JMV 10.a-R LGH PDF

Junos MPLS and VPNs
10.a
High-Level Lab Guide
Worldwide Education Services

1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-JMV
This document is produced by Juniper Networks, Inc.

This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks
Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their respective owners.
Junos MPLS and VPNs High-Level Lab Guide, Revision 10.a
Copyright 2010 Juniper Networks, Inc. All rights reserved.
Printed in USA.
Revision History:
Revision 10.aDecember 2010
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 10.3R1.9. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary,
incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
MPLS Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Part 1: Configuring Network Interfaces and Baseline Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Part 2: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Part 3: Configuring a Static LSP Through the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Lab 2:
Label Distribution Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Part 1: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Part 2: Configuring RSVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Part 3: Configuring a Explicit Route Object (ERO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Part 4: Configuring LDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Part 5: Changing the Default Route Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Lab 3:
CSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Part 2: Enabling the TED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Part 3: Configuring RSVP-Signaled LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Part 4: Adding Administrative Groups to Core-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF . . . . . . . . . . . . . . . . 3-6
Lab 4:
Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Part 2: Redistributing Routes into BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Part 3: Creating an LSP to the Remote PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Part 4: Configuring a Secondary Path for Added Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Part 5: Configuring Secondary Standby Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Part 6: Examining a Secondary/Secondary Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Part 7: Examining a Fast-Reroute Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Part 8: Examining Link and Node-Link Protected LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11
Lab 5:
Miscellaneous MPLS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Part 1: Configuring the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Part 2: Configuring a RSVP LSP to Install a Route in the inet.0 Table . . . . . . . . . . . . . . . . . . . . 5-4
Part 3: Configuring MPLS Traffic Engineering to Install an inet.0 Route . . . . . . . . . . . . . . . . . . 5-5
Part 4: Using Policy to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Part 5: Using LSP Metric to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Part 6: Configuring Your Router to Not Decrement the TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Part 7: Configuring Your Router to Signal Explicit Null . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on Observed
Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10
Part 9: Using MPLS Ping to Verify LSP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-11
Lab 6:
VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . . 6-2
Part 2: Configuring the CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Contents iii
Lab 7:
Layer 3 VPN with Static and BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Part 2: Establishing an RSVP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3
Part 4: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Part 5: Configuring Static Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .7-5
Part 6: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Lab 8:
Route Reflection and Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Part 2: Configuring Your PE Router to Peer with the Route Reflector . . . . . . . . . . . . . . . . . . . . . . .8-2
Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector . . . . . . . . . . .8-3
Part 4: Configuring Another CE Router Using a Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4
Part 5: Configuring the PE to CE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4
Part 6: Configuring Two Layer 3 VPN Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-5
Part 7: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . . .8-6
Part 8: Implementing Route Target Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-8
Part 9: Configuring Internet Access Using a Non-VRF Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Lab 9:
GRE Tunnel Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Part 2: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-3
Part 3: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-3
Part 4: Configuring OSPF Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .9-4
Part 5: Establishing a GRE Tunnel Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-5
Part 6: Creating and Adding a Static Route to inet.3 . . . . . . . . . . . . . 9-6
Part 7: Redistributing BGP Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8
Lab 10:
BGP Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2: Establishing a LDP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4: Configuring a BGP Layer 2 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 5: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lab 11:
Circuit Cross Connect and LDP Layer 2 Circuits . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . .
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 4: Configuring a LDP Layer 2 Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 5: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 6: Configuring a CCC Connection Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lab 12:
10-2
10-2
10-3
10-4
10-5
11-2
11-2
11-3
11-4
11-5
11-6
Virtual Private LAN Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Part 2: Adjusting the Properties of the Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Part 3: Configuring a Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Part 4: Enabling LDP Signaling in the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Part 5: Configuring an LDP VPLS Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Part 6: Using MSTP to Prevent a Layer 2 Loop in a VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
Part 7: Adding a Subinterface to the Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Part 8: Configuring the Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers . . . . . . . 12-10
iv Contents
Lab 13:
Carrier-of-Carrier VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Part 1: Loading and Verifying the VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
Part 2: Configuring the Subscriber CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3
Part 3: Enabling MPLS in the Provider Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
Part 4: Configuring a Layer 3 VPN on the Provider PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
Part 5: Configuring the Customer CE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Part 6: Configuring the Customer PE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8
Part 7: Placing IBGP Learned Routes in inet.3 . . . . . . . . . . . . . . .13-9
Part 8: Configuring a BGP VPLS Between Customer PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 13-11
Appendix A: Lab Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Contents v
vi Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, next-generation
multicast virtual private networks (MVPNs), BGP Layer 2 VPNs, LDP Layer 2 Circuits, and virtual
private LAN service (VPLS). This course also covers Junos operating system-specific
implementations of Layer 2 control instances and active interface for VPLS. This course is based on
the Junos OS Release 10.3R1.9.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations.
Objectives
After successfully completing this course, you should be able to:
www.juniper.net
Explain common terms relating to MPLS.
Explain routers and the way they forward MPLS packets.
Explain packet flow and handling through a label-switched path (LSP).
Describe the configuration and verification of MPLS forwarding.
Understand the information in the Label Information Base.
Explain the two label distribution protocols used by the Junos OS.
Configure and troubleshoot RSVP-signaled and LDP-signaled LSPs.
Explain the constraints of both RSVP and LDP.
Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
Describe the CSPF algorithm and its path selection process.
Describe administrative groups and how they can be used to influence path selection.
Describe the default traffic protection behavior of RSVP-Signaled LSPs.
Explain the use of primary and secondary LSPs.
Explain LSP priority and preemption.
Describe the operation and configuration of fast reroute.
Describe the operation and configuration of link and node protection.
Describe the LSP optimization options.
Explain the purpose of several miscellaneous MPLS features.
Explain the definition of the term Virtual Private Network.
Describe the differences between provider-provisioned and customer-provisioned

VPNs.
Describe the differences between Layer 2 VPNs and Layer 3 VPNs.
Explain the features of provider-provisioned VPNs supported by the Junos OS.
Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer
Edge (CE) routers.
Describe the VPN-IPv4 address formats.
Describe the route distinguisher use and formats.
Explain the RFC 4364 control flow.

Course Overview v
vi Course Overview
Create a routing instance, assign interfaces, create routes, and import and export
routes within the routing instance using route distinguishers and route targets.
Explain the purpose of BGP extended communities and how to configure and use
these communities.
Describe the steps necessary for proper operation of a PE to CE dynamic routing

protocol.
Configure a simple Layer 3 VPN using a dynamic CE-PE routing protocol.
Describe the routing-instance switch.
Explain the issues with the support of traffic originating on multiaccess VPN routing
and forwarding table (VRF table) interfaces.
Use operational commands to view Layer 3 VPN control exchanges.
Use operational commands to display Layer 3 VPN VRF tables.
Monitor and troubleshoot PE-CE routing protocols.
Describe the four ways to improve Layer 3 VPN scaling.
Describe the three methods for providing Layer 3 VPN customers with Internet access.
Describe how the auto-export command and routing table groups can be used to
support communications between sites attached to a common PE router.
Describe the flow of control and data traffic in a hub-and-spoke topology.
Describe the various Layer 3 VPN class-of-service (CoS) mechanisms supported by

the Junos OS.
Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security
(IPsec) tunnels in Layer 3 VPNs.
Describe the flow of control traffic and data traffic in a next-generation MVPN.
Describe the configuration steps for establishing a next-generation MVPN.
Monitor and verify the operation of next-generation MVPNs.
Describe the purpose and features of a BGP Layer 2 VPN.
Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.
Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.
Configure a BGP Layer 2 VPN and describe the benefits and requirements of
over-provisioning.
Monitor and troubleshoot a BGP Layer 2 VPN.
Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.
Describe the Junos OS BGP Layer 2 VPN CoS support.
Describe the flow of control and data traffic for an LDP Layer 2 circuit.
Configure an LDP Layer 2 circuit.
Monitor and troubleshoot an LDP Layer 2 circuit.
Describe and configure circuit cross-connect (CCC) MPLS interface tunneling.
Describe the difference between Layer 2 MPLS VPNs and VPLS.
Explain the purpose of the PE device, the CE device, and the P device.
Explain the provisioning of CE and PE routers.
Describe the signaling process of VPLS.
Describe the learning and forwarding process of VPLS.
Describe the potential loops in a VPLS environment.

www.juniper.net
Configure BGP and LDP VPLS.
Troubleshoot VPLS.
Describe the Junos OS support for carrier of carriers.
Describe the Junos OS support for interprovider VPNs.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Junos MPLS and VPNs (JMV) is an advanced-level course.
Prerequisites
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also have
familiarity with the Protocol Independent MulticastSparse Mode (PIM-SM) protocol. Students
should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials
(JRE), and Junos Service Provider Switching (JSPX) courses prior to attending this class.
www.juniper.net
Course Overview vii
Course Agenda
Day 1
Chapter 1:
Course Introduction
Chapter 2:
MPLS Fundamentals
Lab 1: MPLS Fundamentals
Chapter 3:
Label Distribution Protocols

Lab 2: Label Distribution Protocols
Chapter 4:
Constrained Shortest Path First

Lab 3: CSPF
Day 2
Chapter 5:
Traffic Protection and LSP Optimization

Lab 4: Traffic Protection
Chapter 6:
Miscellaneous MPLS Features

Lab 5: Miscellaneous MPLS Features
Chapter 7:
VPN Review
Chapter 8:
Layer 3 VPNs
Lab 6: VPN Baseline Configuration
Day 3
Chapter 9:
Basic Layer 3 VPN Configuration

Lab 7: Layer 3 VPN with Static and BGP Routing
Chapter 10: Troubleshooting Layer 3 VPNs

Chapter 11: Layer 3 VPN Scaling and Internet Access
Lab 8: Route Reflection and Internet Access
Chapter 12: Layer 3 VPNsAdvanced Topics
Lab 9: GRE Tunnel Integration
Day 4
Chapter 13: Multicast VPNs
Chapter 14: BGP Layer 2 VPNs
Lab 10: BGP Layer 2 VPNs
Chapter 15: Layer 2 VPN Scaling and COS
Chapter 16: LDP Layer 2 Circuits
Lab 11: Circuit Cross Connect and LDP Layer Circuits
Chapter 17: Virtual Private LAN Service
Day 5
Chapter 18: VPLS Configuration
Lab 12: Virtual Private LAN Service
Chapter 19: Interprovider VPNs
Lab 13: Carrier-of-Carrier VPNs
viii Course Agenda
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Most of what you read in the Lab Guide

and Student Guide.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Exiting configuration mode
GUI text elements:

Menu names
Text field entry
Select File > Open, and then click

Configuration.conf in the
Filename text box.
Input Text Versus Output Text

You will also frequently see cases where you must enter input text yourself. Often these instances
will be shown in the context of where you must enter them. We use bold style to distinguish text
that is input versus text that is simply displayed.
Style
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
View configuration history by clicking

Configuration > History.
CLI Input
Text that you must enter.
lab@San_Jose> show route

Select File > Save, and type
config.ini in the Filename field.
GUI Input
Defined and Undefined Syntax Variables

Finally, this course distinguishes between regular text and syntax variables, and it also
distinguishes between syntax variables where the value is already assigned (defined variables) and
syntax variables where you must assign the value (undefined variables). Note that these styles can
be combined with the input style as well.
Style
Description
Usage Example
CLI Variable
Text where variable value is

already assigned.
policy my-peers
GUI Variable
Click my-peers in the dialog.

CLI Undefined
GUI Undefined
www.juniper.net
Text where the variables value

is the users discretion and text
where the variables value as
shown in the lab guide might
differ from the value the user
must input.
Type set policy policy-name.

ping 10.0.x.y
Select File > Save, and type
filename in the Filename field.
Document Conventions ix
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
About This Publication

The Junos MPLS and VPNs High-Level Lab Guide was developed and tested using software
Release 10.3R1.9. Previous and later versions of software might behave differently so you should
always consult the documentation and release notes for the version of code you are running before
reporting errors.
This document is written and maintained by the Juniper Networks Education Services development
team. Please send questions and suggestions for improvement to training@juniper.net.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
Juniper Networks Support

For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or
at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside the United States).
x Additional Information
www.juniper.net
Lab 1
MPLS Fundamentals
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Configure and verify proper operation of network interfaces.
Configure and verify OSPF, BGP, and a virtual router.
Configure and monitor a MPLS static LSP.
MPLS Fundamentals Lab 11

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Configuring Network Interfaces and Baseline Protocols

In this lab part, you will be using the lab diagram titled Lab 1: Part 1Static LSPs
(Infrastructure). You will configure network interfaces on your assigned device. You
will then verify that the interfaces are operational and that the system adds the
corresponding routing table entries for the configured interfaces. After verifying your
interfaces, you will configure the router to participate in the OSPF area 0.0.0.0. Once
you have completed this, you will set up a internal BGP (IBGP) peering with the
remote teams router.
Note
The instructor will tell you the nature of your

access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure you know what device you are assigned. Check with your instructor if
necessary. Change all the x values on the Lab 1 topologies to reflect the correct
value. This will help avoid any confusion during the configuration steps throughout
the lab.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your devices management address.
Question: What is the management address
assigned to your station?
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
Lab 12 MPLS Fundamentals
www.juniper.net
Junos MPLS and VPNs
Step 1.4
Log in as user lab with the password supplied by your instructor.
Step 1.5
Enter configuration mode and load the reset configuration file
jmv-reset-RouterName and commit. For example: team mxA-1 would load
configuration file jmv-reset-mxA-1.
Step 1.6
Navigate to the [edit interfaces] hierarchy level.
Step 1.7
Refer to the network diagram and configure the interfaces for your assigned device.
Use the virtual local area network (VLAN) ID as the logical unit value for the tagged
interface. Use logical unit 0 for all other interfaces. Remember to configure the
loopback interface!
Step 1.8
Display the interface configuration and ensure that it matches the details outlined
on the network diagram for this lab. When you are comfortable with the interface
configuration, issue the commit-and-quit command to activate the
configuration and return to operational mode.
Step 1.9
Issue the show interfaces terse command to verify the current state of the
recently configured interfaces.
Question: What are the Admin and Link states for
the recently configured interfaces?
Step 1.10
Issue the show route command to view the current route entries.
Question: Does the routing table display an entry for
all local interface addresses and directly connected
networks?
Question: Are any routes currently hidden?
Step 1.11
Enter in to configuration mode and navigate to the [edit protocols ospf]
hierarchy level.
www.juniper.net
Junos MPLS and VPNs
Step 1.12
Configure the core facing interfaces in area 0.0.0.0. Remember to add the loopback
interface.
Step 1.13
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.
Question: Which neighbor state is shown for the
listed interfaces?
Note
Before proceeding, ensure that the remote

student team in your pod finishes the
previous steps.
Step 1.14
Using the ping utility, verify reachability to remote students interfaces. Remember to
verify the loopback address.
Question: Are the ping tests successful?
Step 1.15
Enter in to configuration mode and define the autonomous system number
designated for your network. Refer to the network diagram as necessary.
Step 1.16
Navigate to the [edit protocols bgp] hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote teams router. Refer to the network diagram for this lab as necessary.
Step 1.17
Issue the run show bgp summary command to view the current BGP summary
information for your device.
Question: How many BGP neighbors does your
router currently list?
www.juniper.net
Junos MPLS and VPNs
Question: Does your session show an Active

state?
STOP
Do not proceed until the remote team finishes Part 1.
Part 2: Configuring Customer Edge Router and Network Interfaces

In this lab part, you will reference the lab diagram titled Lab 1: Parts 2-3Static
LSPs. You will configure a virtual router instance on your router, representing the
customer edge (CE) router. You will configure the interfaces and networks needed to
establish a external BGP (EBGP) peering between the customer edge router and
your provider edge (PE) router. You will first configure your virtual router and all
interfaces for both routers. Second you will configure the EBGP peering session
between the two routers. Next you will advertise your loopback address from your
CE device to your PE router. You will share these routes with your IBGP peer.
Step 2.1
Refer to the lab diagram to ensure you navigate to the correct virtual router name.
Navigate to the [edit routing-instances cex-y] hierarchy and configure
the instance to behave as a virtual router. Configure the interfaces that should be
members of the virtual router. Make sure you include a loopback interface.
Step 2.2
Review the virtual router configuration up to this point by issuing the command
show.
Question: Do you see any issues with the current
configuration?
Step 2.3
Navigate to the [edit interfaces] hierarchy. Configure both physical
interfaces required for the connection to the virtual router. Configure unit 1 under
the loopback interface. Consult the network diagram for proper IP addressing. After
verifying your configuration, commit and exit to operational mode to verify
connectivity.
www.juniper.net
Junos MPLS and VPNs
Step 2.4
Verify connectivity from CE to PE router using the ping utility.
Note
Use Ctrl + c to stop a continuous ping

operation.
Step 2.5
Return to configuration mode and configure the main instance (PE) to establish an
EBGP peering session, named my-ext-group, to your virtual router (CE). Verify
configuration looks correct before moving on. Please refer to Lab 1: Part 2 and 3
network diagram for appropriate peer autonomous system numbers.
Question: Do you have to configure the group type
as external?
Step 2.6
the autonomous system for the virtual router (CE). Next configure the EBGP group
named my-ext-group, on the CE router. Once you are satisfied with the
configuration commit and exit to operational mode and verify the neighborship is
established before moving on to the next step.
Question: Is your EBGP peering established
between your PE and CE routers?
Question: Are you sending any routes from your CE

router?
Step 2.7
After you have verified all peers are up, enter configuration mode and issue the
save jmv-lab1-RouterName-baseline command to save the configuration
for future labs in this course. Consult your lab diagram to ensure you save the
configuration with the correct router name. For example: team mxA-1 would issue
the command: save jmv-lab1-mxA-1-baseline
www.juniper.net
Junos MPLS and VPNs
Step 2.8
Navigate to the [edit policy-options] hierarchy and configure a policy
named ce-export-loopback. Allow your CE loopback address to be exported.
After creating the policy, navigate to the virtual router and apply this new policy as an
export policy to your EBGP group. Commit and exit to operational mode after you are
satisfied with your configuration.
Step 2.9
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
Note

previous steps.
Step 2.10
Verify that you are receiving the remote CE loopback from your IBGP neighbor. The
total destination routes may differ in your outputs.
Question: Where is the route the remote peer is
advertising to us?
Step 2.11
Take an extensive look at the hidden route and determine why the route is hidden.
Question: Why is the route hidden?
Question: How do you fix this problem and get the

route to be a usable route?
Step 2.12
Enter into configuration mode. Navigate to the [edit policy-options]
hierarchy and create the policy named nhs. Configure this policy to take all bgp
routes learned from your CE neighbor and change the next-hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
www.juniper.net
Junos MPLS and VPNs
Note

previous steps.
Step 2.13
Verify that the remote loopback address is now usable and installed in the routing
table.
Question: Do you see the route now?
Step 2.14
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE routing
table?
STOP
Part 3: Configuring a Static LSP Through the Core

In this lab part, you will reference the lab diagram titled Lab 1: Parts 2-3Static
LSPs. You will configure a static LSP that will be used for traffic that is destined to
the network connected to the remote PE router. After configuring the LSP we will
verify CE to CE router communication through the static LSP.
Step 3.1
Enter into configuration mode and navigate to the [edit interfaces]
hierarchy. Configure the core facing interface to allow MPLS traffic.
Step 3.2
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
Step 3.3
Commit the configuration changes. Issue the command run show route table
mpls.0 command to verify that the mpls table has been created.
www.juniper.net
Junos MPLS and VPNs
Question: What are the routes that you see?
Step 3.4
Review the interfaces that are participating in MPLS to ensure we have the proper
configuration by executing the run show mpls interface command.
Question: What interface do you see?
Step 3.5
Create a static LSP named my-static-lsp with the egress address of the
remote PE loopback.
Step 3.6
Navigate to the [edit protocols mpls static-label-switched-path
my-static-lsp ingress] hierarchy. Configure the next-hop for the LSP and
assign the appropriate label to the LSP. Please consult the lab diagram titled Lab 1:
Parts 2-3Static LSPs for the path and label to be assigned. Review your
configuration and after you are satisfied with the configuration, commit the changes
and exit to operational mode.
Step 3.7
Issue the show mpls static-lsp ingress command to view the current
status of the recently configured LSP.
Question: What is the state of the static LSP?
Step 3.8
Review the route being used for the remote CE routers loopback by issuing the
show route 192.168.1x.y command.
Question: How do you determine that the static LSP
is going to be used when directing traffic to this
destination?
Step 3.9
Look at the traffic statistics for traffic traversing our new LSP. Execute the show
mpls static-lsp statistics ingress command to view the statistics for
the traffic the enters the LSP at this router.
www.juniper.net
Junos MPLS and VPNs
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
192.168.1x.y source 192.168.1x.y count 10 rapid
routing-instance cex-y command.
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
Question: How many packets do you see that
traversed through the LSP?
STOP
Tell your instructor that you have completed Lab 1.
www.juniper.net
Lab 2
Label Distribution Protocols
Overview
This lab demonstrates configuration and monitoring of Resource Reservation Protocol
(RSVP) and Label Distribution (LDP) signalled label switched path (LSP) features on
routers running the Junos operating system. In this lab, you use the command-line
interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol
(BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.
www.juniper.net
Configure and verify proper operation of network interfaces.
Configure and verify BGP, and a virtual router.
Configure and monitor a RSVP LSP.
Modify RSVP LSP by explicitly defining path requirements.
Configure and monitor a LDP LSP.
Manipulate the default behavior of RSVP and LDP, depending on network

requirements.
Label Distribution Protocols Lab 21

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Configuring Customer Edge Router and Network Interfaces

In this lab part, you will reference the lab diagram titled Lab 2: Label Distribution
Protocols. You will configure the virtual router representing the customer edge (CE)
router. You will configure the interfaces and networks needed to establish an
external BGP (EBGP) peering between the customer edge router and your provider
edge (PE) router. You will first configure your virtual router and all interfaces for both
routers. Second, you will configure the EBGP peering session between the two
routers. Next, you will advertise your loopback address from your CE device to your
PE router. You will share these routes with your internal BGP (IBGP) peer.
Step 1.1
Enter into configuration mode and load the baseline configuration that you saved in
Lab 1 by executing the load override jmv-lab1-RouterName-baseline
command. Once the configuration has been loaded, commit the changes and exit to
operational mode. Verify your Open Shortest Path First (OSPF) neighborships are up
and operational.
Step 1.2
Verify connectivity from CE to PE router using the ping utility.
Step 1.3
Verify the BGP neighbor relationship is established before moving on to the next
step.
Step 1.4
Enter back into configuration mode. Navigate to the [edit policy-options]
hierarchy and configure a policy named vr-export-loopback. Allow your CE
router loopback address to be accepted. After creating the policy, navigate to the
virtual router and apply this new policy as an export policy to your EBGP group.
Commit and exit to operational mode after you are satisfied with your configuration.
Step 1.5
Verify that you are advertising the loopback address to your EBGP peer. Next, verify
you are advertising the EBGP route from your PE router to your IBGP peer.
Note

previous steps.
Step 1.6
Verify that you are receiving the remote CE router loopback from your IBGP neighbor.
Step 1.7
Take an extensive look at the hidden route and determine why the route is hidden.
Lab 22 Label Distribution Protocols
www.juniper.net
Junos MPLS and VPNs
Question: Why is the route hidden?
Question: How do we fix this problem and get the

route to be a usable route?
Step 1.8
Enter into configuration mode. Navigate to the [edit policy-options]
hierarchy and create the policy named nhs. Configure this policy to take all BGP
routes learned from your CE neighbor and change the next hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
Note

previous steps.
Step 1.9
Verify that the remote loopback address is now usable and installed in the routing
table.
Question: Do you see the route now?
Step 1.10
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE routing
table?
STOP
www.juniper.net
Junos MPLS and VPNs
Part 2: Configuring RSVP

In this lab part, you will continue using the Lab 2 network diagram. You will configure
a RSVP signaled LSP that will be used for traffic that is destined to the network
connected to the remote PE router. After configuring the LSP we will verify CE to CE
router communication through the RSVP LSP.
Step 2.1
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
Step 2.2
statement. As good practice please be sure to disable the management interface.
Step 2.3
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
Step 2.4
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume unit 0 if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
Note
It is perfectly acceptable to use the

interface all option when adding the
interfaces into RSVP. For this lab, however,
we ask that you explicitly identify the
interfaces to demonstrate the importance
of including the correct unit number when
manually configuring particular interfaces.
Step 2.5
Add the configuration for creating the LSP. Navigate to the [edit protocols
mpls] hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the
set no-cspf command. Next, create a label-switched-path named
pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is
mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your
remote peers loopback address. Verify that the configuration looks correct. Commit
and exit to operation mode when you are satisfied with the changes.
www.juniper.net
Junos MPLS and VPNs
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Question: How many LSPs are reflected in the
output and what are the terminating points?
Question: Can you tell what path the LSP signaled

over?
Step 2.7
Review the ingress LSP in more detail by including the ingress and extensive
options with the previous command.
Question: Can you determine what routers in the
network are being traversed by the LSP you
configured?
Step 2.8
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route 192.168.1x.y command.
Step 2.9
Verify the remote CE routers loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Verify these ICMP
packets traversed the LSP by displaying the traffic statistics for the LSP.
STOP
www.juniper.net
Junos MPLS and VPNs
Part 3: Configuring a Explicit Route Object (ERO)

In this lab part, you will continue using the Lab 2: Label Distribution Protocols lab
diagram. You will create a path using both strict and loose path constraints. You will
apply the path as the primary path to your existing LSP, forcing the LSP to signal
along the specified path. You will decide which path the LSP will traverse. The only
criteria for this task is that you must have at least one strict hop and one loose hop
defined for the path. The example below is from the perspective of the pex- router.
The path example will have a strict hop requirement of the p4 router and a loose
hop requirement of the p3 router. This path was chosen for demonstration purposes
onlyyou might choose to engineer your LSP path differently.
Step 3.1
Enter into configuration mode and edit to the [edit protocols mpls]
hierarchy. Create a path named my-ER0 and configure the strict and loose hops you
want the LSP path to signal along.
Step 3.2
Apply the ERO you just created as the primary path used by the LSP you
configured in Part 2. If you do not remember what the LSP name was, you can use
the question mark option to display the LSPs that are configured on the router.
Review the configuration changes before committing and exiting to operational
mode.
Step 3.3
Verify the status of your LSP using the show mpls lsp ingress command.
Question: What is the state of your LSP?
Question: What is the active path being used?
Step 3.4
Review the output displayed from the show mpls lsp ingress detail
command to verify the LSP is following the path you created.
Question: Does the RRO reflect the path you
specified?
www.juniper.net
Junos MPLS and VPNs
Part 4: Configuring LDP

In this lab part, you will deactivate RSVP and add LDP to your network setup. Then
you will verify that traffic will transit the network using the LDP LSP.
Step 4.1
Enter into configuration mode and deactivate RSVP. Commit the configuration
change.
Step 4.2
Navigate to the [edit protocols ldp] hierarchy and add the interface
all statement. As good practice, remember to disable the management interface.
After making the configuration changes commit and exit to operation mode for
verification.
Step 4.3
Verify the proper interfaces are participating in LDP by issuing the command show
ldp interface.
Question: Do you see the correct interfaces?
Step 4.4
Verify the status of the LSP by issuing the show ldp session command.
Question: What is the status of the connection?
Step 4.5
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route 192.168.1x.y command.
Step 4.6
Verify the remote CE routers loopback is reachable from your local CE router by
sending five ICMP packets. Verify these ICMP packets traversed the LSP by
displaying the traffic statistics for the LSP.
Question: Was your ping test successful?
STOP
www.juniper.net
Do not proceed until the remote team finishes Part 4
Junos MPLS and VPNs
Part 5: Changing the Default Route Preference

In this lab part, your network will be running both RSVP and LDP to signal LSPs. All
traffic destined for the remote CE router must use the LDP LSPs. You will use
protocol preference to maniplate the LSP that is chosen as the next-hop.
Step 5.1
Enter into configuration mode and re-activate the RSVP protocol. Commit the
configuration changes.
Step 5.2
Review the routing table to determine what route is being used to carry traffic to the
remote CE network. Please note that the route might not change right away. It can
take a few moments to update the routing table.
Question: What protocol is being used to carry the
traffic to remote CE router?
Question: What table can you look at to see the

preference values of RSVP and LDP?
Step 5.3
Review the routes being used in the routing table inet.3 by issuing the run show
route table inet.3 192.168.x.y command.
Question: How can we make the LDP route more
preferred than the RSVP route?
Step 5.4
Lower the preference of the LDP protocol to be one lower than RSVP. You can
accomplish this by issuing the set protocols ldp preference 6 command.
After changing the protocol preference, commit your changes. After the commit has
finished, review the 192.168.1x.y route and the inet.3 routing table to ensure
LDP will be used for traffic to the CE network.
Question: What protocol is now the more preferred
protocol for traffic destined to the remote CE
network?
www.juniper.net
Junos MPLS and VPNs
Note
It is perfectly acceptable in our situation to

make all LDP routes more preferred than
RSVP routes. However, this might not
always be the case. You can increase the
route preference on RSVP routes on each
label-switched-path. This allows you to alter
the preference on a more granular level
than LDP.
STOP
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab 3
CSPF
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
www.juniper.net
Create a baseline network.
Define three Resource Reservation Protocol (RSVP) signaled LSPs to the

remote provider edge (PE) router.
Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
Analyze the traffic engineering database (TED).
CSPF Lab 31
10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Creating the Baseline Network

In this lab part, you will configure the baseline network for the lab. You will load the
baseline configuration that was saved at the end of Lab 1 and then enable RSVP
and MPLS on the core-facing interfaces. Please refer to the lab diagram titled
Lab 3: CSPF.
Step 1.1
Enter configuration mode and load the baseline configuration for your PE router. The
file should be saved in the /var/home/lab directory and is named
jmv-lab1-RouterName-baseline. Commit the baseline configuration and exit
to operational mode to verify connectivity.
Step 1.2
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring P routers.
Question: Are the OSPF neighbors in a Full state?
Step 1.3
Verify that your PE router has established a Border Gateway Protocol (BGP) neighbor
relationship with the remote PE router.
Question: Is the neighbor relationship in the
established state with the remote PE router?
Step 1.4
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the [edit
interfaces] hierarchy. Enable family mpls on both of the core facing interfaces.
Step 1.5
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.6
Configure the RSVP protocol on the core-facing interfaces. Commit your
configuration and exit to operational mode.
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Lab 32 CSPF
www.juniper.net
Junos MPLS and VPNs
Part 2: Enabling the TED

By default, the Junos operating system does not support the flooding the Opaque
LSAs used to build the TED. This feature must be enabled on every router in the
OSPF network. In this lab part, you will enable the TED and verify its operation.
Step 2.1
View the OSPF database and determine what types of link state advertisements
(LSAs) are currently being flooded in the network.
Question: What types of LSAs are being flooded in
the OSPF domain?
Question: Is your router generating an OpaqArea

LSA?
Step 2.2
View the TED and determine whether or not your router is using the OpaqArea LSA
to build a TED.
Question: Does your router have a TED available for
CSPF calculations?
Step 2.3
Enter configuration mode and navigate to the [edit protocols ospf]
hierarchy and enable traffic-engineering so that your router will flood its own
OpaqArea LSA and use these LSA types to build and use the TED for CSPF
calculations. Commit your configuration and exit to operational mode to determine if
your router is using the TED .
Question: Is your router generating an OpaqArea
LSA?
Question: Does your router have a TED available for

CSPF calculations?
www.juniper.net
CSPF Lab 33
Junos MPLS and VPNs
Step 2.4
View the TED and determine the colors (administrative groups) that have been
assigned to your PE router local interfaces.
Question: Have any colors been assigned to your PE
routers core-facing interfaces?
STOP
Part 3: Configuring RSVP-Signaled LSPs

In this lab part, you will configure gold, silver, and bronze RSVP-signaled LSPs.
Step 3.1
Enter configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure an RSVP-signaled LSP named lsp-gold-pey-to-pez-x to
the remote PE routers loopback address. Ensure that this LSP traverses P2 as a
loose hop.
Step 3.2
Configure an RSVP-signaled LSP named lsp-silver-pey-to-pez-x to the
remote PE routers loopback address. Ensure that this LSP traverses P2 as a loose
hop.
Step 3.3
Configure an RSVP-signaled LSP named lsp-bronze-pey-to-pez-x to the
remote PE routers loopback address. Ensure that this LSP traverses P2 as a loose
hop. Commit your configuration and exit to operational mode.
Step 3.4
Verify that the new LSPs are up and are currently traversing P2.
Question: Are all three LSPs up?
Question: What path are each of the LSPs taking

through the network? List the routers that the LSPs
traverse.
Lab 34 CSPF
www.juniper.net
Junos MPLS and VPNs
Part 4: Adding Administrative Groups to Core-Facing Interfaces

In this lab part, you will add administrative groups to your core-facing interfaces.
Refer to the lab diagram to determine the administrative groups to be applied to the
interfaces. The P router interfaces have been preconfigured with the administrative
groups listed on the diagram.
Step 4.1
Enter configuration mode and navigate to the [edit protocols] hierarchy.
Define an administrative group called gold that uses a value of 1.
Step 4.2
Define an administrative group called silver that uses a value of 2.
Step 4.3
Define an administrative group called bronze that uses a value of 3.
Step 4.4
Apply the administrative groups (as listed in the lab diagram) to the core-facing
interfaces. Exit configuration mode and use the show mpls interface
command to verify that the correct administrative groups have been applied.
Question: What administrative group have been
applied to the interfaces?
Step 4.5
View the TED and determine whether or not your router is advertising the correct
colors (administrative groups) to all other routers in the network.
Question: Is your router advertising the correct color
settings to other routers in the network?

STOP
www.juniper.net
CSPF Lab 35
Junos MPLS and VPNs
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.
Step 5.1
hierarchy, Modify the primary path for the gold LSP so that it takes only the gold path
through the lab network, ensuring that it continues to pass through P2.
Step 5.2
Modify the primary path for the silver LSP so that it takes only the silver path through
the lab network ensuring that it continues to pass through P2.
Step 5.3
Modify the primary path for the bronze LSP so that it takes only the bronze path
through the lab network ensuring that it continues to pass through P2. Commit your
Step 5.4
Verify that each LSP is traversing the correct, colored path as well as passing
through P2.
Question: List the routers that the gold LSP
traverses. Does it traverse the expected path?
Question: List the routers that the silver LSP

Question: List the routers that the bronze LSP

STOP
Lab 36 CSPF
www.juniper.net
Lab 4
Traffic Protection
Overview
In this lab, you will create a baseline multiprotocol label switching (MPLS) network and
then create label switched paths (LSPs) using different traffic protection mechanisms.
www.juniper.net
Create a baseline network.
Define an Resource Reservation Protocol (RSVP) signalled LSP to the remote

provider edge (PE) router.
Add primary/secondary path protection to an LSP.
Add secondary/secondary path protection to an LSP.
Add fast-reroute protection to an LSP.
Add node-link protection to an LSP.
Add link protection to an LSP.
Traffic Protection Lab 41

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Creating the Baseline Network

and MPLS on the core-facing interfaces. Please refer to the lab diagram titled
Lab 3: CSPF.
Step 1.1
Step 1.2
adjacencies with the neighboring P routers.
Step 1.3
Question: Has your PE router established a
neighbor relationship with the remote PE router?
Step 1.4
MPLS family on each interface. Enter configuration mode and navigate to the
[edit interfaces] hierarchy. Enable family mpls on both of the core
facing interfaces.
Step 1.5
Navigate to the [edit protocols mpls] hierarchy and configure the MPLS
protocol on the core-facing interfaces.
Step 1.6
Navigate to the [edit protocols rsvp] hierarchy and configure the RSVP
protocol on the core-facing interfaces.
Lab 42 Traffic Protection
www.juniper.net
Junos MPLS and VPNs
Step 1.7
Navigate to the [edit protocols ospf] hierarchy and enable
traffic-engineering so that your router will flood its own OpaqArea links state
advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for constrained shortest path first (CSPF) calculations.
Commit your configuration and exit to operational mode.
Step 1.8
Part 2: Redistributing Routes into BGP

In this lab part, each PE router will be configured for a static route. You will then
redistribute that static route into BGP using policy. Review the lab diagram to verify
the static route.
Step 2.1
Enter configuration mode and navigate to the [edit routing-options]
hierarchy. Configure the static route associated with your PE. Configure a next hop of
reject for that route.
Step 2.2
Navigate to the [edit policy-options] hierarchy and configure a routing
policy called statics to redistribute the static route into BGP.
Step 2.3
Navigate to the [edit protocols bgp] hierarchy and apply the policy as an
export policy to the remote PE neighbor. Commit your configuration and exit to
operation mode.
Step 2.4
Verify that you are sending a route to your remote PE neighbor as well as receiving a
route.
STOP
www.juniper.net
Junos MPLS and VPNs
Part 3: Creating an LSP to the Remote PE

In this lab part, you will create an RSVP-signalled LSP from your PE to the remote PE.
The second router along the path of the LSP must be either P1 or P3 depending on
the PE router that you are configuring. You will specify a strict hop of the provider
routers connecting interface. Refer to the lab diagram titled Lab 4: Traffic
Protection to determine the path of your LSP.
Step 3.1
hierarchy. Create a path for your LSP named strict-first-hop using the hops
listed in the following table:
Ingress PE
Strict Hop
Loose Hop
mxA-1
172.22.210.2
192.168.5.6
mxA-2
172.22.212.2
192.168.5.4
mxB-1
172.22.220.2
192.168.5.6
mxB-2
172.22.222.2
192.168.5.4
mxC-1
172.22.230.2
192.168.5.6
mxC-2
172.22.232.2
192.168.5.4
mxD-1
172.22.240.2
192.168.5.6
mxD-2
172.22.242.2
192.168.5.4
Step 3.2
Configure an LSP named pey-to-pez-x to the remote PE with a primary path
using the path you created in the previous step. Modify the LSP with the no-cspf
command. Commit your configuration and exit configuration mode and verify that
your LSP is up.
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P router.
Question: Is the new LSP up?
Question: What path is the LSPs taking through the

network? List the routers that the LSPs traverse.
www.juniper.net
Junos MPLS and VPNs
Step 3.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 3.5
Verify the status of the LSP.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 3.6
Enter configuration mode and enable the interface on your PE router that is being
operational mode.
Step 3.7
Verify that the LSP is up using the show rsvp session ingress command.
Part 4: Configuring a Secondary Path for Added Protection

In this lab part, you will configure a secondary path for the LSP to add traffic
protection to the LSP.
Step 4.1
hierarchy. Create a secondary path called any-path that lists no hops. That is, this
path should make it as easy as possible for the network to build a secondary path.
Step 4.2
To provide traffic protection to the existing LSP, apply the path created in the
previous step as a secondary path for the LSP. Commit your configuration and exit
configuration mode.
Step 4.3
Verify that the new LSP is up and is currently traversing the correct next-hop P router.
Question: Is the secondary path in an up state?
Why or why not?
www.juniper.net
Junos MPLS and VPNs
Step 4.4
operational mode.
Step 4.5
Step 4.6
operational mode.
Step 4.7
Use the show mpls lsp extensive command to verify the status of the LSP.
Question: Which path is being used by the LSP
immediately after enabling the interface? Why?
Part 5: Configuring Secondary Standby Protection

In this lab part, you will configure a secondary path that will be on hot standby for
the LSP to add even more traffic protection to the LSP.
Step 5.1
hierarchy. To provide slightly more traffic protection to the existing LSP, apply the
any-path path as a standby secondary path for the LSP. Commit your
configuration and exit configuration mode and verify that your LSP is up.
Step 5.2
Verify that the new LSP is up using the primary path. Also, verify that the secondary
path is up in a standby state.
Question: Is the primary path up? Secondary?
www.juniper.net
Junos MPLS and VPNs
Question: What path is the secondary path taking

through the network? List the routers that the LSPs
traverse.
Step 5.3
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration and exit to operational
mode.
Step 5.4
Verify the status of the LSP using the show mpls lsp ingress extensive
command.
Step 5.5
operational mode.
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Question: What path is being used by the LSP
Step 5.7
After the LSP has reverted to the primary path, view the forwarding table to see the
next hop of the BGP route being advertised by the remote PE router.
Question: How many next hops are associated with
the received BGP route?
www.juniper.net
Junos MPLS and VPNs
Question: When using a standby secondary LSP, a

very short time exists when traffic cannot be
forwarded through the secondary path at the
moment of primary failure. The cause of this short
delay is the time it takes to install the new next hop
in the forwarding table of the PFE. Can you shorten
this delay? How?
Step 5.8
Enter configuration mode and navigate to the [edit policy-options]
hierarchy. Create a load balancing policy called load-balance that performs load
balancing on all prefixes.
Step 5.9
Navigate to the [edit routing-options] hierarchy. Apply the
load-balance policy as an export policy to the forwarding table. Commit your
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.
Question: How many next hops are associated with
the received BGP route?
Part 6: Examining a Secondary/Secondary Protected LSP

In this lab part, you will familiarize yourself with the behavior of an LSP with no
primary path. Instead, the LSP will have two secondary paths.
Step 6.1
Enter configuration mode navigate to the [edit protocols mpls] hierarchy.
Delete the LSP from the previous sections of the lab.
Step 6.2
Create a no-cspf LSP named pey-to-pez-x to the remote PE with two
secondary paths. The first secondary path uses the strict-first-hop path and
the next uses the any-path path. Order is important!!! Commit your configuration
Step 6.3
the LSP.
www.juniper.net
Junos MPLS and VPNs
Question: Which secondary path is being used by

the LSP?
Step 6.4
Enter configuration mode and disable the interface on your PE that is being used by
mode.
Step 6.5
Step 6.6
Enter configuration mode and enable the interface on your PE that is used by the
primary path of the LSP. Commit your configuration and exit to operational mode.
Step 6.7
the LSP.
Question: Which path is used by the LSP
Part 7: Examining a Fast-Reroute Protected LSP

In this lab part, you will become familiar with an LSP that is protected by fast-reroute.
Step 7.1
Step 7.2
Create an no-cspf LSP named pey-to-pez-x to the remote PE with fast-reroute
enabled. The LSP should have a primary path using the strict-first-hop path.
www.juniper.net
Junos MPLS and VPNs
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Question: Has the PE router signaled to the
downstream routers that fast-reroute is desired?
Question: Has your PE router signaled a detour path

around the immediate downstream node? If so,
what is the path of the detour?
Step 7.4
operational mode.
Step 7.5
the LSP.
Step 7.6
operational mode.
Step 7.7
of the LSP.
Question: Which path is used by the LSP
www.juniper.net
Junos MPLS and VPNs
Part 8: Examining Link and Node-Link Protected LSPs

In this lab part, you will become familiar with an LSP that is protected by link and
node-link protection.
Step 8.1
Step 8.2
Create an no-cspf LSP named pey-to-pez-x to the remote PE router with
node-link protection enabled. The LSP should have a primary path using the
strict-first-hop path.
Step 8.3
In the previous part of the lab, you found that the fast-reroute feature allowed the
ingress PE to signal to all downstream routers that they must build detour paths
around the immediate downstream node. In the case of fast-reroute, no special
configuration was needed on any downstream router to build detour paths. In the
case of link and node-link protection, you must specify each individual link within
your network topology that can be protected.
Navigate to the [edit protocols rsvp] hierarchy and configure the
ge-1/0/0.2xy interface to allow link protection capabilities. Commit your
Step 8.4
of the LSP.
Question: Is the bypass LSP up?
Question: Does the bypass LSP provide protection

for the failure of the P router that is directly
connected to you through the ge-1/0/0 link?
Step 8.5
Modify your LSP to provide link protection.
Step 8.6
View your MPLS configuration and verify that link protection is configured. Commit
your configuration and exit to operational mode.
www.juniper.net
Junos MPLS and VPNs
Question: Looking at your configuration, are both

link and node-link protection configured for your
LSP?
Step 8.7
of the LSP.
Question: Is the bypass LSP up?
Question: Does the bypass LSP provide protection

for the failure of the ge-1/0/0 link?
Step 8.8
(Optional)
Enter configuration mode and disable the interface on your PE router that is used by
mode. Verify that protection occurs using the methods learned in this lab.
STOP
www.juniper.net
Lab 5
Miscellaneous MPLS Features
Overview
This lab demonstrates configuration and monitoring of miscellaneous Resource
Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers
running the Junos operating system. In this lab, you use the command-line interface (CLI)
to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous
features.
www.juniper.net
Configure an RSVP LSP to install a route in inet.0.
Configure multiprotocol label switching (MPLS) traffic engineering to install a

route in inet.0.
Use policy to control LSP selection.
Use metrics to control LSP selection.
Configure the network to not decrement time-to-live (TTL).
Configure a router to signal explicit null.
Configure a router to automatically adjust the RSVP reservation based on

observed bandwidth.
Use MPLS pings to monitor connectivity.
Miscellaneous MPLS Features Lab 51

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Configuring the Baseline Network

and MPLS on the core-facing interfaces. After enabling the protocols, you will
configure an LSP to traverse the network to terminate at the remote provider edge
(PE) router. Please refer to the lab diagram titled Lab 5: Parts 1-3Miscellaneous
MPLS for interface addressing and network information.
Step 1.1
Step 1.2
adjacencies with the neighboring routers.
Step 1.3
established state with the remote PE?
Step 1.4
hierarchy. Configure the core facing interfaces to allow MPLS traffic.
Step 1.5
statement. As good practice, disable the management interface.
Step 1.6
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure you have the proper configuration by executing the run show
mpls interface command.
Lab 52 Miscellaneous MPLS Features
www.juniper.net
Junos MPLS and VPNs
Question: Do you see the correct interfaces

participating in MPLS?
Step 1.7
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate
core-facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. Review the
configuration before committing to ensure the interfaces are correct. When you are
satisfied with the changes, commit and exit to operational mode.
Step 1.8
Using operational mode show commands, verify that the RSVP is configured
correctly on the core-facing interfaces.
Step 1.9
Enter configuration mode and enable traffic-engineering under
[edit protocols ospf] so that your router will flood its own OpaqArea
link-state advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for Constrained Shortest Path First (CSPF) calculations.
Step 1.10
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the [edit protocols mpls] hierarchy and create a LSP named
pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is
mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your
remote peers loopback address. Verify the configuration looks correct. Commit and
exit to operation mode when you are satisfied with the changes.
Step 1.11
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Question: How many LSPs are reflected in the
output and what are the terminating points?
STOP
www.juniper.net
Junos MPLS and VPNs
Part 2: Configuring a RSVP LSP to Install a Route in the inet.0 Table

In this lab part, you will add another interface to the OSPF network. Including the
new interface in OSPF will allow you to establish reachability for the remote team.
After establishing reachability, you will configure the router to install the remote
teams route as a destination that will use the established LSP for all traffic to the
new network. Please refer to the lab diagram titled Lab 5: Parts 1-3Miscellaneous
MPLS for network information.
Step 2.1
Enter configuration mode and navigate to the [edit protocols ospf area
0.0.0.0] hierarchy and add the new interface to the existing configuration as a
passive interface. We are adding the interface as passive because we are
adding the interface for demonstrative purposes and will not be establishing a
neighbor relationship on that interface. After you are satisfied with the changes,
commit and exit to operational mode. Using show commands, verify the new
interface is participating in your OSPF network.
Step 2.2
Verify with your remote team that they have completed the previous task. Once they
have completed these steps, you will verify that you are receiving the new network
as an OSPF route.
Question: Do you have the remote network in your
routing table?
Step 2.3
Enter into configuration mode and navigate to the [edit protocols mpls
label-switched-path pey-to-pez-x] hierarchy. Using the install
statement, add the remote network to your inet.3 routing table. Commit your
changes and verify that the route has been added to the inet.3 routing table and
points to the correct LSP.
Question: Do you see the route in your inet.3
routing table?
Step 2.4
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
inet.3 routing table to resolve the next hop and internal traffic will resolve the next
hop using the inet.0 routing table.
www.juniper.net
Junos MPLS and VPNs
Question: Is your internal traffic going to use the

OSPF route or the RSVP route?
Step 2.5
Include the RSVP route in the inet.0 routing table, so that internal traffic can also
use the LSP. Include this route by adding the active option to the route you
installed under the LSP. After adding this option, commit and exit to operational
mode. Verify that you can now see the RSVP route in your inet.0 routing table.
Question: Do you see the RSVP route in your
inet.0 routing table?
Question: Which route will be used when resolving

internal traffic?
Question: Which route will be used when resolving

external traffic (BGP) next hops?
Part 3: Configuring MPLS Traffic Engineering to Install an inet.0 Route

In this lab part, you will configure MPLS traffic engineering to move routes from
inet.3 into the inet.0 routing table for both BGP and internal gateway protocol
(IGP) routes. You will then use the traceroute utility to verify that the traffic is
using the LSP for internal traffic. Please refer to the lab diagram titled Lab 5: Parts
1-3Miscellaneous MPLS for network information.
Step 3.1
label-switched-path pey-to-pez-x] hierarchy. Remove the active option
from the installed route. Review your configuration change before proceeding. When
you are satisfied with the change, issue a commit and exit to operational mode.
Verify that you no longer have the RSVP route in your inet.0 routing table.
Question: Which protocol is being used in the
inet.0 routing table?
www.juniper.net
Junos MPLS and VPNs
Step 3.2
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy and enable traffic engineering to move routes from inet.3 into the
inet.0 routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode. Verify that your inet.0 route table
contains the RSVP route to the remote network specified to use the LSP.
Step 3.3
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network.
Question: Does your traceroute complete?
Question: Do you see MPLS label values associated

with the traceroute responses?
Part 4: Using Policy to Control LSP Selection

In this lab part, you will use policy to control which LSP certain traffic traverses. You
will begin by removing the extra interface from OSPF that was added in Part 2. You
will create two new LSPs that take different paths through the core network. You will
then create two static routes and export these routes to your BGP peer. Finally, you
will create and apply a policy to send traffic destined to the two routesreceived
from your neighbordown separate LSPs. Please refer to the lab diagram titled Lab
5: Parts 4-9Miscellaneous MPLS for the remainder of this lab.
Step 4.1
Enter into configuration mode and begin by removing the interface that we added in
Part 2. You must also remove this interface from your OSPF configuration.
Step 4.2
Navigate to the [edit protocols mpls] hierarchy and remove the existing
label switched path. You also must remove the traffic engineering configuration.
Create two paths named one and two. Specify the different loose hops you want
each LSP path to signal along. The configuration example with signal path one
across the top of the network using the P1, P2, and P3 routers. Path two will signal
across the bottom using P4, P5, and P6 routers.
www.juniper.net
Junos MPLS and VPNs
Step 4.3
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE routers loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
Step 4.4
Using show commands, verify that your LSPs are established and traversing the core
network as expected based on your explicit paths.
Question: Are your LSPs in an Up state?
Question: Do your LSPs traverse the core network

as expected?
Step 4.5
Enter into configuration mode, navigate to the [edit routing-options]
hierarchy, and define the static routes outlined on the network diagram for the
device you are configuring. After creating these routes, you will create a policy
named export-static that will export these routes to your internal BGP (IBGP)
peer. After creating the policy, you must apply it as an export policy to your IBGP
group. Commit your configuration changes and exit to operational mode. Verify that
your router is now sending these routes to your neighbor and that you are receiving
the remote static prefixes from the remote peer.
Question: What LSPs do the routes you received
from your neighbor point to as next hops?
Step 4.6
Enter into configuration mode and create a policy named lsp-policy. Create a
term named lsp-1. Under this term you will match the first BGP prefix received
from your peer and change the next-hop to your LSP named lsp-1. You will accept
this route. Then, you will create a second term named lsp-2, which will match on
the second BGP route and change the next-hop to lsp-2. This route also needs to
have the accept action.
www.juniper.net
Junos MPLS and VPNs
Step 4.7
Navigate to the [edit routing-options] hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode. Verify that the next hop for each
of the remote BGP routes point to the correct LSP as defined in your policy.
Question: Do you see the correct LSP selected as
the next hop for each of your BGP routes?
STOP
Part 5: Using LSP Metric to Control LSP Selection

In this lab part, you will configure the router to use metrics to control LSP selection.
You will begin by removing the policy you created in the Part 4. You must also
remove the export policy applied to the forwarding table. You will look at the current
state of the BGP routes and determined the metric value calculated from the IGP for
each of the RSVP routes. You will then manually set the metric on one of the LSPs to
be higher than the IGP calculated value. You will then verify the changes and review
the changes to the routing table.
Step 5.1
Enter into configuration mode and remove the policy you created in Part 4. You must
also remove the export policy applied to the forwarding table because it is no longer
defined. Commit your changes when you are ready to proceed.
Step 5.2
Review the current status of your BGP routes received from your peer. Review the
RSVP routes to determine what metric is being calculated from the IGP. This status
review provides the current values so that when you manually assign a metric, you
can verify that the changes have been applied correctly.
Question: Why do you see both LSPs as available
next hops?
Question: What is the metric of both RSVP LSPs that

was calculated from the IGP?
www.juniper.net
Junos MPLS and VPNs
Step 5.3
Navigate to the [edit protocols mpls] hierarchy and set the metric to 8 for
lsp-2. After changing the metric, commit your configuration and exit to operational
mode. Review the BGP routes for changes and verify the metric change is reflected
by the RSVP routes.
Question: What changes do you see in the routing
tables?
Question: What is the metric of both RSVP LSP

routes after the change?
Part 6: Configuring Your Router to Not Decrement the TTL

In this lab part, you will configure the router to not decrement the TTL. First, you will
look at the default TTL handling behavior. You will configure the router so that the
TTL is not decremented as packets traverse the MPLS network.
Step 6.1
hierarchy. Enable traffic-engineering bgp-igp. This will allow you to
traceroute to the remote teams loopback address. We will be using traceroute to
demonstrate the behavior with TTL handling. Commit the change and exit to
operational mode before proceeding. By using traffic engineering, it allows internal
traffic to use the RSVP routes to get to the remote teams loopback address.
Step 6.2
Verify the default behavior by using the traceroute utility. You can now traceroute to
the remote teams loopback address.
Question: How many devices respond to the
traceroute request?
Step 6.3
hierarchy. Configure the router so that the TTL is not decremented by using the
no-decrement-ttl statement under the MPLS protocol. Commit the
configuration and exit to operational mode before proceeding to the next step.
www.juniper.net
Junos MPLS and VPNs
Step 6.4
Use the traceroute utility again to view the change in behavior.
Question: How many responses do you see now?
Part 7: Configuring Your Router to Signal Explicit Null

In this lab part, you will configure your router to signal explicit null. Using explicit null
notifies the penultimate label-switching router (LSR) that the egress router will
remove the MPLS label. You will compare the Labelin value before and after
configuring the router to signal explicit null.
Step 7.1
View the Labelin value before you configure the router to signal explicit null. You
should expect to see a value of 3 for both LSPs.
Step 7.2
hierarchy. Configure your router to signal explicit null by using the
explicit-null command. This command tells the router to signal the upstream
LSR (penultimate router) that it expects to receive a MPLS label. In operation,
instead of signaling a value of 3 upstream (default behavior), the egress router will
signal a value of 0 upstream. Commit the changes and exit to operational mode
before proceeding to the next step.
Step 7.3
View the Labelin value now that you have configured the router to signal explicit
null. You should expect to see a value of 0 for both LSPs.
Question: Is the value of the Labelin field what
you expect to see?
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours.). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
www.juniper.net
Junos MPLS and VPNs
Step 8.1
statistics] hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the auto-bandwidth statement.
Step 8.2
Navigate to the [edit protocols mpls] and enable auto-bandwidth
under the existing LSP lsp-1. Commit your changes and exit to operational mode
before proceeding to the next step.
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
Question: When will the next LSP adjustment
happen?
Part 9: Using MPLS Ping to Verify LSP Connectivity

In this lab part, you will use MPLS Pings to verify LSP connectivity to the egress
node.
Step 9.1
Verify the connectivity of lsp-1 by executing the command ping mpls rsvp
lsp-1.
Question: Do the pings complete?
STOP
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab 6
VPN Baseline Configuration
Overview
In this lab, you will configure the request for comments (RFC) 4364 infrastructure that will
be used to support Layer 3 virtual private networks (VPNs) in subsequent labs.
www.juniper.net
Familiarize yourself with this lab and reset the configuration.
Configure interface addresses and families on your provider edge (PE) and
customer edge (CE) routers.
Enable traffic engineering.
Configure internal Multiprotocol Border Gateway Protocol (MP-IBGP) peering

between communicating PE routers.
Configure a route distinguisher ID.
Configure CE routing options.
Verify proper infrastructure operation.
Save your baseline configuration for use in future labs.
VPN Baseline Configuration Lab 61

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
baseline configuration saved at the end of Lab 1 and then enable Resource
Reservation Protocol (RSVP) and multiprotocol label switching (MPLS) on the
core-facing interfaces, configure MP-BGP, and configure a route-distinguisher ID.
Finally, you will configure a virtual router to represent the CE router attached to your
PE router. Please refer to the lab diagram titled Lab 6: Part 1VPN Baseline (PE).
Step 1.1
file is saved in the /var/home/lab directory and is named
jmv-lab1-RouterName-baseline.
Step 1.2
MPLS family on each interface. Navigate to the [edit interfaces] hierarchy
and enable family mpls on both of the core-facing interfaces.
Step 1.3
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.4
Configure the RSVP protocol on the core-facing interfaces.
Step 1.5
Enable traffic-engineering under [edit protocols ospf] so that your router
will flood its own OpaqArea link state advertisement (LSA) and use these LSA types
to build and use the traffic engineering database (TED) for constrained shortest
path first (CSPF) calculations.
Step 1.6
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE routers BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
Step 1.7
To allow for the automatic generation of route distinguishers, navigate to the
[edit routing-options] hierarchy and specify the
route-distinguisher-id using your PE routers loopback address. Commit
your configuration and exit out to operational mode.
Step 1.8
Step 1.9
adjacencies with the neighboring provider (P) routers.
Lab 62 VPN Baseline Configuration
www.juniper.net
Junos MPLS and VPNs
Step 1.10
Verify that your PE router has established a BGP neighbor relationship with the
remote PE router.
established state with the remote PE?
Question: What NLRI type has been negotiated

between your PE router and the remote PE router?
Part 2: Configuring the CE Router Properties

In this lab part, you will create a virtual router type routing instance on your device.
This virtual router will act as the CE router for the bulk of the rest of the Layer 3 VPN
labs.
Step 2.1
Familiarize yourself with the lab diagram titled Lab 6: Part 2VPN Baseline (CE).
Each group of students will delete the CE router from previous labs and create a new
CE router.
Step 2.2
Enter configuration mode, navigate to the [edit routing-instances]
hierarchy, and delete the configuration for the CE virtual router.
Step 2.3
Navigate to the [edit interfaces] hierarchy. Delete the configuration for
ge-1/0/4 and ge-1/1/4.
Step 2.4
Configure your new CE routers ge-1/1/4 interface, which will be used to connect
to your local PE router in future labs. Use the lab diagram to determine the correct
addressing.
www.juniper.net
VPN Baseline Configuration Lab 63
Junos MPLS and VPNs
Step 2.5
Navigate to the [edit routing-instances] hierarchy. Configure your
CE routers routing instance specifying a routing instance type of
virtual-router and apply the lo0.1 and ge-1/1/4 interfaces to the
instance.
Step 2.6
Configure your CE routers autonomous system (AS) number.
Step 2.7
Configure your CE routers static routes as listed on the lab diagram. Use a next hop
of reject for each of the four static routes.
Step 2.8
Navigate to the [edit policy-options] hierarchy. Create a routing policy that
will allow for the redistribution of your direct and static routes. This policy will
eventually be used to advertise routes from the CE router to the PE router. Commit
Step 2.9
View the CE routers routing table and ensure that the correct direct and static
routes are now installed in the table.
Question: What routes appear in your CE routers
routing table?
Step 2.10
Save the configuration for future labs in this course. Save your configuration as
jmv-RouterName-vpn-baseline.
STOP
Lab 64 VPN Baseline Configuration
www.juniper.net
Lab 7
Layer 3 VPN with Static and BGP Routing
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
Create and establish a Layer 3 VPN over the core network.
Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
Verify connectivity and behavior using command-line interface (CLI)

operational mode commands including ping and commands used to examine
routing tables and PE-PE BGP announcements.
Layer 3 VPN with Static and BGP Routing Lab 71

10.a.10.3R1.9
Junos MPLS and VPNs
Part 1: Loading and Verifying the VPN Baseline Configuration

In this lab part, you will load the VPN baseline configuration you saved in Lab 6. After
loading the configuration you will verify the core network is operating as expected.
You will review the CE instance configuration so you are familiar with the contents.
Step 1.1
Enter into configuration mode and load the VPN baseline configuration by executing
the command: load override jmv-RouterName-vpn-baseline. Commit
your configuration changes and exit to operational mode.
Step 1.2
Verify your OSPF and BGP neighborships are established correctly.
Question: Are your OSPF neighbors in a Full
state?
Question: Is your BGP peering up and functional?
Step 1.3
Enter into configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: What type of instance is being used.
Question: How many static routes are configured for

this instance?
Part 2: Establishing an RSVP Signaled LSP Between PE Routers

In this lab part, you will configure an RSVP-signaled LSP between the PE routers. You
will verify reachability using the MPLS ping utility.
Step 2.1
Navigate to the [edit protocols mpls] hierarchy and configure a
label-switched-path called pey-to-pez-x. For example, if you are
assigned router mxA-1, your peer router is mxA-2. The LSP would be named
pe1-to-pe2-1. Your LSP should egress at your remote peers loopback address.
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
Lab 72 Layer 3 VPN with Static and BGP Routing
www.juniper.net
Junos MPLS and VPNs
Step 2.2
Verify that the RSVP LSP you just configured is up and functional. Ensure that you
have bidirectional LSPs before proceeding. Review the inet.3 routing table to verify
that the RSVP route is present and ready to use.
Question: Do you see bidirectional LSPs
established?
Question: Is your RSVP route present in the inet.3

routing table?
Step 2.3
Verify MPLS connectivity using the MPLS ping utility.
Question: Does your MPLS ping complete?
STOP
Part 3: Configuring the PE to CE Interface

In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 3.1
Enter configuration mode and navigate to the [edit interfaces] hierarchy.
Configure the appropriate interface properties found on the Lab 5 network diagram.
Commit your changes and exit to operational mode to verify reachability to the
CE interface.
Step 3.2
Verify connectivity to the CE device using the ping utility with a count value of 3.
Question: Does your ping complete?
www.juniper.net
Junos MPLS and VPNs
Part 4: Configuring a Layer 3 VPN Instance

In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route distinguisher and a unique route target. You will include your CE facing
interface within this instance. In this lab, you will be using the vrf-target option
because of its simplicity. Please note that vrf-import and vrf-export policies
would work also.
Step 4.1
Enter into configuration mode and navigate to the
[edit routing-instances] hierarchy. Create a new VPN routing and
forwarding (VRF) instance named vpn-x.
Step 4.2
Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route
distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should look like this: 192.168.x.y:1.
Step 4.3
Configure your route target. As mentioned previously, you will be using the
vrf-target option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. The format for
defining your vrf-target is: target:65512:x.
Step 4.4
Include the CE facing interface in your VRF instance.
Step 4.5
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 4.6
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE facing interface. You can accomplish this by issuing the
command: show route table vpn-x.inet.0
Question: Do you see your local and direct routes?
STOP
www.juniper.net
Junos MPLS and VPNs
Part 5: Configuring Static Routing Between the PE and CE Routers

In this lab part, you will configure static routes to pass traffic from your PE router to
your CE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE site. You will
configure a default route on your CE router. You will configure static routes on your
PE router, under your VRF instance, for the four static routes already created on the
CE device. You will also configure a static route for the loopback address of your
CE router. You will verify that these routes are shared with the remote PE device and
you must also verify that you are receiving the routes from the remote PE. You will
use the ping utility to test the CE to CE connectivity over the Layer 3 VPN.
Step 5.1
Enter configuration mode and navigate to the [edit routing-instances
cex-y routing-options] hierarchy. Configure a static default route that
points to the PE interface address as the next hop.
Step 5.2
Navigate to the [edit routing-instances vpn-x routing-options]
hierarchy. Configure the static routes in your PE instance for the static networks that
reside on your CE device. You must also configure a static route for the loopback
address of your CE device. All static route next hops should point to the CE interface
address.
Step 5.3
Verify that you are advertising your routes to the remote PE router.
Question: What routes are being advertised to the
remote PE router?
Step 5.4
Verify that you are receiving routes from the remote PE router.
Question: What routes are you receiving from the
remote PE router?
Step 5.5
Review the routes that are installed in your VRF table.
Question: Do you see all the remote PE routes?
www.juniper.net
Junos MPLS and VPNs
Step 5.6
Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping
utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CEs loopback address. You will send five packets for this
test. This can be accomplished using the following command: ping
192.168.1x.y source 192.168.1x.y routing-instance cex-y
count 5
Question: Do all your ping packets complete?
STOP
Part 6: Configuring BGP Routing Between the PE and CE Routers

In this lab part, you will configure BGP routing to pass routes from your PE to your
CE router. These routes will be passed through the MP-BGP session to the remote
PE router so that traffic can be routed from the remote CE site. You will verify that
your routes are shared with the remote PE device and you will also need to verify
that you are receiving the routes from the remote PE. You will use the ping utility to
test the CE to CE connectivity over the Layer 3 VPN.
Step 6.1
Enter into configuration mode and navigate to the [edit routing-instances
vpn-x routing-options] hierarchy. Delete all static routes that have been
applied to the VRF instance.
Step 6.2
Navigate to the [edit routing-instances cex-y routing-options]
hierarchy. Remove the static default route that you created in Part 5. Commit and
exit to operational mode before proceeding.
Step 6.3
View the routes in your VRF table to verify that you are no longer receiving routes
from the remote PE router.
Question: What routes are currently present in your
VRF table?
www.juniper.net
Junos MPLS and VPNs
Step 6.4
cex-y protocols bgp] hierarchy. Create an external group called
my-ext-group and specify your neighbor address. You must also define your
peer-as. Apply the policy exp-policy that you created in Lab 6, as an export
policy to your EBGP group. Review your configuration before moving on to the next
step.
Step 6.5
Navigate to the [edit routing-instances vpn-x protocols bgp]
hierarchy. Create an external group called my-ext-group and specify your
neighbor address. You must also define your peer-as. Review your configuration,
Commit, and exit to operational mode before moving on to the next step.
Step 6.6
Verify on the PE that you are receiving the advertised BGP routes from your
CE router.
Question: Do you see the static routes that you
exported with the policy you applied?
Step 6.7
Verify that your PE router is advertising your VPN routes to the remote PE router.
Question: Are you advertising all the bgp routes you
are learning from your CE router?
Step 6.8
Verify that you are receiving the VPN routes being advertised from the remote
PE router.
Question: Are you receiving all the expected routes
that are being exported from the remote PE and
CE routers?
Step 6.9
Review the BGP routes you are receiving on your CE router.
Question: Are you receiving all the remote network
routes from your PE router?
www.juniper.net
Junos MPLS and VPNs
Question: What additional steps must you take to

determine why the routes are not being received at
your CE router?
Step 6.10
Verify that your PE router is advertising these routes to your CE router.
Question: Do you see all the remote network routes
being advertised to your CE router?
Step 6.11
Take an extensive look at one of the routes you are receiving from the remote
PE router but are not advertising to your CE router.
Question: What is the AS path of this route?
Question: What is the AS of your CE router?
Question: Will the PE router advertise routes to an

EBGP peer when the peers AS number is present in
the AS path?
Step 6.12
vpn-x protocols bgp] hierarchy. Configure the external group to override the
AS. Remember that we discussed a few methods for overcoming this challenge. You
will be using the as-override option because of simplicity. Commit and exit to
operational mode.
Step 6.13
Verify that your CE router is now receiving the routes from your PE router after the
change.
Question: Do you now see the routes being sent
from the remote team in your CE routers routing
table?
www.juniper.net
Junos MPLS and VPNs
Step 6.14
Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the
ping utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CE routers loopback address. You will send five packets for
this test. This task can be accomplished using the following command: ping
192.168.1x.y source 192.168.1x.y routing-instance cex-y
count 5 .
Question: Do your ping requests complete?
STOP
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab 8
Route Reflection and Internet Access
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will alter your internal BGP
(IBGP) configuration to peer with a preconfigured route reflector in the core network. You
will implement route target filtering on your PE router and you will configure Internet
access for the customer edge (CE) router through your PE router.
www.juniper.net
Reconfigure your IBGP peering, so that your router peers with the route
reflector.
Configure LDP-signaled label-switched paths (LSPs) to the remote PE router.
Create a second virtual router that will act as a second CE router and customer
network.
Create and establish two Layer 3 VPNs over the core network.
Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
Implement route target filtering on your PE router.
Configure Internet access for your CE router through your PE router.
Verify connectivity and behavior throughout the lab using command-line

interface (CLI) operational mode commands including ping and commands
used to examine routing tables and PE-PE BGP announcements.
Route Reflection and Internet Access Lab 81

10.a.10.3R1.9
Junos MPLS and VPNs

loading the configuration, you will verify the core network is operating as expected.
Step 1.1
the load override jmv-RouterName-vpn-baseline command. Commit
Step 1.2
state?
Step 1.3
configuration.
Part 2: Configuring Your PE Router to Peer with the Route Reflector

In this lab part, you will reconfigure your IBGP peering so that it peers with a
preconfigured route reflector in your core network. You will alter the neighbor
address so that you peer with the P2 router in your core network. You will verify that
the neighborship establishes and that you are receiving the correct network layer
reachability information (NLRI) needed to establish a Layer 3 VPN.
Step 2.1
Navigate to the [edit protocols bgp group my-int-group] hierarchy.
Change the current neighbor address using the rename option and add the correct
address to peer with the P2 router, which is the acting route reflector for the core
network. Commit your change and exit to operational mode.
Step 2.2
Verify that your neighborship has established with the route reflector. Review the
BGP neighborship to ensure that you are receiving the correct NLRI to establish a
Layer 3 VPN.
Lab 82 Route Reflection and Internet Access
www.juniper.net
Junos MPLS and VPNs
Question: Is the neighborship established with your

new BGP peer?
Question: What NLRIs are you receiving from the

route reflector neighbor?
Question: Which NLRI allows you to send and

receive information about Layer 3 VPNs?
Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector
In this lab part, you will use LDP to signal LSPs to the remote PE router through the
core network as well as to the Route Reflector. You will verify that the LDP LSPs are
established and that the LDP routes are installed in your routing table.
Step 3.1
Enter into configuration mode and navigate to the [edit protocols ldp]
hierarchy. Add the interface all statement to include all interfaces in LDP. As
good practice, remember to disable the management interface. Commit and exit to
operation mode when you are satisfied with the changes.
Step 3.2
Verify that the LSPs are established and ready for use.
Step 3.3
Verify that the inet.3 routing table is created and contains the RSVP route to the
remote PE router.
Question: Do you see the LDP route to the remote
PE router in your inet.3 routing table?
www.juniper.net
Junos MPLS and VPNs
Part 4: Configuring Another CE Router Using a Virtual Router

In this lab part, you will create another virtual router type routing instance on your
device. This virtual router will act as the second CE for this lab, which will allow you
to configure two separate sites.
Step 4.1
Familiarize yourself with the lab diagram titledLab 8: Part 3-8Layer 3 VPN Scaling
and Internet Access. Each group of students will configure a second CE router.
Step 4.2
Configure a loopback interface using unit 2this unit will be used as your
CE routers loopback interface.
Step 4.3
Configure your CE routers ge-1/1/5 interface, which will be used to connect to your
local PE router.
Step 4.4
your CE routers routing instance specifying a routing instance type of
virtual-router and apply the lo0 and ge-1/1/5 interfaces to the instance.
Step 4.5
Configure your CE routers autonomous system (AS) number.
Step 4.6
Configure your CE routers static routes as listed on the lab diagram. Use a next hop
of reject for each of the four static routes. Commit your configuration and exit to
operational mode.
Step 4.7
View the CE routers routing table and ensure that the correct direct and static
routes are now installed in the table.
Question: What routes appear in your CE routers
routing table?
Part 5: Configuring the PE to CE Interfaces

In this lab part, you will configure both of the PE to CE interfaces.You will verify
reachability using the ping utility.
www.juniper.net
Junos MPLS and VPNs
Step 5.1
hierarchy. Configure the appropriate interface properties found on the lab diagram
titled Lab 8: Part 3-8Layer 3 VPN Scaling and Internet Access. You will configure
the interfaces for each connection to the two CE routers. Commit your change and
exit to operational mode to verify reachability to the CE interface.
Step 5.2
Verify reachability to both CE routers by pinging their interfaces five times.
Question: Do the pings complete?
Part 6: Configuring Two Layer 3 VPN Instances

In this lab part, you will configure two Layer 3 VPN instances. You will create a VPN
named vpnx-a, which will connect cex-1 with cex-2. You will then create a VPN
named vpnx-b, which will connect cex-3 with cex-4. You will assign a unique
route target to each instance and you will include your CE-facing interface within the
appropriate instance. In this lab, you will be using the vrf-target option because
of its simplicity. Please note that vrf-import and vrf-export policies would
work also.
Step 6.1
vpnx-a] hierarchy. Configure the routing instance specifying a routing instance
type of vrf. Configure your route target. As mentioned previously, you will be using
the vrf-target option. Your target will contain the local autonomous system (AS)
number and a unique identifier. The format for defining your vrf-target for the
vpnx-a instance is: target:65512:x01. Add the ge-1/0/4.6x0 interface to
the routing instance. Review your configuration changes and commit when you are
satisfied with the changes.
Step 6.2
Navigate to the [edit routing-instances vpnx-b] hierarchy. Configure the
routing instance specifying a routing instance type of vrf. Configure your route
target. The format for defining your vrf-target for the vpnx-b instance is:
target:65512:x02. Add the ge-1/0/5.6x1 interface to the routing instance.
Review your configuration changes and when satisfied, commit and exit to
operational mode.
Step 6.3
Verify that both VRF tables are created and contain the local network routes.
Question: What routes do the tables contain?
www.juniper.net
Junos MPLS and VPNs
STOP
Part 7: Configuring BGP Routing Between the PE and CE Routers

In this lab part, you will configure BGP routing to pass routes from your CE routers to
your PE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE sites. You will
verify that your routes are shared with the remote PE device and you will also need
to verify that you are receiving the routes from the remote PE router for each of the
configured VPNs. You will use the ping utility to test the CE to CE connectivity over
the Layer 3 VPNs for each site.
Step 7.1
vpnx-a protocols bgp] hierarchy. Create an external group called
my-ext-group-a and specify your neighbor address. You must also define your
peer-as. Remember to add the option as-override to your BGP group,
because both the local CE router and the remote CE router are in the same AS.
Review your configuration and commit before moving on to the next step.
Step 7.2
Navigate to the [edit routing-instances cex-y protocols bgp]
hierarchy, where cex-y is your CE router connected to your VPNx-a instance.
Create an external group called my-ext-group and specify your neighbor
address. You must also define your peer-as. Apply the policy exp-policy that
you created in Lab 6, as an export policy to your EBGP group. Review your
configuration, commit, and exit to operational mode.
Note
Check with the team configuring the

remote CE router and ensure that they have
completed Step 7.2 before proceeding to
the next step.
Step 7.3
Verify that you are receiving the static routes from your CE router at your PE router.
You will also need to verify that you are sending these routes to the remote team
through the route reflector. Verify that you are also receiving the remote CE routers
static routes at your PE router from the route reflector and that you are receiving the
routes from the remote CE router on your local CE router. After verifying that the
routes are present on all your routers, verify reachability to the remote CE router by
pinging the loopback address five times. This task can be accomplished by issuing
the ping 192.168.1x.y source 192.168.1x.y routing-instance
cex-y count 5 command.
www.juniper.net
Junos MPLS and VPNs
Question: Are you receiving the routes from you

CE router?
Question: Are you sending the routes you learned

from your CE router to the route reflector?
Question: Are you receiving the routes being sent

from the remote PE router for the remote
CE network?
Question: Are you receiving these routes at your

CE router?
Question: Did the ping test complete?
Note
If you are not receiving or sending any of

the routes from the previous step, please
review your configuration and work with the
remote team for your pod. Request
assistance from the instructor as needed.
Step 7.4
vpnx-b protocols bgp] hierarchy. Create an external group named
my-ext-group-b and specify your neighbor address. You must also define your
peer-as. Remember to add the option as-override to your BGP group,
because both the local CE router and the remote CE router are in the same AS.
Review your configuration and commit before proceeding to the next step.
Step 7.5
Navigate to the [edit routing-instances cex-y protocols bgp]
hierarchy, where cex-y is your CE router connected to your VPNx-b instance.
Create an external group named my-ext-group and specify your neighbor
address. You must also define your peer-as. Apply the policy exp-policy that
you created in Lab 6, as an export policy to your EBGP group. Review your
configuration, commit, and exit to operational mode.
www.juniper.net
Junos MPLS and VPNs
Note
Check with the team configuring the

remote CE router and ensure that they have
completed Step 7.5 before proceeding to
the next step.
Step 7.6
Verify all routes are being sent and received at the CE router. Because you verified
that you can pass routes through the VPN to the remote PE router in Step 7.3, you
will start the verification steps on the CE router. If the routes do not appear on the
CE router then you will move your investigation to the PE router. After verifying the
routes are present on all your routers, verify reachability to the remote CE router by
sending a ping to the loopback address 5 times. This task can be accomplished by
issuing the ping 192.168.2x.y source 192.168.2x.y
routing-instance cex-y count 5 command.
Question: Are you receiving the remote CE routers
routes on your CE router?
Question: Did the ping test complete?
STOP
Part 8: Implementing Route Target Filtering

In this lab part, you will implement router filtering on your PE router. You will alter the
secondary CE routers vrf-target, to demonstrate the purpose of route target
filtering at the route reflector. You will review the default route advertising behavior
from the route reflector by utilizing the keep all option. You will configure the
router to signal route target filtering and verify the route reflector is no longer
sending you routes with target values for which your PE router is not configured.
Step 8.1
vpnx-b] hierarchy. Alter the vrf-target you have configured for this VPN. If you
are configuring pe1, then you change your target to target:65512:x03. If you
are configuring pe2 you will change you target to target:65512:x04. After
making this configuration change, commit and exit to operational mode.
www.juniper.net
Junos MPLS and VPNs
Note
Your routes will be advertised to the route

reflector, but when you receive the routes
for the remote CE router, your PE router will
evaluate the target value against the
targets configured for your VPNs and reject
the routes that do not match the local
target values.
Step 8.2
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table.
Question: Do you see the vpnx-b routes for the
remote CE router?
Step 8.3
Enter configuration mode and navigate to the [edit protocols bgp]
hierarchy. Enable the keep all functionality for your BGP session. This
functionality will cause the PE router to keep all VPN routes that are advertised to it
from the route reflector, regardless of vrf-target value. Commit your
configuration changes and exit to operational mode.
Step 8.4
routing table after adding the keep all functionality.
remote CE router?
Step 8.5
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your router to signal the route target NLRI for the IBGP session
to the route reflector.
Step 8.6
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.
www.juniper.net
Junos MPLS and VPNs

remote CE router?
Part 9: Configuring Internet Access Using a Non-VRF Interface

In this lab part, you will establish Internet access for your CE router connected to the
vpnx-a instance. You will create another logical unit on the same physical interface
connecting the CE router to the PE router. You will create a static default route on the
CE router that points to the PE routers non-VRF interface as the next hop. You will
configure the PE routers non-VRF interface as passive in your IGP, to allow
reachability to the CE router from the core network. You will ping one of the core
routers loopback interfaces from your CE device to simulate connectivity to the
Internet (networks outside the VPN instance).
Step 9.1
Enter configuration mode and navigate to the [edit interface] hierarchy.
Refer to the lab diagram titled Lab 8: Part 9Layer 3 VPN Scaling and Internet
Access. Configure the additional logical unit, VLAN, and IP address for both the
CE router interface and the PE router interface.
Step 9.2
Navigate to the [edit routing-instances cex-y] hierarchy and add the
non-VRF interface. Configure a static default route that points to the non-vrf
interface address as the next hop.
Step 9.3
Navigate to the [edit routing-options] hierarchy and create a static route
on your PE router that encompasses all of your static routes on your CE router in a
single prefix (172.x0.y.0/22). The next hop for this route will be the CE interface
address for the non-VRF connection. You will also need to add your CE routers
loopback address as a static route with the same next hop.
Step 9.4
Navigate to the [edit policy-options] hierarchy. Create a policy named
statics that will be used to redistribute your static routes into OSPF.
Step 9.5
Navigate to the [edit protocols ospf] hierarchy and add the non-VRF
interface as passive. Export the static routes you created in the previous step into
your IGP by using the policy static. This action allows the IGP to route traffic back
to the CE network through the non-VRF connection. Commit your changes and exit to
operational mode.
www.juniper.net
Junos MPLS and VPNs
Step 9.6
Verify that you can ping the loopback address of one of the core routers five times,
sourced from your CE routers loopback address. You can review one of the network
diagrams that outline the core network if you do not recall the loopback addresses
of the core routers. In the example provided, the ping is destined to P6s loopback,
sourced from the CE routers loopback.
Question: Do the ping requests complete?
STOP
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab 9
GRE Tunnel Integration
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
www.juniper.net
Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE routers static routes into
OSPF.
Configure a GRE tunnel to the remote PE router.
Create and add a static route to inet.3.
Redistribute the MP-BGP routes learned from the remote PE into OSPF.
Verify connectivity and behavior using operational mode commands including

ping and commands used to examine routing tables, and PE-PE BGP
announcements.
GRE Tunnel Integration Lab 91

10.a.10.3R1.9
Junos MPLS and VPNs

loading the configuration you will verify the core network is operating as expected.
Step 1.1
the load override jmv-RouterName-vpn-baseline command. Commit
Step 1.2
Verify that your OSPF and BGP neighborships are established correctly.
state?
Step 1.3
configuration.
Question: Which type of instance is being used.
Question: How may static routes are configured for

this instance?
Lab 92 GRE Tunnel Integration
www.juniper.net
Junos MPLS and VPNs

In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 2.1
hierarchy. Configure the appropriate interface properties found on the Lab 9
network diagram. Commit your change and exit to operational mode to verify
reachability to the CE interface.
Step 2.2
Verify connectivity to the CE device using the ping utility with a count value of 3.
Question: Does your ping complete?
Part 3: Configuring a Layer 3 VPN Instance

In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route target to the VPN. You will include your CE-facing interface within this instance.
In this lab, you will be using the vrf-target option because of its simplicity.
Please note that vrf-import and vrf-export policies would work also.
Step 3.1
Enter into configuration mode and navigate to the [edit
routing-instances] hierarchy. Create a new VRF instance named vpn-x.
Step 3.2
Navigate to the [edit routing-instances vpn-x] hierarchy. Configure your
route target. As mentioned earlier, you will be using the vrf-target option. Your
target will contain the local autonomous system (AS) number and will be uniquely
identified by using your pod value. The format for defining you vrf-target is:
target:65512:x.
Step 3.3
Include the CE-facing interface in your VRF instance.
Step 3.4
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 3.5
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE-facing interface. You can accomplish this task by issuing
the show route table vpn-x.inet.0 command.
www.juniper.net
Junos MPLS and VPNs
Question: Do you see your local and direct routes?
Part 4: Configuring OSPF Routing Between the PE and CE Routers

In this lab part, you will configure OSPF routing between your PE and CE routers.
These routes will be passed through the MP-BGP session to the remote PE router.
You will verify that these routes are shared with the remote PE device and you will
also need to verify that you are receiving the routes from the remote PE router.
Step 4.1
Enter into configuration mode and navigate to the [edit policy-options]
hierarchy. Create a policy named statics that will be used to redistribute your
CE routers static routes into OSPF.
Step 4.2
Navigate to the [edit routing-instances cex-y] hierarchy. Configure your
CE routers loopback and Ethernet interfaces as OSPF area 0.0.0.0 interfaces.
Step 4.3
Apply the statics policy as an export policy to your CE routers OSPF instance.
Step 4.4
Navigate to the [edit routing-instances vpn-x] hierarchy. Configure you
PE routers VRF interface an OSPF area 0.0.0.0 interface. Commit your configuration
Step 4.5
Verify that the CE router and PE router have established an OSPF adjacency with
each other.
Question: Has the CE router established an OSPF
adjacency with the local PE router?
Step 4.6
Verify that the static routes that are being redistributed by the CE router can be
found in the VRF table of the PE router.
Question: Are the static routes from the local
CE router being received by your PE router as OSPF
routes?
www.juniper.net
Junos MPLS and VPNs
Step 4.7
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
Question: What routes are being advertised to the
remote PE router?
Step 4.8
Verify that you are receiving routes from the remote PE router.
Question: What routes are you receiving from the
remote PE router?
Question: Why are no BGP routes being stored in

the VRF table?
Step 4.9
Determine whether any hidden routes are being received from the remote PE router.
Question: Are any hidden routes being received
from the remote PE router? Why are the routes
hidden?
Part 5: Establishing a GRE Tunnel Between PE Routers

In this lab part, you will configure a GRE tunnel between the PE routers.
Step 5.1
Enter configuration mode and navigate to the [edit chassis] hierarchy. Enable
1 Gbps tunnel service on FPC 1/PIC 0.
www.juniper.net
Junos MPLS and VPNs
Step 5.2
Navigate to the [edit interfaces] hierarchy and configure a tunnel interface
named gr-1/0/10.0. The interface should source packets from the local PE routers
loopback address. The interface should be configured to send packets destined to
the remote PE routers loopback address. Finally, enable forwarding of MPLS and
IPv4 traffic on the tunnel interface. Commit your configuration and exit to
operational mode.
Step 5.3
Verify that the GRE interface is up and functional.
Question: Is the gr-1/0/10 interface in the up
state?
Part 6: Creating and Adding a Static Route to inet.3

Step 6.1
Enter configuration mode and navigate to the [edit routing-options]
hierarchy. Create a static route to the loopback address of the remote PE router that
will exist only in inet.3 and has a next hop of the gr-1/0/10.0 interface. Commit your
Step 6.2
Verify that the new static route exists in inet.3 and only inet.3.
Question: In which routing table has the static route
been placed?
Step 6.3
Review the routes that are installed in your VRF table.
Question: Do you see all the remote PE routes?
Question: What is the next hop for the routes that

have been received from the remote PE router?
www.juniper.net
Junos MPLS and VPNs
Step 6.4
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping 192.168.1x.y source 192.168.1x.y routing-instance
cex-y count 5 .
Question: Do all your ping packets complete? Can
you think of a reason why they would not complete?
Step 6.5
Review the routes that are installed in the CE routers routing table.
Question: Do you see all the remote routes?
Step 6.6
Review the LSAs that currently exist in the CE routers link state database.
Question: Why do you think the remote networks
are not present in your CE routers link state
database?
Question: How are the routes learned from the

remote PE routers? How are these routes
characterized in your PE routers VRF table? What
protocol is running on the PE/CE link?
Question: Will the default OSPF export policy

advertise routes learned by BGP?
STOP
www.juniper.net

Junos MPLS and VPNs
Part 7: Redistributing BGP Routes into OSPF

In this lab part, you will configure a routing policy that will take the BGP routes
learned from the remote PE router and redistribute them into OSPF.
Step 7.1
hierarchy. Create a policy named bgp-to-ospf that will will be used to redistribute
BGP routes into OSPF.
Step 7.2
Navigate to [edit routing-instances vpn-x] and apply the
bgp-to-ospf policy as an export policy to the VRFs OSPF instance. Commit your
Step 7.3
Review the LSAs that currently exist in the CE routers link state database.
Question: Do any LSAs exist in the OSPF link state
database that represent the network from the
remote site? Why or why not?
Question: What LSA types are being used to

represent the remote networks? Like what type of
OSPF router is the PE router behaving?
Step 7.4
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping 192.168.1x.y source 192.168.1x.y routing-instance
cex-y count 5 .
STOP
www.juniper.net
Lab 10
BGP Layer 2 VPNs
Overview
In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN)
using LDP signaling between provider edge (PE) routers. Once the virtual LAN
(VLAN)-based Layer 2 VPN is operational, you will configure the customer edge (CE)
routers to run one of several available routing protocols and advertise their static route
and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE routers will not
interact with the routing protocols used on the CE routers.
www.juniper.net
Configure an LDP-signaled label-switched path (LSP) to the remote PE router.
Add protocol BGP support for the Layer 2 VPN network layer reachability
information (NLRI).
Create and establish a BGP Layer 2 VPN over the core network.
Add OSPF to your CE network and create a neighborship between your

CE router and the remote CE router.
Export your static routes into OSPF and share these routes with the remote
CE network.

ping and commands used to examine routing tables.
BGP Layer 2 VPNs Lab 101

10.a.10.3R1.9
Junos MPLS and VPNs

loading the configuration, you will verify that the core network is operating as
expected. You will review the CE instance configuration so you are familiar with the
contents.
Step 1.1
Enter configuration mode and load the VPN baseline configuration by executing the
load override jmv-RouterName-vpn-baseline command. Commit your
Step 1.2
state?
Step 1.3
Enter configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: How many static routes are configured for

this instance?
Part 2: Establishing a LDP Signaled LSP Between PE Routers

In this lab part, you will use LDP to signal your LSP to the remote PE router. You will
begin by adding your core-facing interface to the LDP protocol. You will then verify
reachability through the LSP to the remote CE router. Please refer to the lab diagram
titled Lab 10: Parts 1-2BGP Layer 2 VPN for the appropriate core-facing
interfaces.
Lab 102 BGP Layer 2 VPNs
www.juniper.net
Junos MPLS and VPNs
Step 2.1
Navigate to the [edit protocols ldp] hierarchy. Add your two core-facing
interfaces, as well as your loopback interface. Commit your configuration changes
Step 2.2
Verify that LDP is established and has valid neighbors using the following
commands: show ldp session and show ldp neighbor.
Question: Do you see neighborships established
with your two peer provider (P) routers?
Step 2.3
Verify MPLS connectivity using the MPLS ping utility.
Question: Are your MPLS pings successful?

In this lab part, you will configure the PE to CE interface. You will add the correct
VLAN tag and ensure that the proper encapsulation is configured. Later, you will add
this interface to your BGP Layer 2 VPN instance. You will also reconfigure the CE to
PE interface. Both the local CE interface and the remote CE interface must be on the
same network. Please refer to the lab diagram titled Lab 10: Parts 3-5BGP Layer
2 VPN for the remaining tasks in this lab.
Step 3.1
Navigate to the [edit interfaces] hierarchy. Configure the PE to CE interface
properties outlined in the lab diagram. You will start with enabling vlan-tagging
for the interface. You will configure the interface to handle vlan-ccc
encapsulation. When you configure the unit, you will also have to specify the
encapsulation for the logical interface also. Because we are configuring a Layer 2
VPN there will not be any Layer 3 information associated with this interface. Assign
the correct vlan-id value and commit your changes.
Step 3.2
Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit
interfaces ge-1/1/4] hierarchy and configure this interfaces properties
following the details provided in the network diagram. Note that both the local and
remote CE router interfaces will be on the same Layer 3 network.
www.juniper.net
Junos MPLS and VPNs
Question: Why must both CE router interfaces be in

the same network?
Part 4: Configuring a BGP Layer 2 VPN Instance

In this lab part, you will configure a BGP Layer 2 VPN instance. You begin by enabling
BGP to signal the Layer 2 NLRI. You will create your BGP Layer 2 VPN instance and
assign a unique route distinguisher and a unique route target. You will include your
CE-facing interface within this instance. In this lab you will be using the
vrf-target option because of its simplicity. Please note that vrf-import and
vrf-export policies would work also.
Step 4.1
Navigate to the [edit protocols bgp] hierarchy and enable Layer 2 VPN
signaling. This action enables the PE router to signal and understand incoming
Layer 2 NLRI information.
Step 4.2
Navigate to the [edit routing-instances] hierarchy. Create a new instance
called vpn-x. Configure the instance type as l2vpn.
Step 4.3
Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route
distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should resemble the following:
192.168.x.y:1.
Step 4.4
Configure your route target. As mentioned earlier, you will be using the
vrf-target option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. The format for
defining you vrf-target is: target:65512:x
Step 4.5
Include the CE-facing interface in your Layer 2 VPN instance.
Step 4.6
Navigate to the [edit routing-instances vpn-x protocols l2vpn]
hierarchy. Configure the protocol properties for the BGP Layer 2 VPN. You will be
using the encapsulation type ethernet-vlan. You will configure your site name to
reflect the name of your CE router (cex-y). Please refer to lab diagram to determine
which site identifier you should use. Because we are only dealing with 2 sites, you
will not need to configure the remote site ID. You must also indicate the interface
that will be participating in your BGP Layer 2 VPN. Commit and exit to operational
mode after you have completed your changes.
www.juniper.net
Junos MPLS and VPNs
Question: With which remote site will your

configuration automatically associate?
Note

previous steps.
Verify your Layer 2 VPN connection by issuing the show l2vpn connections
command.
Question: What is the status of your connection?
Step 4.7
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping 10.0.x0.y routing-instance cex-y count 5
command.
STOP
Part 5: Configuring Routing Protocols on the CE Router

In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. You will peer with the
remote CE router across the BGP Layer 2 VPN you created in Part 4. You will
configure the CE router to share the static routes that you have configured. You will
verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 5.1
static routes into OSPF.
www.juniper.net
Junos MPLS and VPNs
Step 5.2
Navigate to the [edit routing-instances cex-y protocols ospf]
hierarchy. Configure your loopback and PE-facing interface under area 0.
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This action will export your static routes to your peer. Commit and exit to operational
mode.
Note

previous steps.
Step 5.4
Verify that your neighborship has established for your CE router by including the
instance cex-y option.
Step 5.5
Review the routes being learned by OSPF and ensure you have the remote
CE routers static routes by issuing the show route protocol ospf table
cex-y.inet.0 command.
Question: Do you see all the remote CE routers
static routes?
Step 5.6
Verify you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
Question: Do your pings complete?
STOP
www.juniper.net
Lab 11
Circuit Cross Connect and LDP Layer 2 Circuits
Overview
In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider
edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational,
you will configure the customer edge (CE) routers to run one of several available routing
protocols and advertise their static route and loopback address blocks. Because this is a
Layer 2 circuit, the PE routers will not interact with the routing protocols used on the
CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2
circuit configuration and configure a circuit cross connect (CCC) connection. You will then
verify the connection again from CE to CE.
www.juniper.net
Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
Create and establish an LDP Layer 2 circuit over the core network.
Add OSPF to your CE network and create a neighborship between your local
CE router and the remote CE router.
Export your static routes into OSPF and share these routes with the remote
CE network.
Create and establish a CCC Layer 2 connection over the core network.

ping and commands used to examine routing tables.
Circuit Cross Connect and LDP Layer 2 Circuits Lab 111

10.a.10.3R1.9
Junos MPLS and VPNs

contents.
Step 1.1
Step 1.2
state?
Step 1.3
configuration.
this instance?
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers

In this lab part, you will use RSVP to signal an LSP to the remote PE router through
the core network. You will verify that the RSVP LSP is established and the RSVP route
is installed in your routing table. You will configure an extended LDP session by
adding your loopback interface to LDP protocol configuration, because an LDP
Layer 2 circuit requires LDP signaling for exchanging virtual circuit (VC) labels
between PE routers.
Lab 112 Circuit Cross Connect and LDP Layer 2 Circuits
www.juniper.net
Junos MPLS and VPNs
Step 2.1
Navigate to the [edit protocols mpls] hierarchy. Configure a
label-switched-path called pey-to-pez-x. For example, if you are
assigned router mxA-1, your peer router is mxA-2. The LSP should be named
pe1-to-pe2-1. Your LSP should egress at your remote peers loopback address.
Verify that the configuration looks correct. Commit and exit to operation mode when
you are satisfied with the changes.
Step 2.2
Navigate to the [edit protocols ldp] hierarchy and configure an extended
LDP session by adding the loopback interface to the LDP protocol. As mentioned
previously, this will allow LDP to exchange VC labels between the PE routers. Commit
Step 2.3
Verify that the LSP has been established and is ready for use.
Step 2.4
Verify that the inet.3 routing table has been created and contains the RSVP route
to the remote PE router.
Question: Do you see the RSVP route to the remote
PE router in your inet.3 routing table?

In this lab part, you will configure the PE to CE interface. You will add the correct
VLAN tag and ensure that the proper encapsulation is configured. Later, you will add
this interface to your LDP Layer 2 circuit instance. You will also reconfigure the CE to
PE interface because both the local CE interface and the remote CE interface must
be on the same network. Please refer to the lab diagram titled Lab 11: LDP Layer 2
Circuit for interface properties.
Step 3.1
Configure the PE to CE interface properties outlined in the lab diagram. You will start
with enabling vlan-tagging for the interface. You will configure the interface to
handle vlan-ccc encapsulation. When you configure the unit, you will also have to
specify the encapsulation for the logical interface. Because you are configuring a
Layer 2 VPN, no Layer 3 information is associated with this interface. Assign the
correct vlan-id value and commit your changes.
www.juniper.net
Junos MPLS and VPNs
Step 3.2
Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit
interfaces ge-1/1/4] hierarchy and configure the interface properties
following the details provided in the network diagram. Note that both the local and
remote CE router interfaces will be on the same Layer 3 network. Commit your
Question: Why must both CE router interfaces be in
the same network?
Part 4: Configuring a LDP Layer 2 Circuit

In this lab part, you will configure an LDP Layer 2 circuit. You will create the circuit to
the remote PE routers loopback address and assign the correct CE-facing interface.
You will assign a unique VC identifier. You will then verify that the circuit has been
signaled and is functioning properly.
Step 4.1
Navigate to the [edit protocols l2circuit] hierarchy and specify the
neighbor address for the circuit. Add the PE to CE interface that will be
participating in this neighborship and assign this interface a VC identifier value of x
to the interface. Review your configuration changes, commit, and exit to operational
mode.
Note

previous steps.
Step 4.2
Verify that the LDP Layer 2 circuit is up and functional by issuing the show
l2circuits connections command.
Question: What is the status of your circuit?
Question: Can you tell from the output what your

VC identifier is?
www.juniper.net
Junos MPLS and VPNs
Step 4.3
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping 10.0.x0.y routing-instance cex-y count 5
command.
STOP
Part 5: Configuring Routing Protocols on the CE Router

In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. You will peer with the
remote CE router across the LDP Layer 2 circuit you created in Part 4. You will
configure the CE router to share the static routes that you have configured. You will
verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 5.1
static routes into OSPF.
Step 5.2
Navigate to the [edit routing-instances cex-y protocols ospf]
hierarchy. Configure your loopback and PE-facing interface under area 0.
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This change will export your static routes to your peer. Commit and exit to
operational mode.
Note

previous steps.
Step 5.4
Verify that your neighborship has established for your CE router by including the
instance cex-y option.
www.juniper.net
Junos MPLS and VPNs
Step 5.5
Review the routes being learned by OSPF and ensure that you have the remote
CE routers static routes by issuing the show route protocol ospf table
cex-y.inet.0 command.
Question: Do you see all the remote CE routers
static?
Step 5.6
Verify that you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
Question: Do your pings complete?
STOP
Part 6: Configuring a CCC Connection Between PE Routers

In this lab part, you will establish a point-to-point Layer 2 VPN using the Junos
operating systems CCC feature in support of a VLAN environment. MPLS-tagged
VLAN frames will be transported between PE routers over an RSVP-signaled LSP.
Once the Layer 2 CCC connection is established, you will verify that your CE routers
can route using OSPF. Because this is a Layer 2 VPN, the PE routers will not interact
with the routing protocols used on the CE routers. Please refer to the lab diagram
titled Lab 11: Circuit Cross Connect for interface properties.
Step 6.1
Enter configuration mode. Delete your LDP Layer 2 circuit configuration and delete
the ge-1/0/4 interface configuration. Commit your configuration changes.
Step 6.2
Navigate to the [edit interfaces ge-1/0/5] hierarchy. Configure the PE to
CE interface properties outlined in the lab diagram. You will start with enabling
vlan-tagging for the interface. You will configure the interface to handle
vlan-ccc encapsulation. When you configure the unit, you will also have to specify
the encapsulation for the logical interface. Because we are configuring a Layer 2
connection, no Layer 3 information is associated with this interface. Assign the
correct vlan-tag value and commit your changes
www.juniper.net
Junos MPLS and VPNs
Step 6.3
Navigate to the top of the [edit] hierarchy and issue the command replace
pattern ge-1/1/4 with ge-1/1/5. This action will change all references in
the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used
in the lab diagram. Verify that the interface being applied for the CE routing instance
has been changed. Remember to verify the change also applied to your CE routers
OSPF configuration. When you are satisfied with the change commit your
configuration.
Step 6.4
Navigate to the [edit protocols connections] hierarchy and configure a
remote-interface-switch named vpn-x. Assign your PE interface used to
connect to your CE router (ge-1/0/5.6x0) to the interface switch. For the
interface you assign, you have to specify the transmit-lsp lsp-name and the
receive-lsp lsp-name for the traffic to use to get to and from the remote end
of the connection. You will assign the RSVP LSP that you configured in Part 2 as you
transmit LSP and you will assign the LSP that the remote team created as you
receive LSP. If you do not remember the names, you can view them in the output
from the run show mpls lsp command. Commit your configuration changes
Note

previous steps.
Step 6.5
Verify that the CCC connection is up and ready to use by issuing the show
connections command.
Question: What is the status of the CCC
connection?
Step 6.6
Verify that you can ping five times through the CCC circuit you just configured.
Question: Do your ping packets complete?
Step 6.7
Verify that your OSPF neighborship has established over the CCC circuit.
www.juniper.net
Junos MPLS and VPNs
Question: What is the state of your OSPF

adjacency?
STOP
www.juniper.net
Lab 12
Virtual Private LAN Service
Overview
In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS
between provider edge (PE) routers. You will also configure a virtual switch to act as the
customer edge (CE) router. There will be redundant links between the PE and CE routers
so you will be required to prevent any Layer 2 loops from forming.
www.juniper.net
Load the virtual private network (VPN) baseline configuration for your router.
This configuration includes your baseline core configuration including Open
Shortest Path First (OSPF) and BGP. The baseline also contains a virtual router
configuration that will be used to generate data traffic for this lab.
Configure Layer 2 interfaces and apply them to a virtual switch that you will
configure to act as the CE router.
Configure LDP signaling to enable MPLS label-switched paths (LSPs) between

PE routers.
Configure an LDP VPLS.
Configure a BGP VPLS.
Configure redundant links between CE and PE routers and prevent Layer 2

loops from forming.

ping and commands used to examine routing tables, and PE to PE router BGP
announcements.
Virtual Private LAN Service Lab 121

10.a.10.3R1.9
Junos MPLS and VPNs

contents.
Step 1.1
Step 1.2
Verify that your OSPF and BGP neighbor relationships are established correctly.
state?
Step 1.3
Enter configuration mode. Review and familiarize yourself with the CE instance
configuration.

this instance?
Lab 122 Virtual Private LAN Service
www.juniper.net
Junos MPLS and VPNs
Part 2: Adjusting the Properties of the Virtual Router

In this lab part, you will rename the virtual router from the baseline lab. You will also
change the IP address of the ge-1/1/4 interface as shown in the lab diagram. These
changes will be made because a virtual switch will act as a the CE device in this lab,
not the virtual router. The virtual router will be used to generate ping traffic for
testing the VPLS.
Step 2.1
Configure the appropriate interface properties for the ge-1/1/4 interface as found
on the lab diagram titled Lab 12: Parts 1-6 - LDP VPLS.
Step 2.2
Navigate to the [edit routing-instances] hierarchy and rename the virtual
router routing instance to c-routerx-y. Commit your configuration so far.
Part 3: Configuring a Virtual Switch Instance

In this lab part, you will configure a virtual switch that will act as a CE device for this
lab. The virtual switch will be configured to have one interface that connects to the
customer virtual router and two interfaces that connect to the PE router. Use the lab
diagram to see the intended connectivity.
Step 3.1
Create a new virtual switch instance named ce-vsx-y.
Step 3.2
Navigate to the [edit interfaces] hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of flexible-ethernet-services at the physical interface level
and an encapsulation of vlan-bridge at the subinterface level.
Step 3.3
Navigate to the [edit routing-instances ce-vsx-y] and configure a
bridge domain named vlan_6x0 using the appropriate virtual LAN (VLAN) ID. Add
the three Layer 2 interfaces to the new bridge domain. Commit your configuration
Step 3.4
Verify the status of the Layer 2 CE device using the show bridge domain
command.
Question: Have the correct three interfaces been
applied to the correct routing instance and bridge
domain?
www.juniper.net
Junos MPLS and VPNs
Part 4: Enabling LDP Signaling in the Core

In this lab part, you will configure LDP as the signaling protocol for MPLS in the core.
LDP will be used to both signal the MPLS LSPs between PE routers and also
advertise the VPLS forwarding equivalency class (FEC) information between
PE routers.
Step 4.1
Enter configuration mode and navigate to the [edit protocols ldp]
hierarchy. Enable LDP on the core-facing interfaces as well as the loopback
interface. You might need to refer to the lab diagram titled Lab 1: Part 1Static
LSPs (Infrastructure) to determine the names of the core-facing interfaces. Commit
Question: Can you think of a reason why you need
to configure LDP to run on the loopback interface?
Step 4.2
Use the show ldp neighbor command to determine the status of your
neighbors.
Question: Has the PE router established
relationships with the locally connected
provider (P) routers?
Step 4.3
Use the show ldp database command to determine whether an LSP has been
established from your PE router to the remote PE router. Do not proceed until the
LSP has been established to the remote PE router.
Question: Has an LSP been established to the
remote PE router?
STOP
www.juniper.net
Junos MPLS and VPNs
Part 5: Configuring an LDP VPLS Instance

In this lab part, you will configure an LDP VPLS instance. You will include the
CE router-facing interface within this instance.
Step 5.1
Configure ge-1/0/6 interface to be used as the CE router facing interface for the
VPLS.
Step 5.2
Navigate to the [edit routing-instances] hierarchy. Create a new VPLS
instance named vpn-x.
Step 5.3
Navigate to the [edit routing-instances vpn-x] hierarchy. Add the
ge-1/0/6 interface to the routing instance.
Step 5.4
Create an LDP VPLS using a VPLS ID of x00 and specify the remote PE router as the
neighbor. Commit your configuration and exit to operational mode.
Step 5.5
Check the status of the VPLS connection using the show vpls connections
command.
Question: Has a VPLS pseudowire been established
to the remote PE router?
Question: What does the legend suggest the current

state might be? What is the solution to the
problem?
Step 5.6
Enter configuration mode and navigate to the [edit chassis]hierarchy. Enable
tunnel services on FPC slot 1, PIC slot 0 at a bandwidth of 1 Gbps. Commit your
Step 5.7
extensive command. Ensure that the remote group has completed the previous
step of the lab.
www.juniper.net
Junos MPLS and VPNs

Question: What transmit and receive labels have

been reserved for the VPLS?
Question: What local interfaces are listed as

participating in the VPLS?
Step 5.8
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer routers ge-1/1/4 address. You will send five packets for this test. This
task can be accomplished using the following command: ping 10.0.x0.y
routing-instance c-routerx-y count 5.
Answer: Yes, they should all complete. If they do not,

please review your configuration and request
assistance from your instructor, if needed.
Step 5.9
Use the show vpls statistics command to view details of traffic that has
traversed the VPLS.
Question: How many broadcast packets have been
received on the ge-1/0/6 interface? Can you think
of a reason why the PE router has received a
broadcast packet?
Step 5.10
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
www.juniper.net
Junos MPLS and VPNs
Question: Of the MAC addresses that have been

learned, which one is owned by the local customer
router and which one is owned by the remote
customer router?
Part 6: Using MSTP to Prevent a Layer 2 Loop in a VPLS

In this lab part, you will add an extra interface for redundancy between the PE and
CE routers that will cause a Layer 2 loop to form. To ensure that only one interface is
learning and forwarding at any one time, you will configure Multiple Spanning Tree
Protocol (MSTP) between the PE and CE routers using a Layer 2 control instance on
the PE router.
Step 6.1
Configure the ge-1/0/7 interface to be used as the CE router-facing interface for the
VPLS. Remember that you have already added the peer interface to the CE router
(ge-1/1/7).
Step 6.2
Navigate to the [edit routing-instances] hierarchy. Add the ge-1/0/7
interface to the VPLS. Commit your configuration and exit to operational mode.
Step 6.3
Be aware that you have now created a Layer 2 loop between the PE and CE routers!
Verify with the show vpls connections extensive command that the new
interface has been added to the VPLS.
Question: Which interfaces are now listed as
Step 6.4
Verify that a Layer 2 loop is in the network by issuing the command, ping
10.0.x0.255 routing-instance c-routerx-y count 5.
www.juniper.net
Junos MPLS and VPNs
Question: Based on the results of the ping, does

there appear to be a Layer 2 loop in the network?
Step 6.5
Enter configuration mode and navigate to the [edit routing-instance]
hierarchy. Create a new Layer 2 control instance named vpn-x-l2control.
Step 6.6
In the vpn-x-l2control instance, configure MSTP to run on the ge-1/0/6 and
ge-1/0/7 interfaces. Set the MSTP configuration name to vpn-x and the revision
level to 1.
Step 6.7
In the ce-vsx-y virtual switch instance, configure MSTP to run on the ge-1/1/6
and ge-1/1/7 interfaces. Set the MSTP configuration name to vpn-x and the
revision level to 1. Commit your configuration and exit to operational mode.
Step 6.8
Use the show spanning tree interface for both the virtual switch and the
Layer 2 control instance to determine which interfaces are in the FWD (forwarding)
state and which interfaces are in the BLK (blocking) state.
Question: Are there any interfaces currently in the

blocking state?
Question: Does a Layer 2 loop exist between the PE

and CE routers?
Step 6.9
Verify that a Layer 2 loop has been removed from the network by issuing the
command, ping 10.0.x0.255 routing-instance c-routerx-y count
5.
www.juniper.net
Junos MPLS and VPNs

STOP
Part 7: Adding a Subinterface to the Virtual Router

In this lab part, you will begin using the Lab 12: Parts 7-9 - BGP VPLS diagram. You
will add a new subinterface to ge-1/1/4 interface as shown in the lab diagram.
These changes will be made so the virtual router can be used to generate ping
traffic for testing the BGP VPLS.
Step 7.1
Configure the appropriate interface properties for the ge-1/1/4 interface as found
on the lab diagram titled Lab 12: Parts 7-9 - BGP VPLS.
Step 7.2
Navigate to the [edit routing-instances] hierarchy and add the
ge-1/1/4.6x1 interface to the virtual router. Commit your configuration so far.
Part 8: Configuring the Virtual Switch Instance

In this lab part, you will configure the virtual switch to have a another subinterface
that connects to the customer virtual router and two interfaces that connect to the
PE router. Use the lab diagram to see the intended connectivity.
Step 8.1
Navigate to the [edit interfaces] hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of flexible-ethernet-services at the physical interface level
and an encapsulation of vlan-bridge at the subinterface level.
Step 8.2
Navigate to the [edit routing-instances ce-vsx-y] and configure a
bridge domain named vlan_6x1 using the appropriate VLAN ID. Add the three
Layer 2 interfaces to the new bridge domain. Commit your configuration and exit to
operational mode.
Step 8.3
Verify the status of the Layer 2 CE device using the show bridge domain
command.
www.juniper.net
Junos MPLS and VPNs
Question: Have the correct three interfaces been

applied to the correct routing instance and bridge
domain?
Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers
In this lab part, you will configure a BGP VPLS instance. You will include the
ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a
Layer 2 loop from forming, your will use the active-interface command.
Step 9.1
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your PE router to PE router BGP session to support l2vpn
signaling.
Step 9.2
Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/8 and
ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.
Step 9.3
Navigate to the [edit routing-instances] hierarchy. Create a new VPLS
instance named vpn-x1.
Step 9.4
Navigate to the [edit routing-instances vpn-x1] hierarchy. Add the
ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.
Step 9.5
Configure a route target community of target:65512:x00 for the VPLS.
Step 9.6
Create a BGP VPLS naming the site after your CE, ce-vsx-y, and specify a site ID
that matches the y value of the CE router name. Commit your configuration and exit
to operational mode.
Step 9.7
Verify that there is a Layer 2 loop in the network by issuing the command, ping
10.0.x1.255 routing-instance c-routerx-y count 5.
www.juniper.net
Junos MPLS and VPNs

Step 9.8
Enter configuration and mode and navigate to the [edit routing-instances
vpn-x1] hierarchy. To prevent that loop, configure the ge-1/0/8 interface as the
active-interface for the site. Commit your configuration and exit to operational mode.
Step 9.9
extensive command. Ensure that the remote group has completed the previous
step of the lab.
Question: What local interfaces are listed as

Question: Can you tell from the output of the

command which CE router-facing interface is
currently active?
Step 9.10
View the vpn-x1 routing table by using the show route table vpn-x1
extensive command. Analyze the route that was received from your remote
neighbor.
Question: What is the Site ID, Label Offset, Label
Base, and Range of the label block advertised by
your remote neighbor?
www.juniper.net
Junos MPLS and VPNs
Step 9.11
customer router through the VPLS by using the ping utility. You will ping the remote
customer routers ge-1/1/4 address. You will send five packets for this test. This
task can be accomplished using the following command: ping 10.0.x1.y
Step 9.12
Question: Which CE router-facing interface is being
used for forwarding in the vpn-x1 routing
instance?
Step 9.13
Enter configuration mode and disable the ge-1/0/8 interface. Commit your
Step 9.14
extensive command.
Question: Can you tell from the output of the
command which interface is being used for learning
and forwarding between the PE and CE routers?
Step 9.15
customer router through the VPLS by using the ping utility. Ping the remote customer
routers ge-1/1/4 address. Send five packets for this test. This task can be
accomplished using the following command: ping 10.0.x1.y
www.juniper.net
Junos MPLS and VPNs
Step 9.16
Question: Which CE router-facing interface is being
used for forwarding?
STOP
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab 13
Carrier-of-Carrier VPNs
Overview
In this lab you, will establish a BGP virtual private LAN service (VPLS) between two
provider edge (PE) routers that belong to different autonomous systems (ASs).
Carrier-of-carrier virtual private networks (VPNs) option C will be used to provide the PE to
PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from the
provider PE routers to pass customer internal routes between ASs. You will also use
labeled-unicast address family when passing routes between the provider PE router
and the customer CE routers. Finally, you will configure the customer CE routers to pass
any learned routes from the provider (remote customer site routes) to the customer
PE router using the labeled-unicast address family.
www.juniper.net
contains a virtual router configuration that you will delete.
Configure a virtual router to generate traffic from the subscriber sites.
Configure a Layer 3 VPN between the provider PE routers and configure an

multiprotocol EBGP session with the customer CE router using the
labeled-unicast address family.
Configure a bidirectional LSP between the provider PE routers and between the
customer PE and CE.
Configure an IBGP session between the customer CE and PE using the

Configure a multihop EBGP session between the customer CE routers using the
l2vpn address family.
Configure a BGP VPLS to provide connectivity between the subscriber

CE routers.

ping and commands used to examine routing tables, and PE-PE BGP
announcements.
Carrier-of-Carrier VPNs Lab 131
10.a.10.3R1.9
Junos MPLS and VPNs

expected. You will also become familiar with the Lab 13 lab diagram.
Step 1.1
Step 1.2
Delete any routing-instances, delete interface ge-1/1/4, and delete unit 1 of
interface lo0. Commit your configuration and exit to operational mode.
Step 1.3
Verify that your OSPF and BGP neighbor relationships are established correctly.
state?
Step 1.4
Familiarize yourself with the Lab 13 network diagram. Notice that there is a provider
AS, two customer ASs, and two subscriber CE routers.
Question: What are the names of the two provider
PE routers?
Question: What are the names of the customer

routers in AS 65x01?
Lab 132 Carrier-of-Carrier VPNs
www.juniper.net
Junos MPLS and VPNs
Question: What are the names of the customer

routers in AS 65x02?
Question: What are the names of the two subscriber

routers?
Part 2: Configuring the Subscriber CE Router Properties

In this lab part, you will create a virtual router type routing instance on your device.
This virtual router will act as the subscriber CE router and will be used for testing
connectivity between sites.
Step 2.1
Configure the ge-1/1/6 interface using the properties specified on the lab diagram.
Step 2.2
Navigate to the [edit routing-instances] hierarchy. Configure a virtual
router routing-instance named s-cey.
Step 2.3
Add the ge-1/1/6 interfaces to the s-cey routing instances. Commit your
configuration and exit to operation mode.
Step 2.4
Verify that the ge-1/1/6 interface is operational and configured with the correct
properties by viewing the routing table of the s-cey virtual router.
Question: Can the 10.0.51.0/24 subnet be found in
the subscriber CE routers routing table?
www.juniper.net
Junos MPLS and VPNs
Part 3: Enabling MPLS in the Provider Backbone

In this lab part, you will configure RSVP-signaled LSPs between the Provider
PE routers.
Step 3.1
hierarchy. Configure an LSP named p-pey-to-p-pez from the local provider
PE router to the remote provider PE router. Commit your configuration and exit to
operational mode.
Step 3.2
Use the show mpls lsp command to determine whether the LSP has been
established from your provider PE router to the remote provider PE router. Do not
proceed until the LSP has been established to the remote PE router.
Question: Has an LSP been established to the
remote PE router?
STOP
Part 4: Configuring a Layer 3 VPN on the Provider PE Routers

In this lab part, you will configure a Layer 3 VPN routing instance on the provider
PE router. You will include the customer CE-facing interface within this instance. You
will also configure an MP-EBGP session with the customer CE router using the
Step 4.1
Configure the ge-1/0/4 interface (with no VLAN tagging) to be used as the
CE-facing interface for the Layer 3 VPN. Be sure to enable this interface for MPLS
forwarding because it will be sending and receiving labeled packets.
Step 4.2
Navigate to the [edit routing-instances] hierarchy. Create a new Layer 3
VPN instance named vpn-to-extend-lsp.
Step 4.3
Navigate to the [edit routing-instances vpn-to-extend-lsp]
hierarchy. Add the ge-1/0/4 interface to the routing instance and specify a route
target community of target:65512:x00.
www.juniper.net
Junos MPLS and VPNs
Step 4.4
Within the vpn-to-extend-lsp routing instance, configure an MP-EBGP session
using the labeled-unicast address family between the provider PE router and
your customer CE router. Remember that the session will not establish because you
have not configured the customer CE router yet. Commit your configuration so far.
Question: Did the configuration commit without any
errors? If not, what errors were reported?
Step 4.5
Navigate to the [edit protocols] hierarchy. Configure the ge-1/0/4 interface
to run the MPLS protocol. Commit your configuration so far.
Question: Did the configuration commit without any
errors?
Part 5: Configuring the Customer CE Logical System

In this lab part, you will use the logical system feature of the Junos OS to represent
the customer CE router. You will configure the customer CE router to have an
MP-IBGP session with the customer PE router and MP-EBGP session with the
provider PE router using the labeled-unicast address family. You will also
configure an MPLS LSP to the customer PE router using LDP.
Step 5.1
Navigate to the [edit logical-systems c-cey] hierarchy. Configure the
ge-1/1/4 and ge-1/0/5 interfaces (with no VLAN tagging). Be sure to enable these
interfaces for MPLS forwarding because they will be sending and receiving labeled
packets.
Step 5.2
Configure interface lo0.1 with the IP address listed on the lab diagram.
Step 5.3
Navigate to the [edit logical-systems c-cey routing-options]
hierarchy. Configure the AS number for the customer CE router.
Step 5.4
Navigate to the [edit logical-systems c-cey protocols] hierarchy.
Configure ge-1/0/4 and ge-1/0/5 to run the MPLS protocol.
Step 5.5
Configure ge-1/0/5 to run the LDP protocol.
www.juniper.net
Junos MPLS and VPNs
Step 5.6
Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.
Step 5.7
Configure an MP-IBGP session using the labeled-unicast address family
between the customer CE router and the customer PE router. Remember that the
session will not establish because you have not configured the customer PE router
yet.
Step 5.8
Configure an MP-EBGP session using the labeled-unicast address family
between the customer CE router and the provider PE router.
Step 5.9
Navigate to the [edit logical-systems c-cey policy-options]
hierarchy. Create a policy named internals, which will be used to advertise all of
the loopback addresses from the local customer AS.
Step 5.10
Navigate to the [edit logical-systems c-cey protocols] hierarchy.
Apply the internals policy as an export policy to the provider PE neighbor.
Step 5.11
Use the show mpls interface logical-system c-cey command to verify
that MPLS has been enabled on the correct interfaces on the customer CE router.
Question: Do the ge-1/0/5 and ge-1/1/4 interfaces
currently have MPLS enabled?
Step 5.12
Use the show ldp interface logical-system c-cey command to verify
that LDP has been enabled on the correct interfaces on the customer CE router.
Question: Does the ge-1/0/5 interface currently
have LDP enabled?
Step 5.13
Use the show ospf interface logical-system c-cey command to verify
that OSPF has been enabled on the correct interfaces on the customer CE router.
www.juniper.net
Junos MPLS and VPNs
Question: Do the ge-1/0/5, ge-1/1/4, and lo0

interfaces currently have OSPF enabled?
Step 5.14
Use the show bgp summary logical-system c-cey command to verify that
a BGP neighbor relationship has been established with the provider PE router.
Question: Is your BGP peering session with the
provider PE router established?
Step 5.15
Use the show route advertising-protocol bgp 10.0.2y.1
logical-system c-cez command to verify that the customer CE router is
advertising its loopback address to the provider PE router. Remember that it will not
advertise the customer PE routers loopback until the customer PE router is
configured. You will configure the customer PE router in the next part of the lab.
Question: Is the customer CE routers loopback
address being advertised to the provider PE router?
STOP
www.juniper.net
Junos MPLS and VPNs
Part 6: Configuring the Customer PE Logical System

In this lab part, you will use the logical system feature of the Junos OS to represent
the customer PE router. You will configure the customer PE router to have an
MP-IBGP session with the customer CE router using the labeled-unicast
address family. You will also configure an MPLS LSP to the customer CE router using
LDP.
Step 6.1
Enter configuration mode and navigate to the [edit logical-systems
c-pey] hierarchy. Configure the ge-1/1/5 interface (with no VLAN tagging). Be sure
to enable this interface for MPLS forwarding because it will be sending and receiving
labeled packets.
Step 6.2
Configure interface lo0.2 with the IP address listed on the lab diagram.
Step 6.3
Navigate to the [edit logical-systems c-pey routing-options]
hierarchy. Configure the AS number for the customer PE router.
Step 6.4
Navigate to the [edit logical-systems c-pey protocols] hierarchy.
Configure ge-1/1/5 to run the MPLS protocol.
Step 6.5
Configure ge-1/1/5 to run the LDP protocol.
Step 6.6
Configure OSPF (Area 0) on the lo0.2 and ge-1/1/5 interfaces.
Step 6.7
Configure an MP-IBGP session using the labeled-unicast address family
between the customer PE router and the customer CE router. Commit your
Step 6.8
Use the show mpls interface logical-system c-pey command to verify
that MPLS has been enabled on the correct interfaces on the customer PE router.
Question: Does the ge-1/1/5 interface currently
have MPLS enabled?
Step 6.9
Use the show ospf neighbor logical-system c-pey command to verify
that an OSPF adjacency exists with the customer CE router.
www.juniper.net
Junos MPLS and VPNs
Question: Is the ospf neighbor relationship with the

customer CE in the Full state?
Step 6.10
Use the show ldp database logical-system c-cey command to verify
that LSPs have been created to and from the customer CE router.
Question: Are there LSPs established to and from
the customer CE router?
Step 6.11
Use the show bgp summary logical-system c-pey command to verify that
a BGP neighbor relationship has been established with the customer CE router.
Question: Is your BGP peering session with the
provider CE router established?
STOP
Part 7: Placing IBGP Learned Routes in inet.3

In this lab part, you will analyze the BGP routes that have been learned by the
customer PE router (originated in remote AS). You will ensure that these routes can
be used for the BGP next-hop recursive lookup for Layer 2 VPN NLRI that will be
advertised in the next part of the lab.
Step 7.1
Use the show route protocol bgp logical-system c-pey command to
view the BGP routes that have been learned from the remote autonomous system.
Question: In which routing table are the received
BGP routes currently being stored?
www.juniper.net
Junos MPLS and VPNs
Question: Does a BGP route exist in the inet.0

table that represents the loopback address of the
remote customer PE router?
Question: In the next part of the lab, from the local

customer PE router, you will establish a multihop
Layer 2 VPN MP-BGP session with the remote
customer PE router using loopback addresses for
peering. What will be the BGP next hop advertised
in any BGP update message received from the
remote customer PE router?
Question: For the BGP next hop of any MP-BGP VPN

routes received from the remote customer PE router
to be usable, where must the route to the next hop
exist?
Question: You learned in the output of the

command that the local customer PE router is
placing the learned BGP routes in inet.0. What
must you do to have it put the routes in inet.3
also?
Step 7.2
Enter configuration mode and navigate to the [edit logical-systems c-pey
protocols] hierarchy. Configure the resolve-vpn option for the
labeled-unicast address family. Commit your configuration and exit to
operational mode.
Step 7.3
Use the show route protocol bgp logical-system c-pey command to
view the BGP routes that have been learned from the remote AS.
Question: In which routing tables are the received
BGP routes currently being stored?
www.juniper.net
Junos MPLS and VPNs
STOP
Part 8: Configuring a BGP VPLS Between Customer PE Routers

In this lab part, you will create a BGP VPLS between PE routers in two different ASs.
You will configure a multihop MP-EBGP session with the remote PE router using the
l2vpn signaling address family.
Step 8.1
Enter configuration mode and navigate to the [edit chassis] hierarchy. Enable
tunnel services on FPC 1PIC 0 at speed of 1 g.
Step 8.2
Navigate to the [edit logical-systems c-pey protocols] hierarchy.
Configure a multihop EBGP session with the remote PE router using loopback
addresses for peering and the l2vpn signaling address family.
Step 8.3
Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/6 to allow
for vlan-tagging and an encapsulation of vlan-vpls. Do not specify any
logical interface properties at this hierarchy.
Step 8.4
Navigate to the [edit logical-systems c-pey interfaces] hierarchy.
Configure ge-1/0/6 unit 6x0 to be used as the subscriber CE router-facing
interfaces for the VPLS.
Step 8.5
Navigate to the [edit logical-systems c-pey routing-instances]
hierarchy. Create a new VPLS instance called vpn-x.
Step 8.6
Navigate to the [edit logical-systems c-pey routing-instances
vpn-x] hierarchy. Add the ge-1/0/6 interface to the routing instance.
Step 8.7
Configure a route target community of target:65x01:x00 for the VPLS.
Step 8.8
Configure a route distinguisher using the loopback of the customer PE router.
Step 8.9
Create a BGP VPLS, naming the site after the subscriber CE router, s-cey, and
specifying a site ID that matches the y value of the site name. Commit your
www.juniper.net
Junos MPLS and VPNs
Step 8.10
extensive logical-systems c-pey command. Ensure that the remote
group has completed the previous step of the lab.
to the remote customer PE router?
Step 8.11
Verify that you have connectivity from the local subscriber CE router to the remote
subscriber CE router through the VPLS by using the ping utility. You will ping the
remote subscriber CE routers ge-1/1/6 address. Send 5 packets for this test. This
task can be accomplished using the following command: ping 10.0.51.y
routing-instance s-cey count 5.
STOP
www.juniper.net
Junos MPLS and VPNs

Appendix A: Lab Diagrams
Junos MPLS and VPNs
A2 Lab Diagrams
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab Diagrams A3
Junos MPLS and VPNs
A4 Lab Diagrams
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab Diagrams A5
Junos MPLS and VPNs
A6 Lab Diagrams
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab Diagrams A7
Junos MPLS and VPNs
A8 Lab Diagrams
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab Diagrams A9
Junos MPLS and VPNs
A10 Lab Diagrams
www.juniper.net
Junos MPLS and VPNs
www.juniper.net
Lab Diagrams A11
Junos MPLS and VPNs
A12 Lab Diagrams
www.juniper.net

JMV 10.a-R LGH PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

JMV 10.a-R LGH PDF

Caricato da

Copyright:

Formati disponibili

Junos MPLS and VPNs

High-Level Lab Guide

Worldwide Education Services

This document is produced by Juniper Networks, Inc.

MPLS Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Label Distribution Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Miscellaneous MPLS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

VPN Baseline Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Layer 3 VPN with Static and BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Route Reflection and Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

GRE Tunnel Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

BGP Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Circuit Cross Connect and LDP Layer 2 Circuits . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Virtual Private LAN Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Carrier-of-Carrier VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Appendix A: Lab Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Explain common terms relating to MPLS.

Explain routers and the way they forward MPLS packets.

Explain packet flow and handling through a label-switched path (LSP).

Describe the configuration and verification of MPLS forwarding.

Understand the information in the Label Information Base.

Configure and troubleshoot RSVP-signaled and LDP-signaled LSPs.

Explain the constraints of both RSVP and LDP.

Describe the CSPF algorithm and its path selection process.

Describe the default traffic protection behavior of RSVP-Signaled LSPs.

Explain the use of primary and secondary LSPs.

Explain LSP priority and preemption.

Describe the operation and configuration of fast reroute.

Describe the operation and configuration of link and node protection.

Describe the LSP optimization options.

Explain the purpose of several miscellaneous MPLS features.

Explain the definition of the term Virtual Private Network.

Describe the differences between provider-provisioned and customer-provisioned

Describe the differences between Layer 2 VPNs and Layer 3 VPNs.

Explain the features of provider-provisioned VPNs supported by the Junos OS.

Describe the VPN-IPv4 address formats.

Describe the route distinguisher use and formats.

Explain the RFC 4364 control flow.

Describe the steps necessary for proper operation of a PE to CE dynamic routing

Configure a simple Layer 3 VPN using a dynamic CE-PE routing protocol.

Describe the routing-instance switch.

Use operational commands to view Layer 3 VPN control exchanges.

Use operational commands to display Layer 3 VPN VRF tables.

Monitor and troubleshoot PE-CE routing protocols.

Describe the four ways to improve Layer 3 VPN scaling.

Describe the flow of control and data traffic in a hub-and-spoke topology.

Describe the various Layer 3 VPN class-of-service (CoS) mechanisms supported by

Describe the configuration steps for establishing a next-generation MVPN.

Monitor and verify the operation of next-generation MVPNs.

Describe the purpose and features of a BGP Layer 2 VPN.

Monitor and troubleshoot a BGP Layer 2 VPN.

Describe the Junos OS BGP Layer 2 VPN CoS support.

Configure an LDP Layer 2 circuit.

Monitor and troubleshoot an LDP Layer 2 circuit.

Describe and configure circuit cross-connect (CCC) MPLS interface tunneling.

Describe the difference between Layer 2 MPLS VPNs and VPLS.

Explain the provisioning of CE and PE routers.

Describe the signaling process of VPLS.

Describe the learning and forwarding process of VPLS.

Describe the potential loops in a VPLS environment.

Configure BGP and LDP VPLS.