{# Query parameters: ?switch=e1-1 #} {%- if options["switch"] %} {%- set switch_name = options["switch"] %} {%- import "vars.conf" as v with context %} {% include "core-dynamic-networks.conf" %} {% include "core-routing.conf" %} {% include "global.conf" %} chassis { redundancy { graceful-switchover; routing-engine 0 master; routing-engine 1 backup; failover { on-loss-of-keepalives; on-disk-failure; } } fpc 2 { pic 0 { pic-mode 10G; } pic 1 { pic-mode 10G; } } fpc 3 { pic 0 { pic-mode 10G; } pic 1 { pic-mode 10G; } } fpc 4 { pic 0 { pic-mode 40G; } pic 1 { pic-mode 100G; } } fpc 5 { pic 0 { pic-mode 40G; } pic 1 { pic-mode 100G; } } alarm { management-ethernet { link-down ignore; } } network-services enhanced-ip; } {# Static interfaces #} interfaces { lo0 { description "B: loopback interface"; unit 0 { description "B: Loopback global routing table"; family inet { address 185.110.148.0/32; } family inet6 { address 2a06:5841:f:a::/128; } } unit 1 { description "B: Loopback NAT-WIFI routing instance"; family inet { address 192.168.0.0/32; } family inet6 { address 2a06:5841:f:e:b00b::/128; } } unit 2 { description "B: Loopback NAT-LAN routing instance"; family inet { address 192.168.0.1/32; } family inet6 { address 2a06:5841:f:e:d00d::/128; } } } xe-2/0/0 { description "G: Telenor #1 (ae0)"; gigether-options { 802.3ad ae0; } } xe-3/0/0 { description "G: Telenor #2 (ae0)"; gigether-options { 802.3ad ae0; } } xe-2/0/1 { description "G: Telenor #3 (ae0)"; gigether-options { 802.3ad ae0; } } xe-3/0/1 { description "G: Telenor #4 (ae0)"; gigether-options { 802.3ad ae0; } } xe-2/0/2 { description "G: Telenor #5 (ae0)"; gigether-options { 802.3ad ae0; } } xe-2/0/5 { description "G: bamsemums #1 (ae2)"; gigether-options { 802.3ad ae2; } } xe-3/0/5 { description "G: bamsemums #2 (ae2)"; gigether-options { 802.3ad ae2; } } xe-2/0/6 { description "G: bamsemums #3 (ae2)"; gigether-options { 802.3ad ae2; } } xe-3/0/6 { description "G: bamsemums #4 (ae2)"; gigether-options { 802.3ad ae2; } } xe-2/0/7 { description "C: krokodille (storage) (ae3)"; gigether-options { 802.3ad ae3; } } xe-2/0/8 { description "C: krokodille (storage) (ae3)"; gigether-options { 802.3ad ae3; } } xe-3/0/7 { description "C: krokodille (storage) (ae3)"; gigether-options { 802.3ad ae3; } } xe-3/0/8 { description "C: krokodille (storage) (ae3)"; gigether-options { 802.3ad ae3; } } et-4/0/2 { description "G: r1.stand et-0/0/48 (ae12)"; gigether-options { 802.3ad ae12; } } et-5/0/2 { description "G: r1.stand et-1/0/48 (ae12)"; gigether-options { 802.3ad ae12; } } et-4/0/0 { description "G: d1.roof et-0/0/48 (ae10)"; gigether-options { 802.3ad ae10; } } et-5/0/0 { description "G: d1.roof et-1/0/48 (ae10)"; gigether-options { 802.3ad ae10; } } et-4/0/1 { description "G: d1.ring et-4/0/24 (4/noc) (ae11)"; gigether-options { 802.3ad ae11; } } et-5/0/1 { description "G: d1.ring et-5/1/0 (5/tele) (ae11)"; gigether-options { 802.3ad ae11; } } et-4/0/3 { description "G: natfw1.tele (ae999) - node0"; gigether-options { 802.3ad { ae999; primary; } } } et-4/1/2 { description "C: dumle eth1 port mirror"; } et-5/0/3 { description "G: natfw1.tele (ae999) - node1"; gigether-options { 802.3ad { ae999; backup; } } } ae0 { description "P: Telenor - AS2119 - (Telenor rtr: ti0010a400)"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { filter { input internet-ingress-v4; output internet-egress-v4; } address 193.212.22.2/30; } family inet6 { filter { input internet-ingress-v6; output internet-egress-v6; } address 2001:4600:9:300::292/126; } } } ae2 { description "C: bamsemums bond0"; flexible-vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; periodic fast; } } unit 100 { description "C: bamsemums vm-host" vlan-tags outer 100; family inet { address 185.110.148.32/31; } family inet6 { address 2a06:5841:f:b::0/127 } } unit 101 { description "C: bamsemums tech-vms"; vlan-tags outer 101; family inet { address 185.110.148.97/27; } family inet6 { address 2a06:5841:f:d::1/64; } } unit 102 { description "C: bamsemums vms"; vlan-tags outer 102; family inet { address 151.216.248.1/25; } family inet6 { address 2a06:5841:100::1/64; } } } ae3 { description "C: krokodille (storage) bond0"; flexible-vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; periodic fast; } } unit 100 { description "C: krokodille vm-host"; vlan-tags outer 100; family inet { address 185.110.148.34/31; } family inet6 { address 2a06:5841:f:b::2/127; } } unit 101 { description "C: krokodille vms"; vlan-tags outer 101; family inet { address 151.216.248.129/28; } family inet6 { address 2a06:5841:100:2::1/64; } } } ae10 { description "B: d1.roof ae20"; flexible-vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; periodic fast; } } unit 666 { description "B: d1.roof edge mgmt"; vlan-tags outer 666; family inet { address 151.216.130.1/24; } family inet6 { address 2a06:5841:f:10::1/64; } } unit 667 { description "B: d1.roof distro mgmt"; vlan-tags outer 667; family inet { address 185.110.148.17/28; } family inet6 { address 2a06:5841:f:11::1/64; } } unit 777 { description "B: d1.roof AP mgmt"; encapsulation vlan-bridge; vlan-id 777; } unit 778 { description "C: d1.roof wifi clients"; encapsulation vlan-bridge; vlan-id 778; } } ae11 { description "B: d1.ring ae0"; flexible-vlan-tagging; encapsulation flexible-ethernet-services; aggregated-ether-options { lacp { active; periodic fast; } } unit 10 { description "C: southcam - VLAN 10 (static-ip)"; vlan-tags outer 10; family inet { address 192.168.0.9/30; } } unit 11 { description "C: tele-ipmi - VLAN 11 (static-ip)"; vlan-tags outer 11; family inet { address 185.110.148.41/29; } family inet6 { address 2a06:5841:f:f::1/64; } } unit 20 { description "C:s1.tele mgmt and lab (static-ip)"; vlan-id 20; family inet { address 185.110.148.177/28; } family inet6 { address 2a06:5841:f:1336::1/64; } } unit 666 { description "B: d1.ring edge mgmt"; vlan-tags outer 666; family inet { address 151.216.131.1/25; } family inet6 { address 2a06:5841:f:20::1/64; } } unit 667 { description "B: d1.ring distro mgmt"; vlan-tags outer 667; family inet { address 185.110.148.9/29; } family inet6 { address 2a06:5841:f:21::1/64; } } unit 777 { description "B: d1.ring AP mgmt"; encapsulation vlan-bridge; vlan-id 777; } unit 778 { description "C: d1.ring wifi clients"; encapsulation vlan-bridge; vlan-id 778; } } ae12 { description "B: r1.stand ae0"; aggregated-ether-options { lacp { active; periodic fast; } } unit 0 { family inet { address 185.110.148.160/31; } family inet6 { address 2a06:5841:f:100::1/64; } } } ae999 { description "B: natfw1.tele reth0"; vlan-tagging; aggregated-ether-options { link-protection; } unit 10 { description OUTSIDE/INET; vlan-id 10; family inet { address 185.110.148.162/31; } family inet6 { address 2a06:5841:f:101::/127; } } unit 20 { description NAT-WIFI; vlan-id 20; family inet { address 185.110.148.164/31; } family inet6 { address 2a06:5841:f:101::2/127; } } unit 30 { description NAT-LAN; vlan-id 30; family inet { address 185.110.148.166/31; } family inet6 { address 2a06:5841:f:101::4/127; } } } irb { unit 777 { description "B: wifi AP mgmt"; family inet { address 151.216.131.129/25; } family inet6 { address 2a06:5841:f:12::1/64; } } unit 778 { description "B: wifi clients"; family inet { address 151.216.144.1/20; } family inet6 { address 2a06:5841:6e::1/64; } } } } bridge-domains { BD-WIFI-MGMT { domain-type bridge; vlan-id 777; interface ae10.777; interface ae11.777; routing-interface irb.777; } BD-WIFI-NAT { domain-type bridge; vlan-id 778; interface ae10.778; interface ae11.778; routing-interface irb.778; } } {# Static forwarding options for mgmt #} forwarding-options { storm-control-profiles default { all; } dhcp-relay { dhcpv6 { overrides { allow-snooped-clients; } group all-networks { active-server-group v6-dhcp; route-suppression access-internal; interface irb.777; interface irb.778; interface ae2.102; interface ae10.666; interface ae10.667; interface ae11.666; interface ae11.667; interface ae999.10; } server-group { v6-dhcp { 2a06:5841:f:d::98; } } } server-group { v4-dhcp { 185.110.148.98; } } group all-networks { active-server-group v4-dhcp; overrides { allow-snooped-clients; trust-option-82; } route-suppression { access-internal; } interface irb.777; interface irb.778; interface ae2.102; interface ae10.666; interface ae10.667; interface ae11.666; interface ae11.667; interface ae999.10; } } analyzer { INTERNETSPAM { input { ingress { interface ae0.0; } egress { interface ae0.0; } } output { interface et-4/1/2.0; } } } } protocols { lldp { port-id-subtype interface-name; port-description-type interface-description; interface all; } layer2-control { nonstop-bridging; } router-advertisement{ interface irb.777 { max-advertisement-interval 30; managed-configuration; other-stateful-configuration; } interface irb.778 { max-advertisement-interval 30; managed-configuration; other-stateful-configuration; } } sflow { agent-id 185.110.148.0 inet6 2a06:5841:f:a::; sample-rate { ingress 1; egress 1; } collector 185.110.148.137; interfaces all-ports; } } policy-options { policy-statement static-to-ospf { from protocol static; then { external { type 1; } accept; } } policy-statement direct-to-ospf { from protocol direct; then { external { type 1; } accept; } } policy-statement telenor-in-v4 { term accept-default { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all { then reject; } } policy-statement telenor-in-v6 { term accept-default { from { route-filter ::/0 exact; } then accept; } term reject-all { then reject; } } policy-statement telenor-out-v4 { term accept-our-routes { from { route-filter 88.92.0.0/17 exact; route-filter 151.216.128.0/17 exact; route-filter 194.143.120.0/21 upto /24; route-filter 185.110.148.0/22 upto /24; } then accept; } term reject-all { then reject; } } policy-statement telenor-out-v6 { term accept-our-routes { from { route-filter 2a06:5840::/29 exact; } then accept; } term reject-all { then reject; } } policy-statement v4-default-from-bgp { from { protocol bgp; route-filter 0.0.0.0/0 exact; } then accept; } policy-statement v6-default-from-bgp { from { protocol bgp; route-filter ::0/0 exact; } then accept; } policy-statement v4-from-direct-to-ospf { from protocol direct; then accept; } policy-statement v4-only-default-from-ospf { term FROM-OSPF { from { protocol ospf; route-filter 0.0.0.0/0 exact; } then accept; } then reject; } policy-statement v6-from-direct-to-ospf { from protocol direct; then accept; } policy-statement v6-only-default-from-ospf { term FROM-OSPF { from { protocol ospf; route-filter ::0/0 exact; } then accept; } then reject; } } firewall { family inet { filter internet-ingress-v4 { interface-specific; term count-our { from { source-address { 88.92.0.0/17; 185.110.148.0/22; 151.216.128.0/17; } } then { count count-our; accept; } } term accept-all { then { count accept-all; accept; } } } filter internet-egress-v4 { interface-specific; term accept-all { then { count accept-all; accept; } } } } family inet6 { filter internet-ingress-v6 { interface-specific; term accept-all { then { count accept-all; accept; } } } filter internet-egress-v6 { interface-specific; term accept-all { then { count accept-all; accept; } } } } } services { analytics { streaming-server graph.lasse.cloud { remote-address 195.47.216.71; remote-port 30001; } /* Jonas L test VM */ streaming-server vm-ovemy.tg23.gathering.org { remote-address 151.216.249.31; remote-port 30002; } streaming-server gondul.tg23.gathering.org { remote-address 185.110.148.105; remote-port 5015; } export-profile export_often { local-address 185.110.148.0; local-port 20002; reporting-rate 10; format gpb; transport udp; } export-profile JONAS-TEST { local-address 185.110.148.0; local-port 20000; reporting-rate 1; format gpb; transport udp; } sensor junos_system_linecard_interface_traffic { server-name [ graph.lasse.cloud vm-ovemy.tg23.gathering.org gondul.tg23.gathering.org ]; export-name export_often; resource /junos/system/linecard/interface/traffic/; } sensor junos_system_linecard_logical { server-name graph.lasse.cloud; export-name export_often; resource /junos/system/linecard/interface/logical/usage/; } sensor DDOS { server-name vm-ovemy.tg23.gathering.org; export-name JONAS-TEST; resource /junos/system/linecard/ddos/; } } } {% else %} Unsupported option. Please use "?switch=switch_name" {% endif %}