aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg23/templates/core.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg23/templates/core.conf')
-rw-r--r--examples/tg23/templates/core.conf853
1 files changed, 853 insertions, 0 deletions
diff --git a/examples/tg23/templates/core.conf b/examples/tg23/templates/core.conf
new file mode 100644
index 0000000..4c8ee54
--- /dev/null
+++ b/examples/tg23/templates/core.conf
@@ -0,0 +1,853 @@
+{# Query parameters: ?switch=e1-1 #}
+{%- if options["switch"] %}
+{%- set switch_name = options["switch"] %}
+{%- import "vars.conf" as v with context %}
+
+{% include "core-dynamic-networks.conf" %}
+
+{% include "core-routing.conf" %}
+
+{% include "global.conf" %}
+
+chassis {
+ redundancy {
+ graceful-switchover;
+ routing-engine 0 master;
+ routing-engine 1 backup;
+ failover {
+ on-loss-of-keepalives;
+ on-disk-failure;
+ }
+ }
+ fpc 2 {
+ pic 0 {
+ pic-mode 10G;
+ }
+ pic 1 {
+ pic-mode 10G;
+ }
+ }
+ fpc 3 {
+ pic 0 {
+ pic-mode 10G;
+ }
+ pic 1 {
+ pic-mode 10G;
+ }
+ }
+ fpc 4 {
+ pic 0 {
+ pic-mode 40G;
+ }
+ pic 1 {
+ pic-mode 100G;
+ }
+ }
+ fpc 5 {
+ pic 0 {
+ pic-mode 40G;
+ }
+ pic 1 {
+ pic-mode 100G;
+ }
+ }
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+ network-services enhanced-ip;
+}
+
+{# Static interfaces #}
+interfaces {
+ lo0 {
+ description "B: loopback interface";
+ unit 0 {
+ description "B: Loopback global routing table";
+ family inet {
+ address 185.110.148.0/32;
+ }
+ family inet6 {
+ address 2a06:5841:f:a::/128;
+ }
+ }
+ unit 1 {
+ description "B: Loopback NAT-WIFI routing instance";
+ family inet {
+ address 192.168.0.0/32;
+ }
+ family inet6 {
+ address 2a06:5841:f:e:b00b::/128;
+ }
+ }
+ unit 2 {
+ description "B: Loopback NAT-LAN routing instance";
+ family inet {
+ address 192.168.0.1/32;
+ }
+ family inet6 {
+ address 2a06:5841:f:e:d00d::/128;
+ }
+ }
+
+ }
+ xe-2/0/0 {
+ description "G: Telenor #1 (ae0)";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ xe-3/0/0 {
+ description "G: Telenor #2 (ae0)";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ xe-2/0/1 {
+ description "G: Telenor #3 (ae0)";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ xe-3/0/1 {
+ description "G: Telenor #4 (ae0)";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ xe-2/0/2 {
+ description "G: Telenor #5 (ae0)";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ xe-2/0/5 {
+ description "G: bamsemums #1 (ae2)";
+ gigether-options {
+ 802.3ad ae2;
+ }
+ }
+ xe-3/0/5 {
+ description "G: bamsemums #2 (ae2)";
+ gigether-options {
+ 802.3ad ae2;
+ }
+ }
+ xe-2/0/6 {
+ description "G: bamsemums #3 (ae2)";
+ gigether-options {
+ 802.3ad ae2;
+ }
+ }
+ xe-3/0/6 {
+ description "G: bamsemums #4 (ae2)";
+ gigether-options {
+ 802.3ad ae2;
+ }
+ }
+
+ xe-2/0/7 {
+ description "C: krokodille (storage) (ae3)";
+ gigether-options {
+ 802.3ad ae3;
+ }
+ }
+
+ xe-2/0/8 {
+ description "C: krokodille (storage) (ae3)";
+ gigether-options {
+ 802.3ad ae3;
+ }
+ }
+
+ xe-3/0/7 {
+ description "C: krokodille (storage) (ae3)";
+ gigether-options {
+ 802.3ad ae3;
+ }
+ }
+
+ xe-3/0/8 {
+ description "C: krokodille (storage) (ae3)";
+ gigether-options {
+ 802.3ad ae3;
+ }
+ }
+
+ et-4/0/2 {
+ description "G: r1.stand et-0/0/48 (ae12)";
+ gigether-options {
+ 802.3ad ae12;
+ }
+ }
+ et-5/0/2 {
+ description "G: r1.stand et-1/0/48 (ae12)";
+ gigether-options {
+ 802.3ad ae12;
+ }
+ }
+ et-4/0/0 {
+ description "G: d1.roof et-0/0/48 (ae10)";
+ gigether-options {
+ 802.3ad ae10;
+ }
+ }
+ et-5/0/0 {
+ description "G: d1.roof et-1/0/48 (ae10)";
+ gigether-options {
+ 802.3ad ae10;
+ }
+ }
+ et-4/0/1 {
+ description "G: d1.ring et-4/0/24 (4/noc) (ae11)";
+ gigether-options {
+ 802.3ad ae11;
+ }
+ }
+ et-5/0/1 {
+ description "G: d1.ring et-5/1/0 (5/tele) (ae11)";
+ gigether-options {
+ 802.3ad ae11;
+ }
+ }
+ et-4/0/3 {
+ description "G: natfw1.tele <et-1/0/0> (ae999) - node0";
+ gigether-options {
+ 802.3ad {
+ ae999;
+ primary;
+ }
+ }
+ }
+ et-4/1/2 {
+ description "C: dumle eth1 port mirror";
+ }
+
+ et-5/0/3 {
+ description "G: natfw1.tele <et-8/0/0> (ae999) - node1";
+ gigether-options {
+ 802.3ad {
+ ae999;
+ backup;
+ }
+ }
+ }
+ ae0 {
+ description "P: Telenor - AS2119 - (Telenor rtr: ti0010a400)";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family inet {
+ filter {
+ input internet-ingress-v4;
+ output internet-egress-v4;
+ }
+ address 193.212.22.2/30;
+ }
+ family inet6 {
+ filter {
+ input internet-ingress-v6;
+ output internet-egress-v6;
+ }
+ address 2001:4600:9:300::292/126;
+ }
+ }
+ }
+ ae2 {
+ description "C: bamsemums bond0";
+ flexible-vlan-tagging;
+ encapsulation flexible-ethernet-services;
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 100 {
+ description "C: bamsemums vm-host"
+ vlan-tags outer 100;
+ family inet {
+ address 185.110.148.32/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:b::0/127
+ }
+ }
+ unit 101 {
+ description "C: bamsemums tech-vms";
+ vlan-tags outer 101;
+ family inet {
+ address 185.110.148.97/27;
+ }
+ family inet6 {
+ address 2a06:5841:f:d::1/64;
+ }
+ }
+ unit 102 {
+ description "C: bamsemums vms";
+ vlan-tags outer 102;
+ family inet {
+ address 151.216.248.1/25;
+ }
+ family inet6 {
+ address 2a06:5841:100::1/64;
+ }
+ }
+ }
+
+ ae3 {
+ description "C: krokodille (storage) bond0";
+ flexible-vlan-tagging;
+ encapsulation flexible-ethernet-services;
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 100 {
+ description "C: krokodille vm-host";
+ vlan-tags outer 100;
+ family inet {
+ address 185.110.148.34/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:b::2/127;
+ }
+ }
+ unit 101 {
+ description "C: krokodille vms";
+ vlan-tags outer 101;
+ family inet {
+ address 151.216.248.129/28;
+ }
+ family inet6 {
+ address 2a06:5841:100:2::1/64;
+ }
+ }
+ }
+
+ ae10 {
+ description "B: d1.roof ae20";
+ flexible-vlan-tagging;
+ encapsulation flexible-ethernet-services;
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 666 {
+ description "B: d1.roof edge mgmt";
+ vlan-tags outer 666;
+ family inet {
+ address 151.216.130.1/24;
+ }
+ family inet6 {
+ address 2a06:5841:f:10::1/64;
+ }
+ }
+ unit 667 {
+ description "B: d1.roof distro mgmt";
+ vlan-tags outer 667;
+ family inet {
+ address 185.110.148.17/28;
+ }
+ family inet6 {
+ address 2a06:5841:f:11::1/64;
+ }
+ }
+ unit 777 {
+ description "B: d1.roof AP mgmt";
+ encapsulation vlan-bridge;
+ vlan-id 777;
+ }
+ unit 778 {
+ description "C: d1.roof wifi clients";
+ encapsulation vlan-bridge;
+ vlan-id 778;
+ }
+ }
+ ae11 {
+ description "B: d1.ring ae0";
+ flexible-vlan-tagging;
+ encapsulation flexible-ethernet-services;
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 10 {
+ description "C: southcam - VLAN 10 (static-ip)";
+ vlan-tags outer 10;
+ family inet {
+ address 192.168.0.9/30;
+ }
+ }
+ unit 11 {
+ description "C: tele-ipmi - VLAN 11 (static-ip)";
+ vlan-tags outer 11;
+ family inet {
+ address 185.110.148.41/29;
+ }
+ family inet6 {
+ address 2a06:5841:f:f::1/64;
+ }
+ }
+ unit 20 {
+ description "C:s1.tele mgmt and lab (static-ip)";
+ vlan-id 20;
+ family inet {
+ address 185.110.148.177/28;
+ }
+ family inet6 {
+ address 2a06:5841:f:1336::1/64;
+ }
+ }
+ unit 666 {
+ description "B: d1.ring edge mgmt";
+ vlan-tags outer 666;
+ family inet {
+ address 151.216.131.1/25;
+ }
+ family inet6 {
+ address 2a06:5841:f:20::1/64;
+ }
+ }
+ unit 667 {
+ description "B: d1.ring distro mgmt";
+ vlan-tags outer 667;
+ family inet {
+ address 185.110.148.9/29;
+ }
+ family inet6 {
+ address 2a06:5841:f:21::1/64;
+ }
+ }
+ unit 777 {
+ description "B: d1.ring AP mgmt";
+ encapsulation vlan-bridge;
+ vlan-id 777;
+ }
+ unit 778 {
+ description "C: d1.ring wifi clients";
+ encapsulation vlan-bridge;
+ vlan-id 778;
+ }
+ }
+ ae12 {
+ description "B: r1.stand ae0";
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 0 {
+ family inet {
+ address 185.110.148.160/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:100::1/64;
+ }
+ }
+ }
+ ae999 {
+ description "B: natfw1.tele reth0";
+ vlan-tagging;
+ aggregated-ether-options {
+ link-protection;
+ }
+ unit 10 {
+ description OUTSIDE/INET;
+ vlan-id 10;
+ family inet {
+ address 185.110.148.162/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:101::/127;
+ }
+ }
+ unit 20 {
+ description NAT-WIFI;
+ vlan-id 20;
+ family inet {
+ address 185.110.148.164/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:101::2/127;
+ }
+ }
+ unit 30 {
+ description NAT-LAN;
+ vlan-id 30;
+ family inet {
+ address 185.110.148.166/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:101::4/127;
+ }
+ }
+ }
+ irb {
+ unit 777 {
+ description "B: wifi AP mgmt";
+ family inet {
+ address 151.216.131.129/25;
+ }
+ family inet6 {
+ address 2a06:5841:f:12::1/64;
+ }
+ }
+ unit 778 {
+ description "B: wifi clients";
+ family inet {
+ address 151.216.144.1/20;
+ }
+ family inet6 {
+ address 2a06:5841:6e::1/64;
+ }
+ }
+ }
+}
+
+bridge-domains {
+ BD-WIFI-MGMT {
+ domain-type bridge;
+ vlan-id 777;
+ interface ae10.777;
+ interface ae11.777;
+ routing-interface irb.777;
+ }
+ BD-WIFI-NAT {
+ domain-type bridge;
+ vlan-id 778;
+ interface ae10.778;
+ interface ae11.778;
+ routing-interface irb.778;
+ }
+}
+
+
+{# Static forwarding options for mgmt #}
+forwarding-options {
+ storm-control-profiles default {
+ all;
+ }
+ dhcp-relay {
+ dhcpv6 {
+ overrides {
+ allow-snooped-clients;
+ }
+ group all-networks {
+ active-server-group v6-dhcp;
+ route-suppression access-internal;
+ interface irb.777;
+ interface irb.778;
+ interface ae2.102;
+ interface ae10.666;
+ interface ae10.667;
+ interface ae11.666;
+ interface ae11.667;
+ interface ae999.10;
+ }
+ server-group {
+ v6-dhcp {
+ 2a06:5841:f:d::98;
+ }
+ }
+ }
+ server-group {
+ v4-dhcp {
+ 185.110.148.98;
+ }
+ }
+ group all-networks {
+ active-server-group v4-dhcp;
+ overrides {
+ allow-snooped-clients;
+ trust-option-82;
+ }
+ route-suppression {
+ access-internal;
+ }
+ interface irb.777;
+ interface irb.778;
+ interface ae2.102;
+ interface ae10.666;
+ interface ae10.667;
+ interface ae11.666;
+ interface ae11.667;
+ interface ae999.10;
+ }
+ }
+ analyzer {
+ INTERNETSPAM {
+ input {
+ ingress {
+ interface ae0.0;
+ }
+ egress {
+ interface ae0.0;
+ }
+ }
+ output {
+ interface et-4/1/2.0;
+ }
+ }
+ }
+}
+
+protocols {
+ lldp {
+ port-id-subtype interface-name;
+ port-description-type interface-description;
+ interface all;
+ }
+ layer2-control {
+ nonstop-bridging;
+ }
+ router-advertisement{
+ interface irb.777 {
+ max-advertisement-interval 30;
+ managed-configuration;
+ other-stateful-configuration;
+ }
+ interface irb.778 {
+ max-advertisement-interval 30;
+ managed-configuration;
+ other-stateful-configuration;
+ }
+ }
+ sflow {
+ agent-id 185.110.148.0 inet6 2a06:5841:f:a::;
+ sample-rate {
+ ingress 1;
+ egress 1;
+ }
+ collector 185.110.148.137;
+ interfaces all-ports;
+ }
+}
+
+policy-options {
+ policy-statement static-to-ospf {
+ from protocol static;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+ policy-statement direct-to-ospf {
+ from protocol direct;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+ policy-statement telenor-in-v4 {
+ term accept-default {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term reject-all {
+ then reject;
+ }
+ }
+ policy-statement telenor-in-v6 {
+ term accept-default {
+ from {
+ route-filter ::/0 exact;
+ }
+ then accept;
+ }
+ term reject-all {
+ then reject;
+ }
+ }
+ policy-statement telenor-out-v4 {
+ term accept-our-routes {
+ from {
+ route-filter 88.92.0.0/17 exact;
+ route-filter 151.216.128.0/17 exact;
+ route-filter 194.143.120.0/21 upto /24;
+ route-filter 185.110.148.0/22 upto /24;
+ }
+ then accept;
+ }
+ term reject-all {
+ then reject;
+ }
+ }
+ policy-statement telenor-out-v6 {
+ term accept-our-routes {
+ from {
+ route-filter 2a06:5840::/29 exact;
+ }
+ then accept;
+ }
+ term reject-all {
+ then reject;
+ }
+ }
+ policy-statement v4-default-from-bgp {
+ from {
+ protocol bgp;
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ policy-statement v6-default-from-bgp {
+ from {
+ protocol bgp;
+ route-filter ::0/0 exact;
+ }
+ then accept;
+ }
+ policy-statement v4-from-direct-to-ospf {
+ from protocol direct;
+ then accept;
+ }
+ policy-statement v4-only-default-from-ospf {
+ term FROM-OSPF {
+ from {
+ protocol ospf;
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ then reject;
+ }
+ policy-statement v6-from-direct-to-ospf {
+ from protocol direct;
+ then accept;
+ }
+ policy-statement v6-only-default-from-ospf {
+ term FROM-OSPF {
+ from {
+ protocol ospf;
+ route-filter ::0/0 exact;
+ }
+ then accept;
+ }
+ then reject;
+ }
+}
+firewall {
+ family inet {
+ filter internet-ingress-v4 {
+ interface-specific;
+ term count-our {
+ from {
+ source-address {
+ 88.92.0.0/17;
+ 185.110.148.0/22;
+ 151.216.128.0/17;
+ }
+ }
+ then {
+ count count-our;
+ accept;
+ }
+ }
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ filter internet-egress-v4 {
+ interface-specific;
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ }
+ family inet6 {
+ filter internet-ingress-v6 {
+ interface-specific;
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ filter internet-egress-v6 {
+ interface-specific;
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ }
+}
+
+services {
+ analytics {
+ streaming-server graph.lasse.cloud {
+ remote-address 195.47.216.71;
+ remote-port 30001;
+ }
+ /* Jonas L test VM */
+ streaming-server vm-ovemy.tg23.gathering.org {
+ remote-address 151.216.249.31;
+ remote-port 30002;
+ }
+ streaming-server gondul.tg23.gathering.org {
+ remote-address 185.110.148.105;
+ remote-port 5015;
+ }
+ export-profile export_often {
+ local-address 185.110.148.0;
+ local-port 20002;
+ reporting-rate 10;
+ format gpb;
+ transport udp;
+ }
+ export-profile JONAS-TEST {
+ local-address 185.110.148.0;
+ local-port 20000;
+ reporting-rate 1;
+ format gpb;
+ transport udp;
+ }
+ sensor junos_system_linecard_interface_traffic {
+ server-name [ graph.lasse.cloud vm-ovemy.tg23.gathering.org gondul.tg23.gathering.org ];
+ export-name export_often;
+ resource /junos/system/linecard/interface/traffic/;
+ }
+ sensor junos_system_linecard_logical {
+ server-name graph.lasse.cloud;
+ export-name export_often;
+ resource /junos/system/linecard/interface/logical/usage/;
+ }
+ sensor DDOS {
+ server-name vm-ovemy.tg23.gathering.org;
+ export-name JONAS-TEST;
+ resource /junos/system/linecard/ddos/;
+ }
+ }
+}
+
+{% else %}
+Unsupported option. Please use
+"?switch=switch_name"
+{% endif %}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 15:56:50 +0000