Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
hey, Or just use "load replace https://nms/irr.junos"; && commit with new file having: groups { replace: IRR { ... } } -- tarko ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
❦ 13 August 2021 11:44 +03, Saku Ytti via juniper-nsp: > You could have something like this: > > groups { > IRR { > ... >} > } > > Then always generate complete new prefix lists in NMS into a single file. > > And have script do: > > edit groups > delete IRR > load merge https://nms/irr.junos > commit and-quit To tighten a bit: edit groups delete IRR edit IRR load merge relative https://nms/irr.junos commit and-quit -- It is often the case that the man who can't tell a lie thinks he is the best judge of one. -- Mark Twain, "Pudd'nhead Wilson's Calendar" ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
You could have something like this: groups { IRR { ... } } Then always generate complete new prefix lists in NMS into a single file. And have script do: edit groups delete IRR load merge https://nms/irr.junos commit and-quit On Thu, 12 Aug 2021 at 21:47, Alain Hebert via juniper-nsp wrote: > > Context > > I'm looking for a *simple* & safe way to manage daily IRR changes > from my customers... > > Right now its a simple script that push changes using command lines > thru SSH... > > While it is working adequately, I wonder how long it will be > feasible =D with the current growth. > > > Solution > > As for there REST API, I remember someone having some issues where > the RE keep rebooting and took down their entire OP for a few hours... > > . Anyone can testify on the solidity of their RESTful API? > > . Should we bump up the production version to something newer? > > PS: Security wise we're fine, anything related to management is > tightly pinned to a OOB with MFA and high encryption =D. > > > Thanks for your time. > > -- > > - > Alain Hebertaheb...@pubnix.net > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
I've done this with perl scripts and the Juniper NETCONF libraries. I make the changes inside a configuration group which is inherited into the actual prefix-list(s), then lock down the account so it is only able to make changes to that configuration group. groups { AUTO-PREFIX-LIST { policy-options { prefix-list AUTO-FOO { ... prefix-list AUTO-BAR { ... prefix-list AUTO-BAZ { ... system { login { class AUTO-PREFIX-LIST { permissions [ configure view view-configuration ]; allow-commands junoscript; allow-configuration "(groups AUTO-PREFIX-LIST policy-options .*)"; On Thu, Aug 12, 2021 at 02:41:10PM -0400, Alain Hebert via juniper-nsp wrote: > Context > > I'm looking for a *simple* & safe way to manage daily IRR changes > from my customers... > > Right now its a simple script that push changes using command lines > thru SSH... ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
Context I'm looking for a *simple* & safe way to manage daily IRR changes from my customers... Right now its a simple script that push changes using command lines thru SSH... While it is working adequately, I wonder how long it will be feasible =D with the current growth. Solution As for there REST API, I remember someone having some issues where the RE keep rebooting and took down their entire OP for a few hours... . Anyone can testify on the solidity of their RESTful API? . Should we bump up the production version to something newer? PS: Security wise we're fine, anything related to management is tightly pinned to a OOB with MFA and high encryption =D. Thanks for your time. -- - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp