## Last changed: 2019-04-18 15:01:18 CEST ## Image name: jinstall-host-qfx-5-17.3R3.10-signed.tgz version 17.3R3.10; system { host-name r1.tele; # Tar snapshot fra backup til primærpartisjon dersom primær ikke kommer # opp ved boot. Etter dette er gjort, rebooter switchen. auto-snapshot; domain-name tg19.gathering.org; time-zone Europe/Oslo; authentication-order tacplus; root-authentication { encrypted-password ""; } name-server { 2a06:5841:a:103::62; 2a06:5841:a:104::126; } tacplus-server { 134.90.150.164 secret ""; 2a02:20c8:1930::164 secret ""; } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; protocol-version v2; client-alive-count-max 2; client-alive-interval 300; connection-limit 50; rate-limit 5; } netconf { ssh { port 830; } } dhcp-local-server { traceoptions { file log-dhcp size 10000000; flag all; } dhcpv6 { group tele-v6 { interface irb.103; } } group tele-v4 { interface irb.103; } } } syslog { user * { any emergency; } host log.tg19.gathering.org { any warning; authorization info; daemon warning; user warning; change-log any; interactive-commands any; match "!(.*License.*)"; allow-duplicates; facility-override local7; explicit-priority; } /* Local logging of syslog message */ file messages { any notice; authorization info; match "!(.*License.*)"; } /* Local logging of all user-commands typed in the CLI */ file interactive-commands { interactive-commands any; match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; } } /* Save changes to central site */ archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; ntp { /* ntp.uio.no */ server 2001:700:100:2::6; } } chassis { redundancy { graceful-switchover; } aggregated-devices { ethernet { device-count 50; } } alarm { management-ethernet { link-down ignore; } } } services { analytics { resource { system { polling-interval { traffic-monitoring 10; } } } streaming-server telemetry_server { remote-address 185.110.149.4; remote-port 5015; } export-profile export_20302 { local-address 185.110.148.64; local-port 20302; reporting-rate 60; format gpb; transport udp; } sensor junos_system_linecard_interface { server-name telemetry_server; export-name export_20302; resource /junos/system/linecard/interface/; } sensor junos_system_linecard_interface_logical_usage { server-name telemetry_server; export-name export_20302; resource /junos/system/linecard/interface/logical/usage/; } sensor optics { server-name telemetry_server; export-name export_20302; resource /junos/system/linecard/optics/; } } } security { ssh-known-hosts { host { ecdsa-sha2-nistp256-key ; } } } interfaces { interface-range all-ports { member ge-*/*/*; member xe-*/*/*; member et-*/*/*; } ge-0/0/0 { description "C: Taempnett Tele"; unit 0 { family ethernet-switching { interface-mode access; vlan { members testnett; } } } } ge-0/0/1 { description "C: Tempnett Tele"; unit 0 { family ethernet-switching { interface-mode access; vlan { members testnett; } } } } ge-0/0/10 { description TeleCam; unit 0 { family ethernet-switching { vlan { members testnett; } } } } xe-0/0/24 { ether-options { 802.3ad ae5; } } xe-0/0/25 { ether-options { 802.3ad ae8; } } ge-0/0/34 { description "C: ME IPME"; unit 0 { family ethernet-switching { vlan { members vlan100; } } } } xe-0/0/41 { description "G: r1.tele (xe-0/0/42) loop-kabel for redundans"; ether-options { 802.3ad ae7; } } xe-0/0/42 { description "G: r1.tele (xe-0/0/41) loop-kabel for redundans"; ether-options { 802.3ad ae6; } } xe-0/0/43 { description "G: r1.tele (xe-0/0/44) loop-kabel for redundans"; ether-options { 802.3ad ae7; } } xe-0/0/44 { description "G: r1.tele (xe-0/0/43) loop-kabel for redundans"; ether-options { 802.3ad ae6; } } xe-0/0/45 { description "G: Telenor (ae0)"; ether-options { 802.3ad ae0; } } xe-0/0/46 { description "G: Telenor (ae0)"; ether-options { 802.3ad ae0; } } xe-0/0/47 { description "G: Telenor (ae0)"; ether-options { 802.3ad ae0; } } et-0/0/50 { description "G: r1.ring (ae3)"; ether-options { 802.3ad ae3; } } et-0/0/51 { description "G: r1.noc (ae0)"; ether-options { 802.3ad ae2; } } et-0/0/52 { description "G: fw.tele (X)"; ether-options { 802.3ad ae1; } } et-0/0/53 { description "G: r1.stand (ae4)"; ether-options { 802.3ad ae4; } } ge-1/0/0 { description "C: Taempnett Tele"; unit 0 { family ethernet-switching { interface-mode access; vlan { members testnett; } } } } ge-1/0/1 { description "C: Tempnett Tele"; unit 0 { family ethernet-switching { interface-mode access; vlan { members testnett; } } } } xe-1/0/24 { ether-options { 802.3ad ae5; } } xe-1/0/25 { ether-options { 802.3ad ae8; } } ge-1/0/34 { description "C: GREATGIVING IPME"; unit 0 { family ethernet-switching { vlan { members vlan100; } } } } xe-1/0/41 { description "G: r1.tele (xe-1/0/42) loop-kabel for redundans"; ether-options { 802.3ad ae7; } } xe-1/0/42 { description "G: r1.tele (xe-1/0/41) loop-kabel for redundans"; ether-options { 802.3ad ae6; } } xe-1/0/43 { description "G: r1.tele (xe-1/0/44) loop-kabel for redundans"; ether-options { 802.3ad ae7; } } xe-1/0/44 { description "G: r1.tele (xe-1/0/43) loop-kabel for redundans"; ether-options { 802.3ad ae6; } } xe-1/0/45 { description "G: Telenor (ae0)"; disable; ether-options { 802.3ad ae0; } } xe-1/0/46 { description "G: Telenor (ae0)"; ether-options { 802.3ad ae0; } } xe-1/0/47 { description "G: Telenor (ae0)"; ether-options { 802.3ad ae0; } } et-1/0/50 { description "G: r1.ring (ae3)"; ether-options { 802.3ad ae3; } } et-1/0/51 { description "G: r1.noc (ae0)"; ether-options { 802.3ad ae2; } } et-1/0/52 { description "G: fw1.tele (X)"; ether-options { 802.3ad ae1; } } et-1/0/53 { description "G: r1.stand (ae4)"; ether-options { 802.3ad ae4; } } ae0 { description "P: Telenor"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { filter { input internet-ingress-v4; output internet-egress-v4; } address 193.212.22.2/30; } family inet6 { filter { input internet-ingress-v6; output internet-egress-v6; } address 2001:4600:9:300::292/126; } } } ae1 { description "B: fw1.tele"; vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; } } unit 11 { description "B: fw1.tele outside"; vlan-id 11; family inet { address 185.110.148.128/31; } family inet6 { address 2a06:5841:f:f01::/127; } } unit 12 { description "B: fw1.tele inside"; vlan-id 12; family inet { address 185.110.148.130/31; } family inet6 { address 2a06:5841:f:f02::/127; } } } ae2 { description "B: r1.noc ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.134/31; } family inet6 { address 2a06:5841:f:f04::/127; } } } ae3 { description "B: r1.ring ae3"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.132/31; } family inet6 { address 2a06:5841:f:f03::/127; } } } ae4 { description "B: r1.stand ae1"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.138/31; } family inet6 { address 2a06:5841:f:f06::/127; } } } ae5 { description "C: me bond0"; vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ vlan100 vlan101 vlan102 ]; } } } } ae6 { description "G: r1.tele (ae7) loop-kabel for redundans"; unit 0 { family inet { address 185.110.148.162/31; } family inet6 { address 2a06:5841:f:f12::/127; } } } ae7 { description "G: r1.tele (ae6) loop-kabel for redundans"; unit 0 { family inet { address 185.110.148.163/31; } family inet6 { address 2a06:5841:f:f12::1/127; } } } ae8 { description "C: greatgiving.tele"; vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ vlan100 vlan101 vlan102 ]; } } } } em0 { unit 0 { family inet { dhcp; } } } em1 { unit 0 { family inet { address 169.254.0.2/24; } } } irb { unit 100 { description "C: Tele VM hosts vlan 100"; family inet { address 185.110.149.129/27; } family inet6 { address 2a06:5841:a:101::1/64; } } unit 101 { description "C: Tele tech-vm vlan 101"; family inet { address 185.110.149.1/26; } family inet6 { address 2a06:5841:a:103::1/64; } } unit 102 { description "C: Tele misc-vm vlan 102"; family inet { address 88.92.16.1/24; } family inet6 { address 2a06:5841:a:201::1/64; } } unit 103 { family inet { address 185.110.148.33/27; } family inet6 { address 2a06:5841:a:301::1/64; } } } lo0 { unit 0 { family inet { filter { input mgmt-v4; } address 127.0.0.1/32; address 185.110.148.64/32; } family inet6 { filter { input mgmt-v6; } address ::1/128; address 2a06:5841:f:e::64/128; } } } } snmp { contact NOC; community { authorization read-only; client-list-name mgmt; } community { authorization read-only; client-list-name mgmt; } } forwarding-options { storm-control-profiles default { all; } } routing-options { nonstop-routing; rib inet6.0 { static { route 2a06:5840::/29 discard; } } rib inet.0 { static { route 185.110.148.0/22 discard; route 88.92.0.0/17 discard; } } autonomous-system 21067; } protocols { igmp { interface irb.100 { version 2; } } router-advertisement { interface irb.103 { managed-configuration; other-stateful-configuration; } } ospf { export [ direct-to-ospf static-to-ospf ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae1.12; interface ae2.0; interface ae4.0; interface ae3.0; interface ae6.0; } } ospf3 { export [ direct-to-ospf static-to-ospf ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae1.12; interface ae2.0; interface ae4.0; interface ae3.0; interface ae6.0; } } lldp { interface all; } lldp-med { interface all; } igmp-snooping { vlan default; } sflow { agent-id 185.110.148.64; sample-rate { ingress 10000; egress 10000; } collector ; collector 185.110.149.139 { udp-port 6343; } interfaces all-ports; } } policy-options { prefix-list mgmt-v4 { } prefix-list mgmt-v6 { } /* Merged separate v4- og v6-lister */ prefix-list mgmt { apply-path "policy-options prefix-list <*>"; } policy-statement default-v4 { term default-only { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all { then reject; } } policy-statement default-v6 { term default-only { from { route-filter ::/0 exact; } then accept; } term reject-all { then reject; } } policy-statement direct-to-ospf { from protocol direct; then { external { type 1; } accept; } } policy-statement static-to-ospf { from protocol static; then { external { type 1; } accept; } } policy-statement telenor-in-v4 { term accept-default { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all { then reject; } } policy-statement telenor-in-v6 { term accept-default { from { route-filter ::/0 exact; } then accept; } term reject-all { then reject; } } policy-statement telenor-out-v4 { term accept-our-routes { from { route-filter 88.92.0.0/17 exact; route-filter 194.143.120.0/21 upto /24; route-filter 185.110.148.0/22 upto /24; } then accept; } term reject-all { then reject; } } policy-statement telenor-out-v6 { term accept-our-routes { from { route-filter 2a06:5840::/29 exact; route-filter 2001:4610:7617::/48 exact; } then accept; } term reject-all { then reject; } } } firewall { family inet { filter mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } filter internet-ingress-v4 { interface-specific; term count-our { from { source-address { 88.92.0.0/17; 185.110.148.0/22; } } then { count count-our; accept; } } term accept-all { then { count accept-all; accept; } } } filter internet-egress-v4 { interface-specific; term accept-all { then { count accept-all; accept; } } } } family inet6 { filter mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } filter internet-ingress-v6 { interface-specific; term accept-all { then { count accept-all; accept; } } } filter internet-egress-v6 { interface-specific; term accept-all { then { count accept-all; accept; } } } } } access { address-assignment { pool tele-v4 { family inet { network 185.110.148.32/27; range tele-v4 { low 185.110.148.34; high 185.110.148.63; } dhcp-attributes { name-server { 1.1.1.1; } router { 185.110.148.33; } } } } pool tele-v6 { family inet6 { prefix 2a06:5841:a:301::0/64; range tele-v6 { low 2a06:5841:a:301::1337:1337:1/128; high 2a06:5841:a:301::1337:1337:ffff/128; } dhcp-attributes { dns-server { 2001:4860:4860::8888; 2001:4860:4860::8844; } } } } } } routing-instances { internet { instance-type vrf; interface ae0.0; interface ae1.11; interface ae7.0; interface lo0.0; route-distinguisher 21067:2; vrf-target target:21067:2; routing-options { rib internet.inet.0 { static { route 88.92.58.128/25 next-hop 88.92.58.1; route 88.92.0.0/17 discard; route 185.110.148.0/22 discard; route 194.143.120.0/21 discard; } } rib internet.inet6.0 { static { route 2a06:5840::/29 discard; route 2001:4610:7617::/48 discard; route 2001:4610:7618::/48 discard; } } router-id 185.110.148.64; } protocols { bgp { group telenor { authentication-key "";; peer-as 2119; neighbor 193.212.22.1 { import telenor-in-v4; export telenor-out-v4; } neighbor 2001:4600:9:300::291 { import telenor-in-v6; export telenor-out-v6; } } } ospf { export [ direct-to-ospf static-to-ospf default-v4 ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae1.11; interface ae7.0; } } ospf3 { export [ direct-to-ospf static-to-ospf default-v6 ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae1.11; interface ae7.0; } } } } } virtual-chassis { preprovisioned; no-split-detection; member 0 { role routing-engine; serial-number ; } member 1 { role routing-engine; serial-number ; } } vlans { testnett { description testnett-tele; vlan-id 103; l3-interface irb.103; } vlan100 { vlan-id 100; l3-interface irb.100; } vlan101 { vlan-id 101; l3-interface irb.101; } vlan102 { vlan-id 102; l3-interface irb.102; } }