Skip to content

Commit

Permalink
Netconfig for TG16 added.
Browse files Browse the repository at this point in the history
  • Loading branch information
@joachimtingvold
joachimtingvold committed Apr 7, 2016
1 parent d1d1e3c commit f447b06
Show file tree
Hide file tree
Showing 30 changed files with 29,180 additions and 0 deletions.
16 changes: 16 additions & 0 deletions examples/tg16/netconf/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# TG16 Network Configuration

We've included some of the configs used in the network for TG16. Some of the configuration files contains `set` commands in addition to normal `show configuration` commands.

Comments for some of the files;
- **distro3_clean_generated.conf**: Contains set-commands for distro 3. This was untouched configwise for TG16 (except for removing BFD, which the config reflects).
- **distro5_after_l3_was_moved_to_edge.conf**: Contains set-commands, whith a list of new set-commands at the bottom used to reconfigure from L3 directly terminated to L3 being statically routed towards the edge switches.
- **ex2200.conf**: The template used to generate the configuration at the edge switches towards the participants. The variables inside would be substituted with real values when FAP made the config available for download for the specific config. Please note that this config is without first-hop-security, as that feature came later than Junos 12.3, as some of the EX2200-es ran that version.
- **ex2200_secure.conf**: Template identical to "ex2200.conf", except that first-hop-security has been added.
- **ex2200_secure_with_l3.conf**: Identical to "ex2200_secure.conf" file. The difference is that it contains the necessary set commands to terminate L3 directly at the edge switch, and not at the distro switch.

The rest of the files contains only "show configuration" output.

Best regards,
Jonas H. Lindstad
on behalf of The Gathering 2016 Tech:Net-crew.
349 changes: 349 additions & 0 deletions examples/tg16/netconf/backstagesw1.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,349 @@
## Last changed: 2016-03-23 17:45:17 CET
version 14.1X53-D15.2;
system {
host-name backstagesw1;
auto-snapshot;
domain-name infra.gathering.org;
time-zone Europe/Oslo;
authentication-order tacplus;
root-authentication {
encrypted-password "<removed>";
}
name-server {
185.110.149.2;
185.110.148.2;
2a06:5841:149a::2;
2a06:5841:1337::2;
}
tacplus-server {
134.90.150.164 {
secret "<removed>";
source-address 88.92.57.114;
}
}
login {
user technet {
uid 2000;
class super-user;
authentication {
encrypted-password "<removed>";
}
}
}
services {
ssh {
root-login deny;
no-tcp-forwarding;
client-alive-count-max 2;
client-alive-interval 300;
connection-limit 5;
rate-limit 5;
}
netconf {
ssh {
connection-limit 3;
rate-limit 3;
}
}
}
syslog {
user * {
any emergency;
}
host 185.110.148.17 {
any info;
authorization info;
port 515;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
/* Save changes to central site */
archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://user@host/some/folder/" password "<removed>";
}
}
}
commit synchronize;
ntp {
server 2001:700:100:2::6;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 32;
}
}
}
interfaces {
interface-range core-ports {
member-range ge-0/0/46 to ge-0/0/47;
description "uplink to stagegw";
ether-options {
802.3ad ae0;
}
}
interface-range LYD_NETT {
member-range ge-0/0/0 to ge-0/0/9;
description LYD_NETT;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members LYD_NETT;
}
}
}
}
interface-range AV_NETT {
member-range ge-0/0/10 to ge-0/0/11;
description AV_NETT;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members AV_NETT;
}
}
}
}
interface-range edge-ports {
member-range ge-0/0/12 to ge-0/0/45;
description edge-ports;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members clients;
}
}
}
}
ae0 {
description "uplink to stagegw";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ clients mgmt AV_NETT LYD_NETT ];
}
}
}
}
vlan {
unit 123 {
description LYD_NETT;
}
unit 321 {
description AV_NETT;
}
unit 1227 {
description "MGMT L3 interface";
family inet {
filter {
input mgmt-v4;
}
address 88.92.57.114/28;
}
family inet6 {
filter {
input mgmt-v6;
}
address 2a06:5840:575::114/64;
}
}
}
}
snmp {
community <removed> {
authorization read-only;
client-list-name mgmt;
}
community <removed> {
authorization read-only;
client-list-name mgmt-nms;
}
}
routing-options {
rib inet.0 {
static {
route 0.0.0.0/0 next-hop 88.92.57.113;
}
}
rib inet6.0 {
static {
route ::/0 next-hop 2a06:5840:575::113;
}
}
}
protocols {
sflow {
sample-rate {
ingress 10000;
egress 10000;
}
source-ip 88.92.57.114;
collector <removed>;
collector <removed>;
interfaces core-ports;
interfaces edge-ports;
}
igmp-snooping {
vlan all {
version 3;
immediate-leave;
}
}
mld-snooping {
vlan all {
version 2;
immediate-leave;
}
}
rstp {
bridge-priority 8k;
interface edge-ports {
edge;
no-root-port;
}
}
lldp {
management-address 88.92.57.114;
interface ae0.0;
}
}
policy-options {
prefix-list mgmt-v4 {
/* KANDU PA-nett (brukt på servere, infra etc) */
185.110.148.0/22;
}
prefix-list mgmt-v6 {
/* KANDU PA-nett (den delen som er brukt på servere, infra etc) */
2a06:5841::/32;
}
/* sammenslått av separate v4- og v6-lister */
prefix-list mgmt {
185.110.148.0/22;
2a06:5841::/32;
}
/* NMS boxes - separate list to give full speed to SNMP read */
prefix-list mgmt-v4-nms {
185.110.148.11/32;
185.110.148.12/32;
}
/* NMS boxes - separate list to give full speed to SNMP read */
prefix-list mgmt-v6-nms {
2a06:5841:1337::11/128;
2a06:5841:1337::12/128;
}
/* NMS boxes - separate list to give full speed to SNMP read */
prefix-list mgmt-nms {
185.110.148.11/32;
185.110.148.12/32;
185.110.150.10/32;
2a06:5841:1337::11/128;
2a06:5841:1337::12/128;
}
}
firewall {
family inet {
filter mgmt-v4 {
term accept-ssh {
from {
source-prefix-list {
mgmt-v4;
}
destination-port 22;
}
then accept;
}
term discard-ssh {
from {
destination-port 22;
}
then {
discard;
}
}
term accept-all {
then accept;
}
}
}
family inet6 {
filter mgmt-v6 {
term accept-ssh {
from {
source-prefix-list {
mgmt-v6;
}
destination-port 22;
}
then accept;
}
term discard-ssh {
from {
destination-port 22;
}
then discard;
}
term accept-all {
then accept;
}
}
}
}
ethernet-switching-options {
secure-access-port {
interface edge-ports {
no-dhcp-trusted;
}
vlan clients {
arp-inspection;
examine-dhcp;
examine-dhcpv6;
neighbor-discovery-inspection;
ip-source-guard;
ipv6-source-guard;
dhcp-option82;
dhcpv6-option18 {
use-option-82;
}
}
ipv6-source-guard-sessions {
max-number 128;
}
}
storm-control {
interface all;
}
}
vlans {
AV_NETT {
vlan-id 321;
}
LYD_NETT {
vlan-id 123;
}
clients {
vlan-id 241;
}
mgmt {
vlan-id 1227;
l3-interface vlan.1227;
}
}
Loading

0 comments on commit f447b06

Please sign in to comment.