JNCIE-SP (Service Provider) - iNETZERO · the JNCIS-SP and JNCIP-SP written exams before you start using this workbook. iNET ZERO’s JNCIE-SP

http://www.inetzero.com-Copyright2018iNETZERO.Allrightsreservedforpersonalnoncommercialuseonly–donotdistribute

iNETZEROJNCIE-SPlabworkbookwithdetailedsolutionsversion2.01

JNCIE-SP (Service Provider) Lab preparation workbook

v2.0

For Juniper Networks, inc - JNCIE-SP Lab Exam

http://www.inetzero.com-Copyright2018iNETZERO.AllrightsreservedForpersonalnoncommercialuseonly–donotdistribute-SteganoID=ON

JNCIE-SPworkb

ook:

2

CopyrightandlicensinginformationThisworkbook,iNETZERO'sJNCIE-SPLabPreparationworkbookisdevelopedbyiNETZERO.Allrightsreserved.NopartofthispublicationmaybereproducedordistributedinanyformorbyanymeanswithoutthepriorwrittenpermissionofiNETZEROaregisteredcompanyintheNetherlands.Thisproductcannotbeusedbyortransferredtoanyotherperson.Youarenotallowedtorent,lease,loanorselliNETZEROtrainingproductsincludingthisworkbookanditsconfigurations.Youarenotallowedtomodify,copy,upload,emailordistributethisworkbookinanyway.Thisproductmayonlybeusedandprintedforyourownpersonaluseandmaynotbeusedinanycommercialway.Juniper(c),JuniperNetworksinc,JNCIE,JNCIP,JNCIS,JNCIA,JuniperNetworksCertifiedInternetExpert,areregisteredtrademarksofJuniperNetworks,Inc.


JNCIE-SPworkb

ook:

3

AboutiNETZERO’scontentdevelopersandauthors:MaximFrolov

MaximlivesinRussiaandspeaksRussianandEnglish.Hestartedhisnetworkingcareerin1999.ThroughouttheyearsMaximhasdesignedandimplementedseverallargescalenetworksforenterpriseandserviceprovidercustomers.Overtheyearshehasdevelopedseveralhighqualitycoursewarematerialsforindustryleadingnetworkingvendors.Maximhasthefollowingcertifications:JNCIE,JNCIP-ENT,JNCIS-SEC,NortelNNCSS.FortechnologyMaxvaluesefficiencyandpragmaticdesign.WhenMaxisnotatworkhelikestospendtimewithhisfamily.Maxenjoysbeingoutsideinthenatureandlovestotravelandexploringtheworld.IvanIvanov

IvanvanlivesinEastEuropecountryofBulgaria.Hehasmorethan10yearsexperiencewithIPtechnologies,workingatseveralInternetServiceProviders,bigenterprisecompaniesandInternationalsystemintegrators.Throughouthiscareer,Ivangainedextensiveexperiencedesigning,implementingandsupportingIPnetworksbasedmostlyonJuniperNetworksandCiscoSystemssolutionsanddevices.Ivanworkedonvariousinternationalprojects,designing,securingandimplementingMPLS/IPbackboneformultinationalmobileoperators.Ivanhasthefollowingcertificates:JNCIE,JNCIP-SECandvariousCiscocertificates.


JNCIE-SPworkb

ook:

4

JörgBuesink

JörglivesintheNetherlandsandbringsmorethan15yearsofexperienceintheITandnetworkingindustry.HeworkedforseverallargeISPs/serviceprovidersintheroleoftechnicalconsultant,designerandnetworkarchitect.Hehasextensiveexperienceinnetworkimplementation,designandarchitecture.JörgisquadrupleJNCIEcertified(JNCIE-DC#007,JNCIE-ENT#21,JNCIE-SP#284andJNCIE-SEC#30)aswellastripleCCIE#15032(Routing/Switching,ServiceproviderandSecurity),CiscoCCDE#20110002,HuaweiHCIE#2188RoutingandSwitchingcertified.


JNCIE-SPworkb

ook:Gen

eralin

form

ation

5

Generalinformation

RackrentalserviceDidyouknowthatthisworkbookcanbeusedincombinationwithiNETZEROsJNCIErackrentalservice?Takealookonourwebsiteformoreinformationwww.inetzero.com

TargetaudienceThisworkbookisdevelopedforexperiencednetworkengineerswhoarepreparingfortheJuniperNetworksJNCIE-SPlabexam.AlthoughnotrequireditishighlyrecommendedthatyouhavepassedtheJNCIS-SPandJNCIP-SPwrittenexamsbeforeyoustartusingthisworkbook.iNETZERO’sJNCIE-SPpreparationworkbookisdevelopedinsuchawaythatweexpectyoutohavetheoreticalknowledgeabouttheJNCIE-SPlabexamblueprinttopics(JNCIP-SPcertifiedorworkingtowardsthiscertification).Forexample,inthisworkbookwewillnotexplainwhatrib-groups,LSP’sorMulticastVPNsare.WhatwewilldoistestifyouareabletoconfigureallthesetechnologiesbasedoncertainrequirementsandunderstandhowtheyinteractinatypicalSPenvironment.

HowtousethisworkbookWerecommendthatyoustartyourJNCIElabpreparationwiththeworkbookchaptersonly.Alwaystakeanoteonthetimespentforeachchapter/tasktoseeifyouimprovedonceyougooverthechaptersagain.Ensurethatatleastyougotheworkbookchapterstwicebeforeyoustartwiththefulldaylabchallenges.YouarereadytotrytheFulldaylabchallengesifyouareabletoconfigurethechapter'staskswithouttheneedofthechapter'sanswers.EachFulldaylabchallengemustbecompletedwithin8hours.

TopologydiagramsInthechaptersyouwillfindseveraltopologydiagramsinsmallformat.Intheappendixofthisworkbookyouwillfindlargerversionsofthetopologydiagramsforbetterreadability.Werecommendtoprintthetopologydiagrams.

iNETZEROsupportAlwaysfeelfreetoaskusquestionsregardingtheworkbookorJNCIErackrental.Youcanreachusatinfo@inetzero.com.Welovetohearfromyouregardingyourpreparationprogress.Yourfeedbackregardingourproductsisalsoveryappreciated!


JNCIE-SPworkb

ook:Gen

eralin

form

ation

9

TableofContents

Generalinformation................................................................................................................................5Rackrentalservice..............................................................................................................................5Targetaudience...................................................................................................................................5Howtousethisworkbook...................................................................................................................5Topologydiagrams..............................................................................................................................5iNETZEROsupport..............................................................................................................................5Examstrategy......................................................................................................................................6JNCIEHallofFame...............................................................................................................................8Workbookandconfigurationfileupdates..........................................................................................8

ChapterOne:GeneralSystemFeatures................................................................................................14Task1.InitialSystemSettings...........................................................................................................15Task2.SNMPConfiguration..............................................................................................................18Task3.FirewallFilters.......................................................................................................................19Task4.InterfaceConfiguration.........................................................................................................20Task5.Scripting.................................................................................................................................22

ChapterTwo:IGPConfigurationandTroubleshooting.........................................................................23Task1.OSPFTroubleshooting...........................................................................................................23Task2.ISISTroubleshooting..............................................................................................................25Task3.IGPRollout.............................................................................................................................28

ChapterThree:BGPandRoutingPolicy................................................................................................32Task1.IBGPandConfederation........................................................................................................32Task2.EBGPConfiguration...............................................................................................................33Task3.RoutingPolicies.....................................................................................................................35Task4.IBGPandRouteReflection....................................................................................................36

ChapterFour:MPLSConfiguration........................................................................................................38Task1.LDPConfiguration.................................................................................................................38Task2.RSVPConfiguration...............................................................................................................39Task3.RSVPProtection.....................................................................................................................43Task4.IPv6Tunnelingwith6PE........................................................................................................44

ChapterFive:L3VPNConfiguration.......................................................................................................45Task1.L3VPNConfiguration.............................................................................................................45Task2.MulticastinL3VPN................................................................................................................48Task3.IPv6Tunnelingwith6VPE......................................................................................................49

ChapterSix:L2VPNandVPLSConfiguration.........................................................................................50Task1.L2VPNConfiguration.............................................................................................................50Task2.VPLSConfiguration................................................................................................................52

ChapterSeven:Inter-providerVPNConfiguration................................................................................54Task1.Inter-providerVPNOptionB.................................................................................................54Task2.Inter-providerVPNOptionC.................................................................................................55

ChapterEight:ClassofService..............................................................................................................56Task1.ForwardingClasses,QueuesandSchedulers........................................................................56Task2.Classification,PolicingandMarking......................................................................................58


JNCIE-SPworkb

ook:Gen

eralin

form

ation

10

ChapterNine:AFullDayLabChallenge................................................................................................59Task1:InitialSystemConfiguration..................................................................................................60Task2:BuildingtheNetwork............................................................................................................61Task3:IGPConfiguration..................................................................................................................64Task4:BGPConfiguration.................................................................................................................66Task5:MPLSConfiguration...............................................................................................................68Task6:VPNConfiguration.................................................................................................................70Task7:ClassofServiceConfiguration...............................................................................................72

AFullDayLabChallengeII....................................................................................................................74Part1:SystemFeatures.....................................................................................................................75

Task1.1ServiceConfiguration......................................................................................................75Task1.2:Centralizedauthenticationmanagement......................................................................75Task1.3:Localuserconfiguration.................................................................................................76Task1.4:Activeconfigurationarchivalandlogging......................................................................76Task1.5:AdvancedInterfaceconfigurationandchassisfeatures................................................77Task1.6:AdvancedREProtection................................................................................................77

Part2:TroubleshootingandConfiguringIGP....................................................................................78Task2.1:Troubleshooting............................................................................................................78Task2.2:ConnectivitytoOSPFv3Area.........................................................................................78Task2.3:RIPredistribution..........................................................................................................78Task2.4:MultilevelIS-ISconfiguration........................................................................................78Task2.5:AdvancedIS-ISconfiguration.........................................................................................78

Part3:TroubleshootingandConfiguringBGP...................................................................................80Task3.1:iBGPdesignandconfiguration......................................................................................80Task3.2:eBGPpeersandconfiguration.......................................................................................80Task3.3:BGPpolicyconfiguration...............................................................................................81Task3.4:BGPgeneralrequirements............................................................................................81

Part4:MPLSconfiguration................................................................................................................82Task4.1:MPLSandRSVPconfiguration.......................................................................................82Task4.2:MPLSandLDPconfiguration.........................................................................................82

Part5:IPv6configuration..................................................................................................................83Task5.1:NativeIPv6configuration..............................................................................................83Task5.2:IPv6tunnelingconfiguration.........................................................................................83

Part6:MPLSVPNsconfiguration......................................................................................................84Task6.1:VPNAconfiguration.......................................................................................................84Task6.2:VPNAmulticastconfiguration.......................................................................................84Task6.3:VPLSconfiguration........................................................................................................85Task6.4:L2VPNconfiguration......................................................................................................85

AFullDayLabChallengeIII...................................................................................................................86Part1:SystemFeatures.....................................................................................................................87

Task1.1ServiceConfiguration......................................................................................................87Task1.2:Centralizedauthenticationmanagement......................................................................88Task1.3:Localuserconfiguration.................................................................................................88Task1.4:Activeconfigurationarchivalandlogging......................................................................88Task1.5:AdvancedInterfaceconfigurationandchassisfunctions..............................................88


JNCIE-SPworkb

ook:Gen

eralin

form

ation

11

Task1.6:AdvancedREProtection................................................................................................89Part2:TroubleshootingandConfiguringIGP....................................................................................90

Task2.1:Troubleshooting............................................................................................................90Task2.2:RIPredistribution..........................................................................................................90Task2.3:Multi-areaOSPFconfiguration......................................................................................90Task2.4:AdvancedOSPFconfiguration.......................................................................................91

Part3:TroubleshootingandConfiguringBGP...................................................................................92Task3.1:InternalBGPdesignandconfiguration..........................................................................92Task3.2:externalBGPpeersandconfiguration..........................................................................92Task3.3:BGPpolicyconfiguration...............................................................................................92Task3.4:BGPgeneralrequirements............................................................................................93

Part4:MPLSconfiguration................................................................................................................94Task4.1:MPLSandRSVPconfiguration.......................................................................................94Task4.2:MPLSandLDPconfiguration.........................................................................................94

Part5:IPv6tunnelingandMulticastconfiguration...........................................................................95Task5.1:IPv6tunnelingconfiguration.........................................................................................95Task5.2:Multicastconfiguration.................................................................................................95

Part6:MPLSVPNsconfiguration......................................................................................................96Task6.1:VPNAconfiguration.......................................................................................................96Task6.2:VPNBconfiguration.......................................................................................................96Task6.3:VPLSconfiguration........................................................................................................96

Appendix1:AdditionalTheory..............................................................................................................98OSPFadjacencytroubleshooting.......................................................................................................98BGPadjacencytroubleshooting......................................................................................................102BGPIPV6NLRIoverIPV4peering....................................................................................................105Troubleshooting:MulticasttrafficengineeringusingRIB-groups...................................................112Advancedfirewallfiltering..............................................................................................................115

Appendix2:Topologydiagrams.........................................................................................................118Task1:InitialSystemConfiguration................................................................................................138Task2:SNMPConfiguration............................................................................................................151Task3:Firewallfilters......................................................................................................................157Task4:InterfaceConfiguration.......................................................................................................168Task5:Scripting..............................................................................................................................178

ChapterTwosolutions:IGPConfigurationandTroubleshooting........................................................184Task1:OSPFTroubleshooting.........................................................................................................185Task2:IS-ISTroubleshooting..........................................................................................................251Task3:IGPRollout...........................................................................................................................305

ChapterThreesolutions:BGPandRoutingpolicy...............................................................................379Task1:IBGPandConfederation......................................................................................................379TaskTwo:EBGPConfiguration........................................................................................................390Task3:RoutingPolicies...................................................................................................................430Task4:IBGPandRouteReflection..................................................................................................487

ChapterFoursolutions:MPLSconfiguration.......................................................................................535MPLSOverview...............................................................................................................................535


JNCIE-SPworkb

ook:Gen

eralin

form

ation

12

LDPOverview..................................................................................................................................536Task1:LDPConfiguration...............................................................................................................536Task2:RSVPConfiguration.............................................................................................................548Task3:RSVPProtection..................................................................................................................609Task4:IPv6tunnelingwith6PE.......................................................................................................632

ChapterFivesolutions:L3VPNConfiguration.....................................................................................642Task1:L3VPNconfiguration...........................................................................................................642Task2:MulticastinL3VPNs.............................................................................................................699Task3:IPv6Tunnelingwith6VPE....................................................................................................734

ChapterSixsolutions:L2VPNandVPLSconfiguration........................................................................747Task1:L2VPNConfiguration...........................................................................................................747Task2:VPLSConfiguration..............................................................................................................764

ChapterSevensolutions:Inter-providerVPNConfiguration..............................................................795Task1:Inter-providerVPNOptionB...............................................................................................795Task2:Inter-providerVPNOptionC...............................................................................................808

ChapterEighsolutionst:ClassofService.............................................................................................822Task1:ForwardingClasses,QueuesandSchedulers......................................................................823Task2:Classification,PolicingandMarking....................................................................................832

ChapterNinesolutions:FullDayLabChallengeI................................................................................841Task1:InitialSystemConfiguration................................................................................................841Task2:Buildingthenetwork...........................................................................................................846Task3:IGPConfiguration................................................................................................................848Task4:BGPConfiguration...............................................................................................................909Task5:MPLSconfiguration.............................................................................................................966Task6:VPNconfiguration............................................................................................................1057Task7:ClassofServiceConfiguration..........................................................................................1107

ChapterTensolutions:FullDayLabChallengeII.............................................................................1123Part1:SystemFeatures................................................................................................................1124

Solution-Task1.1ServiceConfiguration.................................................................................1124Solution-Task1.2:Centralizedauthenticationmanagement.................................................1125Solution-Task1.3:Localuserconfiguration............................................................................1127Solution-Task1.4:Activeconfigurationarchivalandlogging.................................................1129Solution-Task1.5:AdvancedInterfaceconfigurationandchassisfeatures..........................1130Solution-Task1.6:AdvancedREProtection...........................................................................1133

Appendix-Part2:TroubleshootingandConfiguringIGP.............................................................1140Solution-Task2.1:Troubleshooting.......................................................................................1140Solution-Task2.2:ConnectivitytoOSPFv3Area....................................................................1153Solution-Task2.3:RIPredistribution.....................................................................................1160Solution-Task2.4:MultilevelIS-ISconfiguration...................................................................1169Solution-Task2.5:AdvancedIS-ISconfiguration...................................................................1173

Part3:TroubleshootingandConfiguringBGP..............................................................................1176Solution-Task3.1:iBGPdesignandconfiguration.................................................................1176Solution-Task3.2:eBGPpeersandconfiguration.................................................................1189Solution-Task3.3:BGPpolicyconfiguration..........................................................................1197Solution-Task3.4:BGPgeneralrequirements.......................................................................1217


JNCIE-SPworkb

ook:Gen

eralin

form

ation

13

Part4:MPLSconfiguration...........................................................................................................1223Solution-Task4.1:MPLSandRSVPconfiguration..................................................................1223

Part5:IPv6configuration.............................................................................................................1248Solution-Task5.1:NativeIPv6configuration.........................................................................1248Solution-Task5.2:IPv6tunnelingconfiguration....................................................................1251

Part6:MPLSVPNsconfiguration.................................................................................................1255Solution-Task6.1:VPNAconfiguration..................................................................................1255Solution-Task6.2:VPNAmulticastconfiguration..................................................................1271Solution-Task6.3:VPLSconfiguration...................................................................................1278Solution-Task6.4:L2VPNconfiguration................................................................................1285

Chapterelevensolutions:FullDayLabChallengeIII........................................................................1292Part1:SystemFeatures................................................................................................................1294

Solution-Task1.1ServiceConfiguration.................................................................................1294Solution-Task1.2:Centralizedauthenticationmanagement.................................................1295Solution-Task1.3:Localuserconfiguration............................................................................1296Solution-Task1.4:Activeconfigurationarchivalandlogging.................................................1298Solution-Task1.5:AdvancedInterfaceconfigurationandchassisfunctions.........................1299Solution-Task1.6:AdvancedREProtection...........................................................................1302

Part2:TroubleshootingandConfiguringIGP...............................................................................1311Solution-Task2.1:Troubleshooting.......................................................................................1311Solution-Task2.2:RIPredistribution.....................................................................................1330Solution-Task2.3:Multi-areaOSPFconfiguration.................................................................1341Solution-Task2.4:AdvancedOSPFconfiguration..................................................................1354

Part3:TroubleshootingandConfiguringBGP..............................................................................1358Solution-Task3.1:InternalBGPdesignandconfiguration....................................................1358Solution-Task3.2:ExternalBGPpeersandconfiguration.....................................................1365Solution-Task3.3:BGPpolicyconfiguration..........................................................................1374Solution-Task3.4:BGPgeneralrequirements.......................................................................1393

Part4:MPLSconfiguration...........................................................................................................1396Solution-Task4.1:MPLSandRSVPconfiguration..................................................................1396Solution-Task4.2:MPLSandLDPconfiguration....................................................................1413

Part5:IPv6tunnelingandMulticastconfiguration......................................................................1417Solution-Task5.1:IPv6tunnelingconfiguration....................................................................1417Solution-Task5.2:Multicastconfiguration............................................................................1423

Part6:MPLSVPNsconfiguration.................................................................................................1430Solution-Task6.1:VPNAconfiguration..................................................................................1430Solution-Task6.2:VPNBconfiguration..................................................................................1442Solution-Task6.3:VPLSconfiguration...................................................................................1454


JNCIE-SPworkb

ook:Cha

pterFive:L3V

PNCon

figuration

45

ChapterFive:L3VPNConfiguration

InthischaptertasksyouimplementL3VPN’s.ThetasksincludeL3VPNconfigurationwithcustomersrunningeitherOSPForBGP,dual-homedcustomersites,customerInternetaccess,multicastinginVPNsandIPv6tunnelingwith6VPE.

Task1.L3VPNConfigurationInthistaskyoudeployL3VPNforwithcustomersrunningeitherOSPForBGP.

1) ConfigureadditionalinterfacesonyourroutersasindicatedinTable17.Settheinterfacesdescription.

Table17

Router Interface InterfaceName IPAddress IPv6AddressR1 i7 ge-0/0/5.311 192.168.0.41/30

i8 ge-0/0/5.312 192.168.0.45/30 i9 ge-0/0/5.313 192.168.0.49/30 lo0.1 172.30.5.9/32 lo0.2 172.30.5.10/32

R2 i7 ge-0/0/5.314 192.168.0.53/30 i8 ge-0/0/5.315 192.168.0.57/30 i9 ge-0/0/5.316 192.168.0.61/30 lo0.1 172.30.5.13/32 lo0.2 172.30.5.14/32

R3 i8 ge-0/0/5.317 fc09:c0:ffee::9/126i9 ge-0/0/5.318 192.168.0.69/30 lo0.1 172.30.5.17/32 lo0.2 172.30.5.18/32 fd17:f0f4:f691:5::12/128

R4 i8 ge-0/0/5.319 192.168.0.73/30 i9 ge-0/0/5.320 192.168.0.77/30 lo0.1 172.30.5.21/32 lo0.2 172.30.5.22/32

R5 i9 ge-0/0/5.321 192.168.0.81/30 lo0.1 172.30.5.25/32

R6 i8 ge-0/0/5.322 192.168.0.85/30 lo0.1 172.30.5.29/32

R7 i6 ge-0/0/5.323 192.168.0.89/30 lo0.1 172.30.5.33/32

R8 i5 ge-0/0/5.324 192.168.0.93/30 i6 ge-0/0/5.325 fc09:c0:ffee::d/126 lo0.1 172.30.5.37/32 lo0.2 172.30.5.38/32 fd17:f0f4:f691:5::26/128

2) ConfigureL3VPNsasshowninFigure11.Table18specifiestheL3VPNdetails.


JNCIE-SPworkb

ook:Cha

pterFive:L3V

PNCon

figuration

46

Figure11Table18

Customer Site Router PE-CEProtocol

Protocoldetails

C1 S1 CE1-1 OSPF Area0S2 CE1-2 OSPF Area0

CE1-3 OSPF Area0S3 CE1-4 OSPF Area0

C2 S1 CE2-1 BGP AS64600CE2-2 BGP AS64600

S2 CE2-3 BGP AS64600CE2-4 BGP AS64600

S3 CE2-5 BGP AS64600

3) YoumaynothaveanyMPLSLSPsonRouteReflector.AstaticrouteisallowedontheRRifneeded.

4) MakesurethatthecustomerC1OSPFarea0appearsasacontiguousareawithoutABRs.


JNCIE-SPworkb

ook:Cha

pterFive:L3V

PNCon

figuration

47

5) CustomerC1hassomebackdoorOSPFconnectionsbutprefersthatyourMPLSnetworkwouldbeusedfortrafficforwardingbetweenthecustomersites.

6) MakesurethatyourMPLSnetworkcanbeusedasabackuppathbetweenCE1-2andCE1-3.

7) MakesurethatoncecustomerC1disablesitsbackdoorconnectionsanyoftheR3orR4PEfailurewillnotresultinanyofthecustomersitesbecomeisolated.

8) CustomerC2requiresthatthecustomersiteS1isusedasacentraltransitsiteforalltrafficexchangesamongallthecustomersitesinahub-and-spokefashion.

9) MakesurethatifarouteisoriginatedincustomerC2siteS1orS2,itisneveradvertisedbacktothesamesite.

10) MakesurethatPE-CElinksubnetsincustomerC2VPNareadvertisedtothecustomerremoteVPNsites.

11) MakesurethatallPEroutersreceiveonlytherouteswiththosetargetsthattheyspecificallyrequestfor.

12) AllowlocalcommunicationbetweencustomerC1siteS2andcustomerC2siteS2atR4.MakesurethattheroutesexchangedbetweenthelocalVRFsarenotadvertisedtoanyoftheremotePErouters.

13) CustomerC1mustbeprovidedwithInternetaccessatthecustomersiteS2usingsinglecustomer-facinginterface.MakesurethatanyoftheR3orR4failurewillnothavecustomerC1siteS2isolatedfromtheInternet.

NOTE:ThecustomerIPrangesareassumedtobegloballyroutableorNATtedoutsideofyournetwork.

14) CustomerC2mustbeprovidedwithInternetaccessatthecustomersiteS1,usingadedicatedinterfacei9atbothR1andR2routers.AllothercustomersitesshouldbeabletoreachtheInternetviathesiteS1.

http://www.inetzero.com-Copyright2017iNETZERO.AllrightsreservedForpersonalnoncommercialuseonly–donotdistribute

JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1292

1292 iNETZEROJNCIE-SPlabworkbookwithdetailedsolutionsversion2.0

Chapterelevensolutions:FullDayLabChallengeIII

Thislabscenariorepresentsacomplete8hourchallenge,aimingtopreparepotentialcandidatefortheJNCIE-SPlabexam.Itcontainsallmajortopicsfoundintheexamblueprint.

Theexternaldevices(CEandpeers)arevirtualizedontheVR-device.UseonlytheinterfacesandVLANsonthediagramforconnectivitybetweentherouters.

PhysicalDiagram

Thelogicaldiagramshowsallinformationneededforconfiguringthelogicalconnectivitybetweenthedevices.

GE-0/0/4.47 GE-

0/0/

4.56

GE-0/0/4.45

GE-0/0/4.37

GE-0/0/4.35

GE-0/0/4.46

RIP

Area 0

iBGPAS 64999

GE-0/0/4.68

GE-0/0/5.58

U1 U2

GE-

0/0/

4.26

BGPAS 87.109

BGPAS 9687

AS 5673.873

GE-0/0/5.2021

BGPAS 65457

C1

BGPAS65456

C2

GE-0/0/5.1101

GE-0/0/5.2001

GE-

0/0/

4.14

VPNA-CE3

GE-0/0/4.12

L2VPN-3

GE-0/0/5.110

VPNB-CE1

VPLS-1

Rsv1

OSPF

P1

BGPAS 789.12

GE-0/0/5.2012

U3

Src1

GE-

0/0/

1

R6GE-0/0/5.200

R2

GE-

0/0/

2

R3

GE-0/0/4.24 GE-0/0/4.16

GE-0/0/5.2003

GE-0/0/4.49

GE-0/0/4.59

RR

R5

R7

R4

DC-1 Area 8

GE-0/0/5.200

OSPFv3OSPFv2

OSPFv3OSPFv2

Area 50

GOLD

SILVER

BRONZE

GOLD

BRONZE

SILVER

GE-0/0/5.2022

GE-0/0/5.2004

BRONZE

GOLD

GE-0/0/5.1102

GE-0/0/5.1103

VPNA-CE1

VPNA-CE2

VPNA-CE4

GE-0/0/5.101

GE-0/0/5.102

GE-0/0/5.111R8 VPNB-CE2

VPNB-CE3 ISP1-PE2 ISP1-PE1

R1

BGPAS 4356

ISP1GE-0/0/5.104GE-0/0/5.103

GE-0/0/5.112 GE-0/0/3GE-0/0/3.3001

GE-0/0/3.3002VPLS-2

GE-0/0/3.3002

Rsv2

GE-0/0/5.2002


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1294


Part1:SystemFeaturesThispartisfocusedoninitialsystemconfiguration,monitoringandsecuringtheJUNOSoperatingsystem.Thatincludesconfiguringdifferentinterfacefeatureslikeboundingphysicalinterfaceinlogicallinksandapplyingvariousaddressfamilies.YouwilllearnhowtoconfigureuseraccountsandvariousauthenticationmethodsavailableinJUNOS.Youwillconfiguremonitoringandbackupsystemlogs,copingautomaticallytheconfigurationtoremoteserver.Lastyouwillconfigureafirewallfilterstoprotecttherouting-engineofthedevices.

Solution-Task1.1ServiceConfigurationNOTE:Itishighlyrecommendedtoreadthewholelabandverifythestateofthedevicesbeforestartingwiththeconfiguration.Movingfromoneparttoanotherisalsorecommendedtoreadallofthetasksforeachpartyouareaboutthestartconfiguringasnext.Thatwillhelpyoutogetanideaonhowthefinalnetworkshouldlooklike.

1) SSHaccessispreconfiguredaspartoftheinitialconfigurationonallrouters.LimittheSSHconnectionsto2atatimeandnomorethan2connectionattemptsperminute.

a. Alldevices.

RACKRENTALNOTE:SSHisalreadyconfiguredaspartoftheinitialconfigurationwithuserrootallowedtologin.Please,donotchangeit,asitisrequiredbyiNETZEROrackrentalservice.

Belowtwoconfigurationlinesarerequiredtosuccessfullycompletethefirsttask. [edit] lab@R1# set system services ssh connection-limit 2 [edit] lab@R1# set system services ssh rate-limit 2

2) EnableNETCONFprotocoloverSSHusingthestandardport–TCP830.

a. Alldevices.

NETCONFprovidesmechanismstoinstall,manipulate,anddeletetheconfigurationofnetworkdevices.AfterenablingSSHonJUNOSdevices,NETCONFisenabledautomaticallyacceptingconnectionsonthedefaultSSHport22.ThetaskasksforenablingNETCONFoverthestandardport830definedbyRFC4742.InJUNOS,thisisdonewhenyouaddsshoptionunderthenetconfservice. [edit] lab@R1# set system services netconf ssh

BelowisexcerptfromthesystemconnectiontableonrouterR1aftercommittingthechange.[edit] lab@R1# run show system connections


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1295


tcp4 0 0 *.830 *.* LISTEN

3) ConfigureSNMPv2cwithcommunitysuperlabonallrouters,polledfrommanagementsystemwithaddress10.10.10.1/32.SinceSNMPv2cisusingcleartexttransmissions,makesurethatSNMPtrafficisacceptedonlyoverthemanagementinterfacefxp0.0Ensurethatthereachabilityto10.10.10.1/32isprovidedeveniftherpdprocessisnotyetrunning.AssumetheIPaddress10.10.1.200isusedasgatewayinthemanagementsegment.

Next,youhavetoconfiguretheSNMPv2cmanagementprotocol.Asthetasksuggests,youneedtosecuretheSNMPcommunicationtothedevicesalso.YouhavetoexplicitlyspecifytheexactinterfacewheretherequestcancomefromandtheexactIPaddressofthenetworkmanagementsystemthatcanaccessit.Alongwiththat,youhavetoconfigureasinglestaticroutereachingtheNMSviathemanagementinterfacefxp0.NextpartrequiresthattheroutetothemanagementsystemisreachablewhentheRPDprocessisnotrunning.Thiscanhappeniftheprocesscrashesorduringthesystembootprocess.Toaccomplishthis,backup-routercommandunderthesystemstanzahastobeconfigured.WhenRDPprocessstartsthebackuprouteisremovedfromthelocalroutingandforwardingtables.

a. Alldevices.

[edit] lab@R1# set snmp interface fxp0.0 [edit] lab@R1# set snmp community superlab clients 10.10.10.1/32 [edit] lab@R1# set routing-options static route 10.10.10.1/32 next-hop 10.10.1.200 [edit] lab@R1# set system backup-router 10.10.1.200 [edit] lab@R1# set system backup-router destination 10.10.10.1/32

Solution-Task1.2:CentralizedauthenticationmanagementJUNOSprovidesthreedifferentmethodsforuseraccountauthentication,authorizationandaccounting.Thosearethelocaldatabase,usingaRADIUSserverandusingaTACACS+server.ThisTaskrequiresconfiguringthedevicestocommunicatesuccessfullywithaTACACS+server.

4) ConfigurealldevicestouseTACACSserverlocatedat10.10.10.1forauthentication.ThecommunicationwiththeTACACSservershouldbeencryptedwithpasswordjncie123.

a. Alldevices.


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1413


HelloInterval 9(second) Address 10.50.0.9 ActiveResv 2, PreemptionCnt 0, Update threshold 10% Subscription 100%, bc0 = ct0, StaticBW 300Mbps ct0: StaticBW 300Mbps, AvailableBW 300Mbps MaxAvailableBW 300Mbps = (bc0*subscription) ReservedBW [0] 0bps[1] 0bps[2] 0bps[3] 0bps[4] 0bps[5] 0bps[6] 0bps[7] 0bps Protection: On, Bypass: 1, LSP: 1, Protected LSP: 1, Unprotected LSP: 0 1 Dec 3 11:56:46 New bypass to-r6 Bypass: to-r6, State: Up, Type: LP, LSP: 1, Backup: 0 4 Dec 3 11:56:46 Record Route: 10.50.0.2 10.50.0.18 3 Dec 3 11:56:46 Up 2 Dec 3 11:56:46 CSPF: computation result accepted 1 Dec 3 11:56:46 Originate Call

Solution-Task4.2:MPLSandLDPconfiguration5) AssumethatR8supportsonlyLDPprotocol.ConfigureR5andR6toprovideMPLS

transportgatewayfunctionalitytotherestofnetworkforR8.CEsattachedtoR8shouldbeabletoexchangelabeledpacketswiththeCEsbehindR1andR2.

ThetaskmentionsthatrouterR8doesnotsupportRSVP.InordertoenableservicestobedeployedbetweenrouterR8androutersR1andR2,youhavetoconfigureR5andR6totransportLDPtrafficinRSVPsignaledLSP.YouhavetoconfigureLDPtargetedsessionsbetweenroutersR1,R2,R5andR6.

a. R1

InJUNOSconfiguringLDPoverRSVPcanbedonebyenablingldp-tunnelingfortheRSVPLSPsconnectingthetworoutersconfiguredforLDP.TargetedLDPsessionsareestablishedbetweentheLoopbackIPaddresses.[edit] lab@R1# set protocols ldp interface lo0.0 [edit] lab@R1# set protocols mpls label-switched-path r1-to-r5 ldp-tunneling [edit] lab@R1# set protocols mpls label-switched-path r1-to-r6 ldp-tunneling

b. R2

[edit] lab@R2# set protocols ldp interface lo0.0 [edit] lab@R2# set protocols mpls label-switched-path r2-to-r5 ldp-tunneling [edit] lab@R2# set protocols mpls label-switched-path r2-to-r6 ldp-tunneling

c. R5

RoutersR5,R6withR8establishdirectLDPsessionsoverthelogicalinterfacebetweenthem.[edit] lab@R5# set protocols ldp interface ge-0/0/4.58 [edit]


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1414


lab@R5# set protocols ldp interface lo0.0 [edit] lab@R5# set protocols mpls label-switched-path r5-to-r1 ldp-tunneling [edit] lab@R5# set protocols mpls label-switched-path r5-to-r2 ldp-tunneling

d. R6

[edit] lab@R6# set protocols ldp interface ge-0/0/4.68 [edit] lab@R6# set protocols ldp interface lo0.0 [edit] lab@R6# set protocols mpls label-switched-path r6-to-r1 ldp-tunneling [edit] lab@R6# set protocols mpls label-switched-path r6-to-r2 ldp-tunneling

e. R8

[edit] lab@R8# set protocols ldp interface ge-0/0/4.58 [edit] lab@R8# set protocols ldp interface ge-0/0/4.68

EnablingLDPontheLoopbackinterfaceonR8isneededtoestablishtargetedsessionstoroutersR1andR2. [edit] lab@R8# set protocols ldp interface lo0.0

f. Verifytheconfiguration

Theoutputbelowshowtheresultofthecommandsapplied.[edit] lab@R8# run show ldp interface Interface Label space ID Nbr count Next hello lo0.0 10.50.250.8:0 3 0 ge-0/0/4.58 10.50.250.8:0 1 3 ge-0/0/4.68 10.50.250.8:0 1 2 [edit] lab@R8# run show ldp neighbor Address Interface Label space ID Hold time 10.50.250.1 lo0.0 10.50.250.1:0 38 10.50.250.2 lo0.0 10.50.250.2:0 43 10.50.250.6 lo0.0 10.50.250.6:0 42 10.50.0.49 ge-0/0/4.58 10.50.250.5:0 12 10.50.0.53 ge-0/0/4.68 10.50.250.6:0 14 [edit] lab@R8# run show ldp database Input label database, 10.50.250.8:0--10.50.250.1:0 Labels received: 5 Label Prefix 3 10.50.250.1/32 299778 10.50.250.5/32 299776 10.50.250.6/32 299783 10.50.250.8/32


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1415


262147 FEC129 NoCtrlWord ETHERNET 000a012c:0000012c 0a32fa01 0a32fa08 Output label database, 10.50.250.8:0--10.50.250.1:0 Labels advertised: 6 Label Prefix 299779 10.50.250.1/32 299778 10.50.250.2/32 299777 10.50.250.5/32 299780 10.50.250.6/32 3 10.50.250.8/32 262145 FEC129 NoCtrlWord ETHERNET 000a012c:0000012c 0a32fa08 0a32fa01 Input label database, 10.50.250.8:0--10.50.250.2:0 Labels received: 5 Label Prefix 3 10.50.250.2/32 299778 10.50.250.5/32 299777 10.50.250.6/32 299781 10.50.250.8/32 299776 L2CKT CtrlWord ETHERNET VC 3 Output label database, 10.50.250.8:0--10.50.250.2:0 Labels advertised: 6 Label Prefix 299779 10.50.250.1/32 299778 10.50.250.2/32 299777 10.50.250.5/32 299780 10.50.250.6/32 3 10.50.250.8/32 299776 L2CKT CtrlWord ETHERNET VC 3 [edit] lab@R8# run show route table inet.3 inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.50.250.1/32 *[LDP/9] 00:04:04, metric 1 > to 10.50.0.53 via ge-0/0/4.68, Push 299777 10.50.250.2/32 *[LDP/9] 00:04:04, metric 1 > to 10.50.0.53 via ge-0/0/4.68, Push 299778 10.50.250.5/32 *[LDP/9] 00:05:32, metric 1 > to 10.50.0.49 via ge-0/0/4.58 10.50.250.6/32 *[LDP/9] 00:04:04, metric 1 > to 10.50.0.53 via ge-0/0/4.68 [edit] lab@R1# run show ldp interface Interface Label space ID Nbr count Next hello lo0.0 10.50.250.1:0 2 0 [edit] lab@R1# run show ldp neighbor Address Interface Label space ID Hold time 10.50.250.5 lo0.0 10.50.250.5:0 31 10.50.250.6 lo0.0 10.50.250.6:0 42 10.50.250.8 lo0.0 10.50.250.8:0 44 [edit] lab@R1# run show ldp database Input label database, 10.50.250.1:0--10.50.250.5:0 Labels received: 4 Label Prefix 299777 10.50.250.1/32 299776 10.50.250.2/32 3 10.50.250.5/32 299781 10.50.250.8/32


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1435


> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1 192.168.22.0/24 *[BGP/170] 00:02:51, MED 1, localpref 100, from 10.50.250.10 AS path: 5673.873 I, validation-state: unverified > to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r2 to 10.50.0.33 via ge-0/0/4.45, label-switched-path r5-to-r2 192.168.23.0/24 *[BGP/170] 00:02:51, MED 1, localpref 100, from 10.50.250.10 AS path: 5673.873 I, validation-state: unverified > to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r2 to 10.50.0.33 via ge-0/0/4.45, label-switched-path r5-to-r2

RouterR5isadvertisingtheroutesfromtheotherthreesitestotheVPNA-CE1.TwoprefixesadvertisedbyCE2receivedfromtheMPLScore,areadvertisedasinternalbecauseoftheindependent-domainconfiguration. [edit] lab@R5# run show route advertising-protocol bgp 192.168.15.5 VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 192.168.15.8/30 Self 100 I * 192.168.15.12/30 Self 100 5673.873 I * 192.168.15.16/30 Self 100 5673.873 I * 192.168.18.0/24 Self 100 I * 192.168.19.0/24 Self 100 I * 192.168.20.0/24 Self 1 100 5673.873 I * 192.168.21.0/24 Self 1 100 5673.873 I * 192.168.22.0/24 Self 1 100 5673.873 I * 192.168.23.0/24 Self 1 100 5673.873 I

Similarly,routerR8receivestworoutesfromVPNA-CE2andadvertisestheroutesfortheotherVPNAsites. [edit] lab@R8# run show bgp summary Groups: 3 Peers: 3 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 511 511 0 0 0 0 inet6.0 16 0 0 0 0 0 bgp.l3vpn.0 30 30 0 0 0 0 bgp.l2vpn.0 2 2 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 192.168.15.9 64999 24 35 0 0 9:40 Establ VPNA.inet.0: 2/2/2/0 [edit] lab@R8# run show route table VPNA.inet.0 VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.15.4/30 *[BGP/170] 00:01:54, localpref 100, from 10.50.250.10 AS path: I, validation-state: unverified > to 10.50.0.49 via ge-0/0/4.58, Push 18 192.168.15.8/30 *[Direct/0] 07:47:26 > via ge-0/0/5.102 192.168.15.10/32 *[Local/0] 07:47:26 Local via ge-0/0/5.102 192.168.15.12/30 *[BGP/170] 00:09:50, localpref 100, from 10.50.250.10 AS path: 5673.873 I, validation-state: unverified > to 10.50.0.53 via ge-0/0/4.68, Push 16, Push 299795(top)


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1445


[edit] lab@R8# run show bgp summary Groups: 3 Peers: 3 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 511 511 0 0 0 0 inet6.0 16 0 0 0 0 0 bgp.l3vpn.0 30 30 0 0 0 0 bgp.l2vpn.0 2 2 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 172.17.0.6 65100 448 480 0 1 3:26:03 Establ VPNB.inet.0: 5/5/5/0 [edit] lab@R8# run show route receive-protocol bgp 172.17.0.6 inet.0: 529 destinations, 529 routes (529 active, 0 holddown, 0 hidden) inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 172.17.21.0/24 172.17.0.6 65100 I * 172.17.22.0/24 172.17.0.6 65100 I * 172.17.23.0/24 172.17.0.6 65100 I * 172.17.24.0/24 172.17.0.6 65100 I * 172.17.25.0/24 172.17.0.6

5) YouhavetoprovideconnectivitytoandfromAS87.109forsiteCE..MakesureyoudonotadvertiseadditionalroutestotheotherVPNsites.

a. R5

[edit] lab@R5# set policy-options policy-statement VPNB-export.target term filter.AS87.109 from protocol bgp [edit] lab@R5# set policy-options policy-statement VPNB-export.target term filter.AS87.109 from as-path 87.109.origin [edit] lab@R5# set policy-options policy-statement VPNB-export.target term filter.AS87.109 then reject

TheconfigurationlinesbelowareexplicitlyadvertisingtheroutesreceivedfromAS87.109toCE1. [edit] lab@R5# set policy-options policy-statement to.VPNB-CE1 term accept.AS87.109 from protocol bgp [edit] lab@R5# set policy-options policy-statement to.VPNB-CE1 term accept.AS87.109 from as-path 87.109.origin


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1447


[edit] lab@R5# set routing-options interface-routes rib-group inet local-interfaces

Therib-group bgp.to.VPNBisassociatedtotheinternalBGPgroup.Youmightmakethemistakehereandapplytherib-grouptotheexternalBGPgrouptopeerU2.Althoughthatwillaccomplishwhatisasked,youhavetotakeintoaccountthattheconnectiontoU2couldfail. [edit] lab@R5# set protocols bgp group internal family inet unicast rib-group bgp.to.VPNB [edit] lab@R5# set routing-instances VPNB routing-options interface-routes rib-group inet local-interfaces [edit] lab@R5# set routing-instances VPNB protocols bgp group VPNB-CE1 family inet unicast rib-group VPNB.to.bgp

b. Verifytheconfiguration

Afterthecommit,alltheroutesreceivedbyAS87.109arecopiedtotheVPNBtable.[edit] lab@R5# run show route table VPNB.inet.0 VPNB.inet.0: 492 destinations, 745 routes (491 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 1.64.0.0/10 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10 AS path: 87.109 1620 61671 I, validation-state: unverified > to 10.50.0.85 via ge-0/0/4.35 [BGP/170] 03:44:01, MED 150, localpref 100 AS path: 87.109 1620 61671 I, validation-state: unverified > to 15.16.18.85 via ge-0/0/5.2003 1.84.160.0/20 *[BGP/170] 03:44:01, MED 60, localpref 100 AS path: 87.109 1620 33112 I, validation-state: unverified > to 15.16.18.85 via ge-0/0/5.2003 1.96.0.0/11 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10 AS path: 87.109 1620 33112 63164 40776 51777 I, validation-state: unverified > to 10.50.0.85 via ge-0/0/4.35 [BGP/170] 03:44:01, MED 150, localpref 100 AS path: 87.109 1620 33112 63164 40776 51777 I, validation-state: unverified > to 15.16.18.85 via ge-0/0/5.2003 1.161.192.0/21 *[BGP/170] 03:44:01, MED 60, localpref 100 AS path: 87.109 1620 33112 30404 32138 45045 I, validation-state: unverified > to 15.16.18.85 via ge-0/0/5.2003 1.176.0.0/12 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10 AS path: 87.109 1620 33112 49129 16320 52954 I, validation-state: unverified > to 10.50.0.85 via ge-0/0/4.35 [BGP/170] 03:44:01, MED 150, localpref 100 AS path: 87.109 1620 33112 49129 16320 52954 I, validation-state: unverified > to 15.16.18.85 via ge-0/0/5.2003

Conversely,theroutesreceivedfromVPNB-CE1arecopiedtomasterroutingtable. [edit] lab@R5# run show route receive-protocol bgp 172.17.0.2


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1448


inet.0: 563 destinations, 907 routes (559 active, 0 holddown, 4 hidden) Prefix Nexthop MED Lclpref AS path * 172.17.1.0/24 172.17.0.2 65100 I * 172.17.2.0/24 172.17.0.2 65100 I * 172.17.3.0/24 172.17.0.2 65100 I * 172.17.4.0/24 172.17.0.2 65100 I * 172.17.5.0/24 172.17.0.2 65100 I * 172.17.6.0/24 172.17.0.2 65100 I inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) inet.3: 5 destinations, 9 routes (3 active, 0 holddown, 4 hidden) VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) VPNB.inet.0: 491 destinations, 744 routes (491 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 172.17.1.0/24 172.17.0.2 65100 I * 172.17.2.0/24 172.17.0.2 65100 I * 172.17.3.0/24 172.17.0.2 65100 I * 172.17.4.0/24 172.17.0.2 65100 I * 172.17.5.0/24 172.17.0.2 65100 I * 172.17.6.0/24 172.17.0.2 65100 I

TheAS87.109routesarenotsenttorouterR8,hencetheyarenotadvertisedtoVPNB-CE2. [edit] lab@R8# run show route advertising-protocol bgp 172.17.0.6 VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.50.0.32/30 Self I * 10.50.0.44/30 Self I * 10.50.0.48/30 Self I * 10.50.0.84/30 Self I * 10.50.0.100/30 Self I * 10.50.250.5/32 Self I * 15.16.18.84/30 Self I * 172.16.5.4/30 Self 4356 I * 172.17.0.0/30 Self I * 172.17.1.0/24 Self 5673.873 I * 172.17.2.0/24 Self 5673.873 I * 172.17.3.0/24 Self 5673.873 I * 172.17.4.0/24 Self 5673.873 I * 172.17.5.0/24 Self 5673.873 I * 172.17.6.0/24 Self 5673.873 I

6) SincesiteCE3isconnectedto3rdpartyproviderISP1,youmustextendtheVPNBusinganinter-providermethodthatwillprovideyouwithawaytofilterroutesreceivedfromISP-1basedontarget-communities.DonotuseroutingpolicyonR1forprovidingconnectivitytoCE3.TheremotePEisusingroute-targetcommunitytarget:4356:500.

ThreeoptionscanbeusedtoextendaL3VPNviaotherprovidernetwork.

• OptionA–withineachAS,theroutesareannouncedbytheMP-BGPprotocolusedforallL3VPNs.OntheASborderroutersaVRFforeachInter-ASL3VPNisconfiguredandapureIPconnectionisestablishedbetweentheASBRs.Thisistheleastscalablesolutionanddoesnotfitin


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1449


therequirementsoftheTask.Because,theroutesexchangedbetweentheASBRsarenotvpnv4routes,theydonotcarryroute-targetcommunities.

• OptionB–AllroutesexchangedshouldbestoredlocallyonASBR.Since,theexchangedroutesarevpnv4caryingVPNlabelswithroute-targetcommunities,thereisawaytofurtherfilterormanipulatetheVPNroutes.

• OptionC–providesthemostscalablemethod,usingLabeledBGPsessionstocreateanMPLSpathend-to-end.Ontopofthat,amultihopexternalMP-BGPsessionexchangesthevpnv4routesbetweentheASs.Since,theASBRsdonothavevisibilityoftheoverlayMP-BGProutes,thereisnotwaytocontroltheexchangeoftheroutes.

FromthethreemethodstheOptionBisonethatshouldbeusedtoaccomplishtheTask.

a. R1

First,theinterfacebetweenthetwonetworksmustbeconfigured.Inter-ASoptionBexchangeslabeledroutesbetweentheASBRs,thismeanstheinterconnectinterfacesmustbealsoconfiguredwithfamily mpls.[edit] lab@R1# set interfaces ge-0/0/5 unit 112 description "=== connection to ISP1 ===" [edit] lab@R1# set interfaces ge-0/0/5 unit 112 vlan-id 112 [edit] lab@R1# set interfaces ge-0/0/5 unit 112 family inet address 172.17.0.9/30 [edit] lab@R1# set interfaces ge-0/0/5 unit 112 family mpls

NexttheexternalMP-BGPsessionisconfiguredbetweenrouterR1andtheISP1peer. [edit] lab@R1# set protocols bgp group ISP1 log-updown [edit] lab@R1# set protocols bgp group ISP1 family inet-vpn unicast [edit] lab@R1# set protocols bgp group ISP1 peer-as 4356 [edit] lab@R1# set protocols bgp group ISP1 neighbor 172.17.0.10

b. R5

BecauseusingaroutingpolicyonrouterR1tomanipulatetheroutesexchangedbetweentheASBRsisnotallowed,youcanaccepttheremoteroute-targetcommunityonrouterR5andR8.ThiswillprovidesuccessfulcommunicationbetweenthelocalandremotesitesofVPNB. [edit] lab@R5# set policy-options policy-statement VPNB-export.target term accept.rest then community add VPNB-CE3 [edit] lab@R5# set policy-options policy-statement VPNB-import.target term 1 from community VPNB-CE3


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1450


[edit] lab@R5# set policy-options community VPNB-CE3 members target:4356:500

c. R8

[edit] lab@R8# set policy-options policy-statement VPNB-export.target term accept.rest then community add VPNB-CE3 [edit] lab@R8# set policy-options policy-statement VPNB-import.target term 1 from community VPNB-CE3 [edit] lab@R8# set policy-options community VPNB-CE3 members target:4356:500

d. Verifytheconfiguration

RouterR1receivesvpnv4routesfromtheISP1peer. [edit] lab@R1# run show route table bgp.l3vpn.0 bgp.l3vpn.0: 39 destinations, 39 routes (39 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 4356:500:172.16.5.4/30 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786 4356:500:172.17.31.0/24 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 65100 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786 4356:500:172.17.32.0/24 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 65100 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786 4356:500:172.17.33.0/24 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 65100 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786 4356:500:172.17.34.0/24 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 65100 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786 4356:500:172.17.35.0/24 *[BGP/170] 04:41:35, localpref 100 AS path: 4356 65100 I, validation-state: unverified > to 172.17.0.10 via ge-0/0/5.112, Push 299786

Usingtheremoteroute-targetcommunityintheimportvrfpolicy,routerR5importstheremoteroutesintothevrfroutingtable. [edit] lab@R5# run show route 172.17.31.0/24 VPNB.inet.0: 492 destinations, 745 routes (492 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.17.31.0/24 *[BGP/170] 02:48:55, localpref 100, from 10.50.250.10 AS path: 4356 65100 I, validation-state: unverified > to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1 bgp.l3vpn.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1451


+ = Active Route, - = Last Active, * = Both 4356:500:172.17.31.0/24 *[BGP/170] 02:48:55, localpref 100, from 10.50.250.10 AS path: 4356 65100 I, validation-state: unverified > to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1

Similarly,routerR8successfullyimportstheroutesintotheVPNBroutingtable. [edit] lab@R8# run show route advertising-protocol bgp 172.17.0.6 VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 172.17.31.0/24 Self 4356 5673.873 I * 172.17.32.0/24 Self 4356 5673.873 I * 172.17.33.0/24 Self 4356 5673.873 I * 172.17.34.0/24 Self 4356 5673.873 I * 172.17.35.0/24 Self 4356 5673.873 I

7) EnsurethatallBGPsessionsinVPNBcansendandreceivepacketslargerthanthedefault512-bytemaximumsegmentsize.

a. R5andR8

Bydefault,BGPusespacketswithamaximumsizeof512-bytes.ThiswayitisensuredthateveniftheMTUisloweronsomelinks,BGPpacketswillnotbefragmented.ToforceBGPtousebiggerpackets,youhavetoenabletheMTUdiscoveryfunctionality.ThiswillautomaticallydetectthemaximumMTUbetweenthepeersandwilluseitforthesizeoftheBGPpackets.[edit] lab@R5# set routing-instances VPNB protocols bgp mtu-discovery [edit] lab@R8# set routing-instances VPNB protocols bgp mtu-discovery

8) MakesurethattrafficcomingfromVPNBwithprecedencebits010,011,100and100isclassifiedasassured-forwarding.Ensure20%highprioritybandwidthreservationforthattrafficinyournetwork,whilekeepthedefaultreservationforrestofthetraffic.

ThelasttaskrequiresprovidingQoSshouldisforVPNBonly.

a. R1,R2,R4,R5,R6andR8

First,behavioraggregateclassifiersareconfiguredthatwillbelaterusedforclassifyingthetraffic.TheEXPclassifierisneededtomapthetrafficcomingfromtheMPLScoreinterfacesandassociateittoforwarding-classes.ToinheritthedefaultmappingusetheimportfunctiontousethedefaultEXPclassifierasatemplate.Next,changethemappingfortheassured-forwardingclassesasrequiredbythetask. [edit] lab@R1# set class-of-service classifiers exp custom-exp import default [edit]


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1452


lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-forwarding loss-priority low code-points 010 [edit] lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-forwarding loss-priority low code-points 011 [edit] lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-forwarding loss-priority low code-points 100 [edit] lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-forwarding loss-priority low code-points 101

AnIPprecedenceclassifierisintendedtomaptheIPtrafficcomingfromtheCEsitestoforwarding-classes.Again,thedefaultclassifiermappingsareusedasatemplate. [edit] lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence import default [edit] lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence forwarding-class assured-forwarding loss-priority low code-points 010 [edit] lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence forwarding-class assured-forwarding loss-priority low code-points 011 [edit] lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence forwarding-class assured-forwarding loss-priority low code-points 100 [edit] lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence forwarding-class assured-forwarding loss-priority low code-points 101

Acustomscheduler-mapandclassifierareassignedtotheMPLScoreinterfaces. [edit] lab@R1# set class-of-service interfaces ge-0/0/4 scheduler-map custom-map [edit] lab@R1# set class-of-service interfaces ge-0/0/4 unit * classifiers exp custom-exp

Thecustomscheduler-mapisusedtomaptheforwarding-classestotheschedulers. [edit] lab@R1# set class-of-service scheduler-maps custom-map forwarding-class assured-forwarding scheduler af [edit] lab@R1# set class-of-service scheduler-maps custom-map forwarding-class best-effort scheduler be [edit] lab@R1# set class-of-service scheduler-maps custom-map forwarding-class network-control scheduler nc

Customschedulersareusedtodefinethepropertiesofoutputqueues.Thetaskrequiresmodifyingtheassured-forwardingonly,butitisagoodpracticetoensuretherestofthetrafficisproperlyhandled.


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1453


[edit] lab@R1# set class-of-service schedulers af transmit-rate percent 20 [edit] lab@R1# set class-of-service schedulers af priority high [edit] lab@R1# set class-of-service schedulers nc transmit-rate percent 5 [edit] lab@R1# set class-of-service schedulers nc priority low [edit] lab@R1# set class-of-service schedulers be transmit-rate remainder [edit] lab@R1# set class-of-service schedulers be priority low

b. R5

Bydefault,associatingscheduler-mapcanbedoneunderthephysicalinterfacesundertheclass-of-servicestanza.However,sinceyouarenotallowedtoapplycustomCoSpoliciestotrafficotherthenVPNB,youhavetoenableper-unit-schedulerfortheinterfacetotheCEsites.Thisallowsyoutoapplythecustomscheduleronlyforaspecificunit.[edit] lab@R5# set interfaces ge-0/0/5 per-unit-scheduler [edit] lab@R5# set class-of-service interfaces ge-0/0/5 unit 110 scheduler-map custom-map [edit] lab@R5# set class-of-service interfaces ge-0/0/5 unit 110 classifiers inet-precedence VPNB-precedence

Whenvrf-table-labelisusedfortheroutinginstances,adefaultclassifierisappliedtotherouting-instancelogicalinterface.YouhavetoreplacethedefaultEXPclassifierwiththecustomone,tomapthetrafficcomingfromtheMPLScore.Thepurposeofthisclassifieristomatchonthevpnlabelafterthetransportlabelisstrippedoff. [edit] lab@R5# set class-of-service routing-instances VPNB classifiers exp custom-exp

c. R8

ThesameconfigurationisappliedtorouterR8aswell. [edit] lab@R8# set interfaces ge-0/0/5 per-unit-scheduler [edit] lab@R8# set class-of-service interfaces ge-0/0/5 unit 111 scheduler-map custom-map [edit] lab@R8# set class-of-service interfaces ge-0/0/5 unit 111 classifiers inet-precedence VPNB-precedence [edit] lab@R8# set class-of-service routing-instances VPNB classifiers exp custom-exp


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1454


d. Verifytheconfiguraiton [edit] lab@R5# run show route instance VPNB extensive VPNB: Router ID: 172.17.0.1 Type: vrf State: Active Interfaces: ge-0/0/5.110 lsi.1 Route-distinguisher: 10.50.250.5:200 Vrf-import: [ VPNB-import.target ] Vrf-export: [ VPNB-export.target ] Fast-reroute-priority: low Tables: VPNB.inet.0 : 744 routes (491 active, 0 holddown, 0 hidden) VPNB.iso.0 : 0 routes (0 active, 0 holddown, 0 hidden) VPNB.inet6.0 : 0 routes (0 active, 0 holddown, 0 hidden) VPNB.mdt.0 : 0 routes (0 active, 0 holddown, 0 hidden) [edit] lab@R5# run show class-of-service routing-instance VPNB Routing instance: VPNB Logical interface: lsi.1, Index: 335 Object Name Type Index Classifier custom-exp exp 13646

Solution-Task6.3:VPLSconfiguration9) ConfigureVPLSL2VPNbetweensitesVPLS-1andVPLS-2,usingtheinterfacesas

showninthephysicaldiagram.SincesiteVPLS-2hasconnectivitytobothR6andR8,dedicateR8asprimaryPEandR6asbackupPE.YouhavetouseLDPsignaledVPLSwithautomaticsitediscovery,henceyouarenotallowedtoconfigurethesitesexplicitly.

ThetaskdescriptionsuggeststhatLDPsignaledVPLSshouldconnectthetwosites.However,automaticsitediscoverymustbeused.EnableMP-BGPprotocolforthatpurpose.ThisisknownasFEC129LDPsignaledVPLS.

a. Alldevicesincludingtheroute-reflector

AnewMP-BGPfamilyisaddedtoBGPrunninginthenetwork.[edit] lab@R1# set protocols bgp group internal family l2vpn auto-discovery-only

b. R1

ConfiguringanewphysicalinterfacetoconnectingsiteVPLS-1.Youhavetoexcludetheapply-grouptoenablefamilymplsonlogicalinterfaces.Otherwise,thecommitwillfailduetoanerror.[edit] lab@R1# set interfaces ge-0/0/3 apply-groups-except enable_mpls [edit] lab@R1# set interfaces ge-0/0/3 vlan-tagging [edit] lab@R1# set interfaces ge-0/0/3 encapsulation vlan-vpls


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1455


[edit] lab@R1# set interfaces ge-0/0/3 unit 3001 description "=== connection to VPLS-1 ===" [edit] lab@R1# set interfaces ge-0/0/3 unit 3001 encapsulation vlan-vpls [edit] lab@R1# set interfaces ge-0/0/3 unit 3001 vlan-id 3001 [edit] lab@R1# set interfaces ge-0/0/3 unit 3001 family vpls

Makesuretheroutinginstancetypeissettovpls.BecauseBGPisusedforauto-discovery,youhavetoassignroute-distinguisherandroute-targettotheroutinginstanceconfiguration. [edit] lab@R1# set routing-instances VPLS instance-type vpls [edit] lab@R1# set routing-instances VPLS interface ge-0/0/3.3001 [edit] lab@R1# set routing-instances VPLS route-distinguisher 10.50.250.1:300

Theauto-discoveryprocessrequireauniqueextendedL2VPNcommunityidentifyingtheparticularinstance. [edit] lab@R1# set routing-instances VPLS l2vpn-id l2vpn-id:300:300 [edit] lab@R1# set routing-instances VPLS vrf-target target:371786601L:300

Theno-tunnel-serviceeliminatestheneedofhardwaretunnelinterface. [edit] lab@R1# set routing-instances VPLS protocols vpls interface ge-0/0/3.3001 [edit] lab@R1# set routing-instances VPLS protocols vpls no-tunnel-services

c. R8

ConfiguringanewphysicalinterfacetoconnectsiteVPLS-2.Youhavetoexcludetheapply-groupagain. [edit] lab@R8# set interfaces ge-0/0/3 apply-groups-except enable_mpls [edit] lab@R8# set interfaces ge-0/0/3 description "=== connection to VPLS-2 ===" [edit] lab@R8# set interfaces ge-0/0/3 vlan-tagging [edit] lab@R8# set interfaces ge-0/0/3 encapsulation vlan-vpls [edit] lab@R8# set interfaces ge-0/0/3 unit 3002 encapsulation vlan-vpls [edit]


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1457


[edit] lab@R6# set interfaces ge-0/0/3 description "=== connection to VPLS-2 ===" [edit] lab@R6# set interfaces ge-0/0/3 vlan-tagging [edit] lab@R6# set interfaces ge-0/0/3 encapsulation vlan-vpls [edit] lab@R6# set interfaces ge-0/0/3 unit 3002 encapsulation vlan-vpls [edit] lab@R6# set interfaces ge-0/0/3 unit 3002 vlan-id 3002 [edit] lab@R6# set interfaces ge-0/0/3 unit 3002 family vpls [edit] lab@R6# set routing-instances VPLS instance-type vpls [edit] lab@R6# set routing-instances VPLS interface ge-0/0/3.3002 [edit] lab@R6# set routing-instances VPLS route-distinguisher 10.50.250.6:300 [edit] lab@R6# set routing-instances VPLS l2vpn-id l2vpn-id:300:300 [edit] lab@R6# set routing-instances VPLS vrf-target target:371786601L:300 [edit] lab@R6# set routing-instances VPLS protocols vpls no-tunnel-services [edit] lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2 identifier 2

RouterR6isconfiguredwithpreferencebackup,whichmeansthatitislesslikelytobecomeaDF. [edit] lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2 preference backup [edit] lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2 interface ge-0/0/3.3002

e. Verifytheconfiguration

TheVPLSisestablished. [edit] lab@R1# run show vpls connections Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1458


LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch Legend for interface status Up -- operational Dn -- down Instance: VPLS L2vpn-id: 300:300 Local-id: 10.50.250.1 Remote-id Type St Time last up # Up trans 10.50.250.6 rmt Up Dec 3 17:16:19 2016 1 Remote PE: 10.50.250.6, Negotiated control-word: No Incoming label: 262156, Outgoing label: 262154 Negotiated PW status TLV: No Local interface: lsi.1048587, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls VPLS local-id 10.50.250.1 remote-id 10.50.250.6 neighbor 10.50.250.6 Flow Label Transmit: No, Flow Label Receive: No 10.50.250.8 rmt Up Dec 3 17:16:44 2016 1 Remote PE: 10.50.250.8, Negotiated control-word: No Incoming label: 262157, Outgoing label: 262154 Negotiated PW status TLV: No Local interface: lsi.1048588, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls VPLS local-id 10.50.250.1 remote-id 10.50.250.8 neighbor 10.50.250.8 Flow Label Transmit: No, Flow Label Receive: No

RouterR8isdesignatedasDFrouterfortheVPLS-2site. [edit] lab@R8# run show vpls connections Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch Legend for interface status Up -- operational Dn -- down Instance: VPLS


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1459


L2vpn-id: 300:300 Local-id: 10.50.250.8 Remote-id Type St Time last up # Up trans 10.50.250.1 rmt Up Dec 5 12:23:28 2016 1 Remote PE: 10.50.250.1, Negotiated control-word: No Incoming label: 262402, Outgoing label: 262146 Negotiated PW status TLV: No Local interface: lsi.1048579, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls VPLS local-id 10.50.250.8 remote-id 10.50.250.1 neighbor 10.50.250.1 Flow Label Transmit: No, Flow Label Receive: No 10.50.250.6 rmt Up Dec 5 12:25:17 2016 1 Remote PE: 10.50.250.6, Negotiated control-word: No Incoming label: 262401, Outgoing label: 262145 Negotiated PW status TLV: No Local interface: lsi.1048580, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls VPLS local-id 10.50.250.8 remote-id 10.50.250.6 neighbor 10.50.250.6 Flow Label Transmit: No, Flow Label Receive: No Multi-home: Local-site Id Pref State VPLS-2 2 200 Up [edit] lab@R6# run show vpls connections Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch Legend for interface status Up -- operational Dn -- down Instance: VPLS L2vpn-id: 300:300 Local-id: 10.50.250.6 Remote-id Type St Time last up # Up trans 10.50.250.1 rmt Up Dec 3 14:58:50 2016 1 Remote PE: 10.50.250.1, Negotiated control-word: No Incoming label: 262154, Outgoing label: 262156 Negotiated PW status TLV: No Local interface: lsi.1048586, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls VPLS local-id 10.50.250.6 remote-id 10.50.250.1 neighbor 10.50.250.1 Flow Label Transmit: No, Flow Label Receive: No 10.50.250.8 rmt Up Dec 3 14:59:09 2016 1 Remote PE: 10.50.250.8, Negotiated control-word: No Incoming label: 262155, Outgoing label: 262155 Negotiated PW status TLV: No Local interface: lsi.1048587, Status: Up, Encapsulation: ETHERNET


JNCIE-SPworkb

ook:Cha

pterelevensolutio

ns:FullD

ayLab

Cha

lleng

eIII

1460


Description: Intf - vpls VPLS local-id 10.50.250.6 remote-id 10.50.250.8 neighbor 10.50.250.8 Flow Label Transmit: No, Flow Label Receive: No Multi-home: Local-site Id Pref State VPLS-2 2 1 Up

Theroute-reflectorreceivesBGPauto-discoveryroutes. [edit] lab@route-reflector# run show route table bgp.l2vpn.0 bgp.l2vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.50.250.1:300:10.50.250.1/96 AD *[BGP/170] 02:45:57, localpref 100, from 10.50.250.1 AS path: I, validation-state: unverified > to 10.50.0.97 via ge-0/0/1.49 10.50.250.6:300:10.50.250.6/96 AD *[BGP/170] 02:45:59, localpref 100, from 10.50.250.6 AS path: I, validation-state: unverified > to 10.50.0.97 via ge-0/0/1.49 to 10.50.0.101 via ge-0/0/1.59 10.50.250.8:300:10.50.250.8/96 AD *[BGP/170] 02:45:43, localpref 100, from 10.50.250.8 AS path: I, validation-state: unverified > to 10.50.0.101 via ge-0/0/1.59

10) OnemoresiteattachedtoR2shouldbeconnectedtotheVPLSVPN.AssumethatR2supportsonlyL2circuitVPNs.InterconnecttheL2VPN-3sitewiththeVPLSVPNatR8asprimaryandR6asaaback-upconnection.

L2circuitVPNusesLDPforsignaling;thereforatargetedLDPsessionisrequiredbetweenthePEsconnectingthetwosites.However,LDPtargetedsessionsalreadyexistduetotheLDPtunnelingconfiguration.

a. R2

ConfiguretheinterfacetoconnectsiteL2VPN-3tothenetwork.Again,theapplygroupmustbeexcluded. [edit] lab@R2# set interfaces apply-groups enable_mpls [edit] lab@R2# set interfaces ge-0/0/3 apply-groups-except enable_mpls [edit] lab@R2# set interfaces ge-0/0/3 description "=== connection to L2VPN-3 ==="

Theencapsulationusedontheinterfacemustbeccc,aswellasthefamilyonlogicalinterface. [edit] lab@R2# set interfaces ge-0/0/3 encapsulation ethernet-ccc [edit] lab@R2# set interfaces ge-0/0/3 unit 0 family ccc

Theinterfaceisaddedtothel2circuitneighborconfiguration,togetherwiththebackupneighbor.Thevirtualcircuitidmustmatchonbothendsoftheconnection.

Documents

JNCIE-SP (Service Provider) - iNETZERO · the JNCIS-SP and JNCIP-SP written exams before you start using this workbook. iNET ZERO’s JNCIE-SP