Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
2
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP workbook:
2
3
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Maxim
lives
in
Russia
and
speaks
Russian
and
English.
He
started
his
networking
career
in
1999.
Throughout
the
years
Maxim
has
designed
and
implemented
several
large
scale
networks
for
enterprise
and
service
provider
customers.
Over
the
years
he
has
developed
several
high
quality
courseware
materials
for
industry
leading
networking
vendors.
Maxim
has
the
following
certifications:
JNCIE,
JNCIP-‐ENT,
JNCIS-‐SEC,
Nortel
NNCSS.
For
technology
Max
values
efficiency
and
pragmatic
design.
When
Max
is
not
at
work
he
likes
to
spend
time
with
his
family.
Max
enjoys
being
outside
in
the
nature
and
loves
to
travel
and
exploring
the
world.
Jörg
Buesink
Jörg
lives
in
the
Netherlands
near
Amsterdam
and
brings
more
than
10
years
of
experience
in
the
IT
and
networking
industry.
He
has
worked
for
several
large
ISPs
/
service
providers
in
the
role
of
technical
consultant,
designer
and
network
architect.
He
has
extensive
experience
in
network
implementation,
design
and
architecture
and
teached
several
networking
classes.
Jörg
is
triple
JNCIE
certified
(JNCIE-‐ENT#21,
JNCIE-‐SP#284
and
JNCIE-‐SEC#30)
as
well
as
triple
CCIE#15032
(Routing/
Switching,
Service
provider
and
Security),
Cisco
CCDE#20110002
certified,
Huawei
HCIE#2188
Routing
and
Switching.
JNCIE-‐SP
workbook:
3
4
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
General
information
Rack
rental
service
Did
you
know
that
this
workbook
can
be
used
in
combination
with
our
premium
JNCIE
rack
rental
service?
Take
a
look
on
our
website
for
more
information
www.inetzero.com
Warning:
Please
do
NOT
change
the
root
account
password
for
any
of
our
devices
to
prevent
unnecessary
password
recovery.
Thank
you
for
your
cooperation
Target
audience
This
workbook
is
developed
for
experienced
network
engineers
who
are
preparing
for
the
Juniper
Networks
JNCIE-‐SP
lab
exam.
Although
not
required
it
is
highly
recommended
that
you
have
passed
the
JNCIS-‐SP
and
JNCIP-‐SP
written
exams
before
you
start
using
this
workbook.
iNET
ZERO’s
JNCIE-‐SP
preparation
workbook
is
developed
in
such
a
way
that
we
expect
you
to
have
theoretical
knowledge
about
the
JNCIE-‐SP
lab
exam
blueprint
topics
(JNCIP-‐SP
certified
or
working
towards
this
certification).
For
example,
in
this
workbook
we
will
not
explain
what
rib-‐groups,
LSP’s
or
Multicast
VPNs
are.
What
we
will
do
is
test
if
you
are
able
to
configure
all
these
technologies
based
on
certain
requirements
and
understand
how
they
interact
in
a
typical
SP
environment.
Topology
diagrams
In
the
chapters
you
will
find
several
topology
diagrams
in
small
format.
In
the
appendix
of
this
workbook
you
will
find
bigger
versions
of
the
topology
diagrams
for
better
readability.
We
recommend
to
print
the
topology
diagrams.
JNCIE-‐SP
workbook:
General
information
iNET
ZERO
support
Always
feel
free
to
ask
us
questions
regarding
the
workbook
or
JNCIE
rack
rental.
You
can
reach
us
at
info@inetzero.com.
We
love
to
hear
from
you
regarding
your
preparation
progress.
Your
feedback
regarding
our
products
is
also
very
appreciated!
4
.
5
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
7
.
8
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
8
.
9
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
9
.
10
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
11
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
8) Configure
all
your
devices
to
transfer
their
configuration
to
the
FTP
server
S1
each
time
the
configuration
is
committed.
Use
user
name
lab
and
password
lab123
for
the
FTP
server
access.
9) Configure
the
authentication
method
in
such
a
way
that
the
router
first
tries
to
authenticate
users
on
the
RADIUS
server
and
then,
if
not
successful,
with
local
password.
Use
S1
as
the
RADIUS
server.
Configure
the
RADIUS
server
with
retry
attempts
1
and
a
timeout
of
2
seconds.
Use
workbook
as
the
RADIUS
shared
secret.
10) Create
on
every
router
a
new
user
lab,
with
the
password
lab123,
that
will
have
super
user
privileges.
TIP:
From
this
point
on
we
recommend
you
to
operate
routers
using
the
user
lab
account.
11) Configure
additional
users
on
all
the
devices
as
defined
in
Table
3.
Note
that
word
“any”
in
the
Table
3
is
used
literally,
i.e.
a
user
can
have
any
user
name.
Table
3
Username
Password
Privileges
any
-‐
Permissions
“view”
and
“view-‐configuration”.
Authenticated
only
by
the
RADIUS
ops
ops123
Permissions
“clear”,
“network”,
“reset”,
“trace”
and
“view”
noc
noc123
Permissions
“all”.
Additionally
cannot
execute
any
of
the
“clear”,
“configure”,
“edit”
or
“start
shell”
commands
12) Configure
the
Syslog
settings
on
all
your
devices
as
indicated
in
Table
4.
Table
4
Receiver
Message
Type
File
“jncie-‐sp-‐messages”
All
info
level
messages
Syslog
server
S1
Interactive
commands
Configuration
changes
11
.
12
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
12
.
13
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
13
.
14
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
15
.
16
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
16
.
17
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Figure
4
Table
8
Router
Interface
Area
R1
ae0.0
3
i3
2
lo0.0
2
R2
ae0.0
3
i2
0
i3
0
lo0.0
0
R3
i1
4
17
i2
0
.
18
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
i3
0
lo0.0
0
R4
i1
4
i3
4
lo0.0
4
R5
ae0.0
4
i3
4
lo0.0
4
R6
ae0.0
4
i2
0
i3
0
lo0.0
0
R7
i1
1
i2
0
i3
0
lo0.0
0
R8
i1
1
i3
2
lo0.0
2
The
OSPF
network
must
meet
the
following
criteria:
• All
OSPF
adjacencies
are
full.
18
.
19
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
R4
i1
1
i3
1
lo0.0
1
R5
ae0.0
1
i3
1
lo0.0
1
R6
ae0.0
1
i2
1
i3
2
lo0.0
1
R7
i1
2
i2
2
i3
2
lo0.0
2
R8
i1
2
i3
1
lo0.0
1
Table
10
Router
Area
R1
49.0001
R2
49.0002
R3
49.0002
.
21
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• Load and override your routers’ configuration with the task reset configuration.
4) Using
operational
and
configuration
mode
commands
troubleshoot
the
ISIS
network
and
fix
the
errors.
5) Write
a
summary
report
on
all
the
issues
found.
21
.
22
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
22
.
23
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
23
.
24
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
9) Make
sure
that
ISIS
neighbors
can
detect
the
adjacency
loss
in
less
than
500ms.
10) Make
sure
that
all
adjacencies
are
up
and
all
routers
can
reach
all
other
routers’
IPv4
loopback
addresses.
11) Configure
RIP
on
R4
i6
and
R5
i5
interfaces
respectively.
12) Advertise
only
the
default
route
to
the
RIP
router.
Make
sure
that
any
of
the
R4
or
R5
failure
will
not
result
in
the
default
route
disappearing
from
the
RIP
domain.
13) Advertise
the
received
RIP
routes
to
ISIS.
Make
sure
that
any
of
the
R4
or
R5
failure
will
not
result
in
the
RIP
routes
disappearing
from
the
ISIS
domain.
14) Make
sure
that
the
default
route
received
from
RIP
is
not
installed
into
the
routing
table.
15) Make
sure
that
all
your
routers
can
reach
all
other
routers’
IPv6
loopback
addresses.
16) Configure
OSPFv3
area
0
on
R4
i7
and
R5
i6
interfaces
respectively.
Make
sure
that
OSPFv3
supports
both
IPv4
and
IPv6
routing.
17) Advertise
IPv4
and
IPv6
ISIS
routes
to
OSPFv3.
Advertise
IPv4
and
IPv6
OSPFv3
routes
to
ISIS.
Make
sure
that
any
of
the
R4
or
R5
failure
will
not
disrupt
the
routing
between
the
ISIS
and
OSPFv3
domains.
18) Advertise
RIP
routes
to
OSPFv3.
Advertise
IPv4
OSPFv3
routes
to
RIP.
Make
sure
that
any
of
the
R4
or
R5
failure
will
not
disrupt
the
routing
between
the
OSPFv3
and
RIP
domains.
19) No
routing
loops
or
suboptimal
routing
are
allowed
anywhere.
25
.
26
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
26
.
27
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
28
.
29
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
29
.
30
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
R1
i6
ge-‐0/0/4.206
172.30.0.65/30
R2
i6
ge-‐0/0/4.207
172.30.0.69/30
3) Configure
IBGP
route
reflection.
There
must
be
two
clusters
and
any
client
may
be
a
member
of
one
cluster
only.
4) Clients
can
only
have
IBGP
sessions
with
the
Route
Reflector.
5) Make
sure
that
IBGP
sessions
use
loopback
interface
peering.
The
RR
loopback
address
is
172.30.5.41.
6) Make
sure
that
the
route
reflection
does
not
result
in
suboptimal
routing.
7) Configure
MD5
authentication
for
all
the
IBGP
sessions.
8) Enable
BFD
neighbor
continuity
checking
for
all
the
IBGP
sessions.
9) Ensure
that
all
the
IBGP
session
state
changes
are
logged
to
syslog.
10) No
unresolved
IPv4
routes
are
allowed
anywhere.
31
.
32
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
33
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Figure
9
Table
15
Router
Interface
Admin.
Group
R1
i2
green
i3
red
ae0.0
green,
red
33
R2
i2
green
.
34
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
i3
red
ae0.0
green,
red
R3
i1
green,
red
i2
green
i3
red
R4
i1
green,
red
i2
green
i3
red
R5
i2
green
i3
red
ae0.0
green,
red
R6
i2
green
i3
red
ae0.0
green,
red
R7
i1
green,
red
i2
green
i3
red
R8
i1
green,
red
i2
green
i3
red
4) Configure
RSVP-‐signaled
LSPs
as
shown
in
Table
16.
34
Figure
10
.
35
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Table
16
Ingress
Egress
LSP
ID
Sun
Procyon
A
Sun
Vega
C
Sirius
Rigel
E
Sirius
A-‐Centauri
G
Canopus
Procyon
J
Canopus
Procyon
L
Canopus
Vega
Q
Arcturus
Rigel
N
Arcturus
Rigel
P
Arcturus
A-‐Centauri
S
A-‐Centauri
Sirius
H
A-‐Centauri
Arcturus
T
Vega
Sun
D
Vega
Canopus
R
Rigel
Sirius
F
Rigel
Arcturus
M
Rigel
Arcturus
O
Procyon
Sun
B
Procyon
Canopus
I
Procyon
Canopus
K
NOTE:
The
LSP
IDs
are
used
here
as
reference
names
only.
5) Configure
MD5
authentication
for
all
RSVP
sessions.
6) Enable
BFD
continuity
checking
for
all
the
RSVP
sessions.
7) Make
sure
that
LSPs
E,
F,
Q
and
R
use
only
links
belonging
to
“red”
administrative
group.
.
36
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
15) Configure
automatic
optimization
for
the
LSPs
I,
J,
K,
L,
M,
N,
O,
P.
Set
the
optimize
timer
to
8
hours.
Make
sure
that
the
ingress
routers
attempt
to
re-‐signal
the
LSP
before
tearing
it
down.
16) Make
sure
that
R5
and
R6
prefer
RSVP
LSPs
as
the
next-‐hops
for
IPv4
BGP
routes
advertised
by
IX
peers.
36
.
37
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
17) Configure
LDP
tunnels
between
R3
and
R8,
and
R4
and
R7.
Make
sure
that
any
router
in
your
AS
has
an
LDP-‐signaled
LSP
to
any
other
router.
18) Make
sure
that
IPv4
traffic
at
R8
from
P1
to
P2
uses
LSP
I
and
traffic
from
P1
to
P3
uses
LSP
K.
19) Configure
per
flow
load
balancing
over
LSPs
N
and
P.
Vice
versa
configure
per
flow
load
balancing
over
LSPs
M
and
O.
20) Make
sure
that
MPLS
paths
in
your
network
are
hidden
from
external
traceroute
utilities.
37
.
38
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
38
.
39
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
39
.
40
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
40
.
41
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
42
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
5) Customer
C1
has
some
backdoor
OSPF
connections
but
prefers
that
your
MPLS
network
would
be
used
for
traffic
forwarding
between
the
customer
sites.
6) Make
sure
that
your
MPLS
network
can
be
used
as
a
backup
path
between
CE1-‐2
and
CE1-‐3.
7) Make
sure
that
once
customer
C1
disables
its
backdoor
connections
any
of
the
R3
or
R4
PE
failure
will
not
result
in
any
of
the
customer
sites
become
isolated.
8) Customer
C2
requires
that
the
customer
site
S1
is
used
as
a
central
transit
site
for
all
traffic
exchanges
among
all
the
customer
sites
in
a
hub-‐and-‐spoke
fashion.
9) Make
sure
that
if
a
route
is
originated
in
customer
C2
site
S1
or
S2,
it
is
never
advertised
back
to
the
same
site.
10) Make
sure
that
PE-‐CE
link
subnets
in
customer
C2
VPN
are
advertised
to
the
customer
remote
VPN
sites.
11) Make
sure
that
all
PE
routers
receive
only
the
routes
with
those
targets
that
they
specifically
request
for.
12) Allow
local
communication
between
customer
C1
site
S2
and
customer
C2
site
S2
at
R4.
Make
sure
that
the
routes
exchanged
between
the
local
VRFs
are
not
advertised
to
any
of
the
remote
PE
routers.
13) Customer
C1
must
be
provided
with
Internet
access
at
the
customer
site
S2
using
single
customer-‐facing
interface.
Make
sure
that
any
of
the
R3
or
R4
failure
will
not
have
customer
C1
site
S2
isolated
from
the
Internet.
NOTE:
The
customer
IP
ranges
are
assumed
to
be
globally
routable
or
NATted
outside
of
your
network.
14) Customer
C2
must
be
provided
with
Internet
access
at
the
customer
site
S1,
using
a
dedicated
interface
i9
at
both
R1
and
R2
routers.
All
other
customer
sites
should
be
able
to
reach
the
Internet
via
the
site
S1.
42
.
43
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
44
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
44
.
45
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Figure
12
1) Configure
L2VPN
as
shown
in
Figure
12.
Table
21
specifies
the
L2VPN
details.
Configure
customer
VLANs
as
shown
in
Table
22.
Table
21
Customer
Site
Router
L2VPN
CE
facing
signaling
interface
C4
S1
CE4-‐1
LDP
ge-‐0/0/3
S2
CE4-‐2
LDP
ge-‐0/0/3
S3
CE4-‐3
LDP
ge-‐0/0/3
45
C5
S1
CE5-‐1
BGP
ge-‐0/0/3
.
46
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
46
.
47
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
601
C6
700
701
2) No
L2
switching
loops
are
allowed
anywhere
in
the
customers’
VPLS
networks.
You
may
not
use
Spanning
Tree
protocol
for
loop
prevention.
3) Make
sure
that
customer
C6
dual-‐homed
site
S2
connection
to
R8
is
the
primary
one.
Configure
the
customer
VPLS
so
that
if
the
primary
connection
is
active
it
is
always
preferred
by
other
PE
routers.
4) Customer
C5
requires
that
you
provide
interworking
between
the
customer’s
L2VPN
and
VPLS
networks.
Configure
L2VPN
and
VPLS
interworking
at
R2
such
as
CE5-‐1
is
connected
to
VPLS
VLAN
600.
5) Make
sure
that
customer
C5
MAC
table
size
is
limited
to
200
entries
per
site,
and
customer
C6
MAC
table
size
is
limited
to
100
entries
per
site.
Make
sure
that
if
customer
C6
MAC
table
limit
is
reached,
packets
are
dropped.
48
.
49
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
49
.
50
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
50
.
51
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
52
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) Configure
a
Drop
Profile
called
high-‐drop.
Have
a
router
to
automatically
build
a
smooth
graph
line
based
on
the
data
points
defined
in
Table
28.
Table
28
Fill
Level
Drop
Probability
25
10
50
30
75
65
5) Apply
the
schedulers
to
all
your
routers’
core-‐facing
interfaces.
Make
sure
that
the
schedulers
are
applied
at
the
interface
logical
unit
level.
52
.
53
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
53
.
54
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
54
.
55
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
55
.
56
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
57
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
NOTE:
Server
S1
is
a
virtual
NTP/FTP/SNMP/Syslog/RADIUS/DNS
proxy
server.
The
server
is
reachable
at
10.10.1.100
IP
address.
6) Set
the
time
zone
to
Europe/Amsterdam
on
all
your
devices.
7) Ensure
that
all
your
devices
synchronize
their
time
with
the
NTP
server
S1.
Configure
the
devices
to
synchronize
time
with
the
S1
at
boot
time.
8) Configure
the
authentication
method
that
first
tries
authenticate
users
on
RADIUS
server
and
then
if
not
successful
with
local
password.
Use
S1
as
the
RADIUS
server.
Configure
the
RADIUS
server
with
retry
attempts
1
and
timeout
2
seconds.
Use
workbook
as
the
RADIUS
shared
secret.
9) Create
on
every
device
a
new
user
lab,
with
the
password
lab123,
that
will
have
super
user
privileges.
From
this
point
on
configure
your
devices
using
user
lab
account.
10) Configure
additional
users
on
all
the
devices
as
defined
in
Table
33.
Table
33
Username
Password
Privileges
noc
noc123
Class
“operator”
permissions.
Additionally
is
allowed
to
read
and
modify
SNMP
configuration,
execute
system
maintenance
commands
but
not
allowed
to
execute
“start
shell”
command
tac
tac123
Class
“super-‐user”
permissions.
Additionally
cannot
execute
the
“clear”,
“configure”
or
“edit”
commands
11) Configure
Syslog
settings
on
all
your
devices
as
indicated
in
Table
4.
Table
34
Receiver
Message
Type
File
“jncie-‐sp-‐messages”
All
info
level
messages
File
“firewall.log”
All
firewall
filter
messages
59
.
60
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Table
38
Router
Interface
Area
R1
i4
0
R2
i4
0
3) Make
sure
that
router
ID
is
configured
explicitly
on
all
routers.
4) Make
sure
that
you
do
not
have
Type
2
LSAs
in
your
domain.
5) Make
sure
that
Area
1
LSDB
does
not
have
any
of
the
OSPF
Type
4
or
Type
5
LSAs.
6) Make
sure
that
routers
in
Area
1
will
not
be
isolated
in
case
of
a
single
link
or
ABR
failure.
7) Configure
Area
1
OSPF
internal
IPv4
routes
tightest
possible
summarization
to
the
backbone
area.
8) Configure
all
routers
to
automatically
calculate
metrics
reflecting
interfaces’
bandwidth.
9) Make
sure
that
all
OSPF
adjacencies
are
in
Full
state
and
connectivity
is
provided
among
all
routers’
loopback
interfaces
for
both
IPv4
and
IPv6
families.
10) Make
sure
that
connectivity
is
provided
between
all
routers’
loopback
interfaces
and
Route
Reflector
loopback
interface
address
172.30.5.41.
Any
of
the
R1
or
R2
failure
must
not
result
in
loss
of
Route
Reflector
loopback
reachability.
11) Enable
RIP
on
R5
i4
and
R6
i6
interfaces.
12) Redistribute
the
default
route
into
RIP.
Make
sure
that
the
R6
default
route
advertisement
is
preferred
by
DC1.
13) Redistribute
RIP
routes
into
OSPF.
14) Any
OSPF
ASBR
failure
must
not
result
in
RIP
routes
disappearing
from
OSPF
or
the
default
route
disappearing
from
RIP.
15) Configure
Area
1
OSPF
external
IPv4
routes
tightest
possible
summarization
to
the
backbone
61
.
62
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
63
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
19) If
a
route
is
learned
directly
from
a
customer,
it
should
always
be
preferred
to
the
same
route
learned
from
any
other
peer.
20) Do
not
accept
IPv4
routes
that
have
a
mask
shorter
than
/8
or
longer
than
/24
from
anywhere.
You
may
accept
routes
with
mask
/32
originated
in
AS
43208.365.
21) Do
not
accept
the
0.0.0.0
route
with
any
mask
length
from
any
of
the
peers
or
customers.
22) Do
not
accept
any
IPv6
routes
that
are
not
originated
in
their
AS
from
P1
neighbors.
23) Use
two
standard
communities
to
identify
IPv4
routes
received
from
either
a
customer
or
a
peer.
None
of
these
communities
may
be
seen
outside
of
your
AS.
24) Advertise
a
single
summary
IPv4
route
that
aggregates
your
AS
local
routes
including
the
RIP
routes
to
all
your
EBGP
peers.
25) Make
sure
that
IPv6
routes
advertised
to
P1
neighbors
are
not
advertised
further
outside
of
their
AS.
26) Make
sure
that
R1
is
the
preferred
point
both
for
inbound
and
outbound
IPv4
traffic
for
P1
AS.
27) Make
sure
that
if
a
customer
advertises
an
IPv4
route
with
a
community
of
“<Customer
AS>:666”
the
traffic
to
that
destination
is
black-‐holed.
28) No
unresolved
IPv4
or
IPv6
routes
are
allowed
anywhere.
63
.
64
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
65
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
7) Configure
all
RSVP-‐enabled
interfaces
except
the
Aggregated
Ethernet
bundles
to
allow
bandwidth
reservation
with
20%
oversubscription.
8) Configure
full
mesh
of
RSVP
sessions
among
all
routers
except
R4,
R5
and
Route
Reflector.
9) Configure
MD5
authentication
for
all
RSVP
sessions.
10) Enable
RSVP
path
MTU
discovery
for
all
RSVP
sessions.
11) Make
sure
that
LSPs
originated
at
R1,
R2,
R3
use
only
links
belonging
to
“green”
or
“blue”
administrative
groups.
12) Make
sure
that
LSPs
originated
at
R6,
R7,
R8
use
only
links
belonging
to
“purple”
or
“blue”
administrative
groups.
13) Configure
an
additional
LSP
from
R2
to
R1
and
an
LSP
from
R2
to
R8.
The
additional
LSPs
may
not
use
administrative
group
constraint.
14) Make
sure
that
the
two
LSPs
from
R2
to
R1
and
the
two
LSPs
from
R2
to
R8
do
not
use
the
same
physical
link
anywhere
on
the
path
to
the
egress
nodes.
15) Configure
all
LSPs
except
those
from
R2
to
R1
and
from
R2
to
R8
to
reserve
100Mbps
of
bandwidth.
16) Configure
the
LSPs
from
R2
to
R1
and
to
R8
to
automatically
adjust
bandwidth
once
in
24
hours
based
on
the
average
bandwidth
usage.
Make
sure
that
the
LSPs
are
signaled
with
not
less
than
50Mbps
and
not
more
than
100Mbps.
17) Configure
LSPs
originated
at
R3
and
R6
to
ensure
that
they
have
higher
priority
for
bandwidth
reservation
than
the
remaining
LSPs,
including
the
P2MP
LSPs.
Make
sure
that
the
remaining
P2P
LSPs
have
lower
priority
than
that
of
P2MP
LSPs.
18) Configure
LDP
tunnels
to
establish
MPLS
LSPs
between
R4,
R5
and
Route
Reflector.
Make
sure
that
a
single
link
or
node
failure
will
not
result
in
these
LSPs
break
down.
19) Make
sure
that
IPv4
and
IPv6
traffic
from
C3
to
P1
are
mapped
to
different
LSPs.
65
.
66
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
signaling
CE3
S1
CE3-‐1
BGP
ge-‐0/0/3.601
S2
CE3-‐2
BGP
ge-‐0/0/3.600
14) No
L2
switching
loops
are
allowed
anywhere
in
the
customer
VPLS
network.
You
may
not
use
Spanning
Tree
protocol
for
loop
prevention.
15) Configure
customer
CE3
VLAN
normalization.
16) Make
sure
that
customer
CE2
MAC
table
size
is
limited
to
100
entries
per
interface
on
all
PE
routers.
Make
sure
that
if
the
limit
is
reached,
packets
are
dropped.
67
.
68
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
69
.
70
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
There
are
two
SRX
devices
in
the
above
topology.
Assume
SRX1
is
under
our
administrative
control
and
SRX2
is
not.
SRX2
has
been
preconfigured
with
OSPF,
but
we
do
not
have
access
to
this
device.
Our
goal
is
to
establish
an
OSPF
adjacency
with
SRX2.
The
initial
OSPF
configuration
for
SRX1
is
very
basic.
Interface
ge-‐0/0/1.0
and
loopback
0.0
are
both
participating
in
the
OSPF
backbone
area
(0.0.0.0).
SRX1’s
initial
configuration:
interfaces
{
ge-‐0/0/1
{
unit
0
{
family
inet
{
address
172.30.0.1/30;
}
}
}
1)
Verify
if
you
have
IP
connectivity
to
SRX2
root@SRX1#
run
ping
172.30.0.2
PING
172.30.0.2
(172.30.0.2):
56
data
bytes
64
bytes
from
172.30.0.2:
icmp_seq=0
ttl=64
time=21.819
ms
64
bytes
from
172.30.0.2:
icmp_seq=1
ttl=64
time=1.226
ms
Super!
2)
Verify
is
you
have
an
OSPF
adjacency
with
SRX2
on
interface
ge-‐0/0/1.0
root@SRX1#
run
show
ospf
neighbor
interface
ge-‐0/0/1.0
[edit]
Unfortunately
we
do
not
have
an
adjacency
with
SRX2.
This
means
we
have
to
troubleshoot
if
SRX2
has
OSPF
configured
and
try
to
determine
its
settings.
3)
Enable
OSPF
traceoptions
on
SRX1
and
verify
traceoptions
output
root@SRX1#
set
protocols
ospf
traceoptions
file
ospf
root@SRX1#
set
protocols
ospf
traceoptions
flag
all
root@SRX1#
run
monitor
start
ospf
[edit]
Change
SRX1’s
OSPF
configuration
to
reflect
SRX2’
settings
root@SRX1#
rename
protocols
ospf
area
0
to
area
99
root@SRX1#
set
protocols
ospf
area
0.0.0.99
interface
ge-‐0/0/1.0
hello-‐interval
2
root@SRX1#
set
protocols
ospf
area
0.0.0.99
interface
ge-‐0/0/1.0
dead-‐interval
8
*
*
By
default
if
the
dead-‐interval
is
not
configured
OSPF
assumes
a
dead
interval
of
4
x
the
hello
interval.
In
other
words
in
our
example
although
we
did
configure
the
dead-‐interval
it
is
actually
not
needed.
5)
Verify
OSPF
adjacency
with
SRX2(Venus)
root@SRX1#
run
show
ospf
neighbor
Address
Interface
State
ID
Pri
Dead
172.30.0.1
ge-‐0/0/1.0
Init
172.30.15.2
128
6
Now
we
see
OSPF
in
the
“init”
state.
This
usually
means
that
we
have
received
an
OSPF
hello
packet,
but
the
other
end
(SRX2)
did
not
receive
or
at
least
did
not
accept
our
OSPF
hello
packet.
Let’s
clear
our
ospf
process
and
check
the
traceoptions
output
if
we
missed
an
important
clue.
Its
looks
like
we
missed
something
6)
Clear
the
ospf
process
and
verify
traceoptions
output
on
SRX1
root@SRX1#
run
clear
ospf
neighbor
Apr
4
14:35:49.687959
OSPF
rcvd
Hello
172.30.0.2
-‐>
224.0.0.5
(ge-‐0/0/1.0
IFL
70
area
0.0.0.99)
Apr
4
14:35:49.688020
Version
2,
length
44,
ID
172.30.15.2,
area
0.0.0.99
Apr
4
14:35:49.688084
checksum
0x0,
authtype
0
Apr
4
14:35:49.688140
mask
255.255.255.252,
hello_ivl
2,
opts
0x12,
prio
128
Apr
4
14:55:24.717198
OSPF
rcvd
DbD
172.30.0.2
-‐>
224.0.0.5
(ge-‐0/0/1.0
IFL
70
area
0.0.0.99)
Apr
4
14:55:24.717267
Version
2,
length
32,
ID
172.30.15.2,
area
0.0.0.99
Apr
4
14:55:24.717317
checksum
0x0,
authtype
0
Apr
4
14:55:24.717386
options
0x52,
i
1,
m
1,
ms
1,
r
0,
seq
0xac159be3,
mtu
9178
8)
Check
our
local
IP
MTU
on
interface
ge-‐0/0/1.0
root@SRX1#
run
show
interfaces
ge-‐0/0/1.0
|
match
MTU
Protocol
inet,
MTU:
1500
It
seems
there
is
an
IP
MTU
mismatch
between
SRX1
and
SRX2.
SRX2
appears
to
have
set
the
IP
MTU
to
9178
(jumbo)
on
interface
ge-‐0/0/1.0
9)
Change
the
ip
mtu
on
interface
ge-‐0/0/1.0
to
9178
and
verify
OSPF
neighborship.
There
are
two
ways
to
change
the
IP
MTU.
We
can
change
the
interface
MTU
to
9192
or
change
the
IP
MTU.
Please
note
that
the
interface
MTU
is
14
bytes
more
then
the
IP
MTU
due
to
encapsulation
overhead.
Note:
if
the
interfaces
used
vlan-‐tagging
the
difference
between
the
IP
MTU
and
interface
MTU
is
18
instead
of
14
bytes.
This
is
because
of
the
additional
4
bytes
for
the
vlan
tag.
root@SRX1#
set
interfaces
ge-‐0/0/1
mtu
9192
or
root@SRX1#
set
interfaces
ge-‐0/0/1.0
family
inet
mtu
9178
root@SRX1#
commit
commit
complete
.
74
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
That’s
it.
We
have
managed
to
get
the
OSPF
adjacency
up
without
access
to
SRX2!
Note
that
it's
also
possible
to
use
the
"monitor
traffic
interface
x/y/z
extensive"
command
to
"debug"
OSPF
adjacencies.
There
are
two
SRX
devices
in
the
above
topology.
Assume
SRX1
is
under
our
administrative
control
and
SRX2
is
not.
SRX2
has
been
preconfigured
with
an
EBGP
session
towards
SRX1,
but
we
do
not
have
access
to
this
device
and
we
do
not
know
SRX2
autonomous
system
number.
Our
goal
is
to
establish
an
EBGP
adjacency
with
SRX2
SRX1
initial
configuration.
interfaces
{
ge-‐0/0/1
{
unit
0
{
family
inet
{
neighbor
172.30.0.2
{
peer-‐as
64555;
}
}
Check
the
BGP
peering
with
SRX2
again!
root@srx1#
run
show
bgp
summary
Groups:
1
Peers:
1
Down
peers:
0
Table
Tot
Paths
Act
Paths
Suppressed
History
Damp
State
Pending
inet.0
0
0
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps
Last
Up/Dwn
State|#Active/Received/Accepted/Damped...
172.30.0.2
64555
33
33
0
2
3:36
0/0/0/0
0/0/0/0
root@srx1#
run
show
bgp
neighbor
172.30.0.2
Peer:
172.30.0.2+179
AS
64555
Local:
172.30.0.1+49402
AS
64512
Type:
External
State:
Established
Flags:
<Sync>
Last
State:
OpenConfirm
Last
Event:
RecvKeepAlive
Last
Error:
Cease
Holdtime:
90
Preference:
170
Number
of
flaps:
2
Last
flap
event:
RecvNotify
Error:
'Cease'
Sent:
1
Recv:
1
Peer
ID:
172.30.0.2
Local
ID:
173.30.15.1
Active
Holdtime:
30
Keepalive
Interval:
10
Peer
index:
0
BFD:
disabled,
down
Local
Interface:
ge-‐0/0/1.0
NLRI
for
restart
configured
on
peer:
inet-‐unicast
NLRI
advertised
by
peer:
inet-‐unicast
NLRI
for
this
session:
inet-‐unicast
Output
Queue[0]:
0
Trace
options:
open
Trace
file:
/var/log/bgp
size
0
files
10
The
BGP
peering
is
established!
77
.
78
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
In
the
above
topology
there
are
two
routers:
SRX1
is
an
ASBR
for
BGP
Autonomous
System
(AS):
1111
and
SRX2
is
the
ASBR
for
BGP
AS:
2222.
There
is
an
ipv4
EBGP
peering
configured
between
SRX1
and
SRX2.
This
ipv4
EBGP
peering
is
also
used
to
exchange
IPv6
NLRI.
Each
device
will
announce
its
loopback
IP
address
(v4
and
v6)
to
the
other
ASBR.
SRX1
initial
configuration:
root@srx1#show
interfaces
ge-‐0/0/1
{
unit
0
{
family
inet
{
address
172.30.0.1/30;
}
family
inet6
{
group
ebgp
{
type
external;
family
inet
{
unicast;
}
family
inet6
{
unicast;
}
export
myloopback;
neighbor
172.30.0.2
{
peer-‐as
2222;
}
}
root@srx1#
show
policy-‐options
policy-‐statement
myloopback
from
interface
lo0.0;
then
accept;
root@srx1#
show
routing-‐options
autonomous-‐system
1111;
Please
note
that
we
configured
an
IPv4
neighborship
with
SRX2
for
IPv4
NLRI
(family
inet
unicast)
and
IPv6
NLRI
(family
inet6
unicast).
As
you
can
see
we
did
not
configure
a
native
IPv6
peering
with
SRX2!
Verify
if
our
BGP
peering
with
SRX2
is
in
the
Established
state
root@srx1#
run
show
bgp
neighbor
172.30.0.2
Peer:
172.30.0.2+49898
AS
2222
Local:
172.30.0.1+179
AS
1111
Type:
External
State:
Established
Flags:
<Sync>
←
Last
State:
OpenConfirm
Last
Event:
RecvKeepAlive
Last
Error:
Cease
Export:
[
myloopback
]
.
85
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
A
multicast
receiver
attached
to
SRX4
would
like
to
join
source
specific
multicast
(SSM)
group
232.1.1.1
send
by
multicast
source
192.168.1.1.
Assume
the
following
requirement(s):
• Unicast
traffic
from
SRX1
to
SRX4
should
always
transit
SRX3.
• Unicast
traffic
from
SRX4
to
SRX1
should
always
transit
SRX2.
To
meet
the
unicast
flow
requirement
the
IGP
metrics
for
prefixes
in
the
inet.0
table
are
tuned
on
SRX1
and
SRX4
(metric
1).
For
some
reason
the
multicast
traffic
is
not
received
by
the
receiver
attached
to
SRX4.
Verify
the
PIM
signalling
in
our
network
on
SRX4
and
SRX1:
root@srx4#
run
show
pim
join
inet
232.1.1.1
Instance:
PIM.master
Family:
INET
R
=
Rendezvous
Point
Tree,
S
=
Sparse,
W
=
Wildcard
Group:
232.1.1.1
Source:
192.168.1.1/32
Upstream
interface:
ge-‐0/0/0.0
Downstream
interface
list:
ge-‐0/0/1.0
Session
description:
Source
specific
multicast
Statistics:
0
kBps,
0
pps,
0
packets
root@srx4#
run
show
multicast
usage
Group
Sources
Packets
Bytes
232.1.1.1
1
0
0
Prefix
/len
Groups
Packets
Bytes
192.168.1.1
/32
1
0
0
It
seems
that
no
multicast
traffic
is
flowing
through
our
network.
Verify
the
RPF
table
on
SRX1.
root@srx1#
run
show
multicast
rpf
192.168.2.1
Multicast
RPF
table:
inet.0
,
32
entries
192.168.2.0/24
Protocol:
OSPF
Interface:
ge-‐0/0/3.0
←This
is
the
interface
connected
to
SRX3
root@srx4#
run
show
multicast
rpf
192.168.1.1
Multicast
RPF
table:
inet.0
,
34
entries
Create
two
rib-‐groups.
The
first
rib-‐group
“myrpffix”
imports
the
inet.0
and
inet.2
table
and
import
inet.0
table
and
inet.2
table.
The
second
rib-‐group
only
imports
the
inet.2
table.
root@srx4#
show
routing-‐options
rib-‐groups
myrpffix
{
import-‐rib
[
inet.0
inet.2
];
}
fullrpf
{
import-‐rib
[
inet.2
];
}
Create
a
static
route
in
the
inet.2
table
to
ensure
that
SRX4
uses
SRX3
as
the
next-‐hop
for
prefix
192.16.1.0/24
and
passes
the
RPF
check
root@srx4#
set
routing-‐options
rib
inet.2
static
route
192.168.1.0/24
next-‐hop
<R3
interface>
Ensure
that
the
“interface
routes”
are
used
in
“myrpffix”
rib-‐group.
This
is
needed
as
the
next-‐hop
for
the
previously
created
static
route
in
inet.2
must
be
resolvable.
root@srx4#
set
routing-‐options
interface-‐routes
rib-‐group
myrpffix
Ensure
that
the
protocol
independent
multicast
(PIM)
protocol
uses
the
fullrpf
rib-‐group
(inet.2
table)
to
perform
RPF
checks.
root@srx4#
set
protocols
pim
rib-‐group
fullrpf
That’s
it!
We
ensured
that
PIM
uses
the
inet.2
table
for
RPF
check.
The
inet.2
table
has
a
static
route
configured
to
fix
the
next-‐hop.
Since
we
use
the
inet.2
table
and
not
the
inet.0
table
we
did
not
break
our
unicast
flow
requirement.
87
.
88
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
89
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
We
created
a
prefix-‐list
called
“bgp-‐peers”.
The
apply-‐path
statement
matches
ALL
groups
<*>
and
all
neighbors
<*>
under
the
“protocols
bgp
group”
hierarchy.
You
can
verify
if
the
apply-‐path
prefix-‐list
is
working
as
expected
with
the
“display
inheritance”
appended
to
the
“show
policy
prefix-‐list”
command
lab@Inetzero#
show
policy-‐options
prefix-‐list
bgp-‐peers
|
display
inheritance
##
##
apply-‐path
was
expanded
to:
##
192.168.1.2/32;
##
172.16.1.1/32;
##
apply-‐path
"protocols
bgp
group
<*>
neighbor
<*>";
Our
dynamic
prefix-‐list
is
working!
You
can
apply
the
prefix-‐list
“bgp-‐peers”
just
like
any
other
prefix-‐list
in
a
firewall
filter
term:
lab@inetzero#
show
firewall
family
inet
filter
protect-‐re
{
term
allow-‐bgp
{
from
{
source-‐prefix-‐list
{
bgp-‐peers;
}
protocol
tcp;
port
bgp;
}
then
accept;
}
}
That’s
it.
In
the
above
example
we
used
the
“apply-‐path”
feature
for
adding
BGP
peers
to
our
source-‐
90
.
91
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
91
.
92
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
92
Chapter
1
-‐
task
4
.
93
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
94
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
95
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
95
Chapter
2
-‐
IGP
rollout
.
96
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
97
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
97
.
98
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
98
.
99
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
99
.
101
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
101
.
102
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
102
.
103
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
104
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
104
Chapter
6
-‐
L2VPN
and
VPLS
2
.
105
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
105
106
Full
day
lab
2
.
107
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
5) Configure
static
route
to
the
management
network.
Do
not
forget
to
include
the
“no-‐
readvertise”
feature
to
ensure
the
route
is
never
used
for
dynamic
routing
protocols
[edit routing-options]
root@Sun# show
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
10.10.1.100;
}
root@Sun# show
time-zone Europe/Amsterdam;
9) Configure
NTP.
The
boot-‐server
options
ensures
time
synchronization
during
boot-‐time.
[edit system ntp]
root@Sun# show
boot-server 10.10.1.100;
authentication-key 1 type md5 value "$9$tMfLOhrbwgaGixNVYoGq.tuORcl"; ## SECRET-
DATA
server 10.10.1.100 key 1; ## SECRET-DATA
trusted-key 1;
uid 2001;
class privileged;
authentication {
}
encrypted-password "$1$9vRw6uu/$FsTkMWlOp1bu2aZvfHz3W/"; ## SECRET-DATA
}
.
109
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
user ops {
uid 2002;
class operator;
authentication {
encrypted-password "$1$PVW/3KJ/$IWZ9CZtwVJyBBa/4vwNhl."; ## SECRET-DATA
}
}
user remote {
uid 2003;
class limited;
}
109
.
110
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
111
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
target-parameters S1-parameters {
parameters {
message-processing-model v3;
security-model usm;
security-level privacy;
security-name lab;
}
notify-filter all-traps;
}
notify traps {
type trap;
tag all-nms;
}
notify-filter all-traps {
oid snmpTraps;
oid jnxTraps;
}
111
.
112
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term igmp {
from {
protocol igmp;
}
then accept;
}
term msdp {
from {
protocol tcp;
port msdp;
}
then accept;
}
}
2) Configure
firewall
filter
rules
for
BGP
to
accept
BGP
messages
from
configured
peers
only.
a. Configure
firewall
filter
rules
for
BGP.
[edit firewall family inet]
lab@Sun# show
filter protect-re {
term bgp {
from {
source-prefix-list {
bgp-peers;
}
protocol tcp;
port bgp;
b. Configure
the
prefix
list.
This
apply-‐path
prefix-‐list
will
automatically
match
on
ALL
neighbors
under
ALL
peer-‐groups.
You
can
verify
if
your
apply-‐path
prefix
list
is
working
using
the
“show
policy-‐options
prefix-‐list
bgp-‐peers
|
display
inheritance”
once
you
have
actually
configured
BGP
peers.
[edit policy-options]
lab@Sun# show
prefix-list bgp-peers {
apply-path "protocols bgp group <*> neighbor <*>";
}
3) Configure
firewall
filter
rules
for
NTP,
RADIUS,
DNS,
SNMP,
SSH,
Telnet,
FTP
protocols.
[edit firewall family inet]
lab@Sun# show
filter protect-re {
term ntp {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port ntp;
}
then accept;
}
term snmp { 113
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port snmp;
.
114
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
then accept;
}
term radius {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port radius;
}
then accept;
}
term dns {
from {
source-address {
10.10.1.0/24;
}
protocol udp;
port domain;
}
then accept;
}
term ssh {
from {
source-address {
10.10.1.0/24;
}
protocol tcp;
4) Configure
firewall
filter
to
accept
ICMP
and
traceroute
messages
with
rate
limiting.
a. Configure
firewall
filter
rules
for
ICMP
and
traceroute.
Do
not
forget
the
“then
accept”
statement
when
configuring
policing
[edit firewall family inet]
lab@Sun# show 114
filter protect-re {
term icmp {
from {
}
protocol icmp;
then {
.
115
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
policer re-policer;
accept;
}
}
term traceroute {
from {
protocol udp;
port 33434-33534;
}
then {
policer re-policer;
accept;
}
}
}
115
.
116
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. Configure
interfaces
as
shown
in
the
following
example
for
R1.
[edit interfaces]
lab@Sun# show
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
}
}
lo0 {
unit 0 {
family inet {
.
117
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
filter {
input protect-re;
}
address 172.30.5.1/32;
}
family inet6 {
address fd17:f0f4:f691:5::1/128;
}
}
}
2) Configure
VRRP.
a. R3
[edit interfaces ge-0/0/4]
lab@Canopus# show
unit 200 {
description "DC1 LAN 1";
vlan-id 200;
family inet {
address 172.30.1.1/24 {
vrrp-group 1 {
virtual-address 172.30.1.254;
priority 150;
authentication-type md5;
authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ## SECRET-DATA
track {
interface ge-0/0/4.127 {
b. R4
[edit interfaces ge-0/0/4]
lab@Arcturus# show
unit 200 {
description "DC1 LAN 1";
vlan-id 200;
family inet {
address 172.30.1.2/24 { 117
vrrp-group 1 {
virtual-address 172.30.1.254;
authentication-type md5;
}
authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ## SECRET-DATA
}
.
118
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
unit 201 {
description "DC1 LAN 2";
vlan-id 201;
family inet {
address 172.30.2.2/24 {
vrrp-group 2 {
virtual-address 172.30.2.254;
priority 150;
authentication-type md5;
authentication-key "$9$4kZHmpu1ESe69tORSMW4aZjkP"; ## SECRET-DATA
track {
interface ge-0/0/4.114 {
priority-cost 30;
}
interface ge-0/0/4.145 {
priority-cost 30;
}
}
}
}
}
}
118
.
119
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. Check
the
event
script
description
to
figure
out
which
events
trigger
the
script.
[edit]
lab@Sun# run file show /var/db/scripts/event/syslog-int-desc-on-link-change.slax
/*
*
* To invoke this event script, place the syslog-interface-description-on-
* link-change.slax file in /var/db/scripts/event/ and enter the following
* into the device config.
* The second policy is to also create a trap on the newly created syslog
* message.
*
* ----Begin config snippet----
*
* root@JUNIPER_DEVICE# show event-options
* policy syslog_if_description {
* events [ snmp_trap_link_up snmp_trap_link_down ];
* then {
* event-script syslog-int-desc-on-link-change.slax;
* } 119
* }
* policy snmptrap_if_description {
* events SYSTEM;
*
*
attributes-match {
SYSTEM.message matches NEW_SNMP_TRAP_LINK;
* }
.
120
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
* then {
* raise-trap;
* }
* }
* event-script {
* file syslog-int-desc-on-link-change.slax;
* }
*
* ----End config snippet----
*
*/
lo0.16384 inet
fe80::fac0:10f:fcdc:3480-->
127.0.0.1 --> 0/0
lo0.16385 inet 10.0.0.1
10.0.0.16
--> 0/0
--> 0/0
128.0.0.1 --> 0/0
.
121
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@Sun# rollback 1
load complete
[edit]
lab@Sun# commit
commit complete
[edit]
lab@Sun# run show log jncie-sp-messages | match SNMP_TRAP_LINK_DOWN
[edit]
lab@Sun# set interfaces ae0 disable
[edit]
lab@Sun# commit
commit complete
[edit]
lab@Sun# run show log jncie-sp-messages | match SNMP_TRAP_LINK_DOWN
Sep 7 15:34:13 Sun mgd[4537]: UI_CMDLINE_READ_LINE: User 'lab', command 'run show
log jncie-sp-messages | match SNMP_TRAP_LINK_DOWN '
Sep 7 15:34:31 Sun mib2d[1162]: SNMP_TRAP_LINK_DOWN: ifIndex 585, ifAdminStatus
down(2), ifOperStatus down(2), ifName ae0
Sep 7 15:34:31 Sun mib2d[1162]: SNMP_TRAP_LINK_DOWN: ifIndex 589, ifAdminStatus
up(1), ifOperStatus down(2), ifName ae0.0
Sep 7 15:34:31 Sun mib2d[1162]: SNMP_TRAP_LINK_DOWN: ifIndex 510, ifAdminStatus
down(2), ifOperStatus down(2), ifName ge-0/0/1
Sep 7 15:34:31 Sun mib2d[1162]: SNMP_TRAP_LINK_DOWN: ifIndex 515, ifAdminStatus
down(2), ifOperStatus down(2), ifName ge-0/0/2
Sep 7 15:34:37 Sun cscript: NEW_SNMP_TRAP_LINK_DOWN, Sun, , , ,
Sep 7 15:34:38 Sun cscript: NEW_SNMP_TRAP_LINK_DOWN, Sun, , , ,
Sep 7 15:34:38 Sun cscript: NEW_SNMP_TRAP_LINK_DOWN, Sun, ae0.0, up, down, R2
connection
[edit]
lab@Sun# delete interfaces ae0 disable
[edit]
lab@Sun# commit
commit complete 121
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
1) Load
the
task
reset
configuration.
[edit]
lab@Sun# load override “See Baseline folder, chapter 2 for configs”
b. R2
122
lab@Sirius> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.123 BDR 0.0.0.0 172.30.5.3 172.30.5.2 1
ge-0/0/4.127
lo0.0
DR
DR
0.0.0.0
0.0.0.0
172.30.5.2
172.30.5.2
0.0.0.0
0.0.0.0
0
0
ae0.0 DR 0.0.0.33 172.30.5.2 0.0.0.0 0
.
123
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R3
lab@Canopus> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.123 DR 0.0.0.0 172.30.5.3 172.30.5.2 1
ge-0/0/4.136 DR 0.0.0.0 172.30.5.3 0.0.0.0 0
lo0.0 DR 0.0.0.0 172.30.5.3 0.0.0.0 0
ge-0/0/4.134 DR 0.0.0.4 172.30.5.3 0.0.0.0 0
d. R4
lab@Arcturus> show ospf interface
Interface State Area DR ID BDR ID Nbrs
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
ge-0/0/4.134 DR 0.0.0.4 172.30.5.4 0.0.0.0 0
ge-0/0/4.145 DR 0.0.0.4 172.30.5.4 0.0.0.0 0
lo0.0 DR 0.0.0.4 172.30.5.4 0.0.0.0 0
e. R5
lab@A-Centauri> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ae0.0 DR 0.0.0.4 172.30.5.5 172.30.5.2 1
ge-0/0/4.145 DR 0.0.0.4 172.30.5.5 0.0.0.0 0
lo0.0 DR 0.0.0.4 172.30.5.5 0.0.0.0 0
f. R6
lab@Vega> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.136 DR 0.0.0.0 172.30.5.2 0.0.0.0 0
ge-0/0/4.167 BDR 0.0.0.0 172.30.5.7 172.30.5.2 1
lo0.0 DR 0.0.0.0 172.30.5.2 0.0.0.0 0
ae0.0 BDR 0.0.0.4 172.30.5.5 172.30.5.2 1
g. R7
lab@Rigel> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.127 DR 0.0.0.0 172.30.5.7 0.0.0.0 0
ge-0/0/4.167 DR 0.0.0.0 172.30.5.7 172.30.5.2 1
lo0.0 DR 0.0.0.0 172.30.5.7 0.0.0.0 0 123
ge-0/0/4.178 BDR 0.0.0.1 172.30.5.8 172.30.5.7 1
h. R8
lab@Procyon> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.178 DR 0.0.0.1 172.30.5.8 172.30.5.7 1
ge-0/0/4.118 DR 0.0.0.2 172.30.5.8 172.30.5.1 1
lo0.0 DR 0.0.0.2 172.30.5.8 0.0.0.0 0
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
Interface State Area DR ID BDR ID Nbrs
ae0.0 DR 0.0.0.33 172.30.5.2 0.0.0.0 0
b. R2
–
R3
adjacency.
lab@Sirius> show ospf neighbor
Address Interface State ID Pri Dead
172.30.0.14 ge-0/0/4.123 ExStart 172.30.5.3 128 38
172.30.0.1 ae0.0 Full 172.30.5.1 128 37
.
125
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R2
–
R7
adjacency.
lab@Sirius> show ospf interface ge-0/0/4.127 detail
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.127 DR 0.0.0.0 172.30.5.2 0.0.0.0 0
Type: LAN, Address: 172.30.0.17, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 172.30.0.17, Priority: 128
Adj count: 0
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 01:00:00 CET
Protection type: None
Topology default (ID 0) -> Cost: 1
d. R3
–
R4
adjacency
lab@Canopus> show ospf interface ge-0/0/4.134 detail
Interface State Area DR ID BDR ID Nbrs
ge-0/0/4.134 DR 0.0.0.4 172.30.5.3 0.0.0.0 0
Type: LAN, Address: 172.30.0.21, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 172.30.0.21, Priority: 128
Adj count: 0
Hello: 10, Dead: 40, ReXmit: 5, Stub NSSA
Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 01:00:00 CET
Protection type: None
Topology default (ID 0) -> Cost: 1
.
126
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
e. R3
–
R6
adjacency.
[edit protocols ospf traceoptions]
lab@Canopus# show
file ospf.log;
flag error detail;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
md5 1 key "$9$L3KNs4f5F6CuHqPQnCB1LxNbYo"; ## SECRET-DATA
}
}
b. R3
lab@Canopus> show ospf database area 0
.
127
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R4
lab@Arcturus> show ospf database
d. R5
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
lab@A-Centauri> show ospf database
e. R6
lab@Vega> show ospf database area 0
f. R7
lab@Rigel> show ospf database area 0
Router 172.30.5.3 172.30.5.3 0x80000018 350 0x22 0xcf37 60
Router *172.30.5.7 172.30.5.7 0x80000019 1055 0x22 0x9939 60
Network 172.30.0.14 172.30.5.3 0x80000003 981 0x22 0xbd2d 32
Network 172.30.0.17
Network 172.30.0.25
172.30.5.2
172.30.5.3
0x80000969
0x80000002
3600
666
0x22
0x22
0xf97b 32
0x518f 32
Network *172.30.0.42 172.30.5.7 0x80000007 527 0x22 0xac16 32
.
128
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
5) Fix
the
R6
router
LSA
issue
in
the
backbone
LSDB.
[edit routing-options]
lab@Vega# show
router-id 172.30.5.6;
6) Fix
OSPF
area
4
LSA
types.
NOTE:
the
OSPF
interface
types
are
set
to
P2P
to
ensure
there
are
no
type
2
LSA
generated,
since
on
P2P
links
there
are
no
DR/BR’s.
a. R3
[edit protocols ospf area 0.0.0.4]
lab@Canopus# show
nssa {
default-lsa {
default-metric 10;
type-7;
}
no-summaries;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
}
interface ge-0/0/4.134 {
interface-type p2p;
}
b. R4
[edit protocols ospf area 0.0.0.4]
lab@Arcturus# show
interface ge-0/0/4.134 {
interface-type p2p;
}
interface ge-0/0/4.145 {
interface-type p2p;
}
c. R5
[edit protocols ospf area 0.0.0.4]
lab@A-Centauri# show
interface ge-0/0/4.145 {
interface-type p2p;
}
interface ae0.0 {
interface-type p2p;
}
d. R6
[edit protocols ospf area 0.0.0.4]
lab@Vega# show
nssa {
default-lsa {
default-metric 10;
type-7;
}
no-summaries;
}
interface ae0.0 { 128
}
interface-type p2p;
.
129
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
NSSA *172.30.33.0 172.30.5.4 0x80000004 547 0x28 0xe04 36
NSSA 172.30.33.0 172.30.5.5 0x80000007 2197 0x28 0x10fc 36
---(more)---
b. R5
lab@A-Centauri> show route protocol rip terse
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
}
[edit protocols rip]
lab@Arcturus# show
group rip {
import rip-filter;
}
b. R5
[edit policy-options policy-statement rip-filter]
lab@A-Centauri# show
term 1 {
from {
protocol rip;
route-filter 0.0.0.0/0 exact;
}
then reject;
}
[edit protocols rip]
lab@A-Centauri# show
group rip {
import rip-filter;
}
b. R2
lab@Sirius> show route 172.30.5/24 terse
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
c. R3
lab@Canopus> show route 172.30.5/24 terse
e. R7
lab@Rigel> show route 172.30.5/24 terse
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
* 172.30.5.3/32 O 10 2 172.30.0.17
>172.30.0.41
* 172.30.5.4/32 O 10 3 172.30.0.17
>172.30.0.41
* 172.30.5.5/32 O 10 2 >172.30.0.41
* 172.30.5.6/32 O 10 1 >172.30.0.41
* 172.30.5.7/32 D 0 >lo0.0
f. R8
lab@Procyon> show route 172.30.5/24 terse
132
.
133
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
12) Fix
the
R1
and
R8
loopback
reachability
issue.
You
need
virtual
link
to
solve
this
task
due
to
discontiguous
backbone
area.
a. R1
[edit protocols ospf area 0.0.0.0]
lab@Sun# show
virtual-link neighbor-id 172.30.5.2 transit-area 0.0.0.3;
b. R2
[edit protocols ospf area 0.0.0.0]
lab@Sirius# show
virtual-link neighbor-id 172.30.5.1 transit-area 0.0.0.3;
c. R7
[edit protocols ospf area 0.0.0.0]
lab@Rigel# show
virtual-link neighbor-id 172.30.5.8 transit-area 0.0.0.1;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
d. R8
[edit protocols ospf area 0.0.0.0]
lab@Procyon# show
virtual-link neighbor-id 172.30.5.7 transit-area 0.0.0.1;
133
.
134
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
1) Load
the
task
reset
configuration.
[edit]
lab@Sun# load override “See Baseline folder, chapter 2 for configs”
.
135
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R3
lab@Canopus> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/4.123 2 0x1 Disabled Point to Point 10/10
ge-0/0/4.134 1 0x1 Canopus.00 Disabled 10/10
ge-0/0/4.136 1 0x1 Canopus.00 Disabled 10/10
lo0.0 0 0x1 Passive Passive 0/0
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
d. R4
lab@Arcturus> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/4.134 1 0x2 Arcturus.00 Disabled 10/10
ge-0/0/4.145 1 0x1 Arcturus.00 Disabled 10/10
lo0.0 0 0x1 Passive Passive 0/0
e. R5
lab@A-Centauri> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ae0.0 1 0x3 A-Centauri.03 Disabled 10/10
ge-0/0/4.145 1 0x2 A-Centauri.00 Disabled 10/10
lo0.0 0 0x1 Passive Passive 0/0
f. R6
lab@Vega> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ae0.0 1 0x1 A-Centauri.03 Disabled 10/10
ge-0/0/4.136 1 0x2 Vega.00 Disabled 10/10
ge-0/0/4.167 2 0x1 Disabled Vega.00 10/10
lo0.0 0 0x1 Passive Passive 0/0
h. R8
lab@Procyon> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/4.118 1 0x1 Sun.02 Disabled 10/10
lo0.0 0 0x1 Passive Passive 0/0
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
a. R1
–
R2
adjacency.
lab@Sun> show isis adjacency
Interface System L State Hold (secs) SNPA
ae0.0 1720.3000.5002 2 Initializing 25
ge-0/0/4.118 Procyon 1 Up 24 f8:c0:1:dc:2e:84
.
137
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
---(more)---
c. R4
–
R5
adjacency.
lab@Arcturus> show interfaces ge-0/0/4.145
Logical interface ge-0/0/4.145 (Index 71) (SNMP ifIndex 591)
Description: R5 connection
Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.145 ] Encapsulation: ENET2
Input packets : 2052
Output packets: 1026
Security: Zone: Null
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 172.30.0.28/30, Local: 172.30.0.29, Broadcast: 172.30.0.31
Protocol iso, MTU: 1497
Flags: None
Protocol inet6, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::fac0:100:91dc:3184
.
138
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
d. R6
–
R7
adjacency.
lab@Vega> show isis statistics
IS-IS statistics for Vega:
PDU type Received Processed Drops Sent Rexmit
LSP 209 209 0 142 0
IIH 5219 56 1349 4223 0
CSNP 1043 1043 0 770 0
PSNP 15 15 0 50 0
Unknown 0 0 0 0 0
Totals 0 0 0 0 0
---(more)---
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
IS-IS statistics for Rigel:
PDU type Received Processed Drops Sent Rexmit
LSP 1487 1487 0 1085 1528
IIH 2221 47 844 3145 0
CSNP 1198 1198 0 1616 0
PSNP 103 102 1 1456 0
Unknown 0 0 0 0 0
Totals 0 0 0 0 0
---(more)---
.
139
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
e. R7
–
R8
adjacency.
lab@Rigel> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/4.127 2 0x1 Disabled Point to Point 10/10
ge-0/0/4.167 2 0x1 Disabled Point to Point 10/10
ge-0/0/4.178 2 0x1 Disabled Point to Point 10/10
lo0.0 0 0x1 Passive Passive 0/0
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/4.118 1 0x1 Sun.02 Disabled 10/10
lo0.0 0 0x1 Passive Passive 0/0
b. R2
lab@Sirius> show isis database
IS-IS level 1 link-state database:
LSP ID Sequence Checksum Lifetime Attributes
Sirius.00-00 0xb 0x1fc4 394 L1 L2 139
1 LSPs
.
140
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R3
lab@Canopus> show isis database
IS-IS level 1 link-state database:
LSP ID Sequence Checksum Lifetime Attributes
Canopus.00-00 0x6 0x3fb7 766 L1 L2
Arcturus.00-00 0x13 0x845f 641 L1 L2
Arcturus.02-00 0x4 0x2f69 642 L1 L2
A-Centauri.00-00 0x24 0x2699 578 L1 L2
A-Centauri.02-00 0x3 0x47ba 578 L1 L2
A-Centauri.03-00 0x12 0xae3f 458 L1 L2
Vega.00-00 0x20 0x8bf5 703 L1 L2
Vega.02-00 0xa 0x1bde 703 L1 L2
8 LSPs
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
lab@Sirius> show isis adjacency
Interface System L State Hold (secs) SNPA
ae0.0 1720.3000.5001 2 Up 23
ge-0/0/4.123 1720.3000.5003 2 Up 24
ge-0/0/4.127 1720.3000.5001 2 Up 19
}
}
interface ge-0/0/4.127 {
point-to-point;
level 1 disable;
.
141
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
level 2 {
hello-authentication-key "$9$dWsaU3nCpORfTF/tOcSdbs4JD"; ## SECRET-DATA
hello-authentication-type md5;
}
}
interface ae0.0 {
point-to-point;
level 1 disable;
level 2 {
hello-authentication-key "$9$ROMSvLaJDH.5s2oGi.zFRhSeMX"; ## SECRET-DATA
hello-authentication-type md5;
}
}
interface lo0.0;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
Canopus.00-00 0xb 0x78be 1132 L1 L2
Vega.00-00 0x2a 0x783a 468 L1 L2
4 LSPs
b. R2
lab@Sirius> show isis database level 2
IS-IS level 2 link-state database:
LSP ID Sequence Checksum Lifetime Attributes
Rigel.00-00 0x57 0x5821 1189 L1 L2
Sirius.00-00 0x43 0xd781 1050 L1 L2
Canopus.00-00 0xb 0x78be 1081 L1 L2
Vega.00-00 0x2a 0x783a 417 L1 L2
4 LSPs
c. R3
lab@Canopus> show isis database level 2
IS-IS level 2 link-state database:
LSP ID Sequence Checksum Lifetime Attributes
Sun.00-00 0x60 0xe2dd 1192 L1 L2
Sirius.00-00 0x43 0xd781 996 L1 L2
Canopus.00-00 0xb 0x78be 1031 L1 L2
Vega.00-00 0x2b 0x763b 1166 L1 L2
4 LSPs
b. R2
lab@Sirius> show isis hostname
IS-IS hostname database:
System ID Hostname Type
.
142
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R3
lab@Canopus> show isis hostname
IS-IS hostname database:
System ID Hostname Type
1720.3000.5001 Rigel Dynamic
1720.3000.5002 Sirius Dynamic
1720.3000.5003 Canopus Static
1720.3000.5004 Arcturus Dynamic
1720.3000.5005 A-Centauri Dynamic
1720.3000.5006 Vega Dynamic
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
}
142
.
143
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
IP prefix: 172.30.0.20/30 Metric: 10 Internal Up
IP prefix: 172.30.0.28/30 Metric: 10 Internal Up
IP prefix: 172.30.5.4/32 Metric: 0 Internal Up
IP prefix: 172.30.32.0/24 Metric: 2 Internal Up
IP prefix: 172.30.33.0/24 Metric: 2 Internal Up
---(more)---
b. R5
lab@A-Centauri> show route protocol rip terse
.
144
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
11) Fix
suboptimal
routing.
a. R4
[edit policy-options policy-statement isis-to-rip]
lab@Arcturus# show
term 1 {
from protocol isis;
then {
metric 1;
tag 1234;
accept;
}
}
b. R5
[edit policy-options policy-statement isis-to-rip]
lab@A-Centauri# show
term 1 { 144
from protocol isis;
then {
metric 5;
tag 1234;
accept;
}
.
145
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
IP prefix: 172.30.32.0/20 Metric: 10 External Up
IP prefix: 172.30.32.0/24 Metric: 12 Internal Up
IP prefix: 172.30.33.0/24 Metric: 12 Internal Up
---(more)---
lab@Canopus> show isis database level 1 Arcturus.00-00 extensive | find TLV | match
"external prefix"
145
.
146
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. R2
lab@Sirius> show route 172.30.5/24 terse
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
inet.0: 32 destinations, 32 routes (32 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
c. R3
lab@Canopus> show route 172.30.5/24 terse
d. R4
lab@Arcturus> show route 172.30.5/24 terse
e. R5
lab@A-Centauri> show route 172.30.5/24 terse
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
0.0.0.0/0 *[IS-IS/15] 01:22:05, metric 10
> to 172.30.0.34 via ae0.0
f. R6
lab@Vega> show route 172.30.5/24 terse
g. R7
lab@Rigel> show route 172.30.5/24 terse
h. R8
147
lab@Procyon> show route 172.30.5/24 terse
* 172.30.5.1/32 I 15 10 >172.30.0.9
* 172.30.5.2/32 I 18 20 >172.30.0.45
* 172.30.5.3/32 I 18 30 >172.30.0.45
* 172.30.5.4/32 I 18 40 >172.30.0.45
* 172.30.5.5/32 I 18 50 >172.30.0.45
* 172.30.5.7/32 I 18 10 >172.30.0.45
* 172.30.5.8/32 D 0 >lo0.0
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
term 1 {
from {
protocol aggregate;
route-filter 172.30.32.0/20 exact;
}
to level 2;
then accept;
}
term 2 {
then reject;
}
148
.
149
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
1) Load
your
previous
saved
configuration
[edit]
lab@Sun# load override my_baseline.conf
b. R5
[edit interfaces ge-0/0/4]
lab@A-Centauri# show
.
150
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
unit 204 {
description "DC2 connection";
vlan-id 204;
family inet {
address 172.30.0.57/30;
}
}
unit 205 {
description "DC3 connection";
vlan-id 205;
family inet {
address 172.30.0.61/30;
}
family inet6;
}
3) Configure
ISIS.
a. Configure
family
iso
on
the
routers’
core-‐facing
interfaces.
[edit groups]
lab@Sun# show
if-families {
interfaces {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
ge-0/0/4 {
unit <*> {
family iso;
}
}
<ae0*> {
unit <*> {
family iso;
}
}
}
}
[edit]
lab@Sun# set apply-groups if-families
point-to-point;
bfd-liveness-detection {
minimum-interval 150;
multiplier 3;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
neighbor ge-0/0/4.202;
}
5) Configure
ISIS
to
RIP
redistribution
policy
at
R4
and
R5.
a. Configure
an
aggregate
default
route.
[edit routing-options]
lab@Arcturus# show
aggregate {
route 0.0.0.0/0;
}
151
.
152
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
6) Configure
RIP
to
ISIS
redistribution
policy
at
R4
and
R5.
a. Configure
ISIS
export
policy.
[edit policy-options]
lab@Arcturus# show
policy-statement rip-to-isis {
term 1 {
from protocol rip;
then accept;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
a. Configure
the
policy.
[edit policy-options]
lab@Arcturus# show
policy-statement filter-rip {
term 1 {
from {
protocol rip;
tag 123;
}
then reject;
}
}
152
.
153
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
11) Configure
ISIS
to
OSPFv3
redistribution
policy
at
R4
and
R5.
a. Configure
the
policy.
[edit policy-options policy-statement isis-to-ospf3]
lab@Arcturus# show
term 1 {
from protocol isis;
then {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
tag 123;
accept;
}
12) Configure
OSPFv3
to
ISIS
redistribution
policy
at
R4
and
R5.
a. Configure
the
policy.
[edit policy-options policy-statement ospf3-to-isis]
lab@Arcturus# show
term 1 {
from protocol ospf3;
then accept;
}
}
tag 123;
}
then reject;
.
154
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
15) Configure
RIP
to
OSPFv3
redistribution
policy
at
R4
and
R5.
a. Configure
the
policy.
[edit policy-options policy-statement rip-to-ospf3]
lab@Arcturus# show
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Two:
IGP
Configuration
and
Troubleshooting
term 1 {
from protocol rip;
then {
tag 123;
accept;
}
}
16) Configure
OSPFv3
to
RIP
redistribution
policy
at
R4
and
R5.
a. Configure
the
policy.
[edit policy-options policy-statement ospf3-to-rip]
lab@Arcturus# show
term 1 {
from protocol ospf3;
then {
tag 123;
accept;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
1) Configure
global
confederation
parameters.
[edit routing-options]
lab@Sun# show
autonomous-system 65000;
confederation 54591 members [ 65000 65001 65002 65003 ];
2) Configure
IBGP.
[edit protocols bgp]
lab@Sun# show
log-updown;
group ibgp {
type internal;
local-address 172.30.5.1;
authentication-key "$9$twEDOhrbwgaGixNVYoGq.tuORcl"; ## SECRET-DATA
neighbor 172.30.5.2;
}
group cbgp {
type external;
multihop;
local-address 172.30.5.1;
authentication-key "$9$T3A0MWx-b2ylvLNboaTz39tO"; ## SECRET-DATA 155
peer-as 65003;
}
neighbor 172.30.5.8;
.
156
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Solution
-‐
Task
2.
EBGP
Configuration
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
1) Configure
additional
interfaces.
[edit interfaces ge-0/0/5]
lab@Sun# show
vlan-tagging;
unit 300 {
vlan-id 300;
family inet {
address 192.168.1.1/24;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
neighbor 192.168.1.4;
}
b. R2
[edit protocols bgp]
lab@Sirius# show
group IX {
type external;
peer-as 1620;
neighbor 192.168.1.3;
neighbor 192.168.1.4;
}
c. R3
[edit protocols bgp]
lab@Canopus# show
group P2-1 {
type external;
peer-as 53732.2005;
neighbor 192.168.0.2;
}
group P3-1 {
type external;
peer-as 43208.365;
neighbor 192.168.0.6;
}
d. R5
[edit protocols bgp] 157
lab@A-Centauri# show
group C3 {
type external;
peer-as 64514;
multipath;
neighbor 192.168.0.10;
.
158
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
neighbor 192.168.0.14;
}
e. R6
[edit protocols bgp]
lab@Vega# show
group C2-1 {
type external;
multihop;
local-address 172.30.5.6;
peer-as 64513;
neighbor 172.31.31.1;
}
group C1-1 {
type external;
family inet {
unicast {
prefix-limit {
maximum 20;
teardown idle-timeout 3;
}
}
}
peer-as 64512;
neighbor 192.168.0.18;
}
f. R7
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
[edit protocols bgp]
lab@Rigel# show
group P1-2 {
type external;
peer-as 1679.12483;
neighbor 192.168.0.30;
}
group C1-1 {
type external;
family inet {
unicast {
prefix-limit {
maximum 20;
teardown idle-timeout 3;
}
}
}
peer-as 64512;
neighbor 192.168.0.34;
}
g. R8
[edit protocols bgp]
lab@Procyon# show
group P1-1 {
type external;
peer-as 1679.12483;
neighbor 192.168.0.38;
}
a. R7
[edit protocols bgp]
lab@Rigel# show
group P1-2-ipv6 {
.
159
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
type external;
peer-as 1679.12483;
neighbor fc09:c0:ffee::2;
}
b. R8
[edit protocols bgp]
lab@Procyon# show
group P1-1-ipv6 {
type external;
peer-as 1679.12483;
neighbor fc09:c0:ffee::6;
}
c. R3
[edit protocols bgp]
lab@Canopus# show
traceoptions {
file bgp.log;
flag packets detail;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
lab@Canopus# show
group P2-1-ipv6 {
type external;
local-interface ge-0/0/5.301;
peer-as 53732.2005;
neighbor fe80::223:9c01:2d8b:6c81;
}
d. R5
[edit protocols bgp]
lab@A-Centauri# show
group C3 {
type external;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 64514;
multipath;
neighbor 192.168.0.10;
neighbor 192.168.0.14;
}
}
damping aggressive {
half-life 20;
reuse 500;
suppress 2500;
}
11) Configure
next-‐hop-‐self
policy
on
all
routers
but
R1
and
R2.
[edit policy-options policy-statement nhs]
lab@Canopus# show
term 1 {
from {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
160
.
161
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@Sun# show | find policy-options
policy-options {
policy-statement IX-export {
term 1 {
from {
protocol bgp;
community P1;
}
then reject;
}
term 2 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
then accept;
}
}
policy-statement IX-filter {
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
community set IX;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
next-hop discard;
}
} 161
}
community C1 members 54591:64512;
community C2 members 54591:64513;
community C3 members 54591:64514;
community IX members 54591:1620;
community P1 members 54591:1679;
.
162
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@Sun# show | find protocols
protocols {
bgp {
group IX {
import [ default-filter IX-filter ];
export IX-export;
}
group ibgp {
import rtbh;
}
}
}
b. R2
[edit]
lab@Sirius# show | find routing-options
routing-options {
aggregate {
route 172.30.0.0/16;
}
}
[edit]
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
lab@Sirius# show | find policy-options
policy-options {
policy-statement IX-export {
term 1 {
from {
protocol bgp;
community P1;
}
then reject;
}
term 2 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then {
as-path-prepend "54591 54591 54591";
accept;
}
}
term 3 {
from protocol bgp;
then {
as-path-prepend "54591 54591 54591";
accept;
}
}
}
policy-statement IX-filter {
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24; 162
}
then {
community set IX;
}
accept;
}
.
163
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term 2 {
then reject;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
next-hop discard;
}
}
}
community C1 members 54591:64512;
community C2 members 54591:64513;
community C3 members 54591:64514;
community IX members 54591:1620;
community P1 members 54591:1679;
community P2 members 54591:53732;
community P3 members 54591:43208;
community rtbh members 6451.:666;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
[edit]
lab@Sirius# show | find protocols
protocols {
bgp {
group IX {
import [ default-filter IX-filter ];
export IX-export;
}
group ibgp {
import rtbh;
}
}
}
c. R3
[edit]
lab@Canopus# show | find routing-options
routing-options {
aggregate {
route 172.30.0.0/16;
}
}
[edit]
lab@Canopus# show | find policy-options
policy-options {
policy-statement P2-export {
term 1 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact; 163
}
}
then accept;
}
policy-statement P2-filter {
term 1 {
.
164
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 200;
community set P2;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement P3-export {
term 1 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement P3-filter {
term 1 {
from {
protocol bgp;
as-path P3-local-routes;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then accept;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 200;
community set P3;
accept;
}
}
term 3 {
then reject;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement nhs {
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
} 164
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
.
165
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
next-hop discard;
}
}
}
community C1 members 54591:64512;
community C2 members 54591:64513;
community C3 members 54591:64514;
community IX members 54591:1620;
community P1 members 54591:1679;
community P2 members 54591:53732;
community P3 members 54591:43208;
community rtbh members 6451.:666;
}
[edit]
lab@Canopus# show | find protocols
protocols {
bgp {
group ibgp {
import rtbh;
export nhs;
}
group cbgp {
import rtbh;
export nhs;
}
group P2-1 {
import [ default-filter P2-filter ];
export P2-export;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
group P3-1 {
import [ default-filter P3-filter ];
export P3-export;
}
}
}
d. R5
[edit]
lab@A-Centauri# show | find routing-options
routing-options {
aggregate {
route 0.0.0.0/0;
route 172.30.0.0/16;
}
}
[edit]
lab@A-Centauri# show | find policy-options
policy-options {
policy-statement C3-filter {
term 1 {
from family inet6;
then accept;
}
term 2 {
from {
community C3-low-pref;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then { 165
local-preference 90;
community add C3;
accept;
}
}
term 3 {
.
166
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 300;
community add C3;
accept;
}
}
term 4 {
then reject;
}
}
policy-statement as-internal {
term 1 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
policy-statement nhs {
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
next-hop discard;
}
}
}
community C1 members 54591:64512;
community C2 members 54591:64513;
community C3 members 54591:64514;
community C3-low-pref members 64514:90;
community IX members 54591:1620;
community P1 members 54591:1679;
community P2 members 54591:53732;
community P3 members 54591:43208;
community rtbh members 6451.:666;
}
[edit]
lab@A-Centauri# show | find protocols 166
protocols {
bgp {
group ibgp {
import rtbh;
export nhs;
}
.
167
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
group cbgp {
import rtbh;
export nhs;
}
group C3 {
import [ default-filter C3-filter ];
export as-internal;
}
}
}
e. R6
[edit]
lab@ Vega# show | find routing-options
routing-options {
aggregate {
route 0.0.0.0/0;
route 172.30.0.0/16;
}
}
[edit]
lab@ Vega# show | find policy-options
policy-options {
policy-statement C1-filter {
term 1 {
from {
community C1-low-pref;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
}
then {
local-preference 90;
community add C1;
accept;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 400;
community add C1;
accept;
}
}
term 3 {
then reject;
}
}
policy-statement C2-filter {
term 1 {
from {
community C2-low-pref;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 90;
community add C2;
accept;
} 167
}
term 2 {
from {
}
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
then {
.
168
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
local-preference 300;
community add C2;
accept;
}
}
term 3 {
then reject;
}
}
policy-statement as-internal {
term 1 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then {
metric 10;
accept;
}
}
}
policy-statement damp-aggressive {
term 1 {
then damping aggressive;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
}
then reject;
}
}
policy-statement default-only {
term 1 {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement med-10 {
term 1 {
from protocol bgp;
then {
metric 10;
accept;
}
}
}
policy-statement nhs {
term 1 {
from {
protocol bgp;
route-type external;
}
then { 168
next-hop self;
}
}
}
policy-statement rtbh {
term 1 {
.
169
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@ Vega# show | find protocols
protocols {
bgp {
group ibgp {
import rtbh;
export nhs;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
}
group cbgp {
import rtbh;
export nhs;
}
group C2-1 {
import [ damp-aggressive default-filter C2-filter ];
export default-only;
}
group C1-1 {
import [ damp-aggressive default-filter C1-filter ];
}
}
}
f. R7
[edit]
lab@ Rigel# show | find routing-options
routing-options {
aggregate {
route 172.30.0.0/16;
route 172.30.128.0/17;
}
}
[edit]
lab@ Rigel# show | find policy-options
policy-options {
policy-statement C1-filter {
term 1 {
from { 169
community C1-low-pref;
}
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
then {
local-preference 90;
community add C1;
.
170
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
accept;
}
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 300;
community add C1;
accept;
}
}
term 3 {
then reject;
}
}
policy-statement P1-export {
term 1 {
from {
protocol bgp;
community IX;
}
then reject;
}
term 2 {
from {
protocol aggregate;
route-filter 172.30.128.0/17 exact;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
then {
community set no-export;
accept;
}
}
term 3 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement P1-filter {
term 1 {
from {
as-path P1;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 200;
community set P1;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement as-internal {
term 1 {
from { 170
protocol aggregate;
}
route-filter 172.30.0.0/16 exact;
then {
metric 20;
accept;
.
171
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
}
policy-statement damp-aggressive {
term 1 {
then damping aggressive;
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement med-20 {
term 1 {
from protocol bgp;
then {
metric 20;
accept;
}
}
}
policy-statement nhs {
term 1 {
from {
protocol bgp;
route-type external;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
}
then {
next-hop self;
}
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
next-hop discard;
}
}
}
community C1 members 54591:64512;
community C1-low-pref members 64512:90;
community C2 members 54591:64513;
community C3 members 54591:64514;
community IX members 54591:1620;
community P1 members 54591:1679;
community P2 members 54591:53732;
community P3 members 54591:43208;
community no-export members no-export;
community rtbh members 6451.:666;
as-path P1 110047427;
damping aggressive {
half-life 20;
reuse 500;
suppress 2500;
}
}
171
[edit]
lab@ Rigel# show | find protocols
protocols {
bgp {
group ibgp {
import rtbh;
.
172
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
export nhs;
}
group cbgp {
import rtbh;
export nhs;
}
group P1-2 {
import [ default-filter P1-filter ];
export P1-export;
}
group C1-1 {
import [ damp-aggressive default-filter C1-filter ];
export [ as-internal med-20 ];
}
}
}
g. R8
[edit]
lab@ Procyon# show | find routing-options
routing-options {
aggregate {
route 172.30.0.0/16;
route 172.30.0.0/17;
}
}
[edit]
lab@ Procyon# show | find policy-options
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
policy-options {
policy-statement P1-export {
term 1 {
from {
protocol bgp;
community IX;
}
then reject;
}
term 2 {
from {
protocol aggregate;
route-filter 172.30.0.0/17 exact;
}
then {
community set no-export;
accept;
}
}
term 3 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement P1-filter {
term 1 {
from {
as-path P1;
route-filter 0.0.0.0/0 prefix-length-range /8-/24; 172
}
then {
local-preference 200;
community set P1;
accept;
}
.
173
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
term 2 {
then reject;
}
}
policy-statement better-local-preference {
term 1 {
from {
family inet;
protocol bgp;
}
then {
local-preference 210;
}
}
}
policy-statement default-filter {
term 1 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement nhs {
term 1 {
from {
protocol bgp;
route-type external;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
then {
next-hop self;
}
}
}
policy-statement rtbh {
term 1 {
from community rtbh;
then {
next-hop discard;
}
}
}
community C1 members 54591:64512;
community C2 members 54591:64513;
community C3 members 54591:64514;
community IX members 54591:1620;
community P1 members 54591:1679;
community P2 members 54591:53732;
community P3 members 54591:43208;
community no-export members no-export;
community rtbh members 6451.:666;
as-path P1 110047427;
}
[edit]
lab@ Procyon# show | find protocols
protocols {
bgp {
group ibgp {
import rtbh;
export [ nhs better-local-preference ]; 173
}
group cbgp
import
{
rtbh;
}
export [ nhs better-local-preference ];
group P1-1 {
.
174
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP workbook: Appendix -‐ Chapter Three: BGP and Routing Policy
174
.
175
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
1) Delete
IBGP
settings
from
previous
confederation
task.
[edit routing-options]
lab@Sun# delete confederation
.
176
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) Configure
IBGP.
[edit protocols bgp]
lab@Sun# show
group ibgp {
type internal;
local-address 172.30.5.1;
import rtbh;
authentication-key "$9$QLvBntOW87dwgreMX-waJQFnCpB"; ## SECRET-DATA
bfd-liveness-detection {
minimum-interval 300;
}
neighbor 172.30.5.41;
}
5) Apply
next-‐hop-‐self
policy
on
all
routers
but
R1
and
R2.
[edit policy-options policy-statement nhs]
lab@Canopus# show
term 1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}
family inet {
address 172.30.0.66/30;
}
}
family iso;
unit 207 {
.
177
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
vlan-id 207;
family inet {
address 172.30.0.70/30;
}
family iso;
}
b. Configure
ISIS.
[edit protocols]
lab@route-reflector# show
isis {
level 2 disable;
level 1 {
authentication-key "$9$j6qT3EhrKWx0BRSeW-djHqfQn"; ## SECRET-DATA
authentication-type md5; ## SECRET-DATA
}
interface all {
point-to-point;
bfd-liveness-detection {
minimum-interval 150;
multiplier 3;
}
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
autonomous-system 54591;
d. Configure
IBGP.
[edit protocols bgp]
lab@route-reflector# show
group cluster-1 {
type internal;
local-address 172.30.5.41;
family inet {
unicast;
}
authentication-key "$9$8b17wgPfzn9pikmT39OB8X7Vs4"; ## SECRET-DATA
cluster 0.0.0.1;
bfd-liveness-detection {
minimum-interval 300;
}
neighbor 172.30.5.1;
neighbor 172.30.5.6;
neighbor 172.30.5.7;
neighbor 172.30.5.8;
}
group cluster-2 {
type internal;
local-address 172.30.5.41;
family inet {
unicast;
}
authentication-key "$9$qf39yrv8xdIESeWxwsqmfznC"; ## SECRET-DATA
cluster 0.0.0.2;
bfd-liveness-detection { 177
minimum-interval 300;
}
neighbor 172.30.5.2;
neighbor 172.30.5.3;
neighbor 172.30.5.4;
.
178
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
neighbor 172.30.5.5; }
JNCIE-‐SP workbook: Appendix -‐ Chapter Three: BGP and Routing Policy
178
.
179
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
1) R1
a. Check
the
BGP
session
status.
lab@Sun> show bgp summary
Groups: 2 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1344 599 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.30.5.41 54591 133 374 0 0 3:28
216/216/216/0 0/0/0/0
192.168.1.3 1620 509 134 0 0 3:21
383/564/402/0 0/0/0/0
192.168.1.4 1620 477 133 0 0 3:19
0/564/402/0 0/0/0/0
Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
.
180
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
inet.0: 833 destinations, 1416 routes (671 active, 0 holddown, 324 hidden)
Prefix Nexthop MED Lclpref AS path
* 1.64.0.0/10 192.168.1.3 100 1620 61671 I
* 1.84.160.0/20 192.168.1.3 100 1620 33112 I
---(more)---
d. Check
the
routes
with
mask
shorter
than
/8
and
longer
than
/24.
lab@Sun> show route protocol bgp terse | match "(/[0-7] )|(/2[5-9] )|(/3[0-2] )"
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
inet.0: 833 destinations, 1416 routes (671 active, 0 holddown, 324 hidden)
Prefix Nexthop MED Lclpref AS path
* 1.64.0.0/10 192.168.1.3 100 1620 61671 I
* 1.84.160.0/20 192.168.1.3 100 1620 33112 I
---(more)---
inet.0: 832 destinations, 1415 routes (670 active, 0 holddown, 324 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.31.0.0/24 Self 64512 I
* 172.31.1.0/24 Self 64512 I
---(more)---
inet.0: 832 destinations, 1415 routes (670 active, 0 holddown, 324 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.30.0.0/16 Self I
inet.0: 832 destinations, 1415 routes (670 active, 0 holddown, 324 hidden)
+ = Active Route, - = Last Active, * = Both
inet.0: 832 destinations, 1415 routes (670 active, 0 holddown, 324 hidden)
+ = Active Route, - = Last Active, * = Both
k. Check
the
P1,
P2,
P3
routes
are
preferred
to
IX
routes.
lab@Sun> show route 172.17.0.0/24
inet.0: 832 destinations, 1415 routes (670 active, 0 holddown, 324 hidden)
+ = Active Route, - = Last Active, * = Both
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
[BGP/170] 01:54:03, localpref 100
AS path: 1620 110047427 I
> to 192.168.1.4 via ge-0/0/5.300
2) R2
a. Repeat
the
steps
as
on
the
R1.
b. Check
that
R2
advertisements
to
IX
are
less
preferred.
lab@Sirius> show route advertising-protocol bgp 192.168.1.4
inet.0: 832 destinations, 1798 routes (670 active, 0 holddown, 324 hidden)
Prefix Nexthop MED Lclpref AS path
* 5.127.0.0/17 Self 54591 54591 54591
[54591] 2831679853 9726 36659 30705 25538 37414 49276 ?
* 10.128.0.0/11 Self 54591 54591 54591
[54591] 2831679853 26697 4341 43012 28104 39181 51157 ?
3) R3
a. Repeat
the
steps
as
on
the
R1.
181
4) R4
a. Repeat
the
steps
as
on
the
R1.
5) R5
.
182
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
6) R6
a. Repeat
the
steps
as
on
the
R1.
b. Check
multihop
load
balancing.
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
lab@Vega> show route aspath-regex 64513
---(less)---
172.31.22.0/24 *[BGP/170] 00:18:54, localpref 300, from 172.31.31.1
AS path: 64513 I
> to 192.168.0.22 via ge-0/0/5.306
to 192.168.0.26 via ge-0/0/5.307
172.31.23.0/24 *[BGP/170] 00:18:54, localpref 300, from 172.31.31.1
AS path: 64513 I
> to 192.168.0.22 via ge-0/0/5.306
to 192.168.0.26 via ge-0/0/5.307
172.31.24.0/24 *[BGP/170] 00:18:54, localpref 300, from 172.31.31.1
AS path: 64513 I
to 192.168.0.22 via ge-0/0/5.306
> to 192.168.0.26 via ge-0/0/5.307
172.31.25.0/24 *[BGP/170] 00:18:54, localpref 300, from 172.31.31.1
AS path: 64513 I
to 192.168.0.22 via ge-0/0/5.306
> to 192.168.0.26 via ge-0/0/5.307
---(more)---
7) R7
a. Repeat
the
steps
as
on
the
R1.
b. Check
P1
not
native
routes
are
not
accepted.
lab@Rigel> show route receive-protocol bgp 192.168.0.30 aspath-regex "110047427 .+"
inet.0: 835 destinations, 1236 routes (673 active, 0 holddown, 548 hidden)
inet.0: 835 destinations, 1236 routes (673 active, 0 holddown, 548 hidden)
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Three:
BGP
and
Routing
Policy
Prefix Nexthop MED Lclpref AS path
* 172.30.0.0/16 Self 20 I
inet.0: 835 destinations, 1236 routes (673 active, 0 holddown, 548 hidden)
+ = Active Route, - = Last Active, * = Both
inet.0: 835 destinations, 1236 routes (673 active, 0 holddown, 548 hidden)
* 172.30.0.0/16 (1 entry, 1 announced)
BGP group P1-2 type External
Nexthop: Self
AS path: [54591] I (LocalAgg)
inet.0: 833 destinations, 1235 routes (671 active, 0 holddown, 548 hidden)
inet.0: 833 destinations, 1235 routes (671 active, 0 holddown, 548 hidden)
* 172.30.0.0/16 (1 entry, 1 announced)
BGP group P1-1 type External
Nexthop: Self
AS path: [54591] I (LocalAgg)
Communities: no-‐export
JNCIE-‐SP workbook: Appendix -‐ Chapter Three: BGP and Routing Policy
184
.
185
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
186
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
3) Configure
LDP.
[edit protocols ldp]
lab@Sun# show
track-igp-metric;
explicit-null;
interface ge-0/0/4.114;
interface ae0.0;
session 172.30.5.2 {
authentication-key "$9$SFbeLNUDkm5F4aGi.56/SreWX-"; ## SECRET-DATA
}
session 172.30.5.4 {
authentication-key "$9$mT6AleWXNbEcrvLNY2mfT3/t"; ## SECRET-DATA
}
minimum-interval 150;
multiplier 3;
}
}
interface lo0.0;
b. R2
[edit policy-options policy-statement ldp-routes]
lab@Sun# show
term 1 {
from {
protocol direct;
route-filter 192.168.1.0/24 exact;
route-filter 172.30.5.2/32 exact;
}
187
.
188
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
admin-groups {
green 0;
red 1;
}
interface ge-0/0/4.114 {
admin-group green;
}
interface ge-0/0/4.118 {
admin-group red;
}
interface ae0.0 {
admin-group [ green red ];
}
to 172.30.5.6;
oam {
bfd-liveness-detection {
}
minimum-interval 300;
}
.
190
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. R2
[edit protocols mpls]
lab@Sirius# show
label-switched-path Sirius-to-A-Centauri {
to 172.30.5.5;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
label-switched-path Sirius-to-Rigel {
to 172.30.5.7;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
c. R3
[edit protocols mpls]
lab@Canopus# show
label-switched-path Canopus-to-Vega {
to 172.30.5.6;
oam {
bfd-liveness-detection {
minimum-interval 300;
d. R4
[edit protocols mpls]
lab@Arcturus# show
label-switched-path Arcturus-to-Rigel-1 {
to 172.30.5.7;
oam {
bfd-liveness-detection {
minimum-interval 300;
} 190
}
}
label-switched-path Arcturus-to-Rigel-2 {
to 172.30.5.7;
oam {
bfd-liveness-detection {
.
191
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
minimum-interval 300;
}
}
}
label-switched-path Arcturus-to-A-Centauri {
to 172.30.5.5;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
e. R5
[edit protocols mpls]
lab@A-Centauri# show
label-switched-path A-Centauri-to-Arcturus {
to 172.30.5.4;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
label-switched-path A-Centauri-to-Sirius {
to 172.30.5.2;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
f. R6
[edit protocols mpls]
lab@Vega# show
label-switched-path Vega-to-Sun {
to 172.30.5.1;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
label-switched-path Vega-to-Canopus {
to 172.30.5.3;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
g. R7
[edit protocols mpls]
lab@Rigel# show
label-switched-path Rigel-to-Sirius {
to 172.30.5.2;
oam { 191
bfd-liveness-detection {
}
minimum-interval 300;
}
}
label-switched-path Rigel-to-Arcturus-1 {
.
192
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
to 172.30.5.4;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
label-switched-path Rigel-to-Arcturus-2 {
to 172.30.5.4;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
h. R8
[edit protocols mpls]
lab@Procyon# show
label-switched-path Procyon-to-Canopus-1 {
to 172.30.5.3;
oam {
bfd-liveness-detection {
minimum-interval 300;
}
}
}
label-switched-path Procyon-to-Canopus-2 {
to 172.30.5.3;
oam {
bfd-liveness-detection {
j. R4
[edit protocols mpls]
lab@Arcturus# show
label-switched-path Arcturus-to-A-Centauri {
admin-group include-any green;
} 192
k. R5
[edit protocols mpls]
lab@A-Centauri# show
label-switched-path A-Centauri-to-Arcturus {
.
193
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
l. R8
[edit protocols mpls]
lab@Procyon# show
label-switched-path Procyon-to-Sun {
admin-group include-any green;
}
m. R2
[edit protocols mpls]
lab@Sirius# show
label-switched-path Sirius-to-Rigel {
admin-group include-any red;
}
n. R3
[edit protocols mpls]
lab@Canopus# show
label-switched-path Canopus-to-Vega {
admin-group include-any red;
}
o. R6
[edit protocols mpls]
lab@Vega# show
label-switched-path Vega-to-Canopus {
p. R7
[edit protocols mpls]
lab@Rigel# show
label-switched-path Rigel-to-Sirius {
admin-group include-any red;
}
172.30.5.7;
172.30.5.8;
}
r. R8
.
194
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
t. R7
[edit protocols mpls]
lab@Rigel# show
label-switched-path Rigel-to-Arcturus-1 {
admin-group include-any green;
primary path-1;
}
label-switched-path Rigel-to-Arcturus-2 {
admin-group include-any green;
primary path-2;
}
path path-1 {
172.30.5.2;
}
path path-2 {
172.30.5.8;
}
9) Configure
LSPs
A,
B,
E,
F,
I,
J,
Q,
R,
S,
T
higher
priorities.
[edit protocols mpls]
lab@Sun# show
label-switched-path Sun-to-Procyon {
priority 6 6;
}
11) Configure
soft
preemtion
for
LSPs
K,
L,
O,
P.
[edit protocols mpls]
lab@Canopus# show
12) Configure
LSPs
I,
J,
K,
L,
M,
N,
O,
P
automatic
optimization.
[edit protocols mpls]
lab@Canopus# show
label-switched-path Canopus-to-Procyon-1 {
optimize-timer 28800;
adaptive;
}
label-switched-path Canopus-to-Procyon-2 {
optimize-timer 28800;
adaptive;
}
13) Configure
R5
and
R6
to
install
the
prefix
into
inet.3
table.
u. R5
[edit protocols mpls]
lab@A-Centauri# show
label-switched-path A-Centauri-to-Sirius {
install 192.168.1.0/24;
}
v. R6
[edit protocols mpls] 195
lab@Vega# show
label-switched-path Vega-to-Sun {
install 192.168.1.0/24;
}
.
196
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. R2
[edit protocols mpls]
lab@Sirius# show
label-switched-path Sirius-to-Rigel {
ldp-tunneling;
}
c. R3
[edit protocols mpls] 196
lab@Canopus# show
label-switched-path Canopus-to-Vega {
ldp-tunneling;
}
.
197
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
d. R4
[edit protocols mpls]
lab@Arcturus# show
label-switched-path Arcturus-to-A-Centauri {
ldp-tunneling;
}
e. R5
[edit protocols mpls]
lab@A-Centauri# show
label-switched-path A-Centauri-to-Arcturus {
ldp-tunneling;
}
f. R6
[edit protocols mpls]
lab@Vega# show
label-switched-path Vega-to-Canopus {
ldp-tunneling;
}
g. R7
[edit protocols mpls]
lab@Rigel# show
label-switched-path Rigel-to-Sirius {
ldp-tunneling;
}
16) Configure
an
LSP
next
hop
mapping
policy
on
R8.
[edit policy-options policy-statement lsp-map]
lab@Procyon# show
term 1 {
from {
protocol bgp;
community P2;
}
then {
install-nexthop lsp Procyon-to-Canopus-1;
}
}
term 2 {
from {
protocol bgp;
community P3;
}
then {
install-nexthop lsp Procyon-to-Canopus-2;
}
} 197
export lsp-map;
18) Configure
per
flow
load
balancing
on
R4
and
R7.
a. Configure
load
balancing
policy.
[edit policy-options policy-statement load-balance]
lab@Arcturus# show
term 1 {
then {
load-balance per-packet;
}
}
198
.
199
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
2) Configure
standby
option
for
LSPs
C,
D,
G,
H
secondary
paths.
[edit protocols mpls]
lab@Sun# show
label-switched-path Sun-to-Vega {
primary primary-1;
secondary secondary-1 {
standby;
}
}
3) Configure adaptive option for LSPs C, D, G, H to go from Fixed Filter reservation to Shared
}
link-protection;
interface ge-0/0/4.118 {
.
200
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
link-protection;
}
interface ae0.0 {
link-protection;
}
b. Configure
link
protection
for
LSPs
A,
B,
E,
F,
Q,
R,
S,
T.
[edit protocols mpls]
lab@Sun# show
label-switched-path Sun-to-Procyon {
link-protection;
}
c. Configure
link
and
node
protection
for
LSPs
I,
J,
M,
N.
[edit protocols mpls]
lab@Canopus# show
label-switched-path Canopus-to-Procyon-1 {
node-link-protection;
}
label-switched-path Canopus-to-Procyon-2 {
node-link-protection;
}
200
.
201
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) Configure
a
static
route
on
route
reflector.
We
need
to
get
routes
in
inet6.3,
since
we
are
do
not
have
MPLS
LSP
on
the
RR.
[edit routing-options]
lab@route-reflector# show
rib inet6.3 {
static {
route 0:0:0:0:0:ffff::/96 receive;
}
}
201
.
202
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
202
.
203
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
1) R1
a. Check
the
LDP
sessions.
lab@Sun> show ldp session
Address State Connection Hold time
172.30.5.2 Operational Open 24
172.30.5.4 Operational Open 23
172.30.5.8 Operational Open 29
172.30.5.6
From: 172.30.5.1, State: Up, ActiveRoute: 0, LSPname: Sun-to-Vega
ActivePath: primary-1 (primary)
FastReroute desired
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary primary-1 State: Up, No-decrement-ttl
Priorities: 7 7
Bandwidth: 60Mbps
SmartOptimizeTimer: 180
Include Any: red
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 40)
172.30.0.2 S 172.30.0.14 S 172.30.0.22 S 172.30.0.30 S 172.30.0.34 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.30.0.2(flag=9) 172.30.0.14(flag=9) 172.30.0.22(flag=9)
172.30.0.30(flag=1) 172.30.0.34
Standby secondary-1 State: Up, No-decrement-ttl
Priorities: 7 7
Bandwidth: 60Mbps
SmartOptimizeTimer: 180
Include Any: red
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)
172.30.0.10 S 172.30.0.45 S 172.30.0.41 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.30.0.10(flag=9) 172.30.0.45(flag=1) 172.30.0.41
Total 1 displayed, Up 1, Down 0
172.30.5.8
From: 172.30.5.1, State: Up, ActiveRoute: 0, LSPname: Sun-to-Procyon
ActivePath: primary-2 (primary)
Link protection desired
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary primary-2 State: Up, No-decrement-ttl
Priorities: 6 6
SmartOptimizeTimer: 180
Include Any: green
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 25)
172.30.0.2 S 172.30.0.18 S 172.30.0.46 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.30.5.2(flag=0x21) 172.30.0.2(flag=1 Label=300144)
172.30.5.7(flag=0x21) 172.30.0.18(flag=1 Label=300208) 172.30.5.8(flag=0x20)
172.30.0.46(Label=3)
Secondary secondary-2 State: Dn, No-decrement-ttl
Priorities: 6 6
SmartOptimizeTimer: 180
Include Any: green
No computed ERO.
8 Sep 25 11:36:52.644 Clear Call
Total 1 displayed, Up 1, Down 0
1) R2 205
lab@Canopus> show route protocol bgp aspath-regex "64514 .*" table inet6.0 terse
3) R4
a. Repeat
the
steps
as
on
the
R1.
4) R5
.
207
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
lab@A-Centauri> show route protocol bgp terse aspath-regex "3521382357 .*" table
inet6.0
5) R6
a. Repeat
the
steps
as
on
the
R1.
b. Check
the
BGP
IX
routes.
lab@Vega> show route protocol bgp aspath-regex "1620 .*"
6) R7
a. Repeat
the
steps
as
on
the
R1.
b. Check
the
IPv6
routes.
lab@Rigel> show route protocol bgp terse aspath-regex "3521382357 .*" table inet6.0
7) R8
a. Repeat
the
steps
as
on
the
R1.
b. Check
the
next
hop
for
BGP
P2
routes.
lab@Procyon> show route protocol bgp community-name P2
inet.0: 833 destinations, 1219 routes (669 active, 0 holddown, 550 hidden)
+ = Active Route, - = Last Active, * = Both
inet.0: 833 destinations, 1219 routes (669 active, 0 holddown, 550 hidden)
+ = Active Route, - = Last Active, * = Both
fd01:aaaa:bbbb:1:1::/80
172.30.0.45
* B 170 100 172.30.0.9 3521382357 I
>172.30.0.37
172.30.0.45
---(more)---
.
209
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
lab@Procyon> show route protocol bgp terse aspath-regex "64514 .*" table inet6.0
209
.
210
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
unit 313 {
description "CE2-1 connection 3";
vlan-id 313;
.
211
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
family inet {
address 192.168.0.49/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 172.30.5.9/32;
}
}
}
5) Configure
static
route
for
inet.3
table
on
route
reflector.
There
are
also
other
solutions
possible,
like
copying
routes
from
inet.0
into
inet.3.
[edit routing-options]
lab@route-reflector# show
rib inet.3 {
static {
route 172.30.5.0/24 receive;
}
}
instance-type vrf;
interface ge-0/0/5.318;
interface lo0.1;
vrf-target target:54591:100;
protocols {
ospf {
sham-link local 172.30.5.17;
area 0.0.0.0 {
sham-link-remote 172.30.5.21 metric 100;
sham-link-remote 172.30.5.29;
sham-link-remote 172.30.5.37;
interface all;
}
}
}
b. R4
[edit routing-options]
lab@Arcturus# show
route-distinguisher-id 172.30.5.4;
c. R6
[edit routing-options]
lab@Vega# show
route-distinguisher-id 172.30.5.6;
}
}
d. R8
.
213
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit routing-options]
lab@Procyon# show
route-distinguisher-id 172.30.5.8;
[edit routing-instances]
lab@Sun# show
C2-hub {
instance-type vrf;
interface ge-0/0/5.311;
interface lo0.1;
vrf-import C2-hub-import;
vrf-export C2-hub-export;
vrf-table-label;
protocols {
bgp {
group ce {
type external;
peer-as 64600;
neighbor 192.168.0.42;
}
}
}
}
C2-spoke {
instance-type vrf;
interface ge-0/0/5.312;
interface lo0.2;
vrf-import C2-spoke-import;
vrf-export C2-spoke-export;
protocols {
bgp {
group ce { 213
type external;
peer-as 64600;
as-override;
}
neighbor 192.168.0.46;
}
.
214
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
[edit policy-options]
lab@Sun# show
policy-statement C2-hub-export {
term 1 {
from protocol [ bgp direct ];
then {
community set CE2-hub;
accept;
}
}
}
policy-statement C2-hub-import {
term 1 {
then reject;
}
}
policy-statement C2-spoke-export {
term 1 {
then reject;
}
}
policy-statement C2-spoke-import {
term 1 {
from {
protocol bgp;
community CE2-spoke;
}
then accept;
}
b. R2
[edit routing-options]
lab@Sirius# show
route-distinguisher-id 172.30.5.2;
autonomous-system 54591 loops 3;
[edit routing-instances]
lab@Sirius# show
C2-hub {
instance-type vrf;
interface ge-0/0/5.314;
interface lo0.1;
vrf-import C2-hub-import;
vrf-export C2-hub-export;
vrf-table-label;
protocols {
bgp {
group ce {
type external;
peer-as 64600;
as-override;
neighbor 192.168.0.54;
}
}
} 214
}
C2-spoke {
instance-type vrf;
interface ge-0/0/5.315;
interface lo0.2;
vrf-import C2-spoke-import;
.
215
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
vrf-export C2-spoke-export;
protocols {
bgp {
group ce {
type external;
peer-as 64600;
neighbor 192.168.0.58;
}
}
}
}
[edit policy-options]
lab@Sirius# show
policy-statement C2-hub-export {
term 1 {
from protocol [ bgp direct ];
then {
community set CE2-hub;
accept;
}
}
}
policy-statement C2-hub-import {
term 1 {
then reject;
}
}
policy-statement C2-spoke-export {
term 1 {
then reject;
}
c. R4
[edit routing-options]
lab@Arcturus# show
route-distinguisher-id 172.30.5.4;
autonomous-system 54591 loops 3;
.
216
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
[edit policy-options]
lab@Arcturus# show
policy-statement C2-spoke-export {
term 1 {
from protocol [ bgp direct ];
then {
community set CE2-spoke;
accept;
}
}
}
policy-statement C2-spoke-import {
term 1 {
from {
protocol bgp;
community CE2-hub;
}
then accept;
}
}
community CE2-hub members target:54591:200;
community CE2-spoke members target:54591:201;
d. R5
[edit routing-options]
lab@A-Centauri# show
route-distinguisher-id 172.30.5.5;
autonomous-system 54591 loops 3;
[edit policy-options]
lab@A-Centauri# show
policy-statement C2-spoke-export {
term 1 {
from protocol [ bgp direct ];
then {
community set CE2-spoke;
accept;
}
} 216
}
policy-statement C2-spoke-import {
term 1 {
from {
protocol bgp;
community CE2-hub;
.
217
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
then accept;
}
}
community CE2-hub members target:54591:200;
community CE2-spoke members target:54591:201;
e. R7
[edit routing-options]
lab@Rigel# show
route-distinguisher-id 172.30.5.7;
autonomous-system 54591 loops 3;
group cluster-1 {
family route-target;
}
group cluster-2 {
family route-target;
}
10) Configure
route
exchange
between
customer
C1
site
2
and
customer
C2
site
2.
a. Configure
rib
groups
on
R4.
[edit routing-options]
lab@Arcturus# show
rib-groups {
C1-C2-vpn {
import-rib [ C1.inet.0 C2-spoke.inet.0 ];
}
C2-C1-vpn {
import-rib [ C2-spoke.inet.0 C1.inet.0 ];
}
}
c. Configure
static
default
route
in
R3
and
R4
C1
instance.
[edit routing-instances C1]
lab@Arcturus# show
routing-options {
static {
route 0.0.0.0/0 next-table inet.0;
from {
protocol direct;
route-filter 192.168.0.72/30 exact;
}
route-filter 172.30.5.21/32 exact;
then {
.
221
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
peer-as 64600;
neighbor 192.168.0.50;
}
222
.
223
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
import-rib inet.2;
}
.
224
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
224
.
225
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b.
R4
[edit routing-instances C1 protocols pim]
lab@Arcturus# show
dense-groups {
224.0.1.39/32;
224.0.1.40/32;
}
vpn-group-address 239.1.1.1;
rp {
auto-rp discovery;
}
interface all {
mode sparse-dense;
}
mdt {
threshold {
group 239.0.0.1/32 {
source 0.0.0.0/0 {
rate 30000;
}
}
group 239.0.0.2/32 {
source 0.0.0.0/0 {
rate 30000;
} 225
}
}
tunnel-limit 5;
}
group-range 239.0.0.0/24;
.
226
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
c. R6
[edit routing-instances C1 protocols pim]
lab@Vega# show
dense-groups {
224.0.1.39/32;
224.0.1.40/32;
}
vpn-group-address 239.1.1.1;
rp {
auto-rp discovery;
}
interface all {
mode sparse-dense;
}
d. R8
[edit routing-instances C1 protocols pim]
lab@Procyon# show
dense-groups {
224.0.1.39/32;
224.0.1.40/32;
}
vpn-group-address 239.1.1.1;
rp {
auto-rp discovery;
}
interface all {
mode sparse-dense;
}
b. Configure
PIM
in
the
customer
instances
on
R4,
R5,
R7.
[edit routing-instances C2-spoke protocols pim]
lab@Arcturus# show
interface all;
c. Configure
BGP
MVPN
family
on
R1,
R2,
R4,
R5
and
R7.
[edit protocols bgp group ibgp]
lab@Sun# show
family inet-mvpn {
signaling;
}
226
6) Configure
BGP
MVPN
family
on
route
reflector.
[edit protocols bgp]
lab@route-reflector# show
group cluster-1 {
family inet-mvpn {
.
227
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
signaling;
}
}
group cluster-2 {
family inet-mvpn {
signaling;
}
}
b. R2
[edit policy-options policy-statement C2-direct-routes]
lab@Sirius# show
term 1 {
from {
protocol direct;
route-filter 172.30.5.253/32 exact;
}
then {
metric 100;
accept;
}
}
term 2 {
from protocol direct;
then accept;
}
}
}
.
229
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
229
.
230
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. R8
[edit routing-instances C3]
lab@Procyon# show
instance-type vrf;
interface ge-0/0/5.325;
interface lo0.2;
vrf-target target:54591:300;
protocols {
bgp {
group ce {
type external;
peer-as 64601;
as-override; 230
neighbor fc09:c0:ffee::e;
}
}
}
.
231
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
1) R1
a. Check
the
PE
advertised
routes.
lab@Sun> show route advertising-protocol bgp 172.30.5.41 table C2-spoke.inet.0
* 172.31.75.0/24
B
B
170
170
100
100
>172.30.0.2
>172.30.0.6
64600 I
64600 I
* 172.31.76.0/24
B
B
170
170
100
100
>172.30.0.2
>172.30.0.2
64600 I
64600 I
* 172.31.77.0/24 B 170 100 >172.30.0.2 64600 I
.
232
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
233
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
.
234
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
2) R2
a. Repeat
the
steps
as
on
the
R1.
3) R3
a. Check
the
PE
advertised
routes.
lab@Canopus> show route advertising-protocol bgp 172.30.5.41 table C1.inet.0
.
235
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
236
.
237
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) R4
a. Repeat
the
steps
as
on
the
R3.
b. Check
the
customer
CE2
Internet
access.
lab@Arcturus> show route 0/0 exact table C2-spoke.inet.0
1:172.30.5.1:32767:172.30.5.1/240
*[BGP/170] 00:08:59, localpref 100, from 172.30.5.41
AS path: I
> to 172.30.0.5 via ge-0/0/4.114, Push 0
1:172.30.5.2:32767:172.30.5.2/240
*[BGP/170] 00:08:44, localpref 100, from 172.30.5.41
AS path: I
> to 172.30.0.5 via ge-0/0/4.114, Push 299776
1:172.30.5.4:32767:172.30.5.4/240
*[MVPN/70] 01:09:28, metric2 1
Indirect
1:172.30.5.5:32767:172.30.5.5/240
*[BGP/170] 00:08:55, localpref 100, from 172.30.5.41
AS path: I
5) R5
a. Repeat
the
steps
as
on
the
R4.
6) R6
a. Repeat
the
steps
as
on
the
R3.
7) R7
a. Repeat
the
steps
as
on
the
R4.
8) R8
a. Repeat
the
steps
as
on
the
R3.
238
9) Route
Reflector.
a. Check
the
IBGP
families.
lab@route-reflector> show bgp summary
Groups: 2 Peers: 8 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
.
239
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
239
.
240
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
1) Configure
additional
interfaces
on
R1,
R3,
R5,
R6,
R7,
R8.
[edit interfaces ge-0/0/3]
lab@Sun# show
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 512 {
encapsulation vlan-ccc;
vlan-id 512;
}
unit 513 {
encapsulation vlan-ccc;
vlan-id 513;
}
unit 514 {
encapsulation vlan-ccc;
vlan-id 514;
} 240
interface lo0.0;
3) Configure
BGP
family
L2VPN
signalling
on
R2,
R3,
R4,
R5,
R7.
[edit protocols bgp group ibgp]
lab@Sirius# show
family l2vpn {
signaling;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
[edit protocols l2circuit]
lab@Sun# show
neighbor 172.30.5.8 {
interface ge-0/0/3.512 {
virtual-circuit-id 512;
}
}
neighbor 172.30.5.6 {
interface ge-0/0/3.513 {
virtual-circuit-id 513;
}
}
b. R6
[edit protocols l2circuit]
lab@Vega# show
neighbor 172.30.5.1 {
interface ge-0/0/3.513 {
virtual-circuit-id 513;
}
}
neighbor 172.30.5.8 {
interface ge-0/0/3.514 {
virtual-circuit-id 514;
}
}
c. R8
[edit protocols l2circuit]
lab@Procyon# show
neighbor 172.30.5.1 { 241
interface ge-0/0/3.512 {
virtual-circuit-id 512;
}
}
neighbor 172.30.5.6 {
interface ge-0/0/3.514 {
.
242
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
virtual-circuit-id 514;
}
}
b. R3
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
[edit routing-instances C5-l2vpn]
lab@Canopus# show
instance-type l2vpn;
interface ge-0/0/3.512;
interface ge-0/0/3.513;
interface ge-0/0/3.514;
vrf-target target:54591:500;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site site-2 {
site-identifier 2;
interface ge-0/0/3.512;
interface ge-0/0/3.514;
}
}
}
c. R5
[edit routing-instances C5-l2vpn]
lab@A-Centauri# show
instance-type l2vpn;
interface ge-0/0/3.512;
interface ge-0/0/3.513;
interface ge-0/0/3.514;
vrf-target target:54591:500;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site site-3 {
site-identifier 3;
interface ge-0/0/3.513;
interface ge-0/0/3.514; 242
}
}
}
.
243
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
1) Configure
additional
interfaces
on
R2,
R3,
R4,
R5.
[edit interfaces ge-0/0/3]
lab@Sirius# show
unit 600 {
encapsulation vlan-vpls;
vlan-id 600;
}
unit 601 {
encapsulation vlan-vpls;
vlan-id 601;
}
site site-4 {
site-identifier 4;
}
}
}
b. R3
[edit routing-instances C5-vpls]
lab@Canopus# show
instance-type vpls;
vlan-id all;
interface ge-0/0/3.600;
interface ge-0/0/3.601;
vrf-target target:54591:501;
protocols {
vpls {
site-range 8;
no-tunnel-services;
site site-5 {
site-identifier 5;
}
}
}
c. R4
[edit routing-instances C5-vpls]
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
lab@Arcturus# show
instance-type vpls;
vlan-id all;
interface ge-0/0/3.600;
interface ge-0/0/3.601;
vrf-target target:54591:501;
protocols {
vpls {
site-range 8;
no-tunnel-services;
site site-5 {
site-identifier 5;
}
}
}
d. R5
[edit routing-instances C5-vpls]
lab@A-Centauri# show
instance-type vpls;
vlan-id all;
interface ge-0/0/3.600;
interface ge-0/0/3.601;
vrf-target target:54591:501;
protocols {
vpls {
site-range 8;
no-tunnel-services;
site site-6 {
site-identifier 6;
}
}
} 244
lab@Canopus# show
site site-5 {
site-identifier 5;
multi-homing;
site-preference primary;
}
b. R4
[edit routing-instances C5-vpls protocols vpls]
lab@Arcturus# show
site site-5 {
site-identifier 5;
multi-homing;
site-preference backup;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
}
b. R6
[edit routing-instances C6-vpls]
lab@Vega# show
instance-type vpls;
vlan-id all;
interface ge-0/0/3.700;
interface ge-0/0/3.701;
protocols { 245
vpls {
encapsulation-type ethernet-vlan;
no-tunnel-services;
vpls-id 600;
neighbor 172.30.5.1;
neighbor 172.30.5.7 {
.
246
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
revert-time 60;
backup-neighbor 172.30.5.8;
}
}
}
c. R7
[edit routing-instances C6-vpls]
lab@Rigel# show
instance-type vpls;
vlan-id all;
interface ge-0/0/3.700;
interface ge-0/0/3.701;
protocols {
vpls {
encapsulation-type ethernet-vlan;
no-tunnel-services;
vpls-id 600;
neighbor 172.30.5.1;
neighbor 172.30.5.6;
}
}
d. R8
[edit routing-instances C6-vpls]
lab@Procyon# show
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
instance-type vpls;
vlan-id all;
interface ge-0/0/3.700;
interface ge-0/0/3.701;
protocols {
vpls {
encapsulation-type ethernet-vlan;
no-tunnel-services;
vpls-id 600;
neighbor 172.30.5.1;
neighbor 172.30.5.6;
}
}
6) Configure
MAC
table
size
for
customer
C5
VPLS
on
R2,
R3,
R4,
R5.
[edit routing-instances C5-vpls protocols vpls]
lab@Sirius# show
mac-table-size {
200;
}
7) Configure
MAC
table
size
for
customer
C6
VPLS
on
R1,
R6,
R7,
R8.
[edit routing-instances C6-vpls protocols vpls]
lab@Sun# show
mac-table-size {
100;
packet-action drop;
}
246
.
247
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
a. Configure
additional
interface.
[edit interfaces ge-0/0/3]
lab@Rigel# show
unit 600 {
encapsulation vlan-ccc;
vlan-id 600;
}
unit 0 {
encapsulation vlan-ccc;
vlan-id 600;
peer-unit 1;
}
unit 1 {
encapsulation vlan-vpls;
vlan-id 600;
peer-unit 0;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
10) Add
lt-‐
inteface
to
VPLS
instance.
[edit routing-instances C5-vpls]
lab@Sirius# show
interface lt-0/0/0.1;
248
.
249
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
1) R1
a. Check
LDP
sessions.
lab@Sun> show ldp session
Address State Connection Hold time
172.30.5.2 Operational Open 28
172.30.5.4 Operational Open 20
172.30.5.6 Operational Open 27
172.30.5.7 Operational Open 27
172.30.5.8 Operational Open 24
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
Input label database, 172.30.5.1:0--172.30.5.7:0
Label Prefix
262145 L2CKT NoCtrlWord VLAN VC 600
Neighbor: 172.30.5.6
Interface Type St Time last up # Up trans
ge-0/0/3.513(vc 513) rmt Up Sep 25 13:45:55 2012 1
Remote PE: 172.30.5.6, Negotiated control-word: Yes (Null)
Incoming label: 303168, Outgoing label: 305168
Negotiated PW status TLV: No
Local interface: ge-0/0/3.513, Status: Up, Encapsulation: VLAN
Neighbor: 172.30.5.7
No l2circuit connections found
Neighbor: 172.30.5.8
Interface Type St Time last up # Up trans 249
ge-0/0/3.512(vc 512) rmt Up Sep 25 13:45:41 2012 1
Remote PE: 172.30.5.8, Negotiated control-word: Yes (Null)
Incoming label: 303152, Outgoing label: 304048
Negotiated PW status TLV: No
Local interface: ge-0/0/3.512, Status: Up, Encapsulation: VLAN
.
250
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Instance: C6-vpls
VPLS-id: 600
Neighbor Type St Time last up # Up trans
172.30.5.6(vpls-id 600) rmt Up Sep 25 13:45:59 2012 1
Remote PE: 172.30.5.6, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262145
Negotiated PW status TLV: No
Local interface: lsi.1048579, Status: Up, Encapsulation: VLAN
Description: Intf - vpls C6-vpls neighbor 172.30.5.6 vpls-id 600
172.30.5.7(vpls-id 600) rmt Up Sep 25 13:46:38 2012 1
Remote PE: 172.30.5.7, Negotiated control-word: No
Incoming label: 262148, Outgoing label: 262145
Negotiated PW status TLV: No
Local interface: lsi.1048580, Status: Up, Encapsulation: VLAN
Description: Intf - vpls C6-vpls neighbor 172.30.5.7 vpls-id 600
172.30.5.8(vpls-id 600) rmt BK
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
ge-0/0/3.700 user 0 comp 649 3
ge-0/0/3.701 user 0 comp 649 3
lsi.1048579 user 0 comp 790 3
lsi.1048580 user 0 comp 790 3
00:23:9c:8b:6c:95/48 dynm 0 ucst 700 3 ge-0/0/3.701
00:23:9c:8b:6c:9a/48 dynm 0 indr 262152 4
ulst 262165 2
172.30.0.2 Push 262145, Push 302800(top) 873
1 ae0.0
172.30.0.10 Push 262145, Push 306528(top) 657
1 ge-0/0/4.118
2) R2
a. Check
the
customer
L2VPN
table
routes.
lab@Sirius> show route table C5-l2vpn.l2vpn.0
172.30.5.2:65534:4:1/96
*[L2VPN/170/-101] 00:16:06, metric2 1
Indirect
172.30.5.3:65534:2:1/96
*[BGP/170] 00:00:37, localpref 100, from 172.30.5.41
AS path: I
> to 172.30.0.14 via ge-0/0/4.123, Push 0
172.30.5.5:65534:3:1/96
*[BGP/170] 00:14:37, localpref 100, from 172.30.5.41
AS path: I
> to 172.30.0.14 via ge-0/0/4.123, label-switched-path Sirius-
to-A-Centauri
to 172.30.0.1 via ae0.0, label-switched-path Sirius-to-A- 250
Centauri
to-A-Centauri
to 172.30.0.18 via ge-0/0/4.127, label-switched-path Sirius-
to-A-Centauri
to 172.30.0.14 via ge-0/0/4.123, label-switched-path Sirius-
172.30.5.7:65534:1:1/96
.
251
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
172.30.5.2:6:4:1/96
*[L2VPN/170/-101] 00:17:10, metric2 1
Indirect
172.30.5.3:6:5:1/96
*[BGP/170] 00:01:41, localpref 65535, from 172.30.5.41
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
AS path: I
> to 172.30.0.14 via ge-0/0/4.123, Push 0
172.30.5.5:5:6:1/96
*[BGP/170] 00:17:00, localpref 100, from 172.30.5.41
AS path: I
> to 172.30.0.14 via ge-0/0/4.123, label-switched-path Sirius-
to-A-Centauri
to 172.30.0.1 via ae0.0, label-switched-path Sirius-to-A-
Centauri
to 172.30.0.18 via ge-0/0/4.127, label-switched-path Sirius-
to-A-Centauri
to 172.30.0.14 via ge-0/0/4.123, label-switched-path Sirius-
to-A-Centauri
Instance: C5-l2vpn
Local site: site-4 (4)
connection-site Type St Time last up # Up trans
1 rmt Up Sep 25 14:01:25 2012 1
Remote PE: 172.30.5.7, Negotiated control-word: Yes (Null)
Incoming label: 800000, Outgoing label: 800003
Local interface: lt-0/0/0.0, Status: Up, Encapsulation: VLAN
2 rmt OR
3 rmt OR 251
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
0/0/4.123
00:23:9c:8b:6c:9b/48 dynm 0 ucst 807 1 lt-0/0/0.1
3) R3
a. Repeat
the
steps
as
on
the
R2.
b. Check
the
L2VPN
connections.
lab@Canopus> show l2vpn connections | find "Instance:"
Instance: C5-l2vpn
Local site: site-2 (2)
connection-site Type St Time last up # Up trans
1 rmt Up Sep 25 14:08:23 2012 1
Remote PE: 172.30.5.7, Negotiated control-word: Yes (Null)
Incoming label: 800000, Outgoing label: 800001
Local interface: ge-0/0/3.512, Status: Up, Encapsulation: VLAN
3 rmt Up Sep 25 13:47:23 2012 1
Remote PE: 172.30.5.5, Negotiated control-word: Yes (Null)
Incoming label: 800002, Outgoing label: 800001
Local interface: ge-0/0/3.514, Status: Up, Encapsulation: VLAN
4 rmt OR
Instance: C5-vpls
Local site: site-5 (5)
connection-site Type St Time last up # Up trans
4 rmt Up Sep 25 13:46:04 2012 1
Remote PE: 172.30.5.2, Negotiated control-word: No
Incoming label: 262148, Outgoing label: 262149
Local interface: lsi.1048577, Status: Up, Encapsulation: VPLS 252
6
Description: Intf - vpls C5-vpls local site 5 remote site 4
rmt Up Sep 25 13:46:03 2012 1
Remote PE: 172.30.5.5, Negotiated control-word: No
Incoming label: 262150, Outgoing label: 262149
Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
.
253
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) R4
a. Repeat
the
steps
as
on
the
R2.
5) R5
a. Repeat
the
steps
as
on
the
R2.
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
6) R6
a. Repeat
the
steps
as
on
the
R1.
7) R7
a. Repeat
the
steps
as
on
the
R1
and
R2.
8) R8
a. Repeat
the
steps
as
on
the
R1.
1) Route
reflector
a. Check
the
IBGP
families.
lab@route-reflector> show bgp summary
Groups: 2 Peers: 8 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 984 216 0 0 0 0
inet6.0 64 48 0 0 0 0
bgp.l3vpn.0 98 98 0 0 0 0
bgp.mvpn.0 4 4 0 0 0 0
bgp.l2vpn.0 7 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Damped...
172.30.5.1 54591 440 222 0 1 5:40 Establ
inet.0: 0/383/0
inet6.0: 0/0/0
bgp.l3vpn.0: 26/26/0
bgp.rtarget.0: 4/4/0
bgp.mvpn.0: 1/1/0
bgp.l2vpn.0: 0/0/0
172.30.5.2 54591 471 958 0 1 5:32 Establ 253
inet.0: 0/383/0
inet6.0: 0/0/0
bgp.l3vpn.0: 26/26/0
bgp.rtarget.0: 4/6/0
bgp.mvpn.0: 1/1/0
bgp.l2vpn.0: 2/2/0
.
254
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Six:
L2VPN
and
VPLS
Configuration
bgp.l3vpn.0: 4/4/0
bgp.rtarget.0: 2/5/0
bgp.mvpn.0: 1/1/0
bgp.l2vpn.0: 1/1/0
172.30.5.8 54591 106 1598 0 0 6:25 Establ
inet.0: 16/16/0
inet6.0: 0/16/0
bgp.l3vpn.0: 5/5/0
bgp.rtarget.0: 0/2/0
bgp.l3vpn-inet6.0: 10/10/0
254
.
255
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
as-path P3-local-routes;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then accept;
}
term 2 {
from {
family inet;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 200;
community set P3;
accept;
}
}
term 3 {
from family inet;
then reject;
}
[edit policy-options]
lab@Canopus# show
as-path P3-local-routes 2831679853;
6) Configure
BGP
route
target
family
advertise
default
option
on
R3.
[edit protocols bgp group ibgp]
lab@Canopus# show
family route-target {
advertise-default;
}
[edit policy-options]
lab@Canopus# show
community CE2-remote members target:43208:200;
community CE2-spoke members target:54591:201;
community CE2-hub members target:54591:200;
257
.
258
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
b. R3
[edit protocols bgp]
lab@Canopus# show
group P3-1 {
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
} 258
}
}
group ibgp {
family inet {
unicast;
labeled-unicast {
.
259
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
rib {
inet.3;
}
}
}
}
c. R4
[edit protocols bgp group ibgp]
lab@Arcturus# show
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
d. R5
[edit protocols bgp group ibgp]
lab@A0Centauri# show
family inet {
e. Route
reflector
[edit protocols bgp]
lab@route-reflector# show
group cluster-1 {
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
}
group cluster-2 {
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
}
term 1 {
from {
protocol aggregate;
}
route-filter 172.30.0.0/16 exact;
then accept;
.
260
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
term 2 {
from {
rib inet.3;
route-filter 172.30.5.0/24 prefix-length-range /32-/32;
}
then accept;
}
4) Configure
EBGP
session
with
remote
PE
router
on
route
reflector.
[edit protocols bgp]
lab@route-reflector# show
group P3-remote-pe {
type external;
multihop {
no-nexthop-change;
}
local-address 172.30.5.41;
family l2vpn {
signaling;
}
peer-as 23456;
neighbor 172.17.47.3;
}
5) Check
the
received
P3
VPLS
route
target
on
route
reflector.
[edit protocols bgp]
lab@route-reflector# run show route receive-protocol bgp 172.17.47.3 table
bgp.l2vpn detail
from {
protocol bgp;
community CE5-remote;
}
then {
community delete CE5-remote;
community add CE5;
accept;
}
}
261
.
262
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
262
.
263
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
1) R1
a. Check
the
L3VPN
routes
from
the
remote
PE.
lab@Sun> show route protocol bgp terse table C2-spoke.inet.0 aspath-regex
"2831679853 .*"
2) R2
a. Repeat
the
steps
as
on
the
R1.
3) R3
a. Check
the
BGP
sessions.
inet6.0: 16/16/16/0
.
265
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Instance: C5-vpls
Local site: site-5 (5)
connection-site Type St Time last up # Up trans
4 rmt Up Sep 25 14:33:25 2012 1
Remote PE: 172.30.5.2, Negotiated control-word: No
Incoming label: 262148, Outgoing label: 262149
Local interface: lsi.1048593, Status: Up, Encapsulation: VPLS
Description: Intf - vpls C5-vpls local site 5 remote site 4
6 rmt Up Sep 25 14:20:01 2012 1
Remote PE: 172.30.5.5, Negotiated control-word: No
Incoming label: 262150, Outgoing label: 262149
Local interface: lsi.1048583, Status: Up, Encapsulation: VPLS
Description: Intf - vpls C5-vpls local site 5 remote site 6
7 rmt Up Sep 25 14:20:15 2012 1
Remote PE: 172.17.47.3, Negotiated control-word: No
Incoming label: 262151, Outgoing label: 262149
Local interface: lsi.1048585, Status: Up, Encapsulation: VPLS
Description: Intf - vpls C5-vpls local site 5 remote site 7
4) R4
a. Repeat
the
steps
as
on
the
R1.
5) R5
a. Repeat
the
steps
as
on
the
R1.
b. Check
the
VPLS
connections.
lab@A-Centauri> show vpls connections | find "Instance:"
Instance: C5-vpls
Local site: site-6 (6)
connection-site Type St Time last up # Up trans
4 rmt Up Sep 25 14:33:20 2012 1
Remote PE: 172.30.5.2, Negotiated control-word: No 265
Incoming label: 262148, Outgoing label: 262150
Local interface: lsi.1048606, Status: Up, Encapsulation: VPLS
Description: Intf - vpls C5-vpls local site 6 remote site 4
5 rmt Up Sep 25 14:33:21 2012
Remote PE: 172.30.5.3, Negotiated control-word: No
1
Incoming label: 262149, Outgoing label: 262150
.
266
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
6) R7
a. Repeat
the
steps
as
on
the
R1.
7) Route
reflector
a. Check
the
BGP
sessions.
lab@route-reflector> show bgp summary
Groups: 3 Peers: 9 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 984 599 0 0 0 0
inet6.0 64 48 0 0 0 0
bgp.l3vpn.0 107 107 0 0 0 0
bgp.mvpn.0 4 4 0 0 0 0
bgp.l2vpn.0 8 8 0 0 0 0
inet.3 1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
inet.0: 31/32/0
inet6.0: 0/0/0
bgp.l3vpn.0: 4/4/0
bgp.rtarget.0: 0/1/0
172.30.5.7 54591 175 1900 0 0 26:34 Establ
inet.0: 1/1/0
inet6.0: 16/16/0
bgp.l3vpn.0: 4/4/0
bgp.rtarget.0: 2/5/0
bgp.mvpn.0: 1/1/0
bgp.l2vpn.0: 1/1/0
172.30.5.8 54591 178 1038 0 1 25:09 Establ
inet.0: 16/16/0
inet6.0: 0/16/0
bgp.l3vpn.0: 5/5/0
bgp.rtarget.0: 1/2/0
267
.
268
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
2) Configure
schedulers.
[edit class-of-service]
lab@Sun# show
schedulers {
be-sc-q0 {
transmit-rate remainder;
buffer-size remainder;
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
vpn-sc-q1 {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-drop;
}
lab@Sun# show
per-unit-scheduler;
269
.
270
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
11) Configure
next
hop
mapping
policy
on
R3
and
R8.
[edit policy-options policy-statement cbf-map]
lab@Canopus# show
term 1 {
from {
route-filter fd18:cccc:dddd:5:0::/77 longer;
}
then cos-next-hop-map cbf-map;
}
bandwidth-limit 60m;
burst-size-limit 62k;
}
then loss-priority high;
}
policer vpn-priority-policer {
if-exceeding {
bandwidth-limit 60m;
burst-size-limit 62k;
}
then discard;
}
14) Configure
firewall
filters
for
VPN
traffic
on
R3
and
R8.
[edit firewall family any]
lab@Canopus# show
filter vpn-filter {
term 1 {
then {
policer vpn-policer;
accept;
}
}
}
filter vpn-priority-filter {
term 1 {
then {
policer vpn-priority-policer;
accept;
}
}
}
lab@Sun# show
rewrite-rules {
dscp dscp-rewriter {
forwarding-class best-effort {
loss-priority low code-point be;
}
forwarding-class vpn {
loss-priority low code-point vpn-low;
loss-priority high code-point vpn-high;
}
forwarding-class vpn-priority {
loss-priority low code-point vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class best-effort {
loss-priority low code-point be;
}
forwarding-class vpn {
loss-priority low code-point vpn-low;
loss-priority high code-point vpn-high;
}
forwarding-class vpn-priority {
loss-priority low code-point vpn-priority;
}
}
}
.
273
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
273
.
274
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
Verification
1) R1
a. Check
interface
CoS.
lab@Sun> show class-of-service interface ae0.0
Logical interface: ae0.0, Index: 101
Object Name Type Index
Scheduler-map core-interfaces Output 58651
Rewrite dscp-rewriter dscp 20901
Rewrite exp-default exp (mpls-any) 33
Rewrite mpls-rewriter exp (mpls-inet-both) 10617
Classifier dscp-classifier dscp 51090
Classifier dscp-ipv6-compatibility dscp-ipv6 9
Classifier mpls-classifier exp 48975
2) R2
a. Repeat
the
steps
as
on
the
R1.
3) R3
a. Repeat
the
steps
as
on
the
R1.
b. Check
the
next
hop
mapping
policy.
lab@Canopus> show route forwarding-table matching fd18:cccc:dddd:5:0::/77 table C3 275
Routing table: C3.inet6
Internet6:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm
fd18:cccc:dddd:5::/80 user
0
0
rjct 709
indr 262179
1
9
idxd 742 2
.
276
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
4) R4
a. Repeat
the
steps
as
on
the
R1.
5) R5
a. Repeat
the
steps
as
on
the
R1.
6) R6
a. Repeat
the
steps
as
on
the
R1.
7) R7
a. Repeat
the
steps
as
on
the
R1.
8) R8
.
277
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
scripts {
commit {
file interface-mask-check.slax;
.
278
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
} 278
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
.
279
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R1# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.1/24;
}
}
}
}
[edit]
lab@R1# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R1# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R1# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254; 279
no-readvertise;
}
}
}
router-id 172.30.5.1;
.
280
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R1# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
}
then accept;
}
term 2 {
then {
count dropped-packets;
syslog;
discard;
}
}
}
}
}
R2
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
•
[edit]
lab@R2# show | find system
system {
host-name R2;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view 280
];
}
deny-commands "start shell";
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
.
281
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
}
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
281
[edit]
lab@R2# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
.
282
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
family inet {
address 10.10.1.2/24;
}
}
}
}
[edit]
lab@R2# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R2# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R2# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.2;
}
[edit]
lab@R2# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address { 282
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
.
283
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
then accept;
}
term 2 {
then {
count dropped-packets;
syslog;
discard;
}
}
}
}
}
• R3
[edit]
lab@R3# show | find system
system {
host-name R3;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
} 283
}
user noc {
uid 2005;
class op-plus;
authentication {
.
284
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
file firewall.log {
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R3# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.3/24;
}
}
}
}
284
[edit]
lab@R3# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
.
285
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R3# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
lab@R3# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.3;
}
[edit]
lab@R1# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
}
then accept;
}
term 2 {
then {
count dropped-packets; 285
syslog;
}
discard;
}
}
}
.
286
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R4
[edit]
lab@R4# show | find system
system {
host-name R4;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
}
user tac {
uid 2000;
class su-minus;
authentication { 286
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
.
287
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
ftp;
ssh;
telnet;
}
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R4# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.4/24;
}
}
}
}
[edit]
lab@R1# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
287
[edit]
lab@R1# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
.
288
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R4# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.4;
}
[edit]
lab@R1# show | find firewall
firewall {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
}
then accept;
}
term 2 {
then {
count dropped-packets;
syslog;
discard;
}
}
}
}
}
• R5
[edit]
lab@R5# show | find system
system {
host-name R5; 288
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
.
289
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
name-server {
10.10.1.100;
}
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
}
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user noc {
any warning;
} 289
user lab {
}
any emergency;
host 10.10.1.100 {
change-log any;
}
.
290
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R5# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.5/24;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
[edit]
lab@R5# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R5# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing; 290
}
targets {
10.10.1.100;
}
}
}
.
291
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R5# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.5;
}
[edit]
lab@R5# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
}
then accept;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
term 2 {
then {
count dropped-packets;
syslog;
discard;
}
}
}
}
}
• R6
[edit]
lab@R6# show | find system
system {
host-name R6;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1; 291
}
}
scripts {
commit {
file interface-mask-check.slax;
}
.
292
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
}
archival { 292
configuration {
transfer-interval 1440;
archive-sites {
}
"ftp://lab:lab123@10.10.1.100";
}
.
293
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R6# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.6/24;
}
}
}
}
[edit]
lab@R6# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R6# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R6# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise; 293
}
}
router-id 172.30.5.6;
}
[edit]
.
294
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R7
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
[edit]
lab@R7# show | find system
system {
host-name R7;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
radius-server {
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
]; 294
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
.
295
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
}
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
}
}
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit] 295
lab@R7# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
.
296
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
address 10.10.1.7/24;
}
}
}
}
[edit]
lab@R7# show | find event-options
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R7# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R7# show | find routing-options
routing-options {
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.7;
}
[edit]
lab@R7# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24; 296
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
.
297
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
then accept;
}
term 2 {
then {
count dropped-packets;
syslog;
discard;
}
}
}
}
}
• R8
[edit]
lab@R8# show | find system
system {
host-name R8;
backup-router 10.10.1.254 destination 10.10.10.0/24;
time-zone Europe/Amsterdam;
authentication-order [ radius password ];
root-authentication {
encrypted-password "$1$YpstA.mZ$uh1QVGGnSRigvLpxTdQH4/"; ## SECRET-DATA
}
name-server {
10.10.1.100;
}
radius-server {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
10.10.1.100 {
secret "$9$-NwoGF39t0IP5z6A0hc-VwgaU"; ## SECRET-DATA
timeout 2;
retry 1;
}
}
scripts {
commit {
file interface-mask-check.slax;
}
op {
file show-interfaces.slax;
}
}
login {
class op-plus {
permissions [ clear maintenance network reset snmp-control trace view
];
deny-commands "start shell";
}
class su-minus {
permissions all;
deny-commands "(clear)|(configure)|(edit)";
}
user lab {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$aNjC20Lw$aZizpByRVUwx6fiIX3ArD0"; ## SECRET-
DATA
}
} 297
user noc {
uid 2005;
class op-plus;
authentication {
encrypted-password "$1$xbOaIH23$0HUjYKyL6sDRh1pfirp3H1"; ## SECRET-
DATA
.
298
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
user tac {
uid 2000;
class su-minus;
authentication {
encrypted-password "$1$Y/XK58DQ$GHpOXOQZvjGtlwhbir3bF/"; ## SECRET-
DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user noc {
any warning;
}
user lab {
any emergency;
}
host 10.10.1.100 {
change-log any;
}
file jncie-sp-messages {
any info;
}
file firewall.log {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
firewall any;
}
}
archival {
configuration {
transfer-interval 1440;
archive-sites {
"ftp://lab:lab123@10.10.1.100";
}
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
[edit]
lab@R8# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.8/24;
}
}
}
}
[edit]
lab@R8# show | find event-options 298
event-options {
policy ospf_adjacency_flapping {
events rpd_ospf_nbrdown;
then {
event-script ospf_adjacency_flapping.slax;
}
.
299
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
event-script {
file ospf_adjacency_flapping.slax;
}
}
[edit]
lab@R8# show | find snmp
snmp {
community workbook {
authorization read-only;
clients {
10.10.1.100/32;
}
}
trap-group s1 {
categories {
chassis;
link;
routing;
}
targets {
10.10.1.100;
}
}
}
[edit]
lab@R8# show | find routing-options
routing-options {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
static {
route 10.10.10.0/24 {
next-hop 10.10.1.254;
no-readvertise;
}
}
router-id 172.30.5.8;
}
[edit]
lab@R8# show | find firewall
firewall {
family inet {
filter protect-re {
term 1 {
from {
source-address {
10.10.1.0/24;
10.10.10.0/24;
172.30.0.0/16;
172.17.0.0/16;
172.31.0.0/16;
192.168.0.0/16;
}
}
then accept;
}
term 2 {
then {
count dropped-packets;
syslog;
discard; 299
}
}
}
}
}
.
300
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP workbook: Appendix -‐ Chapter Nine: A Full Day Lab Challenge
300
.
301
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R1# show | find interfaces
interfaces {
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/4 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
vlan-tagging;
unit 117 {
description "R7 connection";
vlan-id 117;
family inet {
address 172.30.0.5/30;
}
family inet6;
family mpls;
}
unit 118 {
description "R8 connection";
vlan-id 118;
family inet {
address 172.30.0.9/30;
}
family inet6;
family mpls;
}
unit 206 {
description "RR connection";
vlan-id 206;
family inet {
address 172.30.0.65/30;
}
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 310 {
description "P1-1 connection"; 301
vlan-id 310;
family inet {
address 192.168.0.37/30;
}
family inet6 {
address fc09:c0:ffee::5/126;
.
302
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
unit 318 {
description "CE1-2 connection";
vlan-id 318;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.69/30;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
description "R2 connection";
family inet {
address 172.30.0.1/30;
}
family inet6;
family mpls;
}
}
lo0 {
unit 0 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family inet {
filter {
input protect-re;
}
address 172.30.5.1/32;
}
family inet6 {
address fd17:f0f4:f691:5::1/128;
}
}
}
}
• R2
[edit]
lab@R2# show | find chassis
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
[edit]
lab@R2# show | find interfaces
interfaces {
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
} 302
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
.
303
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 601 {
description "CE3-1 connection";
encapsulation vlan-vpls;
vlan-id 601;
family vpls {
filter {
input l2vpn-classifier;
}
}
}
}
ge-0/0/4 {
vlan-tagging;
unit 123 {
description "R3 connection";
vlan-id 123;
family inet {
address 172.30.0.13/30;
}
family inet6;
family mpls;
}
unit 126 {
description "R6 connection";
vlan-id 126;
family inet {
address 172.30.0.17/30;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family inet6;
family mpls;
}
unit 207 {
description "RR connection";
vlan-id 207;
family inet {
address 172.30.0.69/30;
}
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 303 {
description "C3-1 connection";
vlan-id 303;
family inet {
address 192.168.0.9/30;
}
family inet6 {
address ::192.168.0.9/126;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 { 303
description "R1 connection";
family inet {
address 172.30.0.2/30;
}
family inet6;
family mpls;
.
304
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
}
address 172.30.5.2/32;
}
family inet6 {
address fd17:f0f4:f691:5::2/128;
}
}
}
}
• R3
[edit]
lab@R3# show | find chassis
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
[edit]
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
lab@R3# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.3/24;
}
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 600 {
description "CE3-2 connection";
encapsulation vlan-vpls;
vlan-id 600;
family vpls {
filter {
input l2vpn-classifier;
}
} 304
}
}
ge-0/0/4 {
vlan-tagging;
unit 123 {
description "R2 connection";
.
305
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
vlan-id 123;
family inet {
address 172.30.0.14/30;
}
family inet6;
family mpls;
}
unit 135 {
description "R5 connection";
vlan-id 135;
family inet {
address 172.30.0.85/30;
}
family inet6;
family mpls;
}
unit 137 {
description "R7 connection";
vlan-id 137;
family inet {
address 172.30.0.29/30;
}
family inet6;
family mpls;
}
unit 138 {
description "R8 connection";
vlan-id 138;
family inet {
address 172.30.0.33/30;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
family inet6;
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 306 {
description "C2-1 connection 1";
vlan-id 306;
family inet {
address 192.168.0.21/30;
}
}
unit 307 {
description "C2-1 connection 2";
vlan-id 307;
family inet {
address 192.168.0.25/30;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
description "R4 connection";
family inet {
address 172.30.0.81/30; 305
}
family inet6;
family mpls;
}
}
lo0 {
.
306
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
unit 0 {
family inet {
filter {
input protect-re;
}
address 172.30.5.3/32;
}
family inet6 {
address fd17:f0f4:f691:5::3/128;
}
}
}
}
• R4
[edit]
lab@R4# show | find chassis
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
[edit]
lab@R4# show | find interfaces
interfaces {
ge-0/0/1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 600 {
description "CE3-2 connection";
encapsulation vlan-vpls;
vlan-id 600;
family vpls {
filter {
input l2vpn-classifier;
}
}
}
}
ge-0/0/4 {
vlan-tagging;
unit 146 {
description "R6 connection";
vlan-id 146;
family inet {
address 172.30.0.89/30;
}
family inet6; 306
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 323 {
.
307
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
address 172.30.5.4/32;
}
family inet6 {
address fd17:f0f4:f691:5::4/128;
}
}
unit 1 {
family inet {
address 172.30.5.21/32 {
primary;
}
address 172.30.5.253/32;
}
}
}
}
• R5
[edit]
lab@R5# show | find chassis
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
[edit]
lab@R5# show | find interfaces 307
interfaces {
ge-0/0/1 {
gigether-options {
}
802.3ad ae0;
}
.
308
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/4 {
vlan-tagging;
unit 135 {
description "R3 connection";
vlan-id 135;
family inet {
address 172.30.0.86/30;
}
family inet6;
family mpls;
}
unit 202 {
description "DC1 connection";
vlan-id 202;
family inet {
address 172.30.0.49/30;
}
}
}
ge-0/0/5 {
vlan-tagging;
unit 305 {
description "C1-1 connection";
vlan-id 305;
family inet {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
address 192.168.0.17/30;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
description "R6 connection";
family inet {
address 172.30.0.93/30;
}
family inet6;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
}
address 172.30.5.5/32;
}
family inet6 {
address fd17:f0f4:f691:5::5/128;
}
}
} 308
}
• R6
[edit]
lab@R6# show | find chassis
.
309
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
[edit]
lab@R6# show | find interfaces
interfaces {
ge-0/0/1 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/4 {
vlan-tagging;
unit 126 {
description "R2 connection";
vlan-id 126;
family inet {
address 172.30.0.18/30;
}
family inet6;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family mpls;
}
unit 146 {
description "R4 connection";
vlan-id 146;
family inet {
address 172.30.0.90/30;
}
family inet6;
family mpls;
}
unit 167 {
description "R7 connection";
vlan-id 167;
family inet {
address 172.30.0.45/30;
}
family inet6;
family mpls;
}
unit 168 {
description "R8 connection";
vlan-id 168;
family inet {
address 172.30.0.21/30;
}
family inet6;
family mpls;
}
unit 204 {
description "DC1 connection";
vlan-id 204; 309
family inet {
}
address 172.30.0.57/30;
}
}
ge-0/0/5 {
.
310
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
vlan-tagging;
unit 305 {
description "C1-1 connection";
vlan-id 305;
family inet {
address 192.168.0.17/30;
}
}
}
ae0 {
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 {
description "R5 connection";
family inet {
address 172.30.0.94/30;
}
family inet6;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
address 172.30.5.6/32;
}
family inet6 {
address fd17:f0f4:f691:5::6/128;
}
}
}
}
• R7
[edit]
lab@R7# show | find interfaces
interfaces {
ge-0/0/4 {
vlan-tagging;
unit 117 {
description "R1 connection";
vlan-id 117;
family inet {
address 172.30.0.6/30;
}
family inet6;
family mpls;
}
unit 137 {
description "R3 connection";
vlan-id 137;
family inet {
address 172.30.0.30/30;
}
family inet6; 310
family mpls;
}
unit 167 {
description "R6 connection";
vlan-id 167;
family inet {
.
311
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
address 172.30.0.46/30;
}
family inet6;
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 311 {
description "CE2-1 connection hub";
vlan-id 311;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.41/30;
}
}
unit 312 {
description "CE2-1 connection spoke";
vlan-id 312;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.45/30;
}
}
unit 324 {
description "CE1-1 connection";
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
vlan-id 324;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.93/30;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
}
address 172.30.5.7/32;
}
family inet6 {
address fd17:f0f4:f691:5::7/128;
}
}
unit 1 {
family inet {
address 172.30.5.33/32 {
primary;
}
address 172.30.5.253/32;
}
}
unit 2 {
family inet {
address 172.30.5.34/32; 311
}
}
}
}
.
312
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R8
[edit]
lab@R8# show | find interfaces
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management";
family inet {
address 10.10.1.8/24;
}
}
}
ge-0/0/4 {
vlan-tagging;
unit 118 {
description "R1 connection";
vlan-id 118;
family inet {
address 172.30.0.10/30;
}
family inet6;
family mpls;
}
unit 138 {
description "R3 connection";
vlan-id 138;
family inet {
address 172.30.0.34/30;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family inet6;
family mpls;
}
unit 168 {
description "R6 connection";
vlan-id 168;
family inet {
address 172.30.0.22/30;
}
family inet6;
family mpls;
}
}
ge-0/0/5 {
vlan-tagging;
unit 302 {
description "CE2-1 connection spoke";
vlan-id 302;
family inet {
address 192.168.0.5/30;
}
}
unit 308 {
description "CE2-1 connection hub";
vlan-id 308;
family inet {
address 192.168.0.29/30;
}
family inet6 {
address fc09:c0:ffee::1/126;
}
} 312
}
lo0 {
unit 0 {
family inet {
filter {
input protect-re;
.
313
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
address 172.30.5.8/32;
}
family inet6 {
address fd17:f0f4:f691:5::8/128;
}
}
}
}
JNCIE-‐SP workbook: Appendix -‐ Chapter Nine: A Full Day Lab Challenge
313
.
314
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
• R1
[edit]
lab@R1# show | find protocols
protocols {
ospf {
traffic-engineering;
reference-bandwidth 10g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.117 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.118 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.206 {
interface-type p2p;
ldp-synchronization;
}
interface lo0.0; 314
}
}
ospf3 {
reference-bandwidth 10g;
area 0.0.0.0 {
interface ae0.0 {
.
315
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
interface-type p2p;
}
interface ge-0/0/4.117 {
interface-type p2p;
}
interface ge-0/0/4.118 {
interface-type p2p;
}
interface lo0.0;
}
}
}
• R2
[edit]
lab@R2# show | find protocols
protocols {
ospf {
traffic-engineering;
reference-bandwidth 10g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.123 {
interface-type p2p;
ldp-synchronization;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
interface ge-0/0/4.126 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.207 {
interface-type p2p;
ldp-synchronization;
}
interface lo0.0;
}
}
ospf3 {
reference-bandwidth 10g;
area 0.0.0.0 {
interface ae0.0 {
interface-type p2p;
}
interface ge-0/0/4.123 {
interface-type p2p;
}
interface ge-0/0/4.126 {
interface-type p2p;
}
interface lo0.0;
}
}
}
• R3
[edit]
lab@R3# show | find protocols 315
protocols {
ospf {
traffic-engineering;
export local-range;
reference-bandwidth 10g;
area 0.0.0.1 {
.
316
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
nssa {
default-lsa default-metric 10;
area-range 172.30.32.0/20;
}
area-range 172.30.0.80/28;
interface ae0.0 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.135 {
interface-type p2p;
ldp-synchronization;
}
}
area 0.0.0.0 {
interface ge-0/0/4.123 {
interface-type p2p;
}
interface ge-0/0/4.137 {
interface-type p2p;
}
interface ge-0/0/4.138 {
interface-type p2p;
}
interface lo0.0;
}
}
ospf3 {
reference-bandwidth 10g;
area 0.0.0.1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
nssa {
default-lsa default-metric 10;
}
interface ae0.0 {
interface-type p2p;
}
interface ge-0/0/4.135 {
interface-type p2p;
}
}
area 0.0.0.0 {
interface ge-0/0/4.123 {
interface-type p2p;
}
interface ge-0/0/4.137 {
interface-type p2p;
}
interface ge-0/0/4.138 {
interface-type p2p;
}
interface lo0.0;
}
}
}
[edit]
lab@R3# show | find policy-options
policy-options {
policy-statement local-range {
term 1 {
from {
protocol aggregate; 316
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
}
.
317
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R3# show | find routing-options
routing-options {
aggregate {
route 172.30.0.0/16;
}
}
• R4
[edit]
lab@R4# show | find protocols
protocols {
ospf {
reference-bandwidth 10g;
area 0.0.0.1 {
nssa;
interface ae0.0 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.146 {
interface-type p2p;
ldp-synchronization;
}
interface lo0.0;
}
}
ospf3 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
reference-bandwidth 10g;
area 0.0.0.1 {
nssa;
interface ae0.0 {
interface-type p2p;
}
interface ge-0/0/4.146 {
interface-type p2p;
}
interface lo0.0;
}
}
}
• R5
[edit]
lab@R5# show | find protocols
protocols {
ospf {
export rip-to-ospf;
reference-bandwidth 10g;
area 0.0.0.1 {
nssa;
interface ae0.0 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/4.135 {
interface-type p2p;
ldp-synchronization;
} 317
interface lo0.0;
}
}
ospf3 {
reference-bandwidth 10g;
area 0.0.0.1 {
.
318
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
nssa;
interface ae0.0 {
interface-type p2p;
}
interface ge-0/0/4.135 {
interface-type p2p;
}
interface lo0.0;
}
}
rip {
group dc1 {
export ospf-to-rip;
import rip-filter;
neighbor ge-0/0/4.202;
}
}
}
[edit]
lab@R5# show | find policy-options
policy-options {
policy-statement ospf-to-rip {
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
then {
metric 10;
tag 1234;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
accept;
}
}
}
policy-statement rip-filter {
term 1 {
from {
protocol rip;
tag 1234;
}
then reject;
}
}
policy-statement rip-to-ospf {
term 1 {
from protocol rip;
then accept;
}
}
}
• R6
[edit]
lab@R6# show | find protocols
protocols {
ospf {
traffic-engineering;
export [ rip-to-ospf local-range ];
reference-bandwidth 10g;
area 0.0.0.1 {
nssa { 318
default-lsa default-metric 10;
}
area-range 172.30.32.0/20;
area-range 172.30.0.80/28;
interface ae0.0 {
interface-type p2p;
.
319
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
ldp-synchronization;
}
interface ge-0/0/4.146 {
interface-type p2p;
ldp-synchronization;
}
}
area 0.0.0.0 {
interface ge-0/0/4.126 {
interface-type p2p;
}
interface ge-0/0/4.167 {
interface-type p2p;
}
interface ge-0/0/4.168 {
interface-type p2p;
}
interface lo0.0;
}
}
ospf3 {
reference-bandwidth 10g;
area 0.0.0.1 {
nssa {
default-lsa default-metric 10;
}
interface ae0.0 {
interface-type p2p;
}
interface ge-0/0/4.146 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
interface-type p2p;
}
}
area 0.0.0.0 {
interface ge-0/0/4.126 {
interface-type p2p;
}
interface ge-0/0/4.167 {
interface-type p2p;
}
interface ge-0/0/4.168 {
interface-type p2p;
}
interface lo0.0;
}
}
rip {
group dc1 {
export ospf-to-rip;
import rip-filter;
neighbor ge-0/0/4.204;
}
}
}
[edit]
lab@R6# show | find policy-options
policy-options {
policy-statement local-range {
term 1 {
from {
protocol aggregate; 319
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement ospf-to-rip {
.
320
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
then {
metric 5;
tag 1234;
accept;
}
}
}
policy-statement rip-filter {
term 1 {
from {
protocol rip;
tag 1234;
}
then reject;
}
}
policy-statement rip-to-ospf {
term 1 {
from {
route-filter 172.30.32.0/20 exact;
}
then accept;
}
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
[edit]
lab@R6# show | find routing-options
routing-options {
aggregate {
route 0.0.0.0/0;
route 172.30.32.0/20;
route 172.30.0.0/16;
}
• R7
[edit]
lab@R7# show | find protocols
protocols {
ospf {
traffic-engineering;
reference-bandwidth 10g;
area 0.0.0.0 {
interface ge-0/0/4.117 {
interface-type p2p;
}
interface ge-0/0/4.137 {
interface-type p2p;
}
interface ge-0/0/4.167 {
interface-type p2p;
}
interface lo0.0;
}
}
ospf3 {
reference-bandwidth 10g; 320
area 0.0.0.0 {
interface ge-0/0/4.117 {
interface-type p2p;
}
interface ge-0/0/4.137 {
interface-type p2p;
.
321
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
interface ge-0/0/4.167 {
interface-type p2p;
}
interface lo0.0;
}
}
}
• R8
[edit]
lab@R8# show | find protocols
protocols {
ospf {
traffic-engineering;
reference-bandwidth 10g;
area 0.0.0.0 {
interface ge-0/0/4.118 {
interface-type p2p;
}
interface ge-0/0/4.138 {
interface-type p2p;
}
interface ge-0/0/4.168 {
interface-type p2p;
}
interface lo0.0;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
ospf3 {
reference-bandwidth 10g;
area 0.0.0.0 {
interface ge-0/0/4.118 {
interface-type p2p;
}
interface ge-0/0/4.138 {
interface-type p2p;
}
interface ge-0/0/4.168 {
interface-type p2p;
}
interface lo0.0;
}
}
}
321
.
322
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
• R1
[edit]
lab@R1# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.1;
import black-hole;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
322
labeled-unicast {
explicit-null;
}
}
family l2vpn {
.
323
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
group P1-1 {
type external;
hold-time 30;
import [ ebgp-import-filter peer-routes p1-preference ];
export [ no-p2-routes-export local-range delete-communities ];
remove-private;
peer-as 1679.12483;
neighbor 192.168.0.38;
}
group P1-1-ipv6 {
type external;
hold-time 30;
import [ ebgp-ipv6-import-filter peer-routes ];
export [ delete-communities no-export-routes ];
remove-private;
peer-as 1679.12483;
neighbor fc09:c0:ffee::6;
}
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
[edit]
lab@R1# show | find policy-options
policy-options {
policy-statement black-hole {
term 1 {
from {
protocol bgp;
community rtbh;
}
then {
next-hop discard;
}
}
}
policy-statement customer-routes {
term 1 {
then {
community set customer;
}
}
}
policy-statement delete-communities {
term 1 {
from protocol bgp;
then {
community delete wildcard;
}
}
}
policy-statement ebgp-import-filter {
term 1 { 323
from {
}
route-filter 0.0.0.0/0 upto /7;
}
then reject;
term 2 {
.
324
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
term 3 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement ebgp-ipv6-import-filter {
term 1 {
from as-path p1-ipv6-foreign;
then reject;
}
}
policy-statement local-range {
term 1 {
from {
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement nhs {
term 1 {
from protocol bgp;
then {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
next-hop self;
}
}
}
policy-statement no-export-routes {
term 1 {
from protocol bgp;
then {
community add no-export;
}
}
}
policy-statement no-p2-routes-export {
term 1 {
from {
protocol bgp;
as-path p2-neighbor;
}
then reject;
}
}
policy-statement p1-preference {
term 1 {
then {
local-preference 150;
}
}
}
policy-statement peer-routes {
term 1 {
then {
community set peer; 324
}
}
}
community customer members 54591:200;
community no-export members no-export;
community peer members 54591:100;
.
325
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R2
[edit]
lab@R2# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.2;
import black-hole;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
group C3-1 {
type external;
damping;
import [ ebgp-import-filter customer-routes customer-preferred ];
family inet {
unicast {
prefix-limit {
maximum 20;
teardown idle-timeout 5;
}
}
}
family inet6 {
unicast {
prefix-limit {
maximum 20;
teardown idle-timeout 5;
} 325
}
}
export [ local-range delete-communities ];
peer-as 64514;
neighbor 192.168.0.10;
}
.
326
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
[edit]
lab@R2# show | find policy-options
policy-options {
policy-statement black-hole {
term 1 {
from {
protocol bgp;
community rtbh;
}
then {
next-hop discard;
}
}
}
policy-statement customer-preferred {
term 1 {
then {
local-preference 200;
}
}
}
policy-statement customer-routes {
term 1 {
then {
community add customer;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
policy-statement delete-communities {
term 1 {
from protocol bgp;
then {
community delete wildcard;
}
}
}
policy-statement ebgp-import-filter {
term 1 {
from {
route-filter 0.0.0.0/0 upto /7;
}
then reject;
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
term 3 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement local-range {
term 1 {
from { 326
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement nhs {
.
327
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
policy-statement peer-routes {
term 1 {
then {
community set peer;
}
}
}
community customer members 54591:200;
community peer members 54591:100;
community rtbh members 6451.:666;
community wildcard members *:*;
as-path p1-neighbor "110047427 .*";
}
• R3
[edit]
lab@R3# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
local-address 172.30.5.3;
import black-hole;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
group C2-1 {
type external;
multihop; 327
local-address 172.30.5.3;
damping;
import [ ebgp-import-filter customer-routes customer-preferred ];
family inet {
unicast {
prefix-limit {
.
328
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
maximum 20;
teardown idle-timeout 5;
}
}
}
export [ local-range delete-communities ];
peer-as 64513;
neighbor 172.31.31.1;
}
}
}
[edit]
lab@R3# show | find policy-options
policy-options {
policy-statement black-hole {
term 1 {
from {
protocol bgp;
community rtbh;
}
then {
next-hop discard;
}
}
}
policy-statement customer-preferred {
term 1 {
then {
local-preference 200;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
policy-statement customer-routes {
term 1 {
then {
community add customer;
}
}
}
policy-statement delete-communities {
term 1 {
from protocol bgp;
then {
community delete wildcard;
}
}
}
policy-statement ebgp-import-filter {
term 1 {
from {
route-filter 0.0.0.0/0 upto /7;
}
then reject;
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
term 3 { 328
from {
}
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
.
329
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
policy-statement local-range {
term 1 {
from {
protocol aggregate;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
policy-statement peer-routes {
term 1 {
then {
community set peer;
}
}
}
community customer members 54591:200;
community peer members 54591:100;
community rtbh members 6451.:666;
community wildcard members *:*;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
• R4
[edit]
lab@R4# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.4;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
} 329
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
}
neighbor 172.30.5.41;
}
.
330
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R4# show | find policy-options
policy-options {
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
}
• R5
[edit]
lab@R5# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.5;
import black-hole;
family inet {
unicast;
labeled-unicast {
rib {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
group C1-1 {
type external;
damping;
import [ ebgp-import-filter damp-aggressive customer-routes customer-
preferred ];
family inet {
unicast {
prefix-limit {
maximum 20; 330
teardown idle-timeout 5;
}
}
}
export default-and-local;
peer-as 64512;
.
331
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
neighbor 192.168.0.18;
}
}
}
[edit]
lab@R5# show | find policy-options
policy-options {
policy-statement black-hole {
term 1 {
from {
protocol bgp;
community rtbh;
}
then {
next-hop discard;
}
}
}
policy-statement customer-preferred {
term 1 {
then {
local-preference 200;
}
}
}
policy-statement customer-routes {
term 1 {
then {
community add customer;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
policy-statement damp-aggressive {
term 1 {
then damping aggressive;
}
}
policy-statement default-and-local {
term 1 {
from {
route-filter 0.0.0.0/0 exact;
route-filter 172.30.0.0/16 exact;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement delete-communities {
term 1 {
from protocol bgp;
then {
community delete wildcard;
}
}
}
policy-statement ebgp-import-filter {
term 1 {
from {
route-filter 0.0.0.0/0 upto /7; 331
}
}
then reject;
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
.
332
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
then reject;
}
term 3 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
policy-statement peer-routes {
term 1 {
then {
community set peer;
}
}
}
community customer members 54591:200;
community peer members 54591:100;
community rtbh members 6451.:666;
community wildcard members *:*;
damping aggressive {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
suppress 2000;
}
}
332
.
333
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R6
[edit]
lab@R6# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.6;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
}
}
[edit]
lab@R6# show | find policy-options
policy-options {
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
}
• R7
[edit]
lab@R7# show | find protocols
protocols {
bgp {
log-updown; 333
group ibgp {
type internal;
local-address 172.30.5.7;
family inet {
unicast;
labeled-unicast {
.
334
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export [ nhs CE2-routes ];
neighbor 172.30.5.41;
}
}
}
[edit]
lab@R7# show | find policy-options
policy-options {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
}
• R8
[edit]
lab@R8# show | find protocols
protocols {
bgp {
log-updown;
group ibgp {
type internal;
local-address 172.30.5.8;
import black-hole;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet-vpn {
unicast;
} 334
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
.
335
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$wrgGi/9pOIcQF6A0IrlwYgJUH"; ## SECRET-DATA
export nhs;
neighbor 172.30.5.41;
}
group P1-2 {
type external;
hold-time 30;
import [ ebgp-import-filter peer-routes ];
export [ no-p2-routes-export local-range delete-communities long-as-
path ];
remove-private;
peer-as 1679.12483;
neighbor 192.168.0.30;
}
group P1-2-ipv6 {
type external;
hold-time 30;
import peer-routes;
export [ delete-communities no-export-routes ];
remove-private;
peer-as 1679.12483;
neighbor fc09:c0:ffee::2;
}
group P2-1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
type external;
hold-time 30;
import [ allow-p2-loopbacks ebgp-import-filter p2-long-path-filter
peer-routes ];
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
export [ no-p1-routes-export local-range delete-communities local-
loopbacks ];
remove-private;
peer-as 43208.365;
neighbor 192.168.0.6;
}
}
}
[edit]
lab@R8# show | find policy-options
policy-options {
policy-statement allow-p2-loopbacks {
term 1 {
from {
as-path p2-native;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
community set peer; 335
accept;
}
}
}
policy-statement black-hole {
term 1 {
.
336
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
from {
protocol bgp;
community rtbh;
}
then {
next-hop discard;
}
}
}
policy-statement customer-routes {
term 1 {
then {
community set customer;
}
}
}
policy-statement delete-communities {
term 1 {
from protocol bgp;
then {
community delete wildcard;
}
}
}
policy-statement ebgp-import-filter {
term 1 {
from {
route-filter 0.0.0.0/0 upto /7;
}
then reject;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
term 2 {
from {
route-filter 0.0.0.0/0 prefix-length-range /25-/32;
}
then reject;
}
term 3 {
from {
route-filter 0.0.0.0/0 through 0.0.0.0/32;
}
then reject;
}
}
policy-statement local-loopbacks {
term 1 {
from {
route-filter 172.30.5.41/32 exact;
}
then accept;
}
term 2 {
from {
rib inet.3;
route-filter 172.30.5.0/24 prefix-length-range /32-/32;
}
then accept;
}
}
policy-statement local-range {
term 1 {
from { 336
route-filter 172.30.0.0/16 exact;
}
then accept;
}
}
policy-statement long-as-path {
.
337
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term 1 {
from protocol bgp;
then as-path-prepend "54591 54591 54591";
}
}
policy-statement nhs {
term 1 {
from protocol bgp;
then {
next-hop self;
}
}
}
policy-statement no-export-routes {
term 1 {
from protocol bgp;
then {
community add no-export;
}
}
}
policy-statement no-p1-routes-export {
term 1 {
from {
protocol bgp;
as-path p1-neighbor;
}
then reject;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
policy-statement no-p2-routes-export {
term 1 {
from {
protocol bgp;
as-path p2-neighbor;
}
then reject;
}
}
policy-statement p2-long-path-filter {
term 1 {
from as-path p2-long-path;
then reject;
}
}
policy-statement peer-routes {
term 1 {
then {
community set peer;
}
}
}
community customer members 54591:200;
community no-export members no-export;
community peer members 54591:100;
community rtbh members 6451.:666;
community wildcard members *:*;
as-path p2-native 2831679853;
as-path p2-long-path ".{6,}";
as-path p2-neighbor "2831679853 .*";
as-path p1-neighbor "110047427 .*";
} 337
.
338
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
• R1
[edit]
lab@R1# show | find protocols
protocols {
rsvp {
interface ge-0/0/4.117 {
authentication-key "$9$3CLI90IXxdw2aKMLNb2GU369pOR"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ge-0/0/4.118 {
authentication-key "$9$0yccIyKY2aGjq-Vs4ZjPf0BIcrv"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ae0.0 {
authentication-key "$9$kPF/SyKWX-1RclMXbwk.PQ39"; ## SECRET-DATA
link-protection;
}
}
mpls {
path-mtu;
338
admin-groups {
green 0;
purple 1;
blue 2;
}
.
339
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
ipv6-tunneling;
label-switched-path R1-to-R2 {
to 172.30.5.2;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R1-to-R3 {
to 172.30.5.3;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R1-to-R6 {
to 172.30.5.6;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R1-to-R7 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
to 172.30.5.7;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R1-to-R8 {
to 172.30.5.8;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
path primary-path;
path secondary-path;
interface ae0.0 {
admin-group green;
}
interface ge-0/0/4.117 {
admin-group blue;
}
interface ge-0/0/4.118 {
admin-group purple;
}
interface ge-0/0/4.206;
} 339
ldp {
track-igp-metric;
interface ge-0/0/4.206;
interface lo0.0;
session 172.30.5.41 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
.
340
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
}
[edit]
lab@R1# show | find policy-options
policy-options {
policy-statement load-balancing {
term 1 {
then {
load-balance per-packet;
}
}
}
}
[edit]
lab@R1# show | find routing-options
routing-options {
forwarding-table {
export load-balancing;
}
}
• R2
[edit]
lab@R2# show | find protocols
protocols {
rsvp {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
interface ge-0/0/4.123 {
authentication-key "$9$3CLI90IXxdw2aKMLNb2GU369pOR"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ge-0/0/4.126 {
authentication-key "$9$0yccIyKY2aGjq-Vs4ZjPf0BIcrv"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ae0.0 {
authentication-key "$9$kPF/SyKWX-1RclMXbwk.PQ39"; ## SECRET-DATA
link-protection;
}
}
mpls {
path-mtu;
admin-groups {
green 0;
purple 1;
blue 2;
}
ipv6-tunneling;
label-switched-path R2-to-R1-first {
to 172.30.5.1;
ldp-tunneling;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
auto-bandwidth {
adjust-interval 86400;
minimum-bandwidth 50m; 340
maximum-bandwidth 100m;
}
primary primary-path;
}
secondary secondary-path;
label-switched-path R2-to-R6 {
.
341
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
to 172.30.5.6;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R2-to-R7 {
to 172.30.5.7;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R2-to-R8-first {
to 172.30.5.8;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
auto-bandwidth {
adjust-interval 86400;
minimum-bandwidth 50m;
maximum-bandwidth 100m;
}
primary primary-path;
secondary secondary-path;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
label-switched-path R2-to-R3 {
to 172.30.5.3;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ green blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R2-to-R1-second {
to 172.30.5.1;
ldp-tunneling;
priority 5 5;
link-protection;
auto-bandwidth {
adjust-interval 86400;
minimum-bandwidth 50m;
maximum-bandwidth 100m;
}
primary path-1;
secondary secondary-path;
}
label-switched-path R2-to-R8-second {
to 172.30.5.8;
priority 5 5;
link-protection;
auto-bandwidth {
adjust-interval 86400;
minimum-bandwidth 50m;
maximum-bandwidth 100m; 341
}
primary path-1;
secondary secondary-path;
}
path primary-path;
path secondary-path;
.
342
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
path path-1 {
172.30.5.3;
172.30.5.8;
}
interface ae0.0 {
admin-group green;
}
interface ge-0/0/4.123 {
admin-group purple;
}
interface ge-0/0/4.126 {
admin-group blue;
}
interface ge-0/0/4.207;
}
ldp {
track-igp-metric;
interface ge-0/0/4.207;
interface lo0.0;
session 172.30.5.41 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
}
}
[edit]
lab@R2# show | find policy-options
policy-options {
policy-statement load-balancing {
term 1 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
then {
load-balance per-packet;
}
}
}
policy-statement lsp-mapping {
term 1 {
from {
family inet;
protocol bgp;
as-path p1-neighbor;
}
then {
install-nexthop lsp-regex R2-to-R.-first;
}
}
term 2 {
from {
family inet6;
protocol bgp;
as-path p1-neighbor;
}
then {
install-nexthop lsp-regex R2-to-R.-second;
}
}
}
}
[edit]
lab@R2# show | find routing-options
routing-options { 342
forwarding-table {
}
export [ lsp-mapping load-balancing ];
}
.
343
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R3
[edit]
lab@R3# show | find protocols
protocols {
rsvp {
interface ge-0/0/4.123 {
authentication-key "$9$3CLI90IXxdw2aKMLNb2GU369pOR"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ge-0/0/4.137 {
authentication-key "$9$0yccIyKY2aGjq-Vs4ZjPf0BIcrv"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ge-0/0/4.138 {
authentication-key "$9$kPF/SyKWX-1RclMXbwk.PQ39"; ## SECRET-DATA
subscription 120;
link-protection;
}
}
mpls {
path-mtu;
admin-groups {
green 0;
purple 1;
blue 2;
}
ipv6-tunneling;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
label-switched-path R3-to-R1 {
to 172.30.5.1;
bandwidth 100m;
priority 3 3;
admin-group include-any [ green blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R3-to-R6 {
to 172.30.5.6;
bandwidth 100m;
priority 3 3;
admin-group include-any [ green blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R3-to-R7 {
to 172.30.5.7; 343
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ green blue ];
adaptive;
fast-reroute {
.
344
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R3-to-R8 {
to 172.30.5.8;
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ green blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R3-to-R2 {
to 172.30.5.2;
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ green blue ];
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
path primary-path;
path secondary-path;
interface ae0.0;
interface ge-0/0/4.123 {
admin-group purple;
}
interface ge-0/0/4.135;
interface ge-0/0/4.137 {
admin-group green;
}
interface ge-0/0/4.138 {
admin-group blue;
}
}
ldp {
track-igp-metric;
interface ge-0/0/4.135;
interface ae0.0;
interface lo0.0;
session 172.30.5.4 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
} 344
session 172.30.5.5 {
}
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
}
.
345
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R3# show | find policy-options
policy-options {
policy-statement load-balancing {
term 1 {
then {
load-balance per-packet;
}
}
}
}
[edit]
lab@R3# show | find routing-options
routing-options {
forwarding-table {
export load-balancing;
}
}
• R4
[edit]
lab@R4# show | find protocols
protocols {
mpls {
interface ae0.0;
interface ge-0/0/4.146;
}
ldp {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
track-igp-metric;
interface ge-0/0/4.146;
interface ae0.0;
session 172.30.5.3 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
session 172.30.5.6 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
p2mp;
}
}
• R5
[edit]
lab@R5# show | find protocols
protocols {
mpls {
interface ae0.0;
interface ge-0/0/4.135;
}
ldp {
track-igp-metric;
interface ge-0/0/4.135;
interface ae0.0;
session 172.30.5.3 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
session 172.30.5.6 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
} 345
}
}
• R6
[edit]
.
346
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
priority 3 3;
admin-group include-any [ purple blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R6-to-R2 {
to 172.30.5.2;
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ purple blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R6-to-R3 {
to 172.30.5.3;
bandwidth 100m;
priority 3 3; 346
admin-group include-any [ purple blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
.
347
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R6-to-R7 {
to 172.30.5.7;
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ purple blue ];
adaptive;
fast-reroute {
bandwidth 100m;
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
label-switched-path R6-to-R8 {
to 172.30.5.8;
ldp-tunneling;
bandwidth 100m;
priority 3 3;
admin-group include-any [ purple blue ];
adaptive;
fast-reroute {
bandwidth 100m;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
no-include-any;
}
primary primary-path;
secondary secondary-path {
standby;
}
}
path primary-path;
path secondary-path;
interface ae0.0;
interface ge-0/0/4.126 {
admin-group blue;
}
interface ge-0/0/4.146;
interface ge-0/0/4.167 {
admin-group purple;
}
interface ge-0/0/4.168 {
admin-group green;
}
}
ldp {
track-igp-metric;
interface ge-0/0/4.146;
interface ae0.0;
interface lo0.0;
session 172.30.5.4 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
}
session 172.30.5.5 {
authentication-key "$9$MtrXVY.mTF6ADiqfz6u0M8X-b2"; ## SECRET-DATA
} 347
}
}
[edit]
lab@R6# show | find policy-options
policy-options {
.
348
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
policy-statement load-balancing {
term 1 {
then {
load-balance per-packet;
}
}
}
}
[edit]
lab@R6# show | find routing-options
routing-options {
forwarding-table {
export load-balancing;
}
}
• R7
[edit]
lab@R7# show | find protocols
protocols {
rsvp {
interface ge-0/0/4.117 {
authentication-key "$9$3CLI90IXxdw2aKMLNb2GU369pOR"; ## SECRET-DATA
subscription 120;
link-protection;
}
interface ge-0/0/4.137 {
authentication-key "$9$0yccIyKY2aGjq-Vs4ZjPf0BIcrv"; ## SECRET-DATA
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
subscription 120;
link-protection;
}
interface ge-0/0/4.167 {
authentication-key "$9$kPF/SyKWX-1RclMXbwk.PQ39"; ## SECRET-DATA
subscription 120;
link-protection;
}
}
mpls {
path-mtu;
admin-groups {
green 0;
purple 1;
blue 2;
}
ipv6-tunneling;
label-switched-path R7-to-R1 {
to 172.30.5.1;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R7-to-R2 {
to 172.30.5.2;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ]; 348
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R7-to-R3 {
to 172.30.5.3;
.
349
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R7-to-R6 {
to 172.30.5.6;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R7-to-R8 {
to 172.30.5.8;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
path primary-path;
path secondary-path;
interface ge-0/0/4.117 {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
admin-group blue;
}
interface ge-0/0/4.137 {
admin-group green;
}
interface ge-0/0/4.167 {
admin-group purple;
}
}
ldp {
interface lo0.0;
p2mp;
}
}
[edit]
lab@R3# show | find policy-options
policy-options {
policy-statement load-balancing {
term 1 {
then {
load-balance per-packet;
}
}
}
}
[edit]
lab@R3# show | find routing-options
routing-options {
forwarding-table {
export load-balancing; 349
}
}
• R8
[edit]
.
350
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R8-to-R2 {
to 172.30.5.2;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R8-to-R3 {
to 172.30.5.3;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R8-to-R6 {
to 172.30.5.6;
ldp-tunneling;
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ]; 350
link-protection;
primary primary-path;
secondary secondary-path;
}
label-switched-path R8-to-R7 {
to 172.30.5.7;
.
351
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
bandwidth 100m;
priority 5 5;
admin-group include-any [ purple blue ];
link-protection;
primary primary-path;
secondary secondary-path;
}
path primary-path;
path secondary-path;
interface ge-0/0/4.118 {
admin-group purple;
}
interface ge-0/0/4.138 {
admin-group blue;
}
interface ge-0/0/4.168 {
admin-group green;
}
}
ldp {
interface lo0.0;
}
}
[edit]
lab@R3# show | find policy-options
policy-options {
policy-statement load-balancing {
term 1 {
then {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
load-balance per-packet;
}
}
}
}
[edit]
lab@R3# show | find routing-options
routing-options {
forwarding-table {
export load-balancing;
}
}
351
.
352
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
• R1
[edit]
lab@R1# show | find routing-instances
routing-instances {
CE1 {
instance-type vrf;
interface ge-0/0/5.318;
vrf-import CE1-import;
vrf-export CE1-export;
protocols {
ospf {
domain-id 2;
preference 180;
export CE1-bgp-to-ospf;
area 0.0.0.0 {
interface all;
}
}
}
}
}
[edit]
lab@R1# show | find policy-options
policy-options { 352
policy-statement CE1-bgp-to-ospf {
term 1 {
from protocol bgp;
}
then accept;
}
.
353
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
policy-statement CE1-export {
term 1 {
from protocol ospf;
then {
community add CE1;
community add CE1-domain;
accept;
}
}
}
policy-statement CE1-import {
term 1 {
from {
protocol bgp;
community CE1;
}
then accept;
}
}
community CE1 members target:54591:100;
community CE1-domain members domain:2:0;
}
• R2
[edit]
lab@R2# show | find routing-instances
routing-instances {
CE3-vpls {
instance-type vpls;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
vlan-id 600;
interface ge-0/0/3.601;
vrf-target target:54591:300;
protocols {
vpls {
site-range 8;
mac-table-size {
100;
packet-action drop;
}
no-tunnel-services;
site site-1 {
site-identifier 1;
multi-homing;
site-preference backup;
}
}
}
}
}
• R3
[edit]
lab@R3# show | find routing-instances
routing-instances {
CE3-vpls {
instance-type vpls;
vlan-id 600;
interface ge-0/0/3.600;
vrf-target target:54591:300;
protocols { 353
vpls {
site-range 8;
mac-table-size {
100;
packet-action drop;
}
.
354
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
no-tunnel-services;
site site-2 {
site-identifier 2;
multi-homing;
site-preference primary;
}
}
}
}
}
• R4
[edit]
lab@R4# show | find routing-instances
routing-instances {
CE2-spoke {
instance-type vrf;
interface ge-0/0/5.323;
interface lo0.1;
provider-tunnel {
ldp-p2mp;
}
vrf-import CE2-spoke-import;
vrf-export CE2-spoke-export;
vrf-table-label;
protocols {
bgp {
group ce {
type external;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
peer-as 64600;
as-override;
neighbor 192.168.0.90;
}
}
pim {
rp {
local {
address 172.30.5.253;
}
}
interface all;
}
mvpn {
route-target {
import-target {
target target:54591:202;
}
export-target {
target target:54591:202;
}
}
}
}
}
CE3-vpls {
instance-type vpls;
vlan-id 600;
interface ge-0/0/3.600;
vrf-target target:54591:300;
protocols {
vpls { 354
site-range 8;
mac-table-size {
100;
}
packet-action drop;
no-tunnel-services;
.
355
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
site site-2 {
site-identifier 2;
multi-homing;
site-preference backup;
}
}
}
}
}
[edit]
lab@R4# show | find policy-options
policy-options {
policy-statement CE2-spoke-export {
term 1 {
from protocol [ direct bgp ];
then {
community add CE2-spoke;
accept;
}
}
}
policy-statement CE2-spoke-import {
term 2 {
from {
protocol bgp;
community CE2-hub;
}
then accept;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
community CE2-hub members target:54591:200;
community CE2-spoke members target:54591:201;
}
• R7
[edit]
lab@R7# show | find routing-instances
routing-instances {
CE1 {
instance-type vrf;
interface ge-0/0/5.324;
vrf-import CE1-import;
vrf-export CE1-export;
routing-options {
auto-export;
}
protocols {
ospf {
domain-id 1;
preference 180;
export CE1-bgp-to-ospf;
area 0.0.0.0 {
interface all;
}
}
}
}
CE2-hub {
instance-type vrf;
interface ge-0/0/5.311; 355
interface lo0.1;
vrf-import CE2-hub-import;
vrf-export CE2-hub-export;
vrf-table-label;
routing-options {
interface-routes {
.
356
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
protocols {
bgp {
group ce {
type external;
export default-to-ce;
peer-as 64600;
as-override;
neighbor 192.168.0.46;
}
}
pim {
rp {
local {
address 172.30.5.253;
}
}
interface all;
}
mvpn {
mvpn-mode {
spt-only;
}
route-target {
import-target {
target target:54591:202;
}
export-target {
target target:54591:202;
}
}
} 356
}
}
}
[edit]
lab@R7# show | find policy-options
.
357
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
policy-options {
policy-statement CE1-bgp-to-ospf {
term 1 {
from protocol bgp;
then accept;
}
}
policy-statement CE1-export {
term 1 {
from protocol [ ospf direct ];
then {
community add CE1;
community add CE1-domain;
community add exchange;
accept;
}
}
}
policy-statement CE1-import {
term 1 {
from {
protocol bgp;
community CE1;
}
then accept;
}
term 2 {
from community exchange;
then accept;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
policy-statement CE2-hub-export {
term 1 {
from protocol [ direct bgp ];
then {
community add CE2-hub;
community add exchange;
accept;
}
}
}
policy-statement CE2-hub-import {
term 1 {
then reject;
}
}
policy-statement CE2-routes {
term 1 {
from {
protocol static;
route-filter 172.31.64.0/20 exact;
}
then accept;
}
}
policy-statement CE2-spoke-export {
term 1 {
then reject;
}
}
policy-statement CE2-spoke-import {
term 1 { 357
from {
protocol bgp;
community CE2-spoke;
}
then accept;
}
.
358
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
term 2 {
from community exchange;
then accept;
}
}
policy-statement default-to-ce {
term 1 {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
community CE1 members target:54591:100;
community CE1-domain members domain:1:0;
community CE2-hub members target:54591:200;
community CE2-spoke members target:54591:201;
community exchange members target:54591:111;
}
JNCIE-‐SP workbook: Appendix -‐ Chapter Nine: A Full Day Lab Challenge
358
.
359
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011;
l3vpn-priority 101110;
nc 110000;
}
exp {
be 000;
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate { 359
fill-level [ 25 50 75 ];
}
drop-probability [ 5 15 40 ];
}
high-drop {
interpolate {
.
360
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be; 360
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
.
361
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
priority medium-low;
}
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
}
}
[edit]
lab@R1# show | find firewall
firewall {
family inet {
filter l3vpn-classifier {
term 1 {
from {
dscp be;
} 361
then {
forwarding-class l3vpn;
accept;
}
}
term 2 {
.
362
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
from {
dscp ef;
}
then {
policer l3vpn-priority-policer;
forwarding-class l3vpn-priority;
accept;
}
}
}
}
policer l3vpn-priority-policer {
if-exceeding {
bandwidth-limit 25m;
burst-size-limit 15k;
}
then discard;
}
}
[edit]
lab@R1# show | find interfaces
interfaces {
ge-0/0/5 {
unit 318 {
description "CE1-2 connection";
vlan-id 318;
family inet {
filter {
input l3vpn-classifier;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
address 192.168.0.69/30;
}
}
}
}
• R2
[edit]
lab@R2# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier { 362
forwarding-class be {
}
loss-priority low code-points be;
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
.
363
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011;
l3vpn-priority 101110;
nc 110000;
}
exp {
be 000;
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 { 363
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
.
364
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
forwarding-class be scheduler be-sc;
forwarding-class l3vpn scheduler l3vpn-sc;
forwarding-class l2vpn scheduler l2vpn-sc;
forwarding-class l3vpn-priority scheduler l3vpn-pri-sc;
forwarding-class nc scheduler nc-sc;
}
}
schedulers {
be-sc {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
} 364
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
}
priority medium-low;
l2vpn-sc {
.
365
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R2# show | find firewall
firewall {
family vpls {
filter l2vpn-classifier {
term 1 {
then {
policer l2vpn-policer;
forwarding-class l2vpn;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
policer l2vpn-policer {
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 62k;
}
then loss-priority high;
}
}
[edit]
lab@R2# show | find interfaces
interfaces {
ge-0/0/3 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 601 {
description "CE3-1 connection";
encapsulation vlan-vpls;
vlan-id 601;
family vpls {
filter {
input l2vpn-classifier;
}
}
}
}
}
• R3
365
[edit]
lab@R3# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
.
366
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011;
l3vpn-priority 101110;
nc 110000;
}
exp {
be 000;
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
} 366
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
.
367
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority { 367
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
.
368
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
}
}
[edit]
lab@R3# show | find firewall
firewall {
family vpls {
filter l2vpn-classifier {
term 1 {
then {
policer l2vpn-policer;
forwarding-class l2vpn;
}
}
}
}
policer l2vpn-policer {
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 62k;
} 368
then loss-priority high;
}
}
[edit]
lab@R3# show | find interfaces
.
369
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
interfaces {
ge-0/0/3 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 600 {
description "CE3-2 connection";
encapsulation vlan-vpls;
vlan-id 600;
family vpls {
filter {
input l2vpn-classifier;
}
}
}
}
}
• R4
[edit]
lab@R4# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010; 369
l2vpn-high 001011;
l3vpn-priority 101110;
nc 110000;
}
exp {
be 000;
.
370
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn; 370
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
}
loss-priority high code-point l2vpn-high;
forwarding-class l3vpn-priority {
.
371
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
schedulers {
be-sc {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
}
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5; 371
buffer-size percent 5;
}
priority high;
}
}
.
372
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R4# show | find firewall
firewall {
family inet {
filter l3vpn-classifier {
term 1 {
from {
dscp be;
}
then {
forwarding-class l3vpn;
accept;
}
}
term 2 {
from {
dscp ef;
}
then {
policer l3vpn-priority-policer;
forwarding-class l3vpn-priority;
accept;
}
}
}
}
family vpls {
filter l2vpn-classifier {
term 1 {
then {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
policer l2vpn-policer;
forwarding-class l2vpn;
}
}
}
}
policer l3vpn-priority-policer {
if-exceeding {
bandwidth-limit 25m;
burst-size-limit 15k;
}
then discard;
}
policer l2vpn-policer {
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 62k;
}
then loss-priority high;
}
}
[edit]
lab@R4# show | find interfaces
interfaces {
ge-0/0/3 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 600 {
description "CE3-2 connection";
encapsulation vlan-vpls;
vlan-id 600; 372
family vpls {
filter {
input l2vpn-classifier;
}
}
}
.
373
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
ge-0/0/5 {
vlan-tagging;
unit 323 {
description "CE2-2 connection";
vlan-id 323;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.89/30;
}
}
}
}
• R5
[edit]
lab@R5# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011; 373
l3vpn-priority 101110;
}
nc 110000;
exp {
be 000;
l3vpn 001;
.
374
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
} 374
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
.
375
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
forwarding-class be scheduler be-sc;
forwarding-class l3vpn scheduler l3vpn-sc;
forwarding-class l2vpn scheduler l2vpn-sc;
forwarding-class l3vpn-priority scheduler l3vpn-pri-sc;
forwarding-class nc scheduler nc-sc;
}
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
schedulers {
be-sc {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
}
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5; 375
priority high;
}
}
}
.
376
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
• R6
[edit]
lab@R6# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011;
l3vpn-priority 101110;
nc 110000;
}
exp {
be 000;
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ]; 376
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
.
377
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn { 377
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
.
378
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
forwarding-class be scheduler be-sc;
forwarding-class l3vpn scheduler l3vpn-sc;
forwarding-class l2vpn scheduler l2vpn-sc;
forwarding-class l3vpn-priority scheduler l3vpn-pri-sc;
forwarding-class nc scheduler nc-sc;
}
}
schedulers {
be-sc {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
}
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
}
}
• R7
[edit]
lab@R7# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn { 378
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
.
379
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
}
}
exp mpls-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
}
}
code-point-aliases {
dscp {
be 000000;
l3vpn 001000;
l2vpn-low 001010;
l2vpn-high 001011;
l3vpn-priority 101110;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
nc 110000;
}
exp {
be 000;
l3vpn 001;
l2vpn-low 010;
l2vpn-high 011;
l3vpn-priority 101;
}
}
drop-profiles {
low-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces { 379
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
.
380
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
forwarding-class be scheduler be-sc;
forwarding-class l3vpn scheduler l3vpn-sc;
forwarding-class l2vpn scheduler l2vpn-sc;
forwarding-class l3vpn-priority scheduler l3vpn-pri-sc; 380
forwarding-class nc scheduler nc-sc;
}
}
schedulers {
be-sc {
transmit-rate {
.
381
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
remainder;
}
buffer-size {
remainder;
}
priority low;
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
}
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
}
}
[edit]
lab@R7# show | find firewall
firewall {
family inet {
filter l3vpn-classifier {
term 1 {
from {
dscp be;
}
then {
forwarding-class l3vpn;
accept;
}
}
term 2 {
from {
dscp ef;
}
then {
policer l3vpn-priority-policer;
forwarding-class l3vpn-priority;
accept;
}
}
}
}
policer l3vpn-priority-policer {
if-exceeding { 381
bandwidth-limit 25m;
}
burst-size-limit 15k;
}
then discard;
}
.
382
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
[edit]
lab@R7# show | find interfaces
interfaces {
ge-0/0/5 {
vlan-tagging;
unit 311 {
description "CE2-1 connection hub";
vlan-id 311;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.41/30;
}
}
unit 312 {
description "CE2-1 connection spoke";
vlan-id 312;
family inet {
filter {
input l3vpn-classifier;
}
address 192.168.0.45/30;
}
}
unit 324 {
description "CE1-1 connection";
vlan-id 324;
family inet {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
filter {
input l3vpn-classifier;
}
address 192.168.0.93/30;
}
}
}
}
• R8
[edit]
lab@R8# show | find class-of-service
class-of-service {
classifiers {
dscp dscp-classifier {
forwarding-class be {
loss-priority low code-points be;
}
forwarding-class l3vpn {
loss-priority low code-points l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-points l2vpn-low;
loss-priority high code-points l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-points l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-points nc;
} 382
}
exp mpls-classifier {
forwarding-class be {
}
loss-priority low code-points be;
forwarding-class l3vpn {
.
383
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 5 15 40 ];
}
}
high-drop {
interpolate {
fill-level [ 25 50 75 ];
drop-probability [ 10 30 65 ];
}
}
}
forwarding-classes {
queue 0 be;
queue 1 l3vpn;
queue 2 l2vpn;
queue 3 l3vpn-priority;
queue 4 nc;
}
interfaces {
ge-0/0/4 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
} 383
}
ae0 {
scheduler-map core-interfaces;
unit * {
classifiers {
dscp dscp-classifier;
.
384
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
exp mpls-classifier;
}
rewrite-rules {
dscp dscp-rewriter;
exp mpls-rewriter protocol mpls-inet-both;
}
}
}
}
rewrite-rules {
dscp dscp-rewriter {
forwarding-class be {
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
forwarding-class nc {
loss-priority low code-point nc;
}
}
exp mpls-rewriter {
forwarding-class be {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
loss-priority low code-point be;
}
forwarding-class l3vpn {
loss-priority low code-point l3vpn;
}
forwarding-class l2vpn {
loss-priority low code-point l2vpn-low;
loss-priority high code-point l2vpn-high;
}
forwarding-class l3vpn-priority {
loss-priority low code-point l3vpn-priority;
}
}
}
scheduler-maps {
core-interfaces {
forwarding-class be scheduler be-sc;
forwarding-class l3vpn scheduler l3vpn-sc;
forwarding-class l2vpn scheduler l2vpn-sc;
forwarding-class l3vpn-priority scheduler l3vpn-pri-sc;
forwarding-class nc scheduler nc-sc;
}
}
schedulers {
be-sc {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low; 384
drop-profile-map loss-priority any protocol any drop-profile high-drop;
}
l3vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-low;
.
385
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
l2vpn-sc {
transmit-rate percent 20;
buffer-size percent 20;
priority medium-high;
drop-profile-map loss-priority low protocol any drop-profile low-drop;
drop-profile-map loss-priority high protocol any drop-profile high-
drop;
}
l3vpn-pri-sc {
transmit-rate percent 10;
buffer-size temporal 5k;
priority high;
}
nc-sc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
}
}
JNCIE-‐SP workbook: Appendix -‐ Chapter Nine: A Full Day Lab Challenge
385
.
386
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp {
boot-server 10.10.1.100;
server 10.10.1.100;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
description "OoB management connection";
family inet {
address 10.10.1.19/24;
}
}
}
ge-0/0/1 {
vlan-tagging;
unit 206 {
vlan-id 206;
family inet {
address 172.30.0.66/30;
}
family mpls;
} 386
unit 207 {
vlan-id 207;
family inet {
}
address 172.30.0.70/30;
family mpls;
.
387
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
}
}
lo0 {
unit 0 {
family inet {
address 172.30.5.41/32;
}
}
}
}
routing-options {
aggregate {
route 172.30.0.0/16;
}
router-id 172.30.5.41;
autonomous-system 54591 loops 3;
}
protocols {
mpls {
ipv6-tunneling;
interface all;
}
bgp {
group cluster-1 {
type internal;
local-address 172.30.5.41;
family inet {
unicast;
labeled-unicast {
rib {
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
inet.3;
}
}
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$8b17wgPfzn9pikmT39OB8X7Vs4"; ## SECRET-DATA
cluster 0.0.0.1;
neighbor 172.30.5.1;
neighbor 172.30.5.6;
neighbor 172.30.5.7;
neighbor 172.30.5.8;
}
group cluster-2 {
type internal;
local-address 172.30.5.41;
family inet {
unicast; 387
labeled-unicast {
rib {
inet.3;
}
}
}
.
388
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
family l2vpn {
signaling;
}
family inet-mvpn {
signaling;
}
family route-target;
authentication-key "$9$qf39yrv8xdIESeWxwsqmfznC"; ## SECRET-DATA
cluster 0.0.0.2;
neighbor 172.30.5.2;
neighbor 172.30.5.3;
neighbor 172.30.5.4;
neighbor 172.30.5.5;
}
group P2-remote-pe {
type external;
multihop {
no-nexthop-change;
}
local-address 172.30.5.41;
import CE2-vpn-target-import;
JNCIE-‐SP
workbook:
Appendix
-‐
Chapter
Nine:
A
Full
Day
Lab
Challenge
family inet-vpn {
unicast;
}
export CE2-vpn-target-export;
peer-as 23456;
neighbor 172.17.47.3;
}
}
ospf {
area 0.0.0.0 {
interface ge-0/0/1.206 {
interface-type p2p;
ldp-synchronization;
}
interface ge-0/0/1.207 {
interface-type p2p;
ldp-synchronization;
}
interface lo0.0;
}
}
ldp {
track-igp-metric;
interface ge-0/0/1.206;
interface ge-0/0/1.207;
interface lo0.0;
session 172.30.5.1 {
authentication-key "$9$pim5Bclws4JUH7-b2aU.mp0BESe"; ## SECRET-DATA
}
session 172.30.5.2 {
authentication-key "$9$/ibCt1hN-w2oGWL7VYoji/CtOIc"; ## SECRET-DATA
} 388
}
}
policy-options {
policy-statement CE2-vpn-target-export {
term 1 {
from {
.
389
iNET
ZERO
lab
preparation
workbook
for
the
JNCIE-‐SP
Lab
Exam
–
version
1.1
protocol bgp;
community CE2-hub;
}
then {
community delete CE2-hub;
community add CE2-remote;
accept;
}
}
}
policy-statement CE2-vpn-target-import {
term 1 {
from {
protocol bgp;
community CE2-remote;
}
then {
community delete CE2-remote;
community add CE2-hub;
accept;
}
}
}
community CE2-hub members target:54591:200;
community CE2-remote members target:43208:200;
}
JNCIE-‐SP workbook: Appendix -‐ Chapter Nine: A Full Day Lab Challenge
389
.