Professional Documents
Culture Documents
10.a
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
Lab 4:
Lab 5:
Lab 6:
Contents iii
Lab 7:
Lab 8:
Lab 9:
Lab 10:
Lab 11:
Lab 12:
iv Contents
Lab 13:
Contents v
vi Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, next-generation
multicast virtual private networks (MVPNs), BGP Layer 2 VPNs, LDP Layer 2 Circuits, and virtual
private LAN service (VPLS). This course also covers Junos operating system-specific
implementations of Layer 2 control instances and active interface for VPLS. This course is based on
the Junos OS Release 10.3R1.9.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations.
Objectives
After successfully completing this course, you should be able to:
www.juniper.net
Explain the two label distribution protocols used by the Junos OS.
Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
Describe administrative groups and how they can be used to influence path selection.
Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer
Edge (CE) routers.
vi Course Overview
Create a routing instance, assign interfaces, create routes, and import and export
routes within the routing instance using route distinguishers and route targets.
Explain the purpose of BGP extended communities and how to configure and use
these communities.
Explain the issues with the support of traffic originating on multiaccess VPN routing
and forwarding table (VRF table) interfaces.
Describe the three methods for providing Layer 3 VPN customers with Internet access.
Describe how the auto-export command and routing table groups can be used to
support communications between sites attached to a common PE router.
Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security
(IPsec) tunnels in Layer 3 VPNs.
Describe the flow of control traffic and data traffic in a next-generation MVPN.
Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.
Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.
Configure a BGP Layer 2 VPN and describe the benefits and requirements of
over-provisioning.
Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.
Describe the flow of control and data traffic for an LDP Layer 2 circuit.
Explain the purpose of the PE device, the CE device, and the P device.
Troubleshoot VPLS.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Junos MPLS and VPNs (JMV) is an advanced-level course.
Prerequisites
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also have
familiarity with the Protocol Independent MulticastSparse Mode (PIM-SM) protocol. Students
should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials
(JRE), and Junos Service Provider Switching (JSPX) courses prior to attending this class.
www.juniper.net
Course Agenda
Day 1
Chapter 1:
Course Introduction
Chapter 2:
MPLS Fundamentals
Lab 1: MPLS Fundamentals
Chapter 3:
Chapter 4:
Day 2
Chapter 5:
Chapter 6:
Chapter 7:
VPN Review
Chapter 8:
Layer 3 VPNs
Lab 6: VPN Baseline Configuration
Day 3
Chapter 9:
Day 4
Chapter 13: Multicast VPNs
Chapter 14: BGP Layer 2 VPNs
Lab 10: BGP Layer 2 VPNs
Chapter 15: Layer 2 VPN Scaling and COS
Chapter 16: LDP Layer 2 Circuits
Lab 11: Circuit Cross Connect and LDP Layer Circuits
Chapter 17: Virtual Private LAN Service
Day 5
Chapter 18: VPLS Configuration
Lab 12: Virtual Private LAN Service
Chapter 19: Interprovider VPNs
Lab 13: Carrier-of-Carrier VPNs (Detailed)
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
GUI Undefined
www.juniper.net
Document Conventions ix
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
x Additional Information
www.juniper.net
Lab 1
MPLS Fundamentals (Detailed)
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
www.juniper.net
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
Step 1.4
Log in as user lab with the password supplied by your instructor.
mxA-1 (ttyp0)
login: lab
Password:
--- JUNOS 10.3R1.9 built 2010-08-13 12:48:28 UTC
lab@mxA-1>
Step 1.5
Enter configuration mode and load the reset configuration file
jmv-reset-RouterName and commit. For example: team mxA-1 would load
configuration file jmv-reset-mxA-1.
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# load override jmv-reset-mxA-1
load complete
[edit]
lab@mxA-1# commit
commit complete
www.juniper.net
Step 1.6
Navigate to the [edit interfaces] hierarchy level.
[edit]
lab@mxA-1# edit interfaces
[edit interfaces]
lab@mxA-1#
Step 1.7
Refer to the network diagram and configure the interfaces for your assigned device.
Use the virtual local area network (VLAN) ID as the logical unit value for the tagged
interface. Use logical unit 0 for all other interfaces. Remember to configure the
loopback interface!
[edit interfaces]
lab@mxA-1# set ge-1/0/0 vlan-tagging
[edit interfaces]
lab@mxA-1# set ge-1/0/0 unit 2xy vlan-id 2xy
[edit interfaces]
lab@mxA-1# set ge-1/0/0 unit 2xy family inet address 172.22.2xy.1/24
[edit interfaces]
lab@mxA-1# set ge-1/0/1 vlan-tagging
[edit interfaces]
lab@mxA-1# set ge-1/0/1 unit 2xy vlan-id 2xy
[edit interfaces]
lab@mxA-1# set ge-1/0/1 unit 2xy family inet address 172.22.2xy.1/24
[edit interfaces]
lab@mxA-1# set lo0 unit 0 family inet address 192.168.x.y/32
Step 1.8
Display the interface configuration and ensure that it matches the details outlined
on the network diagram for this lab. When you are comfortable with the interface
configuration, issue the commit-and-quit command to activate the
configuration and return to operational mode.
[edit interfaces]
lab@mxA-1# show
ge-1/0/0 {
vlan-tagging;
unit 210 {
vlan-id 210;
family inet {
address 172.22.210.1/24;
}
}
}
www.juniper.net
ge-1/0/1 {
vlan-tagging;
unit 211 {
vlan-id 211;
family inet {
address 172.22.211.1/24;
}
}
}
fxp0 {
description "MGMT INTERFACE - DO NOT DELETE";
unit 0 {
family inet {
address 10.210.15.1/27;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.1.1/32;
}
}
}
[edit interfaces]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 1.9
Issue the show interfaces terse command to verify the current state of the
recently configured interfaces.
lab@mxA-1> show interfaces terse
Interface
Admin Link Proto
Local
ge-1/0/0
up
up
ge-1/0/0.210
up
up
inet
172.22.210.1/24
multiservice
ge-1/0/0.32767
up
up
multiservice
lc-1/0/0
up
up
lc-1/0/0.32769
up
up
vpls
ge-1/0/1
up
up
ge-1/0/1.211
up
up
inet
172.22.211.1/24
multiservice
ge-1/0/1.32767
up
up
multiservice
ge-1/0/2
up
up
ge-1/0/3
up
up
ge-1/0/4
up
up
ge-1/0/5
up
up
ge-1/0/6
up
up
ge-1/0/7
up
up
ge-1/0/8
up
up
www.juniper.net
Remote
ge-1/0/9
ge-1/1/0
lc-1/1/0
lc-1/1/0.32769
ge-1/1/1
ge-1/1/2
ge-1/1/3
ge-1/1/4
ge-1/1/5
ge-1/1/6
ge-1/1/7
ge-1/1/8
ge-1/1/9
ge-1/2/0
lc-1/2/0
lc-1/2/0.32769
ge-1/2/1
ge-1/2/2
ge-1/2/3
ge-1/2/4
ge-1/2/5
ge-1/2/6
ge-1/2/7
ge-1/2/8
ge-1/2/9
ge-1/3/0
lc-1/3/0
lc-1/3/0.32769
ge-1/3/1
ge-1/3/2
ge-1/3/3
ge-1/3/4
ge-1/3/5
ge-1/3/6
ge-1/3/7
ge-1/3/8
ge-1/3/9
cbp0
demux0
dsc
em0
em0.0
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
down
up
up
down
down
down
up
up
up
up
up
up
down
up
up
down
down
down
down
down
down
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
up
up
up
up
up
vpls
vpls
vpls
inet
inet6
tnp
em1
em1.0
up
up
up
up
inet
tnp
10.0.0.4/8
128.0.0.4/2
fe80::200:1ff:fe00:4/64
fec0::a:0:0:4/64
0x4
inet
10.210.15.1/27
inet6
fxp0
fxp0.0
gre
up
up
up
up
up
up
10.0.0.4/8
128.0.0.4/2
fe80::200:ff:fe00:4/64
fec0::a:0:0:4/64
0x4
www.juniper.net
ipip
irb
lo0
lo0.0
lo0.16384
lo0.16385
lsi
mtun
pimd
pime
pip0
pp0
tap
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
inet
inet
inet
192.168.1.1
127.0.0.1
--> 0/0
--> 0/0
www.juniper.net
*[Direct/0] 19:49:58
> via fxp0.0
*[Local/0] 19:49:58
Local via fxp0.0
*[Direct/0] 00:27:19
> via ge-1/0/0.210
*[Local/0] 00:27:19
Local via ge-1/0/0.210
*[Direct/0] 00:27:19
> via ge-1/0/1.211
*[Local/0] 00:27:19
Local via ge-1/0/1.211
*[Direct/0] 00:27:19
> via lo0.0
Step 1.12
Configure the core facing interfaces in area 0.0.0.0. Remember to add the loopback
interface.
[edit protocols ospf]
lab@mxA-1# set area 0 interface ge-1/0/0.2xy
[edit protocols ospf]
lab@mxA-1# set area 0 interface ge-1/0/1.2xy
[edit protocols ospf]
lab@mxA-1# set area 0 interface lo0
Step 1.13
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.
www.juniper.net
State
Full
Full
ID
192.168.5.1
192.168.5.2
Pri
128
128
Dead
36
37
www.juniper.net
Step 1.16
Navigate to the [edit protocols bgp] hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote teams router. Refer to the network diagram for this lab as necessary.
[edit]
lab@mxA-1# edit protocols bgp
[edit protocols bgp]
lab@mxA-1# set group my-int-group type internal
[edit protocols bgp]
lab@mxA-1# set group my-int-group local-address 192.168.x.y
[edit protocols bgp]
lab@mxA-1# set group my-int-group neighbor 192.168.x.y
[edit protocols bgp]
lab@mxA-1# commit
commit complete
Step 1.17
Issue the run show bgp summary command to view the current BGP summary
information for your device.
[edit protocols bgp]
lab@mxA-1# run show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
Pending
inet.0
0
0
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.1.2
65512
3
3
0
8
1 0/
0/0/0
0/0/0/0
www.juniper.net
STOP
www.juniper.net
Step 2.2
Review the virtual router configuration up to this point by issuing the command
show.
[edit routing-instances ce1-1]
lab@mxA-1# show
instance-type virtual-router;
interface ge-1/1/4.0; ## 'ge-1/1/4.0' is not defined
interface lo0.1; ## 'lo0.1' is not defined
www.juniper.net
Step 2.4
Verify connectivity from CE to PE router using the ping utility.
lab@mxA-1> ping 10.0.xy.1 routing-instance cex-y
PING 10.0.10.1 (10.0.10.1): 56 data bytes
64 bytes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.800 ms
64 bytes from 10.0.10.1: icmp_seq=1 ttl=64 time=0.379 ms
64 bytes from 10.0.10.1: icmp_seq=2 ttl=64 time=0.432 ms
64 bytes from 10.0.10.1: icmp_seq=3 ttl=64 time=0.403 ms
64 bytes from 10.0.10.1: icmp_seq=4 ttl=64 time=0.406 ms
^C
--- 10.0.10.1 ping statistics --5packets transmitted, 5packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.379/0.473/0.800/0.147 ms
Note
www.juniper.net
www.juniper.net
Step 2.8
Navigate to the [edit policy-options] hierarchy and configure a policy
named ce-export-loopback. Allow your CE loopback address to be exported.
After creating the policy, navigate to the virtual router and apply this new policy as an
export policy to your EBGP group. Commit and exit to operational mode after you are
satisfied with your configuration.
[edit]
lab@mxA-1# edit policy-options
[edit policy-options]
lab@mxA-1# set policy-statement ce-export-loopback term 1 from protocol direct
[edit policy-options]
lab@mxA-1# set policy-statement ce-export-loopback term 1 from route-filter
192.168.1x.y exact
www.juniper.net
[edit policy-options]
lab@mxA-1# set policy-statement ce-export-loopback term 1 then accept
[edit policy-options]
lab@mxA-1# top edit routing-instances cex-y
[edit routing-instances ce1-1]
lab@mxA-1# set protocols bgp group my-ext-group export ce-export-loopback
[edit routing-instances ce1-1]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 2.9
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
lab@mxA-1> show route advertising-protocol bgp 10.0.xy.1
ce1-1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.1/32
Self
I
lab@mxA-1> show route advertising-protocol bgp 192.168.x.y
inet.0: 41 destinations, 41 routes (41 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.1/32
10.0.10.2
100
65101 I
Note
www.juniper.net
www.juniper.net
www.juniper.net
Note
Answer: Yes, you should now see the route for the
remote CE loopback. If you do not see this route
please review your configuration and consult with
the remote team to verify correct configuration. If
necessary, please consult the instructor.
Step 2.14
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
lab@mxA-1> show route receive-protocol bgp 10.0.xy.1
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.2/32
10.0.10.1
65512 65102 I
lab@mxA-1> show route table cex-y.inet.0
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.10.0/24
10.0.10.2/32
192.168.11.1/32
www.juniper.net
*[Direct/0] 03:29:45
> via ge-1/1/4.0
*[Local/0] 03:29:45
Local via ge-1/1/4.0
*[Direct/0] 03:29:45
> via lo0.1
MPLS Fundamentals (Detailed) Lab 119
192.168.11.2/32
STOP
Step 3.2
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
[edit interfaces]
lab@mxA-1# top edit protocols mpls
[edit protocols mpls]
lab@mxA-1# set interface all
[edit protocols mpls]
lab@mxA-1# set interface fxp0 disable
www.juniper.net
Step 3.3
Commit the configuration changes. Issue the command run show route table
mpls.0 command to verify that the mpls table has been created.
[edit protocols mpls]
lab@mxA-1# commit
commit complete
[edit protocols mpls]
lab@mxA-1# run show route table mpls.0
mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0
1
2
www.juniper.net
Step 3.5
Create a static LSP named my-static-lsp with the egress address of the
remote PE loopback.
[edit protocols mpls]
lab@mxA-1# set static-label-switched-path my-static-lsp ingress to 192.168.x.y
Step 3.6
Navigate to the [edit protocols mpls static-label-switched-path
my-static-lsp ingress] hierarchy. Configure the next-hop for the LSP and
assign the appropriate label to the LSP. Please consult the lab diagram titled Lab 1:
Parts 2-3Static LSPs for the path and label to be assigned. Review your
configuration and after you are satisfied with the configuration, commit the changes
and exit to operational mode.
[edit protocols mpls]
lab@mxA-1# edit static-label-switched-path my-static-lsp ingress
[edit protocols mpls static-label-switched-path my-static-lsp ingress]
lab@mxA-1# set next-hop 172.22.2xy.2
[edit protocols mpls static-label-switched-path my-static-lsp ingress]
lab@mxA-1# set push 1000x0y
[edit protocols mpls static-label-switched-path my-static-lsp ingress]
lab@mxA-1# show
next-hop 172.22.210.2;
to 192.168.1.2;
push 1000101;
[edit protocols mpls static-label-switched-path my-static-lsp ingress]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 3.7
Issue the show mpls static-lsp ingress command to view the current
status of the recently configured LSP.
lab@mxA-1> show mpls static-lsp ingress
Ingress LSPs:
LSPname
To
my-static-lsp
192.168.1.2
Total 1, displayed 1, Up 1, Down 0
State
Up
www.juniper.net
Step 3.8
Review the route being used for the remote CE routers loopback by issuing the
show route 192.168.1x.y command.
lab@mxA-1> show route 192.168.1x.y
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.11.2/32
Packets
0
Bytes
0
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
192.168.1x.y source 192.168.1x.y count 10 rapid
routing-instance cex-y command.
lab@mxA-1> ping 192.168.1x.y source 192.168.1x.y count 10 rapid
routing-instance cex-y
PING 192.168.11.2 (192.168.11.2): 56 data bytes
www.juniper.net
!!!!!!!!!!
--- 192.168.11.2 ping statistics --10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.554/0.577/0.687/0.037 ms
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
lab@mxA-1> show mpls static-lsp statistics ingress
Ingress LSPs:
LSPname
To
State
my-static-lsp
192.168.1.2
Up
Total 1, displayed 1, Up 1, Down 0
Packets
10
Bytes
880
STOP
www.juniper.net
Lab 2
Label Distribution Protocols (Detailed)
Overview
This lab demonstrates configuration and monitoring of Resource Reservation Protocol
(RSVP) and Label Distribution (LDP) signalled label switched path (LSP) features on
routers running the Junos operating system. In this lab, you use the command-line
interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol
(BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
36
36
Step 1.2
Verify connectivity from CE to PE router using the ping utility.
lab@mxA-1> ping 10.0.xy.1 routing-instance cex-y
PING 10.0.10.1 (10.0.10.1): 56 data bytes
64 bytes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.800 ms
64 bytes from 10.0.10.1: icmp_seq=1 ttl=64 time=0.379 ms
64 bytes from 10.0.10.1: icmp_seq=2 ttl=64 time=0.432 ms
64 bytes from 10.0.10.1: icmp_seq=3 ttl=64 time=0.403 ms
64 bytes from 10.0.10.1: icmp_seq=4 ttl=64 time=0.406 ms
^C
--- 10.0.10.1 ping statistics --5packets transmitted, 5packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.379/0.473/0.800/0.147 ms
www.juniper.net
Step 1.3
Verify the BGP neighbor relationship is established before moving on to the next
step.
lab@mxA-1> show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
Pending
inet.0
0
0
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
10.0.10.1
65512
3
3
0
0
12 Establ
ce1-1.inet.0: 0/0/0/0
10.0.10.2
65101
2
3
0
0
12 0/
0/0/0
0/0/0/0
192.168.1.2
65512
242
241
0
8
1:47:21 0/
0/0/0
0/0/0/0
Step 1.4
Enter back into configuration mode. Navigate to the [edit policy-options]
hierarchy and configure a policy named vr-export-loopback. Allow your CE
router loopback address to be accepted. After creating the policy, navigate to the
virtual router and apply this new policy as an export policy to your EBGP group.
Commit and exit to operational mode after you are satisfied with your configuration.
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# edit policy-options
[edit policy-options]
lab@mxA-1# set policy-statement vr-export-loopback term 1 from protocol direct
[edit policy-options]
lab@mxA-1# set policy-statement vr-export-loopback term 1 from route-filter
192.168.1x.y exact
[edit policy-options]
lab@mxA-1# set policy-statement vr-export-loopback term 1 then accept
[edit policy-options]
lab@mxA-1# top edit routing-instances cex-y
[edit routing-instances ce1-1]
lab@mxA-1# set protocols bgp group my-ext-group export vr-export-loopback
[edit routing-instances ce1-1]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Step 1.5
Verify that you are advertising the loopback address to your EBGP peer. Next, verify
you are advertising the EBGP route from your PE router to your IBGP peer.
lab@mxA-1> show route advertising-protocol bgp 10.0.xy.1
ce1-1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.1/32
Self
I
lab@mxA-1> show route advertising-protocol bgp 192.168.x.y
inet.0: 41 destinations, 41 routes (41 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.1/32
10.0.10.2
100
65101 I
Note
Step 1.7
Take an extensive look at the hidden route and determine why the route is hidden.
lab@mxA-1> show route 192.168.1x.y hidden extensive
inet.0: 42 destinations, 42 routes (41 active, 0 holddown, 1 hidden)
192.168.11.2/32 (1 entry, 0 announced)
BGP
Preference: 170/-101
Next hop type: Unusable
Next-hop reference count: 1
State: <Hidden Int Ext>
Local AS: 65512 Peer AS: 65512
Age: 1:02:44
Task: BGP_65512.192.168.1.2+59586
AS path: 65102 I
Accepted
Localpref: 100
Router ID: 192.168.1.2
Indirect next hops: 1
Protocol next hop: 10.0.11.2
Indirect next hop: 0 Lab 24 Label Distribution Protocols (Detailed)
www.juniper.net
Note
Answer: Yes, you should now see the route for the
remote CE loopback. If you do not see this route
please review your configuration and consult with
the remote team to verify correct configuration. If
necessary, please consult the instructor.
Step 1.10
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
lab@mxA-1> show route receive-protocol bgp 10.0.xy.1
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 192.168.11.2/32
10.0.10.1
65512 65102 I
lab@mxA-1> show route table cex-y.inet.0
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
Lab 26 Label Distribution Protocols (Detailed)
www.juniper.net
10.0.10.0/24
10.0.10.2/32
192.168.11.1/32
192.168.11.2/32
*[Direct/0] 03:29:45
> via ge-1/1/4.0
*[Local/0] 03:29:45
Local via ge-1/1/4.0
*[Direct/0] 03:29:45
> via lo0.1
*[BGP/170] 00:08:57, localpref 100
AS path: 65512 65102 I
> to 10.0.10.1 via ge-1/1/4.0
STOP
www.juniper.net
Step 2.2
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
[edit interfaces]
lab@mxA-1# top edit protocols mpls
[edit protocols mpls]
lab@mxA-1# set interface all
[edit protocols mpls]
lab@mxA-1# set interface fxp0 disable
Step 2.3
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
[edit protocols mpls]
lab@mxA-1# commit
commit complete
[edit protocols mpls]
lab@mxA-1# run show mpls interface
Interface
State
Administrative groups
ge-1/0/0.210
Up
<none>
ge-1/0/1.211
Up
<none>
Step 2.4
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume unit 0 if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
[edit protocols mpls]
lab@mxA-1# top edit protocols rsvp
[edit protocols rsvp]
lab@mxA-1# set interface ge-1/0/0.2xy
[edit protocols rsvp]
lab@mxA-1# set interface ge-1/0/1.2xy
[edit protocols rsvp]
lab@mxA-1# show
interface ge-1/0/0.210;
interface ge-1/0/1.211;
[edit protocols rsvp]
lab@mxA-1# commit
commit complete
www.juniper.net
www.juniper.net
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
lab@mxA-1> show mpls lsp
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.1.2
192.168.1.1
Up
1 *
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To
From
State
192.168.1.1
192.168.1.2
Up
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
pe1-to-pe2-1
www.juniper.net
192.168.1.2
From: 192.168.1.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-1
ActivePath: (primary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.210.2 172.22.201.2 172.22.206.2 172.22.212.1
4 Jul 15 14:24:41.556 Selected as active path
3 Jul 15 14:24:41.553 Record Route: 172.22.210.2 172.22.201.2 172.22.206.2
172.22.212.1
2 Jul 15 14:24:41.552 Up
1 Jul 15 14:24:41.525 Originate Call
Created: Thu Jul 15 14:24:41 2010
Total 1 displayed, Up 1, Down 0
pe1-to-pe2-1
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.11.2/32
www.juniper.net
Step 2.9
Verify the remote CE routers loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Verify these ICMP
packets traversed the LSP by displaying the traffic statistics for the LSP.
lab@mxA-1> ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5
PING 192.168.11.2 (192.168.11.2): 56 data bytes
64 bytes from 192.168.11.2: icmp_seq=0 ttl=59 time=0.710 ms
64 bytes from 192.168.11.2: icmp_seq=1 ttl=59 time=0.670 ms
64 bytes from 192.168.11.2: icmp_seq=2 ttl=59 time=0.624 ms
64 bytes from 192.168.11.2: icmp_seq=3 ttl=59 time=0.680 ms
64 bytes from 192.168.11.2: icmp_seq=4 ttl=59 time=0.659 ms
--- 192.168.11.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.624/0.669/0.710/0.028 ms
lab@mxA-1> show mpls lsp statistics ingress
Ingress LSP: 1 sessions
To
From
State
Packets
192.168.1.2
192.168.1.1
Up
5
Total 1 displayed, Up 1, Down 0
STOP
Bytes LSPname
440 lsp-to-mxA-2
www.juniper.net
Step 3.2
Apply the ERO you just created as the primary path used by the LSP you
configured in Part 2. If you do not remember what the LSP name was, you can use
the question mark option to display the LSPs that are configured on the router.
Review the configuration changes before committing and exiting to operational
mode.
[edit protocols mpls]
lab@mxA-1# set label-switched-path ?
Possible completions:
<path_name>
Name of path
pe1-to-pe2-1
Name of path
[edit protocols mpls]
lab@mxA-1# set label-switched-path pey-to-pez-x primary my-ERO
[edit protocols mpls]
lab@mxA-1# show
no-cspf;
label-switched-path pe1-to-pe2-1 {
to 192.168.1.2;
primary my-ERO;
}
path my-ERO {
172.22.211.2 strict;
192.168.5.3 loose;
}
interface all;
interface fxp0.0 {
disable;
}
[edit protocols mpls]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Step 3.3
Verify the status of your LSP using the show mpls lsp ingress command.
lab@mxA-1> show mpls lsp ingress
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.1.2
192.168.1.1
Up
1 *
Total 1 displayed, Up 1, Down 0
ActivePath
my-ERO
LSPname
pe1-to-pe2-1
www.juniper.net
Step 4.2
Navigate to the [edit protocols ldp] hierarchy and add the interface
all statement. As good practice, remember to disable the management interface.
After making the configuration changes commit and exit to operation mode for
verification.
[edit]
lab@mxA-1# edit protocols ldp
[edit protocols ldp]
lab@mxA-1# set interface all
[edit protocols ldp]
lab@mxA-1# set interface fxp0 disable
[edit protocols ldp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Step 4.3
Verify the proper interfaces are participating in LDP by issuing the command show
ldp interface.
lab@mxA-1> show ldp interface
Interface
Label space ID
lo0.0
192.168.1.1:0
ge-1/0/0.210
192.168.1.1:0
ge-1/0/1.211
192.168.1.1:0
Nbr count
0
1
1
Next hello
0
1
2
Connection
Open
Open
Hold time
26
26
www.juniper.net
192.168.11.2/32
Step 4.6
Verify the remote CE routers loopback is reachable from your local CE router by
sending five ICMP packets. Verify these ICMP packets traversed the LSP by
displaying the traffic statistics for the LSP.
lab@mxA-1> ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5
PING 192.168.11.2 (192.168.11.2): 56 data bytes
64 bytes from 192.168.11.2: icmp_seq=0 ttl=59 time=0.702 ms
64 bytes from 192.168.11.2: icmp_seq=1 ttl=59 time=0.670 ms
64 bytes from 192.168.11.2: icmp_seq=2 ttl=59 time=0.600 ms
64 bytes from 192.168.11.2: icmp_seq=3 ttl=59 time=0.632 ms
64 bytes from 192.168.11.2: icmp_seq=4 ttl=59 time=0.661 ms
lab@mxA-1> show ldp traffic-statistics
FEC
Type
192.168.1.2/32
Transit
Ingress
192.168.3.1/32
Transit
Ingress
192.168.3.2/32
Transit
Ingress
192.168.5.1/32
Transit
Ingress
192.168.5.2/32
Transit
Ingress
192.168.5.3/32
Transit
Ingress
192.168.5.4/32
Transit
Ingress
192.168.5.5/32
Transit
Ingress
192.168.5.6/32
Transit
Ingress
Packets
0
5
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Bytes
0
440
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Shared
No
No
No
No
No
No
No
No
No
No
No
No
No
No
No
No
No
No
STOP
www.juniper.net
Step 5.2
Review the routing table to determine what route is being used to carry traffic to the
remote CE network. Please note that the route might not change right away. It can
take a few moments to update the routing table.
[edit]
lab@mxA-1# run show route 192.168.1x.y
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.11.2/32
pe1-to-pe2-1
ce1-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.11.2/32
www.juniper.net
pe1-to-pe2-1
[LDP/9] 00:14:48, metric 1
> to 172.22.210.2 via ge-1/0/0.210, Push 299904
to 172.22.211.2 via ge-1/0/1.211, Push 299904
[edit]
lab@mxA-1# run show route table inet.3 192.168.x.y
inet.3: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2/32
pe1-to-pe2-1
Note
STOP
www.juniper.net
Lab 3
CSPF (Detailed)
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
Step 1.2
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring P routers.
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
37
34
www.juniper.net
www.juniper.net
Step 1.5
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
[edit interfaces]
lab@mxB-1# top edit protocols
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.2xy
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.2xy
Step 1.6
Configure the RSVP protocol on the core-facing interfaces. Commit your
configuration and exit to operational mode.
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/0.2xy
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/1.2xy
[edit protocols]
lab@mxB-1# commit and-quit
Lab 34 CSPF (Detailed)
www.juniper.net
commit complete
Exiting configuration mode
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
lab@mxB-1> show mpls interface
Interface
State
Administrative groups
ge-1/0/0.220
Up
<none>
ge-1/0/1.221
Up
<none>
lab@mxB-1> show rsvp interface
RSVP interface: 2 active
Active SubscrInterface
State resv
iption
ge-1/0/0.220Up
0
100%
ge-1/0/1.221Up
0
100%
Static
BW
1000Mbps
1000Mbps
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
Seq
0x80000342
0x80000120
0x8000031d
0x8000031d
0x80000300
0x800002eb
0x800002f0
0x800002ff
0x800002dc
0x800002e3
0x800002e3
0x800002c1
0x800002d3
0x800002ba
0x800002d3
0x800002c1
0x800002b9
0x800002bd
0x800002b1
0x800002ae
0x800002a7
Age
5
7
3
7
4
6
6
4
5
6
6
4
5
6
5
6
6
4
4
6
6
Opt
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
Cksum
0xca63
0xc182
0xce59
0x69b3
0x1561
0x93c9
0x79e5
0x540f
0x9ec3
0x9ec1
0x5620
0x97fb
0x96e4
0xcfc0
0x6417
0x751b
0x94fb
0x792
0x207e
0x336d
0x425e
Len
60
60
60
60
108
72
108
108
72
108
32
32
32
32
32
32
32
32
32
32
32
Network
Network
Network
Network
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
172.22.220.2
172.22.221.2
172.22.222.2
172.22.223.2
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.6
1.0.0.6
1.0.0.6
1.0.0.6
192.168.5.1
192.168.5.4
192.168.5.3
192.168.5.6
192.168.1.1
192.168.1.3
192.168.5.1
192.168.5.2
192.168.5.3
192.168.5.4
192.168.5.5
192.168.5.6
192.168.5.1
192.168.5.2
192.168.5.3
192.168.5.4
192.168.5.5
192.168.5.6
192.168.5.1
192.168.5.2
192.168.5.3
192.168.5.4
192.168.5.5
192.168.5.6
192.168.5.1
192.168.5.2
192.168.5.3
192.168.5.4
192.168.5.5
192.168.5.6
192.168.5.1
192.168.5.3
192.168.5.4
192.168.5.6
0x800002c6
0x800002be
0x800002be
0x800002b6
0x8000031e
0x8000011e
0x800002d3
0x800002ea
0x800002c9
0x800002c9
0x800002db
0x800002c2
0x800002d3
0x800002e9
0x800002c8
0x800002c9
0x800002db
0x800002c2
0x800002d1
0x800002e9
0x800002c7
0x800002c8
0x800002db
0x800002c0
0x800002cd
0x800002e9
0x800002c5
0x800002c6
0x800002da
0x800002be
0x800002b9
0x800002b0
0x800002b0
0x800002a9
4
4
6
6
5
7
4
6
6
4
5
6
4
5
6
4
5
6
4
5
6
4
5
6
4
5
6
4
5
6
4
6
4
6
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x93f1
0xa4e1
0xa3e2
0xb4d2
0x6dca
0x7bba
0xd6e
0xe27f
0x2958
0x2d52
0xd5e
0x433f
0x6a1d
0x5619
0xd882
0xb9c5
0xd29b
0x760e
0x93e6
0xa0c2
0x5a29
0x6ef6
0xe288
0xd690
0x62f7
0xf36e
0x126d
0xea96
0x1a52
0x2c56
0x8af6
0xf48f
0x94fa
0xfa95
32
32
32
32
28
28
28
28
28
28
28
28
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
www.juniper.net
Seq
0x80000342
0x80000120
0x8000031e
0x8000031d
0x80000300
0x800002eb
0x800002f0
0x800002ff
0x800002dc
0x800002e3
0x800002e3
0x800002c1
0x800002d3
0x800002ba
0x800002d3
0x800002c1
0x800002b9
0x800002bd
0x800002b1
0x800002ae
0x800002a7
0x800002c6
0x800002be
0x800002be
0x800002b6
0x8000031e
0x8000011e
0x80000001
0x800002d3
0x800002ea
0x800002c9
0x800002c9
0x800002db
0x800002c2
0x80000001
0x800002d3
0x800002e9
0x800002c8
0x800002c9
0x800002db
0x800002c2
0x80000001
0x800002d1
0x800002e9
0x800002c7
0x800002c8
0x800002db
0x800002c0
0x800002cd
0x800002e9
0x800002c5
0x800002c6
Age
282
284
94
284
281
283
283
281
282
283
283
281
282
283
282
283
283
281
281
283
283
281
281
283
283
282
284
94
281
283
283
281
282
283
94
281
282
283
281
282
283
94
281
282
283
281
282
283
281
282
283
281
Opt
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
Cksum
0xca63
0xc182
0xcc5a
0x69b3
0x1561
0x93c9
0x79e5
0x540f
0x9ec3
0x9ec1
0x5620
0x97fb
0x96e4
0xcfc0
0x6417
0x751b
0x94fb
0x792
0x207e
0x336d
0x425e
0x93f1
0xa4e1
0xa3e2
0xb4d2
0x6dca
0x7bba
0xb2a3
0xd6e
0xe27f
0x2958
0x2d52
0xd5e
0x433f
0x102b
0x6a1d
0x5619
0xd882
0xb9c5
0xd29b
0x760e
0x38ff
0x93e6
0xa0c2
0x5a29
0x6ef6
0xe288
0xd690
0x62f7
0xf36e
0x126d
0xea96
Len
60
60
60
60
108
72
108
108
72
108
32
32
32
32
32
32
32
32
32
32
32
32
32
32
32
28
28
28
28
28
28
28
28
28
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
www.juniper.net
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
1.0.0.5
1.0.0.5
1.0.0.6
1.0.0.6
1.0.0.6
1.0.0.6
192.168.5.5
192.168.5.6
192.168.5.1
192.168.5.3
192.168.5.4
192.168.5.6
0x800002da
0x800002be
0x800002b9
0x800002b0
0x800002b0
0x800002a9
282
283
281
283
281
283
0x22
0x22
0x22
0x22
0x22
0x22
0x1a52
0x2c56
0x8af6
0xf48f
0x94fa
0xfa95
124
124
124
124
124
124
www.juniper.net
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
www.juniper.net
STOP
Step 3.2
Configure an RSVP-signaled LSP named lsp-silver-pey-to-pez-x to the
remote PE routers loopback address. Ensure that this LSP traverses P2 as a loose
hop.
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-silver-pey-to-pez-x to 192.168.x.y
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-silver-pey-to-pez-x primary path-name
www.juniper.net
Step 3.3
Configure an RSVP-signaled LSP named lsp-bronze-pey-to-pez-x to the
remote PE routers loopback address. Ensure that this LSP traverses P2 as a loose
hop. Commit your configuration and exit to operational mode.
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-bronze-pey-to-pez-x to 192.168.x.y
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-bronze-pey-to-pez-x primary path-name
[edit protocols mpls]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 3.4
Verify that the new LSPs are up and are currently traversing P2.
lab@mxB-1> show rsvp session
Ingress RSVP: 3 sessions
To
From
192.168.2.2
192.168.2.1
lsp-bronze-pe1-to-pe2-2
192.168.2.2
192.168.2.1
lsp-gold-pe1-to-pe2-2
192.168.2.2
192.168.2.1
lsp-silver-pe1-to-pe2-2
Total 3 displayed, Up 3, Down 0
State
Up
Up
1 FF
308688
Up
1 FF
308704
www.juniper.net
www.juniper.net
Step 4.2
Define an administrative group called silver that uses a value of 2.
[edit protocols]
lab@mxB-1# set mpls admin-groups silver 2
Step 4.3
Define an administrative group called bronze that uses a value of 3.
[edit protocols]
lab@mxB-1# set mpls admin-groups bronze 3
Lab 314 CSPF (Detailed)
www.juniper.net
Step 4.4
Apply the administrative groups (as listed in the lab diagram) to the core-facing
interfaces. Exit configuration mode and use the show mpls interface
command to verify that the correct administrative groups have been applied.
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.2xy admin-group silver
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.2xy admin-group bronze
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.2xy admin-group gold
[edit protocols]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1> show mpls interface
Interface
State
Administrative groups
ge-1/0/0.220
Up
bronze
silver
ge-1/0/1.221
Up
gold
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
STOP
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.
Step 5.1
Enter configuration mode and navigate to the [edit protocols mpls]
hierarchy, Modify the primary path for the gold LSP so that it takes only the gold path
through the lab network, ensuring that it continues to pass through P2.
lab@mxB-1> configure
Entering configuration mode
[edit]
Lab 316 CSPF (Detailed)
www.juniper.net
Step 5.2
Modify the primary path for the silver LSP so that it takes only the silver path through
the lab network ensuring that it continues to pass through P2.
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-silver-pey-to-pez-x primary path-name
admin-group include-any silver
Step 5.3
Modify the primary path for the bronze LSP so that it takes only the bronze path
through the lab network ensuring that it continues to pass through P2. Commit your
configuration and exit to operational mode.
[edit protocols mpls]
lab@mxB-1# set label-switched-path lsp-bronze-pey-to-pez-x primary path-name
admin-group include-any bronze
[edit protocols mpls]
lab@mxB-1# show
admin-groups {
gold 1;
silver 2;
bronze 3;
}
label-switched-path lsp-gold-pe1-to-pe2-2 {
to 192.168.2.2;
primary via-P2 {
admin-group include-any gold;
}
}
label-switched-path lsp-silver-pe1-to-pe2-2 {
to 192.168.2.2;
primary via-P2 {
admin-group include-any silver;
}
}
label-switched-path lsp-bronze-pe1-to-pe2-2 {
to 192.168.2.2;
primary via-P2 {
admin-group include-any bronze;
}
}
path via-P2 {
192.168.5.2 loose;
}
interface ge-1/0/0.220 {
admin-group [ silver bronze ];
}
interface ge-1/0/1.221 {
www.juniper.net
admin-group gold;
}
[edit protocols mpls]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 5.4
Verify that each LSP is traversing the correct, colored path as well as passing
through P2.
lab@mxB-1> show rsvp session
Ingress RSVP: 3 sessions
To
From
192.168.2.2
192.168.2.1
lsp-bronze-pe1-to-pe2-2
192.168.2.2
192.168.2.1
lsp-gold-pe1-to-pe2-2
192.168.2.2
192.168.2.1
lsp-silver-pe1-to-pe2-2
Total 3 displayed, Up 3, Down 0
Egress RSVP: 3 sessions
To
From
192.168.2.1
192.168.2.2
lsp-bronze-pe2-to-pe1-2
192.168.2.1
192.168.2.2
lsp-gold-pe2-to-pe1-2
192.168.2.1
192.168.2.2
lsp-silver-pe2-to-pe1-2
Total 3 displayed, Up 3, Down 0
State
Up
Up
1 FF
306720
Up
1 FF
308912
State
Up
Up
1 FF
Up
1 FF
www.juniper.net
www.juniper.net
STOP
www.juniper.net
Lab 4
Traffic Protection (Detailed)
Overview
In this lab, you will create a baseline multiprotocol label switching (MPLS) network and
then create label switched paths (LSPs) using different traffic protection mechanisms.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring P routers.
lab@mxC-1> show ospf neighbor
Address
Interface
172.22.230.2
ge-1/0/0.230
172.22.231.2
ge-1/0/1.231
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
31
39
www.juniper.net
www.juniper.net
Step 1.5
Navigate to the [edit protocols mpls] hierarchy and configure the MPLS
protocol on the core-facing interfaces.
[edit interfaces]
lab@mxC-1# top edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set interface ge-1/0/0.2xy
[edit protocols mpls]
lab@mxC-1# set interface ge-1/0/1.2xy
Step 1.6
Navigate to the [edit protocols rsvp] hierarchy and configure the RSVP
protocol on the core-facing interfaces.
www.juniper.net
Step 1.7
Navigate to the [edit protocols ospf] hierarchy and enable
traffic-engineering so that your router will flood its own OpaqArea links state
advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for constrained shortest path first (CSPF) calculations.
Commit your configuration and exit to operational mode.
[edit protocols rsvp]
lab@mxC-1# top edit protocols ospf
[edit protocols ospf]
lab@mxC-1# set traffic-engineering
[edit protocols ospf]
lab@mxC-1# commit and-quit
commit complete
Step 1.8
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
lab@mxC-1> show mpls interface
Interface
State
Administrative groups
ge-1/0/0.230
Up
<none>
ge-1/0/1.231
Up
<none>
lab@mxC-1> show rsvp interface
RSVP interface: 2 active
Active SubscrInterface
State resv
iption
ge-1/0/0.230Up
0
100%
ge-1/0/1.231Up
0
100%
www.juniper.net
Static
BW
1000Mbps
1000Mbps
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
Step 2.2
Navigate to the [edit policy-options] hierarchy and configure a routing
policy called statics to redistribute the static route into BGP.
[edit routing-options]
lab@mxC-1# top edit policy-options
[edit policy-options]
lab@mxC-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxC-1# set policy-statement statics term 10 then accept
Step 2.3
Navigate to the [edit protocols bgp] hierarchy and apply the policy as an
export policy to the remote PE neighbor. Commit your configuration and exit to
operation mode.
[edit policy-options]
lab@mxC-1# top edit protocols bgp
[edit protocols bgp]
lab@mxC-1# set group my-int-group export statics
[edit protocols bgp]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 2.4
Verify that you are sending a route to your remote PE neighbor as well as receiving a
route.
www.juniper.net
STOP
Ingress PE
www.juniper.net
Strict Hop
Loose Hop
mxA-1
172.22.210.2
192.168.5.6
mxA-2
172.22.212.2
192.168.5.4
mxB-1
172.22.220.2
192.168.5.6
mxB-2
172.22.222.2
192.168.5.4
mxC-1
172.22.230.2
192.168.5.6
mxC-2
172.22.232.2
192.168.5.4
mxD-1
172.22.240.2
192.168.5.6
mxD-2
172.22.242.2
192.168.5.4
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set path strict-first-hop 172.22.x.y strict
[edit protocols mpls]
lab@mxC-1# set path strict-first-hop 192.168.x.y loose
Step 3.2
Configure an LSP named pey-to-pez-x to the remote PE with a primary path
using the path you created in the previous step. Modify the LSP with the no-cspf
command. Commit your configuration and exit configuration mode and verify that
your LSP is up.
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y primary
strict-first-hop
[edit]
lab@mxC-1# set label-switched-path pey-to-pez-x no-cspf
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P router.
lab@mxC-1> show rsvp session ingress
Ingress RSVP: 1 sessions
To
From
State
192.168.3.2
192.168.3.1
Up
Total 1 displayed, Up 1, Down 0
www.juniper.net
Step 3.5
Verify the status of the LSP.
lab@mxC-1> show rsvp session ingress
Ingress RSVP: 1 sessions
To
From
State
192.168.3.2
192.168.3.1
Dn
Total 1 displayed, Up 0, Down 1
www.juniper.net
Step 3.7
Verify that the LSP is up using the show rsvp session ingress command.
lab@mxC-1> show rsvp session ingress
Ingress RSVP: 1 sessions
To
From
State
192.168.3.2
192.168.3.1
Up
Total 1 displayed, Up 1, Down 0
www.juniper.net
Step 4.2
To provide traffic protection to the existing LSP, apply the path created in the
previous step as a secondary path for the LSP. Commit your configuration and exit
configuration mode.
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x secondary any-path
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 4.3
Verify that the new LSP is up and is currently traversing the correct next-hop P router.
lab@mxC-1> show rsvp session ingress detail
Ingress RSVP: 1 sessions
192.168.3.2
From: 192.168.3.1, LSPstate: Up, ActiveRoute: 1
LSPname: pe1-to-pe2-3, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 307360
Resv style: 1 FF, Label in: -, Label out: 307360
Time left:
-, Since: Mon Dec 13 22:47:51 2010
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 64624 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.230.2 (ge-1/0/0.230) 495 pkts
RESV rcvfrom: 172.22.230.2 (ge-1/0/0.230) 492 pkts
Explct route: 172.22.230.2 192.168.5.6
Record route: <self> 172.22.230.2 172.22.201.2 172.22.206.2 172.22.207.2
172.22.233.1
Total 1 displayed, Up 1, Down 0
www.juniper.net
Step 4.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# set interfaces ge-1/0/0 disable
[edit]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 4.5
Verify the status of the LSP.
lab@mxC-1> show rsvp session ingress extensive
Ingress RSVP: 2 sessions
192.168.3.2
From: 192.168.3.1, LSPstate: Dn, ActiveRoute: 0
LSPname: pe1-to-pe2-3, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: Resv style: 0 -, Label in: -, Label out: Time left:
-, Since: Mon Dec 13 22:47:51 2010
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 64624 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 0
PATH sentto: [bad strict route]
Explct route: 172.22.230.2 192.168.5.6
Record route: <self> ...incomplete
192.168.3.2
From: 192.168.3.1, LSPstate: Up, ActiveRoute: 1
LSPname: pe1-to-pe2-3, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 303840
Resv style: 1 FF, Label in: -, Label out: 303840
Time left:
-, Since: Tue Dec 14 04:54:52 2010
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 64625 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.231.2 (ge-1/0/1.231) 3 pkts
RESV rcvfrom: 172.22.231.2 (ge-1/0/1.231) 3 pkts
www.juniper.net
Step 4.7
Use the show mpls lsp extensive command to verify the status of the LSP.
lab@mxC-1> show mpls lsp extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: any-path (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Time remaining before reverting: 44
Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
www.juniper.net
www.juniper.net
Step 5.2
Verify that the new LSP is up using the primary path. Also, verify that the secondary
path is up in a standby state.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: strict-first-hop (primary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.230.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.233.1
21 Dec 14 04:57:03.688 Selected as active path: due to 'primary'
20 Dec 14 04:56:02.226 Record Route: 172.22.230.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.233.1
19 Dec 14 04:56:02.226 Up
18 Dec 14 04:55:38.083 Explicit Route: bad strict route[4 times]
17 Dec 14 04:54:52.893 Deselected as active
16 Dec 14 04:54:52.889 No Route toward dest
15 Dec 14 04:54:52.887 172.22.230.1: Down
14 Dec 14 04:44:47.072 Selected as active path
www.juniper.net
www.juniper.net
Step 5.4
Verify the status of the LSP using the show mpls lsp ingress extensive
command.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: any-path (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary
strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
25 Dec 14 05:03:28.687 Explicit Route: bad strict route[3 times]
24 Dec 14 05:03:23.967 Deselected as active
23 Dec 14 05:03:23.965 No Route toward dest
22 Dec 14 05:03:23.962 172.22.230.1: Down
21 Dec 14 04:57:03.688 Selected as active path: due to 'primary'
20 Dec 14 04:56:02.226 Record Route: 172.22.230.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.233.1
19 Dec 14 04:56:02.226 Up
18 Dec 14 04:55:38.083 Explicit Route: bad strict route[4 times]
17 Dec 14 04:54:52.893 Deselected as active
16 Dec 14 04:54:52.889 No Route toward dest
www.juniper.net
www.juniper.net
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: any-path (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Time remaining before reverting: 50
Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.230.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.233.1
www.juniper.net
www.juniper.net
www.juniper.net
Step 5.9
Navigate to the [edit routing-options] hierarchy. Apply the
load-balance policy as an export policy to the forwarding table. Commit your
configuration and exit to operational mode.
[edit policy-options]
lab@mxC-1# top edit routing-options
[edit routing-options]
lab@mxC-1# set forwarding-table export load-balance
[edit routing-options]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
www.juniper.net
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.
lab@mxC-1> show route forwarding-table destination 10.0.y.0
Routing table: default.inet
Internet:
Destination
Type RtRef Next hop
Type Index NhRef Netif
10.0.2.0/24
user
0
indr 1048575
2
ulst 1048576
2
172.22.230.2
Push 307424
584
1 ge-1/0/
0.230
172.22.231.2
Push 303888
583
1 ge-1/0/
1.231
Step 6.2
Create a no-cspf LSP named pey-to-pez-x to the remote PE with two
secondary paths. The first secondary path uses the strict-first-hop path and
the next uses the any-path path. Order is important!!! Commit your configuration
and exit to operational mode.
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y no-cspf
[edit protocols mpls]
www.juniper.net
Step 6.3
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: strict-first-hop (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Secondary strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.230.2 172.22.201.2 172.22.205.2 172.22.204.2 172.22.233.1
7 Dec 14 13:52:42.026 Record Route: 172.22.230.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.233.1
6 Dec 14 13:52:42.026 Up
5 Dec 14 13:52:42.026 172.22.230.1: Down
4 Dec 14 13:52:33.051 Selected as active path
3 Dec 14 13:52:33.049 Record Route: 172.22.230.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.233.1
2 Dec 14 13:52:33.049 Up
1 Dec 14 13:52:33.008 Originate Call
Secondary any-path
State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
10 Dec 14 13:54:01.644 Clear Call
9 Dec 14 13:53:39.030 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
8 Dec 14 13:53:39.030 Up
7 Dec 14 13:52:51.030 No Route toward dest[3 times]
6 Dec 14 13:52:47.970 172.22.230.1: Down
5 Dec 14 13:52:47.970 No Route toward dest
4 Dec 14 13:52:45.042 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
3 Dec 14 13:52:45.042 Up
2 Dec 14 13:52:42.031 No Route toward dest[2 times]
1 Dec 14 13:52:42.027 Originate Call
Created: Tue Dec 14 13:52:29 2010
Total 1 displayed, Up 1, Down 0
Lab 424 Traffic Protection (Detailed)
www.juniper.net
Step 6.5
Verify the status of the LSP.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: any-path (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Secondary strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
11 Dec 14 13:58:06.475 Explicit Route: bad strict route[3 times]
10 Dec 14 13:58:01.513 Deselected as active
9 Dec 14 13:58:01.509 No Route toward dest
8 Dec 14 13:58:01.509 172.22.230.1: Down
7 Dec 14 13:52:42.026 Record Route: 172.22.230.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.233.1
6 Dec 14 13:52:42.026 Up
5 Dec 14 13:52:42.026 172.22.230.1: Down
4 Dec 14 13:52:33.051 Selected as active path
3 Dec 14 13:52:33.049 Record Route: 172.22.230.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.233.1
2 Dec 14 13:52:33.049 Up
1 Dec 14 13:52:33.008 Originate Call
www.juniper.net
*Secondary any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.231.2 172.22.203.2 172.22.204.2 172.22.233.1
14 Dec 14 13:58:01.562 Selected as active path
13 Dec 14 13:58:01.561 Record Route: 172.22.231.2 172.22.203.2 172.22.204.2
172.22.233.1
12 Dec 14 13:58:01.561 Up
11 Dec 14 13:58:01.512 Originate Call
10 Dec 14 13:54:01.644 Clear Call
9 Dec 14 13:53:39.030 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
8 Dec 14 13:53:39.030 Up
7 Dec 14 13:52:51.030 No Route toward dest[3 times]
6 Dec 14 13:52:47.970 172.22.230.1: Down
5 Dec 14 13:52:47.970 No Route toward dest
4 Dec 14 13:52:45.042 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
3 Dec 14 13:52:45.042 Up
2 Dec 14 13:52:42.031 No Route toward dest[2 times]
1 Dec 14 13:52:42.027 Originate Call
Created: Tue Dec 14 13:52:28 2010
Total 1 displayed, Up 1, Down 0
www.juniper.net
Step 6.7
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: any-path (secondary)
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Secondary strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
12 Dec 14 13:58:25.076 Clear Call
11 Dec 14 13:58:12.040 Explicit Route: bad strict route[4 times]
10 Dec 14 13:58:01.513 Deselected as active
9 Dec 14 13:58:01.509 No Route toward dest
8 Dec 14 13:58:01.509 172.22.230.1: Down
7 Dec 14 13:52:42.026 Record Route: 172.22.230.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.233.1
6 Dec 14 13:52:42.026 Up
5 Dec 14 13:52:42.026 172.22.230.1: Down
4 Dec 14 13:52:33.051 Selected as active path
3 Dec 14 13:52:33.049 Record Route: 172.22.230.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.233.1
2 Dec 14 13:52:33.049 Up
1 Dec 14 13:52:33.008 Originate Call
*Secondary any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.231.2 172.22.203.2 172.22.204.2 172.22.233.1
14 Dec 14 13:58:01.562 Selected as active path
13 Dec 14 13:58:01.561 Record Route: 172.22.231.2 172.22.203.2 172.22.204.2
172.22.233.1
12 Dec 14 13:58:01.561 Up
11 Dec 14 13:58:01.512 Originate Call
10 Dec 14 13:54:01.644 Clear Call
9 Dec 14 13:53:39.030 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
8 Dec 14 13:53:39.030 Up
7 Dec 14 13:52:51.030 No Route toward dest[3 times]
6 Dec 14 13:52:47.970 172.22.230.1: Down
5 Dec 14 13:52:47.970 No Route toward dest
4 Dec 14 13:52:45.042 Record Route: 172.22.230.2 172.22.201.2 172.22.206.2
172.22.232.1
3 Dec 14 13:52:45.042 Up
2 Dec 14 13:52:42.031 No Route toward dest[2 times]
1 Dec 14 13:52:42.027 Originate Call
Created: Tue Dec 14 13:52:29 2010
Total 1 displayed, Up 1, Down 0
www.juniper.net
Step 7.2
Create an no-cspf LSP named pey-to-pez-x to the remote PE with fast-reroute
enabled. The LSP should have a primary path using the strict-first-hop path.
Commit your configuration and exit to operational mode.
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y no-cspf
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y fast-reroute
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y primary
strict-first-hop
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Lab 428 Traffic Protection (Detailed)
www.juniper.net
Step 7.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration and exit to
operational mode.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# set interfaces ge-1/0/0 disable
[edit]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 7.5
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxC-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 1, LSPname: pe1-to-pe2-3
ActivePath: strict-first-hop (primary)
FastReroute desired
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.231.2 172.22.203.2 172.22.204.2(flag=1) 172.22.233.1
15 Dec 14 14:08:03.957 Tunnel local repaired[5 times]
14 Dec 14 14:07:54.952 Record Route: 172.22.231.2 172.22.203.2
172.22.204.2(flag=1) 172.22.233.1
13 Dec 14 14:07:54.952 172.22.230.1: Tunnel local repaired
12 Dec 14 14:07:54.952 172.22.230.1: Down
11 Dec 14 14:06:20.369 Fast-reroute Detour Up
10 Dec 14 14:06:14.481 Record Route: 172.22.230.2(flag=9)
172.22.201.2(flag=9) 172.22.205.2(flag=9) 172.22.204.2(flag=1) 172.22.233.1
9 Dec 14 14:06:14.481 Record Route: 172.22.230.2(flag=9)
172.22.201.2(flag=9) 172.22.205.2(flag=9) 172.22.204.2 172.22.233.1
8 Dec 14 14:06:14.481 Record Route: 172.22.230.2(flag=9)
172.22.201.2(flag=9) 172.22.205.2 172.22.204.2 172.22.233.1
7 Dec 14 14:06:14.481 Record Route: 172.22.230.2(flag=9) 172.22.201.2
172.22.205.2 172.22.204.2 172.22.233.1
6 Dec 14 14:06:11.482 Selected as active path
5 Dec 14 14:06:11.482 Record Route: 172.22.230.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.233.1
4 Dec 14 14:06:11.481 Up
3 Dec 14 14:06:11.364 Originate Call
Lab 430 Traffic Protection (Detailed)
www.juniper.net
Step 7.7
Use the show rsvp session ingress detail command to verify the status
of the LSP.
lab@mxC-1> show rsvp session ingress detail
Ingress RSVP: 1 sessions
192.168.3.2
From: 192.168.3.1, LSPstate: Up, ActiveRoute: 1
LSPname: pe1-to-pe2-3, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 307504
Resv style: 1 FF, Label in: -, Label out: 307504
Time left:
-, Since: Tue Dec 14 14:06:11 2010
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 5 receiver 58977 protocol 0
FastReroute desired
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.230.2 (ge-1/0/0.230) 11 pkts
RESV rcvfrom: 172.22.230.2 (ge-1/0/0.230) 20 pkts
Explct route: 172.22.230.2 192.168.5.6
www.juniper.net
Step 8.2
Create an no-cspf LSP named pey-to-pez-x to the remote PE router with
node-link protection enabled. The LSP should have a primary path using the
strict-first-hop path.
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y no-cspf
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x primary strict-first-hop
www.juniper.net
Step 8.3
In the previous part of the lab, you found that the fast-reroute feature allowed the
ingress PE to signal to all downstream routers that they must build detour paths
around the immediate downstream node. In the case of fast-reroute, no special
configuration was needed on any downstream router to build detour paths. In the
case of link and node-link protection, you must specify each individual link within
your network topology that can be protected.
Navigate to the [edit protocols rsvp] hierarchy and configure the
ge-1/0/0.2xy interface to allow link protection capabilities. Commit your
configuration and exit to operational mode.
[edit protocols mpls]
lab@mxC-1# top edit protocols rsvp
[edit protocols rsvp]
lab@mxC-1# set interface ge-1/0/0.2xy link-protection
[edit protocols rsvp]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 8.4
Use the show rsvp session ingress detail command to verify the status
of the LSP.
lab@mxC-1> show rsvp session ingress detail
Ingress RSVP: 2 sessions
192.168.3.2
From: 192.168.3.1, LSPstate: Up, ActiveRoute: 1
LSPname: pe1-to-pe2-3, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 307520
Resv style: 1 SE, Label in: -, Label out: 307520
Time left:
-, Since: Tue Dec 14 14:18:00 2010
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 58979 protocol 0
Node/Link protection desired
Type: Protection down
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.230.2 (ge-1/0/0.230) 3 pkts
RESV rcvfrom: 172.22.230.2 (ge-1/0/0.230) 3 pkts
Explct route: 172.22.230.2 192.168.5.6
Record route: <self> 192.168.5.1 (node-id) 172.22.230.2 192.168.5.4 (node-id)
172.22.202.2 192.168.5.5 (node-id) 172.22.203.2 192.168.5.6 (node-id)
www.juniper.net
www.juniper.net
Step 8.6
View your MPLS configuration and verify that link protection is configured. Commit
your configuration and exit to operational mode.
[edit protocols mpls]
lab@mxC-1# show
label-switched-path pe1-to-pe2-3 {
to 192.168.3.2;
no-cspf;
link-protection;
primary strict-first-hop;
}
path strict-first-hop {
172.22.230.2 strict;
192.168.5.6 loose;
}
path any-path;
interface ge-1/0/0.230;
interface ge-1/0/1.231;
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
(Optional)
Enter configuration mode and disable the interface on your PE router that is used by
the primary path of the LSP. Commit your configuration and exit to operational
mode. Verify that protection occurs using the methods learned in this lab.
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 5
Miscellaneous MPLS Features (Detailed)
Overview
This lab demonstrates configuration and monitoring of miscellaneous Resource
Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers
running the Junos operating system. In this lab, you use the command-line interface (CLI)
to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous
features.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring routers.
lab@mxC-1> show ospf neighbor
Address
Interface
172.22.230.2
ge-1/0/0.230
172.22.231.2
ge-1/0/1.231
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
34
35
www.juniper.net
Step 1.5
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice, disable the management interface.
[edit interfaces]
lab@mxC-1# top edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set interface all
[edit protocols mpls]
lab@mxC-1# set interface fxp0 disable
www.juniper.net
Step 1.6
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure you have the proper configuration by executing the run show
mpls interface command.
[edit protocols mpls]
lab@mxC-1# commit
commit complete
[edit protocols mpls]
lab@mxC-1# run show mpls interface
Interface
State
Administrative groups
ge-1/0/0.230
Up
<none>
ge-1/0/1.231
Up
<none>
www.juniper.net
Step 1.8
Using operational mode show commands, verify that the RSVP is configured
correctly on the core-facing interfaces.
lab@mxC-1> show rsvp interface
RSVP interface: 2 active
Active SubscrInterface
State resv
iption
ge-1/0/0.230Up
0
100%
ge-1/0/1.231Up
0
100%
Static
BW
1000Mbps
1000Mbps
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
Step 1.9
Enter configuration mode and enable traffic-engineering under
[edit protocols ospf] so that your router will flood its own OpaqArea
link-state advertisement (LSA) and use these LSA types to build and use the traffic
engineering database (TED) for Constrained Shortest Path First (CSPF) calculations.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols ospf
[edit protocols ospf]
lab@mxC-1# set traffic-engineering
Step 1.10
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the [edit protocols mpls] hierarchy and create a LSP named
pey-to-pez-x. For example, if you are assigned router mxA-1, your peer router is
mxA-2. The LSP should be named pe1-to-pe2-1. Your LSP should egress at your
remote peers loopback address. Verify the configuration looks correct. Commit and
exit to operation mode when you are satisfied with the changes.
[edit protocols ospf]
lab@mxC-1# top edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set label-switched-path pey-to-pez-x to 192.168.x.y
[edit protocols mpls]
lab@mxC-1# show
label-switched-path pe1-to-pe2-3 {
to 192.168.3.2;
}
interface all;
interface fxp0.0 {
disable;
}
www.juniper.net
Step 1.11
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
lab@mxC-1> show mpls lsp
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.3.2
192.168.3.1
Up
0 *
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To
From
State
192.168.3.1
192.168.3.2
Up
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
pe1-to-pe2-3
STOP
www.juniper.net
DR ID
192.168.5.1
192.168.5.4
0.0.0.0
192.168.3.1
BDR ID
192.168.3.1
192.168.3.1
0.0.0.0
0.0.0.0
Nbrs
1
1
0
0
Step 2.2
Verify with your remote team that they have completed the previous task. Once they
have completed these steps, you will verify that you are receiving the new network
as an OSPF route.
lab@mxC-1> show route 10.0.xy.0/24
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.31.0/24
www.juniper.net
pe1-to-pe2-3
www.juniper.net
Step 2.4
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
inet.3 routing table to resolve the next hop and internal traffic will resolve the next
hop using the inet.0 routing table.
[edit protocols mpls label-switched-path pe1-to-pe2-3]
lab@mxC-1# run show route 10.0.xy.0/24
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.31.0/24
pe1-to-pe2-3
10.0.31.0/24
pe1-to-pe2-3
[OSPF/10] 00:14:42, metric 5
to 172.22.230.2 via ge-1/0/0.230
> to 172.22.231.2 via ge-1/0/1.231
www.juniper.net
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls label-switched-path pey-to-pez-x
[edit protocols mpls label-switched-path pe1-to-pe2-3]
lab@mxC-1# show
to 192.168.3.2;
install 10.0.31.0/24 active;
[edit protocols mpls label-switched-path pe1-to-pe2-3]
lab@mxC-1# delete install 10.0.xy.0/24 active
[edit protocols mpls label-switched-path pe1-to-pe2-3]
lab@mxC-1# show
to 192.168.3.2;
install 10.0.31.0/24;
[edit protocols mpls label-switched-path pe1-to-pe2-3]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1> show route 10.0.xy.0/24
inet.0: 42 destinations, 42 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.31.0/24
pe1-to-pe2-3
www.juniper.net
Step 3.2
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy and enable traffic engineering to move routes from inet.3 into the
inet.0 routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode. Verify that your inet.0 route table
contains the RSVP route to the remote network specified to use the LSP.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set traffic-engineering ?
Possible completions:
bgp
BGP destinations only
bgp-igp
BGP and IGP destinations
bgp-igp-both-ribs
BGP and IGP destinations with routes in both routing
tables
mpls-forwarding
Use MPLS routes for forwarding, not routing
[edit protocols mpls]
lab@mxC-1# set traffic-engineering bgp-igp
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1> show route 10.0.xy.2
inet.0: 42 destinations, 44 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.31.0/24
pe1-to-pe2-3
[OSPF/10] 00:00:22, metric 5
> to 172.22.230.2 via ge-1/0/0.230
to 172.22.231.2 via ge-1/0/1.231
Step 3.3
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network.
www.juniper.net
byte packets
0.434 ms
0.469 ms
0.478 ms
ms
www.juniper.net
Step 4.2
Navigate to the [edit protocols mpls] hierarchy and remove the existing
label switched path. You also must remove the traffic engineering configuration.
Create two paths named one and two. Specify the different loose hops you want
each LSP path to signal along. The configuration example with signal path one
across the top of the network using the P1, P2, and P3 routers. Path two will signal
across the bottom using P4, P5, and P6 routers.
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# delete label-switched-path pey-to-pez-x
[edit protocols mpls]
lab@mxC-1# delete traffic-engineering
[edit protocols mpls]
lab@mxC-1# set path one 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# set path one 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# set path one 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# set path two 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# set path two 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# set path two 192.168.5.y loose
[edit protocols mpls]
lab@mxC-1# show
path one {
192.168.5.1 loose;
192.168.5.2 loose;
192.168.5.3 loose;
}
path two {
192.168.5.4 loose;
192.168.5.5 loose;
192.168.5.6 loose;
}
interface all;
interface fxp0.0 {
disable;
www.juniper.net
Step 4.3
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE routers loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
[edit protocols mpls]
lab@mxC-1# set label-switched-path lsp-1 to 192.168.x.y primary one
[edit protocols mpls]
lab@mxC-1# set label-switched-path lsp-2 to 192.168.x.y primary two
[edit protocols mpls]
lab@mxC-1# show
label-switched-path lsp-1 {
to 192.168.3.2;
primary one;
}
label-switched-path lsp-2 {
to 192.168.3.2;
primary two;
}
path one {
192.168.5.1 loose;
192.168.5.2 loose;
192.168.5.3 loose;
}
path two {
192.168.5.4 loose;
192.168.5.5 loose;
192.168.5.6 loose;
}
interface all;
interface fxp0.0 {
disable;
}
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 4.4
Using show commands, verify that your LSPs are established and traversing the core
network as expected based on your explicit paths.
lab@mxC-1> show mpls lsp
Ingress LSP: 2 sessions
To
From
State Rt P
192.168.3.2
192.168.3.1
Up
0 *
192.168.3.2
192.168.3.1
Up
0 *
Total 2 displayed, Up 2, Down 0
ActivePath
one
two
LSPname
lsp-1
lsp-2
To
From
State
192.168.3.1
192.168.3.2
Up
192.168.3.1
192.168.3.2
Up
Total 2 displayed, Up 2, Down 0
www.juniper.net
www.juniper.net
10.3.4.0/24
*[BGP/170] 00:02:14,
AS path: I
to 172.22.230.2 via
> to 172.22.231.2 via
*[BGP/170] 00:02:14,
AS path: I
to 172.22.230.2 via
> to 172.22.231.2 via
...
www.juniper.net
}
then {
install-nexthop lsp lsp-1;
accept;
}
}
term lsp-2 {
from {
protocol bgp;
route-filter 10.3.4.0/24 exact;
}
then {
install-nexthop lsp lsp-2;
accept;
}
}
Step 4.7
Navigate to the [edit routing-options] hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode. Verify that the next hop for each
of the remote BGP routes point to the correct LSP as defined in your policy.
[edit policy-options policy-statement lsp-policy]
lab@mxC-1# top edit routing-options
[edit routing-options]
lab@mxC-1# set forwarding-table export lsp-policy
[edit routing-options]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1> show route protocol bgp
lab@mxC-1> show route protocol bgp
inet.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.3.3.0/24
10.3.4.0/24
*[BGP/170] 00:08:37,
AS path: I
> to 172.22.230.2 via
*[BGP/170] 00:08:37,
AS path: I
to 172.22.231.2 via
...
www.juniper.net
STOP
Step 5.2
Review the current status of your BGP routes received from your peer. Review the
RSVP routes to determine what metric is being calculated from the IGP. This status
review provides the current values so that when you manually assign a metric, you
can verify that the changes have been applied correctly.
www.juniper.net
[edit]
lab@mxC-1# run show route protocol bgp
inet.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.3.3.0/24
10.3.4.0/24
*[BGP/170] 00:13:00,
AS path: I
to 172.22.230.2 via
> to 172.22.231.2 via
*[BGP/170] 00:13:00,
AS path: I
to 172.22.230.2 via
> to 172.22.231.2 via
...
[edit]
lab@mxC-1# run show route table inet.3
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.3.2/32
www.juniper.net
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set label-switched-path lsp-2 metric 8
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1> show route protocol bgp
inet.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.3.3.0/24
10.3.4.0/24
*[BGP/170] 00:16:48,
AS path: I
> to 172.22.230.2 via
*[BGP/170] 00:16:48,
AS path: I
> to 172.22.230.2 via
...
lab@mxC-1> show route table inet.3
192.168.3.2/32
Answer: The two next hops for the BGP routes are
no longer available because they are no longer
equal cost paths.
Question: What is the metric of both RSVP LSP
routes after the change?
www.juniper.net
Step 6.2
Verify the default behavior by using the traceroute utility. You can now traceroute to
the remote teams loopback address.
lab@mxC-1> traceroute 192.168.x.y
traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 40 byte packets
1 172.22.230.2 (172.22.230.2) 0.605 ms 11.032 ms 0.442 ms
MPLS Label=307136 CoS=0 TTL=1 S=1
2 172.22.201.2 (172.22.201.2) 0.466 ms 0.479 ms 0.468 ms
MPLS Label=307232 CoS=0 TTL=1 S=1
3 172.22.206.2 (172.22.206.2) 0.497 ms 0.491 ms 0.485 ms
MPLS Label=306384 CoS=0 TTL=1 S=1
4 192.168.3.2 (192.168.3.2) 0.484 ms 0.428 ms 0.418 ms
www.juniper.net
Step 6.3
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure the router so that the TTL is not decremented by using the
no-decrement-ttl statement under the MPLS protocol. Commit the
configuration and exit to operational mode before proceeding to the next step.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set no-decrement-ttl
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1>
Step 6.4
Use the traceroute utility again to view the change in behavior.
lab@mxC-1> traceroute 192.168.x.y
traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 40 byte packets
1 192.168.3.2 (192.168.3.2) 0.631 ms 0.441 ms 0.424 ms
www.juniper.net
Step 7.2
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure your router to signal explicit null by using the
explicit-null command. This command tells the router to signal the upstream
LSR (penultimate router) that it expects to receive a MPLS label. In operation,
instead of signaling a value of 3 upstream (default behavior), the egress router will
signal a value of 0 upstream. Commit the changes and exit to operational mode
before proceeding to the next step.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls
[edit protocols mpls]
lab@mxC-1# set explicit-null
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
Step 7.3
View the Labelin value now that you have configured the router to signal explicit
null. You should expect to see a value of 0 for both LSPs.
lab@mxC-1> show mpls lsp egress
Egress LSP: 2 sessions
To
From
State
192.168.3.1
192.168.3.2
Up
192.168.3.1
192.168.3.2
Up
Total 2 displayed, Up 2, Down 0
www.juniper.net
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours.). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
Step 8.1
Enter into configuration mode and navigate to the [edit protocols mpls
statistics] hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the auto-bandwidth statement.
lab@mxC-1> configure
Entering configuration mode
[edit]
lab@mxC-1# edit protocols mpls statistics
[edit protocols mpls statistics]
lab@mxC-1# set file auto-stats
[edit protocols mpls statistics]
lab@mxC-1# set auto-bandwidth
Step 8.2
Navigate to the [edit protocols mpls] and enable auto-bandwidth
under the existing LSP lsp-1. Commit your changes and exit to operational mode
before proceeding to the next step.
[edit protocols mpls statistics]
lab@mxC-1# up
[edit protocols mpls]
lab@mxC-1# set label-switched-path lsp-1 auto-bandwidth
[edit protocols mpls]
lab@mxC-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxC-1>
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
lab@mxC-1> show mpls lsp ingress name lsp-1 extensive
Ingress LSP: 2 sessions
192.168.3.2
From: 192.168.3.1, State: Up, ActiveRoute: 3, LSPname: lsp-1
www.juniper.net
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 6
VPN Baseline Configuration (Detailed)
Overview
In this lab, you will configure the request for comments (RFC) 4364 infrastructure that will
be used to support Layer 3 virtual private networks (VPNs) in subsequent labs.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Configure interface addresses and families on your provider edge (PE) and
customer edge (CE) routers.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load the
baseline configuration saved at the end of Lab 1 and then enable Resource
Reservation Protocol (RSVP) and multiprotocol label switching (MPLS) on the
core-facing interfaces, configure MP-BGP, and configure a route-distinguisher ID.
Finally, you will configure a virtual router to represent the CE router attached to your
PE router. Please refer to the lab diagram titled Lab 6: Part 1VPN Baseline (PE).
Step 1.1
Enter configuration mode and load the baseline configuration for your PE router. The
file is saved in the /var/home/lab directory and is named
jmv-lab1-RouterName-baseline.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# load override jmv-lab1-RouterName-baseline
load complete
Step 1.2
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Navigate to the [edit interfaces] hierarchy
and enable family mpls on both of the core-facing interfaces.
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit 2xy family mpls
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit 2xy family mpls
Step 1.3
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
[edit interfaces]
lab@mxB-1# top edit protocols
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.2xy
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.2xy
Step 1.4
Configure the RSVP protocol on the core-facing interfaces.
www.juniper.net
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/0.2xy
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/1.2xy
Step 1.5
Enable traffic-engineering under [edit protocols ospf] so that your router
will flood its own OpaqArea link state advertisement (LSA) and use these LSA types
to build and use the traffic engineering database (TED) for constrained shortest
path first (CSPF) calculations.
[edit protocols]
lab@mxB-1# set ospf traffic-engineering
Step 1.6
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE routers BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet unicast
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet-vpn unicast
Step 1.7
To allow for the automatic generation of route distinguishers, navigate to the
[edit routing-options] hierarchy and specify the
route-distinguisher-id using your PE routers loopback address. Commit
your configuration and exit out to operational mode.
[edit protocols]
lab@mxB-1# top edit routing-options
[edit routing-options]
lab@mxB-1# set route-distinguisher-id 192.168.x.y
[edit routing-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 1.8
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
lab@mxB-1> show mpls interface
Interface
State
Administrative groups
ge-1/0/0.220
Up
<none>
ge-1/0/1.221
Up
<none>
lab@mxB-1> show rsvp interface
RSVP interface: 2 active
www.juniper.net
ge-1/0/1.221Up
0bps
0bps
Available
BW
1000Mbps
100%
Reserved
BW
0bps
1000Mbps
Highwater
mark
0bps
1000Mbps
Step 1.9
Verify that your PE router has established Open Shortest Path First (OSPF)
adjacencies with the neighboring provider (P) routers.
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
37
34
www.juniper.net
Step 2.3
Navigate to the [edit interfaces] hierarchy. Delete the configuration for
ge-1/0/4 and ge-1/1/4.
[edit routing-instances]
lab@mxB-1# top edit interfaces
[edit interfaces]
lab@mxB-1# delete ge-1/0/4
[edit interfaces]
lab@mxB-1# delete ge-1/1/4
www.juniper.net
Step 2.4
Configure your new CE routers ge-1/1/4 interface, which will be used to connect
to your local PE router in future labs. Use the lab diagram to determine the correct
addressing.
[edit interfaces]
lab@mxB-1# set ge-1/1/4 vlan-tagging unit 6x0 vlan-id 6x0
[edit interfaces]
lab@mxB-1# set ge-1/1/4 vlan-tagging unit 6x0 family inet address 10.0.xy.2/24
Step 2.5
Navigate to the [edit routing-instances] hierarchy. Configure your
CE routers routing instance specifying a routing instance type of
virtual-router and apply the lo0.1 and ge-1/1/4 interfaces to the
instance.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set cex-y instance-type virtual-router
[edit routing-instances]
lab@mxB-1# set cex-y interface ge-1/1/4.6x0
[edit routing-instances]
lab@mxB-1# set cex-y interface lo0.1
Step 2.6
Configure your CE routers autonomous system (AS) number.
[edit routing-instances]
lab@mxB-1# set cex-y routing-options autonomous-system 65x01
Step 2.7
Configure your CE routers static routes as listed on the lab diagram. Use a next hop
of reject for each of the four static routes.
[edit routing-instances]
lab@mxB-1# set cex-y routing-options static route 172.x0.y/24 reject
[edit routing-instances]
lab@mxB-1# set cex-y routing-options static route 172.x0.y/24 reject
[edit routing-instances]
lab@mxB-1# set cex-y routing-options static route 172.x0.y/24 reject
[edit routing-instances]
lab@mxB-1# set cex-y routing-options static route 172.x0.y/24 reject
www.juniper.net
Step 2.8
Navigate to the [edit policy-options] hierarchy. Create a routing policy that
will allow for the redistribution of your direct and static routes. This policy will
eventually be used to advertise routes from the CE router to the PE router. Commit
your configuration and exit to operational mode.
[edit routing-instances]
lab@mxB-1# top edit policy-options
[edit policy-options]
lab@mxB-1# set policy-statement exp-policy term 10 from protocol static
[edit policy-options]
lab@mxB-1# set policy-statement exp-policy term 10 then accept
[edit policy-options]
lab@mxB-1# set policy-statement exp-policy term 20 from protocol direct
[edit policy-options]
lab@mxB-1# set policy-statement exp-policy term 20 then accept
[edit policy-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 2.9
View the CE routers routing table and ensure that the correct direct and static
routes are now installed in the table.
lab@mxB-1> show route table cex-y
ce2-1.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.20.0/24
10.0.20.2/32
172.20.0.0/24
172.20.1.0/24
172.20.2.0/24
172.20.3.0/24
192.168.12.1/32
*[Direct/0] 00:38:46
> via ge-1/1/4.620
*[Local/0] 00:38:46
Local via ge-1/1/4.620
*[Static/5] 00:00:09
Reject
*[Static/5] 00:00:09
Reject
*[Static/5] 00:00:09
Reject
*[Static/5] 00:00:09
Reject
*[Direct/0] 00:38:46
> via lo0.1
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 7
Layer 3 VPN with Static and BGP Routing (Detailed)
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
Step 1.2
Verify your OSPF and BGP neighborships are established correctly.
lab@mxA-1> show ospf neighbor
Address
Interface
172.22.210.2
ge-1/0/0.210
172.22.211.2
ge-1/0/1.211
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
34
32
www.juniper.net
www.juniper.net
Step 2.2
Verify that the RSVP LSP you just configured is up and functional. Ensure that you
have bidirectional LSPs before proceeding. Review the inet.3 routing table to verify
that the RSVP route is present and ready to use.
lab@mxA-1> show mpls lsp
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.1.2
192.168.1.1
Up
0 *
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
pe1-to-pe2-1
www.juniper.net
pe1-to-pe2-1
STOP
Step 3.2
Verify connectivity to the CE device using the ping utility with a count value of 3.
lab@mxA-1> ping 10.0.xy.2 count 3
PING 10.0.10.2 (10.0.10.2): 56 data
64 bytes from 10.0.10.2: icmp_seq=0
64 bytes from 10.0.10.2: icmp_seq=1
64 bytes from 10.0.10.2: icmp_seq=2
bytes
ttl=64 time=0.502 ms
ttl=64 time=0.426 ms
ttl=64 time=0.434 ms
--- 10.0.10.2 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.426/0.454/0.502/0.034 ms
www.juniper.net
Step 4.2
Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route
distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should look like this: 192.168.x.y:1.
[edit routing-instances]
lab@mxA-1# edit vpn-x
[edit routing-instances vpn-1]
lab@mxA-1# set route-distinguisher 192.168.x.y:1
Step 4.3
Configure your route target. As mentioned previously, you will be using the
vrf-target option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. The format for
defining your vrf-target is: target:65512:x.
[edit routing-instances vpn-1]
lab@mxA-1# set vrf-target target:65512:x
Step 4.4
Include the CE facing interface in your VRF instance.
[edit routing-instances vpn-1]
lab@mxA-1# set interface ge-1/0/4.6x0
www.juniper.net
Step 4.5
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
[edit routing-instances vpn-1]
lab@mxA-1# show
instance-type vrf;
interface ge-1/0/4.610;
route-distinguisher 192.168.1.1:1;
vrf-target target:65512:1;
[edit routing-instances vpn-1]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 4.6
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE facing interface. You can accomplish this by issuing the
command: show route table vpn-x.inet.0
lab@mxA-1> show route table vpn-x.inet.0
vpn-1.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.10.0/24
10.0.10.1/32
*[Direct/0] 00:43:48
> via ge-1/0/4.610
*[Local/0] 00:43:48
Local via ge-1/0/4.610
STOP
www.juniper.net
Step 5.2
Navigate to the [edit routing-instances vpn-x routing-options]
hierarchy. Configure the static routes in your PE instance for the static networks that
reside on your CE device. You must also configure a static route for the loopback
address of your CE device. All static route next hops should point to the CE interface
address.
[edit routing-instances ce1-1 routing-options]
lab@mxA-1# top edit routing-instances vpn-x routing-options
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# set static route 172.x0.y.0/24 next-hop 10.0.xy.2
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# set static route 172.x0.y.0/24 next-hop 10.0.xy.2
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# set static route 172.x0.y.0/24 next-hop 10.0.xy.2
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# set static route 172.x0.y.0/24 next-hop 10.0.xy.2
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# set static route 192.168.1x.y next-hop 10.0.xy.2
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# commit and-quit
commit complete
www.juniper.net
Step 5.3
Verify that you are advertising your routes to the remote PE router.
lab@mxA-1> show route advertising-protocol bgp 192.168.x.y
vpn-1.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 10.0.10.0/24
Self
100
I
* 172.10.0.0/24
Self
100
I
* 172.10.1.0/24
Self
100
I
* 172.10.2.0/24
Self
100
I
* 172.10.3.0/24
Self
100
I
* 192.168.11.1/32
Self
100
I
www.juniper.net
*
*
*
*
*
*
Prefix
Nexthop
192.168.1.2:1:10.0.11.0/24
192.168.1.2
192.168.1.2:1:172.10.4.0/24
192.168.1.2
192.168.1.2:1:172.10.5.0/24
192.168.1.2
192.168.1.2:1:172.10.6.0/24
192.168.1.2
192.168.1.2:1:172.10.7.0/24
192.168.1.2
192.168.1.2:1:192.168.11.2/32
192.168.1.2
MED
Lclpref
AS path
100
100
100
100
100
100
pe1-to-pe2-1
172.10.0.0/24
172.10.1.0/24
172.10.2.0/24
172.10.3.0/24
172.10.4.0/24
www.juniper.net
*[Direct/0] 00:43:27
> via ge-1/0/4.610
*[Local/0] 00:43:27
Local via ge-1/0/4.610
*[BGP/170] 00:43:27, localpref 100, from 192.168.1.2
AS path: I
> to 172.22.211.2 via ge-1/0/1.211, label-switched-path
*[Static/5] 00:07:54
> to 10.0.10.2 via ge-1/0/4.610
*[Static/5] 00:07:54
> to 10.0.10.2 via ge-1/0/4.610
*[Static/5] 00:07:54
> to 10.0.10.2 via ge-1/0/4.610
*[Static/5] 00:07:54
> to 10.0.10.2 via ge-1/0/4.610
*[BGP/170] 00:43:27, localpref 100, from 192.168.1.2
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 711
AS path: I
> to 172.22.211.2 via ge-1/0/1.211, label-switched-path
pe1-to-pe2-1
172.10.5.0/24
pe1-to-pe2-1
172.10.6.0/24
pe1-to-pe2-1
172.10.7.0/24
pe1-to-pe2-1
192.168.11.1/32
192.168.11.2/32
pe1-to-pe2-1
Lab 712 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
STOP
Step 6.2
Navigate to the [edit routing-instances cex-y routing-options]
hierarchy. Remove the static default route that you created in Part 5. Commit and
exit to operational mode before proceeding.
[edit routing-instances vpn-1 routing-options]
lab@mxA-1# top edit routing-instances cex-y routing-options
[edit routing-instances ce1-1 routing-options]
lab@mxA-1# delete static route 0/0
www.juniper.net
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 713
Step 6.3
View the routes in your VRF table to verify that you are no longer receiving routes
from the remote PE router.
lab@mxA-1> show route table vpn-x.inet.0
vpn-1.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.10.0/24
10.0.10.1/32
*[Direct/0] 02:02:12
> via ge-1/0/4.610
*[Local/0] 02:02:12
Local via ge-1/0/4.610
Lab 714 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
Step 6.5
Navigate to the [edit routing-instances vpn-x protocols bgp]
hierarchy. Create an external group called my-ext-group and specify your
neighbor address. You must also define your peer-as. Review your configuration,
Commit, and exit to operational mode before moving on to the next step.
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# top edit routing-instances vpn-x protocols bgp
[edit routing-instances vpn-1 protocols bgp]
lab@mxA-1# set group my-ext-group type external
[edit routing-instances vpn-1 protocols bgp]
lab@mxA-1# set group my-ext-group neighbor 10.0.xy.2
[edit routing-instances vpn-1 protocols bgp]
lab@mxA-1# set group my-ext-group peer-as 65x01
[edit routing-instances vpn-1 protocols bgp]
lab@mxA-1# show
group my-ext-group {
type external;
peer-as 65101;
neighbor 10.0.10.2;
}
[edit routing-instances vpn-1 protocols bgp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 715
Step 6.6
Verify on the PE that you are receiving the advertised BGP routes from your
CE router.
lab@mxA-1> show route receive-protocol bgp 10.0.xy.2
inet.0: 40 destinations, 40 routes (39 active, 0 holddown, 1 hidden)
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
ce1-1.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
vpn-1.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
10.0.10.0/24
10.0.10.2
65101 I
* 172.10.0.0/24
10.0.10.2
65101 I
* 172.10.1.0/24
10.0.10.2
65101 I
* 172.10.2.0/24
10.0.10.2
65101 I
* 172.10.3.0/24
10.0.10.2
65101 I
* 192.168.11.1/32
10.0.10.2
65101 I
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
Lab 716 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
www.juniper.net
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 717
Answer: Yes, you should see all the routes that were
exported by the remote CE router and later
advertised from the remote PE router through the
VPN. If you do not see these routes, please review
your configuration and ensure that the remote team
has completed Step 6.6. Please request assistance
from your instructor, if needed.
Step 6.9
Review the BGP routes you are receiving on your CE router.
lab@mxA-1> show route receive-protocol bgp 10.0.xy.1
inet.0: 40 destinations, 40 routes (39 active, 0 holddown, 1 hidden)
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
ce1-1.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 10.0.11.0/24
10.0.10.1
65512 I
vpn-1.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
Lab 718 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
Step 6.10
Verify that your PE router is advertising these routes to your CE router.
lab@mxA-1> show route advertising-protocol bgp 10.0.xy.2
vpn-1.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 10.0.11.0/24
Self
I
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 719
Lab 720 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
Step 6.13
Verify that your CE router is now receiving the routes from your PE router after the
change.
lab@mxA-1> show route receive-protocol bgp 10.0.xy.1
inet.0: 40 destinations, 40 routes (39 active, 0 holddown, 1 hidden)
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
ce1-1.inet.0: 13 destinations, 18 routes (13 active, 0 holddown, 5 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 10.0.11.0/24
10.0.10.1
65512 I
* 172.10.4.0/24
10.0.10.1
65512 65512
* 172.10.5.0/24
10.0.10.1
65512 65512
* 172.10.6.0/24
10.0.10.1
65512 65512
* 172.10.7.0/24
10.0.10.1
65512 65512
www.juniper.net
I
I
I
I
Layer 3 VPN with Static and BGP Routing (Detailed) Lab 721
* 192.168.11.2/32
10.0.10.1
65512 65512 I
STOP
Lab 722 Layer 3 VPN with Static and BGP Routing (Detailed)
www.juniper.net
Lab 8
Route Reflection and Internet Access (Detailed)
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will alter your internal BGP
(IBGP) configuration to peer with a preconfigured route reflector in the core network. You
will implement route target filtering on your PE router and you will configure Internet
access for the customer edge (CE) router through your PE router.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Reconfigure your IBGP peering, so that your router peers with the route
reflector.
Create a second virtual router that will act as a second CE router and customer
network.
Create and establish two Layer 3 VPNs over the core network.
Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
Step 1.2
Verify your OSPF and BGP neighborships are established correctly.
lab@mxA-1> show ospf neighbor
Address
Interface
172.22.210.2
ge-1/0/0.210
172.22.211.2
ge-1/0/1.211
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
34
32
www.juniper.net
www.juniper.net
www.juniper.net
Step 2.2
Verify that your neighborship has established with the route reflector. Review the
BGP neighborship to ensure that you are receiving the correct NLRI to establish a
Layer 3 VPN.
lab@mxA-1> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
Pending
inet.0
0
0
0
0
0
0
bgp.l3vpn.0
0
0
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.5.2
65512
67
66
0
0
28:33 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 0/0/0/0
lab@mxA-1> show bgp neighbor 192.168.5.2
Peer: 192.168.5.2+179 AS 65512 Local: 192.168.1.1+49425 AS 65512
Type: Internal
State: Established
Flags: <ImportEval Sync>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: None
Export: [ statics ]
Options: <Preference LocalAddress AddressFamily Rib-group Refresh>
Address families configured: inet-unicast inet-vpn-unicast
Local Address: 192.168.1.1 Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 192.168.5.2
Local ID: 192.168.1.1
Active Holdtime: 90
Keepalive Interval: 30
Peer index: 0
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast inet-vpn-unicast
NLRI advertised by peer: inet-unicast inet-vpn-unicast route-target
NLRI for this session: inet-unicast inet-vpn-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast inet-vpn-unicast
route-target
NLRI that restart is negotiated for: inet-unicast inet-vpn-unicast
NLRI of received end-of-rib markers: inet-unicast inet-vpn-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 65512)
Peer does not support Addpath
Table inet.0 Bit: 20000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
0
Received prefixes:
0
Accepted prefixes:
0
Suppressed due to damping:
0
Advertised prefixes:
0
Table bgp.l3vpn.0
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: not advertising
www.juniper.net
Active prefixes:
0
Received prefixes:
0
Accepted prefixes:
0
Suppressed due to damping:
0
Last traffic (seconds): Received 20
Sent 5
Input messages: Total 67
Updates 2
Output messages: Total 67
Updates 0
Output Queue[1]: 0
Output Queue[2]: 0
Checked 37
Refreshes 0
Refreshes 0
Octets 1288
Octets 1344
Part 3: Establishing LDP Signaled LSPs Between PE Routers and Router Reflector
In this lab part, you will use LDP to signal LSPs to the remote PE router through the
core network as well as to the Route Reflector. You will verify that the LDP LSPs are
established and that the LDP routes are installed in your routing table.
Step 3.1
Enter into configuration mode and navigate to the [edit protocols ldp]
hierarchy. Add the interface all statement to include all interfaces in LDP. As
good practice, remember to disable the management interface. Commit and exit to
operation mode when you are satisfied with the changes.
www.juniper.net
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# edit protocols ldp
[edit protocols ldp]
lab@mxA-1# set interface all
[edit protocols ldp]
lab@mxA-1# set interface fxp0 disable
[edit protocols ldp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 3.2
Verify that the LSPs are established and ready for use.
lab@mxA-1> show ldp neighbor
Address
Interface
172.22.210.2
ge-1/0/0.210
172.22.211.2
ge-1/0/1.211
lab@mxA-1> show ldp session
Address
State
192.168.5.1
Operational
192.168.5.4
Operational
Label space ID
192.168.5.1:0
192.168.5.4:0
Connection
Open
Open
Hold time
10
11
Hold time
28
28
Step 3.3
Verify that the inet.3 routing table is created and contains the RSVP route to the
remote PE router.
lab@mxA-1> show route table inet.3
inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2/32
192.168.5.1/32
192.168.5.2/32
192.168.5.3/32
192.168.5.1/32
192.168.5.5/32
www.juniper.net
*[LDP/9] 00:12:12,
to 172.22.210.2
> to 172.22.211.2
*[LDP/9] 00:12:12,
> to 172.22.210.2
*[LDP/9] 00:12:12,
> to 172.22.210.2
*[LDP/9] 00:12:12,
> to 172.22.210.2
*[LDP/9] 00:12:12,
> to 172.22.211.2
*[LDP/9] 00:12:12,
> to 172.22.211.2
metric 1
via ge-1/0/0.210,
via ge-1/0/1.211,
metric 1
via ge-1/0/0.210
metric 1
via ge-1/0/0.210,
metric 1
via ge-1/0/0.210,
metric 1
via ge-1/0/1.211
metric 1
via ge-1/0/1.211,
Push 307264
Push 303760
Push 307040
Push 306688
Push 299808
192.168.5.6/32
Step 4.3
Configure your CE routers ge-1/1/5 interface, which will be used to connect to your
local PE router.
[edit interfaces]
lab@mxA-1# set ge-1/1/5 vlan-tagging unit 6x1 vlan-id 6x1
[edit interfaces]
lab@mxA-1# set ge-1/1/5 vlan-tagging unit 6x1 family inet address 10.1.xy.2/24
Step 4.4
Navigate to the [edit routing-instances cex-y] hierarchy and configure
your CE routers routing instance specifying a routing instance type of
virtual-router and apply the lo0 and ge-1/1/5 interfaces to the instance.
www.juniper.net
[edit interfaces]
lab@mxA-1# top edit routing-instances cex-y
[edit routing-instances ce1-3]
lab@mxA-1# set instance-type virtual-router
Step 4.5
Configure your CE routers autonomous system (AS) number.
[edit routing-instances ce1-3]
lab@mxA-1# set routing-options autonomous-system 65x02
Step 4.6
Configure your CE routers static routes as listed on the lab diagram. Use a next hop
of reject for each of the four static routes. Commit your configuration and exit to
operational mode.
[edit routing-instances ce1-3]
lab@mxA-1# set routing-options static route 172.x1.y/24 reject
[edit routing-instances ce1-3]
lab@mxA-1# set routing-options static route 172.x1.y/24 reject
[edit routing-instances ce1-3]
lab@mxA-1# set routing-options static route 172.x1.y/24 reject
[edit routing-instances ce1-3]
lab@mxA-1# set routing-options static route 172.x1.y/24 reject
[edit routing-instances ce1-3]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 4.7
View the CE routers routing table and ensure that the correct direct and static
routes are now installed in the table.
lab@mxA-1> show route table cex-y
ce1-3.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.10.0/24
10.1.10.2/32
www.juniper.net
*[Direct/0] 00:50:57
> via ge-1/1/5.611
*[Local/0] 00:50:57
Route Reflection and Internet Access (Detailed) Lab 89
172.11.0.0/24
172.11.1.0/24
172.11.2.0/24
172.11.3.0/24
192.168.21.1/32
www.juniper.net
[edit interfaces]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 5.2
Verify reachability to both CE routers by pinging their interfaces five times.
lab@mxA-1> ping 10.0.xy.2 count 5
PING 10.0.10.2 (10.0.10.2): 56 data
64 bytes from 10.0.10.2: icmp_seq=0
64 bytes from 10.0.10.2: icmp_seq=1
64 bytes from 10.0.10.2: icmp_seq=2
64 bytes from 10.0.10.2: icmp_seq=3
64 bytes from 10.0.10.2: icmp_seq=4
bytes
ttl=64
ttl=64
ttl=64
ttl=64
ttl=64
time=0.489
time=0.417
time=0.424
time=0.413
time=0.427
ms
ms
ms
ms
ms
--- 10.0.10.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.413/0.434/0.489/0.028 ms
lab@mxA-1> ping 10.1.xy.2 count 5
PING 10.1.10.2 (10.1.10.2): 56 data
64 bytes from 10.1.10.2: icmp_seq=0
64 bytes from 10.1.10.2: icmp_seq=1
64 bytes from 10.1.10.2: icmp_seq=2
64 bytes from 10.1.10.2: icmp_seq=3
64 bytes from 10.1.10.2: icmp_seq=4
bytes
ttl=64
ttl=64
ttl=64
ttl=64
ttl=64
time=1.016
time=0.399
time=0.387
time=0.429
time=0.429
ms
ms
ms
ms
ms
--- 10.1.10.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.387/0.532/1.016/0.243 ms
www.juniper.net
www.juniper.net
Step 6.2
Navigate to the [edit routing-instances vpnx-b] hierarchy. Configure the
routing instance specifying a routing instance type of vrf. Configure your route
target. The format for defining your vrf-target for the vpnx-b instance is:
target:65512:x02. Add the ge-1/0/5.6x1 interface to the routing instance.
Review your configuration changes and when satisfied, commit and exit to
operational mode.
[edit routing-instances vpn1-a]
lab@mxA-1# top edit routing-instances vpnx-b
[edit routing-instances vpn1-b]
lab@mxA-1# set instance-type vrf
[edit routing-instances vpn1-b]
lab@mxA-1# set vrf-target target:65512:x02
[edit routing-instances vpn1-b]
lab@mxA-1# set interface ge-1/0/5.6x1
[edit routing-instances vpn1-b]
lab@mxA-1# show
instance-type vrf;
interface ge-1/0/5.611;
vrf-target target:65512:102;
[edit routing-instances vpn1-b]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 6.3
Verify that both VRF tables are created and contain the local network routes.
lab@mxA-1> show route table vpnx-a
vpn1-a.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.10.0/24
10.0.10.1/32
*[Direct/0] 00:31:29
> via ge-1/0/4.610
*[Local/0] 00:31:29
Local via ge-1/0/4.610
*[Direct/0] 00:21:25
> via ge-1/0/5.611
*[Local/0] 00:21:25
Local via ge-1/0/5.611
Route Reflection and Internet Access (Detailed) Lab 813
STOP
www.juniper.net
Step 7.2
Navigate to the [edit routing-instances cex-y protocols bgp]
hierarchy, where cex-y is your CE router connected to your VPNx-a instance.
Create an external group called my-ext-group and specify your neighbor
address. You must also define your peer-as. Apply the policy exp-policy that
you created in Lab 6, as an export policy to your EBGP group. Review your
configuration, commit, and exit to operational mode.
[edit routing-instances vpn1-a protocols bgp]
lab@mxA-1# top edit routing-instances cex-y protocols bgp
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# set group my-ext-group type external
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# set group my-ext-group neighbor 10.0.xy.1
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# set group my-ext-group peer-as 65512
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# set group my-ext-group export exp-policy
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# show
group my-ext-group {
type external;
export exp-policy;
peer-as 65512;
neighbor 10.0.10.1;
}
[edit routing-instances ce1-1 protocols bgp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Note
0 hidden)
AS path
65101 I
65101 I
65101 I
65101 I
65101 I
65101 I
0 hidden)
AS path
I
65101 I
65101 I
65101 I
65101 I
65101 I
www.juniper.net
0 hidden)
AS path
I
65101 I
65101 I
65101 I
65101 I
65101 I
* 172.10.7.0/24
* 192.168.11.2/32
10.0.10.1
10.0.10.1
65512 65512 I
65512 65512 I
www.juniper.net
Note
www.juniper.net
Step 7.5
Navigate to the [edit routing-instances cex-y protocols bgp]
hierarchy, where cex-y is your CE router connected to your VPNx-b instance.
Create an external group named my-ext-group and specify your neighbor
address. You must also define your peer-as. Apply the policy exp-policy that
you created in Lab 6, as an export policy to your EBGP group. Review your
configuration, commit, and exit to operational mode.
[edit routing-instances vpn1-b protocols bgp]
lab@mxA-1# top edit routing-instances cex-y protocols bgp
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# set group my-ext-group type external
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# set group my-ext-group neighbor 10.1.xy.1
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# set group my-ext-group peer-as 65512
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# set group my-ext-group export exp-policy
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# show
group my-ext-group {
type external;
export exp-policy;
peer-as 65512;
neighbor 10.1.10.1;
}
[edit routing-instances ce1-3 protocols bgp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Note
I
I
I
I
I
www.juniper.net
STOP
www.juniper.net
Step 8.1
Enter into configuration mode and navigate to the [edit routing-instances
vpnx-b] hierarchy. Alter the vrf-target you have configured for this VPN. If you
are configuring pe1, then you change your target to target:65512:x03. If you
are configuring pe2 you will change you target to target:65512:x04. After
making this configuration change, commit and exit to operational mode.
Note
Step 8.2
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table.
lab@mxA-1> show route table bgp.l3vpn.0
bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2:7:10.0.11.0/24
*[BGP/170] 00:13:11, localpref 100, from 192.168.5.2
AS path: I
to 172.22.210.2 via ge-1/0/0.210, Push 299968, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 299968, Push
303760(top)
192.168.1.2:7:172.10.4.0/24
*[BGP/170] 00:13:11, localpref 100, from 192.168.5.2
AS path: 65101 I
www.juniper.net
www.juniper.net
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# edit protocols bgp
[edit protocols bgp]
lab@mxA-1# set keep all
[edit protocols bgp]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 8.4
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after adding the keep all functionality.
lab@mxA-1> show route table bgp.l3vpn.0
bgp.l3vpn.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2:7:10.0.11.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:7:172.10.4.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:7:172.10.5.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:7:172.10.6.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:7:172.10.7.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
www.juniper.net
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:7:192.168.11.2/32
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 300000, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 300000, Push
303760(top)
192.168.1.2:8:10.1.11.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
192.168.1.2:8:172.11.4.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65102 I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
192.168.1.2:8:172.11.5.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65102 I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
192.168.1.2:8:172.11.6.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65102 I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
192.168.1.2:8:172.11.7.0/24
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65102 I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
192.168.1.2:8:192.168.21.2/32
*[BGP/170] 00:00:01, localpref 100, from 192.168.5.2
AS path: 65102 I
> to 172.22.210.2 via ge-1/0/0.210, Push 300016, Push
307264(top)
to 172.22.211.2 via ge-1/0/1.211, Push 300016, Push
303760(top)
www.juniper.net
Step 8.6
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.
lab@mxA-1> show route table bgp.l3vpn.0
bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2:7:10.0.11.0/24
*[BGP/170] 00:13:11, localpref 100, from 192.168.5.2
AS path: I
to 172.22.210.2 via ge-1/0/0.210, Push 299968, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 299968, Push
303760(top)
192.168.1.2:7:172.10.4.0/24
*[BGP/170] 00:13:11, localpref 100, from 192.168.5.2
AS path: 65101 I
to 172.22.210.2 via ge-1/0/0.210, Push 299968, Push
307264(top)
> to 172.22.211.2 via ge-1/0/1.211, Push 299968, Push
303760(top)
192.168.1.2:7:172.10.5.0/24
*[BGP/170] 00:13:11, localpref 100, from 192.168.5.2
AS path: 65101 I
www.juniper.net
www.juniper.net
Step 9.1
Enter configuration mode and navigate to the [edit interface] hierarchy.
Refer to the lab diagram titled Lab 8: Part 9Layer 3 VPN Scaling and Internet
Access. Configure the additional logical unit, VLAN, and IP address for both the
CE router interface and the PE router interface.
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# edit interfaces
[edit interfaces]
lab@mxA-1# set ge-1/0/4 unit x00 vlan-id x00 family inet address 10.2.xy.1/24
[edit interfaces]
lab@mxA-1# set ge-1/1/4 unit x00 vlan-id x00 family inet address 10.2.xy.2/24
Step 9.2
Navigate to the [edit routing-instances cex-y] hierarchy and add the
non-VRF interface. Configure a static default route that points to the non-vrf
interface address as the next hop.
[edit interfaces]
lab@mxA-1# top edit routing-instances cex-y
[edit routing-instances ce1-1]
lab@mxA-1# set interface ge-1/1/4.x00
[edit routing-instances ce1-1]
lab@mxA-1# set routing-options static route 0/0 next-hop 10.2.xy.1
Step 9.3
Navigate to the [edit routing-options] hierarchy and create a static route
on your PE router that encompasses all of your static routes on your CE router in a
single prefix (172.x0.y.0/22). The next hop for this route will be the CE interface
address for the non-VRF connection. You will also need to add your CE routers
loopback address as a static route with the same next hop.
[edit routing-instances ce1-1]
lab@mxA-1# top edit routing-options
[edit routing-options]
lab@mxA-1# set static route 172.x0.y.0/22 next-hop 10.2.xy.2
[edit routing-options]
lab@mxA-1# set static route 192.168.1x.y next-hop 10.2.xy.2
www.juniper.net
Step 9.4
Navigate to the [edit policy-options] hierarchy. Create a policy named
statics that will be used to redistribute your static routes into OSPF.
[edit routing-options]
lab@mxA-1# top edit policy-options
[edit policy-options]
lab@mxA-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxA-1# set policy-statement statics term 10 then accept
Step 9.5
Navigate to the [edit protocols ospf] hierarchy and add the non-VRF
interface as passive. Export the static routes you created in the previous step into
your IGP by using the policy static. This action allows the IGP to route traffic back
to the CE network through the non-VRF connection. Commit your changes and exit to
operational mode.
[edit policy-options]
lab@mxA-1# top edit protocols ospf
[edit protocols ospf]
lab@mxA-1# set area 0 interface ge-1/0/4.x00 passive
[edit protocols ospf]
lab@mxA-1# set export statics
[edit protocols ospf]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Step 9.6
Verify that you can ping the loopback address of one of the core routers five times,
sourced from your CE routers loopback address. You can review one of the network
diagrams that outline the core network if you do not recall the loopback addresses
of the core routers. In the example provided, the ping is destined to P6s loopback,
sourced from the CE routers loopback.
lab@mxA-1> ping 192.168.5.6 source 192.168.1x.y routing-instance cex-y count 5
PING 192.168.5.6 (192.168.5.6): 56 data bytes
64 bytes from 192.168.5.6: icmp_seq=0 ttl=61 time=0.619 ms
64 bytes from 192.168.5.6: icmp_seq=1 ttl=61 time=0.678 ms
64 bytes from 192.168.5.6: icmp_seq=2 ttl=61 time=0.559 ms
64 bytes from 192.168.5.6: icmp_seq=3 ttl=61 time=0.554 ms
64 bytes from 192.168.5.6: icmp_seq=4 ttl=61 time=0.546 ms
--- 192.168.5.6 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.546/0.591/0.678/0.051 ms
Lab 830 Route Reflection and Internet Access (Detailed)
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 9
GRE Tunnel Integration (Detailed)
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE routers static routes into
OSPF.
Redistribute the MP-BGP routes learned from the remote PE into OSPF.
Step 1.2
Verify that your OSPF and BGP neighborships are established correctly.
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
30
37
www.juniper.net
www.juniper.net
Step 2.2
Verify connectivity to the CE device using the ping utility with a count value of 3.
lab@mxB-1> ping 10.0.xy.2 count 3
PING 10.0.10.2 (10.0.10.2): 56 data
64 bytes from 10.0.10.2: icmp_seq=0
64 bytes from 10.0.10.2: icmp_seq=1
64 bytes from 10.0.10.2: icmp_seq=2
bytes
ttl=64 time=0.502 ms
ttl=64 time=0.426 ms
ttl=64 time=0.434 ms
--- 10.0.10.2 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.426/0.454/0.502/0.034 ms
www.juniper.net
Step 3.2
Navigate to the [edit routing-instances vpn-x] hierarchy. Configure your
route target. As mentioned earlier, you will be using the vrf-target option. Your
target will contain the local autonomous system (AS) number and will be uniquely
identified by using your pod value. The format for defining you vrf-target is:
target:65512:x.
[edit routing-instances]
lab@mxB-1# edit vpn-x
[edit routing-instances vpn-2]
lab@mxB-1# set vrf-target target:65512:x
Step 3.3
Include the CE-facing interface in your VRF instance.
[edit routing-instances vpn-2]
lab@mxB-1# set interface ge-1/0/4.6x0
Step 3.4
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
www.juniper.net
Step 3.5
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE-facing interface. You can accomplish this task by issuing
the show route table vpn-x.inet.0 command.
lab@mxB-1> show route table vpn-x
vpn-2.inet.0: 8 destinations, 8 routes (2 active, 0 holddown, 6 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.20.0/24
10.0.20.1/32
*[Direct/0] 00:00:37
> via ge-1/0/4.620
*[Local/0] 00:00:37
Local via ge-1/0/4.620
www.juniper.net
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit policy-options
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 then accept
Step 4.2
Navigate to the [edit routing-instances cex-y] hierarchy. Configure your
CE routers loopback and Ethernet interfaces as OSPF area 0.0.0.0 interfaces.
[edit policy-options]
lab@mxB-1# top edit routing-instances cex-y
[edit routing-instances ce2-1]
lab@mxB-1# set protocols ospf area 0 interface lo0.1
[edit routing-instances ce2-1]
lab@mxB-1# set protocols ospf area 0 interface ge-1/1/4.6x0
Step 4.3
Apply the statics policy as an export policy to your CE routers OSPF instance.
[edit routing-instances ce2-1]
lab@mxB-1# set protocols ospf export statics
Step 4.4
Navigate to the [edit routing-instances vpn-x] hierarchy. Configure you
PE routers VRF interface an OSPF area 0.0.0.0 interface. Commit your configuration
and exit to operational mode.
[edit routing-instances ce2-1]
lab@mxB-1# top edit routing-instances vpn-x
[edit routing-instances vpn-2]
lab@mxB-1# set protocols ospf area 0 interface ge-1/0/4.6x0
[edit routing-instances vpn-2]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 4.5
Verify that the CE router and PE router have established an OSPF adjacency with
each other.
lab@mxB-1> show ospf neighbor instance cex-y
Address
Interface
State
10.0.20.1
ge-1/1/4.620
Full
www.juniper.net
ID
10.0.20.1
Pri
128
Dead
35
*[Direct/0] 00:36:22
> via ge-1/0/4.620
*[Local/0] 00:36:22
Local via ge-1/0/4.620
*[OSPF/150] 00:07:09, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:07:09, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:07:09, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:07:09, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/10] 00:22:05, metric 1
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/10] 00:22:55, metric 1
MultiRecv
0
0
0
0
www.juniper.net
Step 4.7
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
lab@mxB-1> show route advertising-protocol bgp 192.168.x.y
vpn-2.inet.0: 14 destinations, 14 routes (8 active, 0 holddown, 6 hidden)
Prefix
Nexthop
MED
Lclpref
AS path
* 10.0.20.0/24
Self
100
I
* 172.20.0.0/24
Self
0
100
I
* 172.20.1.0/24
Self
0
100
I
* 172.20.2.0/24
Self
0
100
I
* 172.20.3.0/24
Self
0
100
I
* 192.168.12.1/32
Self
1
100
I
www.juniper.net
172.20.4.0/24
172.20.5.0/24
172.20.6.0/24
172.20.7.0/24
192.168.12.2/32
[BGP/170] 00:49:21,
AS path: I
Unusable
[BGP/170] 00:49:21,
AS path: I
Unusable
[BGP/170] 00:49:21,
AS path: I
Unusable
[BGP/170] 00:49:21,
AS path: I
Unusable
[BGP/170] 00:49:21,
AS path: I
Unusable
[BGP/170] 00:49:21,
AS path: I
Unusable
www.juniper.net
192.168.2.2:27:172.20.5.0/24
[BGP/170] 00:49:21,
AS path: I
Unusable
192.168.2.2:27:172.20.6.0/24
[BGP/170] 00:49:21,
AS path: I
Unusable
192.168.2.2:27:172.20.7.0/24
[BGP/170] 00:49:21,
AS path: I
Unusable
192.168.2.2:27:192.168.12.2/32
[BGP/170] 00:49:21,
AS path: I
Unusable
www.juniper.net
Step 5.2
Navigate to the [edit interfaces] hierarchy and configure a tunnel interface
named gr-1/0/10.0. The interface should source packets from the local PE routers
loopback address. The interface should be configured to send packets destined to
the remote PE routers loopback address. Finally, enable forwarding of MPLS and
IPv4 traffic on the tunnel interface. Commit your configuration and exit to
operational mode.
[edit chassis]
lab@mxB-1# top edit interfaces
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 tunnel source 192.168.x.y
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 tunnel destination 192.168.x.y
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 family inet
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 family mpls
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 5.3
Verify that the GRE interface is up and functional.
lab@mxB-1> show interfaces gr-1/0/10 terse
Interface
Admin Link Proto
gr-1/0/10
up
up
gr-1/0/10.0
up
up
inet
mpls
Local
Remote
www.juniper.net
Step 6.2
Verify that the new static route exists in inet.3 and only inet.3.
lab@mxB-1> show route 192.168.x.y
inet.0: 39 destinations, 39 routes (39 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.2.2/32
*[Static/5] 00:00:07
> via gr-1/0/10.0
www.juniper.net
Step 6.3
Review the routes that are installed in your VRF table.
lab@mxB-1> show route table vpn-x
vpn-2.inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.20.0/24
10.0.20.1/32
10.0.21.0/24
172.20.0.0/24
172.20.1.0/24
172.20.2.0/24
172.20.3.0/24
172.20.4.0/24
172.20.5.0/24
172.20.6.0/24
172.20.7.0/24
192.168.12.1/32
192.168.12.2/32
224.0.0.5/32
*[Direct/0] 01:50:17
> via ge-1/0/4.620
*[Local/0] 01:50:17
Local via ge-1/0/4.620
*[BGP/170] 00:05:32, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[OSPF/150] 01:21:04, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 01:21:04, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 01:21:04, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 01:21:04, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[BGP/170] 00:05:32, MED 0, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[BGP/170] 00:05:32, MED 0, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[BGP/170] 00:05:32, MED 0, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[BGP/170] 00:05:32, MED 0, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[OSPF/10] 01:36:00, metric 1
> to 10.0.20.2 via ge-1/0/4.620
*[BGP/170] 00:05:32, MED 1, localpref 100, from 192.168.2.2
AS path: I
> via gr-1/0/10.0, Push 299792
*[OSPF/10] 01:36:50, metric 1
MultiRecv
www.juniper.net
*[Direct/0] 04:00:04
> via ge-1/1/4.620
*[Local/0] 04:00:04
Local via ge-1/1/4.620
*[Static/5] 04:00:07
Reject
*[Static/5] 04:00:07
GRE Tunnel Integration (Detailed) Lab 915
172.20.2.0/24
172.20.3.0/24
192.168.12.1/32
224.0.0.5/32
Reject
*[Static/5] 04:00:07
Reject
*[Static/5] 04:00:07
Reject
*[Direct/0] 04:00:05
> via lo0.1
*[OSPF/10] 01:42:45, metric 1
MultiRecv
Seq
0x80000008
0x80000009
0x80000005
Age
1004
1003
130
Opt
0x22
0x22
0x22
Cksum Len
0x1b92 36
0xd79d 48
0x40c9 32
Seq
0x80000003
0x80000003
0x80000003
0x80000003
Age
1899
1472
1008
545
Opt
0x22
0x22
0x22
0x22
Cksum Len
0xe098 36
0xd5a2 36
0xcaac 36
0xbfb6 36
www.juniper.net
STOP
www.juniper.net
Step 7.2
Navigate to [edit routing-instances vpn-x] and apply the
bgp-to-ospf policy as an export policy to the VRFs OSPF instance. Commit your
configuration and exit to operational mode.
[edit policy-options]
lab@mxB-1# top edit routing-instances vpn-x
[edit routing-instances vpn-2]
lab@mxB-1# set protocols ospf export bgp-to-ospf
[edit routing-instances vpn-2]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 7.3
Review the LSAs that currently exist in the CE routers link state database.
lab@mxB-1> show ospf database instance cex-y
OSPF database, Area 0.0.0.0
Type
ID
Adv Rtr
Router
10.0.20.1
10.0.20.1
Router *192.168.12.1
192.168.12.1
Network *10.0.20.2
192.168.12.1
Summary 192.168.12.2
10.0.20.1
OSPF AS SCOPE link state database
Type
ID
Adv Rtr
Extern
10.0.21.0
10.0.20.1
Extern *172.20.0.0
192.168.12.1
Extern *172.20.1.0
192.168.12.1
Extern *172.20.2.0
192.168.12.1
Extern *172.20.3.0
192.168.12.1
Extern
172.20.4.0
10.0.20.1
Extern
172.20.5.0
10.0.20.1
Extern
172.20.6.0
10.0.20.1
Extern
172.20.7.0
10.0.20.1
Seq
0x8000000d
0x8000000d
0x80000009
0x80000004
Age
1201
1683
826
1576
Opt
0x22
0x22
0x22
0xa2
Cksum Len
0x178f 36
0xcfa1 48
0x38cd 32
0xce53 28
Seq
0x80000005
0x80000008
0x80000007
0x80000007
0x80000007
0x80000005
0x80000005
0x80000004
0x80000004
Age
826
397
2540
2111
1254
451
76
2326
1951
Opt
0xa2
0x22
0x22
0x22
0x22
0xa2
0xa2
0xa2
0xa2
Cksum Len
0xb67f 36
0xd69d 36
0xcda6 36
0xc2b0 36
0xb7ba 36
0x3f51 36
0x345b 36
0x2b64 36
0x206e 36
www.juniper.net
STOP
www.juniper.net
www.juniper.net
Lab 10
BGP Layer 2 VPNs (Detailed)
Overview
In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN)
using LDP signaling between provider edge (PE) routers. Once the virtual LAN
(VLAN)-based Layer 2 VPN is operational, you will configure the customer edge (CE)
routers to run one of several available routing protocols and advertise their static route
and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE routers will not
interact with the routing protocols used on the CE routers.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Add protocol BGP support for the Layer 2 VPN network layer reachability
information (NLRI).
Create and establish a BGP Layer 2 VPN over the core network.
Export your static routes into OSPF and share these routes with the remote
CE network.
Step 1.2
Verify your OSPF and BGP neighborships are established correctly.
lab@mxA-1> show ospf neighbor
Address
Interface
172.22.210.2
ge-1/0/0.210
172.22.211.2
ge-1/0/1.211
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
34
32
www.juniper.net
www.juniper.net
Step 2.2
Verify that LDP is established and has valid neighbors using the following
commands: show ldp session and show ldp neighbor.
lab@mxA-1> show ldp session
Address
State
192.168.5.1
Operational
192.168.5.4
Operational
Connection
Open
Open
Hold time
27
27
www.juniper.net
Label space ID
192.168.5.1:0
192.168.5.4:0
Hold time
13
14
[edit]
lab@mxA-1# edit interfaces
[edit interfaces]
lab@mxA-1# set ge-1/0/4 vlan-tagging
[edit interfaces]
lab@mxA-1# set ge-1/0/4 encapsulation vlan-ccc
[edit interfaces]
lab@mxA-1# set ge-1/0/4 unit 6x0 encapsulation vlan-ccc
[edit interfaces]
lab@mxA-1# set ge-1/0/4 unit 6x0 vlan-id 6x0
[edit interfaces]
lab@mxA-1# commit
commit complete
Step 3.2
Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit
interfaces ge-1/1/4] hierarchy and configure this interfaces properties
following the details provided in the network diagram. Note that both the local and
remote CE router interfaces will be on the same Layer 3 network.
[edit interfaces]
lab@mxA-1# delete ge-1/1/4
[edit interfaces]
lab@mxA-1# edit ge-1/1/4
[edit interfaces ge-1/1/4]
lab@mxA-1# set vlan-tagging
[edit interfaces ge-1/1/4]
lab@mxA-1# set unit 6x0 vlan-id 6x0
[edit interfaces ge-1/1/4]
lab@mxA-1# set unit 6x0 family inet address 10.0.x0.y/24
[edit interfaces ge-1/1/4]
lab@mxA-1# commit
commit complete
www.juniper.net
Step 4.2
Navigate to the [edit routing-instances] hierarchy. Create a new instance
called vpn-x. Configure the instance type as l2vpn.
[edit protocols bgp]
lab@mxA-1# top edit routing-instances
[edit routing-instances]
lab@mxA-1# set vpn-x instance-type l2vpn
Step 4.3
Navigate to the [edit routing-instances vpn-x] hierarchy. Create a route
distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should resemble the following:
192.168.x.y:1.
[edit routing-instances]
lab@mxA-1# edit vpn-x
[edit routing-instances vpn-1]
lab@mxA-1# set route-distinguisher 192.168.x.y:1
www.juniper.net
Step 4.4
Configure your route target. As mentioned earlier, you will be using the
vrf-target option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. The format for
defining you vrf-target is: target:65512:x
[edit routing-instances vpn-1]
lab@mxA-1# set vrf-target target:65512:x
Step 4.5
Include the CE-facing interface in your Layer 2 VPN instance.
[edit routing-instances vpn-1]
lab@mxA-1# set interface ge-1/0/4.6x0
Step 4.6
Navigate to the [edit routing-instances vpn-x protocols l2vpn]
hierarchy. Configure the protocol properties for the BGP Layer 2 VPN. You will be
using the encapsulation type ethernet-vlan. You will configure your site name to
reflect the name of your CE router (cex-y). Please refer to lab diagram to determine
which site identifier you should use. Because we are only dealing with 2 sites, you
will not need to configure the remote site ID. You must also indicate the interface
that will be participating in your BGP Layer 2 VPN. Commit and exit to operational
mode after you have completed your changes.
[edit routing-instances vpn-1]
lab@mxA-1# edit protocols l2vpn
[edit routing-instances vpn-1 protocols l2vpn]
lab@mxA-1# set encapsulation-type ethernet-vlan
[edit routing-instances vpn-1 protocols l2vpn]
lab@mxA-1# set site cex-y site-identifier y
[edit routing-instances vpn-1 protocols l2vpn]
lab@mxA-1# set site cex-y interface ge-1/0/4.6x0
[edit routing-instances vpn-1 protocols l2vpn]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Note
-----------------
cex-y count 5
time=1.291
time=0.540
time=0.578
time=0.541
time=0.566
ms
ms
ms
ms
ms
--- 10.0.10.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.540/0.703/1.291/0.294 ms
STOP
www.juniper.net
Step 5.2
Navigate to the [edit routing-instances cex-y protocols ospf]
hierarchy. Configure your loopback and PE-facing interface under area 0.
[edit policy-options]
lab@mxA-1# top edit routing-instances cex-y protocols ospf
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set area 0 interface ge-1/1/4.6x0
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set area 0 interface lo0.1
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This action will export your static routes to your peer. Commit and exit to operational
mode.
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set export statics
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
www.juniper.net
Note
ID
192.168.11.2
Pri
128
Dead
33
Step 5.5
Review the routes being learned by OSPF and ensure you have the remote
CE routers static routes by issuing the show route protocol ospf table
cex-y.inet.0 command.
lab@mxA-1> show route protocol ospf table cex-y.inet.0
ce1-1.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.10.4.0/24
172.10.5.0/24
172.10.6.0/24
172.10.7.0/24
192.168.11.2/32
224.0.0.5/32
0
0
0
0
www.juniper.net
Step 5.6
Verify you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
lab@mxA-1> ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5
PING 192.168.11.2 (192.168.11.2): 56 data bytes
64 bytes from 192.168.11.2: icmp_seq=0 ttl=64 time=0.577 ms
64 bytes from 192.168.11.2: icmp_seq=1 ttl=64 time=0.551 ms
64 bytes from 192.168.11.2: icmp_seq=2 ttl=64 time=0.585 ms
64 bytes from 192.168.11.2: icmp_seq=3 ttl=64 time=0.582 ms
64 bytes from 192.168.11.2: icmp_seq=4 ttl=64 time=0.532 ms
--- 192.168.11.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.532/0.565/0.585/0.021 ms
STOP
www.juniper.net
www.juniper.net
Lab 11
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
Overview
In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider
edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational,
you will configure the customer edge (CE) routers to run one of several available routing
protocols and advertise their static route and loopback address blocks. Because this is a
Layer 2 circuit, the PE routers will not interact with the routing protocols used on the
CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2
circuit configuration and configure a circuit cross connect (CCC) connection. You will then
verify the connection again from CE to CE.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that will act as your CE router for this lab.
Create and establish an LDP Layer 2 circuit over the core network.
Add OSPF to your CE network and create a neighborship between your local
CE router and the remote CE router.
Export your static routes into OSPF and share these routes with the remote
CE network.
Create and establish a CCC Layer 2 connection over the core network.
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 111
10.a.10.3R1.9
Step 1.2
Verify your OSPF and BGP neighborships are established correctly.
lab@mxA-1> show ospf neighbor
Address
Interface
172.22.210.2
ge-1/0/0.210
172.22.211.2
ge-1/0/1.211
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
34
32
Lab 112 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 113
Step 2.2
Navigate to the [edit protocols ldp] hierarchy and configure an extended
LDP session by adding the loopback interface to the LDP protocol. As mentioned
previously, this will allow LDP to exchange VC labels between the PE routers. Commit
your configuration changes and exit to operational mode.
[edit protocols mpls]
lab@mxA-1# top edit protocols ldp
[edit protocols ldp]
lab@mxA-1# set interface lo0.0
Lab 114 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
Step 2.3
Verify that the LSP has been established and is ready for use.
lab@mxA-1> show mpls lsp ingress
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.1.2
192.168.1.1
Up
0 *
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
pe1-to-pe2-1
Step 2.4
Verify that the inet.3 routing table has been created and contains the RSVP route
to the remote PE router.
lab@mxA-1> show route table inet.3
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.2/32
pe1-to-pe2-1
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 115
Step 3.1
Enter configuration mode and navigate to the [edit interfaces] hierarchy.
Configure the PE to CE interface properties outlined in the lab diagram. You will start
with enabling vlan-tagging for the interface. You will configure the interface to
handle vlan-ccc encapsulation. When you configure the unit, you will also have to
specify the encapsulation for the logical interface. Because you are configuring a
Layer 2 VPN, no Layer 3 information is associated with this interface. Assign the
correct vlan-id value and commit your changes.
lab@mxA-1> configure
Entering configuration mode
[edit]
lab@mxA-1# edit interfaces
[edit interfaces]
lab@mxA-1# set ge-1/0/4 vlan-tagging
[edit interfaces]
lab@mxA-1# set ge-1/0/4 encapsulation vlan-ccc
[edit interfaces]
lab@mxA-1# set ge-1/0/4 unit 6x0 encapsulation vlan-ccc
[edit interfaces]
lab@mxA-1# set ge-1/0/4 unit 6x0 vlan-id 6x0
[edit interfaces]
lab@mxA-1# commit
commit complete
Step 3.2
Delete the current CE interface (ge-1/1/4) configuration. Navigate to the [edit
interfaces ge-1/1/4] hierarchy and configure the interface properties
following the details provided in the network diagram. Note that both the local and
remote CE router interfaces will be on the same Layer 3 network. Commit your
configuration changes.
[edit interfaces]
lab@mxA-1# delete ge-1/1/4
[edit interfaces]
lab@mxA-1# edit ge-1/1/4
[edit interfaces ge-1/1/4]
lab@mxA-1# set vlan-tagging
[edit interfaces ge-1/1/4]
lab@mxA-1# set unit 6x0 vlan-id 6x0
[edit interfaces ge-1/1/4]
lab@mxA-1# set unit 6x0 family inet address 10.0.x0.y/24
Lab 116 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 117
Lab 118 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
cex-y count 5
time=1.291
time=0.540
time=0.578
time=0.541
time=0.566
ms
ms
ms
ms
ms
--- 10.0.10.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.540/0.703/1.291/0.294 ms
STOP
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 119
Step 5.2
Navigate to the [edit routing-instances cex-y protocols ospf]
hierarchy. Configure your loopback and PE-facing interface under area 0.
[edit policy-options]
lab@mxA-1# top edit routing-instances cex-y protocols ospf
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set area 0 interface ge-1/1/4.6x0
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set area 0 interface lo0.1
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This change will export your static routes to your peer. Commit and exit to
operational mode.
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# set export statics
[edit routing-instances ce1-1 protocols ospf]
lab@mxA-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxA-1>
Lab 1110 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
Note
ID
192.168.11.2
Pri
128
Dead
33
Step 5.5
Review the routes being learned by OSPF and ensure that you have the remote
CE routers static routes by issuing the show route protocol ospf table
cex-y.inet.0 command.
lab@mxA-1> show route protocol ospf table cex-y.inet.0
ce1-1.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.10.4.0/24
172.10.5.0/24
172.10.6.0/24
172.10.7.0/24
192.168.11.2/32
224.0.0.5/32
0
0
0
0
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 1111
Step 5.6
Verify that you have reachability to the remote CE network by pinging the remote
CE routers loopback address five times, while sourcing the packets from your local
CE routers loopback address.
lab@mxA-1> ping 192.168.1x.y source 192.168.1x.y routing-instance cex-y count 5
PING 192.168.11.2 (192.168.11.2): 56 data bytes
64 bytes from 192.168.11.2: icmp_seq=0 ttl=64 time=0.577 ms
64 bytes from 192.168.11.2: icmp_seq=1 ttl=64 time=0.551 ms
64 bytes from 192.168.11.2: icmp_seq=2 ttl=64 time=0.585 ms
64 bytes from 192.168.11.2: icmp_seq=3 ttl=64 time=0.582 ms
64 bytes from 192.168.11.2: icmp_seq=4 ttl=64 time=0.532 ms
--- 192.168.11.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.532/0.565/0.585/0.021 ms
STOP
www.juniper.net
Step 6.2
Navigate to the [edit interfaces ge-1/0/5] hierarchy. Configure the PE to
CE interface properties outlined in the lab diagram. You will start with enabling
vlan-tagging for the interface. You will configure the interface to handle
vlan-ccc encapsulation. When you configure the unit, you will also have to specify
the encapsulation for the logical interface. Because we are configuring a Layer 2
connection, no Layer 3 information is associated with this interface. Assign the
correct vlan-tag value and commit your changes
[edit]
lab@mxA-1# edit interfaces ge-1/0/5
[edit interfaces ge-1/0/5]
lab@mxA-1# set vlan-tagging
[edit interfaces ge-1/0/5]
lab@mxA-1# set encapsulation vlan-ccc
[edit interfaces ge-1/0/5]
lab@mxA-1# set unit 6x0 encapsulation vlan-ccc
[edit interfaces ge-1/0/5]
lab@mxA-1# set unit 6x0 vlan-id 6x0
Step 6.3
Navigate to the top of the [edit] hierarchy and issue the command replace
pattern ge-1/1/4 with ge-1/1/5. This action will change all references in
the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used
in the lab diagram. Verify that the interface being applied for the CE routing instance
has been changed. Remember to verify the change also applied to your CE routers
OSPF configuration. When you are satisfied with the change commit your
configuration.
[edit interfaces ge-1/0/5]
lab@mxA-1# top
[edit]
lab@mxA-1# replace pattern ge-1/1/4 with ge-1/1/5
[edit]
lab@mxA-1# show routing-instances cex-y
instance-type virtual-router;
interface ge-1/1/5.610;
interface lo0.1;
routing-options {
static {
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 1113
route
route
route
route
172.10.0.0/24
172.10.1.0/24
172.10.2.0/24
172.10.3.0/24
reject;
reject;
reject;
reject;
}
autonomous-system 65101;
}
protocols {
ospf {
export statics;
area 0.0.0.0 {
interface ge-1/1/5.610;
interface lo0.1;
}
}
}
[edit]
lab@mxA-1# commit
commit complete
Step 6.4
Navigate to the [edit protocols connections] hierarchy and configure a
remote-interface-switch named vpn-x. Assign your PE interface used to
connect to your CE router (ge-1/0/5.6x0) to the interface switch. For the
interface you assign, you have to specify the transmit-lsp lsp-name and the
receive-lsp lsp-name for the traffic to use to get to and from the remote end
of the connection. You will assign the RSVP LSP that you configured in Part 2 as you
transmit LSP and you will assign the LSP that the remote team created as you
receive LSP. If you do not remember the names, you can view them in the output
from the run show mpls lsp command. Commit your configuration changes
and exit to operational mode.
[edit]
lab@mxA-1# edit protocols connections
[edit protocols connections]
lab@mxA-1# run show mpls lsp
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.1.2
192.168.1.1
Up
0 *
Total 1 displayed, Up 1, Down 0
Egress LSP: 2 sessions
To
From
State
192.168.1.1
192.168.1.2
Up
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
pe1-to-pe2-1
www.juniper.net
Note
Connection/Circuit
vpn-1
ge-1/0/5.610
pe1-to-pe2-1
pe2-to-pe1-1
Type
rmt-if
intf
tlsp
rlsp
St
Up
Time last up
Oct 21 22:06:22
# Up trans
12
Up
Up
Up
www.juniper.net
Circuit Cross Connect and LDP Layer 2 Circuits (Detailed) Lab 1115
Step 6.6
Verify that you can ping five times through the CCC circuit you just configured.
lab@mxA-1> ping 10.0.x0.y routing-instance
PING 10.0.10.2 (10.0.10.2): 56 data bytes
64 bytes from 10.0.10.2: icmp_seq=0 ttl=64
64 bytes from 10.0.10.2: icmp_seq=1 ttl=64
64 bytes from 10.0.10.2: icmp_seq=2 ttl=64
64 bytes from 10.0.10.2: icmp_seq=3 ttl=64
64 bytes from 10.0.10.2: icmp_seq=4 ttl=64
cex-y count 5
time=0.573
time=0.505
time=0.505
time=0.608
time=0.547
ms
ms
ms
ms
ms
--- 10.0.10.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.505/0.548/0.608/0.040 ms
ID
192.168.11.2
Pri
128
Dead
32
STOP
Lab 1116 Circuit Cross Connect and LDP Layer 2 Circuits (Detailed)
www.juniper.net
Lab 12
Virtual Private LAN Service (Detailed)
Overview
In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS
between provider edge (PE) routers. You will also configure a virtual switch to act as the
customer edge (CE) router. There will be redundant links between the PE and CE routers
so you will be required to prevent any Layer 2 loops from forming.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the virtual private network (VPN) baseline configuration for your router.
This configuration includes your baseline core configuration including Open
Shortest Path First (OSPF) and BGP. The baseline also contains a virtual router
configuration that will be used to generate data traffic for this lab.
Configure Layer 2 interfaces and apply them to a virtual switch that you will
configure to act as the CE router.
Step 1.2
Verify that your OSPF and BGP neighbor relationships are established correctly.
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
30
37
www.juniper.net
www.juniper.net
Step 2.2
Navigate to the [edit routing-instances] hierarchy and rename the virtual
router routing instance to c-routerx-y. Commit your configuration so far.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# rename cex-y to c-routerx-y
[edit routing-instances]
lab@mxB-1# commit
commit complete
www.juniper.net
Step 3.2
Navigate to the [edit interfaces] hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of flexible-ethernet-services at the physical interface level
and an encapsulation of vlan-bridge at the subinterface level.
[edit interfaces]
lab@mxB-1# set ge-1/0/4 vlan-tagging encapsulation flexible-ethernet-services
[edit interfaces]
lab@mxB-1# set ge-1/0/4 unit 6x0 encapsulation vlan-bridge vlan-id 6x0
[edit interfaces]
lab@mxB-1# set ge-1/1/6 vlan-tagging encapsulation flexible-ethernet-services
[edit interfaces]
lab@mxB-1# set ge-1/1/6 unit 6x0 encapsulation vlan-bridge vlan-id 6x0
[edit interfaces]
lab@mxB-1# set ge-1/1/7 vlan-tagging encapsulation flexible-ethernet-services
[edit interfaces]
lab@mxB-1# set ge-1/1/7 unit 6x0 encapsulation vlan-bridge vlan-id 6x0
Step 3.3
Navigate to the [edit routing-instances ce-vsx-y] and configure a
bridge domain named vlan_6x0 using the appropriate virtual LAN (VLAN) ID. Add
the three Layer 2 interfaces to the new bridge domain. Commit your configuration
and exit to operational mode.
[edit interfaces]
lab@mxB-1# top edit routing-instances ce-vsx-y
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x0 vlan-id 6x0
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x0 interface ge-1/0/4.6x0
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x0 interface ge-1/1/6.6x0
www.juniper.net
Step 3.4
Verify the status of the Layer 2 CE device using the show bridge domain
command.
lab@mxB-1> show bridge domain
Routing instance
ce-vs2-1
Bridge domain
vlan_620
VLAN ID
620
Interfaces
ge-1/0/4.620
ge-1/1/6.620
ge-1/1/7.620
www.juniper.net
Label space ID
192.168.5.1:0
192.168.5.4:0
Hold time
10
11
www.juniper.net
Step 4.3
Use the show ldp database command to determine whether an LSP has been
established from your PE router to the remote PE router. Do not proceed until the
LSP has been established to the remote PE router.
lab@mxB-1> show ldp database
Input label database, 192.168.2.1:0--192.168.5.1:0
Label
Prefix
302896
192.168.2.1/32
302864
192.168.2.2/32
3
192.168.5.1/32
299808
192.168.5.2/32
299856
192.168.5.3/32
299792
192.168.5.4/32
299824
192.168.5.5/32
299840
192.168.5.6/32
Output label database, 192.168.2.1:0--192.168.5.1:0
Label
Prefix
3
192.168.2.1/32
299984
192.168.2.2/32
300000
192.168.5.1/32
300016
192.168.5.2/32
300032
192.168.5.3/32
299936
192.168.5.4/32
299952
192.168.5.5/32
299968
192.168.5.6/32
Input label
Label
301904
301872
299776
299792
299856
3
299808
299840
database, 192.168.2.1:0--192.168.5.4:0
Prefix
192.168.2.1/32
192.168.2.2/32
192.168.5.1/32
192.168.5.2/32
192.168.5.3/32
192.168.5.4/32
192.168.5.5/32
192.168.5.6/32
www.juniper.net
STOP
Step 5.2
Navigate to the [edit routing-instances] hierarchy. Create a new VPLS
instance named vpn-x.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-x instance-type vpls
www.juniper.net
Step 5.3
Navigate to the [edit routing-instances vpn-x] hierarchy. Add the
ge-1/0/6 interface to the routing instance.
[edit routing-instances]
lab@mxB-1# edit vpn-x
[edit routing-instances vpn-2]
lab@mxB-1# set interface ge-1/0/6.6x0
Step 5.4
Create an LDP VPLS using a VPLS ID of x00 and specify the remote PE router as the
neighbor. Commit your configuration and exit to operational mode.
[edit routing-instances vpn-2]
lab@mxB-1# set protocols vpls vpls-id x00 neighbor 192.168.x.y
[edit routing-instances vpn-2]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 5.5
Check the status of the VPLS connection using the show vpls connections
command.
lab@mxB-1> show vpls connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid
NC
EM -- encapsulation mismatch
WE
VC-Dn -- Virtual circuit down
NP
CM -- control-word mismatch
->
CN -- circuit not provisioned
<OR -- out of range
Up
OL -- no outgoing label
Dn
LD -- local site signaled down
CF
RD -- remote site signaled down SC
LN -- local site not designated LM
RN -- remote site not designated RM
XX -- unknown connection status IL
MM -- MTU mismatch
MI
BK -- Backup connection
ST
PF -- Profile parse failure
PB
RS -- remote site standby
SN
-----------------
Type
rmt
St
NP
Time last up
# Up trans
www.juniper.net
Step 5.7
Check the status of the VPLS connection using the show vpls connections
extensive command. Ensure that the remote group has completed the previous
step of the lab.
lab@mxB-1> show vpls connections extensive
Layer-2 VPN connections:
www.juniper.net
-----------------
www.juniper.net
c-routerx-y count 5
time=1.607 ms
time=19.870 ms
time=0.622 ms
time=17.915 ms
time=0.579 ms
--- 10.0.20.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.579/8.119/19.870/8.826 ms
www.juniper.net
Step 5.9
Use the show vpls statistics command to view details of traffic that has
traversed the VPLS.
lab@mxB-1> show vpls statistics
VPLS statistics:
Instance: vpn-2
Local interface: ge-1/0/6.620, Index: 85
Broadcast packets:
1
Broadcast bytes :
60
Multicast packets:
0
Multicast bytes :
0
Flooded packets :
0
Flooded bytes
:
0
Unicast packets :
5
Unicast bytes
:
510
Current MAC count:
1 (Limit 1024)
Local interface: vt-1/0/10.1050881, Index: 87
Remote PE: 192.168.2.2
Broadcast packets:
0
Broadcast bytes :
0
Multicast packets:
0
Multicast bytes :
0
Flooded packets :
0
Flooded bytes
:
0
Unicast packets :
6
Unicast bytes
:
570
Current MAC count:
1
www.juniper.net
Step 6.2
Navigate to the [edit routing-instances] hierarchy. Add the ge-1/0/7
interface to the VPLS. Commit your configuration and exit to operational mode.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-x interface ge-1/0/7.6x0
[edit routing-instances]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 6.3
Be aware that you have now created a Layer 2 loop between the PE and CE routers!
Verify with the show vpls connections extensive command that the new
interface has been added to the VPLS.
lab@mxB-1> show vpls connections extensive
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid
NC
EM -- encapsulation mismatch
WE
VC-Dn -- Virtual circuit down
NP
CM -- control-word mismatch
->
CN -- circuit not provisioned
<OR -- out of range
Up
OL -- no outgoing label
Dn
LD -- local site signaled down
CF
RD -- remote site signaled down SC
LN -- local site not designated LM
RN -- remote site not designated RM
XX -- unknown connection status IL
MM -- MTU mismatch
MI
BK -- Backup connection
ST
PF -- Profile parse failure
PB
RS -- remote site standby
SN
-----------------
www.juniper.net
www.juniper.net
Step 6.6
In the vpn-x-l2control instance, configure MSTP to run on the ge-1/0/6 and
ge-1/0/7 interfaces. Set the MSTP configuration name to vpn-x and the revision
level to 1.
[edit routing-instances]
lab@mxB-1# set vpn-x-l2control protocols mstp configuration-name vpn-x
revision-level 1
[edit routing-instances]
lab@mxB-1# set vpn-x-l2control protocols mstp interface ge-1/0/6
[edit routing-instances]
lab@mxB-1# set vpn-x-l2control protocols mstp interface ge-1/0/7
Step 6.7
In the ce-vsx-y virtual switch instance, configure MSTP to run on the ge-1/1/6
and ge-1/1/7 interfaces. Set the MSTP configuration name to vpn-x and the
revision level to 1. Commit your configuration and exit to operational mode.
[edit routing-instances]
lab@mxB-1# set ce-vsx-y protocols mstp interface ge-1/1/6
[edit routing-instances]
lab@mxB-1# set ce-vsx-y protocols mstp interface ge-1/1/7
[edit routing-instances]
lab@mxB-1# set ce-vsx-y protocols mstp configuration-name vpn-x revision-level
1
Lab 1218 Virtual Private LAN Service (Detailed)
www.juniper.net
[edit routing-instances]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 6.8
Use the show spanning tree interface for both the virtual switch and the
Layer 2 control instance to determine which interfaces are in the FWD (forwarding)
state and which interfaces are in the BLK (blocking) state.
lab@mxB-1> show spanning-tree interface routing-instance ce-vsx-y
Spanning tree interface parameters for instance 0
Interface
ge-1/1/6
ge-1/1/7
Port ID
128:57
128:58
Designated
port ID
128:47
128:48
Designated
bridge ID
32768.80711fc307d1
32768.80711fc307d1
Port
Cost
20000
20000
State
Role
FWD
BLK
ROOT
ALT
Port ID
128:47
128:48
Designated
port ID
128:47
128:48
Designated
bridge ID
32768.80711fc307d1
32768.80711fc307d1
Port
Cost
20000
20000
State
Role
FWD
FWD
DESG
DESG
www.juniper.net
Step 6.9
Verify that a Layer 2 loop has been removed from the network by issuing the
command, ping 10.0.x0.255 routing-instance c-routerx-y count
5.
lab@mxB-1> ping 10.0.20.255 routing-instance c-router2-1 count 5
PING 10.0.20.255 (10.0.20.255): 56 data bytes
64 bytes from 10.0.20.2: icmp_seq=0 ttl=64 time=0.781 ms
64 bytes from 10.0.20.2: icmp_seq=1 ttl=64 time=7.309 ms
64 bytes from 10.0.20.2: icmp_seq=2 ttl=64 time=0.551 ms
64 bytes from 10.0.20.2: icmp_seq=3 ttl=64 time=0.644 ms
64 bytes from 10.0.20.2: icmp_seq=4 ttl=64 time=0.578 ms
--- 10.0.20.255 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.551/1.973/7.309/2.669 ms
STOP
www.juniper.net
[edit interfaces]
lab@mxB-1# set ge-1/1/4 unit 6x1 vlan-id 6x1
[edit interfaces]
lab@mxB-1# set ge-1/1/4 unit 6x1 family inet address 10.0.x1.y/24
Step 7.2
Navigate to the [edit routing-instances] hierarchy and add the
ge-1/1/4.6x1 interface to the virtual router. Commit your configuration so far.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set c-routerx-y interface ge-1/1/4.6x1
[edit routing-instances]
lab@mxB-1# commit
commit complete
www.juniper.net
Step 8.2
Navigate to the [edit routing-instances ce-vsx-y] and configure a
bridge domain named vlan_6x1 using the appropriate VLAN ID. Add the three
Layer 2 interfaces to the new bridge domain. Commit your configuration and exit to
operational mode.
[edit interfaces]
lab@mxB-1# top edit routing-instances ce-vsx-y
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x1 vlan-id 6x1
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x1 interface ge-1/0/4.6x1
[edit routing-instances ce-vs2-1]
lab@mxB-1# set bridge-domains vlan_6x1 interface ge-1/1/8.6x1
[edit routing-instances ce-vs2-1
lab@mxB-1# set bridge-domains vlan_6x1 interface ge-1/1/9.6x1
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 8.3
Verify the status of the Layer 2 CE device using the show bridge domain
command.
lab@mxB-1> show bridge domain
Routing instance
ce-vs2-1
Bridge domain
vlan_620
VLAN ID
620
Interfaces
ge-1/0/4.620
ge-1/1/6.620
ge-1/1/7.620
ce-vs2-1
vlan_621
621
ge-1/0/4.621
ge-1/1/8.621
ge-1/1/9.621
vpn-2
__vpn-2__
NA
ge-1/0/6.620
ge-1/0/7.620
vt-1/0/10.1052416
www.juniper.net
Part 9: Configuring a BGP VPLS with Redundant Links between CE and PE Routers
In this lab part, you will configure a BGP VPLS instance. You will include the
ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a
Layer 2 loop from forming, your will use the active-interface command.
Step 9.1
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your PE router to PE router BGP session to support l2vpn
signaling.
[edit]
lab@mxB-1# edit protocols bgp
[edit protocols bgp]
lab@mxB-1# set group my-int-group family l2vpn signaling
Step 9.2
Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/8 and
ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.
[edit protocols bgp]
lab@mxB-1# top edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/8 vlan-tagging encapsulation vlan-vpls unit 6x1 vlan-id
6x1
[edit interfaces]
lab@mxB-1# set ge-1/0/8 unit 6x1 encapsulation vlan-vpls
[edit interfaces]
lab@mxB-1# set ge-1/0/9 vlan-tagging encapsulation vlan-vpls unit 6x1 vlan-id
6x1
[edit interfaces]
lab@mxB-1# set ge-1/0/9 unit 6x1 encapsulation vlan-vpls
www.juniper.net
Step 9.3
Navigate to the [edit routing-instances] hierarchy. Create a new VPLS
instance named vpn-x1.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-x1 instance-type vpls
Step 9.4
Navigate to the [edit routing-instances vpn-x1] hierarchy. Add the
ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.
[edit routing-instances]
lab@mxB-1# edit vpn-x1
[edit routing-instances vpn-21]
lab@mxB-1# set interface ge-1/0/8.6x1
[edit routing-instances vpn-21]
lab@mxB-1# set interface ge-1/0/9.6x1
Step 9.5
Configure a route target community of target:65512:x00 for the VPLS.
[edit routing-instances vpn-21]
lab@mxB-1# set vrf-target target:65512:x00
Step 9.6
Create a BGP VPLS naming the site after your CE, ce-vsx-y, and specify a site ID
that matches the y value of the CE router name. Commit your configuration and exit
to operational mode.
[edit routing-instances vpn-21]
lab@mxB-1# set protocols vpls site ce-vsx-y site-identifier y
[edit routing-instances vpn-21]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 9.7
Verify that there is a Layer 2 loop in the network by issuing the command, ping
10.0.x1.255 routing-instance c-routerx-y count 5.
lab@mxB-1> ping 10.0.21.255 routing-instance c-router2-1
PING 10.0.21.255 (10.0.21.255): 56 data bytes
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1284.211
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1284.590
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1284.641
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1284.830
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1284.898
64 bytes from 10.0.21.1: icmp_seq=0 ttl=64 time=1285.086
Lab 1224 Virtual Private LAN Service (Detailed)
count 5
ms
ms
ms
ms
ms
ms
(DUP!)
(DUP!)
(DUP!)
(DUP!)
(DUP!)
www.juniper.net
64 bytes
64 bytes
...
64 bytes
64 bytes
64 bytes
64 bytes
10.0.21.1:
10.0.21.1:
10.0.21.1:
10.0.21.1:
icmp_seq=0
icmp_seq=0
icmp_seq=3
icmp_seq=4
ttl=64
ttl=64
ttl=64
ttl=64
time=4394.511
time=4394.551
time=2291.676
time=1290.807
ms (DUP!)
ms (DUP!)
ms (DUP!)
ms
--- 10.0.21.255 ping statistics --5 packets transmitted, 5 packets received, +552 duplicates, 0% packet loss
round-trip min/avg/max/stddev = 1284.211/2298.017/4394.551/961.959 ms
www.juniper.net
Step 9.9
Check the status of the VPLS connection using the show vpls connections
extensive command. Ensure that the remote group has completed the previous
step of the lab.
lab@mxB-1> show vpls connections extensive
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid
NC
EM -- encapsulation mismatch
WE
VC-Dn -- Virtual circuit down
NP
CM -- control-word mismatch
->
CN -- circuit not provisioned
<OR -- out of range
Up
OL -- no outgoing label
Dn
LD -- local site signaled down
CF
RD -- remote site signaled down SC
LN -- local site not designated LM
RN -- remote site not designated RM
XX -- unknown connection status IL
MM -- MTU mismatch
MI
BK -- Backup connection
ST
PF -- Profile parse failure
PB
RS -- remote site standby
SN
-----------------
www.juniper.net
www.juniper.net
Step 9.11
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer routers ge-1/1/4 address. You will send five packets for this test. This
task can be accomplished using the following command: ping 10.0.x1.y
routing-instance c-routerx-y count 5.
lab@mxB-1> ping 10.0.x0.y routing-instance
PING 10.0.21.2 (10.0.21.2): 56 data bytes
64 bytes from 10.0.21.2: icmp_seq=0 ttl=64
64 bytes from 10.0.21.2: icmp_seq=1 ttl=64
64 bytes from 10.0.21.2: icmp_seq=2 ttl=64
64 bytes from 10.0.21.2: icmp_seq=3 ttl=64
64 bytes from 10.0.21.2: icmp_seq=4 ttl=64
c-routerx-y count 5
time=1.811
time=0.645
time=0.572
time=0.623
time=0.584
ms
ms
ms
ms
ms
--- 10.0.21.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.572/0.847/1.811/0.483 ms
www.juniper.net
Step 9.14
Check the status of the VPLS connection using the show vpls connections
extensive command.
lab@mxB-1> show vpls connections extensive
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid
NC
EM -- encapsulation mismatch
WE
VC-Dn -- Virtual circuit down
NP
CM -- control-word mismatch
->
CN -- circuit not provisioned
<OR -- out of range
Up
OL -- no outgoing label
Dn
LD -- local site signaled down
CF
RD -- remote site signaled down SC
LN -- local site not designated LM
RN -- remote site not designated RM
XX -- unknown connection status IL
MM -- MTU mismatch
MI
BK -- Backup connection
ST
Lab 1230 Virtual Private LAN Service (Detailed)
---------------
PB -- Profile busy
SN -- Static Neighbor
c-routerx-y count 5
time=0.960
time=4.492
time=0.678
time=0.619
time=0.644
ms
ms
ms
ms
ms
--- 10.0.21.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.619/1.479/4.492/1.512 ms
STOP
www.juniper.net
Lab 13
Carrier-of-Carrier VPNs (Detailed)
Overview
In this lab you, will establish a BGP virtual private LAN service (VPLS) between two
provider edge (PE) routers that belong to different autonomous systems (ASs).
Carrier-of-carrier virtual private networks (VPNs) option C will be used to provide the PE to
PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from the
provider PE routers to pass customer internal routes between ASs. You will also use
labeled-unicast address family when passing routes between the provider PE router
and the customer CE routers. Finally, you will configure the customer CE routers to pass
any learned routes from the provider (remote customer site routes) to the customer
PE router using the labeled-unicast address family.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a virtual router configuration that you will delete.
Configure a bidirectional LSP between the provider PE routers and between the
customer PE and CE.
Configure a multihop EBGP session between the customer CE routers using the
l2vpn address family.
Step 1.2
Delete any routing-instances, delete interface ge-1/1/4, and delete unit 1 of
interface lo0. Commit your configuration and exit to operational mode.
[edit]
lab@mxB-1# delete routing-instances
[edit]
lab@mxB-1# delete interfaces ge-1/1/4
[edit]
lab@mxB-1# delete interfaces lo0 unit 1
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 1.3
Verify that your OSPF and BGP neighbor relationships are established correctly.
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
192.168.5.1
192.168.5.4
Pri
128
128
Dead
30
37
Pending
0
0
www.juniper.net
Peer
AS
InPkt
State|#Active/Received/Accepted/Damped...
192.168.2.2
65512
264
Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 0/0/0/0
OutPkt
OutQ
259
1:52:47
Step 2.2
Navigate to the [edit routing-instances] hierarchy. Configure a virtual
router routing-instance named s-cey.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set s-cey instance-type virtual-router
Step 2.3
Add the ge-1/1/6 interfaces to the s-cey routing instances. Commit your
configuration and exit to operation mode.
www.juniper.net
[edit routing-instances]
lab@mxB-1# set s-cey interface ge-1/1/6.6x0
[edit routing-instances]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 2.4
Verify that the ge-1/1/6 interface is operational and configured with the correct
properties by viewing the routing table of the s-cey virtual router.
lab@mxB-1> show route table s-cey
s-ce1.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.51.0/24
10.0.51.1/32
*[Direct/0] 00:00:11
> via ge-1/1/6.620
*[Local/0] 00:00:11
Local via ge-1/1/6.620
Step 3.2
Use the show mpls lsp command to determine whether the LSP has been
established from your provider PE router to the remote provider PE router. Do not
proceed until the LSP has been established to the remote PE router.
lab@mxB-1> show mpls lsp
Ingress LSP: 1 sessions
To
From
State Rt P
192.168.2.2
192.168.2.1
Up
0 *
Total 1 displayed, Up 1, Down 0
ActivePath
LSPname
p-pe1-to-p-pe2
...
STOP
www.juniper.net
Step 4.2
Navigate to the [edit routing-instances] hierarchy. Create a new Layer 3
VPN instance named vpn-to-extend-lsp.
[edit interfaces]
lab@mxB-1# top edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-to-extend-lsp instance-type vrf
Step 4.3
Navigate to the [edit routing-instances vpn-to-extend-lsp]
hierarchy. Add the ge-1/0/4 interface to the routing instance and specify a route
target community of target:65512:x00.
[edit routing-instances]
lab@mxB-1# edit vpn-to-extend-lsp
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set interface ge-1/0/4.0
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set vrf-target target:65512:x00
Step 4.4
Within the vpn-to-extend-lsp routing instance, configure an MP-EBGP session
using the labeled-unicast address family between the provider PE router and
your customer CE router. Remember that the session will not establish because you
have not configured the customer CE router yet. Commit your configuration so far.
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set protocols bgp group customer peer-as 65x0y
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set protocols bgp group customer type external
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set protocols bgp group customer neighbor 10.0.2y.2
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# set protocols bgp group customer family inet labeled-unicast
[edit routing-instances vpn-to-extend-lsp]
lab@mxB-1# commit
error: [ edit routing-instances vpn-to-extend-lsp ]
Carrier's carrier - Interface ge-1/0/4.0 or keyword "all"
must be enabled under [ edit protocols mpls ] section
error: configuration check-out failed
www.juniper.net
www.juniper.net
[edit protocols]
lab@mxB-1# top edit logical-systems c-cey
[edit logical-systems c-ce1]
lab@mxB-1# set interfaces ge-1/1/4 unit 0 family inet address 10.0.2y.2/24
[edit logical-systems c-ce1]
lab@mxB-1# set interfaces ge-1/1/4 unit 0 family mpls
[edit logical-systems c-ce1]
lab@mxB-1# set interfaces ge-1/0/5 unit 0 family inet address 10.0.y0.1/24
[edit logical-systems c-ce1]
lab@mxB-1# set interfaces ge-1/0/5 unit 0 family mpls
Step 5.2
Configure interface lo0.1 with the IP address listed on the lab diagram.
[edit logical-systems c-ce1]
lab@mxB-1# set interfaces lo0 unit 1 family inet address 192.168.1x.y
Step 5.3
Navigate to the [edit logical-systems c-cey routing-options]
hierarchy. Configure the AS number for the customer CE router.
[edit logical-systems c-ce1]
lab@mxB-1# edit routing-options
[edit logical-systems c-ce1 routing-options]
lab@mxB-1# set autonomous-system 65x0y
Step 5.4
Navigate to the [edit logical-systems c-cey protocols] hierarchy.
Configure ge-1/0/4 and ge-1/0/5 to run the MPLS protocol.
[edit logical-systems c-ce1 routing-options]
lab@mxB-1# up
[edit logical-systems c-ce1]
lab@mxB-1# edit protocols
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set mpls interface ge-1/1/4.0
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set mpls interface ge-1/0/5.0
Step 5.5
Configure ge-1/0/5 to run the LDP protocol.
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set ldp interface ge-1/0/5.0
www.juniper.net
Step 5.6
Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set ospf area 0 interface lo0.1
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set ospf area 0 interface ge-1/1/4.0 passive
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set ospf area 0 interface ge-1/0/5.0
Step 5.7
Configure an MP-IBGP session using the labeled-unicast address family
between the customer CE router and the customer PE router. Remember that the
session will not establish because you have not configured the customer PE router
yet.
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group int type internal local-address 192.168.1x.y
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group int type internal family inet labeled-unicast
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group int type internal neighbor 192.168.1x.y
Step 5.8
Configure an MP-EBGP session using the labeled-unicast address family
between the customer CE router and the provider PE router.
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group ext type external peer-as 65512
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group ext family inet labeled-unicast
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group ext neighbor 10.0.2y.1
Step 5.9
Navigate to the [edit logical-systems c-cey policy-options]
hierarchy. Create a policy named internals, which will be used to advertise all of
the loopback addresses from the local customer AS.
[edit logical-systems c-ce1 protocols]
lab@mxB-1# up
[edit logical-systems c-ce1]
lab@mxB-1# edit policy-options
[edit logical-systems c-ce1 policy-options]
lab@mxB-1# set policy-statement internals term 10 from route-filter
192.168.1x.y exact
www.juniper.net
Step 5.10
Navigate to the [edit logical-systems c-cey protocols] hierarchy.
Apply the internals policy as an export policy to the provider PE neighbor.
Commit your configuration and exit to operational mode.
[edit logical-systems c-ce1 policy-options]
lab@mxB-1# up
[edit logical-systems c-ce1]
lab@mxB-1# edit protocols
[edit logical-systems c-ce1 protocols]
lab@mxB-1# set bgp group ext export internals
[edit logical-systems c-ce1 protocols]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 5.11
Use the show mpls interface logical-system c-cey command to verify
that MPLS has been enabled on the correct interfaces on the customer CE router.
lab@mxB-1> show mpls interface logical-system c-cey
Interface
State
Administrative groups
ge-1/0/5.0
Up
<none>
ge-1/1/4.0
Up
<none>
Next hello
3
BDR ID
0.0.0.0
0.0.0.0
0.0.0.0
Nbrs
0
0
0
www.juniper.net
STOP
www.juniper.net
Step 6.2
Configure interface lo0.2 with the IP address listed on the lab diagram.
[edit logical-systems c-pe1]
lab@mxB-1# set interfaces lo0 unit 2 family inet address 192.168.1x.y
Step 6.3
Navigate to the [edit logical-systems c-pey routing-options]
hierarchy. Configure the AS number for the customer PE router.
[edit logical-systems c-pe1]
lab@mxB-1# edit routing-options
[edit logical-systems c-pe1 routing-options]
lab@mxB-1# set autonomous-system 65x0y
Step 6.4
Navigate to the [edit logical-systems c-pey protocols] hierarchy.
Configure ge-1/1/5 to run the MPLS protocol.
[edit logical-systems c-pe1 routing-options]
lab@mxB-1# up
[edit logical-systems c-pe1]
lab@mxB-1# edit protocols
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set mpls interface ge-1/1/5.0
www.juniper.net
Step 6.5
Configure ge-1/1/5 to run the LDP protocol.
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set ldp interface ge-1/1/5.0
Step 6.6
Configure OSPF (Area 0) on the lo0.2 and ge-1/1/5 interfaces.
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set ospf area 0 interface lo0.2
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set ospf area 0 interface ge-1/1/5.0
Step 6.7
Configure an MP-IBGP session using the labeled-unicast address family
between the customer PE router and the customer CE router. Commit your
configuration and exit to operational mode.
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group int type internal local-address 192.168.1x.y
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group int type internal family inet labeled-unicast
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group int type internal neighbor 192.168.1x.y
[edit logical-systems c-pe1 protocols]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 6.8
Use the show mpls interface logical-system c-pey command to verify
that MPLS has been enabled on the correct interfaces on the customer PE router.
lab@mxB-1> show mpls interface logical-system c-pey
Interface
State
Administrative groups
ge-1/1/5.0
Up
<none>
www.juniper.net
Step 6.9
Use the show ospf neighbor logical-system c-pey command to verify
that an OSPF adjacency exists with the customer CE router.
lab@mxB-1> show ospf neighbor logical-system c-pey
Address
Interface
State
ID
10.0.50.1
ge-1/1/5.0
Full
192.168.12.1
Pri
128
Dead
33
www.juniper.net
Step 6.11
Use the show bgp summary logical-system c-pey command to verify that
a BGP neighbor relationship has been established with the customer CE router.
lab@mxB-1> show bgp summary logical-system c-pey
Groups: 1 Peers: 1 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
Pending
inet.0
2
2
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.12.1
65201
5
4
0
0
35 Establ
inet.0: 2/2/2/0
STOP
192.168.12.2/32
192.168.12.4/32
www.juniper.net
www.juniper.net
www.juniper.net
Step 7.3
Use the show route protocol bgp logical-system c-pey command to
view the BGP routes that have been learned from the remote AS.
lab@mxB-1> show route protocol bgp logical-system c-pey
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.21.0/24
192.168.12.2/32
192.168.12.4/32
192.168.12.2/32
192.168.12.4/32
STOP
www.juniper.net
Step 8.2
Navigate to the [edit logical-systems c-pey protocols] hierarchy.
Configure a multihop EBGP session with the remote PE router using loopback
addresses for peering and the l2vpn signaling address family.
[edit chassis]
lab@mxB-1# top edit logical-systems c-pey protocols
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group ext type external multihop
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group ext local-address 192.168.1x.y peer-as 65x0y neighbor
192.168.1x.y
[edit logical-systems c-pe1 protocols]
lab@mxB-1# set bgp group ext family l2vpn signaling
Step 8.3
Navigate to the [edit interfaces] hierarchy. Configure the ge-1/0/6 to allow
for vlan-tagging and an encapsulation of vlan-vpls. Do not specify any
logical interface properties at this hierarchy.
[edit logical-systems c-pe1 protocols]
lab@mxB-1# top edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/6 vlan-tagging
[edit interfaces]
lab@mxB-1# set ge-1/0/6 encapsulation vlan-vpls
www.juniper.net
Step 8.4
Navigate to the [edit logical-systems c-pey interfaces] hierarchy.
Configure ge-1/0/6 unit 6x0 to be used as the subscriber CE router-facing
interfaces for the VPLS.
[edit interfaces]
lab@mxB-1# top edit logical-systems c-pey interfaces
[edit logical-systems c-pe1 interfaces]
lab@mxB-1# set ge-1/0/6 unit 6x0 vlan-id 6x0
[edit logical-systems c-pe1 interfaces]
lab@mxB-1# set ge-1/0/6 unit 6x0 encapsulation vlan-vpls
Step 8.5
Navigate to the [edit logical-systems c-pey routing-instances]
hierarchy. Create a new VPLS instance called vpn-x.
[edit logical-systems c-pe1 interfaces]
lab@mxB-1# up
[edit logical-systems c-pe1]
lab@mxB-1# edit routing-instances
[edit logical-systems c-pe1 routing-instances]
lab@mxB-1# set vpn-x instance-type vpls
Step 8.6
Navigate to the [edit logical-systems c-pey routing-instances
vpn-x] hierarchy. Add the ge-1/0/6 interface to the routing instance.
[edit logical-systems c-pe1 routing-instances]
lab@mxB-1# edit vpn-x
[edit logical-systems c-pe1 routing-instances vpn-2]
lab@mxB-1# set interface ge-1/0/6.6x0
Step 8.7
Configure a route target community of target:65x01:x00 for the VPLS.
[edit logical-systems c-pe1 routing-instances vpn-2]
lab@mxB-1# set vrf-target target:65x01:x00
Step 8.8
Configure a route distinguisher using the loopback of the customer PE router.
[edit logical-systems c-pe1 routing-instances vpn-2]
lab@mxB-1# set route-distinguisher 192.168.1x.y:1
www.juniper.net
Step 8.9
Create a BGP VPLS, naming the site after the subscriber CE router, s-cey, and
specifying a site ID that matches the y value of the site name. Commit your
configuration and exit to operational mode.
[edit logical-systems c-pe1 routing-instances vpn-2]
lab@mxB-1# set protocols vpls site s-cey site-identifier y
[edit logical-systems c-pe1 routing-instances vpn-2]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 8.10
Check the status of the VPLS connection using the show vpls connections
extensive logical-systems c-pey command. Ensure that the remote
group has completed the previous step of the lab.
lab@mxB-1> show vpls connections extensive logical-system c-pey
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid
NC
EM -- encapsulation mismatch
WE
VC-Dn -- Virtual circuit down
NP
CM -- control-word mismatch
->
CN -- circuit not provisioned
<OR -- out of range
Up
OL -- no outgoing label
Dn
LD -- local site signaled down
CF
RD -- remote site signaled down SC
LN -- local site not designated LM
RN -- remote site not designated RM
XX -- unknown connection status IL
MM -- MTU mismatch
MI
BK -- Backup connection
ST
PF -- Profile parse failure
PB
RS -- remote site standby
SN
-----------------
s-cey count 5
time=0.813
time=0.662
time=0.636
time=0.646
time=0.644
ms
ms
ms
ms
ms
--- 10.0.51.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.636/0.680/0.813/0.067 ms
STOP
www.juniper.net
A2 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A3
A4 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A5
A6 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A7
A8 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A9
www.juniper.net
www.juniper.net
www.juniper.net