th2-br2.router.fr.clara.net spawn ssh -c 3des -x -l rancid_user th2-br2.router.fr.clara.net rancid_user@th2-br2.router.fr.clara.net's password: C ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### th2-br2>enable Password: th2-br2# th2-br2#term length 0 th2-br2#sh run Building configuration... Current configuration : 31026 bytes ! ! Last configuration change at 12:04:37 CET Fri Jan 23 2009 by rancid_user ! NVRAM config last updated at 12:04:47 CET Fri Jan 23 2009 by rancid_user ! upgrade fpd auto version 12.2 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service counters max age 5 no service dhcp ! hostname th2-br2 ! boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXF6.bin boot system sup-bootflash:s72033-ipservicesk9-mz.122-18.SXE1.bin logging snmp-authfail logging rate-limit all 200 no logging console enable secret 5 $1$7T7y$/tBD5IhE9BcC/74mOvrp3. ! aaa new-model aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization exec default if-authenticated aaa accounting commands 15 default start-stop group tacacs+ ! aaa session-id common clock timezone CET 1 ip subnet-zero no ip source-route ! ! ! ip tftp source-interface Loopback0 no ip bootp server ip multicast-routing ip tcp path-mtu-discovery ip ssh version 2 ip domain-name fr.clara.net ip name-server 212.43.194.2 ip name-server 212.43.194.3 ipv6 unicast-routing ipv6 mfib hardware-switching replication-mode ingress mpls label protocol ldp mpls traffic-eng tunnels mpls traffic-eng logging tunnel path change tag-switching tdp router-id Loopback0 force no dss interface-purge no dss range-purge no dss mac-purge mls ip multicast flow-stat-timer 9 mls aging fast time 4 threshold 2 mls aging long 900 mls aging normal 32 mls netflow usage notify 60 120 no mls netflow no mls flow ip no mls flow ipv6 no mls acl tcam share-global mls cef error action freeze clns routing ! key chain is-is-key-chain key 1 key-string 7 1043080B0B12435F ! ! ! ! ! ! ! ! redundancy mode sso main-cpu auto-sync running-config spanning-tree mode pvst spanning-tree extend system-id diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe cisco.cns.device.diag_commands ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! ! ! ! interface Loopback0 description IPv4 Loopback ip address 212.43.193.52 255.255.255.255 ! interface Loopback1 description VPNv4 Loopback ip address 212.43.193.60 255.255.255.255 ! interface Loopback2 description IPv6 Loopback ip address 62.240.250.7 255.255.255.255 ipv6 address 2001:A70:FF::3/128 ! interface Loopback3 description IPv4-Mcast ip address 62.240.250.158 255.255.255.255 ! interface Null0 no ip unreachables ! interface GigabitEthernet1/1 no ip address shutdown ! interface GigabitEthernet1/2 no ip address shutdown ! interface GigabitEthernet2/1 description TH2-CR1 dampening mtu 4470 ip address 212.43.193.210 255.255.255.252 no ip redirects no ip proxy-arp ip pim sparse-mode ip router isis mpls traffic-eng tunnels tag-switching ip no cdp enable isis network point-to-point isis hello-interval minimal ip rsvp bandwidth 1000000 ! interface GigabitEthernet2/2 description ABOVE dampening ip address 84.207.17.155 255.255.255.248 ip access-group davetest_20080925 in no ip redirects no ip proxy-arp ip flow ingress ip pim bsr-border ip route-cache flow speed nonegotiate no cdp enable ! interface GigabitEthernet2/3 description TH2-CR2 dampening mtu 4470 ip address 212.43.193.186 255.255.255.252 no ip redirects no ip proxy-arp ip pim bsr-border ip pim sparse-mode ip router isis ipv6 enable ipv6 nd suppress-ra mpls traffic-eng tunnels tag-switching ip no cdp enable isis network point-to-point isis hello-interval minimal ! interface GigabitEthernet2/4 description UK t6-br1 via HIBERNIA (LON_PAR_GE_52) mtu 1600 ip address 195.8.68.82 255.255.255.252 ip pim bsr-border ip pim sparse-mode speed nonegotiate ipv6 address 2001:A88:0:1::112/126 ipv6 enable ipv6 nd suppress-ra tag-switching ip no cdp enable hold-queue 2000 in ! interface GigabitEthernet2/5 no ip address shutdown ! interface GigabitEthernet2/6 no ip address shutdown ! interface GigabitEthernet2/7 description Lien Inconnu faux DE-FR ip address 212.82.224.62 255.255.255.252 shutdown ! interface GigabitEthernet2/8 description LEFFE SINK / NETFLOW no ip address no ip redirects no ip proxy-arp logging event link-status shutdown no ipv6 redirects no cdp enable ! interface Vlan1 no ip address shutdown ! router isis mpls traffic-eng router-id Loopback0 mpls traffic-eng level-2 net 49.8975.0000.2120.4319.3052.00 is-type level-2-only authentication mode md5 authentication key-chain is-is-key-chain ispf level-1-2 metric-style wide set-overload-bit on-startup wait-for-bgp spf-interval 5 5 50 prc-interval 5 5 50 lsp-gen-interval 5 5 50 no hello padding log-adjacency-changes all passive-interface Loopback0 passive-interface Loopback1 passive-interface Loopback2 passive-interface Loopback3 ! router bgp 8975 template peer-policy Above-IPv4 route-map Above-IPv4-in in route-map Above-IPv4-out out prefix-list ipv4-ebgp-filter in prefix-list ipv4-ebgp-filter out send-community exit-peer-policy ! template peer-policy UK route-map UK-in in route-map UK-out out prefix-list bogons in prefix-list bogons out next-hop-self send-community exit-peer-policy ! template peer-policy UK-IPv4 inherit peer-policy UK 10 exit-peer-policy ! template peer-policy UK-IPv4-Mcast inherit peer-policy UK 10 exit-peer-policy ! template peer-policy UK-VPNv4 route-map UK-VPNv4-in in route-map UK-VPNv4-out out next-hop-self send-community extended exit-peer-policy ! template peer-policy UK-IPv6 inherit peer-policy UK 10 exit-peer-policy ! template peer-session Above-IPv4 remote-as 6461 ebgp-multihop 3 update-source Loopback0 exit-peer-session ! template peer-session Internal-VPNv4 update-source Loopback1 inherit peer-session Internal exit-peer-session ! template peer-session Internal exit-peer-session ! bgp router-id 212.43.193.52 no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes bgp confederation identifier 8426 bgp confederation peers 8426 bgp deterministic-med bgp bestpath compare-routerid bgp maxas-limit 50 timers bgp 30 90 neighbor RR-IPv4 peer-group neighbor RR-IPv4 remote-as 8975 neighbor RR-IPv4 password 7 1104181719175A59 neighbor RR-IPv4 update-source Loopback0 neighbor RR-IPv4 timers 5 15 neighbor RR-VPNv4 peer-group neighbor RR-VPNv4 remote-as 8975 neighbor RR-VPNv4 password 7 020B054905035E74 neighbor RR-VPNv4 update-source Loopback1 neighbor RR-IPv6 peer-group neighbor RR-IPv6 remote-as 8975 neighbor RR-IPv6 password 7 020B054905035E74 neighbor RR-IPv6 update-source Loopback2 neighbor RR-IPv4-Mcast peer-group neighbor RR-IPv4-Mcast remote-as 8975 neighbor RR-IPv4-Mcast password 7 1104181719175A59 neighbor RR-IPv4-Mcast update-source Loopback3 neighbor 2001:A88:0:1::111 remote-as 8426 neighbor 2001:A88:0:1::111 description UK IPv6 (t6-br1) neighbor 2001:A88:0:1::111 password 7 06120A24156D011013181D neighbor 62.240.250.3 peer-group RR-IPv6 neighbor 62.240.250.8 peer-group RR-IPv6 neighbor 62.240.250.153 peer-group RR-IPv4-Mcast neighbor 62.240.250.155 peer-group RR-IPv4-Mcast neighbor 64.125.0.147 inherit peer-session Above-IPv4 neighbor 64.125.0.147 description ABOVENET neighbor 64.125.0.148 inherit peer-session Above-IPv4 neighbor 64.125.0.148 description ABOVENET neighbor 195.8.68.81 remote-as 8426 neighbor 195.8.68.81 description UK (t6-br1) neighbor 195.8.68.81 ttl-security hops 1 neighbor 195.8.68.81 password 7 06120A24156D011013181D neighbor 212.43.193.49 peer-group RR-IPv4 neighbor 212.43.193.51 peer-group RR-IPv4 neighbor 212.43.193.59 peer-group RR-VPNv4 neighbor 212.43.193.65 peer-group RR-VPNv4 ! address-family ipv4 redistribute connected route-map connected-routes-bgp redistribute static route-map static-routes-bgp neighbor RR-IPv4 activate neighbor RR-IPv4 next-hop-self neighbor RR-IPv4 send-community neighbor RR-IPv4 prefix-list bogons in neighbor RR-IPv4 prefix-list bogons out neighbor 64.125.0.147 activate neighbor 64.125.0.147 inherit peer-policy Above-IPv4 neighbor 64.125.0.148 activate neighbor 64.125.0.148 inherit peer-policy Above-IPv4 neighbor 195.8.68.81 activate neighbor 195.8.68.81 inherit peer-policy UK-IPv4 neighbor 212.43.193.49 peer-group RR-IPv4 neighbor 212.43.193.51 peer-group RR-IPv4 no auto-summary no synchronization aggregate-address 62.240.239.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp aggregate-address 62.240.240.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp aggregate-address 62.240.241.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp aggregate-address 62.240.242.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp aggregate-address 62.240.246.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp aggregate-address 62.240.247.0 255.255.255.0 summary-only attribute-map aggregated-routes-bgp exit-address-family ! address-family ipv4 multicast neighbor RR-IPv4-Mcast activate neighbor RR-IPv4-Mcast next-hop-self neighbor RR-IPv4-Mcast send-community neighbor RR-IPv4-Mcast prefix-list bogons in neighbor RR-IPv4-Mcast prefix-list bogons out neighbor 62.240.250.153 peer-group RR-IPv4-Mcast neighbor 62.240.250.155 peer-group RR-IPv4-Mcast neighbor 195.8.68.81 activate neighbor 195.8.68.81 inherit peer-policy UK-IPv4-Mcast no auto-summary exit-address-family ! address-family vpnv4 neighbor RR-VPNv4 activate neighbor RR-VPNv4 next-hop-self neighbor RR-VPNv4 send-community extended neighbor 195.8.68.81 activate neighbor 195.8.68.81 send-community extended neighbor 195.8.68.81 inherit peer-policy UK-VPNv4 neighbor 212.43.193.59 peer-group RR-VPNv4 neighbor 212.43.193.65 peer-group RR-VPNv4 exit-address-family ! address-family ipv6 neighbor RR-IPv6 activate neighbor RR-IPv6 next-hop-self neighbor RR-IPv6 send-community neighbor RR-IPv6 send-label neighbor 2001:A88:0:1::111 activate neighbor 2001:A88:0:1::111 inherit peer-policy UK-IPv6 neighbor 62.240.250.3 peer-group RR-IPv6 neighbor 62.240.250.8 peer-group RR-IPv6 no synchronization redistribute connected route-map IPv6-connected-routes-bgp exit-address-family ! ip local pool xdsl 62.240.240.1 62.240.240.254 ip classless ip route 0.0.0.0 0.0.0.0 212.43.193.185 ip route 10.66.66.66 255.255.255.255 Null0 ip route 62.240.224.0 255.255.255.0 Null0 ip route 64.125.0.147 255.255.255.255 84.207.17.153 ip route 64.125.0.148 255.255.255.255 84.207.17.154 ! ip extcommunity-list 99 permit rt 8426:1 ip extcommunity-list 99 permit rt 8426:9990 ip extcommunity-list 99 permit rt 8426:9998 ip extcommunity-list 99 permit rt 8975:100 ip extcommunity-list 99 permit rt 8196:100 ip extcommunity-list 99 permit rt 8196:200 ip extcommunity-list 99 permit rt 8426:10107 ip extcommunity-list 99 permit rt 8426:10018 ip extcommunity-list 99 permit rt 8426:10031 ip extcommunity-list 99 permit rt 8426:10044 ip extcommunity-list 99 permit rt 8426:10040 ip extcommunity-list 99 permit rt 8426:10086 ip extcommunity-list 99 permit rt 8426:10091 ip extcommunity-list 99 permit rt 8426:10099 ip extcommunity-list 99 permit rt 8426:10103 ip extcommunity-list 99 permit rt 8426:10106 ip extcommunity-list 99 permit rt 8426:10125 ip extcommunity-list 99 permit rt 8426:10142 ip extcommunity-list 99 permit rt 8426:10148 ip extcommunity-list 99 permit rt 8426:10152 ip extcommunity-list 99 permit rt 8426:10153 ip extcommunity-list 99 permit rt 8426:10173 ip extcommunity-list 99 permit rt 8426:10185 ip extcommunity-list 99 permit rt 8426:10187 ip extcommunity-list 99 permit rt 8426:10190 ip extcommunity-list 99 permit rt 8426:10191 ip extcommunity-list 99 permit rt 8426:10192 ip extcommunity-list 99 permit rt 8426:10210 ip extcommunity-list 99 permit rt 8426:10218 ip extcommunity-list 99 permit rt 8426:10223 ip extcommunity-list 99 permit rt 8426:10230 ip extcommunity-list 99 permit rt 8426:10248 ip extcommunity-list 99 permit rt 8196:3900 ip extcommunity-list 99 permit rt 8483:14200 ip extcommunity-list 99 permit rt 8483:10001 ip extcommunity-list 99 permit rt 8483:10009 ip extcommunity-list 99 permit rt 8196:4300 ip extcommunity-list 99 permit rt 8196:6500 ip extcommunity-list 99 permit rt 8196:7100 ip extcommunity-list 99 permit rt 8196:8100 ip extcommunity-list 99 permit rt 8196:10000 ip extcommunity-list 99 permit rt 8196:10100 ip extcommunity-list 99 permit rt 8196:10400 ip extcommunity-list 99 permit rt 20869:9998 ip extcommunity-list 99 permit rt 20869:10001 ip extcommunity-list 99 permit rt 20869:10004 ip extcommunity-list 99 permit rt 5533:20000 ip extcommunity-list 99 permit rt 5533:20001 ip extcommunity-list 99 permit rt 5533:20002 ip extcommunity-list 99 permit rt 5533:20003 ip extcommunity-list 99 permit rt 5533:20004 ip extcommunity-list 99 permit rt 5533:20005 ip extcommunity-list 99 permit rt 5533:20006 ip extcommunity-list 99 permit rt 5533:20007 ip extcommunity-list 99 permit rt 5533:20008 ip extcommunity-list 99 permit rt 5533:20009 ip extcommunity-list 99 permit rt 5533:20010 ip extcommunity-list 99 permit rt 5533:20011 ip extcommunity-list 99 permit rt 5533:20012 ip extcommunity-list 99 permit rt 5533:20013 ip extcommunity-list 99 permit rt 5533:20014 ip extcommunity-list 99 permit rt 5533:20015 ip extcommunity-list 99 permit rt 5533:20016 ip extcommunity-list 99 permit rt 5533:20017 ip extcommunity-list 99 permit rt 5533:20018 ip extcommunity-list 99 permit rt 5533:20019 ip bgp-community new-format ip community-list standard FR_and_customers permit 8975:14010 ip community-list standard UK:UK permit 8426:100 ip community-list standard UK:UK-peerings permit 8426:799 ip community-list standard DE:DE permit 8196:14010 ip community-list standard DE:DE-peerings permit 8196:13000 ip community-list standard DE:DE-peerings permit 8196:15000 ip community-list standard FR:FR permit 8975:14010 ip community-list standard FR:FR-transit permit 8975:12000 ip community-list standard FR:FR-peerings permit 8975:13000 ip community-list standard FR:UK-peerings permit 8975:15020 ip community-list standard FR:DE-peerings permit 8975:15030 ip community-list standard UK:UK-transit permit 8426:599 ip community-list standard FR:UK permit 8975:14020 ip community-list standard FR:DE permit 8975:14030 ip community-list standard EU:FR-AS permit 8975:1 ip community-list standard EU:FR-other-AS permit 8975:2000 ip community-list standard EU:FR permit 8975:100 ip community-list standard EU:FR-peerings permit 8975:799 ip community-list standard EU:FR-transit permit 8975:599 ip community-list standard EU:UK-AS permit 8426:1 ip community-list standard EU:UK-other-AS permit 8426:2000 ip community-list standard EU:UK permit 8426:100 ip community-list standard EU:UK-peerings permit 8426:799 ip community-list standard EU:UK-transit permit 8426:599 ip community-list standard EU:DE-AS permit 8196:1 ip community-list standard EU:DE-other-AS permit 8196:2000 ip community-list standard EU:DE permit 8196:100 ip community-list standard EU:DE-peerings permit 8196:799 ip community-list standard EU:DE-transit permit 8196:599 ip community-list standard DE:DE-transit permit 8196:12000 ip community-list standard DE:UK permit 8196:14020 ip community-list standard FR:internal permit 8975:50000 ip community-list standard FR:neuf-bas-radius permit 8975:50051 ip community-list standard FR:sfr-claranet-lns-radius permit 8975:50052 ip community-list standard FR:sfr-customers permit 8975:50053 ip community-list standard ES:ES permit 20869:100 ip community-list standard ES:ES-peerings permit 20869:799 ip community-list standard FR:ES permit 8975:14040 ip community-list standard FR:ES-peerings permit 8975:15040 ip community-list standard NL:NL permit 8483:100 ip community-list standard NL:NL-peerings permit 8483:799 ip community-list standard FR:NL permit 8975:14050 ip community-list standard FR:NL-peerings permit 8975:15050 ip community-list standard EU:AMEN-AS permit 28677:1 ip community-list standard EU:AMEN-other-AS permit 28677:2000 ip community-list standard EU:AMEN permit 28677:100 ip community-list standard EU:AMEN-peerings permit 28677:799 ip community-list standard EU:AMEN-transit permit 28677:599 ip community-list standard AMEN:internal permit 28677:50000 ip community-list standard FR:CLARANET permit 8975:14000 ip community-list standard FR:CLARANET-peerings permit 8975:15000 ip community-list standard FR:CLARANET-confederation permit 8426:101 8975:14000 ip community-list standard FR:CLARANET-confederation-peerings permit 8426:101 8975:15000 ip community-list standard EU:CONFEDERATION permit 8426:101 ip community-list standard Above-Blackhole permit 6461:5990 ip community-list standard FR:artful permit 8975:50054 ip community-list standard FR:hosting-customers permit 8975:50055 ip community-list standard FR:fb-hosting-customers permit 8975:50056 ip community-list standard FR:sd-hosting-customers permit 8975:50057 ip community-list standard Telia-Blackhole permit 1299:999 ip community-list standard FR:reflex-claranet-lns-radius permit 8975:50058 ip community-list standard FR:reflex-neuf-radius permit 8975:50059 ip community-list standard FR:NYIIX permit 8975:14060 ip community-list standard FR:NYIIX-peerings permit 8975:15060 ip community-list standard NY:NY permit 65533:100 ip community-list standard NY:NYIIX-peerings permit 65533:709 ip community-list standard NY:NY-peerings permit 65533:799 ip community-list standard NY:NYIIX-deny permit 65535:709 ip community-list standard PT:PT permit 5533:100 ip community-list standard PT:PT-peerings permit 5533:799 ip community-list standard PT:PT-deny permit 65535:5533 ip community-list standard FR:PT permit 8975:14070 ip community-list standard FR:PT-peerings permit 8975:15070 ip as-path access-list 1 permit ^$ ip as-path access-list 1 permit ^34391$ ip as-path access-list 100 permit ^(15557_)+$ ip as-path access-list 111 permit _3215_ ip as-path access-list 111 permit _28708_ ip as-path access-list 200 permit \([0-9]+.*\) ip as-path access-list 400 permit ^34391$ ip flow-export source Loopback0 ip flow-export version 5 ip flow-aggregation cache source-prefix enabled ! ip flow-aggregation cache destination-prefix enabled ! no ip http server ip pim rp-address 212.43.247.132 override ip tacacs source-interface Loopback0 ! ip access-list standard TEST1 ip access-list standard any permit any ip access-list standard clara-mpls-pe-snmp-access ip access-list standard deny-all deny any ip access-list standard multicast-filter deny 224.0.1.39 deny 224.0.1.40 deny 239.0.0.0 0.255.255.255 permit any ip access-list standard noc permit 212.43.194.17 permit 80.67.96.64 0.0.0.31 permit 195.8.68.0 0.0.0.255 permit 195.8.69.0 0.0.0.255 permit 195.8.70.0 0.0.0.255 permit 212.43.193.0 0.0.0.255 permit 212.43.195.0 0.0.0.31 permit 212.82.224.0 0.0.1.255 deny any log ip access-list standard noc-access permit 212.43.194.38 permit 212.43.194.17 permit 213.253.16.104 permit 212.43.194.108 permit 195.157.6.1 permit 62.193.206.162 permit 62.193.206.153 permit 212.43.195.0 0.0.0.31 permit 212.43.232.64 0.0.0.31 permit 212.43.232.96 0.0.0.7 permit 212.43.232.32 0.0.0.31 permit 212.43.232.104 0.0.0.7 permit 212.43.193.0 0.0.0.255 permit 212.43.247.0 0.0.0.255 permit 212.43.225.0 0.0.0.3 permit 212.43.225.4 0.0.0.3 permit 212.43.225.8 0.0.0.3 permit 212.43.225.12 0.0.0.3 permit 195.8.68.0 0.0.0.255 permit 195.8.69.0 0.0.0.255 permit 195.8.70.0 0.0.0.255 permit 195.157.3.0 0.0.0.255 permit 212.82.224.0 0.0.1.255 permit 80.67.96.64 0.0.0.31 permit 62.193.207.192 0.0.0.31 permit 62.193.223.0 0.0.0.255 deny any log ip access-list standard pim-filter permit any ip access-list standard snmp-access permit 212.43.194.38 permit 212.43.194.17 permit 212.43.194.8 permit 212.43.194.117 permit 213.253.16.104 permit 212.43.194.108 permit 195.8.69.211 permit 89.185.48.165 permit 195.8.71.57 permit 212.43.195.0 0.0.0.31 deny any log ip access-list standard uk-snmp-access permit 212.43.194.17 permit 195.157.6.0 0.0.0.7 permit 212.43.232.64 0.0.0.31 ! ip access-list extended artful20080816_03 deny udp any host 89.185.33.53 permit tcp any host 89.185.33.53 eq www deny ip any host 89.185.33.53 permit ip any any ip access-list extended davetest deny ip host 72.1.240.69 any deny ip host 61.172.249.173 any deny ip host 58.102.154.11 any deny ip host 69.147.235.116 any deny ip host 211.41.128.119 any deny ip host 90.156.146.44 any deny ip host 210.0.141.247 any permit ip host 64.125.0.147 any permit ip host 64.125.0.148 any permit ip 195.8.70.0 0.0.0.255 any permit ip host 195.8.71.66 any permit ip 195.157.6.0 0.0.0.7 any permit ip host 80.168.0.33 any permit icmp any 212.43.193.0 0.0.0.255 deny ip any 212.43.193.0 0.0.0.255 permit ip any any ip access-list extended davetest_20080925 deny ip host 72.1.240.69 any deny ip host 61.172.249.173 any deny ip host 58.102.154.11 any deny ip host 69.147.235.116 any deny ip host 211.41.128.119 any deny ip host 90.156.146.44 any deny ip host 210.0.141.247 any permit ip host 64.125.0.147 any permit ip host 64.125.0.148 any permit ip 195.8.70.0 0.0.0.255 any permit ip host 195.8.71.66 any permit ip 195.157.6.0 0.0.0.7 any permit ip host 80.168.0.33 any permit ip host 213.253.16.104 any permit icmp any 212.43.193.0 0.0.0.255 deny ip any 212.43.193.0 0.0.0.255 permit ip any any ! ! ip prefix-list SD-BLOCK seq 5 permit 89.185.32.0/19 ! ip prefix-list Witbe-Washington seq 5 permit 193.201.6.0/24 ! ip prefix-list backbone seq 20 permit 212.43.193.0/24 le 32 ip prefix-list backbone seq 25 permit 62.240.250.0/24 le 32 ip prefix-list backbone seq 30 permit 212.43.250.0/28 ! ip prefix-list bogons description Bogus routes ip prefix-list bogons seq 5 deny 0.0.0.0/8 le 32 ip prefix-list bogons seq 10 deny 10.0.0.0/8 le 32 ip prefix-list bogons seq 15 deny 127.0.0.0/8 le 32 ip prefix-list bogons seq 20 deny 172.16.0.0/12 le 32 ip prefix-list bogons seq 25 deny 169.254.0.0/16 le 32 ip prefix-list bogons seq 30 deny 192.168.0.0/16 le 32 ip prefix-list bogons seq 35 deny 192.0.2.0/24 le 32 ip prefix-list bogons seq 40 deny 224.0.0.0/3 le 32 ip prefix-list bogons seq 45 permit 0.0.0.0/0 le 32 ! ip prefix-list deny-parix seq 5 permit 198.32.247.0/24 ! ip prefix-list doubleclick-issue-ticket-36279 seq 5 permit 209.62.176.0/20 le 32 ! ip prefix-list ipv4-ebgp-filter description External peerings should only pass up to /24 length ip prefix-list ipv4-ebgp-filter seq 5 deny 0.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 10 deny 10.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 15 deny 127.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list ipv4-ebgp-filter seq 25 deny 169.254.0.0/16 le 32 ip prefix-list ipv4-ebgp-filter seq 30 deny 192.168.0.0/16 le 32 ip prefix-list ipv4-ebgp-filter seq 35 deny 192.0.2.0/24 le 32 ip prefix-list ipv4-ebgp-filter seq 40 deny 224.0.0.0/3 le 32 ip prefix-list ipv4-ebgp-filter seq 45 permit 0.0.0.0/0 le 24 ! ip prefix-list superblocks-more-specific seq 20 permit 212.43.192.0/18 ge 19 ip prefix-list superblocks-more-specific seq 40 permit 62.240.224.0/19 ge 20 ip access-list logging interval 2000 ip access-list log-update threshold 5 logging trap notifications logging facility local3 logging source-interface Loopback0 logging 212.43.194.17 access-list 2 permit 212.43.194.38 access-list 2 permit 212.43.194.17 access-list 2 permit 212.43.194.8 access-list 2 permit 212.43.194.117 access-list 2 permit 213.253.16.104 access-list 2 permit 212.43.194.108 access-list 2 permit 195.8.69.211 access-list 2 permit 89.185.48.165 access-list 2 permit 195.8.71.57 access-list 2 permit 212.43.195.0 0.0.0.31 access-list 2 deny any log access-list 3 permit 212.43.194.38 access-list 3 permit 212.43.194.17 access-list 3 permit 212.43.194.108 access-list 3 permit 195.8.69.211 access-list 3 permit 212.43.195.0 0.0.0.31 access-list 3 deny any log access-list 10 permit 195.157.6.0 0.0.0.255 no cdp run ! ! ipv6 prefix-list ipv6-ebgp-relaxed seq 5 deny 3FFE::/16 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 10 deny 2001:DB8::/32 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 15 permit 2001::/32 ipv6 prefix-list ipv6-ebgp-relaxed seq 20 deny 2001::/32 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 25 permit 2002::/16 ipv6 prefix-list ipv6-ebgp-relaxed seq 30 deny 2002::/16 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 35 deny ::/8 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 40 deny FE00::/9 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 45 deny FF00::/8 le 128 ipv6 prefix-list ipv6-ebgp-relaxed seq 50 permit ::/0 le 48 ipv6 prefix-list ipv6-ebgp-relaxed seq 55 deny ::/0 le 128 ! ipv6 prefix-list ipv6-ebgp-strict seq 5 deny 3FFE::/16 le 128 ipv6 prefix-list ipv6-ebgp-strict seq 10 permit 2001:500::/30 ge 48 le 48 ipv6 prefix-list ipv6-ebgp-strict seq 15 deny 2001:DB8::/32 le 128 ipv6 prefix-list ipv6-ebgp-strict seq 20 permit 2001::/32 ipv6 prefix-list ipv6-ebgp-strict seq 25 permit 2001::/16 ge 35 le 35 ipv6 prefix-list ipv6-ebgp-strict seq 30 permit 2001::/16 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 35 permit 2001:678::/29 ge 48 le 48 ipv6 prefix-list ipv6-ebgp-strict seq 40 permit 2002::/16 ipv6 prefix-list ipv6-ebgp-strict seq 45 permit 2003::/16 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 50 permit 2400::/12 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 55 permit 2600::/12 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 60 permit 2610::/23 ge 24 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 65 permit 2620::/23 ge 24 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 70 permit 2800::/12 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 75 permit 2A00::/12 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 80 permit 2C00::/12 ge 19 le 32 ipv6 prefix-list ipv6-ebgp-strict seq 85 deny ::/0 le 128 route-map connected-routes-bgp deny 20 match ip address prefix-list backbone ! route-map connected-routes-bgp permit 40 match ip address prefix-list superblocks-more-specific set ip next-hop 212.43.193.52 set community no-export local-AS ! route-map Above-IPv4-in deny 10 match ip address prefix-list deny-parix ! route-map Above-IPv4-in permit 40 match ip address prefix-list Witbe-Washington set local-preference 700 set community 8975:599 8975:10000 8975:12000 8975:12030 ! route-map Above-IPv4-in permit 50 match as-path 111 set metric 0 set local-preference 0 set community 8975:599 8975:10000 8975:12000 8975:12030 ! route-map Above-IPv4-in permit 60 set metric 0 set local-preference 400 set community 8975:599 8975:10000 8975:12000 8975:12030 ! route-map UK-VPNv4-in permit 10 match extcommunity 99 ! route-map UK-in permit 15 match community UK:UK set local-preference 1000 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14020 additive ! route-map UK-in permit 20 match community UK:UK-peerings set local-preference 695 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15020 additive ! route-map UK-in permit 25 match community DE:DE set local-preference 999 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14030 additive ! route-map UK-in permit 30 match community DE:DE-peerings set local-preference 694 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15030 additive ! route-map UK-in permit 35 match community ES:ES set local-preference 999 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14040 additive ! route-map UK-in permit 40 match community ES:ES-peerings set local-preference 694 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15040 additive ! route-map UK-in permit 50 match community NL:NL set local-preference 999 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14050 additive ! route-map UK-in permit 55 match community NL:NL-peerings set local-preference 694 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15050 additive ! route-map UK-in permit 60 match community NY:NY set local-preference 999 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14060 additive ! route-map UK-in permit 65 match community NY:NY-peerings set local-preference 694 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15060 additive ! route-map UK-in permit 70 match community PT:PT set local-preference 999 set community 8975:10000 8975:11000 8975:11020 8975:14000 8975:14070 additive ! route-map UK-in permit 75 match community PT:PT-peerings set local-preference 694 set community 8975:10000 8975:11000 8975:11020 8975:15000 8975:15070 additive ! route-map Above_Blackhole permit 10 set community 6461:5990 ! route-map UK-out permit 10 description Till we get the Giga UK/FR circuit, don't advertise to US match community FR:FR set local-preference 0 ! route-map UK-out permit 20 match community FR:CLARANET set local-preference 0 ! route-map UK-out permit 40 match community FR:CLARANET-peerings set local-preference 0 ! route-map static-routes-bgp deny 20 match ip address prefix-list backbone ! route-map static-routes-bgp permit 40 match ip address prefix-list superblocks-more-specific set ip next-hop 212.43.193.52 set community no-export local-AS ! route-map Above-IPv4-out permit 20 match community FR:FR set metric-type internal ! route-map Above-IPv4-out permit 40 match community Above-Blackhole ! route-map IPv6-connected-routes-bgp permit 10 set community no-export local-AS ! route-map aggregated-routes-bgp permit 10 set community no-export local-AS ! route-map UK-VPNv4-out permit 10 match extcommunity 99 ! snmp-server engineID local 00000009020000B0C2159800 snmp-server community passwordsnmp RO 2 snmp-server community ilmppIII RO 10 snmp-server ifindex persist snmp-server trap-source Loopback0 snmp-server enable traps tty snmp-server host 212.43.194.17 passwordsnmp tty bgp config envmon tacacs-server host 212.43.194.17 tacacs-server directed-request tacacs-server key 7 094F42080B0419411F ! radius-server dead-criteria tries 5 radius-server source-ports 1645-1646 ! control-plane ! ! ! dial-peer cor custom ! ! ! banner motd ^CC ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### ^C ! line con 0 logging synchronous stopbits 1 line vty 0 4 access-class noc-access in exec-timeout 35791 0 logging synchronous transport input telnet ssh line vty 5 15 access-class noc-access in exec-timeout 0 0 transport input telnet ssh ! exception dump 212.43.194.17 ntp clock-period 17180037 ntp server 212.43.194.2 no cns aaa enable end th2-br2#exit Connection to th2-br2.router.fr.clara.net closed.