254.70.0/24;
96.4.0.0/15;
98.17.253.0/24;
128.109.0.0/16;
128.192.0.0/16;
129.66.0.0/16;
129.66.20.0/24;
130.218.0.0/16;
130.254.0.0/16;
131.144.0.0/16;
134.224.0.0/16;
137.220.0.0/16;
141.165.0.0/16;
147.133.0.0/16;
149.149.0.0/16;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.43.0.0/16;
152.48.0.0/14;
152.53.0.0/19;
152.54.0.0/20;
153.9.0.0/16;
157.89.0.0/16;
157.149.0.0/16;
158.93.0.0/16;
160.10.0.0/16;
161.6.0.0/16;
162.114.37.0/24;
167.7.38.0/24;
167.7.39.0/24;
167.7.210.0/27;
167.7.241.0/24;
167.7.248.64/27;
167.7.251.0/27;
168.8.0.0/15;
168.12.0.0/14;
168.16.0.0/15;
168.18.0.0/15;
168.20.0.0/15;
168.22.0.0/15;
168.24.0.0/15;
168.26.0.0/15;
168.28.0.0/15;
168.30.0.0/15;
169.150.0.0/16;
170.180.0.0/14;
170.185.0.0/16;
192.48.117.0/24;
192.88.111.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.103.126.0/24;
192.107.44.0/24;
192.111.112.0/24;
192.122.237.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.152.249.0/24;
192.154.33.0/24;
192.154.38.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.45.0/24;
192.154.46.0/23;
192.154.54.0/24;
192.154.55.0/24;
192.154.61.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.67.0/24;
192.154.78.0/24;
192.189.244.0/24;
192.203.127.0/24;
192.211.32.0/21;
192.211.40.0/22;
192.211.44.0/24;
192.211.45.0/24;
192.245.165.0/24;
192.245.221.0/24;
192.245.222.0/24;
192.245.223.0/24;
192.245.224.0/24;
198.49.31.0/24;
198.62.72.0/24;
198.72.72.0/22;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.137.22.0/24;
198.179.130.0/24;
198.180.132.0/22;
198.190.216.0/24;
198.200.158.0/24;
198.204.92.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.5.154.0/23;
199.20.16.0/20;
199.33.130.0/24;
199.33.131.0/24;
199.33.132.0/24;
199.33.133.0/24;
199.33.134.0/24;
199.80.8.0/21;
199.88.16.0/20;
199.190.174.0/24;
199.248.173.0/24;
199.248.174.0/24;
199.248.175.0/24;
199.248.176.0/24;
199.248.177.0/24;
199.248.178.0/24;
204.27.217.0/24;
204.29.64.0/18;
204.84.0.0/15;
205.137.240.0/20;
205.174.48.0/20;
205.204.238.0/24;
205.204.242.0/24;
206.57.72.0/21;
206.197.240.0/24;
206.219.128.0/18;
207.157.0.0/17;
207.191.176.0/20;
207.232.128.0/18;
208.182.0.0/15;
209.133.128.0/17;
216.69.0.0/18;
216.109.0.0/18;
216.249.132.0/22;
216.249.144.0/20;
216.249.160.0/20;
216.249.176.0/20;
}
prefix-list SOX-EXCEPTION-SPONSORED {
146.82.167.176/29;
199.77.192.16/29;
}
prefix-list SOX-EXCEPTION-SEGP {
167.7.127.176/29;
167.7.248.112/29;
167.7.248.120/29;
167.7.248.208/29;
167.7.251.32/29;
167.7.251.64/29;
167.7.251.80/29;
167.7.251.96/29;
167.7.251.128/28;
167.7.251.144/28;
167.7.251.160/28;
167.7.251.192/29;
}
prefix-list SOX-ORNL {
128.219.0.0/16;
134.167.0.0/16;
160.91.0.0/16;
192.31.96.0/24;
192.103.127.0/24;
192.188.177.0/24;
192.188.182.0/24;
198.124.41.0/24;
198.136.139.0/24;
198.148.251.0/24;
198.203.246.0/24;
198.207.237.0/24;
198.207.238.0/23;
198.207.240.0/24;
199.201.153.0/24;
199.201.154.0/24;
199.201.156.0/23;
199.201.158.0/24;
}
prefix-list SOX-PARTICIPANT6 {
2001:468:300::/40;
2610:0148::/32;
}
prefix-list NCREN-PARTICIPANT6 {
2001:468:1500::/40;
2610:28::/32;
}
prefix-list SFGP-PARTICIPANT6 {
2001:468:700::/40;
}
prefix-list FLR-PARTICIPANT6 {
2001:468:1e00::/40;
}
prefix-list MEMPHIS-PARTICIPANT {
65.127.62.0/24;
132.192.0.0/16;
141.225.0.0/16;
199.164.138.0/24;
}
prefix-list MEMPHIS-SPONSORED {
128.169.0.0/16;
149.149.0.0/16;
192.55.208.0/24;
}
prefix-list MEMPHIS-SEGP {
66.4.0.0/15;
96.4.0.0/15;
151.141.0.0/16;
198.146.0.0/16;
205.137.240.0/20;
206.23.0.0/16;
207.191.176.0/20;
208.182.0.0/15;
}
prefix-list MEMPHIS-PARTICIPANT6 {
2001:468:1b00::/40;
}
prefix-list LONI-PARTICIPANT4 {
76.165.24.0/22;
76.165.28.0/22;
76.165.240.0/20;
130.39.0.0/16;
155.58.0.0/16;
192.195.100.0/24;
192.203.199.0/24;
192.203.200.0/24;
198.62.89.0/24;
198.182.205.0/24;
199.190.249.0/24;
199.190.250.0/24;
199.190.251.0/24;
199.190.252.0/24;
199.233.131.0/24;
204.90.32.0/20;
204.90.48.0/22;
204.196.106.0/23;
204.196.160.0/21;
205.166.221.0/24;
206.176.160.0/19;
208.100.64.0/18;
}
prefix-list LONI-SPONSORED {
138.47.0.0/16;
208.69.128.0/22;
}
prefix-list LONI-SEGP {
130.70.0.0/16;
137.30.0.0/16;
147.174.0.0/16;
162.75.0.0/24;
192.102.223.0/24;
192.135.131.0/24;
192.207.173.0/24;
198.62.88.0/24;
198.99.190.0/24;
198.135.204.0/24;
198.176.252.192/26;
198.202.242.0/24;
198.232.231.0/24;
199.181.176.0/24;
199.190.250.0/23;
204.196.60.0/24;
204.196.69.0/24;
204.196.81.0/24;
204.196.86.0/23;
204.196.180.0/22;
204.196.184.0/22;
204.196.204.0/22;
204.196.208.0/23;
204.196.252.0/27;
208.100.64.0/22;
208.100.68.0/22;
208.100.72.0/22;
208.100.76.0/22;
208.100.80.0/22;
208.100.84.0/22;
}
prefix-list LONI-PARTICIPANT4-EXCEPTION {
162.75.0.4/30;
}
prefix-list MISSISSIPPI-PARTICIPANT4 {
130.18.0.0/16;
130.74.0.0/16;
131.95.0.0/16;
143.132.0.0/16;
192.208.128.0/20;
192.208.139.0/24;
192.208.144.0/21;
192.208.152.0/22;
192.208.156.0/23;
198.49.215.0/24;
}
prefix-list TULANE-PARTICIPANT4 {
129.81.0.0/16;
}
prefix-list USF-PARTICIPANT {
131.247.0.0/16;
}
prefix-list USF-SPONSORED {
12.174.210.0/23;
66.194.104.0/23;
155.31.0.0/16;
}
prefix-list USF-PARTICIPANT6 {
2001:468:1600::/40;
2620:0000:0c30::0/48;
}
prefix-list show;
prefix-list MCNC-PARTICIPANT {
67.159.64.0/18;
150.216.0.0/16;
152.1.0.0/16;
152.2.0.0/16;
152.3.0.0/16;
152.7.0.0/16;
152.11.0.0/16;
152.14.0.0/16;
152.16.0.0/12;
152.16.0.0/16;
152.17.0.0/16;
152.19.0.0/16;
204.211.0.0/16;
}
prefix-list MCNC-CORPORATE {
12.107.208.0/23;
66.187.224.0/20;
204.85.14.0/24;
}
prefix-list MCNC-SPONSORED {
192.67.134.0/24;
192.153.129.0/24;
204.62.251.0/24;
205.167.24.0/24;
205.167.25.0/24;
}
prefix-list MCNC-SEGP {
64.147.208.0/20;
72.250.224.0/20;
72.250.230.0/24;
72.250.245.0/24;
128.109.0.0/16;
149.168.0.0/16;
152.1.0.0/16;
152.2.0.0/15;
152.4.0.0/14;
152.8.0.0/13;
152.16.0.0/12;
152.32.0.0/12;
152.36.0.0/16;
152.53.0.0/19;
152.54.0.0/20;
192.73.4.0/24;
192.101.21.0/24;
192.101.22.0/23;
192.101.24.0/24;
192.137.210.0/24;
192.147.30.0/24;
192.154.33.0/24;
192.154.41.0/24;
192.154.43.0/24;
192.154.46.0/23;
192.154.54.0/24;
192.154.55.0/24;
192.154.62.0/24;
192.154.64.0/24;
192.154.78.0/24;
192.189.244.0/24;
198.62.72.0/24;
198.85.0.0/16;
198.86.0.0/16;
198.135.235.0/24;
198.232.64.0/18;
198.232.96.0/21;
199.90.0.0/16;
199.190.174.0/24;
204.84.0.0/15;
204.85.191.0/24;
204.85.192.0/18;
204.238.30.0/24;
207.4.0.0/16;
207.192.0.0/18;
}
prefix-list MCNC-PARTICIPANT6 {
2001:468:1500::/40;
2610:28::/32;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list CPS-MCNC-CPS-ONLY {
72.250.240.0/20;
152.48.0.0/14;
152.48.0.0/16;
156.143.0.0/16;
192.154.40.0/24;
192.154.95.0/24;
199.120.166.0/23;
204.69.248.0/24;
204.152.2.0/23;
206.219.96.0/19;
209.95.64.0/19;
216.105.128.0/19;
}
prefix-list CPS-DUKE-CPS-ONLY {
67.159.64.0/18;
152.3.0.0/16;
152.16.0.0/16;
}
prefix-list OBSERVATORY-SSH {
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH6 {
2001:468:43f:4:211:43ff:fece:c930/128;
2001:18e8:3:142:212:3fff:feec:e02a/128;
}
prefix-list OBSERVATORY-SSH-BLOCK {
0.0.0.0/0;
}
prefix-list KyRON {
136.165.0.0/16;
199.120.154.0/24;
216.249.128.0/22;
216.249.136.0/23;
216.249.140.0/22;
}
prefix-list KyRON-PARTICIPANT6 {
2610:01E0::/32;
}
prefix-list KyRON-SPONSORED {
216.249.128.0/24;
216.249.129.0/24;
216.249.130.0/23;
216.249.130.0/24;
216.249.131.0/24;
216.249.141.0/27;
216.249.142.0/24;
216.249.143.0/24;
}
prefix-list CPS-LONI-CPS-ONLY {
198.62.88.0/24;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-DUKE-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-DUKE-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-INDIANAGIGAPOP-IN {
term accept {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANT orlonger;
prefix-list-filter INDIANAGIGAPOP-SPONSORED orlonger;
prefix-list-filter INDIANAGIGAPOP-SEGP orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-INDIANAGIGAPOP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANTS6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-KyRON-IN {
term accept {
from {
protocol bgp;
prefix-list-filter KyRON orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-KyRON-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter KyRON-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-LONI-IN {
term accept {
from {
protocol bgp;
prefix-list-filter LONI-PARTICIPANT4 orlonger;
prefix-list-filter MISSISSIPPI-PARTICIPANT4 orlonger;
prefix-list-filter TULANE-PARTICIPANT4 orlonger;
prefix-list-filter LONI-SPONSORED orlonger;
prefix-list-filter LONI-SEGP orlonger;
prefix-list-filter LONI-PARTICIPANT4-EXCEPTION exact;
prefix-list-filter CPS-LONI-CPS-ONLY exact;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MCNC-IN {
term accept {
from {
protocol bgp;
prefix-list-filter MCNC-PARTICIPANT orlonger;
prefix-list-filter MCNC-SEGP orlonger;
prefix-list-filter MCNC-SPONSORED orlonger;
prefix-list-filter MCNC-CORPORATE orlonger;
prefix-list-filter CPS-MCNC-CPS-ONLY orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-MCNC-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-SFGP-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-SOX-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter SOX-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-USF-IN {
term accept {
from {
protocol bgp;
prefix-list-filter USF-PARTICIPANT orlonger;
prefix-list-filter USF-SPONSORED orlonger;
}
then next policy;
}
term reject {
then reject;
}
}
policy-statement CPS-USF-IN6 {
term accept {
from {
protocol bgp;
family inet6;
prefix-list-filter USF-PARTICIPANT6 exact;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ESNET-TO-AMPATH {
term FROM-ESNET {
from as-path ESNET;
then {
as-path-prepend 11537;
accept;
}
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement INDIANAGIGAPOP-IN {
term participant {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter INDIANAGIGAPOP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement INDIANAGIGAPOP-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter INDIANAGIGAPOP-PARTICIPANTS6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement INTERNET2-MOSS {
term accept-MOSS-routes {
from community INTERNET2-INFINERA;
then accept;
}
then next policy;
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement KyRON-IN {
term PARTICIPANT {
from {
prefix-list-filter KyRON orlonger;
}
then accept;
}
term SPONSORED {
from {
prefix-list-filter KyRON-SPONSORED orlonger;
}
then accept;
}
term REJECT {
then reject;
}
}
policy-statement KyRON-IN6 {
term participant {
from {
prefix-list-filter KyRON-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
term accept {
from family inet6;
}
}
policy-statement LEAK-NMS1 {
term leak {
from {
protocol isis;
prefix-list NMS1-SPECIFICS;
}
then accept;
}
then next policy;
}
policy-statement LONI-IN {
term participant {
from {
prefix-list-filter LONI-PARTICIPANT4 orlonger;
prefix-list-filter MISSISSIPPI-PARTICIPANT4 orlonger;
prefix-list-filter TULANE-PARTICIPANT4 orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter LONI-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter LONI-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception {
from {
prefix-list-filter LONI-PARTICIPANT4-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
}
policy-statement MCNC-IN {
term participant {
from {
prefix-list-filter MCNC-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
prefix-list-filter MCNC-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
prefix-list-filter MCNC-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter MCNC-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MCNC-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MCNC-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MEMPHIS-IN {
term participant {
from {
protocol bgp;
prefix-list-filter MEMPHIS-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter MEMPHIS-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter MEMPHIS-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement MEMPHIS-IN6 {
term participant {
from {
protocol bgp;
family inet6;
prefix-list-filter MEMPHIS-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute aggregates from static into BGP & block more specifics */
policy-statement ORIGINATE6 {
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next policy;
}
}
term normal {
then {
local-preference 100;
}
}
}
policy-statement SFGP-IN {
term participant {
from {
prefix-list-filter SFGP-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
prefix-list-filter SFGP-SPONSORED orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term exception_participant {
from {
prefix-list-filter SFGP-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement SFGP-IN6 {
term accept-sfgp {
from {
family inet6;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
/* if not SFGP's prefix, then treat as a peer, with SET-PREF-PEER community->pref settings(so itn prefixes won't get SFGP's connector preference) and the ITN community. else reject */
term accept-ampath-highpref {
from {
community HIGH-PEERS;
family inet6;
}
then {
local-preference 160;
community add ITN;
accept;
}
}
term accept-ampath-lowpref {
from {
community LOW-PEERS;
family inet6;
}
then {
local-preference 40;
community add ITN;
accept;
}
}
term accept-ampath-itnpref {
from family inet6;
then {
local-preference 100;
community add ITN;
accept;
}
}
term reject {
then reject;
}
}
policy-statement SOX-IN {
term remove_fednet_community {
then {
community delete FEDNET;
next term;
}
}
term participant {
from {
prefix-list-filter SOX-PARTICIPANT orlonger;
prefix-list-filter SFGP-PARTICIPANT orlonger;
prefix-list-filter FLR-PARTICIPANT orlonger;
}
then next policy;
}
term corporate {
from {
prefix-list-filter SOX-CORPORATE orlonger;
}
then {
community add CORPORATE;
next policy;
}
}
term sponsored {
from {
prefix-list-filter SOX-SPONSORED orlonger;
prefix-list-filter FLR-SPONSORED orlonger;
prefix-list-filter SFGP-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term segp {
from {
prefix-list-filter SOX-SEGP orlonger;
prefix-list-filter FLR-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term exception_participant {
from {
prefix-list-filter SFGP-EXCEPTION exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term exception_sponsored {
from {
prefix-list-filter SOX-EXCEPTION-SPONSORED exact;
}
then {
community add SPONSORED;
community add PARTICIPANT;
accept;
}
}
term exception_segp {
from {
prefix-list-filter SOX-EXCEPTION-SEGP exact;
}
then {
community add SEGP;
community add PARTICIPANT;
accept;
}
}
term ORNL {
from {
prefix-list-filter SOX-ORNL orlonger;
}
then {
community add FEDNET;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement SOX-IN6 {
term participant {
from {
prefix-list-filter SOX-PARTICIPANT6 exact;
prefix-list-filter NCREN-PARTICIPANT6 exact;
prefix-list-filter FLR-PARTICIPANT6 exact;
prefix-list-filter SFGP-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
term accept {
from family inet6;
}
}
policy-statement USF-IN {
term participant {
from {
protocol bgp;
prefix-list-filter USF-PARTICIPANT orlonger;
}
then next policy;
}
term sponsored {
from {
protocol bgp;
prefix-list-filter USF-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject-unicast {
to rib inet.0;
then reject;
}
}
policy-statement USF-IN6 {
term participant {
from {
prefix-list-filter USF-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement V6-IGP-AGG {
term allow-aggregate {
from {
protocol aggregate;
family inet6;
}
then accept;
}
term deny-more-specifics {
from {
family inet6;
route-filter 2001:468:ff:0f00::/56 longer;
route-filter 2001:468:000f::/48 longer;
}
then reject;
}
term accept-all-other-v6 {
from {
protocol [ isis direct ];
family inet6;
}
then accept;
}
}
/* Temporary fix for scoping 239/8 */
policy-statement pim-join-filter {
term internal-links {
from {
/* List of Backbone Interfaces */
interface [ so-0/0/0.0 so-0/2/0.0 so-3/1/0.0 ge-2/3/1.0 so-4/0/0.0 ];
route-filter 239.0.0.0/8 orlonger;
}
then accept;
}
term external-links {
from {
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term all-links {
then accept;
}
}
community BLOCK-TO-COMMERCIAL members 11537:2002;
community COMMERCIAL-PEER members 11537:2001;
community CONNECTOR-ONLY members 11537:3500;
community CORE members 11537:900;
community CORPORATE members 11537:2000;
community CPS members target:11537:1;
community CPS-CONNECTOR members 11537:25100;
community CPS-PEERS members 11537:25200;
community DISCARD members 11537:911;
community FEDNET members 11537:3000;
community HIGH members 11537:260;
community HIGH-PEERS members 11537:160;
community IFTN members 11537:2502;
community INTERNET2-INFINERA members 19782:65533;
community ITN members 11537:2501;
community LOW members 11537:140;
community LOW-PEERS members 11537:40;
community NO-EXPORT members no-export;
community NOAGG6 members 11537:6;
community NONITN members 11537:2500;
community PARTICIPANT members 11537:950;
community SEGP members 11537:910;
community SPONSORED members 11537:902;
as-path COMMERCIAL ".* (1|174|701|1239|1673|1740|1800|1833|2551|2548|2685|2914|3549|3561|3847|3951|3967|4183|4200|5683|6113|6172|6461|7018) .*";
as-path PRIVATE ".* (64512-65535) .*";
as-path ABILENE ".* 11537 .*";
as-path NLR ".* 19401 .*";
as-path ESNET "293 .*";
}
Firewall Stanza Removed removed
����atla�Á9��
## Last commit: 2008-05-02 15:27:35 UTC by jrduncan
version 8.4R3.3;
groups {
INTERFACE-BACKBONE {
interfaces {
<*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
}
unit 0 {
family inet {
mtu 9180;
filter {
input backbone-in;
output interface-out;
}
}
family iso {
mtu 1497;
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
family mpls {
mtu 9180;
}
}
}
}
}
re0 {
system {
host-name HOUS-re0;
}
}
re1 {
system {
host-name HOUS-re1;
}
}
INTERFACE-CONNECTOR {
interfaces {
<so-*> {
mtu 9192;
encapsulation cisco-hdlc;
sonet-options {
fcs 32;
rfc-2615;
}
unit <*> {
family inet {
mtu 9180;
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
mtu 9180;
filter {
input v6filter;
output v6filter;
}
}
}
}
<at-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
<ge-*> {
unit <*> {
family inet {
filter {
input connector-in;
output interface-out;
}
}
family inet6 {
filter {
input v6filter;
output v6filter;
}
}
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name net.internet2.edu;
time-zone UTC;
dump-on-panic;
authentication-order [ radius password ];
location country-code US;
root-authentication {
Authentication Data Removed
}
name-server {
134.68.1.9;
129.79.5.100;
}
radius-server {
134.68.107.17 {
timeout 5;
source-address 64.57.28.244;
}
129.79.216.162 {
timeout 5;
source-address 64.57.28.244;
}
}
Login Stanza Removed services {
ssh {
connection-limit 30;
}
}
syslog {
archive files 100;
user * {
any critical;
}
/* brent's pine.ucs.indiana.edu */
host 129.79.9.1 {
change-log any;
interactive-commands info;
facility-override local6;
}
/* syslog.grnoc.iu.edu */
host 134.68.107.9 {
any info;
authorization info;
interactive-commands info;
facility-override local6;
}
file messages {
any notice;
authorization info;
archive size 1m files 100;
}
console {
user critical;
}
}
ntp {
server 129.79.5.100;
server 134.68.1.9 prefer;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
keepalive-time 5;
}
routing-engine {
on-disk-failure reboot;
}
}
interfaces {
so-0/0/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: HOUS-LOSA OC-192 | I2-HOUS-LOSA-O192-03923";
family inet {
address 64.57.28.45/31;
}
family inet6 {
address 2001:468:ff:0304::1/64;
}
}
}
so-0/1/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: HOUS-KANS OC-192 | I2-HOUS-KANS-O192-03921";
family inet {
address 64.57.28.57/31;
}
family inet6 {
address 2001:468:ff:0403::2/64;
}
}
}
so-0/2/0 {
apply-groups INTERFACE-BACKBONE;
unit 0 {
description "BACKBONE: ATLA-HOUS OC-192 | I2-ATLA-HOUS-O192-03922";
family inet {
address 64.57.28.43/31;
}
family inet6 {
address 2001:468:ff:0103::1/64;
}
}
}
ge-1/0/0 {
description "LEARN via lit Level3 metro circuit | HSTQTX02-HSTPTXVH-00012";
vlan-tagging;
mtu 9192;
unit 27 {
description LEARN-Houston;
vlan-id 27;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 74.200.187.5/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:115e::1/64;
}
}
unit 722 {
description "CUDI via LEARN";
vlan-id 722;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 200.23.60.122/30;
}
family inet6 {
mtu 9000;
filter {
input v6filter;
output v6filter;
}
address 2001:468:ff:03c1::1/64;
}
}
unit 724 {
description LEARN-Dallas;
vlan-id 724;
family inet {
mtu 9000;
filter {
input connector-in;
output interface-out;
}
address 74.200.187.9/30;
}
}
}
so-1/2/0 {
description "Unused 4xOC3 [NO-MONITOR]";
}
so-1/3/0 {
description "Unused OC48 [NO-MONITOR]";
}
so-2/0/0 {
description "Unused 4xOC12 [NO-MONITOR]";
}
ge-2/1/1 {
description "lan.hous, port A23";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description "HOUS Racklan";
vlan-id 10;
family inet {
mtu 9000;
address 64.57.26.254/24;
}
}
inactive: unit 11 {
description "HOUS Obs 10 gig (on 1 Gig temp)";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.129/28;
}
family inet6 {
mtu 9000;
address 2001:468:3:11::1/64;
address 2001:468:3:11::16:129/64;
}
}
unit 12 {
description "HOUS Obs 1Gig;";
vlan-id 12;
family inet {
mtu 9000;
address 64.57.16.161/28;
}
family inet6 {
mtu 9000;
address 2001:468:3:12::1/64;
address 2001:468:3:12::16:161/64;
}
}
inactive: unit 20 {
description "HOUS VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.201/29;
}
}
inactive: unit 21 {
description "HOUS VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.33/28;
}
}
inactive: unit 30 {
description "HOUS 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.73/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:30::1/64;
address 2001:468:3:30::23:73/64;
}
}
inactive: unit 31 {
description "HOUS 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.105/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:31::1/64;
address 2001:468:3:31::23:105/64;
}
}
inactive: unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
ge-2/1/2 {
description "nms-rthr1 p2p connection";
mtu 9180;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.145/30;
}
family inet6 {
mtu 9000;
address 2001:468:3:101::1/64;
address 2001:468:3:101::16:145/64;
}
}
}
ge-2/1/3 {
description "nms-rthr2 p2p connection";
mtu 9180;
unit 0 {
family inet {
mtu 9000;
address 64.57.16.149/30;
}
family inet6 {
mtu 9000;
address 2001:468:3:100::1/64;
address 2001:468:3:100::16:149/64;
}
}
}
ge-3/0/0 {
description "Unused 10GE [NO-MONITOR]";
}
ge-3/1/0 {
description "lan.hous, port D1";
vlan-tagging;
mtu 9180;
inactive: unit 10 {
description "HOUS Racklan";
vlan-id 10;
family inet {
mtu 9000;
address 64.57.26.254/24;
}
}
unit 11 {
description "HOUS Obs 10 gig (on 1 Gig temp)";
vlan-id 11;
family inet {
mtu 9000;
address 64.57.16.129/28;
}
family inet6 {
mtu 9000;
address 2001:468:3:11::1/64;
address 2001:468:3:11::16:129/64;
}
}
unit 20 {
description "HOUS VINI Mgmt";
vlan-id 20;
family inet {
mtu 9000;
address 64.57.18.201/29;
}
}
unit 21 {
description "HOUS VINI Data";
vlan-id 21;
family inet {
mtu 9000;
address 64.57.18.33/28;
}
}
unit 30 {
description "HOUS 100x100 Inband";
vlan-id 30;
family inet {
mtu 9000;
address 64.57.23.73/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:30::1/64;
address 2001:468:3:30::23:73/64;
}
}
unit 31 {
description "HOUS 100x100 Mgmt";
vlan-id 31;
family inet {
mtu 9000;
address 64.57.23.105/29;
}
family inet6 {
mtu 9000;
address 2001:468:3:31::1/64;
address 2001:468:3:31::23:105/64;
}
}
unit 50 {
description "ISIS collector";
vlan-id 50;
family iso {
mtu 1497;
}
}
}
lo0 {
unit 0 {
description "Internal Peering Point";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.28.244/32 {
preferred;
}
address 198.32.8.238/32;
}
family iso {
address 49.0000.0000.0000.0078.00;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:3::1/128;
}
}
unit 1 {
description "Loopback for CPS VRF";
family inet {
filter {
input loopback-strict-in;
}
address 64.57.29.244/32;
}
family inet6 {
filter {
input loopback-strict-in6;
}
address 2001:468:ff03::1/128;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
inactive: file filename flowdata files 2 size 500000 world-readable;
cflowd 64.57.16.133 {
port 4205;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
routing-options {
interface-routes {
rib-group {
inet if-rg;
inet6 if6-rg;
}
}
rib inet6.0 {
static {
rib-group static6-rg;
route 2001:468::/32 {
reject;
install;
readvertise;
community 11537:950;
}
}
aggregate {
route 2001:468:0005::/48;
route 2001:468:ff:0500::/56;
}
}
rib inet.2 {
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
7.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
92.0.0.0/8 orlonger;
93.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
240.0.0.0/4 orlonger;
}
}
static {
rib-group static-rg;
defaults {
active;
}
route 198.32.8.0/22 {
discard;
community 11537:950;
}
route 198.32.154.0/24 {
discard;
community 11537:950;
}
/* Abilene Observatory */
route 198.32.12.0/22 {
discard;
community 11537:950;
}
route 64.57.16.0/20 {
discard;
community 11537:950;
}
}
martians {
0.0.0.0/8 orlonger;
1.0.0.0/8 orlonger;
2.0.0.0/8 orlonger;
5.0.0.0/8 orlonger;
10.0.0.0/8 orlonger;
23.0.0.0/8 orlonger;
27.0.0.0/8 orlonger;
31.0.0.0/8 orlonger;
36.0.0.0/8 orlonger;
37.0.0.0/8 orlonger;
39.0.0.0/8 orlonger;
42.0.0.0/8 orlonger;
46.0.0.0/8 orlonger;
49.0.0.0/8 orlonger;
50.0.0.0/8 orlonger;
100.0.0.0/8 orlonger;
101.0.0.0/8 orlonger;
102.0.0.0/8 orlonger;
103.0.0.0/8 orlonger;
104.0.0.0/8 orlonger;
105.0.0.0/8 orlonger;
106.0.0.0/8 orlonger;
107.0.0.0/8 orlonger;
108.0.0.0/8 orlonger;
109.0.0.0/8 orlonger;
110.0.0.0/8 orlonger;
111.0.0.0/8 orlonger;
112.0.0.0/8 orlonger;
113.0.0.0/8 orlonger;
127.0.0.0/8 orlonger;
169.254.0.0/16 orlonger;
172.16.0.0/12 orlonger;
173.0.0.0/8 orlonger;
174.0.0.0/8 orlonger;
175.0.0.0/8 orlonger;
176.0.0.0/8 orlonger;
177.0.0.0/8 orlonger;
178.0.0.0/8 orlonger;
179.0.0.0/8 orlonger;
180.0.0.0/8 orlonger;
181.0.0.0/8 orlonger;
182.0.0.0/8 orlonger;
183.0.0.0/8 orlonger;
184.0.0.0/8 orlonger;
185.0.0.0/8 orlonger;
192.0.2.0/24 orlonger;
192.168.0.0/16 orlonger;
197.0.0.0/8 orlonger;
198.18.0.0/15 orlonger;
223.0.0.0/8 orlonger;
}
aggregate {
defaults {
community 11537:950;
discard;
}
route 64.57.16.0/21;
route 64.57.24.0/22;
route 64.57.28.0/22;
}
rib-groups {
if-rg {
import-rib [ inet.0 inet.2 ];
}
if6-rg {
import-rib [ inet6.0 inet6.2 ];
}
mcast-rpf-rg {
import-rib inet.2;
}
mcast-rpf6-rg {
import-rib inet6.2;
}
isis-rg {
import-rib [ inet.0 inet.2 ];
}
isis6-rg {
import-rib [ inet6.0 inet6.2 ];
}
static-rg {
import-rib [ inet.0 inet.2 ];
}
static6-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
router-id 64.57.28.244;
autonomous-system 11537;
multicast {
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope 224.0.1.3/32 {
prefix 224.0.1.3/32;
interface all;
}
scope SUN-NIS {
prefix 224.0.1.8/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MS-DS {
prefix 224.0.1.24/32;
interface all;
}
scope NBC-PRO {
prefix 224.0.1.25/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-DEVICE-DISC {
prefix 224.0.2.1/32;
interface all;
}
scope SUN-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost-1 {
prefix 224.77.0.0/16;
interface all;
}
scope Altiris {
prefix 225.1.2.3/32;
interface all;
}
scope Norton-Ghost-2 {
prefix 226.77.0.0/16;
interface all;
}
scope Norton-Ghost-3 {
prefix 229.55.150.208/32;
interface all;
}
scope ImageCast-1 {
prefix 234.42.42.40/30;
interface all;
}
scope ImageCast-2 {
prefix 234.142.142.42/31;
interface all;
}
scope ImageCast-3 {
prefix 234.142.142.44/30;
interface all;
}
scope ImageCast-4 {
prefix 234.142.142.48/28;
interface all;
}
scope ImageCast-5 {
prefix 234.142.142.64/26;
interface all;
}
scope ImageCast-6 {
prefix 234.142.142.128/29;
interface all;
}
scope ImageCast-7 {
prefix 234.142.142.136/30;
interface all;
}
scope ImageCast-8 {
prefix 234.142.142.140/31;
interface all;
}
scope ImageCast-9 {
prefix 234.142.142.142/32;
interface all;
}
ssm-groups 232.0.0.0/8;
forwarding-cache {
threshold {
suppress 50000;
reuse 25000;
}
}
}
}
protocols {
igmp {
interface all {
version 3;
}
}
mld {
interface all;
}
rsvp {
/* BACKBONE to LOSA */
interface so-0/0/0.0;
/* BACKBONE to ATLA */
interface so-0/2/0.0;
/* BACKBONE to KANS */
interface so-0/1/0.0;
}
mpls {
statistics {
file mpls-stat;
interval 60;
}
ipv6-tunneling;
optimize-timer 360;
preference 200;
label-switched-path HOUS->LOSA-I2 {
to 64.57.28.248;
fast-reroute;
}
label-switched-path HOUS->STTL {
to 198.32.8.200;
fast-reroute;
}
label-switched-path HOUS->ATLA {
to 64.57.28.243;
fast-reroute;
}
label-switched-path HOUS->CHIC {
to 64.57.28.241;
fast-reroute;
}
label-switched-path HOUS->KANS {
to 64.57.28.245;
fast-reroute;
}
label-switched-path HOUS->NEWY {
to 64.57.28.242;
fast-reroute;
}
label-switched-path HOUS->WASH {
to 64.57.28.249;
fast-reroute;
}
label-switched-path HOUS->SALT {
to 64.57.28.246;
fast-reroute;
}
/* BACKBONE to LOSA */
interface so-0/0/0.0;
/* BACKBONE to ATLA */
interface so-0/2/0.0;
/* BACKBONE to KANS */
interface so-0/1/0.0;
}
bgp {
log-updown;
group INTERNET2 {
type internal;
local-address 64.57.28.244;
family inet {
any;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 198.32.8.200 {
description STTLng;
}
neighbor 64.57.28.241 {
description CHIC;
}
neighbor 64.57.28.242 {
description NEWY;
}
neighbor 64.57.28.243 {
description ATLA;
}
neighbor 64.57.28.245 {
description KANS;
}
neighbor 64.57.28.246 {
description SALT;
}
inactive: neighbor 64.57.28.247 {
description SEAT;
}
neighbor 64.57.28.248 {
description LOSA;
}
neighbor 64.57.28.249 {
description WASH;
}
}
group INTERNET2-IPv6 {
type internal;
local-address 2001:468:3::1;
family inet6 {
any;
}
Authentication Data Removed
export NEXT-HOP-SELF;
peer-as 11537;
neighbor 2001:468:16::1 {
description "STTLng;";
}
neighbor 2001:468:1::1 {
description ATLA;
}
neighbor 2001:468:2::1 {
description CHIC;
}
neighbor 2001:468:4::1 {
description KANS;
}
neighbor 2001:468:5::1 {
description LOSA;
}
neighbor 2001:468:6::1 {
description NEWY;
}
neighbor 2001:468:7::1 {
description SALT;
}
inactive: neighbor 2001:468:8::1 {
description SEAT;
}
neighbor 2001:468:9::1 {
description WASH;
}
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
metric-out igp;
import REJECT-ALL;
}
group OTHER-INTERNAL {
type internal;
local-address 64.57.28.244;
import REJECT-ALL;
peer-as 11537;
neighbor 198.32.12.43 {
description "NMS3-DNVR Zebra BGPd";
local-address 198.32.12.41;
family inet {
unicast;
}
cluster 198.32.12.41;
}
neighbor 134.68.246.51 {
description "arbor21.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
family inet {
unicast;
}
cluster 134.68.246.51;
}
neighbor 156.56.103.99 {
description "IU ANML monitor--contact Ripley";
multihop {
ttl 10;
}
hold-time 65535;
family inet {
unicast;
}
}
neighbor 2001:18e8:2:403:202:b3ff:fe23:715a {
description "IU ANML monitor6";
multihop {
ttl 10;
}
local-address 2001:468:3::1;
family inet6 {
unicast;
}
}
neighbor 134.68.246.49 {
description "arbor11.ren-isac.net -- Arbor Peakflow [NO-MONITOR]";
family inet {
unicast;
}
cluster 134.68.246.49;
}
neighbor 64.57.16.133 {
description "NMS-RPSV Zebra BGPd";
local-address 64.57.16.129;
family inet {
unicast;
}
cluster 64.57.16.129;
}
neighbor 2001:468:3:11::16:133 {
description "NMS-RPSV Zebra BGPd V6 [NO-MONITOR]";
local-address 2001:468:3:11::1;
family inet6 {
unicast;
multicast;
}
}
}
group CONNECTOR {
type external;
metric-out igp;
/* Multihop needs to be enabled to support discard routing */
multihop {
ttl 1;
}
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ];
remove-private;
neighbor 74.200.187.6 {
description "LEARN Houston Router";
import [ SANITY-IN LEARN-IN CONNECTOR-IN ];
Authentication Data Removed
peer-as 14085;
}
}
group CONNECTOR6 {
type external;
metric-out igp;
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ];
remove-private;
neighbor 2001:468:ff:115e::2 {
description "LEARN IPv6";
import [ SANITY6 SET-PREF LEARN-IN6 ];
Authentication Data Removed
peer-as 14085;
}
}
inactive: group FEDNET {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 FEDNET-OUT ];
remove-private;
}
inactive: group FEDNET6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER FEDNET-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 FEDNET-OUT6 ];
remove-private;
}
inactive: group ISP-MCAST {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ISP-MCAST-IN ];
family inet {
multicast {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ISP-MCAST-OUT ];
remove-private;
}
inactive: group ISP-V6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ISP-V6-IN ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ISP-V6-OUT ];
remove-private;
}
group ITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER ITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 ITN-OUT ];
remove-private;
neighbor 200.23.60.121 {
description "CUDI via LEARN";
family inet {
any;
}
Authentication Data Removed
peer-as 18592;
}
}
group ITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER ITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
remove-private;
neighbor 2001:468:ff:03c1::2 {
description "CUDI via LEARN";
multihop {
ttl 10;
}
family inet6 {
unicast;
}
Authentication Data Removed
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 ITN-OUT6 ];
peer-as 18592;
}
}
inactive: group NONITN {
type external;
metric-out igp;
import [ SANITY-IN REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN ];
family inet {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY-OUT REMOVE-COMMS-OUT ORIGINATE4 NONITN-OUT ];
remove-private;
}
inactive: group NONITN6 {
type external;
metric-out igp;
import [ SANITY6 REMOVE-COMMS-IN SET-PREF-PEER NONITN-IN6 ];
family inet6 {
any {
prefix-limit {
maximum 3000;
teardown 90;
}
}
}
export [ SANITY6 REMOVE-COMMS-OUT ORIGINATE6 NONITN-OUT6 ];
remove-private;
}
}
isis {
export V6-IGP-AGG;
spf-delay 200;
no-authentication-check;
rib-group {
inet isis-rg;
inet6 isis6-rg;
}
level 2 wide-metrics-only;
/* Backbone to LOSA */
interface so-0/0/0.0 {
level 1 disable;
level 2 metric 1705;
}
/* Backbone to KANS */
interface so-0/1/0.0 {
level 1 disable;
level 2 metric 818;
}
/* Backbone to ATLA */
interface so-0/2/0.0 {
level 1 disable;
level 2 metric 1385;
}
interface ge-2/1/1.0;
interface ge-2/1/1.12 {
level 1 disable;
level 2 passive;
}
interface ge-2/1/2.0 {
level 1 disable;
level 2 passive;
}
interface ge-2/1/3.0 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.11 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.20 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.21 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.30 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.31 {
level 1 disable;
level 2 passive;
}
interface ge-3/1/0.50 {
level 1 disable;
level 2 metric 9999;
}
interface lo0.0 {
level 1 disable;
level 2 passive;
}
}
msdp {
rib-group mcast-rpf-rg;
group INTERNET2 {
mode mesh-group;
local-address 64.57.28.244;
/* HSTNng */
peer 198.32.8.195;
/* KSCYng */
peer 198.32.8.197;
/* LOSAng */
peer 198.32.8.198;
/* STTLng */
peer 198.32.8.200;
/* SNVAng */
peer 198.32.8.201;
/* ATLAng-m5 */
peer 198.32.8.203;
/* CHIC */
peer 64.57.28.241;
/* NEWY */
peer 64.57.28.242;
/* ATLA */
peer 64.57.28.243;
/* KANS */
peer 64.57.28.245;
/* SALT */
peer 64.57.28.246;
/* SEAT */
inactive: peer 64.57.28.247;
/* LOSA */
peer 64.57.28.248;
/* WASH */
peer 64.57.28.249;
}
group CONNECTOR {
export MSDP-FILTER;
import MSDP-FILTER;
/* LEARN-Houston */
peer 74.200.187.6 {
local-address 74.200.187.5;
}
}
inactive: group FEDNET {
export MSDP-FILTER;
import MSDP-FILTER;
}
group ITN {
export MSDP-FILTER;
import MSDP-FILTER;
/* CUDI via LEARN */
peer 200.23.60.121 {
local-address 200.23.60.122;
}
}
inactive: group NONITN {
export MSDP-FILTER;
import MSDP-FILTER;
}
/* Use OTHER group for sessions to route-servers, monitoring hosts, etc */
inactive: group OTHER {
export MSDP-FILTER;
import REJECT-ALL;
}
}
pim {
rib-group {
inet mcast-rpf-rg;
inet6 mcast-rpf6-rg;
}
import pim-join-filter;
rp {
bootstrap-import REJECT-ALL;
bootstrap-export REJECT-ALL;
local {
family inet {
address 198.32.8.238;
group-ranges {
224.0.0.0/4;
}
}
}
embedded-rp;
static {
address 2001:468::1 {
group-ranges {
ff05::/16;
}
}
address 2001:660:3007:300:1:: {
group-ranges {
ff0e::/16;
ff1e::/16;
}
}
address 2001:700:e000:501::2 {
group-ranges {
ff3e:30:2001:700::/64;
}
}
}
}
interface all {
mode sparse;
version 2;
}
interface fxp0.0 {
disable;
}
interface so-3/0/0.0 {
disable;
}
}
}
policy-options {
prefix-list ALLOW-ALL {
0.0.0.0/0;
}
prefix-list MATCH-ALL {
0.0.0.0/0;
}
prefix-list BGP-PEERS {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list MSDP-PEERS {
apply-path "protocols msdp group <*> peer <*>";
}
Prefix Stanza Removed
prefix-list BGP-PEERS6 {
apply-path "protocols bgp group <*> neighbor <*:*>";
}
/* List of prefixes which Abilene originates */
prefix-list INTERNAL {
/* Internet2 Backbone */
64.57.16.0/20;
/* Abilene Backbone */
198.32.8.0/22;
/* Abilene Observatory */
198.32.12.0/22;
/* MANLAN */
198.32.154.0/24;
}
/* List of IPv6 prefixes Abilene originates */
prefix-list INTERNAL6 {
2001:468::/32;
}
Prefix Stanza Removed
prefix-list QUERY-HOSTS-INTERNAL {
/* nocmon.net.internet2.edu -- temp monitoring host */
64.57.25.18/32;
/* winger.uits.iu.edu -- snapp */
129.79.6.137/32;
/* pine.ucs.indiana.edu -- sweeny */
129.79.9.1/32;
/* alertmon-dev.grnoc.iu.edu */
129.79.216.72/32;
/* dc-snmp.wcc.grnoc.iu.edu */
129.79.216.79/32;
/* dc-1.grnoc.iu.edu -- SNMP Data Collector */
134.68.107.22/32;
/* snmp.grnoc.iu.edu -- SNMP Data Collection */
134.68.107.23/32;
134.68.107.113/32;
/* mon-dev.grnoc.iu.edu */
134.68.107.123/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
}
prefix-list QUERY-HOSTS-EXTERNAL {
/* Boston University--ticket#11647 */
128.197.10.4/32;
/* Boston University--ticket#11647 */
128.197.11.51/32;
/* Boston University--ticket#11647 */
128.197.11.223/32;
/* Boston University--ticket#11647 */
128.197.11.224/32;
/* added ndb2-blmt to QUERY-HOSTS-EXTERNAL */
129.79.5.18/32;
/* arbor11.ren-isac.net -- Arbor Peakflow1 */
134.68.246.49/32;
/* arbor21.ren-isac.net -- Arbor Peakflow2 */
134.68.246.51/32;
/* ANML - ArborNetworks */
156.56.103.9/32;
/* ANML - ArborNetworks */
156.56.103.10/32;
/* ANML - ArborNetworks */
156.56.103.11/32;
/* ANML - ArborNetworks */
156.56.103.12/32;
/* ANML - ArborNetworks */
156.56.103.53/32;
/* Ohio ITEC - nf6.itec.oar.net */
192.148.251.26/32;
/* Ohio ITEC - nf7.itec.oar.net */
192.148.251.27/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
198.108.90.142/32;
/* Internet2 - thunderbird.internet2.edu - ticket# 5679 */
207.75.164.95/32;
/* netflow2.internet2.edu -- I2 Netflow Collector */
207.75.165.99/32;
}
prefix-list TACACS-SERVERS {
/* tacacs2.grnoc.iu.edu */
129.79.216.162/32;
/* tacacs.grnoc.iu.edu */
134.68.107.17/32;
}
Prefix Stanza Removed
prefix-list DNS-SERVERS {
129.79.5.100/32;
134.68.1.9/32;
}
prefix-list NTP-SERVERS {
/* ntp.indiana.edu */
129.79.5.100/32;
/* ntp-1.gw.uiuc.edu */
130.126.24.24/32;
/* ns.iupui.edu */
134.68.1.9/32;
/* ntp-e.abilene.ucaid.edu */
198.32.10.254/32;
/* ntp-w.abilene.ucaid.edu */
198.32.11.141/32;
}
prefix-list RADIUS-SERVERS {
129.79.216.162/32;
134.68.107.17/32;
}
prefix-list BGP-PEERS-CPS {
apply-path "routing-instances cps protocols bgp group <*> neighbor <*>";
}
prefix-list LEARN-PARTICIPANT {
74.200.187.0/24;
128.42.0.0/16;
128.62.0.0/16;
128.83.0.0/16;
128.194.0.0/16;
128.249.0.0/16;
129.7.0.0/16;
129.62.0.0/16;
129.107.0.0/16;
129.108.0.0/16;
129.110.0.0/16;
129.112.0.0/16;
129.114.0.0/16;
129.116.0.0/16;
129.118.0.0/16;
129.119.0.0/16;
129.120.0.0/16;
129.162.0.0/16;
138.237.0.0/16;
144.96.0.0/16;
146.6.0.0/16;
148.210.0.0/16;
162.121.0.0/16;
165.91.0.0/16;
165.95.232.0/21;
168.70.0.0/16;
170.57.0.0/16;
192.31.88.0/24;
192.58.120.0/24;
192.68.30.0/24;
192.70.161.0/24;
192.70.188.0/24;
192.88.12.0/24;
192.124.35.0/24;
192.124.230.0/24;
192.136.144.0/24;
192.136.146.0/24;
192.136.151.0/24;
192.136.152.0/24;
192.136.153.0/24;
192.138.193.0/24;
192.138.194.0/24;
192.147.26.0/24;
192.225.19.0/24;
198.32.236.0/24;
199.165.152.0/24;
199.165.153.0/24;
199.165.154.0/24;
199.242.234.0/23;
199.242.236.0/22;
199.249.214.0/24;
206.223.141.0/24;
207.231.32.0/19;
208.76.227.128/25;
208.117.128.0/18;
209.21.112.0/20;
216.38.80.0/24;
}
prefix-list LEARN-PARTICIPANT6 {
2001:468:1700::/40;
2001:468:1a00::/40;
2001:468:1d00::/40;
2620:0:270::/48;
}
prefix-list LEARN-SPONSORED {
192.48.134.0/24;
192.48.135.0/24;
198.32.233.0/24;
216.7.224.0/19;
216.38.80.0/24;
216.38.81.0/24;
216.248.208.0/20;
}
prefix-list LEARN-SEGP {
65.69.26.0/23;
66.64.64.0/19;
66.218.144.0/20;
67.207.0.0/19;
69.41.16.0/20;
69.62.0.0/17;
129.106.0.0/16;
129.109.0.0/16;
129.111.0.0/16;
129.113.0.0/16;
129.115.0.0/16;
129.207.0.0/16;
139.52.0.0/16;
139.94.0.0/16;
140.158.0.0/16;
143.111.0.0/16;
147.26.0.0/16;
161.109.0.0/16;
165.95.0.0/16;
168.171.0.0/16;
192.16.72.0/24;
192.58.110.0/24;
192.58.111.0/24;
192.58.112.0/22;
192.58.114.0/24;
192.58.117.0/24;
192.133.126.0/24;
192.138.240.0/21;
192.150.93.0/24;
192.195.86.0/24;
192.195.87.0/24;
192.195.88.0/21;
198.38.64.0/21;
198.49.125.0/24;
198.64.7.0/24;
198.64.8.0/21;
198.64.16.0/20;
198.64.32.0/20;
198.64.57.0/24;
198.133.222.0/24;
198.213.168.0/24;
198.216.112.0/22;
204.56.128.0/17;
204.158.32.0/21;
206.40.176.0/20;
206.76.12.0/23;
206.76.232.0/21;
206.77.0.0/19;
206.77.62.0/23;
206.77.64.0/19;
206.254.0.0/22;
206.254.184.0/22;
206.254.204.0/23;
207.80.8.0/24;
207.80.120.0/22;
216.213.192.0/18;
}
prefix-list CPS-LEARN {
64.92.176.0/20;
66.64.64.0/19;
128.62.0.0/16;
128.83.0.0/16;
128.194.0.0/16;
129.106.0.0/16;
129.107.0.0/16;
129.108.0.0/16;
129.109.0.0/16;
129.110.0.0/16;
129.111.0.0/16;
129.113.0.0/16;
129.114.0.0/17;
129.115.0.0/16;
129.116.0.0/16;
129.117.0.0/16;
129.207.0.0/16;
139.52.0.0/16;
139.94.0.0/16;
140.158.0.0/16;
143.111.0.0/16;
146.6.0.0/16;
147.26.0.0/16;
162.89.0.0/16;
165.91.0.0/16;
165.95.0.0/16;
192.12.10.0/24;
192.16.72.0/24;
192.58.109.0/24;
192.58.110.0/24;
192.58.111.0/24;
192.58.112.0/22;
192.58.114.0/24;
192.58.116.0/24;
192.58.117.0/24;
192.105.235.0/24;
192.124.225.0/24;
192.124.226.0/24;
192.124.227.0/24;
192.124.228.0/24;
192.124.229.0/24;
192.124.230.0/24;
192.133.17.0/24;
192.138.240.0/21;
192.150.93.0/24;
192.195.86.0/24;
192.195.87.0/24;
192.206.244.0/22;
192.231.41.0/24;
198.17.195.0/24;
198.22.91.0/24;
198.38.64.0/21;
198.97.62.0/24;
198.147.138.0/23;
198.153.169.0/24;
198.213.0.0/16;
198.214.0.0/16;
198.215.0.0/16;
198.216.0.0/16;
199.233.119.0/24;
204.56.128.0/17;
204.158.0.0/16;
205.165.0.0/16;
206.40.176.0/20;
206.76.0.0/16;
206.77.0.0/16;
206.254.0.0/16;
207.64.0.0/16;
207.80.0.0/16;
209.21.112.0/20;
216.7.224.0/19;
216.38.84.0/22;
}
prefix-list BGP-PEERS6-CPS {
apply-path "routing-instances cps protocols bgp group CONNECTORS6 neighbor <*>";
}
prefix-list OBSERVATORY-SSH {
/* sysmon.grnoc.iu.edu */
134.68.107.4/32;
/* login.net.internet2.edu */
134.68.107.10/32;
/* nms-base */
134.68.107.34/32;
/* nms-login */
134.68.107.36/32;
/* skip */
134.68.142.50/32;
/* nocmon.grnoc.iu.edu */
149.165.129.24/32;
/* jump */
192.12.206.196/32;
}
prefix-list OBSERVATORY-SSH6 {
0::0/0;
}
policy-statement CONNECTOR-IN {
/* remove BGP communities which connectors should not announce */
term remove-comms {
then {
community delete LOW-PEERS;
community delete HIGH-PEERS;
next term;
}
}
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
to rib inet.0;
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop 198.32.11.7;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.0;
then {
community add PARTICIPANT;
accept;
}
}
term allow-multicast {
from {
route-filter 0.0.0.0/0 upto /27;
}
to rib inet.2;
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-IN {
term discard {
from {
community DISCARD;
/* only allow /24-/32 masks for discard routes */
route-filter 0.0.0.0/0 prefix-length-range /24-/32;
}
then {
/* add no-export so these are leaked outside of Abilene */
community add NO-EXPORT;
/* set next-hop to the destination-address on the dsc.0 interface */
next-hop discard;
accept;
}
}
/* allow unicast routes upto /27; note: routes have already passed the individual connector policy */
term allow-unicast {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community add CPS-CONNECTOR;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT {
/* announce routes from CPS peer networks */
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
}
then accept;
}
term announce-internal {
from {
protocol static;
route-filter 198.32.9.0/24 exact;
route-filter 64.57.29.0/24 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-CONNECTOR-OUT6 {
term announce-peers {
from {
protocol bgp;
community CPS-PEERS;
family inet6;
}
then accept;
}
term announce-internal {
from {
protocol static;
family inet6;
route-filter 2001:468:ff00::/40 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-EXPORT {
term direct {
from protocol direct;
then {
community add CPS;
accept;
}
}
term bgp {
from protocol bgp;
then {
community add CPS;
accept;
}
}
term reject {
then reject;
}
}
policy-statement CPS-IMPORT {
term bgp {
from community CPS;
then accept;
}
term reject {
then reject;
}
}
policy-statement CPS-LEARN-IN {
term accept {
from {
protocol bgp;
prefix-list-filter CPS-LEARN exact;
}
then next policy;
}
term reject {
then reject;
}
}
/* import policy for FEDNET peers */
policy-statement FEDNET-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* import policy for IPv6 FEDNET peers */
policy-statement FEDNET-IN6 {
term set-community {
from protocol bgp;
then {
community add FEDNET;
accept;
}
}
}
/* export policy from FEDNET peers */
policy-statement FEDNET-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce ITN routes from peers w/exception to reach FEDNETs (ie IFTNs) */
term allow-iftn {
from {
protocol bgp;
community IFTN;
}
then accept;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement FEDNET-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* import policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term allow {
from protocol bgp;
to rib inet.2;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for mcast-only peerings with commercial ISPs */
policy-statement ISP-MCAST-OUT {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term allow {
from {
protocol bgp;
rib inet.2;
community PARTICIPANT;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv6-only peerings with commercial ISPs */
policy-statement ISP-V6-IN {
term allow {
from protocol bgp;
to rib inet6.0;
then {
community add COMMERCIAL-PEER;
accept;
}
}
term reject {
then reject;
}
}
/* export policy for IPv6-only peerings with commercial ISPs */
policy-statement ISP-V6-OUT {
term no-export {
from community BLOCK-TO-COMMERCIAL;
then reject;
}
/* only advertise participant routes */
term accept {
from {
protocol bgp;
community PARTICIPANT;
family inet6;
}
then accept;
}
term reject {
then reject;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement ITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term block-as112 {
from {
route-filter 192.175.48.0/24 orlonger;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
/* import policy for IPv6 ITN peerings */
policy-statement ITN-IN6 {
term set-community {
from protocol bgp;
then {
community add ITN;
accept;
}
}
}
policy-statement ITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or nonitn peers */
term block-fednet-nonitn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement ITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
policy-statement LEARN-IN {
term participant {
from {
protocol bgp;
prefix-list-filter LEARN-PARTICIPANT orlonger;
}
then next policy;
}
term segp {
from {
protocol bgp;
prefix-list-filter LEARN-SEGP orlonger;
}
then {
community add SEGP;
next policy;
}
}
term sponsored {
from {
protocol bgp;
prefix-list-filter LEARN-SPONSORED orlonger;
}
then {
community add SPONSORED;
next policy;
}
}
term reject {
then reject;
}
}
policy-statement LEARN-IN6 {
term accept {
from {
family inet6;
prefix-list-filter LEARN-PARTICIPANT6 exact;
}
then {
community add PARTICIPANT;
accept;
}
}
term reject {
then reject;
}
}
policy-statement MSDP-FILTER {
term bad-groups {
from {
route-filter 224.0.1.2/32 exact;
route-filter 224.0.1.3/32 exact;
route-filter 224.0.1.8/32 exact;
route-filter 224.0.1.22/32 exact;
route-filter 224.0.1.24/32 exact;
route-filter 224.0.1.25/32 exact;
route-filter 224.0.1.35/32 exact;
route-filter 224.0.1.39/32 exact;
route-filter 224.0.1.40/32 exact;
route-filter 224.0.1.60/32 exact;
route-filter 224.0.2.1/32 exact;
route-filter 224.0.2.2/32 exact;
route-filter 224.77.0.0/16 orlonger;
route-filter 225.1.2.3/32 exact;
route-filter 226.77.0.0/16 orlonger;
route-filter 229.55.150.208/32 exact;
route-filter 234.42.42.40/30 orlonger;
route-filter 234.142.142.42/31 orlonger;
route-filter 234.142.142.44/30 orlonger;
route-filter 234.142.142.48/28 orlonger;
route-filter 234.142.142.64/26 orlonger;
route-filter 234.142.142.128/29 orlonger;
route-filter 234.142.142.136/30 orlonger;
route-filter 234.142.142.140/31 orlonger;
route-filter 234.142.142.142/32 exact;
route-filter 232.0.0.0/8 orlonger;
route-filter 239.0.0.0/8 orlonger;
}
then reject;
}
term bad-sources {
from {
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term bad-planetlab {
from {
source-address-filter 198.32.154.179/32 exact;
source-address-filter 198.32.154.187/32 exact;
source-address-filter 198.32.154.195/32 exact;
source-address-filter 198.32.154.202/32 exact;
source-address-filter 198.32.154.210/32 exact;
source-address-filter 198.32.154.218/32 exact;
source-address-filter 198.32.154.226/32 exact;
source-address-filter 198.32.154.235/32 exact;
source-address-filter 198.32.154.243/32 exact;
source-address-filter 198.32.154.250/32 exact;
}
then reject;
}
term allow {
then accept;
}
}
policy-statement NEXT-HOP-SELF {
from protocol bgp;
then {
next-hop self;
}
}
/* import policy for IPv4 ITN peerings */
policy-statement NONITN-IN {
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
/* import policy for IPv6 NONITN peerings */
policy-statement NONITN-IN6 {
term set-community {
from protocol bgp;
then {
community add NONITN;
accept;
}
}
}
policy-statement NONITN-OUT {
/* don't announce small prefixes */
term block-long-prefixes {
from {
route-filter 0.0.0.0/0 prefix-length-range /28-/32;
}
then reject;
}
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* don't announce nlri=unicast routes from fednet or international peers */
term block-fednet-itn-unicast {
from {
protocol bgp;
rib inet.0;
/* note: community match is a logical OR */
community [ FEDNET ITN NONITN ];
}
then reject;
}
/* announce all other unicast and multicast routes */
term accept {
from protocol bgp;
then accept;
}
}
policy-statement NONITN-OUT6 {
/* don't announce these routes via nlri=unicast or multicast */
term block-unicast-multicast {
from {
protocol bgp;
community [ CONNECTOR-ONLY COMMERCIAL-PEER ];
}
then reject;
}
/* announce all other routes via nlri=unicast and multicast */
term allow {
from protocol bgp;
then accept;
}
}
/* Redistribute IPv4 aggregates from static into BGP */
policy-statement ORIGINATE4 {
term internal-addresses {
from {
protocol static;
prefix-list INTERNAL;
}
then accept;
}
}
/* Redistribute IPv6 aggregates from static into BGP */
policy-statement ORIGINATE6 {
/* announce the aggregate */
term announce-aggregates {
from {
protocol static;
prefix-list INTERNAL6;
}
then accept;
}
/* suppress the more specifics */
term block-more-specifics {
from {
route-filter 2001:468::/32 longer;
}
then reject;
}
}
policy-statement REJECT-ALL {
then reject;
}
/* Remove certain BGP communities on import - only applied to peers */
policy-statement REMOVE-COMMS-IN {
term remove {
then {
/* remove connector local-pref communities */
community delete HIGH;
community delete LOW;
/* remove discard community */
community delete DISCARD;
}
}
}
/* Remove certain BGP communities on export - applied to connectors and peers */
policy-statement REMOVE-COMMS-OUT {
term remove {
then {
/* remove connector and peer local-pref communities */
community delete HIGH-PEERS;
community delete LOW-PEERS;
community delete LOW;
community delete HIGH;
/* remove discard community */
community delete DISCARD;
}
}
}
/* reject routes we should never accept */
policy-statement SANITY-IN {
/* Reject any BGP prefix if a private AS is in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Reject any BGP NLRI=Unicast prefix if a commercial ISP's AS is in the path */
term block-commercial-asn {
from as-path COMMERCIAL;
to rib inet.0;
then reject;
}
term block-nlr-transit {
from as-path NLR;
then reject;
}
/* Reject BGP prefixes that should never appear in the routing table */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
/* Reject BGP prefixes which Abilene originates */
term block-internal {
from {
prefix-list INTERNAL;
}
then reject;
}
}
/* Block announcements for prefixes we should never announce */
policy-statement SANITY-OUT {
/* Don't annouce any route with a private AS in the path */
term block-private-asn {
from as-path PRIVATE;
then reject;
}
/* Don't announce NLRI=Unicast routes if a commercial ISP's AS is in the path */
term block-commercial-asn {
from {
rib inet.0;
as-path COMMERCIAL;
}
then reject;
}
/* Don't announce reserved and special prefixes */
term block-martians {
from {
/* default */
route-filter 0.0.0.0/0 exact;
/* rfc 1918 */
route-filter 10.0.0.0/8 orlonger;
/* rfc 3330 - loopback */
route-filter 127.0.0.0/8 orlonger;
/* rfc 3330 - link-local */
route-filter 169.254.0.0/16 orlonger;
/* rfc 1918 */
route-filter 172.16.0.0/12 orlonger;
/* iana reserved */
route-filter 192.0.2.0/24 orlonger;
/* 6to4 relay */
route-filter 192.88.99.1/32 exact;
/* rfc 1918 */
route-filter 192.168.0.0/16 orlonger;
/* rfc 2544 - network device benchmarking */
route-filter 198.18.0.0/15 orlonger;
/* rfc 3171 - multicast group addresses */
route-filter 224.0.0.0/4 orlonger;
/* rfc 3330 */
route-filter 240.0.0.0/4 orlonger;
}
then reject;
}
}
/* Block IPv6 routes that should never been accepted or announced */
policy-statement SANITY6 {
/* Block routes with a private AS in the path */
term block-private-asns {
from {
as-path PRIVATE;
family inet6;
}
then reject;
}
/* Only accept routes within certain allocated blocks */
term accept {
/* see http://www.iana.org/assignments/ipv6-unicast-address-assignments */
from {
route-filter 2001::/16 upto /49;
route-filter 2002::/16 exact;
route-filter 2003::/16 upto /49;
route-filter 2400::/12 upto /49;
route-filter 2600::/12 upto /49;
route-filter 2a00::/12 upto /49;
route-filter 2800::/12 upto /49;
route-filter 2001:b000::/20 upto /49;
route-filter 2c00::/12 upto /49;
route-filter 2610::/12 upto /49;
route-filter 2620::/12 upto /49;
}
then next policy;
}
term reject {
then reject;
}
}
/* set local-pref on connector routes based on communities */
policy-statement SET-PREF {
term high {
from community HIGH;
then {
local-preference 260;
next policy;
}
}
term low {
from community LOW;
then {
local-preference 140;
next policy;
}
}
term normal {
then {
local-preference 200;
}
}
}
/* set local-pref on peer routes based on communities */
policy-statement SET-PREF-PEER {
term high {
from community HIGH-PEERS;
then {
local-preference 160;
next policy;
}
}
term low {
from community LOW-PEERS;
then {
local-preference 40;
next pol