Junos MPLS and VPNs - 1 File Download · 2020. 12. 6. · Junos MPLS and VPNs 10.a High-Level Lab Guide Course Number: EDU-JUN-JMV. This document is produced by Juniper Networks,

1194 North Mathilda AvenueSunnyvale, CA 94089USA408-745-2000www.juniper.net

Worldwide Education ServicesWorldwide Education Services

Junos MPLS and VPNs10.a

High-Level Lab Guide

Course Number: EDU-JUN-JMV

This document is produced by Juniper Networks, Inc.

This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education Services.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

YEAR 2000 NOTICE

Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.

Junos MPLS and VPNs High-Level Lab Guide, Revision 10.a

Copyright © 2010 Juniper Networks, Inc. All rights reserved.

Printed in USA.

Revision History:

Revision 10.a—December 2010

The information in this document is current as of the date listed above.

The information in this document has been carefully verified and is believed to be accurate for software Release 10.3R1.9. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.

Contents • iii

Contents

Lab 1: MPLS Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Part 1: Configuring Network Interfaces and Baseline Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Part 2: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 1-5Part 3: Configuring a Static LSP Through the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

Lab 2: Label Distribution Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Part 1: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 2-2Part 2: Configuring RSVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4Part 3: Configuring a Explicit Route Object (ERO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6Part 4: Configuring LDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7Part 5: Changing the Default Route Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Lab 3: CSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Part 2: Enabling the TED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Part 3: Configuring RSVP-Signaled LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4Part 4: Adding Administrative Groups to Core-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF . . . . . . . . . . . . . . . . 3-6

Lab 4: Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Part 2: Redistributing Routes into BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Part 3: Creating an LSP to the Remote PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Part 4: Configuring a Secondary Path for Added Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5Part 5: Configuring Secondary Standby Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6Part 6: Examining a Secondary/Secondary Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8Part 7: Examining a Fast-Reroute Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9Part 8: Examining Link and Node-Link Protected LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11

Lab 5: Miscellaneous MPLS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Part 1: Configuring the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Part 2: Configuring a RSVP LSP to Install a Route in the inet.0 Table . . . . . . . . . . . . . . . . . . . . 5-4Part 3: Configuring MPLS Traffic Engineering to Install an inet.0 Route . . . . . . . . . . . . . . . . . . 5-5Part 4: Using Policy to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6Part 5: Using LSP Metric to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8Part 6: Configuring Your Router to Not Decrement the TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9Part 7: Configuring Your Router to Signal Explicit Null . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on Observed

Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10Part 9: Using MPLS Ping to Verify LSP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-11

Lab 6: VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . . 6-2Part 2: Configuring the CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

iv • Contents

Lab 7: Layer 3 VPN with Static and BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2Part 2: Establishing an RSVP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . .7-2Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3Part 4: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4Part 5: Configuring Static Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .7-5Part 6: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . . .7-6

Lab 8: Route Reflection and Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-2Part 2: Configuring Your PE Router to Peer with the Route Reflector . . . . . . . . . . . . . . . . . . . . . . .8-2Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector . . . . . . . . . . .8-3Part 4: Configuring Another CE Router Using a Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4Part 5: Configuring the PE to CE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4Part 6: Configuring Two Layer 3 VPN Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-5Part 7: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . . .8-6Part 8: Implementing Route Target Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-8Part 9: Configuring Internet Access Using a Non-VRF Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Lab 9: GRE Tunnel Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-2Part 2: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-3Part 3: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-3Part 4: Configuring OSPF Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .9-4Part 5: Establishing a GRE Tunnel Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-5Part 6: Creating and Adding a Static Route to inet.3 . . . . . . . . . . . . . 9-6Part 7: Redistributing BGP Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8

Lab 10: BGP Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2Part 2: Establishing a LDP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3Part 4: Configuring a BGP Layer 2 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4Part 5: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Lab 11: Circuit Cross Connect and LDP Layer 2 Circuits . . . . . . . . . . . . . . . . . . . . . . . . .11-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2Part 2: Establishing an RSVP-Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 11-2Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3Part 4: Configuring a LDP Layer 2 Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4Part 5: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5Part 6: Configuring a CCC Connection Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6

Lab 12: Virtual Private LAN Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2Part 2: Adjusting the Properties of the Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3Part 3: Configuring a Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3Part 4: Enabling LDP Signaling in the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4Part 5: Configuring an LDP VPLS Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Part 6: Using MSTP to Prevent a Layer 2 Loop in a VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7Part 7: Adding a Subinterface to the Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9Part 8: Configuring the Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers . . . . . . . 12-10

Contents • v

Lab 13: Carrier-of-Carrier VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2Part 2: Configuring the Subscriber CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3Part 3: Enabling MPLS in the Provider Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4Part 4: Configuring a Layer 3 VPN on the Provider PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4Part 5: Configuring the Customer CE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5Part 6: Configuring the Customer PE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8Part 7: Placing IBGP Learned Routes in inet.3 . . . . . . . . . . . . . . .13-9Part 8: Configuring a BGP VPLS Between Customer PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 13-11

Appendix A: Lab Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

vi • Contents

www.juniper.net Course Overview • v

Course Overview

This five-day course is designed to provide students with MPLS-based virtual private network (VPN) knowledge and configuration examples. The course includes an overview of MPLS concepts such as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, next-generation multicast virtual private networks (MVPNs), BGP Layer 2 VPNs, LDP Layer 2 Circuits, and virtual private LAN service (VPLS). This course also covers Junos operating system-specific implementations of Layer 2 control instances and active interface for VPLS. This course is based on the Junos OS Release 10.3R1.9.

Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS and in device operations.

Objectives

After successfully completing this course, you should be able to:

• Explain common terms relating to MPLS.

• Explain routers and the way they forward MPLS packets.

• Explain packet flow and handling through a label-switched path (LSP).

• Describe the configuration and verification of MPLS forwarding.

• Understand the information in the Label Information Base.

• Explain the two label distribution protocols used by the Junos OS.

• Configure and troubleshoot RSVP-signaled and LDP-signaled LSPs.

• Explain the constraints of both RSVP and LDP.

• Explain the path selection process of RSVP without the use of the Constrained Shortest Path First (CSPF) algorithm.

• Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic Engineering Database (TED).

• Describe the CSPF algorithm and its path selection process.

• Describe administrative groups and how they can be used to influence path selection.

• Describe the default traffic protection behavior of RSVP-Signaled LSPs.

• Explain the use of primary and secondary LSPs.

• Explain LSP priority and preemption.

• Describe the operation and configuration of fast reroute.

• Describe the operation and configuration of link and node protection.

• Describe the LSP optimization options.

• Explain the purpose of several miscellaneous MPLS features.

• Explain the definition of the term “Virtual Private Network”.

• Describe the differences between provider-provisioned and customer-provisioned VPNs.

• Describe the differences between Layer 2 VPNs and Layer 3 VPNs.

• Explain the features of provider-provisioned VPNs supported by the Junos OS.

• Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer Edge (CE) routers.

• Describe the VPN-IPv4 address formats.

• Describe the route distinguisher use and formats.

• Explain the RFC 4364 control flow.

vi • Course Overview www.juniper.net

• Create a routing instance, assign interfaces, create routes, and import and export routes within the routing instance using route distinguishers and route targets.

• Explain the purpose of BGP extended communities and how to configure and use these communities.

• Describe the steps necessary for proper operation of a PE to CE dynamic routing protocol.

• Configure a simple Layer 3 VPN using a dynamic CE-PE routing protocol.

• Describe the routing-instance switch.

• Explain the issues with the support of traffic originating on multiaccess VPN routing and forwarding table (VRF table) interfaces.

• Use operational commands to view Layer 3 VPN control exchanges.

• Use operational commands to display Layer 3 VPN VRF tables.

• Monitor and troubleshoot PE-CE routing protocols.

• Describe the four ways to improve Layer 3 VPN scaling.

• Describe the three methods for providing Layer 3 VPN customers with Internet access.

• Describe how the auto-export command and routing table groups can be used to support communications between sites attached to a common PE router.

• Describe the flow of control and data traffic in a hub-and-spoke topology.

• Describe the various Layer 3 VPN class-of-service (CoS) mechanisms supported by the Junos OS.

• Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security (IPsec) tunnels in Layer 3 VPNs.

• Describe the flow of control traffic and data traffic in a next-generation MVPN.

• Describe the configuration steps for establishing a next-generation MVPN.

• Monitor and verify the operation of next-generation MVPNs.

• Describe the purpose and features of a BGP Layer 2 VPN.

• Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.

• Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.

• Configure a BGP Layer 2 VPN and describe the benefits and requirements of over-provisioning.

• Monitor and troubleshoot a BGP Layer 2 VPN.

• Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.

• Describe the Junos OS BGP Layer 2 VPN CoS support.

• Describe the flow of control and data traffic for an LDP Layer 2 circuit.

• Configure an LDP Layer 2 circuit.

• Monitor and troubleshoot an LDP Layer 2 circuit.

• Describe and configure circuit cross-connect (CCC) MPLS interface tunneling.

• Describe the difference between Layer 2 MPLS VPNs and VPLS.

• Explain the purpose of the PE device, the CE device, and the P device.

• Explain the provisioning of CE and PE routers.

• Describe the signaling process of VPLS.

• Describe the learning and forwarding process of VPLS.

• Describe the potential loops in a VPLS environment.

www.juniper.net Course Overview • vii

• Configure BGP and LDP VPLS.

• Troubleshoot VPLS.

• Describe the Junos OS support for carrier of carriers.

• Describe the Junos OS support for interprovider VPNs.

Intended Audience

This course benefits individuals responsible for configuring and monitoring devices running the Junos OS.

Course Level

Junos MPLS and VPNs (JMV) is an advanced-level course.

Prerequisites

Students should have intermediate-level networking knowledge and an understanding of the Open Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also have familiarity with the Protocol Independent Multicast—Sparse Mode (PIM-SM) protocol. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Service Provider Switching (JSPX) courses prior to attending this class.

viii • Course Agenda www.juniper.net

Course Agenda

Day 1

Chapter 1: Course Introduction

Chapter 2: MPLS Fundamentals

Lab 1: MPLS Fundamentals

Chapter 3: Label Distribution Protocols

Lab 2: Label Distribution Protocols

Chapter 4: Constrained Shortest Path First

Lab 3: CSPF

Day 2

Chapter 5: Traffic Protection and LSP Optimization

Lab 4: Traffic Protection

Chapter 6: Miscellaneous MPLS Features

Lab 5: Miscellaneous MPLS Features

Chapter 7: VPN Review

Chapter 8: Layer 3 VPNs

Lab 6: VPN Baseline Configuration

Day 3

Chapter 9: Basic Layer 3 VPN Configuration

Lab 7: Layer 3 VPN with Static and BGP Routing

Chapter 10: Troubleshooting Layer 3 VPNs

Chapter 11: Layer 3 VPN Scaling and Internet Access

Lab 8: Route Reflection and Internet Access

Chapter 12: Layer 3 VPNs—Advanced Topics

Lab 9: GRE Tunnel Integration

Day 4

Chapter 13: Multicast VPNs

Chapter 14: BGP Layer 2 VPNs

Lab 10: BGP Layer 2 VPNs

Chapter 15: Layer 2 VPN Scaling and COS

Chapter 16: LDP Layer 2 Circuits

Lab 11: Circuit Cross Connect and LDP Layer Circuits

Chapter 17: Virtual Private LAN Service

Day 5

Chapter 18: VPLS Configuration

Lab 12: Virtual Private LAN Service

Chapter 19: Interprovider VPNs

Lab 13: Carrier-of-Carrier VPNs

www.juniper.net Document Conventions • ix

Document Conventions

CLI and GUI Text

Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter text according to the following table.

Input Text Versus Output Text

You will also frequently see cases where you must enter input text yourself. Often these instances will be shown in the context of where you must enter them. We use bold style to distinguish text that is input versus text that is simply displayed.

Defined and Undefined Syntax Variables

Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax variables where the value is already assigned (defined variables) and syntax variables where you must assign the value (undefined variables). Note that these styles can be combined with the input style as well.

Style Description Usage Example

Franklin Gothic Normal text. Most of what you read in the Lab Guide and Student Guide.

Courier New Console text:

• Screen captures

• Noncommand-related syntax

GUI text elements:

• Menu names

• Text field entry

commit complete

Exiting configuration mode

Select File > Open, and then click Configuration.conf in the Filename text box.


Normal CLI

Normal GUI

No distinguishing variant. Physical interface:fxp0, Enabled

View configuration history by clicking Configuration > History.

CLI Input

GUI Input

Text that you must enter. lab@San_Jose> show route

Select File > Save, and type config.ini in the Filename field.


CLI Variable

GUI Variable

Text where variable value is already assigned.

policy my-peers

Click my-peers in the dialog.

CLI Undefined

GUI Undefined

Text where the variable’s value is the user’s discretion and text where the variable’s value as shown in the lab guide might differ from the value the user must input.

Type set policy policy-name.

ping 10.0.x.y

Select File > Save, and type filename in the Filename field.

x • Additional Information www.juniper.net

Additional Information

Education Services Offerings

You can obtain information on the latest Education Services offerings, course dates, and class locations from the World Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.

About This Publication

The Junos MPLS and VPNs High-Level Lab Guide was developed and tested using software Release 10.3R1.9. Previous and later versions of software might behave differently so you should always consult the documentation and release notes for the version of code you are running before reporting errors.

This document is written and maintained by the Juniper Networks Education Services development team. Please send questions and suggestions for improvement to [email protected].

Technical Publications

You can print technical manuals and release notes directly from the Internet in a variety of formats:

• Go to http://www.juniper.net/techpubs/.

• Locate the specific software or hardware release and title you need, and choose the format in which you want to view or print the document.

Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.

Juniper Networks Support

For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside the United States).

www.juniper.net MPLS Fundamentals • Lab 1–110.a.10.3R1.9

Lab 1MPLS Fundamentals

Overview

This lab demonstrates configuration and monitoring of multiprotocol label switched path (MPLS) static label switched path (LSP) features on devices running the Junos operating system. In this lab, you use the command-line interface (CLI) to configure and monitor network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Virtual Routers and static MPLS LSPs.

The lab is available in two formats: a high-level format designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands.

By completing this lab, you will perform the following tasks:

• Configure and verify proper operation of network interfaces.

• Configure and verify OSPF, BGP, and a virtual router.

• Configure and monitor a MPLS static LSP.

Junos MPLS and VPNs

Lab 1–2 • MPLS Fundamentals www.juniper.net

Part 1: Configuring Network Interfaces and Baseline Protocols

In this lab part, you will be using the lab diagram titled “Lab 1: Part 1—Static LSPs (Infrastructure)”. You will configure network interfaces on your assigned device. You will then verify that the interfaces are operational and that the system adds the corresponding routing table entries for the configured interfaces. After verifying your interfaces, you will configure the router to participate in the OSPF area 0.0.0.0. Once you have completed this, you will set up a internal BGP (IBGP) peering with the remote team’s router.

Step 1.1

Ensure you know what device you are assigned. Check with your instructor if necessary. Change all the x values on the Lab 1 topologies to reflect the correct value. This will help avoid any confusion during the configuration steps throughout the lab.

Step 1.2

Consult the management network diagram, provided by your instructor, to determine your device’s management address.

Question: What is the management address assigned to your station?

Step 1.3

Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH) as directed by your instructor. The following example shows simple Telnet access to mxA-1 using the Secure CRT program.

Note

The instructor will tell you the nature of your access and will provide you with the necessary details to access your assigned device.

Junos MPLS and VPNs

www.juniper.net MPLS Fundamentals • Lab 1–3

Step 1.4

Log in as user lab with the password supplied by your instructor.

Step 1.5

Enter configuration mode and load the reset configuration file jmv-reset-RouterName and commit. For example: team mxA-1 would load configuration file jmv-reset-mxA-1.

Step 1.6

Navigate to the [edit interfaces] hierarchy level.

Step 1.7

Refer to the network diagram and configure the interfaces for your assigned device. Use the virtual local area network (VLAN) ID as the logical unit value for the tagged interface. Use logical unit 0 for all other interfaces. Remember to configure the loopback interface!

Step 1.8

Display the interface configuration and ensure that it matches the details outlined on the network diagram for this lab. When you are comfortable with the interface configuration, issue the commit-and-quit command to activate the configuration and return to operational mode.

Step 1.9

Issue the show interfaces terse command to verify the current state of the recently configured interfaces.

Question: What are the Admin and Link states for the recently configured interfaces?

Step 1.10

Issue the show route command to view the current route entries.

Question: Does the routing table display an entry for all local interface addresses and directly connected networks?

Question: Are any routes currently hidden?

Step 1.11

Enter in to configuration mode and navigate to the [edit protocols ospf] hierarchy level.

Junos MPLS and VPNs


Step 1.12

Configure the core facing interfaces in area 0.0.0.0. Remember to add the loopback interface.

Step 1.13

Activate the configuration changes and exit to operational mode. Issue the show ospf neighbor command.

Question: Which neighbor state is shown for the listed interfaces?

Step 1.14

Using the ping utility, verify reachability to remote students interfaces. Remember to verify the loopback address.

Question: Are the ping tests successful?

Step 1.15

Enter in to configuration mode and define the autonomous system number designated for your network. Refer to the network diagram as necessary.

Step 1.16

Navigate to the [edit protocols bgp] hierarchy level. Configure a BGP group named my-int-group that establishes an internal BGP peering session with the remote team’s router. Refer to the network diagram for this lab as necessary.

Step 1.17

Issue the run show bgp summary command to view the current BGP summary information for your device.

Question: How many BGP neighbors does your router currently list?

Note

Before proceeding, ensure that the remote student team in your pod finishes the previous steps.

Junos MPLS and VPNs


Question: Does your session show an Active state?

STOP Do not proceed until the remote team finishes Part 1.

Part 2: Configuring Customer Edge Router and Network Interfaces

In this lab part, you will reference the lab diagram titled “Lab 1: Parts 2-3—Static LSPs”. You will configure a virtual router instance on your router, representing the customer edge (CE) router. You will configure the interfaces and networks needed to establish a external BGP (EBGP) peering between the customer edge router and your provider edge (PE) router. You will first configure your virtual router and all interfaces for both routers. Second you will configure the EBGP peering session between the two routers. Next you will advertise your loopback address from your CE device to your PE router. You will share these routes with your IBGP peer.

Step 2.1

Refer to the lab diagram to ensure you navigate to the correct virtual router name. Navigate to the [edit routing-instances cex-y] hierarchy and configure the instance to behave as a virtual router. Configure the interfaces that should be members of the virtual router. Make sure you include a loopback interface.

Step 2.2

Review the virtual router configuration up to this point by issuing the command show.

Question: Do you see any issues with the current configuration?

Step 2.3

Navigate to the [edit interfaces] hierarchy. Configure both physical interfaces required for the connection to the virtual router. Configure unit 1 under the loopback interface. Consult the network diagram for proper IP addressing. After verifying your configuration, commit and exit to operational mode to verify connectivity.

Junos MPLS and VPNs


Step 2.4

Verify connectivity from CE to PE router using the ping utility.

Step 2.5

Return to configuration mode and configure the main instance (PE) to establish an EBGP peering session, named my-ext-group, to your virtual router (CE). Verify configuration looks correct before moving on. Please refer to Lab 1: Part 2 and 3 network diagram for appropriate peer autonomous system numbers.

Question: Do you have to configure the group type as external?

Step 2.6

Navigate to the [edit routing-instances cex-y] hierarchy and configure the autonomous system for the virtual router (CE). Next configure the EBGP group named my-ext-group, on the CE router. Once you are satisfied with the configuration commit and exit to operational mode and verify the neighborship is established before moving on to the next step.

Question: Is your EBGP peering established between your PE and CE routers?

Question: Are you sending any routes from your CE router?

Step 2.7

After you have verified all peers are up, enter configuration mode and issue the save jmv-lab1-RouterName-baseline command to save the configuration for future labs in this course. Consult your lab diagram to ensure you save the configuration with the correct router name. For example: team mxA-1 would issue the command: save jmv-lab1-mxA-1-baseline

Note

Use Ctrl + c to stop a continuous ping operation.

Junos MPLS and VPNs


Step 2.8

Navigate to the [edit policy-options] hierarchy and configure a policy named ce-export-loopback. Allow your CE loopback address to be exported. After creating the policy, navigate to the virtual router and apply this new policy as an export policy to your EBGP group. Commit and exit to operational mode after you are satisfied with your configuration.

Step 2.9

Verify that you are advertising the loopback address to your EBGP peer. Next verify you are advertising the EBGP route from your PE router to your IBGP peer.

Step 2.10

Verify that you are receiving the remote CE loopback from your IBGP neighbor. The total destination routes may differ in your outputs.

Question: Where is the route the remote peer is advertising to us?

Step 2.11

Take an extensive look at the hidden route and determine why the route is hidden.

Question: Why is the route hidden?

Question: How do you fix this problem and get the route to be a usable route?

Step 2.12

Enter into configuration mode. Navigate to the [edit policy-options] hierarchy and create the policy named nhs. Configure this policy to take all bgp routes learned from your CE neighbor and change the next-hop to itself before advertising these routes to your remote IBGP peer. Apply this policy as an export policy to the BGP group my-int-group. After you are satisfied with your policy and configuration commit your changes and exit to operational mode.

Note


Junos MPLS and VPNs


Step 2.13

Verify that the remote loopback address is now usable and installed in the routing table.

Question: Do you see the route now?

Step 2.14

Verify you are receiving and installing the route to the remote CE router in your virtual router.

Question: Is the route present in your CE routing table?


Part 3: Configuring a Static LSP Through the Core

In this lab part, you will reference the lab diagram titled “Lab 1: Parts 2-3—Static LSPs”. You will configure a static LSP that will be used for traffic that is destined to the network connected to the remote PE router. After configuring the LSP we will verify CE to CE router communication through the static LSP.

Step 3.1

Enter into configuration mode and navigate to the [edit interfaces] hierarchy. Configure the core facing interface to allow MPLS traffic.

Step 3.2

Navigate to [edit protocols mpls] hierarchy and add the interface all statement. As good practice please be sure to disable the management interface.

Step 3.3

Commit the configuration changes. Issue the command run show route table mpls.0 command to verify that the mpls table has been created.

Note


Junos MPLS and VPNs


Question: What are the routes that you see?

Step 3.4

Review the interfaces that are participating in MPLS to ensure we have the proper configuration by executing the run show mpls interface command.

Question: What interface do you see?

Step 3.5

Create a static LSP named my-static-lsp with the egress address of the remote PE loopback.

Step 3.6

Navigate to the [edit protocols mpls static-label-switched-path my-static-lsp ingress] hierarchy. Configure the next-hop for the LSP and assign the appropriate label to the LSP. Please consult the lab diagram titled “Lab 1: Parts 2-3—Static LSPs” for the path and label to be assigned. Review your configuration and after you are satisfied with the configuration, commit the changes and exit to operational mode.

Step 3.7

Issue the show mpls static-lsp ingress command to view the current status of the recently configured LSP.

Question: What is the state of the static LSP?

Step 3.8

Review the route being used for the remote CE router’s loopback by issuing the show route 192.168.1x.y command.

Question: How do you determine that the static LSP is going to be used when directing traffic to this destination?

Step 3.9

Look at the traffic statistics for traffic traversing our new LSP. Execute the show mpls static-lsp statistics ingress command to view the statistics for the traffic the enters the LSP at this router.

Junos MPLS and VPNs


Step 3.10

Test the LSP by using the ping utility from the virtual router by executing the ping 192.168.1x.y source 192.168.1x.y count 10 rapid routing-instance cex-y command.

Step 3.11

Look at the LSP statistics to verify that the traffic traversed the LSP.

Question: How many packets do you see that traversed through the LSP?

STOP Tell your instructor that you have completed Lab 1.

www.juniper.net Label Distribution Protocols • Lab 2–110.a.10.3R1.9

Lab 2Label Distribution Protocols

Overview

This lab demonstrates configuration and monitoring of Resource Reservation Protocol (RSVP) and Label Distribution (LDP) signalled label switched path (LSP) features on routers running the Junos operating system. In this lab, you use the command-line interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol (BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.



• Configure and verify proper operation of network interfaces.

• Configure and verify BGP, and a virtual router.

• Configure and monitor a RSVP LSP.

• Modify RSVP LSP by explicitly defining path requirements.

• Configure and monitor a LDP LSP.

• Manipulate the default behavior of RSVP and LDP, depending on network requirements.

Junos MPLS and VPNs

Lab 2–2 • Label Distribution Protocols www.juniper.net

Part 1: Configuring Customer Edge Router and Network Interfaces

In this lab part, you will reference the lab diagram titled “Lab 2: Label Distribution Protocols”. You will configure the virtual router representing the customer edge (CE) router. You will configure the interfaces and networks needed to establish an external BGP (EBGP) peering between the customer edge router and your provider edge (PE) router. You will first configure your virtual router and all interfaces for both routers. Second, you will configure the EBGP peering session between the two routers. Next, you will advertise your loopback address from your CE device to your PE router. You will share these routes with your internal BGP (IBGP) peer.

Step 1.1

Enter into configuration mode and load the baseline configuration that you saved in Lab 1 by executing the load override jmv-lab1-RouterName-baseline command. Once the configuration has been loaded, commit the changes and exit to operational mode. Verify your Open Shortest Path First (OSPF) neighborships are up and operational.

Step 1.2

Verify connectivity from CE to PE router using the ping utility.

Step 1.3

Verify the BGP neighbor relationship is established before moving on to the next step.

Step 1.4

Enter back into configuration mode. Navigate to the [edit policy-options] hierarchy and configure a policy named vr-export-loopback. Allow your CE router loopback address to be accepted. After creating the policy, navigate to the virtual router and apply this new policy as an export policy to your EBGP group. Commit and exit to operational mode after you are satisfied with your configuration.

Step 1.5

Verify that you are advertising the loopback address to your EBGP peer. Next, verify you are advertising the EBGP route from your PE router to your IBGP peer.

Step 1.6

Verify that you are receiving the remote CE router loopback from your IBGP neighbor.

Step 1.7

Take an extensive look at the hidden route and determine why the route is hidden.

Note


Junos MPLS and VPNs

www.juniper.net Label Distribution Protocols • Lab 2–3

Question: Why is the route hidden?

Question: How do we fix this problem and get the route to be a usable route?

Step 1.8

Enter into configuration mode. Navigate to the [edit policy-options] hierarchy and create the policy named nhs. Configure this policy to take all BGP routes learned from your CE neighbor and change the next hop to itself before advertising these routes to your remote IBGP peer. Apply this policy as an export policy to the BGP group my-int-group. After you are satisfied with your policy and configuration commit your changes and exit to operational mode.

Step 1.9

Verify that the remote loopback address is now usable and installed in the routing table.

Question: Do you see the route now?

Step 1.10

Verify you are receiving and installing the route to the remote CE router in your virtual router.

Question: Is the route present in your CE routing table?


Note


Junos MPLS and VPNs


Part 2: Configuring RSVP

In this lab part, you will continue using the Lab 2 network diagram. You will configure a RSVP signaled LSP that will be used for traffic that is destined to the network connected to the remote PE router. After configuring the LSP we will verify CE to CE router communication through the RSVP LSP.

Step 2.1

Enter into configuration mode and navigate to the [edit interfaces] hierarchy. Configure the core facing interfaces to allow multiprotocol label switching (MPLS) traffic.

Step 2.2

Navigate to [edit protocols mpls] hierarchy and add the interface all statement. As good practice please be sure to disable the management interface.

Step 2.3

Commit the configuration changes and review the interfaces that are participating in MPLS to ensure we have the proper configuration by executing the run show mpls interface command.

Step 2.4

Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core facing interfaces manually. Remember that you must specify the correct unit number when adding interfaces to any protocol configuration. The default Junos OS behavior is to assume unit 0 if no unit is specified. Review the configuration before committing to ensure the interfaces are correct.

Step 2.5

Add the configuration for creating the LSP. Navigate to the [edit protocols mpls] hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the set no-cspf command. Next, create a label-switched-path named pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your remote peer’s loopback address. Verify that the configuration looks correct. Commit and exit to operation mode when you are satisfied with the changes.

Note

It is perfectly acceptable to use the interface all option when adding the interfaces into RSVP. For this lab, however, we ask that you explicitly identify the interfaces to demonstrate the importance of including the correct unit number when manually configuring particular interfaces.

Junos MPLS and VPNs


Step 2.6

Verify the status of your recently configured LSP reviewing the information displayed by issuing the show mpls lsp command.

Question: How many LSPs are reflected in the output and what are the terminating points?

Question: Can you tell what path the LSP signaled over?

Step 2.7

Review the ingress LSP in more detail by including the ingress and extensive options with the previous command.

Question: Can you determine what routers in the network are being traversed by the LSP you configured?

Step 2.8

Verify traffic that is destined to the remote CE router’s loopback will use the LSP by issuing the show route 192.168.1x.y command.

Step 2.9

Verify the remote CE router’s loopback is reachable from your local CE router by sending five Internet Control Message Protocol (ICMP) packets. Verify these ICMP packets traversed the LSP by displaying the traffic statistics for the LSP.


Junos MPLS and VPNs


Part 3: Configuring a Explicit Route Object (ERO)

In this lab part, you will continue using the “Lab 2: Label Distribution Protocols” lab diagram. You will create a path using both strict and loose path constraints. You will apply the path as the primary path to your existing LSP, forcing the LSP to signal along the specified path. You will decide which path the LSP will traverse. The only criteria for this task is that you must have at least one strict hop and one loose hop defined for the path. The example below is from the perspective of the pex- router. The path example will have a strict hop requirement of the p4 router and a loose hop requirement of the p3 router. This path was chosen for demonstration purposes only—you might choose to engineer your LSP path differently.

Step 3.1

Enter into configuration mode and edit to the [edit protocols mpls] hierarchy. Create a path named my-ER0 and configure the strict and loose hops you want the LSP path to signal along.

Step 3.2

Apply the ERO you just created as the primary path used by the LSP you configured in Part 2. If you do not remember what the LSP name was, you can use the question mark option to display the LSPs that are configured on the router. Review the configuration changes before committing and exiting to operational mode.

Step 3.3

Verify the status of your LSP using the show mpls lsp ingress command.

Question: What is the state of your LSP?

Question: What is the active path being used?

Step 3.4

Review the output displayed from the show mpls lsp ingress detail command to verify the LSP is following the path you created.

Question: Does the RRO reflect the path you specified?

Junos MPLS and VPNs


Part 4: Configuring LDP

In this lab part, you will deactivate RSVP and add LDP to your network setup. Then you will verify that traffic will transit the network using the LDP LSP.

Step 4.1

Enter into configuration mode and deactivate RSVP. Commit the configuration change.

Step 4.2

Navigate to the [edit protocols ldp] hierarchy and add the interface all statement. As good practice, remember to disable the management interface. After making the configuration changes commit and exit to operation mode for verification.

Step 4.3

Verify the proper interfaces are participating in LDP by issuing the command show ldp interface.

Question: Do you see the correct interfaces?

Step 4.4

Verify the status of the LSP by issuing the show ldp session command.

Question: What is the status of the connection?

Step 4.5

Verify traffic that is destined to the remote CE router’s loopback will use the LSP by issuing the show route 192.168.1x.y command.

Step 4.6

Verify the remote CE router’s loopback is reachable from your local CE router by sending five ICMP packets. Verify these ICMP packets traversed the LSP by displaying the traffic statistics for the LSP.

Question: Was your ping test successful?

STOP Do not proceed until the remote team finishes Part 4

Junos MPLS and VPNs


Part 5: Changing the Default Route Preference

In this lab part, your network will be running both RSVP and LDP to signal LSPs. All traffic destined for the remote CE router must use the LDP LSPs. You will use protocol preference to maniplate the LSP that is chosen as the next-hop.

Step 5.1

Enter into configuration mode and re-activate the RSVP protocol. Commit the configuration changes.

Step 5.2

Review the routing table to determine what route is being used to carry traffic to the remote CE network. Please note that the route might not change right away. It can take a few moments to update the routing table.

Question: What protocol is being used to carry the traffic to remote CE router?

Question: What table can you look at to see the preference values of RSVP and LDP?

Step 5.3

Review the routes being used in the routing table inet.3 by issuing the run show route table inet.3 192.168.x.y command.

Question: How can we make the LDP route more preferred than the RSVP route?

Step 5.4

Lower the preference of the LDP protocol to be one lower than RSVP. You can accomplish this by issuing the set protocols ldp preference 6 command. After changing the protocol preference, commit your changes. After the commit has finished, review the 192.168.1x.y route and the inet.3 routing table to ensure LDP will be used for traffic to the CE network.

Question: What protocol is now the more preferred protocol for traffic destined to the remote CE network?

Junos MPLS and VPNs



Note

It is perfectly acceptable in our situation to make all LDP routes more preferred than RSVP routes. However, this might not always be the case. You can increase the route preference on RSVP routes on each label-switched-path. This allows you to alter the preference on a more granular level than LDP.

Junos MPLS and VPNs


www.juniper.net CSPF • Lab 3–110.a.10.3R1.9

Lab 3CSPF

Overview

In this lab, you create a baseline multiprotocol label switching (MPLS) network and then create label switched paths (LSPs) using administrative groups as a constraint for constrained shortest path first (CSPF).

The lab is available in two formats: a high-level format that is designed to make you think through each step and a detailed format that offers step-by-step instructions complete with sample output from most commands.


• Create a baseline network.

• Define three Resource Reservation Protocol (RSVP) signaled LSPs to the remote provider edge (PE) router.

• Create and assign administrative groups to interfaces and define an LSP using administrative groups as a routing constraint.

• Analyze the traffic engineering database (TED).

Junos MPLS and VPNs

Lab 3–2 • CSPF www.juniper.net

Part 1: Creating the Baseline Network

In this lab part, you will configure the baseline network for the lab. You will load the baseline configuration that was saved at the end of Lab 1 and then enable RSVP and MPLS on the core-facing interfaces. Please refer to the lab diagram titled “Lab 3: CSPF”.

Step 1.1

Enter configuration mode and load the baseline configuration for your PE router. The file should be saved in the /var/home/lab directory and is named jmv-lab1-RouterName-baseline. Commit the baseline configuration and exit to operational mode to verify connectivity.

Step 1.2

Verify that your PE router has established Open Shortest Path First (OSPF) adjacencies with the neighboring P routers.

Question: Are the OSPF neighbors in a Full state?

Step 1.3

Verify that your PE router has established a Border Gateway Protocol (BGP) neighbor relationship with the remote PE router.

Question: Is the neighbor relationship in the established state with the remote PE router?

Step 1.4

For an interface to support the forwarding of MPLS packets, you must enable the MPLS family on each interface. Enter configuration mode and navigate to the [edit interfaces] hierarchy. Enable family mpls on both of the core facing interfaces.

Step 1.5

Navigate to the [edit protocols] hierarchy and configure the MPLS protocol on the core-facing interfaces.

Step 1.6

Configure the RSVP protocol on the core-facing interfaces. Commit your configuration and exit to operational mode.

Step 1.7

Using show commands, verify that the MPLS and RSVP are configured correctly on the core-facing interfaces.

Junos MPLS and VPNs

www.juniper.net CSPF • Lab 3–3

Part 2: Enabling the TED

By default, the Junos operating system does not support the flooding the Opaque LSAs used to build the TED. This feature must be enabled on every router in the OSPF network. In this lab part, you will enable the TED and verify its operation.

Step 2.1

View the OSPF database and determine what types of link state advertisements (LSAs) are currently being flooded in the network.

Question: What types of LSAs are being flooded in the OSPF domain?

Question: Is your router generating an OpaqArea LSA?

Step 2.2

View the TED and determine whether or not your router is using the OpaqArea LSA to build a TED.

Question: Does your router have a TED available for CSPF calculations?

Step 2.3

Enter configuration mode and navigate to the [edit protocols ospf] hierarchy and enable traffic-engineering so that your router will flood its own OpaqArea LSA and use these LSA types to build and use the TED for CSPF calculations. Commit your configuration and exit to operational mode to determine if your router is using the TED .

Question: Is your router generating an OpaqArea LSA?

Question: Does your router have a TED available for CSPF calculations?

Junos MPLS and VPNs


Step 2.4

View the TED and determine the colors (administrative groups) that have been assigned to your PE router local interfaces.

Question: Have any colors been assigned to your PE router’s core-facing interfaces?


Part 3: Configuring RSVP-Signaled LSPs

In this lab part, you will configure gold, silver, and bronze RSVP-signaled LSPs.

Step 3.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy. Configure an RSVP-signaled LSP named lsp-gold-pey-to-pez-x to the remote PE router’s loopback address. Ensure that this LSP traverses P2 as a loose hop.

Step 3.2

Configure an RSVP-signaled LSP named lsp-silver-pey-to-pez-x to the remote PE router’s loopback address. Ensure that this LSP traverses P2 as a loose hop.

Step 3.3

Configure an RSVP-signaled LSP named lsp-bronze-pey-to-pez-x to the remote PE router’s loopback address. Ensure that this LSP traverses P2 as a loose hop. Commit your configuration and exit to operational mode.

Step 3.4

Verify that the new LSPs are up and are currently traversing P2.

Question: Are all three LSPs up?

Question: What path are each of the LSPs taking through the network? List the routers that the LSPs traverse.

Junos MPLS and VPNs

www.juniper.net CSPF • Lab 3–5

Part 4: Adding Administrative Groups to Core-Facing Interfaces

In this lab part, you will add administrative groups to your core-facing interfaces. Refer to the lab diagram to determine the administrative groups to be applied to the interfaces. The P router interfaces have been preconfigured with the administrative groups listed on the diagram.

Step 4.1

Enter configuration mode and navigate to the [edit protocols] hierarchy. Define an administrative group called gold that uses a value of 1.

Step 4.2

Define an administrative group called silver that uses a value of 2.

Step 4.3

Define an administrative group called bronze that uses a value of 3.

Step 4.4

Apply the administrative groups (as listed in the lab diagram) to the core-facing interfaces. Exit configuration mode and use the show mpls interface command to verify that the correct administrative groups have been applied.

Question: What administrative group have been applied to the interfaces?

Step 4.5

View the TED and determine whether or not your router is advertising the correct colors (administrative groups) to all other routers in the network.

Question: Is your router advertising the correct color settings to other routers in the network?


Junos MPLS and VPNs


Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF

In this lab part, you will modify the configuration of your LSPs so that they will take a particular path through the network. By specifying the administrative groups to include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will take the silver path, and the bronze LSP will take the bronze path through the network.

Step 5.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy, Modify the primary path for the gold LSP so that it takes only the gold path through the lab network, ensuring that it continues to pass through P2.

Step 5.2

Modify the primary path for the silver LSP so that it takes only the silver path through the lab network ensuring that it continues to pass through P2.

Step 5.3

Modify the primary path for the bronze LSP so that it takes only the bronze path through the lab network ensuring that it continues to pass through P2. Commit your configuration and exit to operational mode.

Step 5.4

Verify that each LSP is traversing the correct, colored path as well as passing through P2.

Question: List the routers that the gold LSP traverses. Does it traverse the expected path?

Question: List the routers that the silver LSP traverses. Does it traverse the expected path?

Question: List the routers that the bronze LSP traverses. Does it traverse the expected path?


www.juniper.net Traffic Protection • Lab 4–110.a.10.3R1.9

Lab 4Traffic Protection

Overview

In this lab, you will create a baseline multiprotocol label switching (MPLS) network and then create label switched paths (LSPs) using different traffic protection mechanisms.



• Create a baseline network.

• Define an Resource Reservation Protocol (RSVP) signalled LSP to the remote provider edge (PE) router.

• Add primary/secondary path protection to an LSP.

• Add secondary/secondary path protection to an LSP.

• Add fast-reroute protection to an LSP.

• Add node-link protection to an LSP.

• Add link protection to an LSP.

Junos MPLS and VPNs

Lab 4–2 • Traffic Protection www.juniper.net

Part 1: Creating the Baseline Network

In this lab part, you will configure the baseline network for the lab. You will load the baseline configuration that was saved at the end of Lab 1 and then enable RSVP and MPLS on the core-facing interfaces. Please refer to the lab diagram titled “Lab 3: CSPF”.

Step 1.1


Step 1.2

Verify that your PE router has established Open Shortest Path First (OSPF) adjacencies with the neighboring P routers.


Step 1.3


Question: Has your PE router established a neighbor relationship with the remote PE router?

Step 1.4

For an interface to support the forwarding of MPLS packets, you must enable the MPLS family on each interface. Enter configuration mode and navigate to the [edit interfaces] hierarchy. Enable family mpls on both of the core facing interfaces.

Step 1.5

Navigate to the [edit protocols mpls] hierarchy and configure the MPLS protocol on the core-facing interfaces.

Step 1.6

Navigate to the [edit protocols rsvp] hierarchy and configure the RSVP protocol on the core-facing interfaces.

Junos MPLS and VPNs

www.juniper.net Traffic Protection • Lab 4–3

Step 1.7

Navigate to the [edit protocols ospf] hierarchy and enable traffic-engineering so that your router will flood its own OpaqArea links state advertisement (LSA) and use these LSA types to build and use the traffic engineering database (TED) for constrained shortest path first (CSPF) calculations. Commit your configuration and exit to operational mode.

Step 1.8


Part 2: Redistributing Routes into BGP

In this lab part, each PE router will be configured for a static route. You will then redistribute that static route into BGP using policy. Review the lab diagram to verify the static route.

Step 2.1

Enter configuration mode and navigate to the [edit routing-options] hierarchy. Configure the static route associated with your PE. Configure a next hop of reject for that route.

Step 2.2

Navigate to the [edit policy-options] hierarchy and configure a routing policy called statics to redistribute the static route into BGP.

Step 2.3

Navigate to the [edit protocols bgp] hierarchy and apply the policy as an export policy to the remote PE neighbor. Commit your configuration and exit to operation mode.

Step 2.4

Verify that you are sending a route to your remote PE neighbor as well as receiving a route.


Junos MPLS and VPNs


Part 3: Creating an LSP to the Remote PE

In this lab part, you will create an RSVP-signalled LSP from your PE to the remote PE. The second router along the path of the LSP must be either P1 or P3 depending on the PE router that you are configuring. You will specify a strict hop of the provider router’s connecting interface. Refer to the lab diagram titled “Lab 4: Traffic Protection” to determine the path of your LSP.

Step 3.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy. Create a path for your LSP named strict-first-hop using the hops listed in the following table:

Step 3.2

Configure an LSP named pey-to-pez-x to the remote PE with a primary path using the path you created in the previous step. Modify the LSP with the no-cspf command. Commit your configuration and exit configuration mode and verify that your LSP is up.

Step 3.3

Verify that the new LSP is up and is currently traversing the correct downstream P router.

Question: Is the new LSP up?

Question: What path is the LSPs taking through the network? List the routers that the LSPs traverse.

Ingress PE Strict Hop Loose Hop

mxA-1 172.22.210.2 192.168.5.6

mxA-2 172.22.212.2 192.168.5.4

mxB-1 172.22.220.2 192.168.5.6

mxB-2 172.22.222.2 192.168.5.4

mxC-1 172.22.230.2 192.168.5.6

mxC-2 172.22.232.2 192.168.5.4

mxD-1 172.22.240.2 192.168.5.6

mxD-2 172.22.242.2 192.168.5.4

Junos MPLS and VPNs


Step 3.4

Enter configuration mode and disable the interface on your PE router that is being used by the primary path of the LSP. Commit your configuration and exit to operational mode.

Step 3.5

Verify the status of the LSP.

Question: What happens to the status of the LSP while the interface is disabled?

Step 3.6

Enter configuration mode and enable the interface on your PE router that is being used by the primary path of the LSP. Commit your configuration and exit to operational mode.

Step 3.7

Verify that the LSP is up using the show rsvp session ingress command.

Part 4: Configuring a Secondary Path for Added Protection

In this lab part, you will configure a secondary path for the LSP to add traffic protection to the LSP.

Step 4.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy. Create a secondary path called any-path that lists no hops. That is, this path should make it as easy as possible for the network to build a secondary path.

Step 4.2

To provide traffic protection to the existing LSP, apply the path created in the previous step as a secondary path for the LSP. Commit your configuration and exit configuration mode.

Step 4.3

Verify that the new LSP is up and is currently traversing the correct next-hop P router.

Question: Is the secondary path in an up state? Why or why not?

Junos MPLS and VPNs


Step 4.4


Step 4.5



Step 4.6


Step 4.7

Use the show mpls lsp extensive command to verify the status of the LSP.

Question: Which path is being used by the LSP immediately after enabling the interface? Why?

Part 5: Configuring Secondary Standby Protection

In this lab part, you will configure a secondary path that will be on hot standby for the LSP to add even more traffic protection to the LSP.

Step 5.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy. To provide slightly more traffic protection to the existing LSP, apply the any-path path as a standby secondary path for the LSP. Commit your configuration and exit configuration mode and verify that your LSP is up.

Step 5.2

Verify that the new LSP is up using the primary path. Also, verify that the secondary path is up in a standby state.

Question: Is the primary path up? Secondary?

Junos MPLS and VPNs


Question: What path is the secondary path taking through the network? List the routers that the LSPs traverse.

Step 5.3

Enter configuration mode and disable the interface on your PE that is being used by the primary path of the LSP. Commit your configuration and exit to operational mode.

Step 5.4

Verify the status of the LSP using the show mpls lsp ingress extensive command.


Step 5.5


Step 5.6

Use the show mpls lsp ingress extensive command to verify the status of the LSP.

Question: What path is being used by the LSP immediately after enabling the interface? Why?

Step 5.7

After the LSP has reverted to the primary path, view the forwarding table to see the next hop of the BGP route being advertised by the remote PE router.

Question: How many next hops are associated with the received BGP route?

Junos MPLS and VPNs


Question: When using a standby secondary LSP, a very short time exists when traffic cannot be forwarded through the secondary path at the moment of primary failure. The cause of this short delay is the time it takes to install the new next hop in the forwarding table of the PFE. Can you shorten this delay? How?

Step 5.8

Enter configuration mode and navigate to the [edit policy-options] hierarchy. Create a load balancing policy called load-balance that performs load balancing on all prefixes.

Step 5.9

Navigate to the [edit routing-options] hierarchy. Apply the load-balance policy as an export policy to the forwarding table. Commit your configuration and exit to operational mode.

Step 5.10

View the forwarding table to see the next hop of the BGP route being advertised by the remote PE router.

Question: How many next hops are associated with the received BGP route?

Part 6: Examining a Secondary/Secondary Protected LSP

In this lab part, you will familiarize yourself with the behavior of an LSP with no primary path. Instead, the LSP will have two secondary paths.

Step 6.1

Enter configuration mode navigate to the [edit protocols mpls] hierarchy. Delete the LSP from the previous sections of the lab.

Step 6.2

Create a no-cspf LSP named pey-to-pez-x to the remote PE with two secondary paths. The first secondary path uses the strict-first-hop path and the next uses the any-path path. Order is important!!! Commit your configuration and exit to operational mode.

Step 6.3


Junos MPLS and VPNs


Question: Which secondary path is being used by the LSP?

Step 6.4

Enter configuration mode and disable the interface on your PE that is being used by the primary path of the LSP. Commit your configuration and exit to operational mode.

Step 6.5



Step 6.6

Enter configuration mode and enable the interface on your PE that is used by the primary path of the LSP. Commit your configuration and exit to operational mode.

Step 6.7


Question: Which path is used by the LSP immediately after enabling the interface? Why?

Part 7: Examining a Fast-Reroute Protected LSP

In this lab part, you will become familiar with an LSP that is protected by fast-reroute.

Step 7.1


Step 7.2

Create an no-cspf LSP named pey-to-pez-x to the remote PE with fast-reroute enabled. The LSP should have a primary path using the strict-first-hop path. Commit your configuration and exit to operational mode.

Junos MPLS and VPNs


Step 7.3

Use the show rsvp session ingress detail command to verify the status of the LSP.

Question: Has the PE router signaled to the downstream routers that fast-reroute is desired?

Question: Has your PE router signaled a detour path around the immediate downstream node? If so, what is the path of the detour?

Step 7.4


Step 7.5



Step 7.6


Step 7.7


Question: Which path is used by the LSP immediately after enabling the interface? Why?

Junos MPLS and VPNs


Part 8: Examining Link and Node-Link Protected LSPs

In this lab part, you will become familiar with an LSP that is protected by link and node-link protection.

Step 8.1


Step 8.2

Create an no-cspf LSP named pey-to-pez-x to the remote PE router with node-link protection enabled. The LSP should have a primary path using the strict-first-hop path.

Step 8.3

In the previous part of the lab, you found that the fast-reroute feature allowed the ingress PE to signal to all downstream routers that they must build detour paths around the immediate downstream node. In the case of fast-reroute, no special configuration was needed on any downstream router to build detour paths. In the case of link and node-link protection, you must specify each individual link within your network topology that can be protected.

Navigate to the [edit protocols rsvp] hierarchy and configure the ge-1/0/0.2xy interface to allow link protection capabilities. Commit your configuration and exit to operational mode.

Step 8.4


Question: Is the bypass LSP up?

Question: Does the bypass LSP provide protection for the failure of the P router that is directly connected to you through the ge-1/0/0 link?

Step 8.5

Enter configuration mode navigate to the [edit protocols mpls] hierarchy. Modify your LSP to provide link protection.

Step 8.6

View your MPLS configuration and verify that link protection is configured. Commit your configuration and exit to operational mode.

Junos MPLS and VPNs


Question: Looking at your configuration, are both link and node-link protection configured for your LSP?

Step 8.7


Question: Is the bypass LSP up?

Question: Does the bypass LSP provide protection for the failure of the ge-1/0/0 link?

Step 8.8 (Optional)

Enter configuration mode and disable the interface on your PE router that is used by the primary path of the LSP. Commit your configuration and exit to operational mode. Verify that protection occurs using the methods learned in this lab.


www.juniper.net Miscellaneous MPLS Features • Lab 5–110.a.10.3R1.9

Lab 5Miscellaneous MPLS Features

Overview

This lab demonstrates configuration and monitoring of miscellaneous Resource Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers running the Junos operating system. In this lab, you use the command-line interface (CLI) to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous features.



• Configure an RSVP LSP to install a route in inet.0.

• Configure multiprotocol label switching (MPLS) traffic engineering to install a route in inet.0.

• Use policy to control LSP selection.

• Use metrics to control LSP selection.

• Configure the network to not decrement time-to-live (TTL).

• Configure a router to signal explicit null.

• Configure a router to automatically adjust the RSVP reservation based on observed bandwidth.

• Use MPLS pings to monitor connectivity.

Junos MPLS and VPNs

Lab 5–2 • Miscellaneous MPLS Features www.juniper.net

Part 1: Configuring the Baseline Network

In this lab part, you will configure the baseline network for the lab. You will load the baseline configuration that was saved at the end of Lab 1 and then enable RSVP and MPLS on the core-facing interfaces. After enabling the protocols, you will configure an LSP to traverse the network to terminate at the remote provider edge (PE) router. Please refer to the lab diagram titled “Lab 5: Parts 1-3—Miscellaneous MPLS” for interface addressing and network information.

Step 1.1


Step 1.2

Verify that your PE router has established Open Shortest Path First (OSPF) adjacencies with the neighboring routers.


Step 1.3


Question: Is the neighbor relationship in the established state with the remote PE?

Step 1.4

Enter into configuration mode and navigate to the [edit interfaces] hierarchy. Configure the core facing interfaces to allow MPLS traffic.

Step 1.5

Navigate to [edit protocols mpls] hierarchy and add the interface all statement. As good practice, disable the management interface.

Step 1.6

Commit the configuration changes and review the interfaces that are participating in MPLS to ensure you have the proper configuration by executing the run show mpls interface command.

Junos MPLS and VPNs

www.juniper.net Miscellaneous MPLS Features • Lab 5–3

Question: Do you see the correct interfaces participating in MPLS?

Step 1.7

Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core-facing interfaces manually. Remember that you must specify the correct unit number when adding interfaces to any protocol configuration. Review the configuration before committing to ensure the interfaces are correct. When you are satisfied with the changes, commit and exit to operational mode.

Step 1.8

Using operational mode show commands, verify that the RSVP is configured correctly on the core-facing interfaces.

Step 1.9

Enter configuration mode and enable traffic-engineering under [edit protocols ospf] so that your router will flood its own OpaqArea link-state advertisement (LSA) and use these LSA types to build and use the traffic engineering database (TED) for Constrained Shortest Path First (CSPF) calculations.

Step 1.10

Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to the [edit protocols mpls] hierarchy and create a LSP named pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your remote peers loopback address. Verify the configuration looks correct. Commit and exit to operation mode when you are satisfied with the changes.

Step 1.11

Verify the status of your recently configured LSP reviewing the information displayed by issuing the show mpls lsp command.

Question: How many LSPs are reflected in the output and what are the terminating points?


Junos MPLS and VPNs


Part 2: Configuring a RSVP LSP to Install a Route in the inet.0 Table

In this lab part, you will add another interface to the OSPF network. Including the new interface in OSPF will allow you to establish reachability for the remote team. After establishing reachability, you will configure the router to install the remote team’s route as a destination that will use the established LSP for all traffic to the new network. Please refer to the lab diagram titled “Lab 5: Parts 1-3—Miscellaneous MPLS” for network information.

Step 2.1

Enter configuration mode and navigate to the [edit protocols ospf area 0.0.0.0] hierarchy and add the new interface to the existing configuration as a passive interface. We are adding the interface as passive because we are adding the interface for demonstrative purposes and will not be establishing a neighbor relationship on that interface. After you are satisfied with the changes, commit and exit to operational mode. Using show commands, verify the new interface is participating in your OSPF network.

Step 2.2

Verify with your remote team that they have completed the previous task. Once they have completed these steps, you will verify that you are receiving the new network as an OSPF route.

Question: Do you have the remote network in your routing table?

Step 2.3

Enter into configuration mode and navigate to the [edit protocols mpls label-switched-path pey-to-pez-x] hierarchy. Using the install statement, add the remote network to your inet.3 routing table. Commit your changes and verify that the route has been added to the inet.3 routing table and points to the correct LSP.

Question: Do you see the route in your inet.3 routing table?

Step 2.4

View the new route to determine if your router is using the OSPF route or the RSVP route for internal traffic. Remember that only BGP traffic can use the contents of the inet.3 routing table to resolve the next hop and internal traffic will resolve the next hop using the inet.0 routing table.

Junos MPLS and VPNs


Question: Is your internal traffic going to use the OSPF route or the RSVP route?

Step 2.5

Include the RSVP route in the inet.0 routing table, so that internal traffic can also use the LSP. Include this route by adding the active option to the route you installed under the LSP. After adding this option, commit and exit to operational mode. Verify that you can now see the RSVP route in your inet.0 routing table.

Question: Do you see the RSVP route in your inet.0 routing table?

Question: Which route will be used when resolving internal traffic?

Question: Which route will be used when resolving external traffic (BGP) next hops?

Part 3: Configuring MPLS Traffic Engineering to Install an inet.0 Route

In this lab part, you will configure MPLS traffic engineering to move routes from inet.3 into the inet.0 routing table for both BGP and internal gateway protocol (IGP) routes. You will then use the traceroute utility to verify that the traffic is using the LSP for internal traffic. Please refer to the lab diagram titled “Lab 5: Parts 1-3—Miscellaneous MPLS” for network information.

Step 3.1

Enter into configuration mode and navigate to the [edit protocols mpls label-switched-path pey-to-pez-x] hierarchy. Remove the active option from the installed route. Review your configuration change before proceeding. When you are satisfied with the change, issue a commit and exit to operational mode. Verify that you no longer have the RSVP route in your inet.0 routing table.

Question: Which protocol is being used in the inet.0 routing table?

Junos MPLS and VPNs


Step 3.2

Enter into configuration mode and navigate to the [edit protocols mpls] hierarchy and enable traffic engineering to move routes from inet.3 into the inet.0 routing table for both BGP and IGP routes. Commit your configuration changes and exit out of configuration mode. Verify that your inet.0 route table contains the RSVP route to the remote network specified to use the LSP.

Step 3.3

Using the traceroute utility verify that internal traffic will use the LSP when sending traffic to the remote network.

Question: Does your traceroute complete?

Question: Do you see MPLS label values associated with the traceroute responses?

Part 4: Using Policy to Control LSP Selection

In this lab part, you will use policy to control which LSP certain traffic traverses. You will begin by removing the extra interface from OSPF that was added in Part 2. You will create two new LSPs that take different paths through the core network. You will then create two static routes and export these routes to your BGP peer. Finally, you will create and apply a policy to send traffic destined to the two routes—received from your neighbor—down separate LSPs. Please refer to the lab diagram titled “Lab 5: Parts 4-9—Miscellaneous MPLS” for the remainder of this lab.

Step 4.1

Enter into configuration mode and begin by removing the interface that we added in Part 2. You must also remove this interface from your OSPF configuration.

Step 4.2

Navigate to the [edit protocols mpls] hierarchy and remove the existing label switched path. You also must remove the traffic engineering configuration. Create two paths named one and two. Specify the different loose hops you want each LSP path to signal along. The configuration example with signal path one across the top of the network using the P1, P2, and P3 routers. Path two will signal across the bottom using P4, P5, and P6 routers.

Junos MPLS and VPNs


Step 4.3

Create two label switched paths named lsp-1 and lsp-2. Apply path one to lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both LSPs should terminate at the remote PE router’s loopback. Before committing your configuration changes, review the changes. After you are satisfied with the changes commit and exit to operational mode.

Step 4.4

Using show commands, verify that your LSPs are established and traversing the core network as expected based on your explicit paths.

Question: Are your LSPs in an Up state?

Question: Do your LSPs traverse the core network as expected?

Step 4.5

Enter into configuration mode, navigate to the [edit routing-options] hierarchy, and define the static routes outlined on the network diagram for the device you are configuring. After creating these routes, you will create a policy named export-static that will export these routes to your internal BGP (IBGP) peer. After creating the policy, you must apply it as an export policy to your IBGP group. Commit your configuration changes and exit to operational mode. Verify that your router is now sending these routes to your neighbor and that you are receiving the remote static prefixes from the remote peer.

Question: What LSPs do the routes you received from your neighbor point to as next hops?

Step 4.6

Enter into configuration mode and create a policy named lsp-policy. Create a term named lsp-1. Under this term you will match the first BGP prefix received from your peer and change the next-hop to your LSP named lsp-1. You will accept this route. Then, you will create a second term named lsp-2, which will match on the second BGP route and change the next-hop to lsp-2. This route also needs to have the accept action.

Junos MPLS and VPNs


Step 4.7

Navigate to the [edit routing-options] hierarchy and apply the policy lsp-policy as an export policy to the forwarding table. After applying the policy, commit your changes and exit to operational mode. Verify that the next hop for each of the remote BGP routes point to the correct LSP as defined in your policy.

Question: Do you see the correct LSP selected as the next hop for each of your BGP routes?


Part 5: Using LSP Metric to Control LSP Selection

In this lab part, you will configure the router to use metrics to control LSP selection. You will begin by removing the policy you created in the Part 4. You must also remove the export policy applied to the forwarding table. You will look at the current state of the BGP routes and determined the metric value calculated from the IGP for each of the RSVP routes. You will then manually set the metric on one of the LSPs to be higher than the IGP calculated value. You will then verify the changes and review the changes to the routing table.

Step 5.1

Enter into configuration mode and remove the policy you created in Part 4. You must also remove the export policy applied to the forwarding table because it is no longer defined. Commit your changes when you are ready to proceed.

Step 5.2

Review the current status of your BGP routes received from your peer. Review the RSVP routes to determine what metric is being calculated from the IGP. This status review provides the current values so that when you manually assign a metric, you can verify that the changes have been applied correctly.

Question: Why do you see both LSPs as available next hops?

Question: What is the metric of both RSVP LSPs that was calculated from the IGP?

Junos MPLS and VPNs


Step 5.3

Navigate to the [edit protocols mpls] hierarchy and set the metric to 8 for lsp-2. After changing the metric, commit your configuration and exit to operational mode. Review the BGP routes for changes and verify the metric change is reflected by the RSVP routes.

Question: What changes do you see in the routing tables?

Question: What is the metric of both RSVP LSP routes after the change?

Part 6: Configuring Your Router to Not Decrement the TTL

In this lab part, you will configure the router to not decrement the TTL. First, you will look at the default TTL handling behavior. You will configure the router so that the TTL is not decremented as packets traverse the MPLS network.

Step 6.1

Enter into configuration mode and navigate to the [edit protocols mpls] hierarchy. Enable traffic-engineering bgp-igp. This will allow you to traceroute to the remote teams loopback address. We will be using traceroute to demonstrate the behavior with TTL handling. Commit the change and exit to operational mode before proceeding. By using traffic engineering, it allows internal traffic to use the RSVP routes to get to the remote team’s loopback address.

Step 6.2

Verify the default behavior by using the traceroute utility. You can now traceroute to the remote team’s loopback address.

Question: How many devices respond to the traceroute request?

Step 6.3

Enter into configuration mode and navigate to the [edit protocols mpls] hierarchy. Configure the router so that the TTL is not decremented by using the no-decrement-ttl statement under the MPLS protocol. Commit the configuration and exit to operational mode before proceeding to the next step.

Junos MPLS and VPNs


Step 6.4

Use the traceroute utility again to view the change in behavior.

Question: How many responses do you see now?

Part 7: Configuring Your Router to Signal Explicit Null

In this lab part, you will configure your router to signal explicit null. Using explicit null notifies the penultimate label-switching router (LSR) that the egress router will remove the MPLS label. You will compare the Labelin value before and after configuring the router to signal explicit null.

Step 7.1

View the Labelin value before you configure the router to signal explicit null. You should expect to see a value of 3 for both LSPs.

Step 7.2

Enter into configuration mode and navigate to the [edit protocols mpls] hierarchy. Configure your router to signal explicit null by using the explicit-null command. This command tells the router to signal the upstream LSR (penultimate router) that it expects to receive a MPLS label. In operation, instead of signaling a value of 3 upstream (default behavior), the egress router will signal a value of 0 upstream. Commit the changes and exit to operational mode before proceeding to the next step.

Step 7.3

View the Labelin value now that you have configured the router to signal explicit null. You should expect to see a value of 0 for both LSPs.

Question: Is the value of the Labelin field what you expect to see?

Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on Observed Bandwidth

In this lab part, you will configure your router to monitor and automatically adjust the RSVP reservation based on the observed bandwidth. The first step to setting up automatic bandwidth provisioning is to enable statistics monitoring for the MPLS protocol. This allows MPLS to track and monitor bandwidth utilization over a specified time period (default 24 hours.). Next, you will enable the automatic bandwidth provisioning on one of your established LSPs.

Junos MPLS and VPNs


Step 8.1

Enter into configuration mode and navigate to the [edit protocols mpls statistics] hierarchy. Enable MPLS statistics monitoring by creating a file named auto-stats and configuring the auto-bandwidth statement.

Step 8.2

Navigate to the [edit protocols mpls] and enable auto-bandwidth under the existing LSP lsp-1. Commit your changes and exit to operational mode before proceeding to the next step.

Step 8.3

Verify that your configuration changes have taken affect on the LSP by executing the show mpls lsp ingress name lsp-1 extensive command.

Question: When will the next LSP adjustment happen?

Part 9: Using MPLS Ping to Verify LSP Connectivity

In this lab part, you will use MPLS Pings to verify LSP connectivity to the egress node.

Step 9.1

Verify the connectivity of lsp-1 by executing the command ping mpls rsvp lsp-1.

Question: Do the pings complete?


Junos MPLS and VPNs


www.juniper.net VPN Baseline Configuration • Lab 6–110.a.10.3R1.9

Lab 6VPN Baseline Configuration

Overview

In this lab, you will configure the request for comments (RFC) 4364 infrastructure that will be used to support Layer 3 virtual private networks (VPNs) in subsequent labs.



• Familiarize yourself with this lab and reset the configuration.

• Configure interface addresses and families on your provider edge (PE) and customer edge (CE) routers.

• Enable traffic engineering.

• Configure internal Multiprotocol Border Gateway Protocol (MP-IBGP) peering between communicating PE routers.

• Configure a route distinguisher ID.

• Configure CE routing options.

• Verify proper infrastructure operation.

• Save your baseline configuration for use in future labs.

Junos MPLS and VPNs

Lab 6–2 • VPN Baseline Configuration www.juniper.net

Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling

In this lab part, you will configure the baseline network for the lab. You will load the baseline configuration saved at the end of Lab 1 and then enable Resource Reservation Protocol (RSVP) and multiprotocol label switching (MPLS) on the core-facing interfaces, configure MP-BGP, and configure a route-distinguisher ID. Finally, you will configure a virtual router to represent the CE router attached to your PE router. Please refer to the lab diagram titled “Lab 6: Part 1—VPN Baseline (PE)”.

Step 1.1

Enter configuration mode and load the baseline configuration for your PE router. The file is saved in the /var/home/lab directory and is named jmv-lab1-RouterName-baseline.

Step 1.2

For an interface to support the forwarding of MPLS packets, you must enable the MPLS family on each interface. Navigate to the [edit interfaces] hierarchy and enable family mpls on both of the core-facing interfaces.

Step 1.3

Navigate to the [edit protocols] hierarchy and configure the MPLS protocol on the core-facing interfaces.

Step 1.4

Configure the RSVP protocol on the core-facing interfaces.

Step 1.5

Enable traffic-engineering under [edit protocols ospf] so that your router will flood its own OpaqArea link state advertisement (LSA) and use these LSA types to build and use the traffic engineering database (TED) for constrained shortest path first (CSPF) calculations.

Step 1.6

To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network layer reachability information (NLRI) for your PE router’s BGP session with the remote PE router. Make sure to also enable the exchange of standard unicast IP version 4 (IPv4) routes as well.

Step 1.7

To allow for the automatic generation of route distinguishers, navigate to the [edit routing-options] hierarchy and specify the route-distinguisher-id using your PE router’s loopback address. Commit your configuration and exit out to operational mode.

Step 1.8


Step 1.9

Verify that your PE router has established Open Shortest Path First (OSPF) adjacencies with the neighboring provider (P) routers.

Junos MPLS and VPNs

www.juniper.net VPN Baseline Configuration • Lab 6–3


Step 1.10

Verify that your PE router has established a BGP neighbor relationship with the remote PE router.

Question: Is the neighbor relationship in the established state with the remote PE?

Question: What NLRI type has been negotiated between your PE router and the remote PE router?

Part 2: Configuring the CE Router Properties

In this lab part, you will create a virtual router type routing instance on your device. This virtual router will act as the CE router for the bulk of the rest of the Layer 3 VPN labs.

Step 2.1

Familiarize yourself with the lab diagram titled “Lab 6: Part 2—VPN Baseline (CE)”. Each group of students will delete the CE router from previous labs and create a new CE router.

Step 2.2

Enter configuration mode, navigate to the [edit routing-instances] hierarchy, and delete the configuration for the CE virtual router.

Step 2.3

Navigate to the [edit interfaces] hierarchy. Delete the configuration for ge-1/0/4 and ge-1/1/4.

Step 2.4

Configure your new CE router’s ge-1/1/4 interface, which will be used to connect to your local PE router in future labs. Use the lab diagram to determine the correct addressing.

Junos MPLS and VPNs

Lab 6–4 • VPN Baseline Configuration www.juniper.net

Step 2.5

Navigate to the [edit routing-instances] hierarchy. Configure your CE router’s routing instance specifying a routing instance type of virtual-router and apply the lo0.1 and ge-1/1/4 interfaces to the instance.

Step 2.6

Configure your CE router’s autonomous system (AS) number.

Step 2.7

Configure your CE router’s static routes as listed on the lab diagram. Use a next hop of reject for each of the four static routes.

Step 2.8

Navigate to the [edit policy-options] hierarchy. Create a routing policy that will allow for the redistribution of your direct and static routes. This policy will eventually be used to advertise routes from the CE router to the PE router. Commit your configuration and exit to operational mode.

Step 2.9

View the CE router’s routing table and ensure that the correct direct and static routes are now installed in the table.

Question: What routes appear in your CE router’s routing table?

Step 2.10

Save the configuration for future labs in this course. Save your configuration as jmv-RouterName-vpn-baseline.


www.juniper.net Layer 3 VPN with Static and BGP Routing • Lab 7–110.a.10.3R1.9

Lab 7Layer 3 VPN with Static and BGP Routing

Overview

In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between provider edge (PE) routers. You will also configure both static and BGP routing between your PE and customer edge (CE) routers. You will share your routes with the remote PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).



• Load the VPN baseline configuration for your router. This configuration includes your baseline core configuration including OSPF and BGP. The baseline also contains a virtual router configuration that will act as your CE router for this lab.

• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.

• Create and establish a Layer 3 VPN over the core network.

• Configure static routing between your PE and CE router and share your static PE routes through the Layer 3 VPN using MP-BGP.

• Configure BGP routing between your PE and CE routers and share CE routes through the Layer 3 VPN using MP-BGP.

• Verify connectivity and behavior using command-line interface (CLI) operational mode commands including ping and commands used to examine routing tables and PE-PE BGP announcements.

Junos MPLS and VPNs

Lab 7–2 • Layer 3 VPN with Static and BGP Routing www.juniper.net

Part 1: Loading and Verifying the VPN Baseline Configuration

In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After loading the configuration you will verify the core network is operating as expected. You will review the CE instance configuration so you are familiar with the contents.

Step 1.1

Enter into configuration mode and load the VPN baseline configuration by executing the command: load override jmv-RouterName-vpn-baseline. Commit your configuration changes and exit to operational mode.

Step 1.2

Verify your OSPF and BGP neighborships are established correctly.

Question: Are your OSPF neighbors in a Full state?

Question: Is your BGP peering up and functional?

Step 1.3

Enter into configuration mode. Review and familiarize yourself with the CE instance configuration.

Question: What type of instance is being used.

Question: How many static routes are configured for this instance?

Part 2: Establishing an RSVP Signaled LSP Between PE Routers

In this lab part, you will configure an RSVP-signaled LSP between the PE routers. You will verify reachability using the MPLS ping utility.

Step 2.1

Navigate to the [edit protocols mpls] hierarchy and configure a label-switched-path called pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is mxA-2. The LSP would be named pe1-to-pe2-1. Your LSP should egress at your remote peer’s loopback address. Verify the configuration looks correct. Commit and exit to operation mode when you are satisfied with the changes.

Junos MPLS and VPNs

www.juniper.net Layer 3 VPN with Static and BGP Routing • Lab 7–3

Step 2.2

Verify that the RSVP LSP you just configured is up and functional. Ensure that you have bidirectional LSPs before proceeding. Review the inet.3 routing table to verify that the RSVP route is present and ready to use.

Question: Do you see bidirectional LSPs established?

Question: Is your RSVP route present in the inet.3 routing table?

Step 2.3

Verify MPLS connectivity using the MPLS ping utility.

Question: Does your MPLS ping complete?


Part 3: Configuring the PE to CE Interface

In this lab part, you will configure the PE to CE interface. You will verify reachability using the ping utility.

Step 3.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the appropriate interface properties found on the Lab 5 network diagram. Commit your changes and exit to operational mode to verify reachability to the CE interface.

Step 3.2

Verify connectivity to the CE device using the ping utility with a count value of 3.

Question: Does your ping complete?

Junos MPLS and VPNs


Part 4: Configuring a Layer 3 VPN Instance

In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique route distinguisher and a unique route target. You will include your CE facing interface within this instance. In this lab, you will be using the vrf-target option because of its simplicity. Please note that vrf-import and vrf-export policies would work also.

Step 4.1

Enter into configuration mode and navigate to the [edit routing-instances] hierarchy. Create a new VPN routing and forwarding (VRF) instance named vpn-x.

Step 4.2

Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route distinguisher using your local loopback address to uniquely identify routes advertised from this router. The format should look like this: 192.168.x.y:1.

Step 4.3

Configure your route target. As mentioned previously, you will be using the vrf-target option. Your target will contain the local autonomous system (AS) number and will be uniquely identified by using your pod value. The format for defining your vrf-target is: target:65512:x.

Step 4.4

Include the CE facing interface in your VRF instance.

Step 4.5

Review your recent configuration changes. When you are satisfied with these changes, commit your configuration and exit to operational mode.

Step 4.6

Verify that your VRF routing table has been created and it contains the local and direct routes for your CE facing interface. You can accomplish this by issuing the command: show route table vpn-x.inet.0

Question: Do you see your local and direct routes?


Junos MPLS and VPNs


Part 5: Configuring Static Routing Between the PE and CE Routers

In this lab part, you will configure static routes to pass traffic from your PE router to your CE router. These routes will be passed through the MP-BGP session to the remote PE router so that traffic can be routed from the remote CE site. You will configure a default route on your CE router. You will configure static routes on your PE router, under your VRF instance, for the four static routes already created on the CE device. You will also configure a static route for the loopback address of your CE router. You will verify that these routes are shared with the remote PE device and you must also verify that you are receiving the routes from the remote PE. You will use the ping utility to test the CE to CE connectivity over the Layer 3 VPN.

Step 5.1

Enter configuration mode and navigate to the [edit routing-instances cex-y routing-options] hierarchy. Configure a static default route that points to the PE interface address as the next hop.

Step 5.2

Navigate to the [edit routing-instances vpn-x routing-options] hierarchy. Configure the static routes in your PE instance for the static networks that reside on your CE device. You must also configure a static route for the loopback address of your CE device. All static route next hops should point to the CE interface address.

Step 5.3

Verify that you are advertising your routes to the remote PE router.

Question: What routes are being advertised to the remote PE router?

Step 5.4

Verify that you are receiving routes from the remote PE router.

Question: What routes are you receiving from the remote PE router?

Step 5.5

Review the routes that are installed in your VRF table.

Question: Do you see all the remote PE routes?

Junos MPLS and VPNs


Step 5.6

Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping utility. You will ping the remote CE routers loopback address while sourcing the packets from your local CE’s loopback address. You will send five packets for this test. This can be accomplished using the following command: ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5

Question: Do all your ping packets complete?


Part 6: Configuring BGP Routing Between the PE and CE Routers

In this lab part, you will configure BGP routing to pass routes from your PE to your CE router. These routes will be passed through the MP-BGP session to the remote PE router so that traffic can be routed from the remote CE site. You will verify that your routes are shared with the remote PE device and you will also need to verify that you are receiving the routes from the remote PE. You will use the ping utility to test the CE to CE connectivity over the Layer 3 VPN.

Step 6.1

Enter into configuration mode and navigate to the [edit routing-instances vpn-x routing-options] hierarchy. Delete all static routes that have been applied to the VRF instance.

Step 6.2

Navigate to the [edit routing-instances cex-y routing-options] hierarchy. Remove the static default route that you created in Part 5. Commit and exit to operational mode before proceeding.

Step 6.3

View the routes in your VRF table to verify that you are no longer receiving routes from the remote PE router.

Question: What routes are currently present in your VRF table?

Junos MPLS and VPNs


Step 6.4

Enter into configuration mode and navigate to the [edit routing-instances cex-y protocols bgp] hierarchy. Create an external group called my-ext-group and specify your neighbor address. You must also define your peer-as. Apply the policy exp-policy that you created in Lab 6, as an export policy to your EBGP group. Review your configuration before moving on to the next step.

Step 6.5

Navigate to the [edit routing-instances vpn-x protocols bgp] hierarchy. Create an external group called my-ext-group and specify your neighbor address. You must also define your peer-as. Review your configuration, Commit, and exit to operational mode before moving on to the next step.

Step 6.6

Verify on the PE that you are receiving the advertised BGP routes from your CE router.

Question: Do you see the static routes that you exported with the policy you applied?

Step 6.7

Verify that your PE router is advertising your VPN routes to the remote PE router.

Question: Are you advertising all the bgp routes you are learning from your CE router?

Step 6.8

Verify that you are receiving the VPN routes being advertised from the remote PE router.

Question: Are you receiving all the expected routes that are being exported from the remote PE and CE routers?

Step 6.9

Review the BGP routes you are receiving on your CE router.

Question: Are you receiving all the remote network routes from your PE router?

Junos MPLS and VPNs


Question: What additional steps must you take to determine why the routes are not being received at your CE router?

Step 6.10

Verify that your PE router is advertising these routes to your CE router.

Question: Do you see all the remote network routes being advertised to your CE router?

Step 6.11

Take an extensive look at one of the routes you are receiving from the remote PE router but are not advertising to your CE router.

Question: What is the AS path of this route?

Question: What is the AS of your CE router?

Question: Will the PE router advertise routes to an EBGP peer when the peer’s AS number is present in the AS path?

Step 6.12

Enter into configuration mode and navigate to the [edit routing-instances vpn-x protocols bgp] hierarchy. Configure the external group to override the AS. Remember that we discussed a few methods for overcoming this challenge. You will be using the as-override option because of simplicity. Commit and exit to operational mode.

Step 6.13

Verify that your CE router is now receiving the routes from your PE router after the change.

Question: Do you now see the routes being sent from the remote team in your CE router’s routing table?

Junos MPLS and VPNs


Step 6.14

Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the ping utility. You will ping the remote CE router’s loopback address while sourcing the packets from your local CE router’s loopback address. You will send five packets for this test. This task can be accomplished using the following command: ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5 .

Question: Do your ping requests complete?


Junos MPLS and VPNs


www.juniper.net Route Reflection and Internet Access • Lab 8–110.a.10.3R1.9

Lab 8Route Reflection and Internet Access

Overview

In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs) using RSVP signaling between provider edge (PE) routers. You will alter your internal BGP (IBGP) configuration to peer with a preconfigured route reflector in the core network. You will implement route target filtering on your PE router and you will configure Internet access for the customer edge (CE) router through your PE router.




• Reconfigure your IBGP peering, so that your router peers with the route reflector.

• Configure LDP-signaled label-switched paths (LSPs) to the remote PE router.

• Create a second virtual router that will act as a second CE router and customer network.

• Create and establish two Layer 3 VPNs over the core network.

• Configure BGP routing between your PE and CE routers and share your CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway Protocol (MP-BGP).

• Implement route target filtering on your PE router.

• Configure Internet access for your CE router through your PE router.

• Verify connectivity and behavior throughout the lab using command-line interface (CLI) operational mode commands including ping and commands used to examine routing tables and PE-PE BGP announcements.

Junos MPLS and VPNs

Lab 8–2 • Route Reflection and Internet Access www.juniper.net


In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After loading the configuration, you will verify the core network is operating as expected. You will review the CE instance configuration so you are familiar with the contents.

Step 1.1

Enter into configuration mode and load the VPN baseline configuration by executing the load override jmv-RouterName-vpn-baseline command. Commit your configuration changes and exit to operational mode.

Step 1.2




Step 1.3


Part 2: Configuring Your PE Router to Peer with the Route Reflector

In this lab part, you will reconfigure your IBGP peering so that it peers with a preconfigured route reflector in your core network. You will alter the neighbor address so that you peer with the P2 router in your core network. You will verify that the neighborship establishes and that you are receiving the correct network layer reachability information (NLRI) needed to establish a Layer 3 VPN.

Step 2.1

Navigate to the [edit protocols bgp group my-int-group] hierarchy. Change the current neighbor address using the rename option and add the correct address to peer with the P2 router, which is the acting route reflector for the core network. Commit your change and exit to operational mode.

Step 2.2

Verify that your neighborship has established with the route reflector. Review the BGP neighborship to ensure that you are receiving the correct NLRI to establish a Layer 3 VPN.

Junos MPLS and VPNs

www.juniper.net Route Reflection and Internet Access • Lab 8–3

Question: Is the neighborship established with your new BGP peer?

Question: What NLRIs are you receiving from the route reflector neighbor?

Question: Which NLRI allows you to send and receive information about Layer 3 VPNs?

Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector

In this lab part, you will use LDP to signal LSPs to the remote PE router through the core network as well as to the Route Reflector. You will verify that the LDP LSPs are established and that the LDP routes are installed in your routing table.

Step 3.1

Enter into configuration mode and navigate to the [edit protocols ldp] hierarchy. Add the interface all statement to include all interfaces in LDP. As good practice, remember to disable the management interface. Commit and exit to operation mode when you are satisfied with the changes.

Step 3.2

Verify that the LSPs are established and ready for use.

Step 3.3

Verify that the inet.3 routing table is created and contains the RSVP route to the remote PE router.

Question: Do you see the LDP route to the remote PE router in your inet.3 routing table?

Junos MPLS and VPNs


Part 4: Configuring Another CE Router Using a Virtual Router

In this lab part, you will create another virtual router type routing instance on your device. This virtual router will act as the second CE for this lab, which will allow you to configure two separate sites.

Step 4.1

Familiarize yourself with the lab diagram titled“Lab 8: Part 3-8—Layer 3 VPN Scaling and Internet Access”. Each group of students will configure a second CE router.

Step 4.2

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure a loopback interface using unit 2—this unit will be used as your CE router’s loopback interface.

Step 4.3

Configure your CE router’s ge-1/1/5 interface, which will be used to connect to your local PE router.

Step 4.4

Navigate to the [edit routing-instances cex-y] hierarchy and configure your CE router’s routing instance specifying a routing instance type of virtual-router and apply the lo0 and ge-1/1/5 interfaces to the instance.

Step 4.5

Configure your CE router’s autonomous system (AS) number.

Step 4.6

Configure your CE router’s static routes as listed on the lab diagram. Use a next hop of reject for each of the four static routes. Commit your configuration and exit to operational mode.

Step 4.7

View the CE router’s routing table and ensure that the correct direct and static routes are now installed in the table.

Question: What routes appear in your CE router’s routing table?

Part 5: Configuring the PE to CE Interfaces

In this lab part, you will configure both of the PE to CE interfaces.You will verify reachability using the ping utility.

Junos MPLS and VPNs


Step 5.1

Enter into configuration mode and navigate to the [edit interfaces] hierarchy. Configure the appropriate interface properties found on the lab diagram titled “Lab 8: Part 3-8—Layer 3 VPN Scaling and Internet Access”. You will configure the interfaces for each connection to the two CE routers. Commit your change and exit to operational mode to verify reachability to the CE interface.

Step 5.2

Verify reachability to both CE routers by pinging their interfaces five times.

Question: Do the pings complete?

Part 6: Configuring Two Layer 3 VPN Instances

In this lab part, you will configure two Layer 3 VPN instances. You will create a VPN named vpnx-a, which will connect cex-1 with cex-2. You will then create a VPN named vpnx-b, which will connect cex-3 with cex-4. You will assign a unique route target to each instance and you will include your CE-facing interface within the appropriate instance. In this lab, you will be using the vrf-target option because of its simplicity. Please note that vrf-import and vrf-export policies would work also.

Step 6.1

Enter into configuration mode and navigate to the [edit routing-instances vpnx-a] hierarchy. Configure the routing instance specifying a routing instance type of vrf. Configure your route target. As mentioned previously, you will be using the vrf-target option. Your target will contain the local autonomous system (AS) number and a unique identifier. The format for defining your vrf-target for the vpnx-a instance is: target:65512:x01. Add the ge-1/0/4.6x0 interface to the routing instance. Review your configuration changes and commit when you are satisfied with the changes.

Step 6.2

Navigate to the [edit routing-instances vpnx-b] hierarchy. Configure the routing instance specifying a routing instance type of vrf. Configure your route target. The format for defining your vrf-target for the vpnx-b instance is: target:65512:x02. Add the ge-1/0/5.6x1 interface to the routing instance. Review your configuration changes and when satisfied, commit and exit to operational mode.

Step 6.3

Verify that both VRF tables are created and contain the local network routes.

Question: What routes do the tables contain?

Junos MPLS and VPNs



Part 7: Configuring BGP Routing Between the PE and CE Routers

In this lab part, you will configure BGP routing to pass routes from your CE routers to your PE router. These routes will be passed through the MP-BGP session to the remote PE router so that traffic can be routed from the remote CE sites. You will verify that your routes are shared with the remote PE device and you will also need to verify that you are receiving the routes from the remote PE router for each of the configured VPNs. You will use the ping utility to test the CE to CE connectivity over the Layer 3 VPNs for each site.

Step 7.1

Enter into configuration mode and navigate to the [edit routing-instances vpnx-a protocols bgp] hierarchy. Create an external group called my-ext-group-a and specify your neighbor address. You must also define your peer-as. Remember to add the option as-override to your BGP group, because both the local CE router and the remote CE router are in the same AS. Review your configuration and commit before moving on to the next step.

Step 7.2

Navigate to the [edit routing-instances cex-y protocols bgp] hierarchy, where cex-y is your CE router connected to your VPNx-a instance. Create an external group called my-ext-group and specify your neighbor address. You must also define your peer-as. Apply the policy exp-policy that you created in Lab 6, as an export policy to your EBGP group. Review your configuration, commit, and exit to operational mode.

Step 7.3

Verify that you are receiving the static routes from your CE router at your PE router. You will also need to verify that you are sending these routes to the remote team through the route reflector. Verify that you are also receiving the remote CE router’s static routes at your PE router from the route reflector and that you are receiving the routes from the remote CE router on your local CE router. After verifying that the routes are present on all your routers, verify reachability to the remote CE router by pinging the loopback address five times. This task can be accomplished by issuing the ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5 command.

Note

Check with the team configuring the remote CE router and ensure that they have completed Step 7.2 before proceeding to the next step.

Junos MPLS and VPNs


Question: Are you receiving the routes from you CE router?

Question: Are you sending the routes you learned from your CE router to the route reflector?

Question: Are you receiving the routes being sent from the remote PE router for the remote CE network?

Question: Are you receiving these routes at your CE router?

Question: Did the ping test complete?

Step 7.4

Enter into configuration mode and navigate to the [edit routing-instances vpnx-b protocols bgp] hierarchy. Create an external group named my-ext-group-b and specify your neighbor address. You must also define your peer-as. Remember to add the option as-override to your BGP group, because both the local CE router and the remote CE router are in the same AS. Review your configuration and commit before proceeding to the next step.

Step 7.5

Navigate to the [edit routing-instances cex-y protocols bgp] hierarchy, where cex-y is your CE router connected to your VPNx-b instance. Create an external group named my-ext-group and specify your neighbor address. You must also define your peer-as. Apply the policy exp-policy that you created in Lab 6, as an export policy to your EBGP group. Review your configuration, commit, and exit to operational mode.

Note

If you are not receiving or sending any of the routes from the previous step, please review your configuration and work with the remote team for your pod. Request assistance from the instructor as needed.

Junos MPLS and VPNs


Step 7.6

Verify all routes are being sent and received at the CE router. Because you verified that you can pass routes through the VPN to the remote PE router in Step 7.3, you will start the verification steps on the CE router. If the routes do not appear on the CE router then you will move your investigation to the PE router. After verifying the routes are present on all your routers, verify reachability to the remote CE router by sending a ping to the loopback address 5 times. This task can be accomplished by issuing the ping 192.168.2x.y source 192.168.2x.y routing-instance cex-y count 5 command.

Question: Are you receiving the remote CE router’s routes on your CE router?

Question: Did the ping test complete?


Part 8: Implementing Route Target Filtering

In this lab part, you will implement router filtering on your PE router. You will alter the secondary CE router’s vrf-target, to demonstrate the purpose of route target filtering at the route reflector. You will review the default route advertising behavior from the route reflector by utilizing the keep all option. You will configure the router to signal route target filtering and verify the route reflector is no longer sending you routes with target values for which your PE router is not configured.

Step 8.1

Enter into configuration mode and navigate to the [edit routing-instances vpnx-b] hierarchy. Alter the vrf-target you have configured for this VPN. If you are configuring pe1, then you change your target to target:65512:x03. If you are configuring pe2 you will change you target to target:65512:x04. After making this configuration change, commit and exit to operational mode.

Note

Check with the team configuring the remote CE router and ensure that they have completed Step 7.5 before proceeding to the next step.

Junos MPLS and VPNs


Step 8.2

Review the routes that you have accepted and installed in your bgp.l3vpn.0 routing table.

Question: Do you see the vpnx-b routes for the remote CE router?

Step 8.3

Enter configuration mode and navigate to the [edit protocols bgp] hierarchy. Enable the keep all functionality for your BGP session. This functionality will cause the PE router to keep all VPN routes that are advertised to it from the route reflector, regardless of vrf-target value. Commit your configuration changes and exit to operational mode.

Step 8.4

Review the routes that you have accepted and installed in your bgp.l3vpn.0 routing table after adding the keep all functionality.


Step 8.5

Enter into configuration mode and navigate to the [edit protocols bgp] hierarchy. Configure your router to signal the route target NLRI for the IBGP session to the route reflector.

Step 8.6

Review the routes that you have accepted and installed in your bgp.l3vpn.0 routing table after configuring the PE router to implement the route target filtering NLRI to the route reflector.

Note

Your routes will be advertised to the route reflector, but when you receive the routes for the remote CE router, your PE router will evaluate the target value against the targets configured for your VPNs and reject the routes that do not match the local target values.

Junos MPLS and VPNs



Part 9: Configuring Internet Access Using a Non-VRF Interface

In this lab part, you will establish Internet access for your CE router connected to the vpnx-a instance. You will create another logical unit on the same physical interface connecting the CE router to the PE router. You will create a static default route on the CE router that points to the PE router’s non-VRF interface as the next hop. You will configure the PE router’s non-VRF interface as passive in your IGP, to allow reachability to the CE router from the core network. You will ping one of the core router’s loopback interfaces from your CE device to simulate connectivity to the Internet (networks outside the VPN instance).

Step 9.1

Enter configuration mode and navigate to the [edit interface] hierarchy. Refer to the lab diagram titled “Lab 8: Part 9—Layer 3 VPN Scaling and Internet Access”. Configure the additional logical unit, VLAN, and IP address for both the CE router interface and the PE router interface.

Step 9.2

Navigate to the [edit routing-instances cex-y] hierarchy and add the non-VRF interface. Configure a static default route that points to the non-vrf interface address as the next hop.

Step 9.3

Navigate to the [edit routing-options] hierarchy and create a static route on your PE router that encompasses all of your static routes on your CE router in a single prefix (172.x0.y.0/22). The next hop for this route will be the CE interface address for the non-VRF connection. You will also need to add your CE router’s loopback address as a static route with the same next hop.

Step 9.4

Navigate to the [edit policy-options] hierarchy. Create a policy named statics that will be used to redistribute your static routes into OSPF.

Step 9.5

Navigate to the [edit protocols ospf] hierarchy and add the non-VRF interface as passive. Export the static routes you created in the previous step into your IGP by using the policy static. This action allows the IGP to route traffic back to the CE network through the non-VRF connection. Commit your changes and exit to operational mode.

Junos MPLS and VPNs


Step 9.6

Verify that you can ping the loopback address of one of the core routers five times, sourced from your CE router’s loopback address. You can review one of the network diagrams that outline the core network if you do not recall the loopback addresses of the core routers. In the example provided, the ping is destined to P6’s loopback, sourced from the CE router’s loopback.

Question: Do the ping requests complete?


Junos MPLS and VPNs


www.juniper.net GRE Tunnel Integration • Lab 9–110.a.10.3R1.9

Lab 9GRE Tunnel Integration

Overview

In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will also configure OSPF routing between your PE and customer edge (CE) router. You will share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).




• Configure a VPN routing and forwarding (VRF) table and OSPF routing between your PE router and CE router and redistribute your CE router’s static routes into OSPF.

• Configure a GRE tunnel to the remote PE router.

• Create and add a static route to inet.3.

• Redistribute the MP-BGP routes learned from the remote PE into OSPF.

• Verify connectivity and behavior using operational mode commands including ping and commands used to examine routing tables, and PE-PE BGP announcements.

Junos MPLS and VPNs

Lab 9–2 • GRE Tunnel Integration www.juniper.net


In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After loading the configuration you will verify the core network is operating as expected. You will review the CE instance configuration so you are familiar with the contents.

Step 1.1

Enter into configuration mode and load the VPN baseline configuration by executing the load override jmv-RouterName-vpn-baseline command. Commit your configuration changes and exit to operational mode.

Step 1.2

Verify that your OSPF and BGP neighborships are established correctly.



Step 1.3


Question: Which type of instance is being used.

Question: How may static routes are configured for this instance?

Junos MPLS and VPNs

www.juniper.net GRE Tunnel Integration • Lab 9–3


In this lab part, you will configure the PE to CE interface. You will verify reachability using the ping utility.

Step 2.1

Enter into configuration mode and navigate to the [edit interfaces] hierarchy. Configure the appropriate interface properties found on the Lab 9 network diagram. Commit your change and exit to operational mode to verify reachability to the CE interface.

Step 2.2

Verify connectivity to the CE device using the ping utility with a count value of 3.

Question: Does your ping complete?

Part 3: Configuring a Layer 3 VPN Instance

In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique route target to the VPN. You will include your CE-facing interface within this instance. In this lab, you will be using the vrf-target option because of its simplicity. Please note that vrf-import and vrf-export policies would work also.

Step 3.1

Enter into configuration mode and navigate to the [edit routing-instances] hierarchy. Create a new VRF instance named vpn-x.

Step 3.2

Navigate to the [edit routing-instances vpn-x] hierarchy. Configure your route target. As mentioned earlier, you will be using the vrf-target option. Your target will contain the local autonomous system (AS) number and will be uniquely identified by using your pod value. The format for defining you vrf-target is: target:65512:x.

Step 3.3

Include the CE-facing interface in your VRF instance.

Step 3.4

Review your recent configuration changes. When you are satisfied with these changes, commit your configuration and exit to operational mode.

Step 3.5

Verify that your VRF routing table has been created and it contains the local and direct routes for your CE-facing interface. You can accomplish this task by issuing the show route table vpn-x.inet.0 command.

Junos MPLS and VPNs


Question: Do you see your local and direct routes?

Part 4: Configuring OSPF Routing Between the PE and CE Routers

In this lab part, you will configure OSPF routing between your PE and CE routers. These routes will be passed through the MP-BGP session to the remote PE router. You will verify that these routes are shared with the remote PE device and you will also need to verify that you are receiving the routes from the remote PE router.

Step 4.1

Enter into configuration mode and navigate to the [edit policy-options] hierarchy. Create a policy named statics that will be used to redistribute your CE router’s static routes into OSPF.

Step 4.2

Navigate to the [edit routing-instances cex-y] hierarchy. Configure your CE router’s loopback and Ethernet interfaces as OSPF area 0.0.0.0 interfaces.

Step 4.3

Apply the statics policy as an export policy to your CE router’s OSPF instance.

Step 4.4

Navigate to the [edit routing-instances vpn-x] hierarchy. Configure you PE router’s VRF interface an OSPF area 0.0.0.0 interface. Commit your configuration and exit to operational mode.

Step 4.5

Verify that the CE router and PE router have established an OSPF adjacency with each other.

Question: Has the CE router established an OSPF adjacency with the local PE router?

Step 4.6

Verify that the static routes that are being redistributed by the CE router can be found in the VRF table of the PE router.

Question: Are the static routes from the local CE router being received by your PE router as OSPF routes?

Junos MPLS and VPNs


Step 4.7

Verify that you are advertising your OSPF routes to the remote PE router as BGP routes.

Question: What routes are being advertised to the remote PE router?

Step 4.8

Verify that you are receiving routes from the remote PE router.

Question: What routes are you receiving from the remote PE router?

Question: Why are no BGP routes being stored in the VRF table?

Step 4.9

Determine whether any hidden routes are being received from the remote PE router.

Question: Are any hidden routes being received from the remote PE router? Why are the routes hidden?

Part 5: Establishing a GRE Tunnel Between PE Routers

In this lab part, you will configure a GRE tunnel between the PE routers.

Step 5.1

Enter configuration mode and navigate to the [edit chassis] hierarchy. Enable 1 Gbps tunnel service on FPC 1/PIC 0.

Junos MPLS and VPNs


Step 5.2

Navigate to the [edit interfaces] hierarchy and configure a tunnel interface named gr-1/0/10.0. The interface should source packets from the local PE router’s loopback address. The interface should be configured to send packets destined to the remote PE router’s loopback address. Finally, enable forwarding of MPLS and IPv4 traffic on the tunnel interface. Commit your configuration and exit to operational mode.

Step 5.3

Verify that the GRE interface is up and functional.

Question: Is the gr-1/0/10 interface in the up state?

Part 6: Creating and Adding a Static Route to inet.3

Step 6.1

Enter configuration mode and navigate to the [edit routing-options] hierarchy. Create a static route to the loopback address of the remote PE router that will exist only in inet.3 and has a next hop of the gr-1/0/10.0 interface. Commit your configuration and exit to operational mode.

Step 6.2

Verify that the new static route exists in inet.3 and only inet.3.

Question: In which routing table has the static route been placed?

Step 6.3

Review the routes that are installed in your VRF table.

Question: Do you see all the remote PE routes?

Question: What is the next hop for the routes that have been received from the remote PE router?

Junos MPLS and VPNs


Step 6.4

Verify that you have connectivity from CE router to CE router through the Layer 3 VPN by using the ping utility. You will ping the remote CE router’s loopback address while sourcing the packets from your local CE router’s loopback address. You will send five packets for this test. This task can be accomplished using the following command: ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5 .

Question: Do all your ping packets complete? Can you think of a reason why they would not complete?

Step 6.5

Review the routes that are installed in the CE router’s routing table.

Question: Do you see all the remote routes?

Step 6.6

Review the LSAs that currently exist in the CE router’s link state database.

Question: Why do you think the remote networks are not present in your CE router’s link state database?

Question: How are the routes learned from the remote PE routers? How are these routes characterized in your PE router’s VRF table? What protocol is running on the PE/CE link?

Question: Will the default OSPF export policy advertise routes learned by BGP?


Junos MPLS and VPNs


Part 7: Redistributing BGP Routes into OSPF

In this lab part, you will configure a routing policy that will take the BGP routes learned from the remote PE router and redistribute them into OSPF.

Step 7.1

Enter configuration mode and navigate to the [edit policy-options] hierarchy. Create a policy named bgp-to-ospf that will will be used to redistribute BGP routes into OSPF.

Step 7.2

Navigate to [edit routing-instances vpn-x] and apply the bgp-to-ospf policy as an export policy to the VRF’s OSPF instance. Commit your configuration and exit to operational mode.

Step 7.3

Review the LSAs that currently exist in the CE router’s link state database.

Question: Do any LSAs exist in the OSPF link state database that represent the network from the remote site? Why or why not?

Question: What LSA types are being used to represent the remote networks? Like what type of OSPF router is the PE router behaving?

Step 7.4

Verify that you have connectivity from CE router to CE router through the Layer 3 VPN by using the ping utility. You will ping the remote CE router’s loopback address while sourcing the packets from your local CE router’s loopback address. You will send five packets for this test. This task can be accomplished using the following command: ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5 .



www.juniper.net BGP Layer 2 VPNs • Lab 10–110.a.10.3R1.9

Lab 10BGP Layer 2 VPNs

Overview

In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN) using LDP signaling between provider edge (PE) routers. Once the virtual LAN (VLAN)-based Layer 2 VPN is operational, you will configure the customer edge (CE) routers to run one of several available routing protocols and advertise their static route and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE routers will not interact with the routing protocols used on the CE routers.




• Configure an LDP-signaled label-switched path (LSP) to the remote PE router.

• Add protocol BGP support for the Layer 2 VPN network layer reachability information (NLRI).

• Create and establish a BGP Layer 2 VPN over the core network.

• Add OSPF to your CE network and create a neighborship between your CE router and the remote CE router.

• Export your static routes into OSPF and share these routes with the remote CE network.

• Verify connectivity and behavior using operational mode commands including ping and commands used to examine routing tables.

Junos MPLS and VPNs

Lab 10–2 • BGP Layer 2 VPNs www.juniper.net


In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After loading the configuration, you will verify that the core network is operating as expected. You will review the CE instance configuration so you are familiar with the contents.

Step 1.1

Enter configuration mode and load the VPN baseline configuration by executing the load override jmv-RouterName-vpn-baseline command. Commit your configuration changes and exit to operational mode.

Step 1.2




Step 1.3

Enter configuration mode. Review and familiarize yourself with the CE instance configuration.


Question: How many static routes are configured for this instance?

Part 2: Establishing a LDP Signaled LSP Between PE Routers

In this lab part, you will use LDP to signal your LSP to the remote PE router. You will begin by adding your core-facing interface to the LDP protocol. You will then verify reachability through the LSP to the remote CE router. Please refer to the lab diagram titled “Lab 10: Parts 1-2—BGP Layer 2 VPN” for the appropriate core-facing interfaces.

Junos MPLS and VPNs

www.juniper.net BGP Layer 2 VPNs • Lab 10–3

Step 2.1

Navigate to the [edit protocols ldp] hierarchy. Add your two core-facing interfaces, as well as your loopback interface. Commit your configuration changes and exit to operational mode.

Step 2.2

Verify that LDP is established and has valid neighbors using the following commands: show ldp session and show ldp neighbor.

Question: Do you see neighborships established with your two peer provider (P) routers?

Step 2.3

Verify MPLS connectivity using the MPLS ping utility.

Question: Are your MPLS pings successful?


In this lab part, you will configure the PE to CE interface. You will add the correct VLAN tag and ensure that the proper encapsulation is configured. Later, you will add this interface to your BGP Layer 2 VPN instance. You will also reconfigure the CE to PE interface. Both the local CE interface and the remote CE interface must be on the same network. Please refer to the lab diagram titled “Lab 10: Parts 3-5—BGP Layer 2 VPN” for the remaining tasks in this lab.

Step 3.1

Navigate to the [edit interfaces] hierarchy. Configure the PE to CE interface properties outlined in the lab diagram. You will start with enabling vlan-tagging for the interface. You will configure the interface to handle vlan-ccc encapsulation. When you configure the unit, you will also have to specify the encapsulation for the logical interface also. Because we are configuring a Layer 2 VPN there will not be any Layer 3 information associated with this interface. Assign the correct vlan-id value and commit your changes.

Step 3.2

Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit interfaces ge-1/1/4] hierarchy and configure this interface’s properties following the details provided in the network diagram. Note that both the local and remote CE router interfaces will be on the same Layer 3 network.

Junos MPLS and VPNs


Question: Why must both CE router interfaces be in the same network?

Part 4: Configuring a BGP Layer 2 VPN Instance

In this lab part, you will configure a BGP Layer 2 VPN instance. You begin by enabling BGP to signal the Layer 2 NLRI. You will create your BGP Layer 2 VPN instance and assign a unique route distinguisher and a unique route target. You will include your CE-facing interface within this instance. In this lab you will be using the vrf-target option because of its simplicity. Please note that vrf-import and vrf-export policies would work also.

Step 4.1

Navigate to the [edit protocols bgp] hierarchy and enable Layer 2 VPN signaling. This action enables the PE router to signal and understand incoming Layer 2 NLRI information.

Step 4.2

Navigate to the [edit routing-instances] hierarchy. Create a new instance called vpn-x. Configure the instance type as l2vpn.

Step 4.3

Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route distinguisher using your local loopback address to uniquely identify routes advertised from this router. The format should resemble the following: 192.168.x.y:1.

Step 4.4

Configure your route target. As mentioned earlier, you will be using the vrf-target option. Your target will contain the local autonomous system (AS) number and will be uniquely identified by using your pod value. The format for defining you vrf-target is: target:65512:x

Step 4.5

Include the CE-facing interface in your Layer 2 VPN instance.

Step 4.6

Navigate to the [edit routing-instances vpn-x protocols l2vpn] hierarchy. Configure the protocol properties for the BGP Layer 2 VPN. You will be using the encapsulation type ethernet-vlan. You will configure your site name to reflect the name of your CE router (cex-y). Please refer to lab diagram to determine which site identifier you should use. Because we are only dealing with 2 sites, you will not need to configure the remote site ID. You must also indicate the interface that will be participating in your BGP Layer 2 VPN. Commit and exit to operational mode after you have completed your changes.

Junos MPLS and VPNs

www.juniper.net BGP Layer 2 VPNs • Lab 10–5

Question: With which remote site will your configuration automatically associate?

Verify your Layer 2 VPN connection by issuing the show l2vpn connections command.

Question: What is the status of your connection?

Step 4.7

Verify reachability from your CE router to the remote CE router. You will ping the remote CE to PE interface five times, sourced from your local CE to PE interface using the ping 10.0.x0.y routing-instance cex-y count 5 command.



Part 5: Configuring Routing Protocols on the CE Router

In this lab part, you will configure OSPF on your CE router. You will create a policy that will export your static routes to your OSPF neighbor. You will peer with the remote CE router across the BGP Layer 2 VPN you created in Part 4. You will configure the CE router to share the static routes that you have configured. You will verify that you are receiving the remote networks and verify reachability to the remote loopback using the ping utility.

Step 5.1

Enter configuration mode and navigate to the [edit policy-options] hierarchy. Create a policy named statics that will be used to redistribute your static routes into OSPF.

Note


Junos MPLS and VPNs


Step 5.2

Navigate to the [edit routing-instances cex-y protocols ospf] hierarchy. Configure your loopback and PE-facing interface under area 0.

Step 5.3

Apply the policy statics you defined as an export policy to your OSPF protocol. This action will export your static routes to your peer. Commit and exit to operational mode.

Step 5.4

Verify that your neighborship has established for your CE router by including the instance cex-y option.

Step 5.5

Review the routes being learned by OSPF and ensure you have the remote CE router’s static routes by issuing the show route protocol ospf table cex-y.inet.0 command.

Question: Do you see all the remote CE router’s static routes?

Step 5.6

Verify you have reachability to the remote CE network by pinging the remote CE router’s loopback address five times, while sourcing the packets from your local CE router’s loopback address.

Question: Do your pings complete?


Note


www.juniper.net Circuit Cross Connect and LDP Layer 2 Circuits • Lab 11–110.a.10.3R1.9

Lab 11Circuit Cross Connect and LDP Layer 2 Circuits

Overview

In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational, you will configure the customer edge (CE) routers to run one of several available routing protocols and advertise their static route and loopback address blocks. Because this is a Layer 2 circuit, the PE routers will not interact with the routing protocols used on the CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2 circuit configuration and configure a circuit cross connect (CCC) connection. You will then verify the connection again from CE to CE.




• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.

• Create and establish an LDP Layer 2 circuit over the core network.

• Add OSPF to your CE network and create a neighborship between your local CE router and the remote CE router.

• Export your static routes into OSPF and share these routes with the remote CE network.

• Create and establish a CCC Layer 2 connection over the core network.

• Verify connectivity and behavior using operational mode commands including ping and commands used to examine routing tables.

Junos MPLS and VPNs

Lab 11–2 • Circuit Cross Connect and LDP Layer 2 Circuits www.juniper.net



Step 1.1


Step 1.2




Step 1.3



Part 2: Establishing an RSVP-Signaled LSP Between PE Routers

In this lab part, you will use RSVP to signal an LSP to the remote PE router through the core network. You will verify that the RSVP LSP is established and the RSVP route is installed in your routing table. You will configure an extended LDP session by adding your loopback interface to LDP protocol configuration, because an LDP Layer 2 circuit requires LDP signaling for exchanging virtual circuit (VC) labels between PE routers.

Junos MPLS and VPNs

www.juniper.net Circuit Cross Connect and LDP Layer 2 Circuits • Lab 11–3

Step 2.1

Navigate to the [edit protocols mpls] hierarchy. Configure a label-switched-path called pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your remote peer’s loopback address. Verify that the configuration looks correct. Commit and exit to operation mode when you are satisfied with the changes.

Step 2.2

Navigate to the [edit protocols ldp] hierarchy and configure an extended LDP session by adding the loopback interface to the LDP protocol. As mentioned previously, this will allow LDP to exchange VC labels between the PE routers. Commit your configuration changes and exit to operational mode.

Step 2.3

Verify that the LSP has been established and is ready for use.

Step 2.4

Verify that the inet.3 routing table has been created and contains the RSVP route to the remote PE router.

Question: Do you see the RSVP route to the remote PE router in your inet.3 routing table?


In this lab part, you will configure the PE to CE interface. You will add the correct VLAN tag and ensure that the proper encapsulation is configured. Later, you will add this interface to your LDP Layer 2 circuit instance. You will also reconfigure the CE to PE interface because both the local CE interface and the remote CE interface must be on the same network. Please refer to the lab diagram titled “Lab 11: LDP Layer 2 Circuit” for interface properties.

Step 3.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the PE to CE interface properties outlined in the lab diagram. You will start with enabling vlan-tagging for the interface. You will configure the interface to handle vlan-ccc encapsulation. When you configure the unit, you will also have to specify the encapsulation for the logical interface. Because you are configuring a Layer 2 VPN, no Layer 3 information is associated with this interface. Assign the correct vlan-id value and commit your changes.

Junos MPLS and VPNs


Step 3.2

Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit interfaces ge-1/1/4] hierarchy and configure the interface properties following the details provided in the network diagram. Note that both the local and remote CE router interfaces will be on the same Layer 3 network. Commit your configuration changes.

Question: Why must both CE router interfaces be in the same network?

Part 4: Configuring a LDP Layer 2 Circuit

In this lab part, you will configure an LDP Layer 2 circuit. You will create the circuit to the remote PE router’s loopback address and assign the correct CE-facing interface. You will assign a unique VC identifier. You will then verify that the circuit has been signaled and is functioning properly.

Step 4.1

Navigate to the [edit protocols l2circuit] hierarchy and specify the neighbor address for the circuit. Add the PE to CE interface that will be participating in this neighborship and assign this interface a VC identifier value of x to the interface. Review your configuration changes, commit, and exit to operational mode.

Step 4.2

Verify that the LDP Layer 2 circuit is up and functional by issuing the show l2circuits connections command.

Question: What is the status of your circuit?

Question: Can you tell from the output what your VC identifier is?

Note


Junos MPLS and VPNs


Step 4.3

Verify reachability from your CE router to the remote CE router. You will ping the remote CE to PE interface five times, sourced from your local CE to PE interface using the ping 10.0.x0.y routing-instance cex-y count 5 command.



Part 5: Configuring Routing Protocols on the CE Router

In this lab part, you will configure OSPF on your CE router. You will create a policy that will export your static routes to your OSPF neighbor. You will peer with the remote CE router across the LDP Layer 2 circuit you created in Part 4. You will configure the CE router to share the static routes that you have configured. You will verify that you are receiving the remote networks and verify reachability to the remote loopback using the ping utility.

Step 5.1

Enter configuration mode and navigate to the [edit policy-options] hierarchy. Create a policy named statics that will be used to redistribute your static routes into OSPF.

Step 5.2

Navigate to the [edit routing-instances cex-y protocols ospf] hierarchy. Configure your loopback and PE-facing interface under area 0.

Step 5.3

Apply the policy statics you defined as an export policy to your OSPF protocol. This change will export your static routes to your peer. Commit and exit to operational mode.

Step 5.4

Verify that your neighborship has established for your CE router by including the instance cex-y option.

Note


Junos MPLS and VPNs


Step 5.5

Review the routes being learned by OSPF and ensure that you have the remote CE router’s static routes by issuing the show route protocol ospf table cex-y.inet.0 command.

Question: Do you see all the remote CE router’s static?

Step 5.6

Verify that you have reachability to the remote CE network by pinging the remote CE router’s loopback address five times, while sourcing the packets from your local CE router’s loopback address.

Question: Do your pings complete?


Part 6: Configuring a CCC Connection Between PE Routers

In this lab part, you will establish a point-to-point Layer 2 VPN using the Junos operating system’s CCC feature in support of a VLAN environment. MPLS-tagged VLAN frames will be transported between PE routers over an RSVP-signaled LSP. Once the Layer 2 CCC connection is established, you will verify that your CE routers can route using OSPF. Because this is a Layer 2 VPN, the PE routers will not interact with the routing protocols used on the CE routers. Please refer to the lab diagram titled “Lab 11: Circuit Cross Connect” for interface properties.

Step 6.1

Enter configuration mode. Delete your LDP Layer 2 circuit configuration and delete the ge-1/0/4 interface configuration. Commit your configuration changes.

Step 6.2

Navigate to the [edit interfaces ge-1/0/5] hierarchy. Configure the PE to CE interface properties outlined in the lab diagram. You will start with enabling vlan-tagging for the interface. You will configure the interface to handle vlan-ccc encapsulation. When you configure the unit, you will also have to specify the encapsulation for the logical interface. Because we are configuring a Layer 2 connection, no Layer 3 information is associated with this interface. Assign the correct vlan-tag value and commit your changes

Junos MPLS and VPNs


Step 6.3

Navigate to the top of the [edit] hierarchy and issue the command replace pattern ge-1/1/4 with ge-1/1/5. This action will change all references in the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used in the lab diagram. Verify that the interface being applied for the CE routing instance has been changed. Remember to verify the change also applied to your CE router’s OSPF configuration. When you are satisfied with the change commit your configuration.

Step 6.4

Navigate to the [edit protocols connections] hierarchy and configure a remote-interface-switch named vpn-x. Assign your PE interface used to connect to your CE router (ge-1/0/5.6x0) to the interface switch. For the interface you assign, you have to specify the transmit-lsp lsp-name and the receive-lsp lsp-name for the traffic to use to get to and from the remote end of the connection. You will assign the RSVP LSP that you configured in Part 2 as you transmit LSP and you will assign the LSP that the remote team created as you receive LSP. If you do not remember the names, you can view them in the output from the run show mpls lsp command. Commit your configuration changes and exit to operational mode.

Step 6.5

Verify that the CCC connection is up and ready to use by issuing the show connections command.

Question: What is the status of the CCC connection?

Step 6.6

Verify that you can ping five times through the CCC circuit you just configured.

Question: Do your ping packets complete?

Step 6.7

Verify that your OSPF neighborship has established over the CCC circuit.

Note


Junos MPLS and VPNs


Question: What is the state of your OSPF adjacency?


www.juniper.net Virtual Private LAN Service • Lab 12–110.a.10.3R1.9

Lab 12Virtual Private LAN Service

Overview

In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS between provider edge (PE) routers. You will also configure a virtual switch to act as the customer edge (CE) router. There will be redundant links between the PE and CE routers so you will be required to prevent any Layer 2 loops from forming.



• Load the virtual private network (VPN) baseline configuration for your router. This configuration includes your baseline core configuration including Open Shortest Path First (OSPF) and BGP. The baseline also contains a virtual router configuration that will be used to generate data traffic for this lab.

• Configure Layer 2 interfaces and apply them to a virtual switch that you will configure to act as the CE router.

• Configure LDP signaling to enable MPLS label-switched paths (LSPs) between PE routers.

• Configure an LDP VPLS.

• Configure a BGP VPLS.

• Configure redundant links between CE and PE routers and prevent Layer 2 loops from forming.

• Verify connectivity and behavior using operational mode commands including ping and commands used to examine routing tables, and PE to PE router BGP announcements.

Junos MPLS and VPNs

Lab 12–2 • Virtual Private LAN Service www.juniper.net



Step 1.1


Step 1.2

Verify that your OSPF and BGP neighbor relationships are established correctly.



Step 1.3

Enter configuration mode. Review and familiarize yourself with the CE instance configuration.



Junos MPLS and VPNs

www.juniper.net Virtual Private LAN Service • Lab 12–3

Part 2: Adjusting the Properties of the Virtual Router

In this lab part, you will rename the virtual router from the baseline lab. You will also change the IP address of the ge-1/1/4 interface as shown in the lab diagram. These changes will be made because a virtual switch will act as a the CE device in this lab, not the virtual router. The virtual router will be used to generate ping traffic for testing the VPLS.

Step 2.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the appropriate interface properties for the ge-1/1/4 interface as found on the lab diagram titled “Lab 12: Parts 1-6 - LDP VPLS”.

Step 2.2

Navigate to the [edit routing-instances] hierarchy and rename the virtual router routing instance to c-routerx-y. Commit your configuration so far.

Part 3: Configuring a Virtual Switch Instance

In this lab part, you will configure a virtual switch that will act as a CE device for this lab. The virtual switch will be configured to have one interface that connects to the customer virtual router and two interfaces that connect to the PE router. Use the lab diagram to see the intended connectivity.

Step 3.1

Create a new virtual switch instance named ce-vsx-y.

Step 3.2

Navigate to the [edit interfaces] hierarchy and configure the three Layer 2 interfaces that will be used by the virtual switch. Make sure to specify an encapsulation of flexible-ethernet-services at the physical interface level and an encapsulation of vlan-bridge at the subinterface level.

Step 3.3

Navigate to the [edit routing-instances ce-vsx-y] and configure a bridge domain named vlan_6x0 using the appropriate virtual LAN (VLAN) ID. Add the three Layer 2 interfaces to the new bridge domain. Commit your configuration and exit to operational mode.

Step 3.4

Verify the status of the Layer 2 CE device using the show bridge domain command.

Question: Have the correct three interfaces been applied to the correct routing instance and bridge domain?

Junos MPLS and VPNs


Part 4: Enabling LDP Signaling in the Core

In this lab part, you will configure LDP as the signaling protocol for MPLS in the core. LDP will be used to both signal the MPLS LSPs between PE routers and also advertise the VPLS forwarding equivalency class (FEC) information between PE routers.

Step 4.1

Enter configuration mode and navigate to the [edit protocols ldp] hierarchy. Enable LDP on the core-facing interfaces as well as the loopback interface. You might need to refer to the lab diagram titled “Lab 1: Part 1—Static LSPs (Infrastructure)” to determine the names of the core-facing interfaces. Commit your configuration and exit to operational mode.

Question: Can you think of a reason why you need to configure LDP to run on the loopback interface?

Step 4.2

Use the show ldp neighbor command to determine the status of your neighbors.

Question: Has the PE router established relationships with the locally connected provider (P) routers?

Step 4.3

Use the show ldp database command to determine whether an LSP has been established from your PE router to the remote PE router. Do not proceed until the LSP has been established to the remote PE router.

Question: Has an LSP been established to the remote PE router?


Junos MPLS and VPNs


Part 5: Configuring an LDP VPLS Instance

In this lab part, you will configure an LDP VPLS instance. You will include the CE router-facing interface within this instance.

Step 5.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure ge-1/0/6 interface to be used as the CE router facing interface for the VPLS.

Step 5.2

Navigate to the [edit routing-instances] hierarchy. Create a new VPLS instance named vpn-x.

Step 5.3

Navigate to the [edit routing-instances vpn-x] hierarchy. Add the ge-1/0/6 interface to the routing instance.

Step 5.4

Create an LDP VPLS using a VPLS ID of x00 and specify the remote PE router as the neighbor. Commit your configuration and exit to operational mode.

Step 5.5

Check the status of the VPLS connection using the show vpls connections command.

Question: Has a VPLS pseudowire been established to the remote PE router?

Question: What does the legend suggest the current state might be? What is the solution to the problem?

Step 5.6

Enter configuration mode and navigate to the [edit chassis]hierarchy. Enable tunnel services on FPC slot 1, PIC slot 0 at a bandwidth of 1 Gbps. Commit your configuration and exit to operational mode.

Step 5.7

Check the status of the VPLS connection using the show vpls connections extensive command. Ensure that the remote group has completed the previous step of the lab.

Junos MPLS and VPNs



Question: What transmit and receive labels have been reserved for the VPLS?

Question: What local interfaces are listed as participating in the VPLS?

Step 5.8

Verify that you have connectivity from the local customer router to the remote customer router through the VPLS by using the ping utility. You will ping the remote customer router’s ge-1/1/4 address. You will send five packets for this test. This task can be accomplished using the following command: ping 10.0.x0.y routing-instance c-routerx-y count 5.


Answer: Yes, they should all complete. If they do not, please review your configuration and request assistance from your instructor, if needed.

Step 5.9

Use the show vpls statistics command to view details of traffic that has traversed the VPLS.

Question: How many broadcast packets have been received on the ge-1/0/6 interface? Can you think of a reason why the PE router has received a broadcast packet?

Step 5.10

Use the show vpls mac-table command to determine whether the PE router has learned any MAC addresses. You might need to issue another ping from the local customer router to allow for the PE router to learn MAC addresses.

Junos MPLS and VPNs


Question: Of the MAC addresses that have been learned, which one is owned by the local customer router and which one is owned by the remote customer router?

Part 6: Using MSTP to Prevent a Layer 2 Loop in a VPLS

In this lab part, you will add an extra interface for redundancy between the PE and CE routers that will cause a Layer 2 loop to form. To ensure that only one interface is learning and forwarding at any one time, you will configure Multiple Spanning Tree Protocol (MSTP) between the PE and CE routers using a Layer 2 control instance on the PE router.

Step 6.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/7 interface to be used as the CE router-facing interface for the VPLS. Remember that you have already added the peer interface to the CE router (ge-1/1/7).

Step 6.2

Navigate to the [edit routing-instances] hierarchy. Add the ge-1/0/7 interface to the VPLS. Commit your configuration and exit to operational mode.

Step 6.3

Be aware that you have now created a Layer 2 loop between the PE and CE routers! Verify with the show vpls connections extensive command that the new interface has been added to the VPLS.

Question: Which interfaces are now listed as participating in the VPLS?

Step 6.4

Verify that a Layer 2 loop is in the network by issuing the command, ping 10.0.x0.255 routing-instance c-routerx-y count 5.

Junos MPLS and VPNs


Question: Based on the results of the ping, does there appear to be a Layer 2 loop in the network?

Step 6.5

Enter configuration mode and navigate to the [edit routing-instance] hierarchy. Create a new Layer 2 control instance named vpn-x-l2control.

Step 6.6

In the vpn-x-l2control instance, configure MSTP to run on the ge-1/0/6 and ge-1/0/7 interfaces. Set the MSTP configuration name to vpn-x and the revision level to 1.

Step 6.7

In the ce-vsx-y virtual switch instance, configure MSTP to run on the ge-1/1/6 and ge-1/1/7 interfaces. Set the MSTP configuration name to vpn-x and the revision level to 1. Commit your configuration and exit to operational mode.

Step 6.8

Use the show spanning tree interface for both the virtual switch and the Layer 2 control instance to determine which interfaces are in the FWD (forwarding) state and which interfaces are in the BLK (blocking) state.

Question: Are there any interfaces currently in the blocking state?

Question: Does a Layer 2 loop exist between the PE and CE routers?

Step 6.9

Verify that a Layer 2 loop has been removed from the network by issuing the command, ping 10.0.x0.255 routing-instance c-routerx-y count 5.

Junos MPLS and VPNs




Part 7: Adding a Subinterface to the Virtual Router

In this lab part, you will begin using the “Lab 12: Parts 7-9 - BGP VPLS” diagram. You will add a new subinterface to ge-1/1/4 interface as shown in the lab diagram. These changes will be made so the virtual router can be used to generate ping traffic for testing the BGP VPLS.

Step 7.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the appropriate interface properties for the ge-1/1/4 interface as found on the lab diagram titled “Lab 12: Parts 7-9 - BGP VPLS”.

Step 7.2

Navigate to the [edit routing-instances] hierarchy and add the ge-1/1/4.6x1 interface to the virtual router. Commit your configuration so far.

Part 8: Configuring the Virtual Switch Instance

In this lab part, you will configure the virtual switch to have a another subinterface that connects to the customer virtual router and two interfaces that connect to the PE router. Use the lab diagram to see the intended connectivity.

Step 8.1

Navigate to the [edit interfaces] hierarchy and configure the three Layer 2 interfaces that will be used by the virtual switch. Make sure to specify an encapsulation of flexible-ethernet-services at the physical interface level and an encapsulation of vlan-bridge at the subinterface level.

Step 8.2

Navigate to the [edit routing-instances ce-vsx-y] and configure a bridge domain named vlan_6x1 using the appropriate VLAN ID. Add the three Layer 2 interfaces to the new bridge domain. Commit your configuration and exit to operational mode.

Step 8.3

Verify the status of the Layer 2 CE device using the show bridge domain command.

Junos MPLS and VPNs


Question: Have the correct three interfaces been applied to the correct routing instance and bridge domain?

Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers

In this lab part, you will configure a BGP VPLS instance. You will include the ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a Layer 2 loop from forming, your will use the active-interface command.

Step 9.1

Enter into configuration mode and navigate to the [edit protocols bgp] hierarchy. Configure your PE router to PE router BGP session to support l2vpn signaling.

Step 9.2

Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/8 and ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.

Step 9.3

Navigate to the [edit routing-instances] hierarchy. Create a new VPLS instance named vpn-x1.

Step 9.4

Navigate to the [edit routing-instances vpn-x1] hierarchy. Add the ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.

Step 9.5

Configure a route target community of target:65512:x00 for the VPLS.

Step 9.6

Create a BGP VPLS naming the site after your CE, ce-vsx-y, and specify a site ID that matches the y value of the CE router name. Commit your configuration and exit to operational mode.

Step 9.7

Verify that there is a Layer 2 loop in the network by issuing the command, ping 10.0.x1.255 routing-instance c-routerx-y count 5.

Junos MPLS and VPNs



Step 9.8

Enter configuration and mode and navigate to the [edit routing-instances vpn-x1] hierarchy. To prevent that loop, configure the ge-1/0/8 interface as the active-interface for the site. Commit your configuration and exit to operational mode.

Step 9.9

Check the status of the VPLS connection using the show vpls connections extensive command. Ensure that the remote group has completed the previous step of the lab.


Question: What local interfaces are listed as participating in the VPLS?

Question: Can you tell from the output of the command which CE router-facing interface is currently active?

Step 9.10

View the vpn-x1 routing table by using the show route table vpn-x1 extensive command. Analyze the route that was received from your remote neighbor.

Question: What is the Site ID, Label Offset, Label Base, and Range of the label block advertised by your remote neighbor?

Junos MPLS and VPNs


Step 9.11

Verify that you have connectivity from the local customer router to the remote customer router through the VPLS by using the ping utility. You will ping the remote customer router’s ge-1/1/4 address. You will send five packets for this test. This task can be accomplished using the following command: ping 10.0.x1.y routing-instance c-routerx-y count 5.


Step 9.12


Question: Which CE router-facing interface is being used for forwarding in the vpn-x1 routing instance?

Step 9.13

Enter configuration mode and disable the ge-1/0/8 interface. Commit your configuration and exit to operational mode.

Step 9.14

Check the status of the VPLS connection using the show vpls connections extensive command.

Question: Can you tell from the output of the command which interface is being used for learning and forwarding between the PE and CE routers?

Step 9.15

Verify that you have connectivity from the local customer router to the remote customer router through the VPLS by using the ping utility. Ping the remote customer router’s ge-1/1/4 address. Send five packets for this test. This task can be accomplished using the following command: ping 10.0.x1.y routing-instance c-routerx-y count 5.

Junos MPLS and VPNs



Step 9.16


Question: Which CE router-facing interface is being used for forwarding?


Junos MPLS and VPNs


www.juniper.net Carrier-of-Carrier VPNs • Lab 13–110.a.10.3R1.9

Lab 13Carrier-of-Carrier VPNs

Overview

In this lab you, will establish a BGP virtual private LAN service (VPLS) between two provider edge (PE) routers that belong to different autonomous systems (ASs). Carrier-of-carrier virtual private networks (VPNs) option C will be used to provide the PE to PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from the provider PE routers to pass customer internal routes between ASs. You will also use labeled-unicast address family when passing routes between the provider PE router and the customer CE routers. Finally, you will configure the customer CE routers to pass any learned routes from the provider (remote customer site routes) to the customer PE router using the labeled-unicast address family.



• Load the VPN baseline configuration for your router. This configuration includes your baseline core configuration including OSPF and BGP. The baseline also contains a virtual router configuration that you will delete.

• Configure a virtual router to generate traffic from the subscriber sites.

• Configure a Layer 3 VPN between the provider PE routers and configure an multiprotocol EBGP session with the customer CE router using the labeled-unicast address family.

• Configure a bidirectional LSP between the provider PE routers and between the customer PE and CE.

• Configure an IBGP session between the customer CE and PE using the labeled-unicast address family.

• Configure a multihop EBGP session between the customer CE routers using the l2vpn address family.

• Configure a BGP VPLS to provide connectivity between the subscriber CE routers.

• Verify connectivity and behavior using operational mode commands including ping and commands used to examine routing tables, and PE-PE BGP announcements.

Junos MPLS and VPNs

Lab 13–2 • Carrier-of-Carrier VPNs www.juniper.net


In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After loading the configuration, you will verify that the core network is operating as expected. You will also become familiar with the Lab 13 lab diagram.

Step 1.1

Enter configuration mode and load the VPN baseline configuration by executing the load override jmv-RouterName-vpn-baseline command. Commit your configuration changes.

Step 1.2

Delete any routing-instances, delete interface ge-1/1/4, and delete unit 1 of interface lo0. Commit your configuration and exit to operational mode.

Step 1.3

Verify that your OSPF and BGP neighbor relationships are established correctly.



Step 1.4

Familiarize yourself with the Lab 13 network diagram. Notice that there is a provider AS, two customer ASs, and two subscriber CE routers.

Question: What are the names of the two provider PE routers?

Question: What are the names of the customer routers in AS 65x01?

Junos MPLS and VPNs

www.juniper.net Carrier-of-Carrier VPNs • Lab 13–3

Question: What are the names of the customer routers in AS 65x02?

Question: What are the names of the two subscriber routers?

Part 2: Configuring the Subscriber CE Router Properties

In this lab part, you will create a virtual router type routing instance on your device. This virtual router will act as the subscriber CE router and will be used for testing connectivity between sites.

Step 2.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the ge-1/1/6 interface using the properties specified on the lab diagram.

Step 2.2

Navigate to the [edit routing-instances] hierarchy. Configure a virtual router routing-instance named s-cey.

Step 2.3

Add the ge-1/1/6 interfaces to the s-cey routing instances. Commit your configuration and exit to operation mode.

Step 2.4

Verify that the ge-1/1/6 interface is operational and configured with the correct properties by viewing the routing table of the s-cey virtual router.

Question: Can the 10.0.51.0/24 subnet be found in the subscriber CE router’s routing table?

Junos MPLS and VPNs


Part 3: Enabling MPLS in the Provider Backbone

In this lab part, you will configure RSVP-signaled LSPs between the Provider PE routers.

Step 3.1

Enter configuration mode and navigate to the [edit protocols mpls] hierarchy. Configure an LSP named p-pey-to-p-pez from the local provider PE router to the remote provider PE router. Commit your configuration and exit to operational mode.

Step 3.2

Use the show mpls lsp command to determine whether the LSP has been established from your provider PE router to the remote provider PE router. Do not proceed until the LSP has been established to the remote PE router.

Question: Has an LSP been established to the remote PE router?


Part 4: Configuring a Layer 3 VPN on the Provider PE Routers

In this lab part, you will configure a Layer 3 VPN routing instance on the provider PE router. You will include the customer CE-facing interface within this instance. You will also configure an MP-EBGP session with the customer CE router using the labeled-unicast address family.

Step 4.1

Enter configuration mode and navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/4 interface (with no VLAN tagging) to be used as the CE-facing interface for the Layer 3 VPN. Be sure to enable this interface for MPLS forwarding because it will be sending and receiving labeled packets.

Step 4.2

Navigate to the [edit routing-instances] hierarchy. Create a new Layer 3 VPN instance named vpn-to-extend-lsp.

Step 4.3

Navigate to the [edit routing-instances vpn-to-extend-lsp] hierarchy. Add the ge-1/0/4 interface to the routing instance and specify a route target community of target:65512:x00.

Junos MPLS and VPNs


Step 4.4

Within the vpn-to-extend-lsp routing instance, configure an MP-EBGP session using the labeled-unicast address family between the provider PE router and your customer CE router. Remember that the session will not establish because you have not configured the customer CE router yet. Commit your configuration so far.

Question: Did the configuration commit without any errors? If not, what errors were reported?

Step 4.5

Navigate to the [edit protocols] hierarchy. Configure the ge-1/0/4 interface to run the MPLS protocol. Commit your configuration so far.

Question: Did the configuration commit without any errors?

Part 5: Configuring the Customer CE Logical System

In this lab part, you will use the logical system feature of the Junos OS to represent the customer CE router. You will configure the customer CE router to have an MP-IBGP session with the customer PE router and MP-EBGP session with the provider PE router using the labeled-unicast address family. You will also configure an MPLS LSP to the customer PE router using LDP.

Step 5.1

Navigate to the [edit logical-systems c-cey] hierarchy. Configure thege-1/1/4 and ge-1/0/5 interfaces (with no VLAN tagging). Be sure to enable these interfaces for MPLS forwarding because they will be sending and receiving labeled packets.

Step 5.2

Configure interface lo0.1 with the IP address listed on the lab diagram.

Step 5.3

Navigate to the [edit logical-systems c-cey routing-options] hierarchy. Configure the AS number for the customer CE router.

Step 5.4

Navigate to the [edit logical-systems c-cey protocols] hierarchy. Configure ge-1/0/4 and ge-1/0/5 to run the MPLS protocol.

Step 5.5

Configure ge-1/0/5 to run the LDP protocol.

Junos MPLS and VPNs


Step 5.6

Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.

Step 5.7

Configure an MP-IBGP session using the labeled-unicast address family between the customer CE router and the customer PE router. Remember that the session will not establish because you have not configured the customer PE router yet.

Step 5.8

Configure an MP-EBGP session using the labeled-unicast address family between the customer CE router and the provider PE router.

Step 5.9

Navigate to the [edit logical-systems c-cey policy-options] hierarchy. Create a policy named internals, which will be used to advertise all of the loopback addresses from the local customer AS.

Step 5.10

Navigate to the [edit logical-systems c-cey protocols] hierarchy. Apply the internals policy as an export policy to the provider PE neighbor. Commit your configuration and exit to operational mode.

Step 5.11

Use the show mpls interface logical-system c-cey command to verify that MPLS has been enabled on the correct interfaces on the customer CE router.

Question: Do the ge-1/0/5 and ge-1/1/4 interfaces currently have MPLS enabled?

Step 5.12

Use the show ldp interface logical-system c-cey command to verify that LDP has been enabled on the correct interfaces on the customer CE router.

Question: Does the ge-1/0/5 interface currently have LDP enabled?

Step 5.13

Use the show ospf interface logical-system c-cey command to verify that OSPF has been enabled on the correct interfaces on the customer CE router.

Junos MPLS and VPNs


Question: Do the ge-1/0/5, ge-1/1/4, and lo0 interfaces currently have OSPF enabled?

Step 5.14

Use the show bgp summary logical-system c-cey command to verify that a BGP neighbor relationship has been established with the provider PE router.

Question: Is your BGP peering session with the provider PE router established?

Step 5.15

Use the show route advertising-protocol bgp 10.0.2y.1 logical-system c-cez command to verify that the customer CE router is advertising its loopback address to the provider PE router. Remember that it will not advertise the customer PE router’s loopback until the customer PE router is configured. You will configure the customer PE router in the next part of the lab.

Question: Is the customer CE router’s loopback address being advertised to the provider PE router?


Junos MPLS and VPNs


Part 6: Configuring the Customer PE Logical System

In this lab part, you will use the logical system feature of the Junos OS to represent the customer PE router. You will configure the customer PE router to have an MP-IBGP session with the customer CE router using the labeled-unicast address family. You will also configure an MPLS LSP to the customer CE router using LDP.

Step 6.1

Enter configuration mode and navigate to the [edit logical-systems c-pey] hierarchy. Configure the ge-1/1/5 interface (with no VLAN tagging). Be sure to enable this interface for MPLS forwarding because it will be sending and receiving labeled packets.

Step 6.2

Configure interface lo0.2 with the IP address listed on the lab diagram.

Step 6.3

Navigate to the [edit logical-systems c-pey routing-options] hierarchy. Configure the AS number for the customer PE router.

Step 6.4

Navigate to the [edit logical-systems c-pey protocols] hierarchy. Configure ge-1/1/5 to run the MPLS protocol.

Step 6.5

Configure ge-1/1/5 to run the LDP protocol.

Step 6.6

Configure OSPF (Area 0) on the lo0.2 and ge-1/1/5 interfaces.

Step 6.7

Configure an MP-IBGP session using the labeled-unicast address family between the customer PE router and the customer CE router. Commit your configuration and exit to operational mode.

Step 6.8

Use the show mpls interface logical-system c-pey command to verify that MPLS has been enabled on the correct interfaces on the customer PE router.

Question: Does the ge-1/1/5 interface currently have MPLS enabled?

Step 6.9

Use the show ospf neighbor logical-system c-pey command to verify that an OSPF adjacency exists with the customer CE router.

Junos MPLS and VPNs


Question: Is the ospf neighbor relationship with the customer CE in the Full state?

Step 6.10

Use the show ldp database logical-system c-cey command to verify that LSPs have been created to and from the customer CE router.

Question: Are there LSPs established to and from the customer CE router?

Step 6.11

Use the show bgp summary logical-system c-pey command to verify that a BGP neighbor relationship has been established with the customer CE router.

Question: Is your BGP peering session with the provider CE router established?


Part 7: Placing IBGP Learned Routes in inet.3

In this lab part, you will analyze the BGP routes that have been learned by the customer PE router (originated in remote AS). You will ensure that these routes can be used for the BGP next-hop recursive lookup for Layer 2 VPN NLRI that will be advertised in the next part of the lab.

Step 7.1

Use the show route protocol bgp logical-system c-pey command to view the BGP routes that have been learned from the remote autonomous system.

Question: In which routing table are the received BGP routes currently being stored?

Junos MPLS and VPNs


Question: Does a BGP route exist in the inet.0 table that represents the loopback address of the remote customer PE router?

Question: In the next part of the lab, from the local customer PE router, you will establish a multihop Layer 2 VPN MP-BGP session with the remote customer PE router using loopback addresses for peering. What will be the BGP next hop advertised in any BGP update message received from the remote customer PE router?

Question: For the BGP next hop of any MP-BGP VPN routes received from the remote customer PE router to be usable, where must the route to the next hop exist?

Question: You learned in the output of the command that the local customer PE router is placing the learned BGP routes in inet.0. What must you do to have it put the routes in inet.3 also?

Step 7.2

Enter configuration mode and navigate to the [edit logical-systems c-pey protocols] hierarchy. Configure the resolve-vpn option for the labeled-unicast address family. Commit your configuration and exit to operational mode.

Step 7.3

Use the show route protocol bgp logical-system c-pey command to view the BGP routes that have been learned from the remote AS.

Question: In which routing tables are the received BGP routes currently being stored?

Junos MPLS and VPNs



Part 8: Configuring a BGP VPLS Between Customer PE Routers

In this lab part, you will create a BGP VPLS between PE routers in two different ASs. You will configure a multihop MP-EBGP session with the remote PE router using the l2vpn signaling address family.

Step 8.1

Enter configuration mode and navigate to the [edit chassis] hierarchy. Enable tunnel services on FPC 1PIC 0 at speed of 1 g.

Step 8.2

Navigate to the [edit logical-systems c-pey protocols] hierarchy. Configure a multihop EBGP session with the remote PE router using loopback addresses for peering and the l2vpn signaling address family.

Step 8.3

Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/6 to allow for vlan-tagging and an encapsulation of vlan-vpls. Do not specify any logical interface properties at this hierarchy.

Step 8.4

Navigate to the [edit logical-systems c-pey interfaces] hierarchy. Configure ge-1/0/6 unit 6x0 to be used as the subscriber CE router-facing interfaces for the VPLS.

Step 8.5

Navigate to the [edit logical-systems c-pey routing-instances] hierarchy. Create a new VPLS instance called vpn-x.

Step 8.6

Navigate to the [edit logical-systems c-pey routing-instances vpn-x] hierarchy. Add the ge-1/0/6 interface to the routing instance.

Step 8.7

Configure a route target community of target:65x01:x00 for the VPLS.

Step 8.8

Configure a route distinguisher using the loopback of the customer PE router.

Step 8.9

Create a BGP VPLS, naming the site after the subscriber CE router, s-cey, and specifying a site ID that matches the y value of the site name. Commit your configuration and exit to operational mode.

Junos MPLS and VPNs


Step 8.10

Check the status of the VPLS connection using the show vpls connections extensive logical-systems c-pey command. Ensure that the remote group has completed the previous step of the lab.

Question: Has a VPLS pseudowire been established to the remote customer PE router?

Step 8.11

Verify that you have connectivity from the local subscriber CE router to the remote subscriber CE router through the VPLS by using the ping utility. You will ping the remote subscriber CE router’s ge-1/1/6 address. Send 5 packets for this test. This task can be accomplished using the following command: ping 10.0.51.y routing-instance s-cey count 5.



Junos MPLS and VPNs

Appendix A: Lab Diagrams

Junos MPLS and VPNs

A–2 • Lab Diagrams www.juniper.net

Junos MPLS and VPNs

www.juniper.net Lab Diagrams • A–3

Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Junos MPLS and VPNs


Documents

Junos MPLS and VPNs - 1 File Download · 2020. 12. 6. · Junos MPLS and VPNs 10.a High-Level Lab Guide Course Number: EDU-JUN-JMV. This document is produced by Juniper Networks,