From aa35e187b67f6d0b340c81702d2ee031c1a100a1 Mon Sep 17 00:00:00 2001 From: John Poland Date: Thu, 14 Aug 2025 17:08:42 -0400 Subject: [PATCH] mx/noc-jmx-104-b.set Thu Aug 14 05:08:41 PM EDT 2025 --- configs/mx/noc-jmx-104-b.set | 40 +++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/configs/mx/noc-jmx-104-b.set b/configs/mx/noc-jmx-104-b.set index 6c69079..56f5c7a 100644 --- a/configs/mx/noc-jmx-104-b.set +++ b/configs/mx/noc-jmx-104-b.set @@ -49,24 +49,38 @@ set chassis redundancy routing-engine 1 backup set chassis redundancy graceful-switchover set chassis aggregated-devices ethernet device-count 1 set interfaces xe-0/0/0 gigether-options 802.3ad ae191 -set interfaces xe-2/0/0 description "CrownCastle Circuit ID 302365-INET-CCF" -set interfaces xe-2/0/0 unit 0 family inet mtu 1500 -set interfaces xe-2/0/0 unit 0 family inet address 131.239.69.126/30 set interfaces xe-2/0/1 gigether-options 802.3ad ae191 -set interfaces ae191 description "internal to mx104-b" -set interfaces ae191 vlan-tagging +set interfaces ae191 description "LAG to Core" +set interfaces ae191 flexible-vlan-tagging +set interfaces ae191 mtu 1522 +set interfaces ae191 encapsulation flexible-ethernet-services set interfaces ae191 aggregated-ether-options minimum-links 1 set interfaces ae191 aggregated-ether-options lacp active set interfaces ae191 aggregated-ether-options lacp periodic slow -set interfaces ae191 unit 1202 disable +set interfaces ae191 unit 236 disable +set interfaces ae191 unit 236 description Cogent +set interfaces ae191 unit 236 vlan-id 236 +set interfaces ae191 unit 236 family inet mtu 1500 +set interfaces ae191 unit 236 family inet address 38.122.121.34/29 +set interfaces ae191 unit 637 description "NYSERNet R&E Network" +set interfaces ae191 unit 637 vlan-id 637 +set interfaces ae191 unit 637 family inet mtu 1500 +set interfaces ae191 unit 637 family inet address 199.109.13.42/30 +set interfaces ae191 unit 638 description "NYSERNet CDN Network" +set interfaces ae191 unit 638 vlan-id 638 +set interfaces ae191 unit 638 family inet mtu 1500 +set interfaces ae191 unit 638 family inet address 199.109.113.42/30 set interfaces ae191 unit 1202 vlan-id 1202 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 virtual-address 198.36.24.1 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 priority 110 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 preempt set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 accept-data -set interfaces ae191 unit 1256 disable set interfaces ae191 unit 1256 vlan-id 1256 set interfaces ae191 unit 1256 family inet address 192.168.168.2/30 +set interfaces ae191 unit 1298 description CrownCastle-4 +set interfaces ae191 unit 1298 vlan-id 1298 +set interfaces ae191 unit 1298 family inet mtu 1500 +set interfaces ae191 unit 1298 family inet address 209.160.176.234/29 set interfaces lo0 unit 0 family inet filter input Hard-Edge set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set snmp community mickey03 authorization read-only @@ -82,6 +96,7 @@ set policy-options prefix-list ISP-Monitoring 192.168.168.0/30 set policy-options prefix-list ISP-Monitoring 199.109.0.0/16 set policy-options prefix-list MX104-BGP-IP 131.239.69.126/32 set policy-options prefix-list MX104-BGP-IP 192.168.168.2/32 +set policy-options prefix-list MX104-BGP-IP 209.160.176.234/32 set policy-options prefix-list MX104-Public-IP 38.122.121.34/32 set policy-options prefix-list MX104-Public-IP 198.36.24.1/32 set policy-options prefix-list MX104-Public-IP 198.36.24.13/32 @@ -102,12 +117,13 @@ set policy-options prefix-list SNMP-SERVERS 10.1.40.105/32 set policy-options prefix-list SNMP-SERVERS 10.1.48.37/32 set policy-options prefix-list Trusted-BGP-Peer 131.239.69.125/32 set policy-options prefix-list Trusted-BGP-Peer 192.168.168.1/32 +set policy-options prefix-list Trusted-BGP-Peer 209.160.176.233/32 set policy-options prefix-list Trusted-SSH-MX104 10.1.6.0/24 set policy-options prefix-list Trusted-SSH-MX104 10.1.7.0/24 set policy-options prefix-list Trusted-SSH-MX104 10.1.40.101/32 set policy-options prefix-list Trusted-SSH-MX104 10.1.40.105/32 set policy-options prefix-list Trusted-SSH-MX104 10.212.134.0/24 -set policy-options prefix-list Trusted-SSH-MX104 74.67.189.61/32 +set policy-options prefix-list Trusted-SSH-MX104 98.3.114.101/32 set policy-options prefix-list Trusted-SSH-MX104 192.168.168.1/32 set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then next-hop self set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then accept @@ -121,6 +137,8 @@ set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 then accept deactivate policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 set policy-options policy-statement to-CrownCastle term reject then reject +set firewall family inet filter Hard-Edge term TEMP-allow-icmp from protocol icmp +set firewall family inet filter Hard-Edge term TEMP-allow-icmp then accept set firewall family inet filter Hard-Edge term allow-ssh-mx104 from source-prefix-list Trusted-SSH-MX104 set firewall family inet filter Hard-Edge term allow-ssh-mx104 from destination-prefix-list MX104-SSH-IP set firewall family inet filter Hard-Edge term allow-ssh-mx104 from protocol tcp @@ -177,12 +195,6 @@ set protocols bgp group internal local-as 395534 set protocols bgp group internal neighbor 192.168.168.1 export EXPORT-TO-MX104-A set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection minimum-interval 1000 set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection multiplier 3 -set protocols bgp group CrownCastle-v4 local-address 131.239.69.126 -set protocols bgp group CrownCastle-v4 import from-CrownCastle -set protocols bgp group CrownCastle-v4 family inet unicast -set protocols bgp group CrownCastle-v4 export to-CrownCastle -set protocols bgp group CrownCastle-v4 peer-as 46887 -set protocols bgp group CrownCastle-v4 neighbor 131.239.69.125 set protocols bgp bgp-error-tolerance set protocols bgp local-as 395534 set protocols sflow polling-interval 20