Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
10.a
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
CSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Part 2: Enabling the TED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Part 3: Configuring RSVP-Signaled LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Part 4: Adding Administrative Groups to Core-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF . . . . . . . . . . . . . . . . 3-6
Lab 4:
Lab 5:
Lab 6:
Contents iii
Lab 7:
Lab 8:
Lab 9:
Lab 10:
Lab 11:
Lab 12:
10-2
10-2
10-3
10-4
10-5
11-2
11-2
11-3
11-4
11-5
11-6
iv Contents
Lab 13:
Contents v
vi Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, next-generation
multicast virtual private networks (MVPNs), BGP Layer 2 VPNs, LDP Layer 2 Circuits, and virtual
private LAN service (VPLS). This course also covers Junos operating system-specific
implementations of Layer 2 control instances and active interface for VPLS. This course is based on
the Junos OS Release 10.3R1.9.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations.
Objectives
After successfully completing this course, you should be able to:
www.juniper.net
Explain the two label distribution protocols used by the Junos OS.
Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
Describe administrative groups and how they can be used to influence path selection.
Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer
Edge (CE) routers.
vi Course Overview
Create a routing instance, assign interfaces, create routes, and import and export
routes within the routing instance using route distinguishers and route targets.
Explain the purpose of BGP extended communities and how to configure and use
these communities.
Explain the issues with the support of traffic originating on multiaccess VPN routing
and forwarding table (VRF table) interfaces.
Describe the three methods for providing Layer 3 VPN customers with Internet access.
Describe how the auto-export command and routing table groups can be used to
support communications between sites attached to a common PE router.
Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security
(IPsec) tunnels in Layer 3 VPNs.
Describe the flow of control traffic and data traffic in a next-generation MVPN.
Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.
Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.
Configure a BGP Layer 2 VPN and describe the benefits and requirements of
over-provisioning.
Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.
Describe the flow of control and data traffic for an LDP Layer 2 circuit.
Explain the purpose of the PE device, the CE device, and the P device.
Troubleshoot VPLS.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Junos MPLS and VPNs (JMV) is an advanced-level course.
Prerequisites
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also have
familiarity with the Protocol Independent MulticastSparse Mode (PIM-SM) protocol. Students
should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials
(JRE), and Junos Service Provider Switching (JSPX) courses prior to attending this class.
www.juniper.net
Course Agenda
Day 1
Chapter 1:
Course Introduction
Chapter 2:
MPLS Fundamentals
Lab 1: MPLS Fundamentals
Chapter 3:
Chapter 4:
Day 2
Chapter 5:
Chapter 6:
Chapter 7:
VPN Review
Chapter 8:
Layer 3 VPNs
Lab 6: VPN Baseline Configuration
Day 3
Chapter 9:
Day 4
Chapter 13: Multicast VPNs
Chapter 14: BGP Layer 2 VPNs
Lab 10: BGP Layer 2 VPNs
Chapter 15: Layer 2 VPN Scaling and COS
Chapter 16: LDP Layer 2 Circuits
Lab 11: Circuit Cross Connect and LDP Layer Circuits
Chapter 17: Virtual Private LAN Service
Day 5
Chapter 18: VPLS Configuration
Lab 12: Virtual Private LAN Service
Chapter 19: Interprovider VPNs
Lab 13: Carrier-of-Carrier VPNs
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
GUI Undefined
www.juniper.net
Document Conventions ix
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
x Additional Information
www.juniper.net
Lab 1
MPLS Fundamentals
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
www.juniper.net
Step 1.4
Log in as user lab with the password supplied by your instructor.
Step 1.5
Enter configuration mode and load the reset configuration file
jmv-reset-RouterName and commit. For example: team mxA-1 would load
configuration file jmv-reset-mxA-1.
Step 1.6
Navigate to the [edit interfaces] hierarchy level.
Step 1.7
Refer to the network diagram and configure the interfaces for your assigned device.
Use the virtual local area network (VLAN) ID as the logical unit value for the tagged
interface. Use logical unit 0 for all other interfaces. Remember to configure the
loopback interface!
Step 1.8
Display the interface configuration and ensure that it matches the details outlined
on the network diagram for this lab. When you are comfortable with the interface
configuration, issue the commit-and-quit command to activate the
configuration and return to operational mode.
Step 1.9
Issue the show interfaces terse command to verify the current state of the
recently configured interfaces.
Question: What are the Admin and Link states for
the recently configured interfaces?
Step 1.10
Issue the show route command to view the current route entries.
Question: Does the routing table display an entry for
all local interface addresses and directly connected
networks?
Step 1.11
Enter in to configuration mode and navigate to the [edit protocols ospf]
hierarchy level.
www.juniper.net
Step 1.12
Configure the core facing interfaces in area 0.0.0.0. Remember to add the loopback
interface.
Step 1.13
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.
Question: Which neighbor state is shown for the
listed interfaces?
Note
Step 1.15
Enter in to configuration mode and define the autonomous system number
designated for your network. Refer to the network diagram as necessary.
Step 1.16
Navigate to the [edit protocols bgp] hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote teams router. Refer to the network diagram for this lab as necessary.
Step 1.17
Issue the run show bgp summary command to view the current BGP summary
information for your device.
Question: How many BGP neighbors does your
router currently list?
www.juniper.net
STOP
Step 2.3
Navigate to the [edit interfaces] hierarchy. Configure both physical
interfaces required for the connection to the virtual router. Configure unit 1 under
the loopback interface. Consult the network diagram for proper IP addressing. After
verifying your configuration, commit and exit to operational mode to verify
connectivity.
www.juniper.net
Step 2.4
Verify connectivity from CE to PE router using the ping utility.
Note
Step 2.6
Navigate to the [edit routing-instances cex-y] hierarchy and configure
the autonomous system for the virtual router (CE). Next configure the EBGP group
named my-ext-group, on the CE router. Once you are satisfied with the
configuration commit and exit to operational mode and verify the neighborship is
established before moving on to the next step.
Question: Is your EBGP peering established
between your PE and CE routers?
Step 2.7
After you have verified all peers are up, enter configuration mode and issue the
save jmv-lab1-RouterName-baseline command to save the configuration
for future labs in this course. Consult your lab diagram to ensure you save the
configuration with the correct router name. For example: team mxA-1 would issue
the command: save jmv-lab1-mxA-1-baseline
www.juniper.net
Step 2.8
Navigate to the [edit policy-options] hierarchy and configure a policy
named ce-export-loopback. Allow your CE loopback address to be exported.
After creating the policy, navigate to the virtual router and apply this new policy as an
export policy to your EBGP group. Commit and exit to operational mode after you are
satisfied with your configuration.
Step 2.9
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
Note
Step 2.11
Take an extensive look at the hidden route and determine why the route is hidden.
Question: Why is the route hidden?
Step 2.12
Enter into configuration mode. Navigate to the [edit policy-options]
hierarchy and create the policy named nhs. Configure this policy to take all bgp
routes learned from your CE neighbor and change the next-hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
www.juniper.net
Note
Step 2.14
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE routing
table?
STOP
www.juniper.net
Step 3.4
Review the interfaces that are participating in MPLS to ensure we have the proper
configuration by executing the run show mpls interface command.
Question: What interface do you see?
Step 3.5
Create a static LSP named my-static-lsp with the egress address of the
remote PE loopback.
Step 3.6
Navigate to the [edit protocols mpls static-label-switched-path
my-static-lsp ingress] hierarchy. Configure the next-hop for the LSP and
assign the appropriate label to the LSP. Please consult the lab diagram titled Lab 1:
Parts 2-3Static LSPs for the path and label to be assigned. Review your
configuration and after you are satisfied with the configuration, commit the changes
and exit to operational mode.
Step 3.7
Issue the show mpls static-lsp ingress command to view the current
status of the recently configured LSP.
Question: What is the state of the static LSP?
Step 3.8
Review the route being used for the remote CE routers loopback by issuing the
show route 192.168.1x.y command.
Question: How do you determine that the static LSP
is going to be used when directing traffic to this
destination?
Step 3.9
Look at the traffic statistics for traffic traversing our new LSP. Execute the show
mpls static-lsp statistics ingress command to view the statistics for
the traffic the enters the LSP at this router.
www.juniper.net
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
192.168.1x.y source 192.168.1x.y count 10 rapid
routing-instance cex-y command.
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
Question: How many packets do you see that
traversed through the LSP?
STOP
www.juniper.net
Lab 2
Label Distribution Protocols
Overview
This lab demonstrates configuration and monitoring of Resource Reservation Protocol
(RSVP) and Label Distribution (LDP) signalled label switched path (LSP) features on
routers running the Junos operating system. In this lab, you use the command-line
interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol
(BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
www.juniper.net
Step 1.8
Enter into configuration mode. Navigate to the [edit policy-options]
hierarchy and create the policy named nhs. Configure this policy to take all BGP
routes learned from your CE neighbor and change the next hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
Note
Step 1.10
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE routing
table?
STOP
www.juniper.net
www.juniper.net
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Question: How many LSPs are reflected in the
output and what are the terminating points?
Step 2.7
Review the ingress LSP in more detail by including the ingress and extensive
options with the previous command.
Question: Can you determine what routers in the
network are being traversed by the LSP you
configured?
Step 2.8
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route 192.168.1x.y command.
Step 2.9
Verify the remote CE routers loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Verify these ICMP
packets traversed the LSP by displaying the traffic statistics for the LSP.
STOP
www.juniper.net
Step 3.4
Review the output displayed from the show mpls lsp ingress detail
command to verify the LSP is following the path you created.
Question: Does the RRO reflect the path you
specified?
www.juniper.net
Step 4.4
Verify the status of the LSP by issuing the show ldp session command.
Question: What is the status of the connection?
Step 4.5
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route 192.168.1x.y command.
Step 4.6
Verify the remote CE routers loopback is reachable from your local CE router by
sending five ICMP packets. Verify these ICMP packets traversed the LSP by
displaying the traffic statistics for the LSP.
Question: Was your ping test successful?
STOP
www.juniper.net
Step 5.3
Review the routes being used in the routing table inet.3 by issuing the run show
route table inet.3 192.168.x.y command.
Question: How can we make the LDP route more
preferred than the RSVP route?
Step 5.4
Lower the preference of the LDP protocol to be one lower than RSVP. You can
accomplish this by issuing the set protocols ldp preference 6 command.
After changing the protocol preference, commit your changes. After the commit has
finished, review the 192.168.1x.y route and the inet.3 routing table to ensure
LDP will be used for traffic to the CE network.
Question: What protocol is now the more preferred
protocol for traffic destined to the remote CE
network?
www.juniper.net
Note
STOP
www.juniper.net
www.juniper.net
Lab 3
CSPF
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
CSPF Lab 31
10.a.10.3R1.9
Step 1.3
Verify that your PE router has established a Border Gateway Protocol (BGP) neighbor
relationship with the remote PE router.
Question: Is the neighbor relationship in the
established state with the remote PE router?
Step 1.4
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the [edit
interfaces] hierarchy. Enable family mpls on both of the core facing interfaces.
Step 1.5
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.6
Configure the RSVP protocol on the core-facing interfaces. Commit your
configuration and exit to operational mode.
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Lab 32 CSPF
www.juniper.net
Step 2.2
View the TED and determine whether or not your router is using the OpaqArea LSA
to build a TED.
Question: Does your router have a TED available for
CSPF calculations?
Step 2.3
Enter configuration mode and navigate to the [edit protocols ospf]
hierarchy and enable traffic-engineering so that your router will flood its own
OpaqArea LSA and use these LSA types to build and use the TED for CSPF
calculations. Commit your configuration and exit to operational mode to determine if
your router is using the TED .
Question: Is your router generating an OpaqArea
LSA?
www.juniper.net
CSPF Lab 33
Step 2.4
View the TED and determine the colors (administrative groups) that have been
assigned to your PE router local interfaces.
Question: Have any colors been assigned to your PE
routers core-facing interfaces?
STOP
Lab 34 CSPF
www.juniper.net
Step 4.5
View the TED and determine whether or not your router is advertising the correct
colors (administrative groups) to all other routers in the network.
Question: Is your router advertising the correct color
settings to other routers in the network?
www.juniper.net
CSPF Lab 35
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.
Step 5.1
Enter configuration mode and navigate to the [edit protocols mpls]
hierarchy, Modify the primary path for the gold LSP so that it takes only the gold path
through the lab network, ensuring that it continues to pass through P2.
Step 5.2
Modify the primary path for the silver LSP so that it takes only the silver path through
the lab network ensuring that it continues to pass through P2.
Step 5.3
Modify the primary path for the bronze LSP so that it takes only the bronze path
through the lab network ensuring that it continues to pass through P2. Commit your
configuration and exit to operational mode.
Step 5.4
Verify that each LSP is traversing the correct, colored path as well as passing
through P2.
Question: List the routers that the gold LSP
traverses. Does it traverse the expected path?
STOP
Lab 36 CSPF
www.juniper.net
Lab 4
Traffic Protection
Overview
In this lab, you will create a baseline multiprotocol label switching (MPLS) network and
then create label switched paths (LSPs) using different traffic protection mechanisms.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.3
Verify that your PE router has established a Border Gateway Protocol (BGP) neighbor
relationship with the remote PE router.
Question: Has your PE router established a
neighbor relationship with the remote PE router?
Step 1.4
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
[edit interfaces] hierarchy. Enable family mpls on both of the core
facing interfaces.
Step 1.5
Navigate to the [edit protocols mpls] hierarchy and configure the MPLS
protocol on the core-facing interfaces.
Step 1.6
Navigate to the [edit protocols rsvp] hierarchy and configure the RSVP
protocol on the core-facing interfaces.
www.juniper.net
Step 1.7
Navigate to the [edit protocols ospf] hierarchy and enable
traffic-engineering so that your router will flood its own OpaqArea links state
advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for constrained shortest path first (CSPF) calculations.
Commit your configuration and exit to operational mode.
Step 1.8
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
STOP
www.juniper.net
Ingress PE
Strict Hop
Loose Hop
mxA-1
172.22.210.2
192.168.5.6
mxA-2
172.22.212.2
192.168.5.4
mxB-1
172.22.220.2
192.168.5.6
mxB-2
172.22.222.2
192.168.5.4
mxC-1
172.22.230.2
192.168.5.6
mxC-2
172.22.232.2
192.168.5.4
mxD-1
172.22.240.2
192.168.5.6
mxD-2
172.22.242.2
192.168.5.4
Step 3.2
Configure an LSP named pey-to-pez-x to the remote PE with a primary path
using the path you created in the previous step. Modify the LSP with the no-cspf
command. Commit your configuration and exit configuration mode and verify that
your LSP is up.
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P router.
Question: Is the new LSP up?
www.juniper.net
Step 3.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 3.5
Verify the status of the LSP.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 3.6
Enter configuration mode and enable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 3.7
Verify that the LSP is up using the show rsvp session ingress command.
www.juniper.net
Step 4.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 4.5
Verify the status of the LSP.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 4.6
Enter configuration mode and enable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 4.7
Use the show mpls lsp extensive command to verify the status of the LSP.
Question: Which path is being used by the LSP
immediately after enabling the interface? Why?
www.juniper.net
Step 5.3
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration and exit to operational
mode.
Step 5.4
Verify the status of the LSP using the show mpls lsp ingress extensive
command.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 5.5
Enter configuration mode and enable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Question: What path is being used by the LSP
immediately after enabling the interface? Why?
Step 5.7
After the LSP has reverted to the primary path, view the forwarding table to see the
next hop of the BGP route being advertised by the remote PE router.
Question: How many next hops are associated with
the received BGP route?
www.juniper.net
Step 5.8
Enter configuration mode and navigate to the [edit policy-options]
hierarchy. Create a load balancing policy called load-balance that performs load
balancing on all prefixes.
Step 5.9
Navigate to the [edit routing-options] hierarchy. Apply the
load-balance policy as an export policy to the forwarding table. Commit your
configuration and exit to operational mode.
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.
Question: How many next hops are associated with
the received BGP route?
www.juniper.net
Step 6.4
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration and exit to operational
mode.
Step 6.5
Verify the status of the LSP.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 6.6
Enter configuration mode and enable the interface on your PE that is used by the
primary path of the LSP. Commit your configuration and exit to operational mode.
Step 6.7
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Question: Which path is used by the LSP
immediately after enabling the interface? Why?
www.juniper.net
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Question: Has the PE router signaled to the
downstream routers that fast-reroute is desired?
Step 7.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 7.5
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Question: What happens to the status of the LSP
while the interface is disabled?
Step 7.6
Enter configuration mode and enable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
Step 7.7
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Question: Which path is used by the LSP
immediately after enabling the interface? Why?
www.juniper.net
Step 8.5
Enter configuration mode navigate to the [edit protocols mpls] hierarchy.
Modify your LSP to provide link protection.
Step 8.6
View your MPLS configuration and verify that link protection is configured. Commit
your configuration and exit to operational mode.
www.juniper.net
Step 8.7
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Question: Is the bypass LSP up?
Step 8.8
(Optional)
Enter configuration mode and disable the interface on your PE router that is used by
the primary path of the LSP. Commit your configuration and exit to operational
mode. Verify that protection occurs using the methods learned in this lab.
STOP
www.juniper.net
Lab 5
Miscellaneous MPLS Features
Overview
This lab demonstrates configuration and monitoring of miscellaneous Resource
Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers
running the Junos operating system. In this lab, you use the command-line interface (CLI)
to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous
features.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.3
Verify that your PE router has established a Border Gateway Protocol (BGP) neighbor
relationship with the remote PE router.
Question: Is the neighbor relationship in the
established state with the remote PE?
Step 1.4
Enter into configuration mode and navigate to the [edit interfaces]
hierarchy. Configure the core facing interfaces to allow MPLS traffic.
Step 1.5
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice, disable the management interface.
Step 1.6
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure you have the proper configuration by executing the run show
mpls interface command.
www.juniper.net
Step 1.7
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate
core-facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. Review the
configuration before committing to ensure the interfaces are correct. When you are
satisfied with the changes, commit and exit to operational mode.
Step 1.8
Using operational mode show commands, verify that the RSVP is configured
correctly on the core-facing interfaces.
Step 1.9
Enter configuration mode and enable traffic-engineering under
[edit protocols ospf] so that your router will flood its own OpaqArea
link-state advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for Constrained Shortest Path First (CSPF) calculations.
Step 1.10
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the [edit protocols mpls] hierarchy and create a LSP named
pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is
mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your
remote peers loopback address. Verify the configuration looks correct. Commit and
exit to operation mode when you are satisfied with the changes.
Step 1.11
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Question: How many LSPs are reflected in the
output and what are the terminating points?
STOP
www.juniper.net
Step 2.3
Enter into configuration mode and navigate to the [edit protocols mpls
label-switched-path pey-to-pez-x] hierarchy. Using the install
statement, add the remote network to your inet.3 routing table. Commit your
changes and verify that the route has been added to the inet.3 routing table and
points to the correct LSP.
Question: Do you see the route in your inet.3
routing table?
Step 2.4
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
inet.3 routing table to resolve the next hop and internal traffic will resolve the next
hop using the inet.0 routing table.
www.juniper.net
Step 2.5
Include the RSVP route in the inet.0 routing table, so that internal traffic can also
use the LSP. Include this route by adding the active option to the route you
installed under the LSP. After adding this option, commit and exit to operational
mode. Verify that you can now see the RSVP route in your inet.0 routing table.
Question: Do you see the RSVP route in your
inet.0 routing table?
www.juniper.net
Step 3.2
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy and enable traffic engineering to move routes from inet.3 into the
inet.0 routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode. Verify that your inet.0 route table
contains the RSVP route to the remote network specified to use the LSP.
Step 3.3
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network.
Question: Does your traceroute complete?
www.juniper.net
Step 4.3
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE routers loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
Step 4.4
Using show commands, verify that your LSPs are established and traversing the core
network as expected based on your explicit paths.
Question: Are your LSPs in an Up state?
Step 4.5
Enter into configuration mode, navigate to the [edit routing-options]
hierarchy, and define the static routes outlined on the network diagram for the
device you are configuring. After creating these routes, you will create a policy
named export-static that will export these routes to your internal BGP (IBGP)
peer. After creating the policy, you must apply it as an export policy to your IBGP
group. Commit your configuration changes and exit to operational mode. Verify that
your router is now sending these routes to your neighbor and that you are receiving
the remote static prefixes from the remote peer.
Question: What LSPs do the routes you received
from your neighbor point to as next hops?
Step 4.6
Enter into configuration mode and create a policy named lsp-policy. Create a
term named lsp-1. Under this term you will match the first BGP prefix received
from your peer and change the next-hop to your LSP named lsp-1. You will accept
this route. Then, you will create a second term named lsp-2, which will match on
the second BGP route and change the next-hop to lsp-2. This route also needs to
have the accept action.
www.juniper.net
Step 4.7
Navigate to the [edit routing-options] hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode. Verify that the next hop for each
of the remote BGP routes point to the correct LSP as defined in your policy.
Question: Do you see the correct LSP selected as
the next hop for each of your BGP routes?
STOP
www.juniper.net
Step 5.3
Navigate to the [edit protocols mpls] hierarchy and set the metric to 8 for
lsp-2. After changing the metric, commit your configuration and exit to operational
mode. Review the BGP routes for changes and verify the metric change is reflected
by the RSVP routes.
Question: What changes do you see in the routing
tables?
Step 6.3
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure the router so that the TTL is not decremented by using the
no-decrement-ttl statement under the MPLS protocol. Commit the
configuration and exit to operational mode before proceeding to the next step.
www.juniper.net
Step 6.4
Use the traceroute utility again to view the change in behavior.
Question: How many responses do you see now?
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours.). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
www.juniper.net
Step 8.1
Enter into configuration mode and navigate to the [edit protocols mpls
statistics] hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the auto-bandwidth statement.
Step 8.2
Navigate to the [edit protocols mpls] and enable auto-bandwidth
under the existing LSP lsp-1. Commit your changes and exit to operational mode
before proceeding to the next step.
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
Question: When will the next LSP adjustment
happen?
STOP
www.juniper.net
www.juniper.net
Lab 6
VPN Baseline Configuration
Overview
In this lab, you will configure the request for comments (RFC) 4364 infrastructure that will
be used to support Layer 3 virtual private networks (VPNs) in subsequent labs.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Configure interface addresses and families on your provider edge (PE) and
customer edge (CE) routers.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load the
baseline configuration saved at the end of Lab 1 and then enable Resource
Reservation Protocol (RSVP) and multiprotocol label switching (MPLS) on the
core-facing interfaces, configure MP-BGP, and configure a route-distinguisher ID.
Finally, you will configure a virtual router to represent the CE router attached to your
PE router. Please refer to the lab diagram titled Lab 6: Part 1VPN Baseline (PE).
Step 1.1
Enter configuration mode and load the baseline configuration for your PE router. The
file is saved in the /var/home/lab directory and is named
jmv-lab1-RouterName-baseline.
Step 1.2
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Navigate to the [edit interfaces] hierarchy
and enable family mpls on both of the core-facing interfaces.
Step 1.3
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.4
Configure the RSVP protocol on the core-facing interfaces.
Step 1.5
Enable traffic-engineering under [edit protocols ospf] so that your router
will flood its own OpaqArea link state advertisement (LSA) and use these LSA types
to build and use the traffic engineering database (TED) for constrained shortest
path first (CSPF) calculations.
Step 1.6
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE routers BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
Step 1.7
To allow for the automatic generation of route distinguishers, navigate to the
[edit routing-options] hierarchy and specify the
route-distinguisher-id using your PE routers loopback address. Commit
your configuration and exit out to operational mode.
Step 1.8
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Step 1.9
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring provider (P) routers.
Lab 62 VPN Baseline Configuration
www.juniper.net
Step 1.10
Verify that your PE router has established a BGP neighbor relationship with the
remote PE router.
Question: Is the neighbor relationship in the
established state with the remote PE?
www.juniper.net
Step 2.5
Navigate to the [edit routing-instances] hierarchy. Configure your
CE routers routing instance specifying a routing instance type of
virtual-router and apply the lo0.1 and ge-1/1/4 interfaces to the
instance.
Step 2.6
Configure your CE routers autonomous system (AS) number.
Step 2.7
Configure your CE routers static routes as listed on the lab diagram. Use a next hop
of reject for each of the four static routes.
Step 2.8
Navigate to the [edit policy-options] hierarchy. Create a routing policy that
will allow for the redistribution of your direct and static routes. This policy will
eventually be used to advertise routes from the CE router to the PE router. Commit
your configuration and exit to operational mode.
Step 2.9
View the CE routers routing table and ensure that the correct direct and static
routes are now installed in the table.
Question: What routes appear in your CE routers
routing table?
Step 2.10
Save the configuration for future labs in this course. Save your configuration as
jmv-RouterName-vpn-baseline.
STOP
www.juniper.net
Lab 7
Layer 3 VPN with Static and BGP Routing
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
Step 1.3
Enter into configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: What type of instance is being used.
www.juniper.net
Step 2.2
Verify that the RSVP LSP you just configured is up and functional. Ensure that you
have bidirectional LSPs before proceeding. Review the inet.3 routing table to verify
that the RSVP route is present and ready to use.
Question: Do you see bidirectional LSPs
established?
Step 2.3
Verify MPLS connectivity using the MPLS ping utility.
Question: Does your MPLS ping complete?
STOP
www.juniper.net
STOP
www.juniper.net
Step 5.4
Verify that you are receiving routes from the remote PE router.
Question: What routes are you receiving from the
remote PE router?
Step 5.5
Review the routes that are installed in your VRF table.
Question: Do you see all the remote PE routes?
www.juniper.net
Step 5.6
Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping
utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CEs loopback address. You will send five packets for this
test. This can be accomplished using the following command: ping
192.168.1x.y source 192.168.1x.y routing-instance cex-y
count 5
Question: Do all your ping packets complete?
STOP
www.juniper.net
Step 6.4
Enter into configuration mode and navigate to the [edit routing-instances
cex-y protocols bgp] hierarchy. Create an external group called
my-ext-group and specify your neighbor address. You must also define your
peer-as. Apply the policy exp-policy that you created in Lab 6, as an export
policy to your EBGP group. Review your configuration before moving on to the next
step.
Step 6.5
Navigate to the [edit routing-instances vpn-x protocols bgp]
hierarchy. Create an external group called my-ext-group and specify your
neighbor address. You must also define your peer-as. Review your configuration,
Commit, and exit to operational mode before moving on to the next step.
Step 6.6
Verify on the PE that you are receiving the advertised BGP routes from your
CE router.
Question: Do you see the static routes that you
exported with the policy you applied?
Step 6.7
Verify that your PE router is advertising your VPN routes to the remote PE router.
Question: Are you advertising all the bgp routes you
are learning from your CE router?
Step 6.8
Verify that you are receiving the VPN routes being advertised from the remote
PE router.
Question: Are you receiving all the expected routes
that are being exported from the remote PE and
CE routers?
Step 6.9
Review the BGP routes you are receiving on your CE router.
Question: Are you receiving all the remote network
routes from your PE router?
www.juniper.net
Step 6.10
Verify that your PE router is advertising these routes to your CE router.
Question: Do you see all the remote network routes
being advertised to your CE router?
Step 6.11
Take an extensive look at one of the routes you are receiving from the remote
PE router but are not advertising to your CE router.
Question: What is the AS path of this route?
Step 6.12
Enter into configuration mode and navigate to the [edit routing-instances
vpn-x protocols bgp] hierarchy. Configure the external group to override the
AS. Remember that we discussed a few methods for overcoming this challenge. You
will be using the as-override option because of simplicity. Commit and exit to
operational mode.
Step 6.13
Verify that your CE router is now receiving the routes from your PE router after the
change.
Question: Do you now see the routes being sent
from the remote team in your CE routers routing
table?
www.juniper.net
Step 6.14
Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the
ping utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CE routers loopback address. You will send five packets for
this test. This task can be accomplished using the following command: ping
192.168.1x.y source 192.168.1x.y routing-instance cex-y
count 5 .
Question: Do your ping requests complete?
STOP
www.juniper.net
www.juniper.net
Lab 8
Route Reflection and Internet Access
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will alter your internal BGP
(IBGP) configuration to peer with a preconfigured route reflector in the core network. You
will implement route target filtering on your PE router and you will configure Internet
access for the customer edge (CE) router through your PE router.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Reconfigure your IBGP peering, so that your router peers with the route
reflector.
Create a second virtual router that will act as a second CE router and customer
network.
Create and establish two Layer 3 VPNs over the core network.
Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
Step 1.3
Enter into configuration mode. Review and familiarize yourself with the CE instance
configuration.
www.juniper.net
Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector
In this lab part, you will use LDP to signal LSPs to the remote PE router through the
core network as well as to the Route Reflector. You will verify that the LDP LSPs are
established and that the LDP routes are installed in your routing table.
Step 3.1
Enter into configuration mode and navigate to the [edit protocols ldp]
hierarchy. Add the interface all statement to include all interfaces in LDP. As
good practice, remember to disable the management interface. Commit and exit to
operation mode when you are satisfied with the changes.
Step 3.2
Verify that the LSPs are established and ready for use.
Step 3.3
Verify that the inet.3 routing table is created and contains the RSVP route to the
remote PE router.
Question: Do you see the LDP route to the remote
PE router in your inet.3 routing table?
www.juniper.net
www.juniper.net
Step 5.1
Enter into configuration mode and navigate to the [edit interfaces]
hierarchy. Configure the appropriate interface properties found on the lab diagram
titled Lab 8: Part 3-8Layer 3 VPN Scaling and Internet Access. You will configure
the interfaces for each connection to the two CE routers. Commit your change and
exit to operational mode to verify reachability to the CE interface.
Step 5.2
Verify reachability to both CE routers by pinging their interfaces five times.
Question: Do the pings complete?
www.juniper.net
STOP
www.juniper.net
Note
www.juniper.net
Note
STOP
www.juniper.net
Note
Step 8.3
Enter configuration mode and navigate to the [edit protocols bgp]
hierarchy. Enable the keep all functionality for your BGP session. This
functionality will cause the PE router to keep all VPN routes that are advertised to it
from the route reflector, regardless of vrf-target value. Commit your
configuration changes and exit to operational mode.
Step 8.4
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after adding the keep all functionality.
Question: Do you see the vpnx-b routes for the
remote CE router?
Step 8.5
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your router to signal the route target NLRI for the IBGP session
to the route reflector.
Step 8.6
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.
www.juniper.net
www.juniper.net
Step 9.6
Verify that you can ping the loopback address of one of the core routers five times,
sourced from your CE routers loopback address. You can review one of the network
diagrams that outline the core network if you do not recall the loopback addresses
of the core routers. In the example provided, the ping is destined to P6s loopback,
sourced from the CE routers loopback.
Question: Do the ping requests complete?
STOP
www.juniper.net
www.juniper.net
Lab 9
GRE Tunnel Integration
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE routers static routes into
OSPF.
Redistribute the MP-BGP routes learned from the remote PE into OSPF.
Step 1.3
Enter into configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: Which type of instance is being used.
www.juniper.net
www.juniper.net
Step 4.6
Verify that the static routes that are being redistributed by the CE router can be
found in the VRF table of the PE router.
Question: Are the static routes from the local
CE router being received by your PE router as OSPF
routes?
www.juniper.net
Step 4.7
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
Question: What routes are being advertised to the
remote PE router?
Step 4.8
Verify that you are receiving routes from the remote PE router.
Question: What routes are you receiving from the
remote PE router?
Step 4.9
Determine whether any hidden routes are being received from the remote PE router.
Question: Are any hidden routes being received
from the remote PE router? Why are the routes
hidden?
www.juniper.net
Step 5.2
Navigate to the [edit interfaces] hierarchy and configure a tunnel interface
named gr-1/0/10.0. The interface should source packets from the local PE routers
loopback address. The interface should be configured to send packets destined to
the remote PE routers loopback address. Finally, enable forwarding of MPLS and
IPv4 traffic on the tunnel interface. Commit your configuration and exit to
operational mode.
Step 5.3
Verify that the GRE interface is up and functional.
Question: Is the gr-1/0/10 interface in the up
state?
Step 6.3
Review the routes that are installed in your VRF table.
Question: Do you see all the remote PE routes?
www.juniper.net
Step 6.4
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping 192.168.1x.y source 192.168.1x.y routing-instance
cex-y count 5 .
Question: Do all your ping packets complete? Can
you think of a reason why they would not complete?
Step 6.5
Review the routes that are installed in the CE routers routing table.
Question: Do you see all the remote routes?
Step 6.6
Review the LSAs that currently exist in the CE routers link state database.
Question: Why do you think the remote networks
are not present in your CE routers link state
database?
STOP
www.juniper.net
Step 7.4
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping 192.168.1x.y source 192.168.1x.y routing-instance
cex-y count 5 .
Question: Do all your ping packets complete?
STOP
www.juniper.net
Lab 10
BGP Layer 2 VPNs
Overview
In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN)
using LDP signaling between provider edge (PE) routers. Once the virtual LAN
(VLAN)-based Layer 2 VPN is operational, you will configure the customer edge (CE)
routers to run one of several available routing protocols and advertise their static route
and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE routers will not
interact with the routing protocols used on the CE routers.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Add protocol BGP support for the Layer 2 VPN network layer reachability
information (NLRI).
Create and establish a BGP Layer 2 VPN over the core network.
Export your static routes into OSPF and share these routes with the remote
CE network.
Step 1.3
Enter configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: Which type of instance is being used.
www.juniper.net
Step 2.1
Navigate to the [edit protocols ldp] hierarchy. Add your two core-facing
interfaces, as well as your loopback interface. Commit your configuration changes
and exit to operational mode.
Step 2.2
Verify that LDP is established and has valid neighbors using the following
commands: show ldp session and show ldp neighbor.
Question: Do you see neighborships established
with your two peer provider (P) routers?
Step 2.3
Verify MPLS connectivity using the MPLS ping utility.
Question: Are your MPLS pings successful?
www.juniper.net
www.juniper.net
Note
Step 4.7
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping 10.0.x0.y routing-instance cex-y count 5
command.
Question: Do your ping requests complete?
STOP
Step 5.2
Navigate to the [edit routing-instances cex-y protocols ospf]
hierarchy. Configure your loopback and PE-facing interface under area 0.
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This action will export your static routes to your peer. Commit and exit to operational
mode.
Note
Step 5.6
Verify you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
Question: Do your pings complete?
STOP
www.juniper.net
Lab 11
Circuit Cross Connect and LDP Layer 2 Circuits
Overview
In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider
edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational,
you will configure the customer edge (CE) routers to run one of several available routing
protocols and advertise their static route and loopback address blocks. Because this is a
Layer 2 circuit, the PE routers will not interact with the routing protocols used on the
CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2
circuit configuration and configure a circuit cross connect (CCC) connection. You will then
verify the connection again from CE to CE.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Create and establish an LDP Layer 2 circuit over the core network.
Add OSPF to your CE network and create a neighborship between your local
CE router and the remote CE router.
Export your static routes into OSPF and share these routes with the remote
CE network.
Create and establish a CCC Layer 2 connection over the core network.
Step 1.3
Enter into configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: How may static routes are configured for
this instance?
www.juniper.net
Step 2.1
Navigate to the [edit protocols mpls] hierarchy. Configure a
label-switched-path called pey-to-pez-x. For example, if you are
assigned router mxA-1, your peer router is mxA-2. The LSP should be named
pe1-to-pe2-1. Your LSP should egress at your remote peers loopback address.
Verify that the configuration looks correct. Commit and exit to operation mode when
you are satisfied with the changes.
Step 2.2
Navigate to the [edit protocols ldp] hierarchy and configure an extended
LDP session by adding the loopback interface to the LDP protocol. As mentioned
previously, this will allow LDP to exchange VC labels between the PE routers. Commit
your configuration changes and exit to operational mode.
Step 2.3
Verify that the LSP has been established and is ready for use.
Step 2.4
Verify that the inet.3 routing table has been created and contains the RSVP route
to the remote PE router.
Question: Do you see the RSVP route to the remote
PE router in your inet.3 routing table?
www.juniper.net
Step 3.2
Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit
interfaces ge-1/1/4] hierarchy and configure the interface properties
following the details provided in the network diagram. Note that both the local and
remote CE router interfaces will be on the same Layer 3 network. Commit your
configuration changes.
Question: Why must both CE router interfaces be in
the same network?
www.juniper.net
Step 4.3
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping 10.0.x0.y routing-instance cex-y count 5
command.
Question: Do your ping requests complete?
STOP
www.juniper.net
Step 5.5
Review the routes being learned by OSPF and ensure that you have the remote
CE routers static routes by issuing the show route protocol ospf table
cex-y.inet.0 command.
Question: Do you see all the remote CE routers
static?
Step 5.6
Verify that you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
Question: Do your pings complete?
STOP
www.juniper.net
Step 6.3
Navigate to the top of the [edit] hierarchy and issue the command replace
pattern ge-1/1/4 with ge-1/1/5. This action will change all references in
the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used
in the lab diagram. Verify that the interface being applied for the CE routing instance
has been changed. Remember to verify the change also applied to your CE routers
OSPF configuration. When you are satisfied with the change commit your
configuration.
Step 6.4
Navigate to the [edit protocols connections] hierarchy and configure a
remote-interface-switch named vpn-x. Assign your PE interface used to
connect to your CE router (ge-1/0/5.6x0) to the interface switch. For the
interface you assign, you have to specify the transmit-lsp lsp-name and the
receive-lsp lsp-name for the traffic to use to get to and from the remote end
of the connection. You will assign the RSVP LSP that you configured in Part 2 as you
transmit LSP and you will assign the LSP that the remote team created as you
receive LSP. If you do not remember the names, you can view them in the output
from the run show mpls lsp command. Commit your configuration changes
and exit to operational mode.
Note
Step 6.6
Verify that you can ping five times through the CCC circuit you just configured.
Question: Do your ping packets complete?
Step 6.7
Verify that your OSPF neighborship has established over the CCC circuit.
www.juniper.net
STOP
www.juniper.net
Lab 12
Virtual Private LAN Service
Overview
In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS
between provider edge (PE) routers. You will also configure a virtual switch to act as the
customer edge (CE) router. There will be redundant links between the PE and CE routers
so you will be required to prevent any Layer 2 loops from forming.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the virtual private network (VPN) baseline configuration for your router.
This configuration includes your baseline core configuration including Open
Shortest Path First (OSPF) and BGP. The baseline also contains a virtual router
configuration that will be used to generate data traffic for this lab.
Configure Layer 2 interfaces and apply them to a virtual switch that you will
configure to act as the CE router.
Step 1.3
Enter configuration mode. Review and familiarize yourself with the CE instance
configuration.
Question: Which type of instance is being used.
www.juniper.net
www.juniper.net
Step 4.2
Use the show ldp neighbor command to determine the status of your
neighbors.
Question: Has the PE router established
relationships with the locally connected
provider (P) routers?
Step 4.3
Use the show ldp database command to determine whether an LSP has been
established from your PE router to the remote PE router. Do not proceed until the
LSP has been established to the remote PE router.
Question: Has an LSP been established to the
remote PE router?
STOP
www.juniper.net
Step 5.6
Enter configuration mode and navigate to the [edit chassis]hierarchy. Enable
tunnel services on FPC slot 1, PIC slot 0 at a bandwidth of 1 Gbps. Commit your
configuration and exit to operational mode.
Step 5.7
Check the status of the VPLS connection using the show vpls connections
extensive command. Ensure that the remote group has completed the previous
step of the lab.
www.juniper.net
Step 5.8
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer routers ge-1/1/4 address. You will send five packets for this test. This
task can be accomplished using the following command: ping 10.0.x0.y
routing-instance c-routerx-y count 5.
Question: Do all your ping packets complete?
Step 5.10
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
Lab 126 Virtual Private LAN Service
www.juniper.net
Step 6.4
Verify that a Layer 2 loop is in the network by issuing the command, ping
10.0.x0.255 routing-instance c-routerx-y count 5.
www.juniper.net
Step 6.5
Enter configuration mode and navigate to the [edit routing-instance]
hierarchy. Create a new Layer 2 control instance named vpn-x-l2control.
Step 6.6
In the vpn-x-l2control instance, configure MSTP to run on the ge-1/0/6 and
ge-1/0/7 interfaces. Set the MSTP configuration name to vpn-x and the revision
level to 1.
Step 6.7
In the ce-vsx-y virtual switch instance, configure MSTP to run on the ge-1/1/6
and ge-1/1/7 interfaces. Set the MSTP configuration name to vpn-x and the
revision level to 1. Commit your configuration and exit to operational mode.
Step 6.8
Use the show spanning tree interface for both the virtual switch and the
Layer 2 control instance to determine which interfaces are in the FWD (forwarding)
state and which interfaces are in the BLK (blocking) state.
Step 6.9
Verify that a Layer 2 loop has been removed from the network by issuing the
command, ping 10.0.x0.255 routing-instance c-routerx-y count
5.
www.juniper.net
STOP
www.juniper.net
Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers
In this lab part, you will configure a BGP VPLS instance. You will include the
ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a
Layer 2 loop from forming, your will use the active-interface command.
Step 9.1
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your PE router to PE router BGP session to support l2vpn
signaling.
Step 9.2
Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/8 and
ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.
Step 9.3
Navigate to the [edit routing-instances] hierarchy. Create a new VPLS
instance named vpn-x1.
Step 9.4
Navigate to the [edit routing-instances vpn-x1] hierarchy. Add the
ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.
Step 9.5
Configure a route target community of target:65512:x00 for the VPLS.
Step 9.6
Create a BGP VPLS naming the site after your CE, ce-vsx-y, and specify a site ID
that matches the y value of the CE router name. Commit your configuration and exit
to operational mode.
Step 9.7
Verify that there is a Layer 2 loop in the network by issuing the command, ping
10.0.x1.255 routing-instance c-routerx-y count 5.
www.juniper.net
Step 9.8
Enter configuration and mode and navigate to the [edit routing-instances
vpn-x1] hierarchy. To prevent that loop, configure the ge-1/0/8 interface as the
active-interface for the site. Commit your configuration and exit to operational mode.
Step 9.9
Check the status of the VPLS connection using the show vpls connections
extensive command. Ensure that the remote group has completed the previous
step of the lab.
Question: Has a VPLS pseudowire been established
to the remote PE router?
Step 9.10
View the vpn-x1 routing table by using the show route table vpn-x1
extensive command. Analyze the route that was received from your remote
neighbor.
Question: What is the Site ID, Label Offset, Label
Base, and Range of the label block advertised by
your remote neighbor?
www.juniper.net
Step 9.11
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer routers ge-1/1/4 address. You will send five packets for this test. This
task can be accomplished using the following command: ping 10.0.x1.y
routing-instance c-routerx-y count 5.
Question: Do all your ping packets complete?
Step 9.12
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
Question: Which CE router-facing interface is being
used for forwarding in the vpn-x1 routing
instance?
Step 9.13
Enter configuration mode and disable the ge-1/0/8 interface. Commit your
configuration and exit to operational mode.
Step 9.14
Check the status of the VPLS connection using the show vpls connections
extensive command.
Question: Can you tell from the output of the
command which interface is being used for learning
and forwarding between the PE and CE routers?
Step 9.15
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. Ping the remote customer
routers ge-1/1/4 address. Send five packets for this test. This task can be
accomplished using the following command: ping 10.0.x1.y
routing-instance c-routerx-y count 5.
www.juniper.net
Step 9.16
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
Question: Which CE router-facing interface is being
used for forwarding?
STOP
www.juniper.net
www.juniper.net
Lab 13
Carrier-of-Carrier VPNs
Overview
In this lab you, will establish a BGP virtual private LAN service (VPLS) between two
provider edge (PE) routers that belong to different autonomous systems (ASs).
Carrier-of-carrier virtual private networks (VPNs) option C will be used to provide the PE to
PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from the
provider PE routers to pass customer internal routes between ASs. You will also use
labeled-unicast address family when passing routes between the provider PE router
and the customer CE routers. Finally, you will configure the customer CE routers to pass
any learned routes from the provider (remote customer site routes) to the customer
PE router using the labeled-unicast address family.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that you will delete.
Configure a bidirectional LSP between the provider PE routers and between the
customer PE and CE.
Configure a multihop EBGP session between the customer CE routers using the
l2vpn address family.
Step 1.4
Familiarize yourself with the Lab 13 network diagram. Notice that there is a provider
AS, two customer ASs, and two subscriber CE routers.
Question: What are the names of the two provider
PE routers?
www.juniper.net
www.juniper.net
STOP
www.juniper.net
Step 4.4
Within the vpn-to-extend-lsp routing instance, configure an MP-EBGP session
using the labeled-unicast address family between the provider PE router and
your customer CE router. Remember that the session will not establish because you
have not configured the customer CE router yet. Commit your configuration so far.
Question: Did the configuration commit without any
errors? If not, what errors were reported?
Step 4.5
Navigate to the [edit protocols] hierarchy. Configure the ge-1/0/4 interface
to run the MPLS protocol. Commit your configuration so far.
Question: Did the configuration commit without any
errors?
Step 5.6
Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.
Step 5.7
Configure an MP-IBGP session using the labeled-unicast address family
between the customer CE router and the customer PE router. Remember that the
session will not establish because you have not configured the customer PE router
yet.
Step 5.8
Configure an MP-EBGP session using the labeled-unicast address family
between the customer CE router and the provider PE router.
Step 5.9
Navigate to the [edit logical-systems c-cey policy-options]
hierarchy. Create a policy named internals, which will be used to advertise all of
the loopback addresses from the local customer AS.
Step 5.10
Navigate to the [edit logical-systems c-cey protocols] hierarchy.
Apply the internals policy as an export policy to the provider PE neighbor.
Commit your configuration and exit to operational mode.
Step 5.11
Use the show mpls interface logical-system c-cey command to verify
that MPLS has been enabled on the correct interfaces on the customer CE router.
Question: Do the ge-1/0/5 and ge-1/1/4 interfaces
currently have MPLS enabled?
Step 5.12
Use the show ldp interface logical-system c-cey command to verify
that LDP has been enabled on the correct interfaces on the customer CE router.
Question: Does the ge-1/0/5 interface currently
have LDP enabled?
Step 5.13
Use the show ospf interface logical-system c-cey command to verify
that OSPF has been enabled on the correct interfaces on the customer CE router.
www.juniper.net
Step 5.14
Use the show bgp summary logical-system c-cey command to verify that
a BGP neighbor relationship has been established with the provider PE router.
Question: Is your BGP peering session with the
provider PE router established?
Step 5.15
Use the show route advertising-protocol bgp 10.0.2y.1
logical-system c-cez command to verify that the customer CE router is
advertising its loopback address to the provider PE router. Remember that it will not
advertise the customer PE routers loopback until the customer PE router is
configured. You will configure the customer PE router in the next part of the lab.
Question: Is the customer CE routers loopback
address being advertised to the provider PE router?
STOP
www.juniper.net
Step 6.9
Use the show ospf neighbor logical-system c-pey command to verify
that an OSPF adjacency exists with the customer CE router.
www.juniper.net
Step 6.10
Use the show ldp database logical-system c-cey command to verify
that LSPs have been created to and from the customer CE router.
Question: Are there LSPs established to and from
the customer CE router?
Step 6.11
Use the show bgp summary logical-system c-pey command to verify that
a BGP neighbor relationship has been established with the customer CE router.
Question: Is your BGP peering session with the
provider CE router established?
STOP
www.juniper.net
Step 7.2
Enter configuration mode and navigate to the [edit logical-systems c-pey
protocols] hierarchy. Configure the resolve-vpn option for the
labeled-unicast address family. Commit your configuration and exit to
operational mode.
Step 7.3
Use the show route protocol bgp logical-system c-pey command to
view the BGP routes that have been learned from the remote AS.
Question: In which routing tables are the received
BGP routes currently being stored?
www.juniper.net
STOP
www.juniper.net
Step 8.10
Check the status of the VPLS connection using the show vpls connections
extensive logical-systems c-pey command. Ensure that the remote
group has completed the previous step of the lab.
Question: Has a VPLS pseudowire been established
to the remote customer PE router?
Step 8.11
Verify that you have connectivity from the local subscriber CE router to the remote
subscriber CE router through the VPLS by using the ping utility. You will ping the
remote subscriber CE routers ge-1/1/6 address. Send 5 packets for this test. This
task can be accomplished using the following command: ping 10.0.51.y
routing-instance s-cey count 5.
Question: Do all your ping packets complete?
STOP
www.juniper.net
A2 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A3
A4 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A5
A6 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A7
A8 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A9
www.juniper.net
www.juniper.net
www.juniper.net