## Last changed: 2019-09-25 18:17:07 ICT

version 12.3X54-D34;
groups {
PROTECT_RE_FILTER {
firewall {
family inet {
filter PROTECT_RE_FILTER {
term ACCEPT-TWAMP {
from {
source-address {
10.52.88.204/30;
10.52.88.208/30;
}
protocol [ tcp udp ];
}
then accept;
}
term T0-TCP-PROTECTION {
from {
source-address {
10.250.18.2/32;
10.250.32.0/20;
10.24.0.0/16;
10.25.0.0/16;
}
destination-address {
10.250.37.177/32;
2.0.0.0/32;
10.250.35.81/32;
}
protocol tcp;
tcp-flags "(syn & !ack) | fin | rst";
}
then {
policer TCP-CONNECTION-POLICER;
accept;
}
}
term T10-OSPF-PROTECTION {
from {
source-address {
10.250.18.2/32;
10.250.32.0/20;
}
destination-address {
224.0.0.5/32;
}
protocol ospf;
}
then accept;
}
term T20-IN-SSH {
from {
source-address {
10.250.32.0/20;
10.24.0.0/16;
10.25.0.0/16;
}
protocol tcp;
 destination-port ssh;
}
then accept;
}
term T21-OUT-SSH {
from {
source-address {
10.250.32.0/20;
10.24.0.0/16;
10.25.0.0/16;
}
protocol tcp;
source-port ssh;
}
then accept;
}
term T30-IN-TELNET {
from {
source-address {
10.250.32.0/20;
10.24.5.0/24;
}
protocol tcp;
destination-port 23;
}
then accept;
}
term T31-OUT-TELNET {
from {
source-address {
10.250.32.0/20;
10.24.5.0/24;
}
protocol tcp;
source-port 23;
}
then accept;
}
term T40-BGP {
from {
source-address {
10.250.32.0/20;
}
protocol tcp;
source-port bgp;
}
then accept;
}
term T41-BGP {
from {
source-address {
10.250.32.0/20;
}
protocol tcp;
destination-port bgp;
}
then accept;
}
term T50-RSVP {
 from {
source-address {
10.250.32.0/20;
}
protocol rsvp;
}
then accept;
}
term T60-SNMP {
from {
source-address {
10.250.18.2/32;
10.24.0.0/16;
10.25.0.0/16;
}
destination-address {
10.250.35.81/32;
}
protocol tcp;
destination-port [ snmp snmptrap ];
}
then {
policer SNMP-POLICER;
accept;
}
}
term T61-SNMP {
from {
source-address {
10.250.18.2/32;
10.24.0.0/16;
10.25.0.0/16;
}
destination-address {
10.250.35.81/32;
}
protocol udp;
source-port snmp;
}
then {
policer SNMP-POLICER;
accept;
}
}
term T70-NTP {
from {
source-address {
10.250.32.12/32;
10.250.32.13/32;
}
destination-address {
10.250.35.81/32;
}
protocol udp;
destination-port ntp;
}
then {
policer NTP-POLICER;
accept;
 }
}
term T71-NTP {
from {
source-address {
10.250.32.12/32;
10.250.32.13/32;
}
destination-address {
10.250.35.81/32;
}
protocol udp;
source-port ntp;
}
then {
policer NTP-POLICER;
accept;
}
}
term T80-MGMTPING {
from {
source-address {
10.250.32.0/20;
}
destination-address {
10.250.37.177/32;
2.0.0.0/32;
10.250.35.81/32;
}
protocol icmp;
}
then accept;
}
term T90-ICMP {
from {
destination-address {
10.250.37.177/32;
2.0.0.0/32;
10.250.35.81/32;
}
protocol icmp;
}
then {
policer ICMP-POLICER;
accept;
}
}
term T100-LDP {
from {
source-address {
10.250.32.0/20;
}
protocol [ tcp udp ];
destination-port ldp;
}
then accept;
}
term T101-LDP {
from {
 source-address {
10.250.32.0/20;
}
protocol [ tcp udp ];
source-port ldp;
}
then accept;
}
term T110-BFD {
from {
source-address {
10.250.32.0/20;
}
protocol udp;
destination-port [ 4784 3784 ];
}
then {
count c-bfd;
accept;
}
}
term T111-BFD {
from {
source-address {
10.250.32.0/20;
}
protocol udp;
source-port [ 4784 3784 ];
}
then {
count c-bfd;
accept;
}
}
term T120-BOOTP {
from {
protocol udp;
destination-port 67;
}
then {
policer DHCP-RELAY;
accept;
}
}
term T121-BOOTP {
from {
protocol udp;
source-port 67;
}
then {
policer DHCP-RELAY;
accept;
}
}
term T130-MPLSECHOREQUEST {
from {
source-address {
10.250.32.0/20;
}
 destination-address {
10.250.35.81/32;
}
protocol udp;
destination-port 3503;
}
then {
policer MPLSPING-POLICER;
count c-mpls1;
accept;
}
}
term T131-MPLSECHOREPLY {
from {
source-address {
10.250.32.0/20;
}
destination-address {
10.250.35.81/32;
}
protocol udp;
source-port 3503;
}
then {
policer MPLSPING-POLICER;
count c-mpls2;
accept;
}
}
term T140-UDPSERVICES {
from {
source-address {
10.250.18.2/32;
10.24.0.0/16;
10.25.0.0/16;
}
destination-address {
10.250.35.81/32;
}
protocol udp;
}
then {
policer SMALL-BW-POLICER;
count CNTR-UDPSERVICES;
log;
accept;
}
}
term T150-FTP {
from {
source-address {
10.250.18.2/32;
10.250.18.9/32;
10.250.32.0/20;
10.24.0.0/16;
10.25.0.0/16;
}
source-port [ ftp ftp-data ];
}
 then accept;
}
term T151-FTP {
from {
source-address {
10.250.18.2/32;
10.250.18.9/32;
10.250.32.0/20;
10.24.0.0/16;
10.25.0.0/16;
}
destination-port [ ftp ftp-data ];
}
then accept;
}
term T160-TACAC-IN {
from {
source-address {
10.250.18.2/32;
10.250.18.9/32;
10.24.0.0/16;
10.25.0.0/16;
}
destination-port [ tacacs tacacs-ds ];
}
then accept;
}
term T161-TACAC-OUT {
from {
source-address {
10.250.18.2/32;
10.250.18.9/32;
10.25.0.0/16;
10.24.0.0/16;
}
source-port [ tacacs tacacs-ds ];
}
then accept;
}
term T170-PTP-IN {
from {
source-address {
10.30.235.102/32;
10.30.235.110/32;
}
source-port [ 319 320 ];
}
then accept;
}
term T171-PTP-OUT {
from {
destination-address {
10.30.235.102/32;
10.30.235.110/32;
}
destination-port [ 319 320 ];
}
then accept;
}
 term LOCAL-DISCARD {
from {
destination-address {
10.250.32.0/20;
}
}
then {
discard;
}
}
term LAST-ACCEPT {
then accept;
}
}
}
policer NTP_POLICER {
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 15k;
}
then discard;
}
policer SSH_POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 128k;
}
then discard;
}
policer TELNET_POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 128k;
}
then discard;
}
policer FTP_POLICER {
if-exceeding {
bandwidth-limit 20m;
burst-size-limit 625k;
}
then discard;
}
policer NTP-POLICER {
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 15k;
}
then discard;
}
policer DHCP-RELAY {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 15k;
}
then discard;
}
policer SMALL-BW-POLICER {
if-exceeding {
 bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
policer IGMP-POLICER {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 15k;
}
then discard;
}
policer SSH-POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 128k;
}
then discard;
}
policer TELNET-POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 128k;
}
then discard;
}
policer TCP-CONNECTION-POLICER {
if-exceeding {
bandwidth-limit 50k;
burst-size-limit 15k;
}
then discard;
}
policer ICMP-POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 15k;
}
then discard;
}
policer FTP-POLICER {
if-exceeding {
bandwidth-limit 20m;
burst-size-limit 625k;
}
then discard;
}
policer SNMP-POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 15k;
}
then discard;
}
policer MPLSPING-POLICER {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 15k;
}
 then discard;
}
}
}
}
apply-groups PROTECT_RE_FILTER;
system {
host-name CSG-QATB18;
time-zone Asia/Saigon;
no-multicast-echo;
no-redirects;
no-redirects-ipv6;
internet-options {
no-source-quench;
tcp-drop-synfin-set;
}
authentication-order password;
ports {
console type vt100;
auxiliary disable;
}
root-authentication {
encrypted-password
"$5$rc1NRhO7$SoQhyt4k6IBjzibnQlFw4nsvP3OL00xy66NOb1pzyg6"; ## SECRET-DATA
}
login {
class comas-check {
permissions [ view view-configuration ];
allow-commands "(ping)|(traceroute)|(telnet)|(ssh)|(show)";
}
class monitor {
permissions [ view view-configuration ];
}
class operator-local {
idle-timeout 5;
permissions [ access configure control interface network routing system
trace view ];
}
class viewonly {
idle-timeout 5;
permissions [ view view-configuration ];
}
user admin {
uid 2511;
class super-user;
authentication {
encrypted-password "$1$gbuCKBFg$LbsSA79N0GOuliD4vhAt1."; ## SECRET-
DATA
}
}
user anhhtanhht {
uid 2522;
class super-user;
authentication {
encrypted-password "$1$5mCI4cBG$4I.HQRpEYZgCNe4puV0rL1"; ## SECRET-
DATA
}
}
user anhhtp {
 uid 2519;
class operator-local;
authentication {
encrypted-password "$1$Ss1i/v7P$SoRfTCAl/R4/lu3BPKkZv."; ## SECRET-
DATA
}
}
user chauhv {
uid 2529;
class operator-local;
authentication {
encrypted-password "$1$1S1Ktb80$eyl3yvA/D/puowSJK/fH6/"; ## SECRET-
DATA
}
}
user chaupq {
uid 2506;
class operator-local;
authentication {
encrypted-password "$1$i0WC0j6m$NgInmx/U.Sh8tNj5/nPx20"; ## SECRET-
DATA
}
}
user comas {
uid 2547;
class comas-check;
authentication {
encrypted-password "$1$mudSRgur$vjMVfd7yUgHNGifosM03h0"; ## SECRET-
DATA
}
}
user cuongmt {
uid 2528;
class operator-local;
authentication {
encrypted-password "$1$9ZcnspbR$XxudDuk2mL7sgLs6d8BMr."; ## SECRET-
DATA
}
}
user damdhdamdh {
uid 2514;
class super-user;
authentication {
encrypted-password "$1$Pk5JApJ3$olrHINL/iKJdW7/rVpTYQ."; ## SECRET-
DATA
}
}
user dongpv {
uid 2537;
class operator-local;
authentication {
encrypted-password "$1$hLHL63cy$Ny2nEY7aaz1LhbODiGCAV0"; ## SECRET-
DATA
}
}
user dungtv {
uid 2518;
class super-user;
authentication {
 encrypted-password "$1$yI3dyocp$.Vfsjnj4pfP0f6XC4uCg31"; ## SECRET-
DATA
}
}
user hanhth {
uid 2508;
class operator-local;
authentication {
encrypted-password "$1$Div85d.N$kjThIZHmq9t/ZoC8SfVBd1"; ## SECRET-
DATA
}
}
user hatmhatm {
uid 2551;
class operator-local;
authentication {
encrypted-password "$1$SYNZKs/y$6wO.oPM24JKA2Yku.zFNQ1"; ## SECRET-
DATA
}
}
user hoanmhoanm {
uid 2538;
class super-user;
authentication {
encrypted-password "$1$s4IBVgzl$laF/hwPlRzmLWCuughyaF/"; ## SECRET-
DATA
}
}
user hungnv {
uid 2536;
class operator-local;
authentication {
encrypted-password "$1$/HNemS4v$qXgnxPx8O25QzVjqtHN6n."; ## SECRET-
DATA
}
}
user hungtq {
uid 2539;
class operator-local;
authentication {
encrypted-password "$1$zn.4AN1u$sNNuodzNV6fq9Zx618Fn1/"; ## SECRET-
DATA
}
}
user huylqhuylq {
uid 2527;
class operator-local;
authentication {
encrypted-password "$1$RJXmuOho$aQYHMqYUx1X6TxAJOaHCB1"; ## SECRET-
DATA
}
}
user huyvla {
uid 2513;
class super-user;
authentication {
encrypted-password "$1$iTm8EjzK$8Pzgzy5lRcqiC3/oduPqE0"; ## SECRET-
DATA
}
 }
user jsaserver {
uid 2550;
class super-user;
authentication {
encrypted-password "$1$Ev9x53TZ$h4e29UJ52Ekbl7CWyof0D."; ## SECRET-
DATA
}
}
user khanhnl {
uid 2505;
class operator-local;
authentication {
encrypted-password "$1$PU2f71KV$bLsVJ/J9sdmxL2m3Venb2."; ## SECRET-
DATA
}
}
user lucntlucnt {
uid 2535;
class operator-local;
authentication {
encrypted-password "$1$OKfn7maH$SwJ6mR59134nESUBxj3LQ0"; ## SECRET-
DATA
}
}
user namthnamth {
uid 2526;
class operator-local;
authentication {
encrypted-password "$1$faA9XlA7$Bja7Fi8Y108SIGzJBFrNg."; ## SECRET-
DATA
}
}
user nguyenndv {
uid 2510;
class operator-local;
authentication {
encrypted-password "$1$OMeI6JaR$wwpKmxj/1Qt1ETxa1GoRc1"; ## SECRET-
DATA
}
}
user nhan.buingoc {
uid 2555;
class super-user;
authentication {
encrypted-password "$1$jUOzNKmN$tY2FJYNJDxrWeSuwZo0fb0"; ## SECRET-
DATA
}
}
user phatnv {
uid 2524;
class super-user;
authentication {
encrypted-password "$1$IGjgfb0O$pxiqIrfaUrjhghP30K5hU0"; ## SECRET-
DATA
}
}
user phatpt {
uid 2532;
 class operator-local;
authentication {
encrypted-password "$1$y0r1Z2al$kb6Jk9gowVNYJr4FJkho7."; ## SECRET-
DATA
}
}
user phucdt {
uid 2521;
class super-user;
authentication {
encrypted-password "$1$M6P5YZg1$bJbNJD0TB3N40Twn/.Eca1"; ## SECRET-
DATA
}
}
user phuocldb {
uid 2515;
class super-user;
authentication {
encrypted-password "$1$B1pv7.UE$0n2aY8/fVWAvk9V3goHOg0"; ## SECRET-
DATA
}
}
user pqlkt3 {
uid 2557;
class comas-check;
authentication {
encrypted-password "$1$pd3snReA$s0zzE7DJW1nDDgJPHiXed."; ## SECRET-
DATA
}
}
user quangcomas {
uid 2545;
class operator-local;
authentication {
encrypted-password "$1$EmUBqnOH$Us.FIP8y8c6jQvVu5zpMj1"; ## SECRET-
DATA
}
}
user rangnq {
uid 2530;
class operator-local;
authentication {
encrypted-password "$1$uYkDrNqe$85usKq0FKg6A0TfuQil9T/"; ## SECRET-
DATA
}
}
user thiennv {
uid 2517;
class super-user;
authentication {
encrypted-password "$1$8C9E.z7l$YQeOqzS.Do/8lW1sO0M140"; ## SECRET-
DATA
}
}
user thuanlv {
uid 2525;
class super-user;
authentication {
encrypted-password "$1$YQ5USUuw$WHeQFc06h90uZAQOZQ7Ms/"; ## SECRET-
DATA
}
}
user thuycomas {
uid 2546;
class operator-local;
authentication {
encrypted-password "$1$utZYKfuN$HUXe2KimpgQtj8XPrKrY4."; ## SECRET-
DATA
}
}
user tintdtintd {
uid 2534;
class operator-local;
authentication {
encrypted-password "$1$hNADrmOh$drKjdAMrzIoZ9Ccrth.gx1"; ## SECRET-
DATA
}
}
user trilqtrilq {
uid 2531;
class super-user;
authentication {
encrypted-password "$1$FimnKaAb$lBgpS3KfpI0ZawSTLJzi11"; ## SECRET-
DATA
}
}
user tu.nguyenvananh {
uid 2560;
class super-user;
authentication {
encrypted-password "$1$iHBNFC6m$NkclDshDQUYgJFZqViOuX1"; ## SECRET-
DATA
}
}
user tuan.lyhuu {
uid 2558;
class super-user;
authentication {
encrypted-password "$1$3khUmjJs$Hy8KQ/ph6utrtmy6WaVlM1"; ## SECRET-
DATA
}
}
user tucomas {
uid 2544;
class super-user;
authentication {
encrypted-password "$1$r/oi1GYZ$XXqBK3pqpMXJAk40lto6Y/"; ## SECRET-
DATA
}
}
user tunghlt {
uid 2520;
class super-user;
authentication {
encrypted-password "$1$GBgRLa3u$3olggAToZqPEnEKp2Hsd.0"; ## SECRET-
DATA
}
}
 user uyenhtp {
uid 2504;
class super-user;
authentication {
encrypted-password "$1$ZCXxpMVm$/wOtfdxV9bguag3puBfSK1"; ## SECRET-
DATA
}
}
user vidlvidl {
uid 2523;
class super-user;
authentication {
encrypted-password "$1$oIgOqiM5$al8h7Mu2xduaW7YyGxWMS."; ## SECRET-
DATA
}
}
user view {
uid 2556;
class comas-check;
authentication {
encrypted-password "$1$Cl6n2Re7$HgYHCeQhYg65eNjT2uXE20"; ## SECRET-
DATA
}
}
user vinhcomas {
uid 2549;
class super-user;
authentication {
encrypted-password "$1$2idALwPH$ES6pTKqFunFWMB5ws.qq3/"; ## SECRET-
DATA
}
}
user vinhnd {
uid 2533;
class operator-local;
authentication {
encrypted-password "$1$NuKzMPVM$rwgPAKRuBzbFnCfCTlKr/0"; ## SECRET-
DATA
}
}
user vinhtq {
uid 2512;
class super-user;
authentication {
encrypted-password "$1$6BGzxFEL$6wDROk9mcxTEnGz8V9BCd/"; ## SECRET-
DATA
}
}
user vmsadmin {
uid 2541;
class viewonly;
authentication {
encrypted-password adminvms; ## SECRET-DATA
}
}
user vu.duongtan {
uid 2559;
class super-user;
authentication {
 encrypted-password "$1$MNWN8sdn$3zpaYvB9NwebBBzfazXeT0"; ## SECRET-
DATA
}
}
user vuldvuld {
uid 2507;
class operator-local;
authentication {
encrypted-password "$1$ovmIVcL0$33uZ0T7GoLW6BthFbeuVy0"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh {
root-login deny;
protocol-version v2;
max-sessions-per-connection 32;
connection-limit 15;
}
telnet {
connection-limit 30;
rate-limit 45;
}
netconf {
ssh {
connection-limit 10;
rate-limit 4;
}
}
}
syslog {
archive size 512k files 10 world-readable;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
daemon any;
kernel any;
}
file interactive-commands {
interactive-commands any;
}
file default-log-messages {
any info;
match "(requested 'commit' operation)|(requested 'commit synchronize'
operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|
(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|
transfer-file|(license add)|(license delete)|(package -X update)|(package -X
delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT|
LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed,
Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master
detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
structured-data;
}
time-format millisecond;
 }
commit synchronize;
ntp {
authentication-key 1 type md5 value "$9$QHSUF/tyrvxNbvW8xN-wsP5T3Ct"; ##
SECRET-DATA
server 10.250.32.12 key 1 prefer; ## SECRET-DATA
server 10.250.32.13 key 1; ## SECRET-DATA
trusted-key 1;
source-address 10.250.35.81;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 10;
}
}
fpc 0 {
pic 0 {
framing e1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
services {
rpm {
probe SLA {
test CSG-QATB18_CSG-QATB43 {
probe-type icmp-ping;
target address 10.250.37.178;
probe-count 3;
probe-interval 10;
test-interval 10;
source-address 10.250.37.177;
dscp-code-points nc1;
thresholds {
successive-loss 1;
total-loss 3;
}
}
}
twamp {
server {
authentication-mode none;
max-connection-duration 120;
port 862;
client-list Client1 {
address {
10.52.88.206/32;
10.52.88.210/32;
}
}
}
}
}
}
interfaces {
ce1-0/0/0 {
no-partition interface-type e1;
}
e1-0/0/0 {
description "Connected to BTS QATB18-1";
encapsulation satop;
unit 0;
}
ge-1/0/0 {
description "Soft_Looped for PTP Timing";
gigether-options {
loopback;
}
unit 0 {
family inet {
address 10.250.41.81/32;
}
}
}
ge-1/1/0 {
description "Connect to NodeB QATB18 VL302-352";
vlan-tagging;
unit 302 {
description "To VRF IuB-3G QATB18";
vlan-id 302;
family inet {
address 10.33.24.73/29;
}
}
unit 352 {
description "To VRF OAM 3G QATB18";
vlan-id 352;
family inet {
address 10.33.41.73/29;
}
}
}
ge-1/2/0 {
description "Connect to CSG-QATB43-ge-1/1/1";
hold-time up 60000 down 0;
gigether-options {
802.3ad ae0;
}
}
ge-1/2/1 {
unit 0 {
family inet6;
}
}
ae0 {
description "Connect to CSG-QATB18-ae0";
mtu 9192;
aggregated-ether-options {
lacp {
active;
}
}
 unit 0 {
family inet {
address 10.250.37.177/30;
}
family inet6;
family mpls;
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.1.5/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.250.35.81/32;
}
}
}
}
snmp {
filter-interfaces {
interfaces {
"!^[gxae][et].*";
"(ge|xe|ae|et).*\..*";
}
all-internal-interfaces;
}
community publicVMS3 {
authorization read-only;
client-list-name SNMP-CLIENT-PREFIXES;
}
trap-options {
source-address 10.250.35.81;
}
trap-group metro-trap-group {
version v2;
categories {
authentication;
chassis;
link;
routing;
startup;
vrrp-events;
configuration;
}
targets {
10.250.18.2;
}
}
trap-group space {
targets {
10.250.18.9;
}
}
}
forwarding-options {
family inet {
filter {
input PROTECT_RE_FILTER;
}
}
}
routing-options {
router-id 10.250.35.81;
autonomous-system 65330;
forwarding-table {
export LB;
}
}
protocols {
router-advertisement {
interface ge-1/2/0.0;
interface ge-1/2/1.0;
}
rsvp {
interface ae0.0 {
authentication-key "$9$fT39hcl8X-lKv8XxdVqmPQ69"; ## SECRET-DATA
aggregate;
reliable;
}
interface ae1.0 {
authentication-key "$9$GUDkPAtOhSeO1IhSyKvoJZj.P"; ## SECRET-DATA
aggregate;
reliable;
}
}
mpls {
admin-groups {
access_5 15;
}
smart-optimize-timer 30;
explicit-null;
ipv6-tunneling;
icmp-tunneling;
optimize-timer 180;
label-switched-path lsp-CSG-QATB18-to-AGG-QNNTBH21 {
to 10.250.32.12;
ldp-tunneling;
admin-group include-any access_5;
fast-reroute {
hop-limit 12;
}
}
label-switched-path lsp-CSG-QATB18-to-AGG-QNNTKY11 {
to 10.250.32.13;
ldp-tunneling;
admin-group include-any access_5;
fast-reroute {
hop-limit 12;
}
}
interface ae0.0 {
admin-group access_5;
}
 interface ae1.0 {
admin-group access_5;
}
}
bgp {
precision-timers;
path-selection external-router-id;
advertise-from-main-vpn-tables;
mtu-discovery;
log-updown;
group iBGP-AGG {
type internal;
local-address 10.250.35.81;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
family route-target;
authentication-key "$9$P5F/EhrWLNreKWLX-dk.mTn/"; ## SECRET-DATA
neighbor 10.250.32.12 {
description AGG-QNNTBH21;
export Export-SoO-AGG;
}
neighbor 10.250.32.13 {
description AGG-QNNTKY11;
export Export-SoO-AGG;
}
}
}
ospf {
overload timeout 420;
traffic-engineering;
reference-bandwidth 1000g;
area 0.0.0.205 {
interface lo0.0 {
passive;
}
interface ae0.0 {
interface-type p2p;
metric 200;
authentication {
md5 1 key "$9$mfFn9ApBRhCA"; ## SECRET-DATA
}
}
interface ae1.0 {
interface-type p2p;
}
interface fxp0.0 {
disable;
}
interface ge-1/0/0.0 {
interface-type p2p;
passive;
}
 }
}
ldp {
track-igp-metric;
deaggregate;
explicit-null;
interface lo0.0;
}
l2circuit {
neighbor 10.250.32.4 {
interface e1-0/0/0.0 {
virtual-circuit-id 201081800;
description "E1-SATOP service QATB18-1";
encapsulation-type satop-e1;
ignore-encapsulation-mismatch;
ignore-mtu-mismatch;
pseudowire-status-tlv;
}
}
}
oam {
ethernet {
link-fault-management {
action-profile down-ae-member {
event {
link-adjacency-loss;
}
action {
link-down;
}
}
interface ae0 {
apply-action-profile down-ae-member;
pdu-interval 100;
}
interface ae1 {
apply-action-profile down-ae-member;
pdu-interval 100;
}
}
}
}
ptp {
clock-mode ordinary;
domain 0;
unicast-negotiation;
ipv4-dscp 48;
slave {
interface ge-1/0/0.0 {
unicast-mode {
transport ipv4;
clock-source 10.30.235.102 local-ip-address 10.250.41.81;
clock-source 10.30.235.110 local-ip-address 10.250.41.81;
}
}
}
}
lldp {
interface ge-1/2/0;
 interface ge-1/2/1;
}
}
policy-options {
prefix-list SNMP-CLIENT-PREFIXES {
0.0.0.0/0;
}
policy-statement Export-SoO-AGG {
term SoO {
then {
community add SoO;
accept;
}
}
}
policy-statement LB {
then {
load-balance per-packet;
}
}
policy-statement ps-exp-3g {
term 1 {
from protocol [ static direct ];
then {
community add 3G-nodeB;
community add SoO;
accept;
}
}
}
policy-statement ps-exp-4g {
term 1 {
then {
community add 4G-OAM;
community add 4G-OAM-AS-PUB;
community add SoO;
accept;
}
}
}
policy-statement ps-exp-4g-mme {
term 1 {
then {
community add 4G-eNodeB;
community add 4G-eNodeB-CSG;
community add 4G-eNodeB-X2;
community add SoO;
accept;
}
}
}
policy-statement ps-exp-oam-3g {
term 1 {
from protocol [ static direct ];
then {
community add OAM-3G-64803;
community add OAM-3G-131429;
community add SoO;
accept;
 }
}
}
policy-statement ps-imp-3g {
term 1 {
from {
protocol bgp;
community 3G-IuB-DF;
}
then accept;
}
}
policy-statement ps-imp-4g {
term 1 {
from {
protocol bgp;
community 4G-OAM-DF;
}
then accept;
}
}
policy-statement ps-imp-4g-mme {
term 1 {
from {
protocol bgp;
community 4G-eNodeB-DF;
}
then accept;
}
}
policy-statement ps-imp-oam-3g {
term 1 {
from {
protocol bgp;
community 3G-OAM-DF;
}
then accept;
}
}
community 3G-IuB-DF members target:65330:999;
community 3G-OAM-DF members target:65330:998;
community 3G-RNC-IPBB members target:131429L:30001;
community 3G-nodeB members target:131429L:30011;
community 4G-IPBB members target:131429L:40010;
community 4G-IPBB-SGW members target:64803:100;
community 4G-OAM members target:64803:40003;
community 4G-OAM-AS-PUB members target:131429L:40003;
community 4G-OAM-DF members target:65330:997;
community 4G-OAM-MNT members target:64803:40004;
community 4G-eNodeB members target:131429L:40001;
community 4G-eNodeB-CSG members target:10.250.35.81:40001;
community 4G-eNodeB-DF members target:65330:996;
community 4G-eNodeB-X2 members target:65330:40001;
community OAM-3G-131429 members target:131429L:30020;
community OAM-3G-64803 members target:64803:30020;
community OAM-3G-IPBB members target:64803:30010;
community SoO members [ origin:65330:1000 origin:65330:1205 ];
}
class-of-service {
classifiers {
dscp CL_DSCP {
forwarding-class NC {
loss-priority low code-points cs7;
loss-priority high code-points cs6;
}
forwarding-class VOICE {
loss-priority low code-points [ ef cs5 ];
}
forwarding-class STREAMING {
loss-priority low code-points [ af41 cs4 af42 af43 ];
}
forwarding-class INTERNET {
loss-priority low code-points [ cs1 af11 af12 af13 ];
loss-priority high code-points be;
}
forwarding-class BUSINESS {
loss-priority low code-points [ cs3 af31 af32 af33 ];
loss-priority high code-points [ cs2 af21 af22 af23 ];
}
}
dscp-ipv6 CL_DSCP_V6 {
forwarding-class NC {
loss-priority low code-points cs7;
loss-priority high code-points cs6;
}
forwarding-class VOICE {
loss-priority low code-points [ ef cs5 ];
}
forwarding-class STREAMING {
loss-priority low code-points [ af41 cs4 af42 af43 ];
}
forwarding-class INTERNET {
loss-priority low code-points [ cs1 af11 af12 af13 ];
loss-priority high code-points be;
}
forwarding-class BUSINESS {
loss-priority low code-points [ cs3 af31 af32 af33 ];
loss-priority high code-points [ cs2 af21 af22 af23 ];
}
}
exp CL_EXP {
forwarding-class NC {
loss-priority low code-points 111;
loss-priority high code-points 110;
}
forwarding-class VOICE {
loss-priority low code-points 101;
}
forwarding-class STREAMING {
loss-priority low code-points 100;
}
forwarding-class BUSINESS {
loss-priority low code-points 011;
loss-priority high code-points 010;
}
forwarding-class INTERNET {
loss-priority low code-points 001;
loss-priority high code-points 000;
 }
}
ieee-802.1 CL_802.1p {
forwarding-class VOICE {
loss-priority low code-points 101;
}
forwarding-class STREAMING {
loss-priority low code-points 100;
}
forwarding-class NC {
loss-priority low code-points 111;
loss-priority high code-points 110;
}
forwarding-class BUSINESS {
loss-priority low code-points 011;
loss-priority high code-points 010;
}
forwarding-class INTERNET {
loss-priority low code-points 001;
}
}
}
host-outbound-traffic {
forwarding-class NC;
dscp-code-point cs7;
ieee-802.1 {
default 110;
}
}
forwarding-classes {
class INTERNET queue-num 0;
class BUSINESS queue-num 1;
class VOICE queue-num 2;
class NC queue-num 3;
class STREAMING queue-num 4;
}
system-defaults {
classifiers {
exp CL_EXP;
}
}
interfaces {
ge-1/1/0 {
unit 302 {
forwarding-class INTERNET;
}
unit 352 {
forwarding-class VOICE;
}
}
ae0 {
scheduler-map CORE-SCHEDULER;
unit * {
rewrite-rules {
exp RW_EXP;
}
}
classifiers {
dscp CL_DSCP;
 }
rewrite-rules {
dscp RW_DSCP;
}
}
ae1 {
scheduler-map CORE-SCHEDULER;
unit * {
rewrite-rules {
exp RW_EXP;
}
}
classifiers {
dscp CL_DSCP;
}
rewrite-rules {
dscp RW_DSCP;
}
}
}
routing-instances {
all {
classifiers {
exp CL_EXP;
}
}
}
rewrite-rules {
dscp RW_DSCP {
forwarding-class NC {
loss-priority low code-point cs7;
loss-priority high code-point cs6;
}
forwarding-class VOICE {
loss-priority low code-point ef;
}
forwarding-class STREAMING {
loss-priority low code-point af41;
}
forwarding-class INTERNET {
loss-priority low code-point af11;
loss-priority high code-point be;
}
forwarding-class BUSINESS {
loss-priority low code-point af31;
loss-priority high code-point af21;
}
}
dscp-ipv6 RW_DSCP_V6 {
forwarding-class NC {
loss-priority low code-point cs7;
loss-priority high code-point cs6;
}
forwarding-class VOICE {
loss-priority low code-point ef;
}
forwarding-class STREAMING {
loss-priority low code-point af41;
}
 forwarding-class INTERNET {
loss-priority low code-point af11;
loss-priority high code-point be;
}
forwarding-class BUSINESS {
loss-priority low code-point af31;
loss-priority high code-point af21;
}
}
exp RW_EXP {
forwarding-class NC {
loss-priority low code-point 111;
loss-priority high code-point 110;
}
forwarding-class VOICE {
loss-priority low code-point 101;
loss-priority high code-point 101;
}
forwarding-class STREAMING {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class BUSINESS {
loss-priority low code-point 011;
loss-priority high code-point 010;
}
forwarding-class INTERNET {
loss-priority low code-point 001;
loss-priority high code-point 000;
}
}
ieee-802.1 RW_802.1p {
forwarding-class VOICE {
loss-priority low code-point 101;
loss-priority high code-point 101;
}
forwarding-class STREAMING {
loss-priority low code-point 100;
loss-priority high code-point 100;
}
forwarding-class NC {
loss-priority low code-point 111;
loss-priority high code-point 110;
}
forwarding-class BUSINESS {
loss-priority low code-point 011;
loss-priority high code-point 010;
}
forwarding-class INTERNET {
loss-priority low code-point 001;
loss-priority high code-point 000;
}
}
}
scheduler-maps {
CORE-SCHEDULER {
forwarding-class NC scheduler S_NC;
forwarding-class INTERNET scheduler S_INTERNET;
forwarding-class BUSINESS scheduler S_BUSINESS;
 forwarding-class STREAMING scheduler S_STREAMING;
forwarding-class VOICE scheduler S_VOICE;
}
}
schedulers {
S_NC {
transmit-rate percent 10;
shaping-rate percent 10;
buffer-size percent 10;
priority strict-high;
}
S_VOICE {
transmit-rate percent 20;
buffer-size percent 20;
priority strict-high;
}
S_STREAMING {
transmit-rate percent 20;
shaping-rate percent 20;
buffer-size percent 20;
priority strict-high;
}
S_BUSINESS {
transmit-rate percent 15;
buffer-size percent 15;
priority low;
}
S_INTERNET {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
}
}
}
routing-instances {
IuB-3G {
instance-type vrf;
interface ge-1/1/0.302;
route-distinguisher 10.250.35.81:30001;
vrf-import ps-imp-3g;
vrf-export ps-exp-3g;
vrf-table-label;
}
OAM-3G {
instance-type vrf;
interface ge-1/1/0.352;
route-distinguisher 10.250.35.81:30010;
vrf-import ps-imp-oam-3g;
vrf-export ps-exp-oam-3g;
vrf-table-label;
routing-options {
static {
route 10.28.191.240/29 next-hop 10.33.41.77;
}
}
 }
}