Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
hey,
Or just use "load replace https://nms/irr.junos"; && commit with new file
having:
groups {
replace: IRR {
...
}
}
--
tarko
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
❦ 13 August 2021 11:44 +03, Saku Ytti via juniper-nsp:
> You could have something like this:
>
> groups {
> IRR {
> ...
>}
> }
>
> Then always generate complete new prefix lists in NMS into a single file.
>
> And have script do:
>
> edit groups
> delete IRR
> load merge https://nms/irr.junos
> commit and-quit
To tighten a bit:
edit groups
delete IRR
edit IRR
load merge relative https://nms/irr.junos
commit and-quit
--
It is often the case that the man who can't tell a lie thinks he is the best
judge of one.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
You could have something like this:
groups {
IRR {
...
}
}
Then always generate complete new prefix lists in NMS into a single file.
And have script do:
edit groups
delete IRR
load merge https://nms/irr.junos
commit and-quit
On Thu, 12 Aug 2021 at 21:47, Alain Hebert via juniper-nsp
wrote:
>
> Context
>
> I'm looking for a *simple* & safe way to manage daily IRR changes
> from my customers...
>
> Right now its a simple script that push changes using command lines
> thru SSH...
>
> While it is working adequately, I wonder how long it will be
> feasible =D with the current growth.
>
>
> Solution
>
> As for there REST API, I remember someone having some issues where
> the RE keep rebooting and took down their entire OP for a few hours...
>
> . Anyone can testify on the solidity of their RESTful API?
>
> . Should we bump up the production version to something newer?
>
> PS: Security wise we're fine, anything related to management is
> tightly pinned to a OOB with MFA and high encryption =D.
>
>
> Thanks for your time.
>
> --
>
> -
> Alain Hebertaheb...@pubnix.net
> PubNIX Inc.
> 50 boul. St-Charles
> P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
> Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
++ytti
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
I've done this with perl scripts and the Juniper NETCONF libraries. I
make the changes inside a configuration group which is inherited into
the actual prefix-list(s), then lock down the account so it is only
able to make changes to that configuration group.
groups {
AUTO-PREFIX-LIST {
policy-options {
prefix-list AUTO-FOO {
...
prefix-list AUTO-BAR {
...
prefix-list AUTO-BAZ {
...
system {
login {
class AUTO-PREFIX-LIST {
permissions [ configure view view-configuration ];
allow-commands junoscript;
allow-configuration "(groups AUTO-PREFIX-LIST policy-options
.*)";
On Thu, Aug 12, 2021 at 02:41:10PM -0400, Alain Hebert via juniper-nsp wrote:
> Context
>
> I'm looking for a *simple* & safe way to manage daily IRR changes
> from my customers...
>
> Right now its a simple script that push changes using command lines
> thru SSH...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP
Context I'm looking for a *simple* & safe way to manage daily IRR changes from my customers... Right now its a simple script that push changes using command lines thru SSH... While it is working adequately, I wonder how long it will be feasible =D with the current growth. Solution As for there REST API, I remember someone having some issues where the RE keep rebooting and took down their entire OP for a few hours... . Anyone can testify on the solidity of their RESTful API? . Should we bump up the production version to something newer? PS: Security wise we're fine, anything related to management is tightly pinned to a OOB with MFA and high encryption =D. Thanks for your time. -- - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
