1

iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

JNCIE-SP
(Service Provider)
Lab preparation workbook
v2.0

For Juniper Networks, inc - JNCIE-SP Lab Exam

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved

for personal non commercial use only – do not distribute



Copyright and licensing information

This workbook, iNET ZERO's JNCIE-SP Lab Preparation workbook is developed by iNET ZERO.
All rights reserved. No part of this publication may be reproduced or distributed in any form or by
any means without the prior written permission of iNET ZERO a registered company in the
Netherlands. This product cannot be used by or transferred to any other person. You are not allowed
to rent, lease, loan or sell iNET ZERO training products including this workbook and its configurations.
You are not allowed to modify, copy, upload, email or distribute this workbook in any way. This
product may only be used and printed for your own personal use and may not be used in any
commercial way. Juniper (c), Juniper Networks inc, JNCIE, JNCIP, JNCIS, JNCIA, Juniper Networks
Certified Internet Expert, are registered trademarks of Juniper Networks, Inc.

JNCIE-SP workbook:

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





About iNET ZERO’s content developers and authors:

Maxim Frolov

Maxim lives in Russia and speaks Russian and English. He started his networking career in 1999.
Throughout the years Maxim has designed and implemented several large scale networks for
enterprise and service provider customers. Over the years he has developed several high quality
courseware materials for industry leading networking vendors. Maxim has the following
certifications: JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS. For technology Max values efficiency and
pragmatic design. When Max is not at work he likes to spend time with his family. Max enjoys being
outside in the nature and loves to travel and exploring the world.

Ivan Ivanov

Ivan van lives in East Europe country of Bulgaria. He has more than 10 years experience with IP
technologies, working at several Internet Service Providers, big enterprise companies and
International system integrators. Throughout his career, Ivan gained extensive experience designing,
implementing and supporting IP networks based mostly on Juniper Networks and Cisco Systems
solutions and devices. Ivan worked on various international projects, designing, securing and
implementing MPLS/IP backbone for multinational mobile operators. Ivan has the following
certificates: JNCIE, JNCIP-SEC and various Cisco certificates.

JNCIE-SP workbook:

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Jörg Buesink

Jörg lives in the Netherlands and brings more than 15 years of experience in the IT and networking
industry. He worked for several large ISPs / service providers in the role of technical consultant,
designer and network architect. He has extensive experience in network implementation, design and
architecture. Jörg is quadruple JNCIE certified (JNCIE-DC#007, JNCIE-ENT#21, JNCIE-SP#284 and
JNCIE-SEC#30) as well as triple CCIE#15032 (Routing/ Switching, Service provider and Security), Cisco
CCDE#20110002, Huawei HCIE#2188 Routing and Switching certified.

JNCIE-SP workbook:

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





General information
Rack rental service
Did you know that this workbook can be used in combination with iNETZEROs JNCIE rack rental
service? Take a look on our website for more information www.inetzero.com

Target audience
This workbook is developed for experienced network engineers who are preparing for the Juniper
Networks JNCIE-SP lab exam. Although not required it is highly recommended that you have passed
the JNCIS-SP and JNCIP-SP written exams before you start using this workbook. iNET ZERO’s JNCIE-SP
preparation workbook is developed in such a way that we expect you to have theoretical knowledge
about the JNCIE-SP lab exam blueprint topics (JNCIP-SP certified or working towards this
certification). For example, in this workbook we will not explain what rib-groups, LSP’s or Multicast
VPNs are. What we will do is test if you are able to configure all these technologies based on certain
requirements and understand how they interact in a typical SP environment.

How to use this workbook

We recommend that you start your JNCIE lab preparation with the workbook chapters only. Always
take a note on the time spent for each chapter/ task to see if you improved once you go over the
chapters again. Ensure that at least you go the workbook chapters twice before you start with the
full day lab challenges. You are ready to try the Full day lab challenges if you are able to configure the
chapter's tasks without the need of the chapter's answers. Each Full day lab challenge must be
completed within 8 hours.

Topology diagrams
In the chapters you will find several topology diagrams in small format. In the appendix of this
workbook you will find larger versions of the topology diagrams for better readability. We
recommend to print the topology diagrams.

iNET ZERO support

Always feel free to ask us questions regarding the workbook or JNCIE rack rental. You can reach us at JNCIE-SP workbook: General information
[email protected]. We love to hear from you regarding your preparation progress. Your feedback
regarding our products is also very appreciated!

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Table of Contents
General information ................................................................................................................................ 5
Rack rental service .............................................................................................................................. 5
Target audience ................................................................................................................................... 5
How to use this workbook ................................................................................................................... 5
Topology diagrams .............................................................................................................................. 5
iNET ZERO support .............................................................................................................................. 5
Exam strategy ...................................................................................................................................... 6
JNCIE Hall of Fame ............................................................................................................................... 8
Workbook and configuration file updates .......................................................................................... 8
Chapter One: General System Features ................................................................................................ 14
Task 1. Initial System Settings ........................................................................................................... 15
Task 2. SNMP Configuration .............................................................................................................. 18
Task 3. Firewall Filters ....................................................................................................................... 19
Task 4. Interface Configuration ......................................................................................................... 20
Task 5. Scripting ................................................................................................................................. 22
Chapter Two: IGP Configuration and Troubleshooting ......................................................................... 23
Task 1. OSPF Troubleshooting ........................................................................................................... 23
Task 2. ISIS Troubleshooting .............................................................................................................. 25
Task 3. IGP Rollout ............................................................................................................................. 28
Chapter Three: BGP and Routing Policy ................................................................................................ 32
Task 1. IBGP and Confederation ........................................................................................................ 32
Task 2. EBGP Configuration ............................................................................................................... 33
Task 3. Routing Policies ..................................................................................................................... 35
Task 4. IBGP and Route Reflection .................................................................................................... 36
Chapter Four: MPLS Configuration ........................................................................................................ 38
Task 1. LDP Configuration ................................................................................................................. 38
Task 2. RSVP Configuration ............................................................................................................... 39
Task 3. RSVP Protection ..................................................................................................................... 43
Task 4. IPv6 Tunneling with 6PE ........................................................................................................ 44
Chapter Five: L3VPN Configuration ....................................................................................................... 45 JNCIE-SP workbook: General information
Task 1. L3VPN Configuration ............................................................................................................. 45
Task 2. Multicast in L3VPN ................................................................................................................ 48
Task 3. IPv6 Tunneling with 6VPE ...................................................................................................... 49
Chapter Six: L2VPN and VPLS Configuration ......................................................................................... 50
Task 1. L2VPN Configuration ............................................................................................................. 50
Task 2. VPLS Configuration ................................................................................................................ 52
Chapter Seven: Inter-provider VPN Configuration ................................................................................ 54
Task 1. Inter-provider VPN Option B ................................................................................................. 54
Task 2. Inter-provider VPN Option C ................................................................................................. 55
Chapter Eight: Class of Service .............................................................................................................. 56
Task 1. Forwarding Classes, Queues and Schedulers ........................................................................ 56
Task 2. Classification, Policing and Marking ...................................................................................... 58 9

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Chapter Nine: A Full Day Lab Challenge ................................................................................................ 59

Task 1: Initial System Configuration .................................................................................................. 60
Task 2: Building the Network ............................................................................................................ 61
Task 3: IGP Configuration .................................................................................................................. 64
Task 4: BGP Configuration ................................................................................................................. 66
Task 5: MPLS Configuration ............................................................................................................... 68
Task 6: VPN Configuration ................................................................................................................. 70
Task 7: Class of Service Configuration ............................................................................................... 72
A Full Day Lab Challenge II .................................................................................................................... 74
Part 1: System Features ..................................................................................................................... 75
Task 1.1 Service Configuration ...................................................................................................... 75
Task 1.2: Centralized authentication management ...................................................................... 75
Task 1.3: Local user configuration ................................................................................................. 76
Task 1.4: Active configuration archival and logging ...................................................................... 76
Task 1.5: Advanced Interface configuration and chassis features ................................................ 77
Task 1.6: Advanced RE Protection ................................................................................................ 77
Part 2: Troubleshooting and Configuring IGP .................................................................................... 78
Task 2.1: Troubleshooting ............................................................................................................ 78
Task 2.2: Connectivity to OSPFv3 Area ......................................................................................... 78
Task 2.3: RIP redistribution .......................................................................................................... 78
Task 2.4: Multilevel IS-IS configuration ........................................................................................ 78
Task 2.5: Advanced IS-IS configuration ......................................................................................... 78
Part 3: Troubleshooting and Configuring BGP ................................................................................... 80
Task 3.1: iBGP design and configuration ...................................................................................... 80
Task 3.2: eBGP peers and configuration ....................................................................................... 80
Task 3.3: BGP policy configuration ............................................................................................... 81
Task 3.4: BGP general requirements ............................................................................................ 81
Part 4: MPLS configuration ................................................................................................................ 82
Task 4.1: MPLS and RSVP configuration ....................................................................................... 82
Task 4.2: MPLS and LDP configuration ......................................................................................... 82
Part 5: IPv6 configuration .................................................................................................................. 83
JNCIE-SP workbook: General information
Task 5.1: Native IPv6 configuration .............................................................................................. 83
Task 5.2: IPv6 tunneling configuration ......................................................................................... 83
Part 6: MPLS VPNs configuration ...................................................................................................... 84
Task 6.1: VPNA configuration ....................................................................................................... 84
Task 6.2: VPNA multicast configuration ....................................................................................... 84
Task 6.3: VPLS configuration ........................................................................................................ 85
Task 6.4: L2VPN configuration ...................................................................................................... 85
A Full Day Lab Challenge III ................................................................................................................... 86
Part 1: System Features ..................................................................................................................... 87
Task 1.1 Service Configuration ...................................................................................................... 87
Task 1.2: Centralized authentication management ...................................................................... 88
Task 1.3: Local user configuration ................................................................................................. 88
Task 1.4: Active configuration archival and logging ...................................................................... 88 10
Task 1.5: Advanced Interface configuration and chassis functions .............................................. 88

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Task 1.6: Advanced RE Protection ................................................................................................ 89

Part 2: Troubleshooting and Configuring IGP .................................................................................... 90
Task 2.1: Troubleshooting ............................................................................................................ 90
Task 2.2: RIP redistribution .......................................................................................................... 90
Task 2.3: Multi-area OSPF configuration ...................................................................................... 90
Task 2.4: Advanced OSPF configuration ....................................................................................... 91
Part 3: Troubleshooting and Configuring BGP ................................................................................... 92
Task 3.1: Internal BGP design and configuration .......................................................................... 92
Task 3.2: external BGP peers and configuration .......................................................................... 92
Task 3.3: BGP policy configuration ............................................................................................... 92
Task 3.4: BGP general requirements ............................................................................................ 93
Part 4: MPLS configuration ................................................................................................................ 94
Task 4.1: MPLS and RSVP configuration ....................................................................................... 94
Task 4.2: MPLS and LDP configuration ......................................................................................... 94
Part 5: IPv6 tunneling and Multicast configuration ........................................................................... 95
Task 5.1: IPv6 tunneling configuration ......................................................................................... 95
Task 5.2: Multicast configuration ................................................................................................. 95
Part 6: MPLS VPNs configuration ...................................................................................................... 96
Task 6.1: VPNA configuration ....................................................................................................... 96
Task 6.2: VPNB configuration ....................................................................................................... 96
Task 6.3: VPLS configuration ........................................................................................................ 96
Appendix 1: Additional Theory .............................................................................................................. 98
OSPF adjacency troubleshooting ....................................................................................................... 98
BGP adjacency troubleshooting ...................................................................................................... 102
BGP IPV6 NLRI over IPV4 peering .................................................................................................... 105
Troubleshooting: Multicast traffic engineering using RIB-groups ................................................... 112
Advanced firewall filtering .............................................................................................................. 115
Appendix 2 : Topology diagrams ......................................................................................................... 118
Task 1: Initial System Configuration ................................................................................................ 138
Task 2: SNMP Configuration. ........................................................................................................... 151
Task 3: Firewall filters ...................................................................................................................... 157 JNCIE-SP workbook: General information
Task 4: Interface Configuration. ...................................................................................................... 168
Task 5: Scripting. ............................................................................................................................. 178
Chapter Two solutions: IGP Configuration and Troubleshooting ........................................................ 184
Task 1: OSPF Troubleshooting ......................................................................................................... 185
Task 2: IS-IS Troubleshooting .......................................................................................................... 251
Task 3: IGP Rollout ........................................................................................................................... 305
Chapter Three solutions: BGP and Routing policy ............................................................................... 379
Task 1: IBGP and Confederation ...................................................................................................... 379
Task Two: EBGP Configuration. ....................................................................................................... 390
Task 3: Routing Policies ................................................................................................................... 430
Task 4: IBGP and Route Reflection .................................................................................................. 487
Chapter Four solutions: MPLS configuration ....................................................................................... 535 11
MPLS Overview ............................................................................................................................... 535
http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





LDP Overview .................................................................................................................................. 536

Task 1: LDP Configuration ............................................................................................................... 536
Task 2: RSVP Configuration ............................................................................................................. 548
Task 3: RSVP Protection .................................................................................................................. 609
Task 4: IPv6 tunneling with 6PE ....................................................................................................... 632
Chapter Five solutions: L3VPN Configuration ..................................................................................... 642
Task 1: L3VPN configuration ........................................................................................................... 642
Task 2: Multicast in L3VPNs ............................................................................................................. 699
Task 3: IPv6 Tunneling with 6VPE .................................................................................................... 734
Chapter Six solutions: L2VPN and VPLS configuration ........................................................................ 747
Task 1: L2VPN Configuration ........................................................................................................... 747
Task 2: VPLS Configuration .............................................................................................................. 764
Chapter Seven solutions: Inter-provider VPN Configuration .............................................................. 795
Task 1: Inter-provider VPN Option B ............................................................................................... 795
Task 2: Inter-provider VPN Option C ............................................................................................... 808
Chapter Eigh solutionst: Class of Service ............................................................................................. 822
Task 1: Forwarding Classes, Queues and Schedulers ...................................................................... 823
Task 2: Classification, Policing and Marking .................................................................................... 832
Chapter Nine solutions: Full Day Lab Challenge I ................................................................................ 841
Task 1: Initial System Configuration ................................................................................................ 841
Task 2: Building the network ........................................................................................................... 846
Task 3: IGP Configuration ................................................................................................................ 848
Task 4: BGP Configuration ............................................................................................................... 909
Task 5: MPLS configuration ............................................................................................................. 966
Task 6: VPN configuration ............................................................................................................ 1057
Task 7: Class of Service Configuration .......................................................................................... 1107
Chapter Ten solutions: Full Day Lab Challenge II ............................................................................. 1123
Part 1: System Features ................................................................................................................ 1124
Solution - Task 1.1 Service Configuration ................................................................................. 1124
Solution - Task 1.2: Centralized authentication management ................................................. 1125
Solution - Task 1.3: Local user configuration ............................................................................ 1127 JNCIE-SP workbook: General information
Solution - Task 1.4: Active configuration archival and logging ................................................. 1129
Solution - Task 1.5: Advanced Interface configuration and chassis features .......................... 1130
Solution - Task 1.6: Advanced RE Protection ........................................................................... 1133
Appendix - Part 2: Troubleshooting and Configuring IGP ............................................................. 1140
Solution - Task 2.1: Troubleshooting ....................................................................................... 1140
Solution - Task 2.2: Connectivity to OSPFv3 Area .................................................................... 1153
Solution - Task 2.3: RIP redistribution ..................................................................................... 1160
Solution - Task 2.4: Multilevel IS-IS configuration ................................................................... 1169
Solution - Task 2.5: Advanced IS-IS configuration ................................................................... 1173
Part 3: Troubleshooting and Configuring BGP .............................................................................. 1176
Solution - Task 3.1: iBGP design and configuration ................................................................. 1176
Solution - Task 3.2: eBGP peers and configuration ................................................................. 1189
Solution - Task 3.3: BGP policy configuration .......................................................................... 1197 12
Solution - Task 3.4: BGP general requirements ....................................................................... 1217

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Part 4: MPLS configuration ........................................................................................................... 1223

Solution - Task 4.1: MPLS and RSVP configuration .................................................................. 1223
Part 5: IPv6 configuration ............................................................................................................. 1248
Solution - Task 5.1: Native IPv6 configuration ......................................................................... 1248
Solution - Task 5.2: IPv6 tunneling configuration .................................................................... 1251
Part 6: MPLS VPNs configuration ................................................................................................. 1255
Solution - Task 6.1: VPNA configuration .................................................................................. 1255
Solution - Task 6.2: VPNA multicast configuration .................................................................. 1271
Solution - Task 6.3: VPLS configuration ................................................................................... 1278
Solution - Task 6.4: L2VPN configuration ................................................................................ 1285
Chapter eleven solutions: Full Day Lab Challenge III ........................................................................ 1292
Part 1: System Features ................................................................................................................ 1294
Solution - Task 1.1 Service Configuration ................................................................................. 1294
Solution - Task 1.2: Centralized authentication management ................................................. 1295
Solution - Task 1.3: Local user configuration ............................................................................ 1296
Solution - Task 1.4: Active configuration archival and logging ................................................. 1298
Solution - Task 1.5: Advanced Interface configuration and chassis functions ......................... 1299
Solution - Task 1.6: Advanced RE Protection ........................................................................... 1302
Part 2: Troubleshooting and Configuring IGP ............................................................................... 1311
Solution - Task 2.1: Troubleshooting ....................................................................................... 1311
Solution - Task 2.2: RIP redistribution ..................................................................................... 1330
Solution - Task 2.3: Multi-area OSPF configuration ................................................................. 1341
Solution - Task 2.4: Advanced OSPF configuration .................................................................. 1354
Part 3: Troubleshooting and Configuring BGP .............................................................................. 1358
Solution - Task 3.1: Internal BGP design and configuration .................................................... 1358
Solution - Task 3.2: External BGP peers and configuration ..................................................... 1365
Solution - Task 3.3: BGP policy configuration .......................................................................... 1374
Solution - Task 3.4: BGP general requirements ....................................................................... 1393
Part 4: MPLS configuration ........................................................................................................... 1396
Solution - Task 4.1: MPLS and RSVP configuration .................................................................. 1396
Solution - Task 4.2: MPLS and LDP configuration .................................................................... 1413 JNCIE-SP workbook: General information

Part 5: IPv6 tunneling and Multicast configuration ...................................................................... 1417

Solution - Task 5.1: IPv6 tunneling configuration .................................................................... 1417
Solution - Task 5.2: Multicast configuration ............................................................................ 1423
Part 6: MPLS VPNs configuration ................................................................................................. 1430
Solution - Task 6.1: VPNA configuration .................................................................................. 1430
Solution - Task 6.2: VPNB configuration .................................................................................. 1442
Solution - Task 6.3: VPLS configuration ................................................................................... 1454




13

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





Chapter Five: L3VPN Configuration

In this chapter tasks you implement L3VPN’s. The tasks include L3VPN configuration with customers
running either OSPF or BGP, dual-homed customer sites, customer Internet access, multicasting in
VPNs and IPv6 tunneling with 6VPE.

Task 1. L3VPN Configuration

In this task you deploy L3VPN for with customers running either OSPF or BGP.
1) Configure additional interfaces on your routers as indicated in Table 17. Set the interfaces
description.
Table 17
Router Interface Interface Name IP Address IPv6 Address
R1 i7 ge-0/0/5.311 192.168.0.41/30
i8 ge-0/0/5.312 192.168.0.45/30
i9 ge-0/0/5.313 192.168.0.49/30
lo0.1 172.30.5.9/32
lo0.2 172.30.5.10/32
R2 i7 ge-0/0/5.314 192.168.0.53/30
i8 ge-0/0/5.315 192.168.0.57/30
i9 ge-0/0/5.316 192.168.0.61/30
lo0.1 172.30.5.13/32
lo0.2 172.30.5.14/32
R3 i8 ge-0/0/5.317 fc09:c0:ffee::9/126
i9 ge-0/0/5.318 192.168.0.69/30
lo0.1 172.30.5.17/32
lo0.2 172.30.5.18/32 fd17:f0f4:f691:5::12/128
R4 i8 ge-0/0/5.319 192.168.0.73/30
i9 ge-0/0/5.320 192.168.0.77/30

JNCIE-SP workbook: Chapter Five: L3VPN Configuration

lo0.1 172.30.5.21/32
lo0.2 172.30.5.22/32
R5 i9 ge-0/0/5.321 192.168.0.81/30
lo0.1 172.30.5.25/32
R6 i8 ge-0/0/5.322 192.168.0.85/30
lo0.1 172.30.5.29/32
R7 i6 ge-0/0/5.323 192.168.0.89/30
lo0.1 172.30.5.33/32
R8 i5 ge-0/0/5.324 192.168.0.93/30
i6 ge-0/0/5.325 fc09:c0:ffee::d/126
lo0.1 172.30.5.37/32
lo0.2 172.30.5.38/32 fd17:f0f4:f691:5::26/128
2) Configure L3VPNs as shown in Figure 11. Table 18 specifies the L3VPN details.

45

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





JNCIE-SP workbook: Chapter Five: L3VPN Configuration

Figure 11
Table 18
Customer Site Router PE-CE Protocol details
Protocol
C1 S1 CE1-1 OSPF Area 0
S2 CE1-2 OSPF Area 0
CE1-3 OSPF Area 0
S3 CE1-4 OSPF Area 0
C2 S1 CE2-1 BGP AS 64600
CE2-2 BGP AS 64600
S2 CE2-3 BGP AS 64600
CE2-4 BGP AS 64600
S3 CE2-5 BGP AS 64600
3) You may not have any MPLS LSPs on Route Reflector. A static route is allowed on the RR if
needed.
4) Make sure that the customer C1 OSPF area 0 appears as a contiguous area without ABRs.
46

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON





5) Customer C1 has some backdoor OSPF connections but prefers that your MPLS network
would be used for traffic forwarding between the customer sites.
6) Make sure that your MPLS network can be used as a backup path between CE1-2 and CE1-3.
7) Make sure that once customer C1 disables its backdoor connections any of the R3 or R4 PE
failure will not result in any of the customer sites become isolated.
8) Customer C2 requires that the customer site S1 is used as a central transit site for all traffic
exchanges among all the customer sites in a hub-and-spoke fashion.
9) Make sure that if a route is originated in customer C2 site S1 or S2, it is never advertised back
to the same site.
10) Make sure that PE-CE link subnets in customer C2 VPN are advertised to the customer
remote VPN sites.
11) Make sure that all PE routers receive only the routes with those targets that they specifically
request for.
12) Allow local communication between customer C1 site S2 and customer C2 site S2 at R4.
Make sure that the routes exchanged between the local VRFs are not advertised to any of
the remote PE routers.
13) Customer C1 must be provided with Internet access at the customer site S2 using single
customer-facing interface. Make sure that any of the R3 or R4 failure will not have customer
C1 site S2 isolated from the Internet.
NOTE: The customer IP ranges are assumed to be globally routable or NATted outside of your
network.
14) Customer C2 must be provided with Internet access at the customer site S1, using a
dedicated interface i9 at both R1 and R2 routers. All other customer sites should be able to
reach the Internet via the site S1.

JNCIE-SP workbook: Chapter Five: L3VPN Configuration

47

http://www.inetzero.com - Copyright 2018 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute - SteganoID=ON



1292 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

Chapter eleven solutions: Full Day Lab Challenge III

This lab scenario represents a complete 8 hour challenge, aiming to prepare potential
candidate for the JNCIE-SP lab exam. It contains all major topics found in the exam
blueprint.

The external devices (CE and peers) are virtualized on the VR-device. Use only the
interfaces and VLANs on the diagram for connectivity between the routers.

AS 5673.873

BGP
AS 87.109
U1 U2 VPNB-CE1 Src1 VPNA-CE1 AS iBG
64 P
99
9
Rsv1
GE-0/0/5.1101
GE-0/0/5.2002 GE-0/0/5.2003
GE-0/0/5.2001 GE-0/0/5.110
BGP GE-0/0/5.101 VPNA-CE2
AS 789.12

P1 GE-0/0/5.1102
R3 GE-0/0/4.35 R5 GE-0/0/5.102
GE
OSPFv2 -0/
GE-0/0/5.2012 0/5 OSPF
GE-0/0/4.37 OSPFv3 ZE .58
ON GE-0/0/4.59

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
BR

GE-0/0/4.56
GE-0/0/5.111
GE-0/0/2
GE-0/0/1

R7 Area 50 R8 VPNB-CE2
GE-0/0/5.200 GE-0/0/4.45 GOLD
RIP

GE-0/0/4.47 RR 68 Area 8
DC-1
/ 4.
GE-0/0/4.49 /0
-0 GE-0/0/3.3002
GE
GE-0/0/5.200
R4 GE-0/0/4.46 R6
SILVER GE-0/0/3.3002
GE-0/0/5.1103 VPLS-2
GE Area 0 6
-0/ 4.1
0/4 /0/ GE-0/0/5.2004
GE-0/0/4.14

GE-0/0/4.26

Rsv2
GE-0/0/5.2021 .24 E-0
SILVER

G
GOLD

BRO
N ZE NZ
BRO E U3
OSPFv2
C1 OSPFv3 BGP
AS 9687
R1 GE-0/0/4.12 R2
BGP
GOLD
AS 65457

GE-0/0/5.112 GE-0/0/3
GE-0/0/3.3001 GE-0/0/5.2022
GE-0/0/5.103 GE-0/0/5.104
ISP1

VPNB-CE3 ISP1-PE2 ISP1-PE1 VPNA-CE3 VPLS-1 C2 VPNA-CE4 L2VPN-3

BGP
AS 4356 BGP
AS65456

Physical Diagram



The logical diagram shows all information needed for configuring the logical connectivity between
the devices.
1292

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1294 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

Part 1: System Features

This part is focused on initial system configuration, monitoring and securing the JUNOS
operating system. That includes configuring different interface features like bounding
physical interface in logical links and applying various address families. You will learn how
to configure user accounts and various authentication methods available in JUNOS. You
will configure monitoring and backup system logs, coping automatically the configuration
to remote server. Last you will configure a firewall filters to protect the routing-engine of
the devices.

Solution - Task 1.1 Service Configuration
NOTE: It is highly recommended to read the whole lab and verify the state of the devices
before starting with the configuration. Moving from one part to another is also
recommended to read all of the tasks for each part you are about the start configuring as
next. That will help you to get an idea on how the final network should look like.

1) SSH access is preconfigured as part of the initial configuration on all routers. Limit
the SSH connections to 2 at a time and no more than 2 connection attempts per
minute.
a. All devices.

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
RACK RENTAL NOTE: SSH is already configured as part of the initial configuration with
user root allowed to login. Please, do not change it, as it is required by iNETZERO rack
rental service.

Below two configuration lines are required to successfully complete the first task.
[edit]
lab@R1# set system services ssh connection-limit 2

[edit]
lab@R1# set system services ssh rate-limit 2

2) Enable NETCONF protocol over SSH using the standard port – TCP 830.
a. All devices.
NETCONF provides mechanisms to install, manipulate, and delete the configuration of
network devices. After enabling SSH on JUNOS devices, NETCONF is enabled
automatically accepting connections on the default SSH port 22. The task asks for
enabling NETCONF over the standard port 830 defined by RFC4742. In JUNOS, this is done
when you add ssh option under the netconf service.
[edit]
lab@R1# set system services netconf ssh
1294

Below is excerpt from the system connection table on router R1 after committing the
change.
[edit]

lab@R1# run show system connections

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1295 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

tcp4 0 0 *.830 *.* LISTEN

3) Configure SNMPv2c with community superlab on all routers, polled from
management system with address 10.10.10.1/32. Since SNMPv2c is using clear
text transmissions, make sure that SNMP traffic is accepted only over the
management interface fxp0.0 Ensure that the reachability to 10.10.10.1/32 is
provided even if the rpd process is not yet running. Assume the IP address
10.10.1.200 is used as gateway in the management segment.
Next, you have to configure the SNMPv2c management protocol. As the task suggests,
you need to secure the SNMP communication to the devices also. You have to explicitly
specify the exact interface where the request can come from and the exact IP address of
the network management system that can access it. Along with that, you have to
configure a single static route reaching the NMS via the management interface fxp0. Next
part requires that the route to the management system is reachable when the RPD
process is not running. This can happen if the process crashes or during the system boot
process. To accomplish this, backup-router command under the system stanza has
to be configured. When RDP process starts the backup route is removed from the local
routing and forwarding tables.

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
a. All devices.
[edit]
lab@R1# set snmp interface fxp0.0

[edit]
lab@R1# set snmp community superlab clients 10.10.10.1/32

[edit]
lab@R1# set routing-options static route 10.10.10.1/32 next-hop
10.10.1.200

[edit]
lab@R1# set system backup-router 10.10.1.200

[edit]
lab@R1# set system backup-router destination 10.10.10.1/32

Solution - Task 1.2: Centralized authentication management
JUNOS provides three different methods for user account authentication, authorization
and accounting. Those are the local database, using a RADIUS server and using a TACACS+
server. This Task requires configuring the devices to communicate successfully with a
TACACS+ server.

4) Configure all devices to use TACACS server located at 10.10.10.1 for

authentication. The communication with the TACACS server should be encrypted 1295

with password jncie123.

a. All devices.

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1413 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

HelloInterval 9(second)
Address 10.50.0.9
ActiveResv 2, PreemptionCnt 0, Update threshold 10%
Subscription 100%,
bc0 = ct0, StaticBW 300Mbps
ct0: StaticBW 300Mbps, AvailableBW 300Mbps
MaxAvailableBW 300Mbps = (bc0*subscription)
ReservedBW [0] 0bps[1] 0bps[2] 0bps[3] 0bps[4] 0bps[5] 0bps[6] 0bps[7] 0bps
Protection: On, Bypass: 1, LSP: 1, Protected LSP: 1, Unprotected LSP: 0
1 Dec 3 11:56:46 New bypass to-r6
Bypass: to-r6, State: Up, Type: LP, LSP: 1, Backup: 0
4 Dec 3 11:56:46 Record Route: 10.50.0.2 10.50.0.18
3 Dec 3 11:56:46 Up
2 Dec 3 11:56:46 CSPF: computation result accepted
1 Dec 3 11:56:46 Originate Call

Solution - Task 4.2: MPLS and LDP configuration
5) Assume that R8 supports only LDP protocol. Configure R5 and R6 to provide MPLS
transport gateway functionality to the rest of network for R8. CEs attached to R8
should be able to exchange labeled packets with the CEs behind R1 and R2.
The task mentions that router R8 does not support RSVP. In order to enable services to be
deployed between router R8 and routers R1 and R2, you have to configure R5 and R6 to
transport LDP traffic in RSVP signaled LSP. You have to configure LDP targeted sessions
between routers R1, R2, R5 and R6.

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
a. R1
In JUNOS configuring LDP over RSVP can be done by enabling ldp-tunneling for the
RSVP LSPs connecting the two routers configured for LDP. Targeted LDP sessions are
established between the Loopback IP addresses.
[edit]
lab@R1# set protocols ldp interface lo0.0

[edit]
lab@R1# set protocols mpls label-switched-path r1-to-r5 ldp-tunneling

[edit]
lab@R1# set protocols mpls label-switched-path r1-to-r6 ldp-tunneling

b. R2
[edit]
lab@R2# set protocols ldp interface lo0.0

[edit]
lab@R2# set protocols mpls label-switched-path r2-to-r5 ldp-tunneling

[edit]
lab@R2# set protocols mpls label-switched-path r2-to-r6 ldp-tunneling

c. R5
Routers R5, R6 with R8 establish direct LDP sessions over the logical interface between 1413
them.
[edit]

lab@R5# set protocols ldp interface ge-0/0/4.58

[edit]

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1414 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

lab@R5# set protocols ldp interface lo0.0

[edit]
lab@R5# set protocols mpls label-switched-path r5-to-r1 ldp-tunneling

[edit]
lab@R5# set protocols mpls label-switched-path r5-to-r2 ldp-tunneling

d. R6
[edit]
lab@R6# set protocols ldp interface ge-0/0/4.68

[edit]
lab@R6# set protocols ldp interface lo0.0

[edit]
lab@R6# set protocols mpls label-switched-path r6-to-r1 ldp-tunneling

[edit]
lab@R6# set protocols mpls label-switched-path r6-to-r2 ldp-tunneling

e. R8
[edit]
lab@R8# set protocols ldp interface ge-0/0/4.58

[edit]
lab@R8# set protocols ldp interface ge-0/0/4.68

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
Enabling LDP on the Loopback interface on R8 is needed to establish targeted sessions to
routers R1 and R2.
[edit]
lab@R8# set protocols ldp interface lo0.0

f. Verify the configuration

The output below show the result of the commands applied.
[edit]
lab@R8# run show ldp interface
Interface Label space ID Nbr count Next hello
lo0.0 10.50.250.8:0 3 0
ge-0/0/4.58 10.50.250.8:0 1 3
ge-0/0/4.68 10.50.250.8:0 1 2

[edit]
lab@R8# run show ldp neighbor
Address Interface Label space ID Hold time
10.50.250.1 lo0.0 10.50.250.1:0 38
10.50.250.2 lo0.0 10.50.250.2:0 43
10.50.250.6 lo0.0 10.50.250.6:0 42
10.50.0.49 ge-0/0/4.58 10.50.250.5:0 12
10.50.0.53 ge-0/0/4.68 10.50.250.6:0 14

[edit]
lab@R8# run show ldp database
Input label database, 10.50.250.8:0--10.50.250.1:0 1414
Labels received: 5
Label
3
Prefix
10.50.250.1/32

299778
299776
10.50.250.5/32
10.50.250.6/32
299783 10.50.250.8/32

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1415 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

262147 FEC129 NoCtrlWord ETHERNET 000a012c:0000012c 0a32fa01 0a32fa08

Output label database, 10.50.250.8:0--10.50.250.1:0

Labels advertised: 6
Label Prefix
299779 10.50.250.1/32
299778 10.50.250.2/32
299777 10.50.250.5/32
299780 10.50.250.6/32
3 10.50.250.8/32
262145 FEC129 NoCtrlWord ETHERNET 000a012c:0000012c 0a32fa08 0a32fa01

Input label database, 10.50.250.8:0--10.50.250.2:0

Labels received: 5
Label Prefix
3 10.50.250.2/32
299778 10.50.250.5/32
299777 10.50.250.6/32
299781 10.50.250.8/32
299776 L2CKT CtrlWord ETHERNET VC 3

Output label database, 10.50.250.8:0--10.50.250.2:0

Labels advertised: 6
Label Prefix
299779 10.50.250.1/32
299778 10.50.250.2/32
299777 10.50.250.5/32
299780 10.50.250.6/32
3 10.50.250.8/32
299776 L2CKT CtrlWord ETHERNET VC 3

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
[edit]
lab@R8# run show route table inet.3

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.50.250.1/32 *[LDP/9] 00:04:04, metric 1

> to 10.50.0.53 via ge-0/0/4.68, Push 299777
10.50.250.2/32 *[LDP/9] 00:04:04, metric 1
> to 10.50.0.53 via ge-0/0/4.68, Push 299778
10.50.250.5/32 *[LDP/9] 00:05:32, metric 1
> to 10.50.0.49 via ge-0/0/4.58
10.50.250.6/32 *[LDP/9] 00:04:04, metric 1
> to 10.50.0.53 via ge-0/0/4.68

[edit]
lab@R1# run show ldp interface
Interface Label space ID Nbr count Next hello
lo0.0 10.50.250.1:0 2 0

[edit]
lab@R1# run show ldp neighbor
Address Interface Label space ID Hold time
10.50.250.5 lo0.0 10.50.250.5:0 31
10.50.250.6 lo0.0 10.50.250.6:0 42
10.50.250.8 lo0.0 10.50.250.8:0 44

[edit]
lab@R1# run show ldp database
Input label database, 10.50.250.1:0--10.50.250.5:0
Labels received: 4 1415
Label Prefix
299777
299776
10.50.250.1/32
10.50.250.2/32

299781
3 10.50.250.5/32
10.50.250.8/32

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1435 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1

192.168.22.0/24 *[BGP/170] 00:02:51, MED 1, localpref 100, from 10.50.250.10
AS path: 5673.873 I, validation-state: unverified
> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r2
to 10.50.0.33 via ge-0/0/4.45, label-switched-path r5-to-r2
192.168.23.0/24 *[BGP/170] 00:02:51, MED 1, localpref 100, from 10.50.250.10
AS path: 5673.873 I, validation-state: unverified
> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r2
to 10.50.0.33 via ge-0/0/4.45, label-switched-path r5-to-r2

Router R5 is advertising the routes from the other three sites to the VPNA-CE1. Two
prefixes advertised by CE2 received from the MPLS core, are advertised as internal
because of the independent-domain configuration.
[edit]
lab@R5# run show route advertising-protocol bgp 192.168.15.5

VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path
* 192.168.15.8/30 Self 100 I
* 192.168.15.12/30 Self 100 5673.873 I
* 192.168.15.16/30 Self 100 5673.873 I
* 192.168.18.0/24 Self 100 I
* 192.168.19.0/24 Self 100 I
* 192.168.20.0/24 Self 1 100 5673.873 I
* 192.168.21.0/24 Self 1 100 5673.873 I
* 192.168.22.0/24 Self 1 100 5673.873 I
* 192.168.23.0/24 Self 1 100 5673.873 I

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
Similarly, router R8 receives two routes from VPNA-CE2 and advertises the routes for the
other VPNA sites.
[edit]
lab@R8# run show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
511 511 0 0 0 0
inet6.0
16 0 0 0 0 0
bgp.l3vpn.0
30 30 0 0 0 0
bgp.l2vpn.0
2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.15.9 64999 24 35 0 0 9:40
Establ
VPNA.inet.0: 2/2/2/0

[edit]
lab@R8# run show route table VPNA.inet.0

VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

192.168.15.4/30 *[BGP/170] 00:01:54, localpref 100, from 10.50.250.10

AS path: I, validation-state: unverified
> to 10.50.0.49 via ge-0/0/4.58, Push 18
192.168.15.8/30 *[Direct/0] 07:47:26 1435
> via ge-0/0/5.102
192.168.15.10/32 *[Local/0] 07:47:26
Local via ge-0/0/5.102

192.168.15.12/30 *[BGP/170] 00:09:50, localpref 100, from 10.50.250.10
AS path: 5673.873 I, validation-state: unverified

> to 10.50.0.53 via ge-0/0/4.68, Push 16, Push 299795(top)

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved

For personal non commercial use only – do not distribute

1445 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R8# run show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
511 511 0 0 0 0
inet6.0
16 0 0 0 0 0
bgp.l3vpn.0
30 30 0 0 0 0
bgp.l2vpn.0
2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.17.0.6 65100 448 480 0 1 3:26:03
Establ
VPNB.inet.0: 5/5/5/0

[edit]
lab@R8# run show route receive-protocol bgp 172.17.0.6

inet.0: 529 destinations, 529 routes (529 active, 0 holddown, 0 hidden)

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
* 172.17.21.0/24 172.17.0.6 65100 I
* 172.17.22.0/24 172.17.0.6 65100 I
* 172.17.23.0/24 172.17.0.6 65100 I
* 172.17.24.0/24 172.17.0.6 65100 I
* 172.17.25.0/24 172.17.0.6

5) You have to provide connectivity to and from AS 87.109 for site CE.. Make sure
you do not advertise additional routes to the other VPN sites.
a. R5

[edit]
lab@R5# set policy-options policy-statement VPNB-export.target term
filter.AS87.109 from protocol bgp

[edit]
lab@R5# set policy-options policy-statement VPNB-export.target term
filter.AS87.109 from as-path 87.109.origin

[edit]
lab@R5# set policy-options policy-statement VPNB-export.target term
filter.AS87.109 then reject

The configuration lines below are explicitly advertising the routes received from AS
87.109 to CE1.
[edit] 1445
lab@R5# set policy-options policy-statement to.VPNB-CE1 term accept.AS87.109 from
protocol bgp
[edit]
lab@R5# set policy-options policy-statement to.VPNB-CE1 term accept.AS87.109 from

as-path 87.109.origin

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1447 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R5# set routing-options interface-routes rib-group inet local-interfaces

The rib-group bgp.to.VPNB is associated to the internal BGP group. You might make the
mistake here and apply the rib-group to the external BGP group to peer U2. Although that
will accomplish what is asked, you have to take into account that the connection to U2
could fail.
[edit]
lab@R5# set protocols bgp group internal family inet unicast rib-group
bgp.to.VPNB

[edit]
lab@R5# set routing-instances VPNB routing-options interface-routes rib-group
inet local-interfaces

[edit]
lab@R5# set routing-instances VPNB protocols bgp group VPNB-CE1 family inet
unicast rib-group VPNB.to.bgp

b. Verify the configuration

After the commit, all the routes received by AS 87.109 are copied to the VPNB table.
[edit]
lab@R5# run show route table VPNB.inet.0

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
VPNB.inet.0: 492 destinations, 745 routes (491 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

1.64.0.0/10 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10

AS path: 87.109 1620 61671 I, validation-state: unverified
> to 10.50.0.85 via ge-0/0/4.35
[BGP/170] 03:44:01, MED 150, localpref 100
AS path: 87.109 1620 61671 I, validation-state: unverified
> to 15.16.18.85 via ge-0/0/5.2003
1.84.160.0/20 *[BGP/170] 03:44:01, MED 60, localpref 100
AS path: 87.109 1620 33112 I, validation-state: unverified
> to 15.16.18.85 via ge-0/0/5.2003
1.96.0.0/11 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10
AS path: 87.109 1620 33112 63164 40776 51777 I, validation-
state: unverified
> to 10.50.0.85 via ge-0/0/4.35
[BGP/170] 03:44:01, MED 150, localpref 100
AS path: 87.109 1620 33112 63164 40776 51777 I, validation-
state: unverified
> to 15.16.18.85 via ge-0/0/5.2003
1.161.192.0/21 *[BGP/170] 03:44:01, MED 60, localpref 100
AS path: 87.109 1620 33112 30404 32138 45045 I, validation-
state: unverified
> to 15.16.18.85 via ge-0/0/5.2003
1.176.0.0/12 *[BGP/170] 02:27:24, MED 50, localpref 100, from 10.50.250.10
AS path: 87.109 1620 33112 49129 16320 52954 I, validation-
state: unverified
> to 10.50.0.85 via ge-0/0/4.35
[BGP/170] 03:44:01, MED 150, localpref 100
AS path: 87.109 1620 33112 49129 16320 52954 I, validation-
state: unverified
> to 15.16.18.85 via ge-0/0/5.2003 1447

Conversely, the routes received from VPNB-CE1 are copied to master routing table.
[edit]
lab@R5# run show route receive-protocol bgp 172.17.0.2


http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1448 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

inet.0: 563 destinations, 907 routes (559 active, 0 holddown, 4 hidden)

Prefix Nexthop MED Lclpref AS path
* 172.17.1.0/24 172.17.0.2 65100 I
* 172.17.2.0/24 172.17.0.2 65100 I
* 172.17.3.0/24 172.17.0.2 65100 I
* 172.17.4.0/24 172.17.0.2 65100 I
* 172.17.5.0/24 172.17.0.2 65100 I
* 172.17.6.0/24 172.17.0.2 65100 I

inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

inet.3: 5 destinations, 9 routes (3 active, 0 holddown, 4 hidden)

VPNA.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

VPNB.inet.0: 491 destinations, 744 routes (491 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path
* 172.17.1.0/24 172.17.0.2 65100 I
* 172.17.2.0/24 172.17.0.2 65100 I
* 172.17.3.0/24 172.17.0.2 65100 I
* 172.17.4.0/24 172.17.0.2 65100 I
* 172.17.5.0/24 172.17.0.2 65100 I
* 172.17.6.0/24 172.17.0.2 65100 I

The AS 87.109 routes are not sent to router R8, hence they are not advertised to VPNB-
CE2.
[edit]
lab@R8# run show route advertising-protocol bgp 172.17.0.6

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.50.0.32/30 Self I
* 10.50.0.44/30 Self I
* 10.50.0.48/30 Self I
* 10.50.0.84/30 Self I
* 10.50.0.100/30 Self I
* 10.50.250.5/32 Self I
* 15.16.18.84/30 Self I
* 172.16.5.4/30 Self 4356 I
* 172.17.0.0/30 Self I
* 172.17.1.0/24 Self 5673.873 I
* 172.17.2.0/24 Self 5673.873 I
* 172.17.3.0/24 Self 5673.873 I
* 172.17.4.0/24 Self 5673.873 I
* 172.17.5.0/24 Self 5673.873 I
* 172.17.6.0/24 Self 5673.873 I

6) Since site CE3 is connected to 3rd party provider ISP1, you must extend the VPNB
using an inter-provider method that will provide you with a way to filter routes
received from ISP-1 based on target-communities. Do not use routing policy on R1
for providing connectivity to CE3. The remote PE is using route-target community
target:4356:500.
Three options can be used to extend a L3VPN via other provider network.
• Option A – within each AS, the routes are announced by the MP-BGP 1448
protocol used for all L3VPNs. On the AS border routers a VRF for each
Inter-AS L3VPN is configured and a pure IP connection is established
between the ASBRs. This is the least scalable solution and does not fit in

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1449 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

the requirements of the Task. Because, the routes exchanged between the
ASBRs are not vpnv4 routes, they do not carry route-target communities.
• Option B – All routes exchanged should be stored locally on ASBR. Since,
the exchanged routes are vpnv4 carying VPN labels with route-target
communities, there is a way to further filter or manipulate the VPN routes.
• Option C – provides the most scalable method, using Labeled BGP sessions
to create an MPLS path end-to-end. On top of that, a multihop external
MP-BGP session exchanges the vpnv4 routes between the ASs. Since, the
ASBRs do not have visibility of the overlay MP-BGP routes, there is not way
to control the exchange of the routes.
From the three methods the Option B is one that should be used to accomplish the Task.
a. R1
First, the interface between the two networks must be configured. Inter-AS option B
exchanges labeled routes between the ASBRs, this means the interconnect interfaces
must be also configured with family mpls.
[edit]
lab@R1# set interfaces ge-0/0/5 unit 112 description "=== connection to ISP1 ==="

[edit]

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
lab@R1# set interfaces ge-0/0/5 unit 112 vlan-id 112

[edit]
lab@R1# set interfaces ge-0/0/5 unit 112 family inet address 172.17.0.9/30

[edit]
lab@R1# set interfaces ge-0/0/5 unit 112 family mpls

Next the external MP-BGP session is configured between router R1 and the ISP1 peer.
[edit]
lab@R1# set protocols bgp group ISP1 log-updown

[edit]
lab@R1# set protocols bgp group ISP1 family inet-vpn unicast

[edit]
lab@R1# set protocols bgp group ISP1 peer-as 4356

[edit]
lab@R1# set protocols bgp group ISP1 neighbor 172.17.0.10

b. R5
Because using a routing policy on router R1 to manipulate the routes exchanged between
the ASBRs is not allowed, you can accept the remote route-target community on router
R5 and R8. This will provide successful communication between the local and remote
sites of VPNB.
[edit] 1449
lab@R5# set policy-options policy-statement VPNB-export.target term accept.rest
then community add VPNB-CE3
[edit]
lab@R5# set policy-options policy-statement VPNB-import.target term 1 from
community VPNB-CE3

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1450 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R5# set policy-options community VPNB-CE3 members target:4356:500

c. R8
[edit]
lab@R8# set policy-options policy-statement VPNB-export.target term accept.rest
then community add VPNB-CE3

[edit]
lab@R8# set policy-options policy-statement VPNB-import.target term 1 from
community VPNB-CE3

[edit]
lab@R8# set policy-options community VPNB-CE3 members target:4356:500

d. Verify the configuration

Router R1 receives vpnv4 routes from the ISP1 peer.
[edit]
lab@R1# run show route table bgp.l3vpn.0

bgp.l3vpn.0: 39 destinations, 39 routes (39 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

4356:500:172.16.5.4/30
*[BGP/170] 04:41:35, localpref 100

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
AS path: 4356 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786
4356:500:172.17.31.0/24
*[BGP/170] 04:41:35, localpref 100
AS path: 4356 65100 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786
4356:500:172.17.32.0/24
*[BGP/170] 04:41:35, localpref 100
AS path: 4356 65100 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786
4356:500:172.17.33.0/24
*[BGP/170] 04:41:35, localpref 100
AS path: 4356 65100 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786
4356:500:172.17.34.0/24
*[BGP/170] 04:41:35, localpref 100
AS path: 4356 65100 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786
4356:500:172.17.35.0/24
*[BGP/170] 04:41:35, localpref 100
AS path: 4356 65100 I, validation-state: unverified
> to 172.17.0.10 via ge-0/0/5.112, Push 299786

Using the remote route-target community in the import vrf policy, router R5 imports the
remote routes into the vrf routing table.
[edit]
lab@R5# run show route 172.17.31.0/24

VPNB.inet.0: 492 destinations, 745 routes (492 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both 1450
172.17.31.0/24 *[BGP/170] 02:48:55, localpref 100, from 10.50.250.10
AS path: 4356 65100 I, validation-state: unverified

> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1

bgp.l3vpn.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1451 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

+ = Active Route, - = Last Active, * = Both

4356:500:172.17.31.0/24
*[BGP/170] 02:48:55, localpref 100, from 10.50.250.10
AS path: 4356 65100 I, validation-state: unverified
> to 10.50.0.46 via ge-0/0/4.56, label-switched-path r5-to-r1

Similarly, router R8 successfully imports the routes into the VPNB routing table.
[edit]
lab@R8# run show route advertising-protocol bgp 172.17.0.6

VPNB.inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path
* 172.17.31.0/24 Self 4356 5673.873 I
* 172.17.32.0/24 Self 4356 5673.873 I
* 172.17.33.0/24 Self 4356 5673.873 I
* 172.17.34.0/24 Self 4356 5673.873 I
* 172.17.35.0/24 Self 4356 5673.873 I

7) Ensure that all BGP sessions in VPNB can send and receive packets larger than the
default 512-byte maximum segment size.
a. R5 and R8
By default, BGP uses packets with a maximum size of 512-bytes. This way it is ensured

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
that even if the MTU is lower on some links, BGP packets will not be fragmented.
To force BGP to use bigger packets, you have to enable the MTU discovery functionality.
This will automatically detect the maximum MTU between the peers and will use it for
the size of the BGP packets.
[edit]
lab@R5# set routing-instances VPNB protocols bgp mtu-discovery

[edit]
lab@R8# set routing-instances VPNB protocols bgp mtu-discovery

8) Make sure that traffic coming from VPNB with precedence bits 010, 011, 100 and
100 is classified as assured-forwarding. Ensure 20% high priority bandwidth
reservation for that traffic in your network, while keep the default reservation for
rest of the traffic.
The last task requires providing QoS should is for VPNB only.
a. R1, R2, R4, R5, R6 and R8
First, behavior aggregate classifiers are configured that will be later used for classifying
the traffic.

The EXP classifier is needed to map the traffic coming from the MPLS core interfaces and
associate it to forwarding-classes. To inherit the default mapping use the import function
to use the default EXP classifier as a template. Next, change the mapping for the assured-
1451
forwarding classes as required by the task.
[edit]
lab@R1# set class-of-service classifiers exp custom-exp import default

[edit]

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1452 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-

forwarding loss-priority low code-points 010

[edit]
lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-
forwarding loss-priority low code-points 011

[edit]
lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-
forwarding loss-priority low code-points 100

[edit]
lab@R1# set class-of-service classifiers exp custom-exp forwarding-class assured-
forwarding loss-priority low code-points 101

An IP precedence classifier is intended to map the IP traffic coming from the CE sites to
forwarding-classes. Again, the default classifier mappings are used as a template.
[edit]
lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence import
default

[edit]
lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence
forwarding-class assured-forwarding loss-priority low code-points 010

[edit]
lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence
forwarding-class assured-forwarding loss-priority low code-points 011

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
[edit]
lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence
forwarding-class assured-forwarding loss-priority low code-points 100

[edit]
lab@R1# set class-of-service classifiers inet-precedence VPNB-precedence
forwarding-class assured-forwarding loss-priority low code-points 101

A custom scheduler-map and classifier are assigned to the MPLS core interfaces.
[edit]
lab@R1# set class-of-service interfaces ge-0/0/4 scheduler-map custom-map

[edit]
lab@R1# set class-of-service interfaces ge-0/0/4 unit * classifiers exp custom-
exp

The custom scheduler-map is used to map the forwarding-classes to the schedulers.

[edit]
lab@R1# set class-of-service scheduler-maps custom-map forwarding-class assured-
forwarding scheduler af

[edit]
lab@R1# set class-of-service scheduler-maps custom-map forwarding-class best-
effort scheduler be

[edit]
lab@R1# set class-of-service scheduler-maps custom-map forwarding-class network-
control scheduler nc
1452
Custom schedulers are used to define the properties of output queues. The task requires
modifying the assured-forwarding only, but it is a good practice to ensure the rest of the
traffic is properly handled.

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1453 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R1# set class-of-service schedulers af transmit-rate percent 20

[edit]
lab@R1# set class-of-service schedulers af priority high

[edit]
lab@R1# set class-of-service schedulers nc transmit-rate percent 5

[edit]
lab@R1# set class-of-service schedulers nc priority low

[edit]
lab@R1# set class-of-service schedulers be transmit-rate remainder

[edit]
lab@R1# set class-of-service schedulers be priority low

b. R5
By default, associating scheduler-map can be done under the physical interfaces under
the class-of-service stanza. However, since you are not allowed to apply custom CoS
policies to traffic other then VPNB, you have to enable per-unit-scheduler for the
interface to the CE sites. This allows you to apply the custom scheduler only for a specific
unit.
[edit]
lab@R5# set interfaces ge-0/0/5 per-unit-scheduler

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
[edit]
lab@R5# set class-of-service interfaces ge-0/0/5 unit 110 scheduler-map custom-
map

[edit]
lab@R5# set class-of-service interfaces ge-0/0/5 unit 110 classifiers inet-
precedence VPNB-precedence

When vrf-table-label is used for the routing instances, a default classifier is applied to the
routing-instance logical interface. You have to replace the default EXP classifier with the
custom one, to map the traffic coming from the MPLS core. The purpose of this classifier
is to match on the vpn label after the transport label is stripped off.
[edit]
lab@R5# set class-of-service routing-instances VPNB classifiers exp custom-exp

c. R8

The same configuration is applied to router R8 as well.

[edit]
lab@R8# set interfaces ge-0/0/5 per-unit-scheduler

[edit]
lab@R8# set class-of-service interfaces ge-0/0/5 unit 111 scheduler-map custom-
map

[edit]
lab@R8# set class-of-service interfaces ge-0/0/5 unit 111 classifiers inet- 1453
precedence VPNB-precedence

[edit]
lab@R8# set class-of-service routing-instances VPNB classifiers exp custom-exp

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1454 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

d. Verify the configuraiton

[edit]
lab@R5# run show route instance VPNB extensive
VPNB:
Router ID: 172.17.0.1
Type: vrf State: Active
Interfaces:
ge-0/0/5.110
lsi.1
Route-distinguisher: 10.50.250.5:200
Vrf-import: [ VPNB-import.target ]
Vrf-export: [ VPNB-export.target ]
Fast-reroute-priority: low
Tables:
VPNB.inet.0 : 744 routes (491 active, 0 holddown, 0 hidden)
VPNB.iso.0 : 0 routes (0 active, 0 holddown, 0 hidden)
VPNB.inet6.0 : 0 routes (0 active, 0 holddown, 0 hidden)
VPNB.mdt.0 : 0 routes (0 active, 0 holddown, 0 hidden)

[edit]
lab@R5# run show class-of-service routing-instance VPNB
Routing instance: VPNB

Logical interface: lsi.1, Index: 335

Object Name Type Index
Classifier custom-exp exp 13646

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
Solution - Task 6.3: VPLS configuration
9) Configure VPLS L2 VPN between sites VPLS-1 and VPLS-2, using the interfaces as
shown in the physical diagram. Since site VPLS-2 has connectivity to both R6 and
R8, dedicate R8 as primary PE and R6 as backup PE. You have to use LDP signaled
VPLS with automatic site discovery, hence you are not allowed to configure the
sites explicitly.
The task description suggests that LDP signaled VPLS should connect the two sites.
However, automatic site discovery must be used. Enable MP-BGP protocol for that
purpose. This is known as FEC 129 LDP signaled VPLS.
a. All devices including the route-reflector
A new MP-BGP family is added to BGP running in the network.
[edit]
lab@R1# set protocols bgp group internal family l2vpn auto-discovery-only

b. R1
Configuring a new physical interface to connecting site VPLS-1. You have to exclude the
apply-group to enable family mpls on logical interfaces. Otherwise, the commit will fail
due to an error.
[edit]
lab@R1# set interfaces ge-0/0/3 apply-groups-except enable_mpls
1454
[edit]
lab@R1# set interfaces ge-0/0/3 vlan-tagging
[edit]
lab@R1# set interfaces ge-0/0/3 encapsulation vlan-vpls

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1455 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R1# set interfaces ge-0/0/3 unit 3001 description "=== connection to VPLS-1
==="

[edit]
lab@R1# set interfaces ge-0/0/3 unit 3001 encapsulation vlan-vpls

[edit]
lab@R1# set interfaces ge-0/0/3 unit 3001 vlan-id 3001

[edit]
lab@R1# set interfaces ge-0/0/3 unit 3001 family vpls

Make sure the routing instance type is set to vpls. Because BGP is used for auto-
discovery, you have to assign route-distinguisher and route-target to the routing instance
configuration.
[edit]
lab@R1# set routing-instances VPLS instance-type vpls

[edit]
lab@R1# set routing-instances VPLS interface ge-0/0/3.3001

[edit]
lab@R1# set routing-instances VPLS route-distinguisher 10.50.250.1:300

The auto-discovery process require a unique extended L2 VPN community identifying the
particular instance.

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
[edit]
lab@R1# set routing-instances VPLS l2vpn-id l2vpn-id:300:300

[edit]
lab@R1# set routing-instances VPLS vrf-target target:371786601L:300

The no-tunnel-service eliminates the need of hardware tunnel interface.

[edit]
lab@R1# set routing-instances VPLS protocols vpls interface ge-0/0/3.3001

[edit]
lab@R1# set routing-instances VPLS protocols vpls no-tunnel-services

c. R8
Configuring a new physical interface to connect site VPLS-2. You have to exclude the
apply-group again.
[edit]
lab@R8# set interfaces ge-0/0/3 apply-groups-except enable_mpls

[edit]
lab@R8# set interfaces ge-0/0/3 description "=== connection to VPLS-2 ==="

[edit]
lab@R8# set interfaces ge-0/0/3 vlan-tagging

[edit] 1455
lab@R8# set interfaces ge-0/0/3 encapsulation vlan-vpls

[edit]

lab@R8# set interfaces ge-0/0/3 unit 3002 encapsulation vlan-vpls

[edit]

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1457 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

[edit]
lab@R6# set interfaces ge-0/0/3 description "=== connection to VPLS-2 ==="

[edit]
lab@R6# set interfaces ge-0/0/3 vlan-tagging

[edit]
lab@R6# set interfaces ge-0/0/3 encapsulation vlan-vpls

[edit]
lab@R6# set interfaces ge-0/0/3 unit 3002 encapsulation vlan-vpls

[edit]
lab@R6# set interfaces ge-0/0/3 unit 3002 vlan-id 3002

[edit]
lab@R6# set interfaces ge-0/0/3 unit 3002 family vpls

[edit]
lab@R6# set routing-instances VPLS instance-type vpls

[edit]
lab@R6# set routing-instances VPLS interface ge-0/0/3.3002

[edit]
lab@R6# set routing-instances VPLS route-distinguisher 10.50.250.6:300

[edit]
lab@R6# set routing-instances VPLS l2vpn-id l2vpn-id:300:300

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
[edit]
lab@R6# set routing-instances VPLS vrf-target target:371786601L:300

[edit]
lab@R6# set routing-instances VPLS protocols vpls no-tunnel-services

[edit]
lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2
identifier 2

Router R6 is configured with preference backup, which means that it is less likely to
become a DF.
[edit]
lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2
preference backup

[edit]
lab@R6# set routing-instances VPLS protocols vpls multi-homing site VPLS-2
interface ge-0/0/3.3002

e. Verify the configuration

The VPLS is established.
[edit]
lab@R1# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)

EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS 1457
EM -- encapsulation mismatch
VC-Dn -- Virtual circuit down
WE
NP
--
--
interface and instance encaps not same
interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned
OR -- out of range
<-
Up
--
--
only inbound connection is up
operational

OL -- no outgoing label Dn -- down

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1458 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

LD -- local site signaled down CF -- call admission control failure

RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch

Legend for interface status

Up -- operational
Dn -- down

Instance: VPLS
L2vpn-id: 300:300
Local-id: 10.50.250.1
Remote-id Type St Time last up # Up trans
10.50.250.6 rmt Up Dec 3 17:16:19 2016 1
Remote PE: 10.50.250.6, Negotiated control-word: No
Incoming label: 262156, Outgoing label: 262154
Negotiated PW status TLV: No
Local interface: lsi.1048587, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS local-id 10.50.250.1 remote-id 10.50.250.6
neighbor 10.50.250.6
Flow Label Transmit: No, Flow Label Receive: No
10.50.250.8 rmt Up Dec 3 17:16:44 2016 1
Remote PE: 10.50.250.8, Negotiated control-word: No

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
Incoming label: 262157, Outgoing label: 262154
Negotiated PW status TLV: No
Local interface: lsi.1048588, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS local-id 10.50.250.1 remote-id 10.50.250.8
neighbor 10.50.250.8
Flow Label Transmit: No, Flow Label Receive: No

Router R8 is designated as DF router for the VPLS-2 site.

[edit]
lab@R8# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)

EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch 1458

Legend for interface status

Up -- operational
Dn -- down
Instance: VPLS

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1459 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

L2vpn-id: 300:300
Local-id: 10.50.250.8
Remote-id Type St Time last up # Up trans
10.50.250.1 rmt Up Dec 5 12:23:28 2016 1
Remote PE: 10.50.250.1, Negotiated control-word: No
Incoming label: 262402, Outgoing label: 262146
Negotiated PW status TLV: No
Local interface: lsi.1048579, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS local-id 10.50.250.8 remote-id 10.50.250.1
neighbor 10.50.250.1
Flow Label Transmit: No, Flow Label Receive: No
10.50.250.6 rmt Up Dec 5 12:25:17 2016 1
Remote PE: 10.50.250.6, Negotiated control-word: No
Incoming label: 262401, Outgoing label: 262145
Negotiated PW status TLV: No
Local interface: lsi.1048580, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS local-id 10.50.250.8 remote-id 10.50.250.6
neighbor 10.50.250.6
Flow Label Transmit: No, Flow Label Receive: No
Multi-home:
Local-site Id Pref State
VPLS-2 2 200 Up

[edit]
lab@R6# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)

EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch

Legend for interface status

Up -- operational
Dn -- down

Instance: VPLS
L2vpn-id: 300:300
Local-id: 10.50.250.6
Remote-id Type St Time last up # Up trans
10.50.250.1 rmt Up Dec 3 14:58:50 2016 1
Remote PE: 10.50.250.1, Negotiated control-word: No
Incoming label: 262154, Outgoing label: 262156
Negotiated PW status TLV: No
Local interface: lsi.1048586, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS local-id 10.50.250.6 remote-id 10.50.250.1
neighbor 10.50.250.1 1459
Flow Label Transmit: No, Flow Label Receive: No
10.50.250.8 rmt Up Dec 3 14:59:09 2016
Remote PE: 10.50.250.8, Negotiated control-word: No
1
Incoming label: 262155, Outgoing label: 262155
Negotiated PW status TLV: No
Local interface: lsi.1048587, Status: Up, Encapsulation: ETHERNET

http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute

1460 iNET ZERO JNCIE-SP lab workbook with detailed solutions version 2.0

Description: Intf - vpls VPLS local-id 10.50.250.6 remote-id 10.50.250.8

neighbor 10.50.250.8
Flow Label Transmit: No, Flow Label Receive: No
Multi-home:
Local-site Id Pref State
VPLS-2 2 1 Up

The route-reflector receives BGP auto-discovery routes.

[edit]
lab@route-reflector# run show route table bgp.l2vpn.0

bgp.l2vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.50.250.1:300:10.50.250.1/96 AD
*[BGP/170] 02:45:57, localpref 100, from 10.50.250.1
AS path: I, validation-state: unverified
> to 10.50.0.97 via ge-0/0/1.49
10.50.250.6:300:10.50.250.6/96 AD
*[BGP/170] 02:45:59, localpref 100, from 10.50.250.6
AS path: I, validation-state: unverified
> to 10.50.0.97 via ge-0/0/1.49
to 10.50.0.101 via ge-0/0/1.59
10.50.250.8:300:10.50.250.8/96 AD
*[BGP/170] 02:45:43, localpref 100, from 10.50.250.8
AS path: I, validation-state: unverified
> to 10.50.0.101 via ge-0/0/1.59

JNCIE-SP workbook: Chapter eleven solutions: Full Day Lab Challenge III
10) One more site attached to R2 should be connected to the VPLS VPN. Assume that
R2 supports only L2 circuit VPNs. Interconnect the L2VPN-3 site with the VPLS VPN
at R8 as primary and R6 asa a back-up connection.
L2 circuit VPN uses LDP for signaling; therefor a targeted LDP session is required between
the PEs connecting the two sites. However, LDP targeted sessions already exist due to the
LDP tunneling configuration.
a. R2
Configure the interface to connect site L2VPN-3 to the network. Again, the apply group
must be excluded.
[edit]
lab@R2# set interfaces apply-groups enable_mpls

[edit]
lab@R2# set interfaces ge-0/0/3 apply-groups-except enable_mpls

[edit]
lab@R2# set interfaces ge-0/0/3 description "=== connection to L2VPN-3 ==="

The encapsulation used on the interface must be ccc, as well as the family on logical
interface.
[edit]
lab@R2# set interfaces ge-0/0/3 encapsulation ethernet-ccc
1460
[edit]
lab@R2# set interfaces ge-0/0/3 unit 0 family ccc

The interface is added to the l2circuit neighbor configuration, together with the backup
neighbor. The virtual circuit id must match on both ends of the connection.


http://www.inetzero.com - Copyright 2017 iNET ZERO. All rights reserved
For personal non commercial use only – do not distribute