set version 21.2R3-S5.4
set groups re0 system host-name noc-jmx-104-b
set groups re0 interfaces fxp0 unit 0 family inet address 192.168.1.7/24
set groups re0 interfaces fxp0 unit 0 family inet address 192.168.1.9/24 master-only
set groups re1 system host-name noc-jmx-104-b
set groups re1 interfaces fxp0 unit 0 family inet address 192.168.1.8/24
set groups re1 interfaces fxp0 unit 0 family inet address 192.168.1.9/24 master-only
set apply-groups re0
set apply-groups re1
set system host-name noc-jmx104-b
set system root-authentication encrypted-password "$6$XJTRQwAr$JnWKhjdX4Zg6NuJWG6koxTz7P6gBKtfeX25mUGnpCoaMP5yItrBKL97UCiqXLFZ4IeDFIBB52gKb5SSOgUlNu0"
set system commit synchronize
set system login class super-user-local idle-timeout 10
set system login class super-user-local permissions all
set system login user fluffybunny.admin uid 2000
set system login user fluffybunny.admin class super-user-local
set system login user fluffybunny.admin authentication encrypted-password "$6$RIaFuK1J$b3okVQZ1iO.f4e22oR35vUHC/5C3ixtMw8UXcDBcZaXVgyG8OzrsIuragdppd04vMXUdE3XR6QwAOOv8JOnBF1"
set system login user johnp uid 2001
set system login user johnp class super-user
set system login user johnp authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZ6/zr59xFJ3BUSsQ3iaPmLtSO83p1DPWBSy6lpjWMtcz5MZNn3mKEa+IXOqOKMnv9vAGEAp8BFF3U3XoxTaZbz1lt/L6LzTjwvdjp77iBcH8xzSBZ+A9pJJPLoavGvhjBh2M8gj16ux5m0A3Mhtj5jQRSJeNIMFbvCVz+RxAI/O2Q4iWI6vNz3d2RUGfR2cQ9q4eM+2bUyJZksI4NzyaYMMi1Pfie6JYcXlV8Rn+0/DAQnepx0Om5zV0Yb7W+bAdPyZXhcpFL1vfgVv9A+1DRXW/Jc/WL+GfxtMbH6r45QQT87EbIgoMCA86ccvCHRUOoV+SYPmK9R2BKdSXJI8uF johnp@JP-T480S"
set system login user nbadmin uid 2004
set system login user nbadmin class super-user-local
set system login user nbadmin authentication encrypted-password "$6$D2kIl.ZZ$65BQUeRywM.9po4Sh58h0qug2sfmMkmeG2bHmIiHsDDO5H75hx9KEDtwKhxw9UbZraQmFHbTK4ckjafk4J8J./"
set system services ssh protocol-version v2
set system services ssh sftp-server
set system services ssh client-alive-count-max 5
set system services ssh client-alive-interval 20
set system services ssh connection-limit 10
set system time-zone America/New_York
set system management-instance
set system name-server 198.36.22.245
set system syslog user * any emergency
set system syslog host 10.1.48.37 any warning
set system syslog file interactive-commands interactive-commands any
set system syslog file login-attempts authorization any
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file messages firewall any
set system syslog source-address 192.168.1.9
set system license keys key "E407853128 aeaqib qcqcoq okhczq xx5nmx v4fjro dvu3e3 3o2gsl sehxxc avbncp lqkn7a iwmaby rrfes6 e4xakl itni"
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag packet
set system ntp server 129.6.15.28 routing-instance mgmt_junos
set system ntp server 168.61.215.74 routing-instance mgmt_junos
set chassis redundancy routing-engine 0 master
set chassis redundancy routing-engine 1 backup
set chassis redundancy graceful-switchover
set chassis aggregated-devices ethernet device-count 1
set interfaces xe-0/0/0 gigether-options 802.3ad ae191
set interfaces xe-2/0/1 gigether-options 802.3ad ae191
set interfaces ae191 description "LAG to Core"
set interfaces ae191 flexible-vlan-tagging
set interfaces ae191 mtu 1522
set interfaces ae191 encapsulation flexible-ethernet-services
set interfaces ae191 aggregated-ether-options minimum-links 1
set interfaces ae191 aggregated-ether-options lacp active
set interfaces ae191 aggregated-ether-options lacp periodic slow
set interfaces ae191 unit 236 description Cogent
set interfaces ae191 unit 236 vlan-id 236
set interfaces ae191 unit 236 family inet mtu 1500
set interfaces ae191 unit 236 family inet address 38.122.121.34/29
set interfaces ae191 unit 637 description "NYSERNet R&E Network"
set interfaces ae191 unit 637 vlan-id 637
set interfaces ae191 unit 637 family inet mtu 1500
set interfaces ae191 unit 637 family inet address 199.109.9.42/30
set interfaces ae191 unit 638 description "NYSERNet CDN Network"
set interfaces ae191 unit 638 vlan-id 638
set interfaces ae191 unit 638 family inet mtu 1500
set interfaces ae191 unit 638 family inet address 199.109.109.42/30
set interfaces ae191 unit 1202 vlan-id 1202
set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 virtual-address 198.36.24.1
set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 priority 90
set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 preempt
set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 accept-data
set interfaces ae191 unit 1256 vlan-id 1256
set interfaces ae191 unit 1256 family inet address 192.168.168.2/30
set interfaces ae191 unit 1298 description CrownCastle-4
set interfaces ae191 unit 1298 vlan-id 1298
set interfaces ae191 unit 1298 family inet mtu 1500
set interfaces ae191 unit 1298 family inet address 209.160.176.234/29
set interfaces lo0 unit 0 family inet filter input Hard-Edge
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set snmp community mickey03 authorization read-only
set snmp community mickey03 routing-instance mgmt_junos
set snmp routing-instance-access
set policy-options prefix-list DNS-SERVER
set policy-options prefix-list ISP-Monitoring 66.28.3.0/24
set policy-options prefix-list ISP-Monitoring 66.250.250.0/23
set policy-options prefix-list ISP-Monitoring 130.117.228.0/24
set policy-options prefix-list ISP-Monitoring 130.117.254.0/24
set policy-options prefix-list ISP-Monitoring 131.239.69.124/30
set policy-options prefix-list ISP-Monitoring 192.168.168.0/30
set policy-options prefix-list ISP-Monitoring 199.109.0.0/16
set policy-options prefix-list MX104-BGP-IP 38.122.121.34/32
set policy-options prefix-list MX104-BGP-IP 131.239.69.126/32
set policy-options prefix-list MX104-BGP-IP 192.168.168.2/32
set policy-options prefix-list MX104-BGP-IP 199.109.9.42/32
set policy-options prefix-list MX104-BGP-IP 199.109.109.42/32
set policy-options prefix-list MX104-BGP-IP 209.160.176.234/32
set policy-options prefix-list MX104-Public-IP 38.122.121.34/32
set policy-options prefix-list MX104-Public-IP 198.36.24.1/32
set policy-options prefix-list MX104-Public-IP 198.36.24.13/32
set policy-options prefix-list MX104-Public-IP 199.109.9.42/32
set policy-options prefix-list MX104-Public-IP 199.109.9.170/32
set policy-options prefix-list MX104-Public-IP 199.109.109.42/32
set policy-options prefix-list MX104-Public-IP 199.109.109.170/32
set policy-options prefix-list MX104-Public-IP 207.136.192.29/32
set policy-options prefix-list MX104-Public-IP 208.49.41.122/32
set policy-options prefix-list MX104-SSH-IP 131.239.69.126/32
set policy-options prefix-list MX104-SSH-IP 192.168.1.9/32
set policy-options prefix-list MX104-SSH-IP 192.168.168.2/32
set policy-options prefix-list NTP-Servers 132.163.97.2/32
set policy-options prefix-list NTP-Servers 132.163.97.4/32
set policy-options prefix-list NTP-Servers 132.236.56.250/32
set policy-options prefix-list NTP-Servers 198.36.24.13/32
set policy-options prefix-list SCSD_nets 198.36.16.0/21
set policy-options prefix-list SCSD_nets 198.36.24.0/22
set policy-options prefix-list SNMP-SERVERS 10.1.40.105/32
set policy-options prefix-list SNMP-SERVERS 10.1.48.37/32
set policy-options prefix-list Trusted-BGP-Peer 38.122.121.33/32
set policy-options prefix-list Trusted-BGP-Peer 131.239.69.125/32
set policy-options prefix-list Trusted-BGP-Peer 192.168.168.1/32
set policy-options prefix-list Trusted-BGP-Peer 199.109.9.41/32
set policy-options prefix-list Trusted-BGP-Peer 199.109.109.41/32
set policy-options prefix-list Trusted-BGP-Peer 209.160.176.233/32
set policy-options prefix-list Trusted-SSH-MX104 10.1.6.0/24
set policy-options prefix-list Trusted-SSH-MX104 10.1.7.0/24
set policy-options prefix-list Trusted-SSH-MX104 10.1.40.101/32
set policy-options prefix-list Trusted-SSH-MX104 10.1.40.105/32
set policy-options prefix-list Trusted-SSH-MX104 10.212.134.0/24
set policy-options prefix-list Trusted-SSH-MX104 98.3.114.101/32
set policy-options prefix-list Trusted-SSH-MX104 192.168.168.1/32
set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then next-hop self
set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then accept
set policy-options policy-statement from-Cogent term set-Cogent-local-preference-v4 from family inet
set policy-options policy-statement from-Cogent term set-Cogent-local-preference-v4 then local-preference 270
set policy-options policy-statement from-Cogent term set-Cogent-local-preference-v4 then accept
set policy-options policy-statement from-Cogent term reject then reject
set policy-options policy-statement from-Cogent term set-Cogent-local-Cogent-v4 then accept
set policy-options policy-statement from-CrownCastle term set-CrownCastle-local-preference-v4 from family inet
set policy-options policy-statement from-CrownCastle term set-CrownCastle-local-preference-v4 then local-preference 190
set policy-options policy-statement from-CrownCastle term set-CrownCastle-local-preference-v4 then accept
set policy-options policy-statement from-CrownCastle term reject then reject
set policy-options policy-statement from-NYSERNet term set-NYSERNet-local-preference-v4 from family inet
set policy-options policy-statement from-NYSERNet term set-NYSERNet-local-preference-v4 then local-preference 300
set policy-options policy-statement from-NYSERNet term set-NYSERNet-local-preference-v4 then accept
set policy-options policy-statement from-NYSERNet term reject then reject
set policy-options policy-statement to-Cogent term prepend-Cogent-v4 from family inet
set policy-options policy-statement to-Cogent term prepend-Cogent-v4 from prefix-list-filter SCSD_nets exact
set policy-options policy-statement to-Cogent term prepend-Cogent-v4 then community add cogent_localpref_10
deactivate policy-options policy-statement to-Cogent term prepend-Cogent-v4 then community add cogent_localpref_10
set policy-options policy-statement to-Cogent term prepend-Cogent-v4 then accept
set policy-options policy-statement to-Cogent term reject then reject
set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 from family inet
set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 from prefix-list-filter SCSD_nets exact
set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 then community add crown_localpref_160
set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 then accept
deactivate policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4
set policy-options policy-statement to-CrownCastle term reject then reject
set policy-options policy-statement to-NYSERNet term NYSERNet-v4 from family inet
set policy-options policy-statement to-NYSERNet term NYSERNet-v4 from prefix-list-filter SCSD_nets exact
set policy-options policy-statement to-NYSERNet term NYSERNet-v4 then accept
set policy-options policy-statement to-NYSERNet term reject then reject
set policy-options community cogent_localpref_10 members 174:10
set policy-options community crown_localpref_160 members 46887:60160
set firewall family inet filter Hard-Edge term TEMP-allow-icmp from protocol icmp
set firewall family inet filter Hard-Edge term TEMP-allow-icmp then accept
set firewall family inet filter Hard-Edge term allow-ssh-mx104 from source-prefix-list Trusted-SSH-MX104
set firewall family inet filter Hard-Edge term allow-ssh-mx104 from destination-prefix-list MX104-SSH-IP
set firewall family inet filter Hard-Edge term allow-ssh-mx104 from protocol tcp
set firewall family inet filter Hard-Edge term allow-ssh-mx104 from destination-port ssh
set firewall family inet filter Hard-Edge term allow-ssh-mx104 then accept
set firewall family inet filter Hard-Edge term allow-bgp-mx104 from source-prefix-list Trusted-BGP-Peer
set firewall family inet filter Hard-Edge term allow-bgp-mx104 from protocol tcp
set firewall family inet filter Hard-Edge term allow-bgp-mx104 from port bgp
set firewall family inet filter Hard-Edge term allow-bgp-mx104 then count Allow-BGP
set firewall family inet filter Hard-Edge term allow-bgp-mx104 then accept
set firewall family inet filter Hard-Edge term allow-ISP-Monitoring from source-prefix-list ISP-Monitoring
set firewall family inet filter Hard-Edge term allow-ISP-Monitoring from protocol icmp
set firewall family inet filter Hard-Edge term allow-ISP-Monitoring then accept
set firewall family inet filter Hard-Edge term allow-ntp-servers from source-prefix-list NTP-Servers
set firewall family inet filter Hard-Edge term allow-ntp-servers from protocol udp
set firewall family inet filter Hard-Edge term allow-ntp-servers from port ntp
set firewall family inet filter Hard-Edge term allow-ntp-servers then accept
set firewall family inet filter Hard-Edge term allow-snmp from source-prefix-list SNMP-SERVERS
set firewall family inet filter Hard-Edge term allow-snmp from protocol udp
set firewall family inet filter Hard-Edge term allow-snmp from destination-port snmp
set firewall family inet filter Hard-Edge term allow-snmp then accept
set firewall family inet filter Hard-Edge term allow-Monitoring from source-prefix-list SNMP-SERVERS
set firewall family inet filter Hard-Edge term allow-Monitoring from protocol icmp
set firewall family inet filter Hard-Edge term allow-Monitoring then accept
set firewall family inet filter Hard-Edge term allow-vrrp from protocol vrrp
set firewall family inet filter Hard-Edge term allow-vrrp then accept
set firewall family inet filter Hard-Edge term deny-dest-mx104 from destination-prefix-list MX104-Public-IP
set firewall family inet filter Hard-Edge term deny-dest-mx104 then count MX-PublicIP
set firewall family inet filter Hard-Edge term deny-dest-mx104 then discard
set firewall family inet filter Hard-Edge term all-else then count Discards
set firewall family inet filter Hard-Edge term all-else then discard
set firewall family inet filter Inbound_v4 term block-spoofed from source-address 198.36.16.0/21
set firewall family inet filter Inbound_v4 term block-spoofed from source-address 198.36.24.0/22
set firewall family inet filter Inbound_v4 term block-spoofed then reject
set firewall family inet filter Inbound_v4 term accept-traffic then accept
set firewall family inet filter SCSD_nets term from-SCSD from source-address 198.36.16.0/21
set firewall family inet filter SCSD_nets term from-SCSD from source-address 198.36.24.0/22
set firewall family inet filter SCSD_nets term from-SCSD then accept
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
set routing-options static route 10.1.48.37/32 next-table mgmt_junos.inet.0
set routing-options static route 10.1.48.37/32 no-readvertise
set routing-options static route 198.36.16.0/21 next-hop 198.36.24.5
set routing-options static route 198.36.16.0/21 install
set routing-options static route 198.36.16.0/21 readvertise
set routing-options static route 198.36.24.0/22 next-hop 198.36.24.5
set routing-options static route 198.36.24.0/22 install
set routing-options static route 198.36.24.0/22 readvertise
set routing-options static route 198.36.24.14/32 next-hop 198.36.24.4
set routing-options nonstop-routing
set protocols router-advertisement interface fxp0.0
set protocols bgp group internal type internal
set protocols bgp group internal peer-as 395534
set protocols bgp group internal local-as 395534
set protocols bgp group internal neighbor 192.168.168.1 export EXPORT-TO-MX104-A
set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection minimum-interval 1000
set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection multiplier 3
set protocols bgp group NYSERNet-v4 local-address 199.109.9.42
set protocols bgp group NYSERNet-v4 import from-NYSERNet
set protocols bgp group NYSERNet-v4 family inet unicast
set protocols bgp group NYSERNet-v4 export to-NYSERNet
set protocols bgp group NYSERNet-v4 peer-as 3754
set protocols bgp group NYSERNet-v4 bfd-liveness-detection minimum-interval 1000
set protocols bgp group NYSERNet-v4 bfd-liveness-detection multiplier 3
set protocols bgp group NYSERNet-v4 neighbor 199.109.9.41
set protocols bgp group NYSERNet-CDN-v4 local-address 199.109.109.42
set protocols bgp group NYSERNet-CDN-v4 import from-NYSERNet
set protocols bgp group NYSERNet-CDN-v4 family inet unicast
set protocols bgp group NYSERNet-CDN-v4 export to-NYSERNet
set protocols bgp group NYSERNet-CDN-v4 peer-as 3630
set protocols bgp group NYSERNet-CDN-v4 bfd-liveness-detection minimum-interval 1000
set protocols bgp group NYSERNet-CDN-v4 bfd-liveness-detection multiplier 3
set protocols bgp group NYSERNet-CDN-v4 neighbor 199.109.109.41
set protocols bgp group Cogent-v4 local-address 38.122.121.34
set protocols bgp group Cogent-v4 import from-Cogent
set protocols bgp group Cogent-v4 family inet unicast
set protocols bgp group Cogent-v4 export to-Cogent
set protocols bgp group Cogent-v4 peer-as 174
set protocols bgp group Cogent-v4 bfd-liveness-detection minimum-interval 1000
set protocols bgp group Cogent-v4 bfd-liveness-detection multiplier 3
set protocols bgp group Cogent-v4 neighbor 38.122.121.33
set protocols bgp group CrownCastle-v4 local-address 209.160.176.234
set protocols bgp group CrownCastle-v4 import from-CrownCastle
set protocols bgp group CrownCastle-v4 family inet unicast
set protocols bgp group CrownCastle-v4 export to-CrownCastle
set protocols bgp group CrownCastle-v4 peer-as 46887
set protocols bgp group CrownCastle-v4 bfd-liveness-detection minimum-interval 1000
set protocols bgp group CrownCastle-v4 bfd-liveness-detection multiplier 3
set protocols bgp group CrownCastle-v4 neighbor 209.160.176.233
set protocols bgp enable
set protocols bgp bgp-error-tolerance
set protocols bgp local-as 395534
set protocols sflow polling-interval 20
set protocols sflow sample-rate ingress 1000
set protocols sflow sample-rate egress 1000
set protocols sflow source-ip 192.168.1.9
set protocols sflow collector 10.1.48.37 udp-port 2055
set protocols sflow interfaces xe-0/0/0.0
set protocols sflow interfaces xe-0/1/0.0
set protocols sflow interfaces xe-2/0/1.0