LY
SE
12.a
TE
R
AL
IN
N
LY
The information in this document has been carefully verified and is believed to be accurate for software Release 12.3R2.5. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary,
incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
SE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
IN
TE
R
AL
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
N
LY
Lab 4:
SE
Lab 5:
AL
TE
R
IN
Lab 6:
Contents iii
Lab 7:
Lab 8:
Lab 9:
N
LY
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . .8-2
Part 2: Verifying CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-9
Part 3: Configuring the PE to CE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Part 4: Configuring Two Layer 3 VPN Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
Part 5: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . 8-19
Part 6: Implementing Route Target Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31
Part 7: Configuring Internet Access Using a Non-VRF Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
IN
TE
R
AL
SE
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . .9-2
Part 2: Verifying CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
Part 4: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
Part 5: Configuring OSPF Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . 9-15
Part 6: Establishing a GRE Tunnel Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20
Part 7: Creating and Adding a Static Route to inet.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-21
Part 8: Redistributing BGP Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26
iv Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, BGP Layer 2 VPNs,
LDP Layer 2 Circuits, and virtual private LAN service (VPLS). This course also covers Junos
operating system-specific implementations of Layer 2 control instances and active interface for
VPLS.
Objectives
N
LY
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations. This course uses Juniper Networks MX Series
3D Universal Edge Routers for the hands-on component, but the lab environment does not
preclude the course from being applicable to other Juniper hardware platforms running the
Junos OS. This course is based on the Junos OS Release 12.3R2.5.
Explain the two label distribution protocols used by the Junos OS.
Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
SE
Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
Describe the CSPF algorithm and its path selection process.
Describe administrative groups and how they can be used to influence path selection.
AL
IN
TE
R
www.juniper.net
Describe how SRLG changes the CSPF algorithm when computing the path of a
secondary LSP.
Explain how extended admin groups can be used to influence path selection.
Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer
Edge (CE) routers.
Create a routing instance, assign interfaces, create routes, and import and export
routes within the routing instance using route distinguishers and route targets.
Explain the purpose of BGP extended communities and how to configure and use
these communities.
Explain the issues with the support of traffic originating on multi-access VPN routing
and forwarding table (VRF table) interfaces.
Describe the three methods for providing Layer 3 VPN customers with Internet access.
Describe how the auto-export command and routing table groups can be used to
support communications between sites attached to a common PE router.
AL
SE
N
LY
Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security
(IPsec) tunnels in Layer 3 VPNs.
IN
TE
R
vi Course Overview
Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.
Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.
Configure a BGP Layer 2 VPN and describe the benefits and requirements of
over-provisioning.
Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.
Describe the flow of control and data traffic for an LDP Layer 2 circuit.
Explain the purpose of the PE device, the CE device, and the P device.
www.juniper.net
Troubleshoot VPLS.
N
LY
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Prerequisites
IN
TE
R
AL
SE
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also attend
the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos
Service Provider Switching (JSPX) courses prior to attending this class.
www.juniper.net
Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: MPLS Fundamentals
MPLS Fundamentals Lab
Chapter 3: Label Distribution Protocols
Label Distribution Protocols Lab
N
LY
Day 2
Chapter 5: Traffic Protection and LSP Optimization
Chapter 6: Fate Sharing
Fate Sharing Lab
Miscellaneous MPLS Features
SE
Chapter 7:
Day 3
AL
TE
R
Day 4
IN
www.juniper.net
Day 5
Chapter 18: VPLS Configuration
VPLS Lab
Chapter 19: Interprovider VPNs
Carrier-of-Carriers VPNs Lab
Appendix A: Multicast VPNs
IN
TE
R
AL
SE
N
LY
MVPN Lab
www.juniper.net
Course Agenda ix
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
N
LY
Style
Screen captures
commit complete
Noncommand-related
syntax
Menu names
Text field entry
SE
You will also frequently see cases where you must enter input text yourself. Often these instances
will be shown in the context of where you must enter them. We use bold style to distinguish text
that is input versus text that is simply displayed.
Style
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
CLI Input
AL
Normal GUI
TE
R
GUI Input
IN
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
GUI Undefined
x Document Conventions
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
N
LY
The Junos MPLS and VPNs Detailed Lab Guide was developed and tested using software Release
12.3R2.5. Previous and later versions of software might behave differently so you should always
consult the documentation and release notes for the version of code you are running before
reporting errors.
This document is written and maintained by the Juniper Networks Education Services development
team. Please send questions and suggestions for improvement to training@juniper.net.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
SE
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
IN
TE
R
AL
www.juniper.net
Additional Information xi
N
LY
O
SE
U
AL
N
TE
R
IN
xii Additional Information
www.juniper.net
Lab
N
LY
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
SE
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
IN
TE
R
AL
www.juniper.net
N
LY
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
SE
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
SE
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab1-start.config and commit.
mxA-1 (ttyp0)
AL
login: lab
Password:
TE
R
IN
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1#
Step 1.5
Navigate to the [edit interfaces] hierarchy level. Refer to the network
diagram and configure the interfaces for your assigned device. Use the virtual local
area network (VLAN) ID as the logical unit value for the tagged interface. Use logical
unit 0 for all other interfaces. Remember to configure the loopback interface!
www.juniper.net
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 vlan-tagging
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit vlan-id vlan-id
[edit interfaces]
lab@mxB-1# set ge-1/0/1 vlan-tagging
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit vlan-id vlan-id
N
LY
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family inet address address/24
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family inet address address/24
SE
[edit interfaces]
lab@mxB-1# set lo0 unit 0 family inet address address/32
[edit interfaces]
lab@mxB-1#
Step 1.6
AL
Display the interface configuration and ensure that it matches the details outlined
on the network diagram for this lab. When you are comfortable with the interface
configuration, issue the commit-and-quit command to activate the
configuration and return to operational mode.
IN
TE
R
[edit interfaces]
lab@mxB-1# show
ge-1/0/0 {
vlan-tagging;
unit 220 {
vlan-id 220;
family inet {
address 172.22.220.1/24;
}
}
}
ge-1/0/1 {
vlan-tagging;
unit 221 {
vlan-id 221;
family inet {
address 172.22.221.1/24;
}
}
}
fxp0 {
description "MGMT INTERFACE - DO NOT DELETE";
Lab 14 MPLS Fundamentals (Detailed)
www.juniper.net
unit 0 {
family inet {
address 10.210.15.3/27;
}
}
N
LY
}
lo0 {
unit 0 {
family inet {
address 193.168.2.1/32;
}
}
}
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
SE
Step 1.7
Issue the show interfaces terse command to verify the current state of the
recently configured interfaces.
Remote
IN
TE
R
AL
ge-1/1/1
ge-1/1/2
ge-1/1/3
ge-1/1/4
ge-1/1/5
ge-1/1/6
ge-1/1/7
ge-1/1/8
ge-1/1/9
cbp0
demux0
dsc
em0
em0.0
up
up
up
up
up
up
up
up
up
up
up
up
up
up
down
up
up
up
up
up
up
up
up
up
up
up
up
up
inet
tnp
10.0.0.4/8
128.0.0.1/2
128.0.0.4/2
fe80::200:ff:fe00:4/64
fec0::a:0:0:4/64
0x4
inet
10.210.15.3/27
SE
inet
inet
inet
193.168.2.1
127.0.0.1
down
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
--> 0/0
--> 0/0
TE
R
AL
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
up
inet6
em1
fxp0
fxp0.0
gre
ipip
irb
lo0
lo0.0
lo0.16384
lo0.16385
lsi
me0
me0.0
mtun
pimd
pime
pip0
pp0
tap
N
LY
IN
Step 1.8
Issue the show route command to view the current route entries.
www.juniper.net
10.210.15.3/32
172.22.220.0/24
172.22.220.1/32
172.22.221.0/24
172.22.221.1/32
193.168.2.1/32
*[Direct/0] 21:24:43
> via fxp0.0
*[Local/0] 21:24:43
Local via fxp0.0
*[Direct/0] 00:02:20
> via ge-1/0/0.220
*[Local/0] 00:02:20
Local via ge-1/0/0.220
*[Direct/0] 00:02:20
> via ge-1/0/1.221
*[Local/0] 00:02:20
Local via ge-1/0/1.221
*[Direct/0] 00:02:20
> via lo0.0
10.210.15.0/27
N
LY
SE
AL
TE
R
IN
Step 1.9
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols ospf
[edit protocols ospf]
lab@mxB-1# set area 0 interface ge-1/0/0.unit
www.juniper.net
Step 1.10
N
LY
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.
ID
193.168.5.1
193.168.5.4
SE
State
Full
Full
Pri
128
128
Dead
34
35
AL
IN
TE
R
Step 1.11
Using the ping utility, verify reachability to remote teams interfaces. Remember to
verify the loopback address.
www.juniper.net
N
LY
SE
AL
lab@mxB-1> configure
Entering configuration mode
Enter configuration mode and define the autonomous system number designated
for your network. Refer to the network diagram as necessary.
Step 1.13
[edit]
lab@mxB-1# set routing-options autonomous-system 65512
TE
R
Navigate to the [edit protocols bgp] hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote teams PE router. Refer to the network diagram for this lab as necessary.
[edit]
lab@mxB-1# edit protocols bgp
IN
Step 1.14
Issue the run show bgp summary command to view the current BGP summary
information for your device.
N
LY
SE
AL
TE
R
IN
STOP
www.juniper.net
N
LY
Step 2.1
Refer to the lab diagram to ensure you navigate to the correct virtual router name.
Navigate to the [edit routing-instances instance-name] hierarchy and
configure the instance to behave as a virtual router. Configure the interfaces that
should be members of the virtual router. Make sure you include a loopback
interface.
[edit protocols bgp]
SE
Step 2.2
AL
Review the virtual router configuration up to this point by issuing the command
show.
IN
TE
R
www.juniper.net
Step 2.3
Navigate to the [edit interfaces] hierarchy. Configure both physical
interfaces required for the connection to the virtual router. Configure unit 1 under
the loopback interface. Consult the network diagram for proper IP addressing. After
verifying your configuration, commit and exit to operational mode to verify
connectivity.
[edit routing-instances ceB-1]
lab@mxB-1# top edit interfaces
N
LY
[edit interfaces]
lab@mxB-1# set ge-1/0/4 unit 0 family inet address address/24
[edit interfaces]
lab@mxB-1# set ge-1/1/4 unit 0 family inet address address/24
[edit interfaces]
lab@mxB-1# set lo0 unit 1 family inet address address
SE
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 2.4
Verify connectivity from your CE router to your PE router using the ping utility.
AL
IN
TE
R
--- 10.0.20.1 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.006/2.006/2.006/0.000 ms
Note
Step 2.5
Return to configuration mode and configure the main instance (PE) to establish an
EBGP peering session, named my-ext-group, to your virtual router (CE). Verify
configuration looks correct before moving on. Please refer to the network diagram
for appropriate peer autonomous system numbers.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols bgp
Lab 112 MPLS Fundamentals (Detailed)
www.juniper.net
N
LY
SE
AL
TE
R
IN
lab@mxB-1# commit
commit complete
N
LY
SE
AL
TE
R
IN
Step 2.7
www.juniper.net
[edit policy-options]
lab@mxB-1# set policy-statement ce-export-loopback term 1 from route-filter
ce-loopback-address exact
[edit policy-options]
lab@mxB-1# set policy-statement ce-export-loopback term 1 then accept
[edit policy-options]
lab@mxB-1# top edit routing-instances instance-name
N
LY
SE
Step 2.8
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
AL
IN
TE
R
Note
Step 2.9
Verify that you are receiving the remote CE loopback from your IBGP neighbor. The
total destination routes may differ in your outputs.
lab@mxB-1> show route receive-protocol bgp remote-pe-loopback-address
inet.0: 37 destinations, 37 routes (36 active, 0 holddown, 1 hidden)
www.juniper.net
N
LY
Take an extensive look at the hidden route and determine why the route is hidden.
TE
R
AL
SE
IN
www.juniper.net
N
LY
SE
AL
TE
R
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit policy-options
IN
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 from protocol bgp
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 then next-hop self
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 then accept
[edit policy-options]
lab@mxB-1# top edit protocols bgp group my-int-group
N
LY
Verify that the route to the remote CE routers loopback address is now usable and
installed in the routing table.
lab@mxB-1> show route receive-protocol bgp remote-pe-loopback-address
SE
AL
TE
R
Answer: Yes, you should now see the route for the
remote CE loopback. If you do not see this route
please review your configuration and consult with
the remote team to verify correct configuration. If
necessary, please consult the instructor.
IN
Step 2.13
Verify that you are receiving and installing the route to the remote CE router in your
virtual router.
www.juniper.net
10.0.20.0/24
*[Direct/0] 00:40:43
> via ge-1/1/4.0
*[Local/0] 00:40:43
Local via ge-1/1/4.0
*[Direct/0] 00:40:43
> via lo0.1
*[BGP/170] 00:03:14, localpref 100
AS path: 65512 65202 I, validation-state: unverified
> to 10.0.20.1 via ge-1/1/4.0
10.0.20.2/32
193.168.12.1/32
193.168.12.2/32
N
LY
SE
STOP
AL
In this lab part, you will reference the lab diagram for parts 2 and 3. You will
configure a static LSP that will be used for traffic that is destined to the network
connected to the remote PE router. After configuring the LSP we will verify CE to CE
router communication through the static LSP.
Step 3.1
TE
R
lab@mxB-1> configure
Entering configuration mode
IN
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
[edit interfaces]
lab@mxB-1#
Step 3.2
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
www.juniper.net
[edit interfaces]
lab@mxB-1# top edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set interface all
[edit protocols mpls]
lab@mxB-1# set interface fxp0 disable
[edit protocols mpls]
lab@mxB-1#
N
LY
Step 3.3
Commit the configuration changes. Issue the run show route table mpls.0
command to verify that the MPLS table has been created.
SE
metric 1
metric 1
AL
1
2
metric 1
13
metric 1
IN
TE
R
Step 3.4
Review the interfaces that are participating in MPLS to ensure that we have the
proper configuration by executing the run show mpls interface command.
[edit protocols mpls]
lab@mxB-1# run show mpls interface
Lab 120 MPLS Fundamentals (Detailed)
www.juniper.net
Interface
ge-1/0/0.220
State
Up
N
LY
Create a static LSP named my-static-lsp with the egress address of the remote
PE loopback.
SE
Step 3.6
AL
TE
R
IN
Step 3.7
Issue the show mpls static-lsp ingress command to view the current
status of the recently configured LSP.
www.juniper.net
State
Up
Step 3.8
N
LY
Review the route being used for the remote CE routers loopback by issuing the
show route remote-ce-loopback-address command.
193.168.12.2/32
SE
193.168.12.2/32
AL
IN
TE
R
Step 3.9
Look at the traffic statistics for traffic traversing our new LSP. Execute the show
mpls static-lsp statistics ingress command to view the statistics for
the traffic the enters the LSP at this router.
Lab 122 MPLS Fundamentals (Detailed)
www.juniper.net
Packets
0
Bytes
0
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
remote-ce-loopback source local-ce-loopback count 10 rapid
routing-instance instance-name command.
N
LY
routing-instance instance-name
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
Packets
10
Bytes
840
SE
TE
R
AL
IN
Step 3.12
lab@mxB-1> exit
mxB-1 (ttyu0)
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
SE
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
IN
TE
R
AL
www.juniper.net
Note
N
LY
In this lab part, you will configure the virtual router representing the customer edge
(CE) router. You will load a configuration that will automatically configure the
interfaces and networks needed to establish an external BGP (EBGP) peering
between your customer edge router and your provider edge (PE) router. The loaded
configuration will configure your virtual router and all interfaces for both routers and
also configure the EBGP peering session between the two routers. You will then
configure your CE router to advertise the loopback address from your CE device to
your PE router. Your PE router will share these routes with your internal BGP (IBGP)
peer.
SE
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab2-start.config and commit.
mxB-1 (ttyp0)
AL
login: lab
Password:
TE
R
IN
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1#
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
[edit]
lab@mxB-1# run show ospf neighbor
www.juniper.net
Address
172.22.220.2
172.22.221.2
Interface
ge-1/0/0.220
ge-1/0/1.221
State
Full
Full
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
32
31
N
LY
[edit]
lab@mxB-1# run ping local-pe-address routing-instance instance-name count 1
PING 10.0.20.1 (10.0.20.1): 56 data bytes
64 bytes from 10.0.20.1: icmp_seq=0 ttl=64 time=0.722 ms
SE
--- 10.0.20.1 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.722/0.722/0.722/0.000 ms
AL
Step 1.7
TE
R
Verify that the BGP neighbor relationship is established before moving on to the next
step.
IN
[edit]
lab@mxB-1# run show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
Pending
inet.0
0
0
0
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
10.0.20.1
65512
24
23
0
0
9:17 Est
abl
ceB-1.inet.0: 0/0/0/0
10.0.20.2
65201
23
25
0
0
9:17 Est
abl
inet.0: 0/0/0/0
193.168.2.2
65512
24
23
0
0
9:22 Establ
inet.0: 0/0/0/0
www.juniper.net
N
LY
SE
AL
TE
R
[edit]
lab@mxB-1# edit policy-options
[edit policy-options]
lab@mxB-1# set policy-statement vr-export-loopback term 1 from protocol direct
IN
[edit policy-options]
lab@mxB-1# set policy-statement vr-export-loopback term 1 from route-filter
local-ce-loopback-address exact
[edit policy-options]
lab@mxB-1# set policy-statement vr-export-loopback term 1 then accept
Step 1.10
www.juniper.net
Step 1.11
N
LY
Verify that you are advertising your CE routers loopback address to your EBGP peer.
lab@mxB-1> show route advertising-protocol bgp local-pe-ge-1/0/4-address
SE
AL
Step 1.12
Verify the advertisement of the CE routers loopback route from the local PE router to
the remote IBGP peer.
TE
R
IN
www.juniper.net
Note
N
LY
SE
AL
TE
R
Step 1.14
Take an extensive look at the hidden route and determine why the route is hidden.
IN
Localpref: 100
Router ID: 193.168.2.2
Indirect next hops: 1
Protocol next hop: 10.0.21.2
Indirect next hop: 0 - INH Session ID: 0x0
ceB-1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
N
LY
SE
Step 1.15
AL
TE
R
IN
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit policy-options
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 from protocol bgp
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 then next-hop self
[edit policy-options]
lab@mxB-1# set policy-statement nhs term 1 then accept
Lab 28 Label Distribution Protocols (Detailed)
www.juniper.net
Step 1.16
Apply the new policy as an export policy to the BGP group my-int-group. After
you are satisfied with your policy and configuration commit your changes and exit to
operational mode.
[edit policy-options]
lab@mxB-1# top edit protocols bgp group my-int-group
[edit protocols bgp group my-int-group]
lab@mxB-1# set export nhs
N
LY
lab@mxB-1>
Note
SE
Step 1.17
Verify that the remote loopback address is now usable and installed in the routing
table.
AL
IN
TE
R
Answer: Yes, you should now see the route for the
remote CE loopback. If you do not see this route
please review your configuration and consult with
the remote team to verify correct configuration. If
necessary, please consult the instructor.
Step 1.18
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
www.juniper.net
193.168.12.2/32
N
LY
SE
AL
STOP
IN
Step 2.1
TE
R
In this lab part, you will configure a RSVP signaled LSP that will be used for traffic
that is destined to the network connected to the remote PE router. After configuring
the LSP we will verify CE to CE router communication through the RSVP LSP.
Enter into configuration mode and navigate to the [edit interfaces]
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family mpls
Lab 210 Label Distribution Protocols (Detailed)
www.juniper.net
Step 2.2
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
[edit interfaces]
lab@mxB-1# top edit protocols mpls
Step 2.3
N
LY
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
SE
Step 2.4
AL
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume unit 0 if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
TE
R
IN
www.juniper.net
N
LY
Step 2.5
SE
Add the configuration for creating the LSP. Navigate to the [edit protocols
mpls] hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the
set no-cspf command. Next, create a label-switched-path named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peers loopback address.
Verify that the configuration looks correct. Commit and exit to operation mode when
you are satisfied with the changes.
AL
IN
TE
R
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
www.juniper.net
ActivePath
LSPname
pe1-to-pe2-B
N
LY
AL
SE
IN
TE
R
Step 2.7
Review the ingress LSP in more detail by including the ingress and extensive
options with the previous command.
N
LY
SE
AL
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route remote-CE-loopback-address command.
TE
R
IN
www.juniper.net
N
LY
Step 2.9
Verify the remote CE routers loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Make sure to source
the ICMP packets from the local CE routers loopback address.
SE
AL
--- 193.168.12.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.688/0.760/0.869/0.065 ms
TE
R
Step 2.10
Verify the ICMP packets traversed the LSP by displaying the traffic statistics for the
LSP.
IN
www.juniper.net
Bytes LSPname
420 pe1-to-pe2-B
N
LY
STOP
SE
In this lab part, you will create a path using both strict and loose path constraints.
You will apply the path as the primary path to your existing LSP, forcing the LSP to
signal along the specified path. You will decide which path the LSP will traverse. The
only criteria for this task is that you must have at least one strict hop and one loose
hop defined for the path. The example below is from the perspective of the local PE
router. The path example will have a strict hop requirement of the p4 router and a
loose hop requirement of the p3 router. This path was chosen for demonstration
purposes onlyyou might choose to engineer your LSP path differently.
AL
Step 3.1
Enter into configuration mode and edit to the [edit protocols mpls]
hierarchy. Create a path named my-ER0 and configure the strict and loose hops you
want the LSP path to signal along.
TE
R
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
IN
www.juniper.net
193.168.5.3 loose;
}
interface all;
interface fxp0.0 {
disable;
}
Step 3.2
O
SE
N
LY
Apply the ERO you just created as the primary path used by the LSP you
configured in Part 2. If you do not remember what the LSP name was, you can use
the question mark option to display the LSPs that are configured on the router.
Review the configuration changes before committing and exiting to operational
mode.
TE
R
AL
IN
Step 3.3
Verify the status of your LSP using the show mpls lsp ingress command.
lab@mxB-1> show mpls lsp ingress
Ingress LSP: 1 sessions
www.juniper.net
To
From
State Rt P
193.168.2.2
193.168.2.1
Up
0 *
Total 1 displayed, Up 1, Down 0
ActivePath
my-ERO
LSPname
pe1-to-pe2-B
N
LY
SE
Review the output displayed from the show mpls lsp ingress detail
command to verify the LSP is following the path you created.
AL
IN
TE
R
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: my-ERO (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
my-ERO
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.207.1 172.22.222.1
Total 1 displayed, Up 1, Down 0
www.juniper.net
N
LY
In this lab part, you will deactivate RSVP and add LDP to your network setup. Then
you will verify that traffic will transit the network using the LDP LSP.
Step 4.1
lab@mxB-1> configure
Entering configuration mode
Step 4.2
AL
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1# deactivate protocols rsvp
SE
Enter into configuration mode and deactivate RSVP. Commit the configuration
change.
TE
R
Navigate to the [edit protocols ldp] hierarchy and add the interface
all statement. As good practice, remember to disable the management interface.
After making the configuration changes commit and exit to operation mode for
verification.
[edit]
lab@mxB-1# edit protocols ldp
IN
www.juniper.net
Step 4.3
Verify the proper interfaces are participating in LDP by issuing the command show
ldp interface.
lab@mxB-1> show ldp interface
Interface
Label space ID
lo0.0
193.168.2.1:0
ge-1/0/0.220
193.168.2.1:0
ge-1/0/1.221
193.168.2.1:0
Nbr count
0
1
1
Next hello
0
2
1
N
LY
SE
Verify the status of the LSP by issuing the show ldp session command.
Hold time
20
20
AL
Adv. Mode
DU
DU
IN
Step 4.5
TE
R
Verify traffic that is destined to the remote CE routers loopback will use the LSP by
issuing the show route remote-ce-loopback-address command.
www.juniper.net
193.168.12.2/32
N
LY
Verify the remote CE routers loopback is reachable from your local CE router by
sending five ICMP packets.
AL
SE
--- 193.168.12.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.693/0.751/0.784/0.034 ms
TE
R
IN
Step 4.7
Verify these ICMP packets traversed the LSP by displaying the traffic statistics for
the LSP.
Type
Transit
Ingress
Transit
Ingress
Transit
Packets
0
5
0
0
0
Bytes
0
420
0
0
0
Shared
No
No
No
No
No
Ingress
Transit
Ingress
Transit
Ingress
Transit
Ingress
Transit
Ingress
193.168.5.3/32
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
No
No
No
No
No
No
No
No
No
N
LY
SE
AL
STOP
Step 5.1
TE
R
In this lab part, your network will be running both RSVP and LDP to signal LSPs. All
traffic destined for the remote CE router must use the LDP LSPs. You will use
protocol preference to manipulate the LSP that is chosen as the next hop.
Enter into configuration mode and re-activate the RSVP protocol. Commit the
configuration changes.
IN
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# activate protocols rsvp
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1#
www.juniper.net
Step 5.2
Review the routing table to determine what route is being used to carry traffic to the
remote CE network. Please note that the route might not change right away. It can
take a few moments to update the routing table.
[edit]
lab@mxB-1# run show route remote-ce-loopback-address
inet.0: 37 destinations, 37 routes (37 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
pe1-to-pe2-B
N
LY
193.168.12.2/32
SE
193.168.12.2/32
AL
IN
TE
R
Step 5.3
Review the routes being used in the routing table inet.3 by issuing the run show
route table inet.3 remote-pe-loopback-address command.
[edit]
lab@mxB-1# run show route table inet.3 remote-pe-loopback-address
inet.3: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
www.juniper.net
193.168.2.2/32
pe1-to-pe2-B
N
LY
Step 5.4
SE
Lower the preference of the LDP protocol to be one lower than RSVP. You can
accomplish this by issuing the set protocols ldp preference 6 command.
Commit your changes and return to operational mode.
lab@mxB-1>
Step 5.5
AL
[edit]
lab@mxB-1# set protocols ldp preference 6
After the commit has finished, review the route to the remote PE router in the
inet.3 routing table to ensure LDP will be used for traffic to the CE network.
TE
R
IN
193.168.2.2/32
pe1-to-pe2-B
www.juniper.net
N
LY
View the route to the remote CE to determine which type of LSP will be used to
forward traffic to the remote CE.
SE
193.168.12.2/32
AL
193.168.12.2/32
IN
TE
R
www.juniper.net
Note
Step 5.7
Log out of your assigned device using the exit command.
lab@mxB-1> exit
mxB-1 (ttyu0)
login:
IN
TE
R
AL
SE
N
LY
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
CSPF (Detailed)
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
SE
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
Create a baseline network.
Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
IN
TE
R
AL
www.juniper.net
N
LY
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
SE
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
login: lab
Password:
AL
mxB-1 (ttyp0)
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab3-start.config. Commit the configuration and return to operational
mode.
TE
R
IN
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
www.juniper.net
State
Full
Full
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
N
LY
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
IN
TE
R
AL
SE
www.juniper.net
N
LY
lab@mxB-1> configure
Entering configuration mode
SE
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
AL
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family mpls
Step 1.8
[edit interfaces]
lab@mxB-1#
TE
R
Navigate to [edit protocols mpls] hierarchy and add the interface all
statement. As good practice please be sure to disable the management interface.
[edit interfaces]
lab@mxB-1# top edit protocols mpls
IN
Step 1.9
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
[edit protocols mpls]
lab@mxB-1# commit
commit complete
www.juniper.net
Step 1.10
N
LY
Navigate to the [edit protocols rsvp] hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume unit 0 if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
[edit protocols mpls]
lab@mxB-1# top edit protocols rsvp
AL
SE
Note
TE
R
IN
Step 1.11
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
www.juniper.net
Static
BW
1000Mbps
1000Mbps
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
N
LY
SE
By default, the Junos operating system does not support the flooding the Opaque
LSAs used to build the TED. This feature must be enabled on every router in the
OSPF network. In this lab part, you will enable the TED and verify its operation.
Step 2.1
View the OSPF database and determine what types of link state advertisements
(LSAs) are currently being flooded in the network.
Adv Rtr
193.168.2.1
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.5.2
193.168.5.4
193.168.5.5
193.168.5.6
193.168.5.5
193.168.5.3
193.168.5.6
193.168.5.1
193.168.5.4
193.168.5.3
193.168.5.6
193.168.2.2
193.168.5.1
193.168.5.2
IN
TE
R
Area 0.0.0.0
Type
ID
Router *193.168.2.1
Router
193.168.2.2
Router
193.168.5.1
Router
193.168.5.2
Router
193.168.5.3
Router
193.168.5.4
Router
193.168.5.5
Router
193.168.5.6
Network 172.22.201.2
Network 172.22.202.2
Network 172.22.203.2
Network 172.22.204.2
Network 172.22.205.2
Network 172.22.206.2
Network 172.22.207.2
Network 172.22.220.2
Network 172.22.221.2
Network 172.22.222.2
Network 172.22.223.2
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
AL
www.juniper.net
Seq
0x8000007a
0x800000af
0x800000b6
0x800000af
0x800000b2
0x800000b4
0x800000ae
0x800000b1
0x800000ac
0x800000ad
0x800000ac
0x800000ac
0x800000ac
0x800000ad
0x800000ad
0x80000054
0x80000054
0x800000ae
0x800000ae
0x80000001
0x800000ae
0x800000ad
Age
1851
906
127
1469
2267
2900
1468
1770
1969
758
2754
2520
1897
124
270
2127
2043
1410
1020
457
627
969
Opt
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
Cksum Len
0x26a4 60
0x5634 60
0xe735 96
0x2771 72
0x37c6 96
0xb15b 96
0x1679 72
0x1927 108
0xd3d8 32
0xced7 32
0xf3ad 32
0xfaa2 32
0xc1df 32
0xacf6 32
0xbbdf 32
0x876f 32
0x8867 32
0xd2c2 32
0xd3ba 32
0xb49d 28
0x5b45 28
0x613e 28
0x800000ad
0x800000ae
0x800000ad
0x800000ad
0x80000001
0x800000ad
0x800000ad
0x800000ad
0x80000054
0x800000ad
0x800000ad
0x80000001
0x800000ad
0x800000ac
0x800000ad
0x800000ad
0x800000ad
0x800000ac
0x80000054
0x800000ac
0x800000ac
0x800000ad
0x800000ac
0x800000ad
981
329
1040
2145
457
1627
469
553
2472
611
645
457
1127
2969
1838
1615
183
2895
2627
2469
2695
1186
2325
1395
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x6538
0x6733
0x6d2c
0x7126
0x65cf
0x8f19
0x7d24
0x950a
0x5e7d
0x8517
0x5f37
0x8da4
0xfca8
0x6b2e
0x274
0xd0d3
0xe8b9
0x9505
0x5282
0xd96
0x4158
0x871b
0x6d27
0xef8a
28
28
28
28
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
N
LY
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.3
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.4
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
1.0.0.5
SE
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
OpaqArea
AL
TE
R
IN
Step 2.2
View the TED and determine whether or not your router is using the OpaqArea LSAs
to build a TED.
www.juniper.net
N
LY
SE
[edit]
lab@mxB-1# edit protocols ospf
lab@mxB-1> configure
Entering configuration mode
AL
TE
R
Step 2.4
IN
Issue the show ospf database command and determine if you router is now
generating OpaqArea LSA s.
Adv Rtr
193.168.2.1
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
Seq
0x8000007a
0x800000af
0x800000b6
0x800000af
0x800000b2
0x800000b5
0x800000ae
0x800000b1
Age
2171
1226
447
1789
2587
220
1788
2090
Opt
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
Cksum Len
0x26a4 60
0x5634 60
0xe735 96
0x2771 72
0x37c6 96
0xaf5c 96
0x1679 72
0x1927 108
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0x22
0xd3d8
0xced7
0xf1ae
0xfaa2
0xc1df
0xacf6
0xbbdf
0x876f
0x8867
0xd2c2
0xd3ba
0xb0a3
0xb49d
0x5b45
0x613e
0x6538
0x6733
0x6d2c
0x7126
0x733
0x65cf
0x8f19
0x7d24
0x950a
0x5e7d
0x8517
0x5f37
0x2f08
0x8da4
0xfca8
0x692f
0x274
0xd0d3
0xe8b9
0x9306
0x5282
0xd96
0x3f59
0x871b
0x6d27
0xef8a
32
32
32
32
32
32
32
32
32
32
32
28
28
28
28
28
28
28
28
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
124
N
LY
SE
AL
TE
R
2289
1078
74
2840
2217
444
590
2447
2363
1730
1340
71
777
947
1289
1301
649
1360
2465
71
777
1947
789
873
2792
931
965
71
777
1447
289
2158
1935
503
215
2947
2789
15
1506
2645
1715
0x800000ac
0x800000ad
0x800000ad
0x800000ac
0x800000ac
0x800000ad
0x800000ad
0x80000054
0x80000054
0x800000ae
0x800000ae
0x80000001
0x80000001
0x800000ae
0x800000ad
0x800000ad
0x800000ae
0x800000ad
0x800000ad
0x80000001
0x80000001
0x800000ad
0x800000ad
0x800000ad
0x80000054
0x800000ad
0x800000ad
0x80000001
0x80000001
0x800000ad
0x800000ad
0x800000ad
0x800000ad
0x800000ad
0x800000ad
0x80000054
0x800000ac
0x800000ad
0x800000ad
0x800000ac
0x800000ad
193.168.5.2
193.168.5.4
193.168.5.5
193.168.5.6
193.168.5.5
193.168.5.3
193.168.5.6
193.168.5.1
193.168.5.4
193.168.5.3
193.168.5.6
193.168.2.1
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.2.1
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.2.1
193.168.2.2
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
193.168.5.1
193.168.5.2
193.168.5.3
193.168.5.4
193.168.5.5
193.168.5.6
Network 172.22.201.2
Network 172.22.202.2
Network 172.22.203.2
Network 172.22.204.2
Network 172.22.205.2
Network 172.22.206.2
Network 172.22.207.2
Network 172.22.220.2
Network 172.22.221.2
Network 172.22.222.2
Network 172.22.223.2
OpaqArea*1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea 1.0.0.1
OpaqArea*1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea 1.0.0.3
OpaqArea*1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.4
OpaqArea 1.0.0.5
OpaqArea 1.0.0.5
OpaqArea 1.0.0.5
OpaqArea 1.0.0.5
OpaqArea 1.0.0.5
OpaqArea 1.0.0.5
IN
www.juniper.net
IN
TE
R
AL
SE
N
LY
Step 2.6
View the TED and determine the colors (administrative groups) that have been
assigned to your PE router local interfaces.
lab@mxB-1> show ted database extensive local-pe-loopback-address
TED database: 0 ISIS nodes 19 INET nodes
NodeID: 193.168.2.1
Type: Rtr, Age: 328 secs, LinkIn: 2, LinkOut: 2
Protocol: OSPF(0.0.0.0)
To: 172.22.220.2-1, Local: 172.22.220.1, Remote: 0.0.0.0
www.juniper.net
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
1000Mbps
AL
SE
N
LY
TE
R
IN
STOP
www.juniper.net
Step 3.1
Enter configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure an RSVP-signaled LSP named
lsp-gold-localPE-to-remotePE-pod. For example, if you are assigned
router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should
be named lsp-gold-pe1-to-pe2-B. Your LSP should egress at your remote
peers loopback address. Create and a use a path called path1 to ensure that this
LSP traverses P2 as a loose hop.
[edit]
lab@mxB-1# edit protocols mpls
N
LY
lab@mxB-1> configure
Entering configuration mode
SE
Step 3.2
AL
TE
R
IN
Step 3.3
Step 3.4
N
LY
Using the show rsvp session extensive ingress command, verify that
the new LSPs are up and are currently traversing P2.
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-gold-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300288
Resv style: 1 FF, Label in: -, Label out: 300288
Time left:
-, Since: Mon May 13 15:36:20 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47889 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 6 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 5 pkts
Explct route: 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
Record route: <self> 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
IN
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-bronze-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300304
Resv style: 1 FF, Label in: -, Label out: 300304
Time left:
-, Since: Mon May 13 15:37:35 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47890 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 3 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 3 pkts
Explct route: 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
Record route: <self> 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
Lab 314 CSPF (Detailed)
www.juniper.net
N
LY
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-silver-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300320
Resv style: 1 FF, Label in: -, Label out: 300320
Time left:
-, Since: Mon May 13 15:37:35 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47891 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 3 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 3 pkts
Explct route: 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
Record route: <self> 172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
Total 3 displayed, Up 3, Down 0
SE
IN
TE
R
AL
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols
[edit protocols]
lab@mxB-1# set mpls admin-groups gold 1
Step 4.2
Define an administrative group called silver that uses a value of 2.
N
LY
[edit protocols]
lab@mxB-1# set mpls admin-groups silver 2
Step 4.3
[edit protocols]
lab@mxB-1# set mpls admin-groups bronze 3
Step 4.4
SE
Apply the administrative groups (as listed in the lab diagram) to the core-facing
interfaces. Commit your configuration and exit to operational mode.
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.unit admin-group silver
AL
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.unit admin-group bronze
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.unit admin-group gold
TE
R
[edit protocols]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
IN
Step 4.5
Use the show mpls interface command to verify that the correct
administrative groups have been applied to your interfaces.
www.juniper.net
N
LY
Step 4.6
View the TED and determine whether your router is advertising the correct colors
(administrative groups) to all other routers in the network.
IN
TE
R
AL
SE
www.juniper.net
N
LY
STOP
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
SE
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.
Step 5.1
AL
TE
R
[edit]
lab@mxB-1# edit protocols mpls
IN
Step 5.2
Modify the primary path for the silver LSP so that it takes only the silver path through
the lab network ensuring that it continues to pass through P2.
www.juniper.net
Step 5.3
Modify the primary path for the bronze LSP so that it takes only the bronze path
through the lab network ensuring that it continues to pass through P2. Commit your
configuration and exit to operational mode.
IN
TE
R
AL
SE
N
LY
Step 5.4
Use the show rsvp session ingress detail command to verify that each
LSP is traversing the correct, colored path as well as passing through P2.
lab@mxB-1> show rsvp session ingress detail
Ingress RSVP: 3 sessions
www.juniper.net
N
LY
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-gold-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300240
Resv style: 1 FF, Label in: -, Label out: 300240
Time left:
-, Since: Mon May 13 16:05:23 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 47889 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.221.2 (ge-1/0/1.221) 4 pkts
RESV rcvfrom: 172.22.221.2 (ge-1/0/1.221) 4 pkts
Explct route: 172.22.221.2 172.22.202.1 172.22.201.2 172.22.205.2
172.22.204.2
172.22.223.1
Record route: <self> 172.22.221.2 172.22.202.1 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-bronze-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300400
Resv style: 1 FF, Label in: -, Label out: 300400
Time left:
-, Since: Mon May 13 16:05:23 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 47890 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 4 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 4 pkts
Explct route: 172.22.220.2 172.22.201.2 172.22.205.2 172.22.204.2
172.22.207.1
172.22.222.1
Record route: <self> 172.22.220.2 172.22.201.2 172.22.205.2 172.22.204.2
172.22.207.1 172.22.222.1
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp-silver-pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300416
Resv style: 1 FF, Label in: -, Label out: 300416
Time left:
-, Since: Mon May 13 16:05:23 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 47891 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Lab 320 CSPF (Detailed)
www.juniper.net
N
LY
SE
TE
R
AL
Step 5.5
IN
lab@mxB-1> exit
mxB-1 (ttyu0)
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
In this lab, you will load a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using different traffic protection mechanisms.
SE
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
Load a baseline network.
AL
IN
TE
R
www.juniper.net
N
LY
Note
Step 1.1
SE
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
login: lab
Password:
AL
mxB-1 (ttyp0)
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab4-start.config. Commit the configuration and return to operational
mode.
TE
R
IN
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
www.juniper.net
State
Full
Full
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
N
LY
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
IN
TE
R
AL
SE
www.juniper.net
N
LY
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Static
BW
1000Mbps
1000Mbps
SE
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
TE
R
AL
IN
Step 2.1
Enter configuration mode and navigate to the [edit routing-options]
hierarchy. Configure the static route associated with your PE. Configure a next hop of
reject for that route.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# edit routing-options
[edit routing-options]
lab@mxB-1# set static route route/24 reject
N
LY
[edit routing-options]
lab@mxB-1# show
static {
route 10.0.1.0/24 reject;
}
autonomous-system 65512;
[edit routing-options]
lab@mxB-1#
Step 2.2
SE
[edit routing-options]
lab@mxB-1# top edit policy-options
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxB-1
Step 2.3
AL
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 then accept
TE
R
Navigate to the [edit protocols bgp] hierarchy and apply the policy as an
export policy to the remote PE neighbor. Commit your configuration and exit to
operation mode.
[edit policy-options]
lab@mxB-1# top edit protocols bgp
IN
Step 2.4
Using the show route advertising-protocol bgp command, verify that
you are sending a route to your remote PE neighbor.
www.juniper.net
N
LY
Using the show route receive-protocol bgp command, verify that you are
receiving a route from your remote PE neighbor.
lab@mxB-1> show route receive-protocol bgp remote-pe-loopback-address
SE
AL
IN
TE
R
STOP
www.juniper.net
Ingress PE
Strict Hop
Loose Hop
172.22.210.2
193.168.5.6
mxA-2
172.22.212.2
193.168.5.4
mxB-1
172.22.220.2
193.168.5.6
mxB-2
172.22.222.2
193.168.5.4
mxC-1
172.22.230.2
mxC-2
172.22.232.2
mxD-1
172.22.240.2
193.168.5.6
mxD-2
172.22.242.2
193.168.5.4
SE
mxA-1
N
LY
193.168.5.6
AL
193.168.5.4
lab@mxB-1> configure
Entering configuration mode
TE
R
[edit]
lab@mxB-1# edit protocols mpls
IN
Step 3.2
www.juniper.net
N
LY
lab@mxB-1>
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P routers.
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300448
Resv style: 1 FF, Label in: -, Label out: 300448
Time left:
-, Since: Wed May 15 18:14:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47894 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 3 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 3 pkts
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> 172.22.220.2 172.22.201.2 172.22.205.2 172.22.204.2
172.22.223.1
Total 1 displayed, Up 1, Down 0
Step 3.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# set interfaces ge-1/0/0 disable
N
LY
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1
SE
[edit]
lab@mxB-1 run show rsvp session ingress detail
Ingress RSVP: 1 sessions
Step 3.5
IN
TE
R
AL
193.168.2.2
From: 193.168.2.1, LSPstate: Dn, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: Resv style: 0 -, Label in: -, Label out: Time left:
-, Since: Wed May 15 18:14:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47894 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 0
PATH sentto: [bad strict route]
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> ...incomplete
Total 1 displayed, Up 0, Down 1
www.juniper.net
Step 3.6
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration.
[edit]
lab@mxB-1# delete interfaces ge-1/0/0 disable
[edit]
lab@mxB-1# commit
commit complete
N
LY
Step 3.7
Verify that the LSP is up using the run show rsvp session ingress
command.
SE
[edit]
lab@mxB-1# run show rsvp session ingress
Ingress RSVP: 1 sessions
To
From
State
Rt Style Labelin Labelout LSPname
193.168.2.2
193.168.2.1
Up
0 1 FF
300464 pe1-to-pe2-B
Total 1 displayed, Up 1, Down 0
AL
TE
R
In this lab part, you will configure a secondary path for the LSP to add traffic
protection to the LSP.
Step 4.1
IN
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set path any-path
Step 4.2
To provide traffic protection to the existing LSP, apply the path created in the
previous step as a secondary path for the LSP. Commit your configuration and exit
configuration mode.
www.juniper.net
Step 4.3
lab@mxB-1> show rsvp session ingress detail
Ingress RSVP: 1 sessions
N
LY
Verify that the new LSP is up and is currently traversing the correct next-hop P router.
AL
SE
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300464
Resv style: 1 FF, Label in: -, Label out: 300464
Time left:
-, Since: Wed May 15 18:14:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47894 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 12 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 12 pkts
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> 172.22.220.2 172.22.201.2 172.22.206.2 172.22.207.2
172.22.223.1
Total 1 displayed, Up 1, Down 0
TE
R
IN
Step 4.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
lab@mxB-1> configure
Entering configuration mode
[edit]
Lab 412 Traffic Protection (Detailed)
www.juniper.net
Step 4.5
[edit]
lab@mxB-1# run show rsvp session ingress extensive
Ingress RSVP: 2 sessions
N
LY
AL
SE
193.168.2.2
From: 193.168.2.1, LSPstate: Dn, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: Resv style: 0 -, Label in: -, Label out: Time left:
-, Since: Wed May 15 18:14:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47894 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 0
PATH sentto: [bad strict route]
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> ...incomplete
IN
TE
R
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300288
Resv style: 1 FF, Label in: -, Label out: 300288
Time left:
-, Since: Wed May 15 18:21:44 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 47895 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.221.2 (ge-1/0/1.221) 3 pkts
RESV rcvfrom: 172.22.221.2 (ge-1/0/1.221) 3 pkts
Record route: <self> 172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
Total 2 displayed, Up 1, Down 1
www.juniper.net
N
LY
Step 4.6
SE
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
lab@mxB-1>
Step 4.7
AL
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
[edit]
lab@mxB-1# delete interfaces ge-1/0/0 disable
Use the show mpls lsp extensive command to verify the status of the LSP.
TE
R
IN
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: any-path (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Time remaining before reverting: 58
Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.223.1
17 May 15 18:23:21.678 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
16 May 15 18:23:21.678 Up
15 May 15 18:22:45.064 Explicit Route: bad strict route[5 times]
Lab 414 Traffic Protection (Detailed)
www.juniper.net
AL
SE
N
LY
IN
TE
R
Step 5.1
Enter configuration mode and navigate to the [edit protocols mpls]
hierarchy. To provide slightly more traffic protection to the existing LSP, apply the
any-path path as a standby secondary path for the LSP. Commit your
configuration and exit configuration mode and verify that your LSP is up.
lab@mxB-1> configure
Entering configuration mode
N
LY
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set label-switched-path localPE-to-remotePE-pod secondary any-path
standby
SE
lab@mxB-1>
Step 5.2
Use the show mpls lsp ingress extensive command to verify that the new
LSP is up using the primary path. Also, verify that the secondary path is up in a
standby state.
AL
IN
TE
R
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: strict-first-hop (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.201.2 172.22.206.2 172.22.207.2 172.22.223.1
18 May 15 18:24:22.378 Selected as active path: due to 'primary'
17 May 15 18:23:21.678 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
16 May 15 18:23:21.678 Up
15 May 15 18:22:45.064 Explicit Route: bad strict route[5 times]
14 May 15 18:21:44.404 Deselected as active
13 May 15 18:21:44.398 No Route toward dest
12 May 15 18:21:44.397 172.22.220.1: Down
11 May 15 18:17:53.923 Selected as active path
10 May 15 18:17:53.921 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
9 May 15 18:17:53.921 Up
Lab 416 Traffic Protection (Detailed)
www.juniper.net
SE
N
LY
IN
TE
R
AL
Step 5.3
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
www.juniper.net
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# set interfaces ge-1/0/0 disable
[edit]
lab@mxB-1#
Step 5.4
N
LY
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1# run show mpls lsp ingress extensive
Ingress LSP: 1 sessions
Verify the status of the LSP using the run show mpls lsp ingress
extensive command.
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: any-path (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary
strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
22 May 15 18:28:13.699 Explicit Route: bad strict route[3 times]
21 May 15 18:28:08.737 Deselected as active
20 May 15 18:28:08.736 No Route toward dest
19 May 15 18:28:08.735 172.22.220.1: Down
18 May 15 18:24:22.378 Selected as active path: due to 'primary'
17 May 15 18:23:21.678 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
16 May 15 18:23:21.678 Up
15 May 15 18:22:45.064 Explicit Route: bad strict route[5 times]
14 May 15 18:21:44.404 Deselected as active
13 May 15 18:21:44.398 No Route toward dest
12 May 15 18:21:44.397 172.22.220.1: Down
11 May 15 18:17:53.923 Selected as active path
10 May 15 18:17:53.921 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
9 May 15 18:17:53.921 Up
8 May 15 18:17:27.178 Explicit Route: bad strict route[5 times]
7 May 15 18:16:14.626 Deselected as active
6 May 15 18:16:14.625 No Route toward dest
5 May 15 18:16:14.625 172.22.220.1: Down
4 May 15 18:14:18.222 Selected as active path
3 May 15 18:14:18.221 Record Route: 172.22.220.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
2 May 15 18:14:18.221 Up
1 May 15 18:14:18.172 Originate Call
Lab 418 Traffic Protection (Detailed)
www.juniper.net
N
LY
*Standby
any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
10 May 15 18:28:08.737 Selected as active path
9 May 15 18:26:19.332 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
8 May 15 18:26:19.332 Up
7 May 15 18:26:19.293 Originate Call
6 May 15 18:25:49.853 Clear Call
5 May 15 18:24:22.378 Deselected as active: due to 'primary'
4 May 15 18:21:44.464 Selected as active path
3 May 15 18:21:44.464 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
2 May 15 18:21:44.464 Up
1 May 15 18:21:44.401 Originate Call
Created: Wed May 15 18:14:17 2013
Total 1 displayed, Up 1, Down 0
SE
TE
R
AL
IN
Step 5.5
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
[edit]
lab@mxB-1# delete interfaces ge-1/0/0 disable
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
www.juniper.net
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxB-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
IN
TE
R
AL
SE
N
LY
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: any-path (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Time remaining before reverting: 56
Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.202.2 172.22.203.2 172.22.204.2 172.22.223.1
24 May 15 18:29:53.488 Record Route: 172.22.220.2 172.22.202.2 172.22.203.2
172.22.204.2 172.22.223.1
23 May 15 18:29:53.488 Up
22 May 15 18:29:42.650 Explicit Route: bad strict route[5 times]
21 May 15 18:28:08.737 Deselected as active
20 May 15 18:28:08.736 No Route toward dest
19 May 15 18:28:08.735 172.22.220.1: Down
18 May 15 18:24:22.378 Selected as active path: due to 'primary'
17 May 15 18:23:21.678 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
16 May 15 18:23:21.678 Up
15 May 15 18:22:45.064 Explicit Route: bad strict route[5 times]
14 May 15 18:21:44.404 Deselected as active
13 May 15 18:21:44.398 No Route toward dest
12 May 15 18:21:44.397 172.22.220.1: Down
11 May 15 18:17:53.923 Selected as active path
10 May 15 18:17:53.921 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
9 May 15 18:17:53.921 Up
8 May 15 18:17:27.178 Explicit Route: bad strict route[5 times]
7 May 15 18:16:14.626 Deselected as active
6 May 15 18:16:14.625 No Route toward dest
5 May 15 18:16:14.625 172.22.220.1: Down
4 May 15 18:14:18.222 Selected as active path
3 May 15 18:14:18.221 Record Route: 172.22.220.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
2 May 15 18:14:18.221 Up
1 May 15 18:14:18.172 Originate Call
*Standby
any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
10 May 15 18:28:08.737 Selected as active path
Lab 420 Traffic Protection (Detailed)
www.juniper.net
N
LY
SE
AL
After the LSP has reverted to the primary path, view the forwarding table to see the
next hop of the BGP route being advertised by the remote PE router.
IN
TE
R
www.juniper.net
N
LY
Step 5.8
SE
[edit]
lab@mxB-1# edit policy-options
lab@mxB-1> configure
Entering configuration mode
AL
[edit policy-options]
lab@mxB-1# set policy-statement load-balance term 10 then load-balance
per-packet
Step 5.9
TE
R
[edit policy-options]
lab@mxB-1# top edit routing-options
IN
[edit routing-options]
lab@mxB-1# set forwarding-table export load-balance
[edit routing-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.
lab@mxB-1> show route forwarding-table destination remote-static-route
Routing table: default.inet
Lab 422 Traffic Protection (Detailed)
www.juniper.net
Internet:
Destination
10.0.2.0/24
0.220
1.221
172.22.220.2
172.22.221.2
Push 300304
536
1 ge-1/0/
N
LY
SE
In this lab part, you will familiarize yourself with the behavior of an LSP with no
primary path. Instead, the LSP will have two secondary paths.
Step 6.1
AL
[edit]
lab@mxB-1# edit protocols mpls
TE
R
IN
Step 6.2
Step 6.3
N
LY
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: strict-first-hop (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Secondary strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.201.2 172.22.205.2 172.22.204.2 172.22.223.1
4 May 15 18:45:55.127 Selected as active path
3 May 15 18:45:55.127 Record Route: 172.22.220.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
2 May 15 18:45:55.127 Up
1 May 15 18:45:55.077 Originate Call
Secondary any-path
State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
4 May 15 18:46:24.052 Clear Call
3 May 15 18:45:55.126 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.222.1
2 May 15 18:45:55.126 Up
1 May 15 18:45:55.078 Originate Call
Created: Wed May 15 18:14:18 2013
Total 1 displayed, Up 1, Down 0
www.juniper.net
N
LY
Step 6.4
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# set interfaces ge-1/0/0 disable
SE
[edit]
lab@mxB-1# commit
commit complete
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
[edit]
lab@mxB-1#
Step 6.5
AL
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.
[edit]
lab@mxB-1# run show mpls lsp ingress extensive
Ingress LSP: 1 sessions
IN
TE
R
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: any-path (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Secondary strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
9 May 15 18:47:51.877 Clear Call
8 May 15 18:47:34.083 Explicit Route: bad strict route[4 times]
7 May 15 18:47:24.413 Deselected as active
6 May 15 18:47:24.411 No Route toward dest
5 May 15 18:47:24.410 172.22.220.1: Down
4 May 15 18:45:55.127 Selected as active path
3 May 15 18:45:55.127 Record Route: 172.22.220.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
2 May 15 18:45:55.127 Up
1 May 15 18:45:55.077 Originate Call
www.juniper.net
N
LY
*Secondary any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
8 May 15 18:47:29.415 Selected as active path
7 May 15 18:47:29.414 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
6 May 15 18:47:29.414 Up
5 May 15 18:47:24.412 Originate Call
4 May 15 18:46:24.052 Clear Call
3 May 15 18:45:55.126 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.222.1
2 May 15 18:45:55.126 Up
1 May 15 18:45:55.078 Originate Call
Created: Wed May 15 18:14:18 2013
Total 1 displayed, Up 1, Down 0
SE
AL
Step 6.6
TE
R
Enable the interface on your PE that is used by the primary path of the LSP. Commit
your configuration and exit to operational mode.
[edit]
lab@mxB-1# delete interfaces ge-1/0/0 disable
IN
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 6.7
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
lab@mxB-1> show mpls lsp ingress extensive
Ingress LSP: 1 sessions
www.juniper.net
IN
TE
R
AL
SE
N
LY
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: any-path (secondary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Secondary strict-first-hop State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
9 May 15 18:47:51.877 Clear Call
8 May 15 18:47:34.083 Explicit Route: bad strict route[4 times]
7 May 15 18:47:24.413 Deselected as active
6 May 15 18:47:24.411 No Route toward dest
5 May 15 18:47:24.410 172.22.220.1: Down
4 May 15 18:45:55.127 Selected as active path
3 May 15 18:45:55.127 Record Route: 172.22.220.2 172.22.201.2 172.22.205.2
172.22.204.2 172.22.223.1
2 May 15 18:45:55.127 Up
1 May 15 18:45:55.077 Originate Call
*Secondary any-path
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
8 May 15 18:47:29.415 Selected as active path
7 May 15 18:47:29.414 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
6 May 15 18:47:29.414 Up
5 May 15 18:47:24.412 Originate Call
4 May 15 18:46:24.052 Clear Call
3 May 15 18:45:55.126 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.222.1
2 May 15 18:45:55.126 Up
1 May 15 18:45:55.078 Originate Call
Created: Wed May 15 18:14:17 2013
Total 1 displayed, Up 1, Down 0
www.juniper.net
N
LY
[edit]
lab@mxB-1# edit protocols mpls
Step 7.2
SE
AL
TE
R
IN
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
lab@mxB-1> show rsvp session ingress detail
Ingress RSVP: 1 sessions
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Lab 428 Traffic Protection (Detailed)
www.juniper.net
SE
N
LY
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300560
Resv style: 1 FF, Label in: -, Label out: 300560
Time left:
-, Since: Thu May 16 01:21:53 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 8 receiver 47898 protocol 0
FastReroute desired
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 7 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 7 pkts
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> 172.22.220.2 172.22.201.2 172.22.206.2 172.22.207.2
172.22.223.1
Detour is Up
Detour Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Detour adspec: sent MTU 1500
Path MTU: received 1500
Detour PATH sentto: 172.22.221.2 (ge-1/0/1.221) 4 pkts
Detour RESV rcvfrom: 172.22.221.2 (ge-1/0/1.221) 2 pkts
Detour Explct route: 172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
Detour Record route: <self> 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
Detour Label out: 300400
Total 1 displayed, Up 1, Down 0
AL
IN
TE
R
Step 7.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# set interfaces ge-1/0/0 disable
[edit]
lab@mxB-1# commit
commit complete
[edit]
Step 7.5
[edit]
lab@mxB-1# run show mpls lsp ingress extensive
Ingress LSP: 1 sessions
N
LY
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2-B
ActivePath: strict-first-hop (primary)
FastReroute desired
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
strict-first-hop State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
21 May 16 01:24:02.275 Tunnel local repaired[4 times]
20 May 16 01:23:57.300 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
19 May 16 01:23:57.300 172.22.220.1: Tunnel local repaired
18 May 16 01:23:57.299 172.22.220.1: Down
17 May 16 01:22:02.106 Fast-reroute Detour Up
16 May 16 01:21:56.141 Record Route: 172.22.220.2(flag=9)
172.22.201.2(flag=9) 172.22.206.2(flag=9) 172.22.207.2(flag=1) 172.22.223.1
15 May 16 01:21:56.135 Record Route: 172.22.220.2 172.22.201.2(flag=9)
172.22.206.2(flag=9) 172.22.207.2(flag=1) 172.22.223.1
14 May 16 01:21:56.119 Record Route: 172.22.220.2 172.22.201.2
172.22.206.2(flag=9) 172.22.207.2(flag=1) 172.22.223.1
13 May 16 01:21:56.104 Record Route: 172.22.220.2 172.22.201.2
172.22.206.2(flag=9) 172.22.207.2 172.22.223.1
12 May 16 01:21:53.140 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.207.2 172.22.223.1
11 May 16 01:21:53.139 Up
10 May 16 01:21:53.089 Originate Call
9 May 16 01:21:53.087 Clear Call
8 May 16 01:21:19.084 Fast-reroute Detour Up
7 May 16 01:21:13.104 Record Route: 172.22.220.2(flag=9)
172.22.201.2(flag=9) 172.22.205.2 172.22.204.2(flag=1) 172.22.223.1
6 May 16 01:21:13.100 Record Route: 172.22.220.2 172.22.201.2(flag=9)
172.22.205.2 172.22.204.2 172.22.223.1
Lab 430 Traffic Protection (Detailed)
www.juniper.net
N
LY
SE
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
Step 7.7
lab@mxB-1>
AL
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
[edit]
lab@mxB-1# delete interfaces ge-1/0/0 disable
TE
R
Use the show rsvp session ingress detail command to verify the status
of the LSP.
IN
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: Resv style: 0 -, Label in: -, Label out: Time left:
-, Since: Thu May 16 01:21:53 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 8 receiver 47898 protocol 0
FastReroute desired
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 0
www.juniper.net
N
LY
SE
AL
In this lab part, you will become familiar with an RSVP LSP that is protected by link
and node-link protection.
Step 8.1
TE
R
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
IN
Step 8.2
www.juniper.net
Step 8.3
N
LY
In the previous part of the lab, you found that the fast-reroute feature allowed the
ingress PE to signal to all downstream routers that they must build detour paths
around the immediate downstream node. In the case of fast-reroute, no special
configuration was needed on any downstream router to build detour paths. In the
case of link and node-link protection, you must specify each individual link within
your network topology that can be protected.
SE
Step 8.4
AL
Use the show rsvp session ingress detail command to verify the status
of the LSP.
TE
R
IN
193.168.2.2
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: pe1-to-pe2-B, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300592
Resv style: 1 SE, Label in: -, Label out: 300592
Time left:
-, Since: Thu May 16 01:29:26 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47899 protocol 0
Node/Link protection desired
Type: Protection down
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 3 pkts
www.juniper.net
AL
SE
193.168.5.4
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->172.22.220.2->172.22.202.2
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 3
Resv style: 1 SE, Label in: -, Label out: 3
Time left:
-, Since: Thu May 16 01:29:37 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 47900 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 0
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.221.2 (ge-1/0/1.221) 3 pkts
RESV rcvfrom: 172.22.221.2 (ge-1/0/1.221) 3 pkts
Explct route: 172.22.221.2
Record route: <self> 172.22.221.2
Total 2 displayed, Up 2, Down 0
N
LY
IN
TE
R
Step 8.5
Enter configuration mode navigate to the [edit protocols mpls] hierarchy.
Modify your LSP to provide link protection.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set label-switched-path localPE-to-remotePE-pod link-protection
Step 8.6
IN
TE
R
AL
SE
N
LY
View your MPLS configuration and verify that link protection is configured. Commit
your configuration and exit to operational mode.
Step 8.7
Use the show rsvp session ingress detail command to verify the status
of the LSP.
N
LY
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300736
Resv style: 1 SE, Label in: -, Label out: 300736
Time left:
-, Since: Thu May 16 11:59:09 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 33664 protocol 0
Link protection desired
Type: Protection down
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.220.2 (ge-1/0/0.220) 3 pkts
RESV rcvfrom: 172.22.220.2 (ge-1/0/0.220) 3 pkts
Explct route: 172.22.220.2 193.168.5.6
Record route: <self> 193.168.5.1 (node-id) 172.22.220.2 193.168.5.4 (node-id)
172.22.202.2
193.168.5.5 (node-id) 172.22.203.2 193.168.5.6 (node-id) 172.22.204.2
193.168.2.2 (node-id)
172.22.223.1
TE
R
AL
SE
193.168.5.1
From: 193.168.2.1, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->172.22.220.2
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 300672
Resv style: 1 SE, Label in: -, Label out: 300672
Time left:
-, Since: Thu May 16 11:59:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 33665 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 0
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.22.221.2 (ge-1/0/1.221) 2 pkts
RESV rcvfrom: 172.22.221.2 (ge-1/0/1.221) 2 pkts
Explct route: 172.22.221.2 172.22.202.1
Record route: <self> 172.22.221.2 172.22.202.1
Total 2 displayed, Up 2, Down 0
IN
www.juniper.net
(Optional)
N
LY
Enter configuration mode and disable the interface on your PE router that is used by
the primary path of the LSP. Commit your configuration and exit to operational
mode. Verify that protection occurs using the methods learned in this lab.
In this lab part, you will become familiar with an LDP LSP that is protected by link
and protection.
SE
Step 9.1
lab@mxB-1> configure
Entering configuration mode
AL
[edit]
lab@mxB-1# edit protocols mpls
TE
R
Step 9.2
Navigate to the [edit protocols ldp] and enable LDP on every interface.
IN
www.juniper.net
Step 9.3
Use the show ldp interfaces command to determine if LDP has been
enabled.
[edit protocols ldp]
lab@mxB-1# run show ldp interface
Interface
Label space ID
lo0.0
193.168.2.1:0
ge-1/0/0.220
193.168.2.1:0
ge-1/0/1.221
193.168.2.1:0
Nbr count
0
1
1
Next hello
0
0
2
N
LY
SE
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
TE
R
193.168.5.1/32
AL
193.168.2.2/32
*[Direct/0] 08:46:49
> via lo0.0
*[OSPF/10] 00:00:09, metric 4
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:00:09, metric 1
> to 172.22.220.2 via ge-1/0/0.220
*[OSPF/10] 00:00:09, metric 2
> to 172.22.220.2 via ge-1/0/0.220
*[OSPF/10] 00:00:09, metric 3
> to 172.22.220.2 via ge-1/0/0.220
*[OSPF/10] 00:05:07, metric 1
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:05:07, metric 2
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:05:07, metric 3
> to 172.22.221.2 via ge-1/0/1.221
193.168.2.1/32
193.168.5.2/32
193.168.5.3/32
IN
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
*[LDP/9] 00:00:09,
to 172.22.220.2
> to 172.22.221.2
*[LDP/9] 00:00:09,
metric 1
via ge-1/0/0.220, Push 300704
via ge-1/0/1.221, Push 300592
metric 1
www.juniper.net
193.168.5.2/32
193.168.5.3/32
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
> to 172.22.220.2
*[LDP/9] 00:00:09,
> to 172.22.220.2
*[LDP/9] 00:00:09,
> to 172.22.220.2
*[LDP/9] 00:05:07,
> to 172.22.221.2
*[LDP/9] 00:05:07,
> to 172.22.221.2
*[LDP/9] 00:05:07,
> to 172.22.221.2
via ge-1/0/0.220
metric 1
via ge-1/0/0.220,
metric 1
via ge-1/0/0.220,
metric 1
via ge-1/0/1.221
metric 1
via ge-1/0/1.221,
metric 1
via ge-1/0/1.221,
Push 299952
Push 299968
Push 299984
Push 300000
N
LY
SE
AL
TE
R
IN
Step 9.6
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
[edit protocols ospf]
lab@mxB-1# run show route 193.168/16
www.juniper.net
193.168.5.1/32
193.168.5.2/32
193.168.5.3/32
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
193.168.2.2/32
*[Direct/0] 09:11:08
> via lo0.0
*[OSPF/10] 00:01:45, metric 4
to 172.22.220.2 via ge-1/0/0.220
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:01:45, metric 1
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:01:45, metric 2
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:01:45, metric 3
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:29:26, metric 1
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:29:26, metric 2
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:29:26, metric 3
> to 172.22.221.2 via ge-1/0/1.221
SE
193.168.2.1/32
N
LY
193.168.5.2/32
TE
R
193.168.5.3/32
193.168.5.4/32
IN
193.168.5.5/32
193.168.5.6/32
metric 1
via ge-1/0/0.220,
via ge-1/0/1.221,
metric 1
via ge-1/0/0.220
via ge-1/0/1.221,
metric 1
via ge-1/0/0.220,
via ge-1/0/1.221,
metric 1
via ge-1/0/0.220,
via ge-1/0/1.221,
metric 1
via ge-1/0/1.221
metric 1
via ge-1/0/1.221,
metric 1
via ge-1/0/1.221,
AL
193.168.5.1/32
*[LDP/9] 00:01:45,
> to 172.22.220.2
to 172.22.221.2
*[LDP/9] 00:01:45,
> to 172.22.220.2
to 172.22.221.2
*[LDP/9] 00:01:45,
> to 172.22.220.2
to 172.22.221.2
*[LDP/9] 00:01:45,
> to 172.22.220.2
to 172.22.221.2
*[LDP/9] 00:29:26,
> to 172.22.221.2
*[LDP/9] 00:29:26,
> to 172.22.221.2
*[LDP/9] 00:29:26,
> to 172.22.221.2
193.168.2.2/32
Push 299984
Push 300000
www.juniper.net
Question: Why did the next hops change for the LDP
routes when link protection was only configured
under OSPF?
N
LY
SE
Step 9.8
AL
Configure a no-cspf RSVP LSP called protect that terminates on the P router
attached to your ge-1/0/0 interface. Apply the avoid-top path to the LSP. Also,
ensure that it can be used as a backup path for both OSPF routes and LDP routes by
configuring backup and ldp-tunneling.
TE
R
IN
www.juniper.net
Step 9.9
Issue the show mpls lsp command to verify the status of the RSVP LSP.
LSPname
protect
ActivePath
avoid-top
N
LY
SE
AL
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
TE
R
IN
193.168.5.1/32
protect
193.168.5.2/32
protect
193.168.5.3/32
protect
*[Direct/0] 09:37:28
> via lo0.0
*[OSPF/10] 00:28:05, metric 4
to 172.22.220.2 via ge-1/0/0.220
> to 172.22.221.2 via ge-1/0/1.221
*[OSPF/10] 00:19:19, metric 1
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221, label-switched-path
*[OSPF/10] 00:19:19, metric 2
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221, label-switched-path
*[OSPF/10] 00:19:19, metric 3
> to 172.22.220.2 via ge-1/0/0.220
to 172.22.221.2 via ge-1/0/1.221, label-switched-path
www.juniper.net
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
protect
193.168.5.3/32
protect
193.168.5.4/32
193.168.5.5/32
N
LY
IN
TE
R
193.168.5.6/32
protect
193.168.5.2/32
SE
protect
193.168.5.1/32
metric 1
via ge-1/0/1.221
metric 1
via ge-1/0/1.221, Push 299984
metric 1
via ge-1/0/1.221, Push 300000
AL
193.168.2.2/32
N
LY
lab@mxB-1> exit
mxB-1 (ttyu0)
login:
IN
TE
R
AL
SE
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
SE
In this lab, you will load a baseline multiprotocol label switching (MPLS) network. You will
analyze the default fate sharing behavior of your Juniper router. You will then configure
fate sharing so that you can avoid a single point of failure between the primary and
secondary paths of an MPLS label switched path (LSP). Next, you will enable Shared Risk
Link Group (SRLG) values in the network such the IGP can help improve the Junos
operating systems default fate sharing behavior. Finally, you will repurpose a set of SRLG
values for use as extended admin groups.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
Load a baseline network.
TE
R
AL
IN
www.juniper.net
Note
N
LY
In this lab part, you will create the baseline network for the lab. You will load a
baseline configuration which will configure your routers interfaces, six logical
systems that represent the core network (p1, p2, p3, p4, pe2, and VS), and the
Open Shortest Path First (OSPF) topology. Since the core network is already
configured for you, you will only be responsible for configure pe1 (the default logical
system). The loaded configuration will also enable RSVP and MPLS on the
core-facing interfaces of the pe1 router.
SE
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
login: lab
Password:
AL
mxB-1 (ttyp0)
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab5-start.config. Commit the configuration and return to operational
mode.
TE
R
IN
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
www.juniper.net
State
Full
Full
Full
ID
193.168.1.3
193.168.1.4
193.168.1.2
Pri
128
128
128
Dead
36
35
33
N
LY
Use the show route command to verify that your PE router has learned routes to
the loopback address of all of the core routers in the network.
lab@mxB-1> show route 193.168/16
193.168.1.3/32
193.168.1.4/32
193.168.1.5/32
TE
R
193.168.1.6/32
AL
193.168.1.2/32
*[Direct/0] 4d 01:10:17
> via lo0.0
*[OSPF/10] 00:09:30, metric 1
> to 10.0.12.2 via ge-1/0/6.100
*[OSPF/10] 00:09:29, metric 1
> to 10.0.13.3 via ge-1/0/5.100
*[OSPF/10] 00:09:30, metric 1
> to 10.0.14.4 via ge-1/0/5.200
*[OSPF/10] 00:08:47, metric 2
> to 10.0.12.2 via ge-1/0/6.100
*[OSPF/10] 00:08:47, metric 2
to 10.0.13.3 via ge-1/0/5.100
> to 10.0.14.4 via ge-1/0/5.200
193.168.1.1/32
SE
IN
www.juniper.net
N
LY
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Static
BW
1000Mbps
1000Mbps
1000Mbps
AL
SE
Available
BW
1000Mbps
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
0bps
Highwater
mark
0bps
0bps
0bps
IN
TE
R
www.juniper.net
N
LY
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
SE
Step 2.2
AL
Configure an LSP named lsp1 from pe1 to pe2 with a primary path of path1 and a
secondary path of path2. Ensure the secondary path is on standby. Your LSP
should egress at pe2s loopback address.
TE
R
IN
Step 2.3
www.juniper.net
Step 2.4
N
LY
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking.
AL
SE
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299776
Resv style: 1 FF, Label in: -, Label out: 299776
Time left:
-, Since: Mon Jun 3 15:03:49 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 1 receiver 18433 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.13.3 (ge-1/0/5.100) 10 pkts
RESV rcvfrom: 10.0.13.3 (ge-1/0/5.100) 9 pkts
Explct route: 10.0.13.3 10.0.36.2
Record route: <self> 10.0.13.3 10.0.36.2
IN
TE
R
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299776
Resv style: 1 FF, Label in: -, Label out: 299776
Time left:
-, Since: Mon Jun 3 15:04:18 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 18434 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.14.4 (ge-1/0/5.200) 9 pkts
RESV rcvfrom: 10.0.14.4 (ge-1/0/5.200) 8 pkts
Explct route: 10.0.14.4 10.0.46.2
Record route: <self> 10.0.14.4 10.0.46.2
Total 2 displayed, Up 2, Down 0
www.juniper.net
N
LY
SE
AL
IN
TE
R
www.juniper.net
Step 2.5
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
lab@mxB-1> clear log cspf-trace.log
Step 2.6
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
Step 2.7
N
LY
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking. It might take 30
seconds for the secondary to get to the up state.
TE
R
AL
SE
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299792
Resv style: 1 FF, Label in: -, Label out: 299792
Time left:
-, Since: Mon Jun 3 15:21:24 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 3 receiver 18433 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.13.3 (ge-1/0/5.100) 4 pkts
RESV rcvfrom: 10.0.13.3 (ge-1/0/5.100) 4 pkts
Explct route: 10.0.13.3 10.0.36.2
Record route: <self> 10.0.13.3 10.0.36.2
IN
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299792
Resv style: 1 FF, Label in: -, Label out: 299792
Time left:
-, Since: Mon Jun 3 15:21:52 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 4 receiver 18434 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.14.4 (ge-1/0/5.200) 3 pkts
RESV rcvfrom: 10.0.14.4 (ge-1/0/5.200) 3 pkts
www.juniper.net
N
LY
SE
Step 2.8
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
IN
TE
R
AL
www.juniper.net
Question: Can you tell from the log file as to why the
primary and secondary LSPs do not take the exact
same path?
N
LY
SE
In this lab part, you will configure fate sharing so that the ingress router can attempt
to avoid the single point of failure (the Ethernet switch) when signaling the
secondary LSP.
Step 3.1
AL
lab@mxB-1> configure
Entering configuration mode
TE
R
[edit]
lab@mxB-1# edit routing-options
[edit routing-options]
lab@mxB-1# set fate-sharing group switch cost 20000
IN
[edit routing-options]
lab@mxB-1# set fate-sharing group switch from 10.0.14.1
[edit routing-options]
lab@mxB-1# set fate-sharing group switch from 10.0.14.4
[edit routing-options]
lab@mxB-1# set fate-sharing group switch from 10.0.13.1
[edit routing-options]
lab@mxB-1# set fate-sharing group switch from 10.0.13.3
[edit routing-options]
lab@mxB-1# commit and-quit
www.juniper.net
commit complete
Exiting configuration mode
lab@mxB-1>
Step 3.2
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
lab@mxB-1> clear log cspf-trace.log
Step 3.3
N
LY
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
lab@mxB-1> clear mpls lsp
Step 3.4
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking. It may take 30
seconds for the secondary to get to the up state.
SE
IN
TE
R
AL
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299808
Resv style: 1 FF, Label in: -, Label out: 299808
Time left:
-, Since: Mon Jun 3 16:15:06 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 5 receiver 18433 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.13.3 (ge-1/0/5.100) 3 pkts
RESV rcvfrom: 10.0.13.3 (ge-1/0/5.100) 3 pkts
Explct route: 10.0.13.3 10.0.36.2
Record route: <self> 10.0.13.3 10.0.36.2
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299776
Resv style: 1 FF, Label in: -, Label out: 299776
Time left:
-, Since: Mon Jun 3 16:15:36 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 6 receiver 18434 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Lab 512 Fate Sharing (Detailed)
www.juniper.net
N
LY
SE
AL
TE
R
Step 3.5
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
IN
N
LY
SE
In this lab part, you will configure an SRLG so that the ingress router can attempt to
avoid the single point of failure (the Ethernet switch) when signaling the secondary
LSP. Use the diagram labeled Fate Sharing Lab - Part 4 for this part of the lab.
Step 4.1
AL
lab@mxB-1> configure
Entering configuration mode
TE
R
[edit]
lab@mxB-1# edit routing-options
IN
[edit routing-options]
lab@mxB-1# delete
Delete everything under this level? [yes,no] (no) yes
[edit routing-options]
lab@mxB-1#
Step 4.2
Configure an SRLG called switch1. This SRLG should have a SRLG value of 1003
and an SRLG cost of 20000.
[edit routing-options]
lab@mxB-1# set srlg switch1 srlg-value 1003
[edit routing-options]
lab@mxB-1# set srlg switch1 srlg-cost 20000
Lab 514 Fate Sharing (Detailed)
www.juniper.net
Step 4.3
Navigate to the [edit protocols mpls] hierarchy. Apply the switch1 SRLG
to the two ge-1/0/5 subinterfaces that attach to the Ethernet switch. Commit your
configuration and exit to operational mode.
[edit routing-options]
lab@mxB-1# top edit protocols mpls
N
LY
lab@mxB-1>
SE
Step 4.4
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
Step 4.5
AL
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
Step 4.6
TE
R
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking. It may take 30
seconds for the secondary to get to the up state.
IN
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Primary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299824
Resv style: 1 FF, Label in: -, Label out: 299824
Time left:
-, Since: Mon Jun 3 17:04:31 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 5 receiver 18435 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.14.4 (ge-1/0/5.200) 3 pkts
www.juniper.net
SE
N
LY
193.168.1.6
From: 193.168.1.1, LSPstate: Up, ActiveRoute: 0
LSPname: lsp1, LSPpath: Secondary
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: Recovery label received: -, Recovery label sent: 299808
Resv style: 1 FF, Label in: -, Label out: 299808
Time left:
-, Since: Mon Jun 3 17:05:01 2013
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 6 receiver 18436 protocol 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 10.0.12.2 (ge-1/0/6.100) 1 pkts
RESV rcvfrom: 10.0.12.2 (ge-1/0/6.100) 1 pkts
Explct route: 10.0.12.2 10.0.25.2 10.0.56.2
Record route: <self> 10.0.12.2 10.0.25.2 10.0.56.2
Total 2 displayed, Up 2, Down 0
AL
TE
R
IN
www.juniper.net
IN
TE
R
AL
SE
N
LY
Step 4.8
Issue to the show mpls lsp extensive command to determine the SRLGs that
each path is currently traversing.
lab@mxB-1> show mpls lsp extensive
Ingress LSP: 1 sessions
193.168.1.6
From: 193.168.1.1, State: Up, ActiveRoute: 0, LSPname: lsp1
www.juniper.net
N
LY
SE
AL
TE
R
IN
www.juniper.net
N
LY
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-options
[edit routing-options]
lab@mxB-1# set admin-groups-extended-range minimum 100 maximum 900
SE
[edit routing-options]
lab@mxB-1#
Step 5.2
Configure 3 extended admin group called gold (value 100), silver (value 101),
and bronze (value 102).
[edit routing-options]
lab@mxB-1# set admin-groups-extended gold group-value 100
AL
[edit routing-options]
lab@mxB-1# set admin-groups-extended silver group-value 101
TE
R
Step 5.3
[edit routing-options]
lab@mxB-1# set admin-groups-extended bronze group-value 102
Navigate to the [edit protocols mpls] hierarchy and apply (color) the
appropriate extended groups to your core facing interfaces.
[edit routing-options]
lab@mxB-1# top edit protocols mpls
IN
www.juniper.net
Step 5.4
Navigate to the [edit protocols mpls label-switched-path
lsp-bronze] and configure an MPLS LSP named lsp-bronze. Ensure that it
uses path1 as its primary path and that the LSP will only traverse links that are
colored with the bronze extended admin group. The LSP should egress at the pe2
router. Commit your configuration and exit to operational mode.
N
LY
SE
lab@mxB-1>
Step 5.5
Issue the show mpls interface command to verify that the extended admin
groups have been applied properly to the pe1 routers interfaces.
AL
TE
R
IN
Step 5.6
www.juniper.net
SE
N
LY
AL
TE
R
Step 5.7
lab@mxB-1> exit
IN
mxB-1 (ttyu0)
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
SE
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
TE
R
AL
IN
www.juniper.net
N
LY
Note
Step 1.1
SE
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
login: lab
Password:
AL
mxB-1 (ttyp0)
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab6-start.config. Commit the configuration and return to operational
mode.
TE
R
IN
[edit]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
www.juniper.net
State
Full
Full
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
N
LY
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
IN
TE
R
AL
SE
www.juniper.net
Checked 6
Refreshes 0
Refreshes 0
Octets 149
Octets 120
N
LY
SE
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
IN
TE
R
AL
Static
BW
1000Mbps
1000Mbps
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Highwater
mark
0bps
0bps
Step 1.8
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the [edit protocols mpls] hierarchy and create a LSP named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peers loopback address.
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
www.juniper.net
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set label-switched-path localPE-to-remotePE-pod to
remote-pe-loopback-address
N
LY
SE
Step 1.9
AL
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
TE
R
ActivePath
LSPname
pe1-to-pe2-B
IN
www.juniper.net
N
LY
SE
STOP
Step 2.1
AL
In this lab part, you will add another interface to the OSPF network. Including the
new interface in OSPF will allow you to establish reachability for the remote team.
After establishing reachability, you will configure the router to install the remote
teams route as a destination that will use the established LSP for all traffic to the
new network.
TE
R
Enter configuration mode and navigate to the [edit protocols ospf area
0.0.0.0] hierarchy and add the new interface to the existing configuration as a
passive interface. We are adding the interface as passive because we are
adding the interface for demonstrative purposes and will not be establishing a
neighbor relationship on that interface. After you are satisfied with the changes,
commit and exit to operational mode.
IN
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols ospf area 0
[edit protocols ospf area 0.0.0.0]
lab@mxB-1# set interface ge-1/0/4 passive
[edit protocols ospf area 0.0.0.0]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
www.juniper.net
Step 2.2
Use the show ospf interface command to verify the new interface is
participating in your OSPF network.
lab@mxB-1> show ospf interface
Interface
State
Area
ge-1/0/0.230
BDR
0.0.0.0
ge-1/0/1.231
BDR
0.0.0.0
ge-1/0/4.0
DRother 0.0.0.0
lo0.0
DR
0.0.0.0
DR ID
193.168.5.1
193.168.5.4
0.0.0.0
193.168.3.1
BDR ID
193.168.3.1
193.168.3.1
0.0.0.0
0.0.0.0
Nbrs
1
1
0
0
N
LY
Step 2.3
SE
Verify with your remote team that they have completed the previous task. Once they
have completed these steps, you will verify that you are receiving the new remote
network as an OSPF route.
10.0.21.0/24
AL
TE
R
IN
Step 2.4
Enter into configuration mode and navigate to the [edit protocols mpls
label-switched-path localPE-to-remotePE-pod] hierarchy. Using the
install statement, add the remote network to your inet.3 routing table.
Commit your changes.
lab@mxB-1> configure
Entering configuration mode
Lab 68 Miscellaneous MPLS Features (Detailed)
www.juniper.net
[edit]
lab@mxB-1# edit protocols mpls label-switched-path localPE-to-remotePE-pod
[edit protocols mpls label-switched-path pe1-to-pe2-B]
lab@mxB-1# set install remote-network/24
[edit protocols mpls label-switched-path pe1-to-pe2-B]
lab@mxB-1# commit
commit complete
N
LY
Step 2.5
Verify that the route has been added to the inet.3 routing table and points to the
correct LSP.
pe1-to-pe2-B
pe1-to-pe2-B
193.168.2.2/32
AL
10.0.21.0/24
SE
TE
R
IN
Step 2.6
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
inet.3 routing table to resolve the BGP next hop and internal IPv4 traffic will only
use the next hop found in the inet.0 routing table.
www.juniper.net
10.0.21.0/24
N
LY
SE
Include the RSVP route in the inet.0 routing table, so that internal traffic can also
use the LSP. Include this route by adding the active option to the route you
installed under the LSP. After adding this option, commit your configuration,
AL
TE
R
Step 2.8
Verify that you can now see the RSVP route in your inet.0 routing table.
IN
www.juniper.net
N
LY
SE
AL
TE
R
In this lab part, you will configure MPLS traffic engineering to move routes from
inet.3 into the inet.0 routing table for both BGP and internal gateway protocol
(IGP) routes. You will then use the traceroute utility to verify that the traffic is
using the LSP for internal traffic.
Step 3.1
IN
Remove the active option from the installed route. Review your configuration change
before proceeding. When you are satisfied with the change, issue a commit and exit
to operational mode.
Step 3.2
Verify that you no longer have the RSVP route in your inet.0 routing table.
N
LY
10.0.21.0/24
10.0.21.0/24
pe1-to-pe2-B
SE
AL
IN
Step 3.3
TE
R
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy and enable traffic engineering to move routes from inet.3 into the
inet.0 routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set traffic-engineering ?
Possible completions:
Lab 612 Miscellaneous MPLS Features (Detailed)
www.juniper.net
bgp
BGP destinations only
bgp-igp
BGP and IGP destinations
bgp-igp-both-ribs
BGP and IGP destinations with routes in both routing
tables
mpls-forwarding
Use MPLS routes for forwarding, not routing
[edit protocols mpls]
lab@mxB-1# set traffic-engineering bgp-igp
N
LY
Step 3.4
Verify that your inet.0 route table contains the RSVP route to the remote network
specified to use the LSP.
Step 3.5
pe1-to-pe2-B
AL
10.0.21.0/24
SE
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network (use the address on the remote PE routers ge-1/0/4
interface as a destination).
IN
TE
R
byte packets
0.547 ms
0.573 ms
0.579 ms
ms
www.juniper.net
N
LY
In this lab part, you will use policy to control which LSP certain traffic traverses. You
will begin by disabling the extra interface from OSPF that was added in Part 2. You
will create two new LSPs that take different paths through the core network. You will
then create two static routes and export these routes to your BGP peer. Finally, you
will create and apply a policy to send traffic destined to the two routesreceived
from your neighbordown separate LSPs.
SE
Step 4.1
lab@mxB-1> configure
Entering configuration mode
Enter into configuration mode and begin by removing the ge-1/0/4 interface that we
added to OSPF area 0 in Part 2. You only need to remove this interface from your
OSPF configuration.
AL
[edit]
lab@mxB-1# delete protocols ospf area 0 interface ge-1/0/4
Step 4.2
Navigate to the [edit protocols mpls] hierarchy and delete the existing label
switched path and traffic engineering configuration.
TE
R
[edit]
lab@mxB-1# edit protocols mpls
IN
Step 4.3
Create two paths named one and two. Specify the different loose hops that each
LSP path should signal along. Path one should traverse the top of the network using
the P1, P2, and P3 routers. Path two should traverse the bottom using P4, P5, and
P6 routers.
www.juniper.net
SE
U
Step 4.4
AL
N
LY
TE
R
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE routers loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
IN
N
LY
label-switched-path lsp-2 {
to 193.168.2.2;
primary two;
}
path one {
193.168.5.1 loose;
193.168.5.2 loose;
193.168.5.3 loose;
}
path two {
193.168.5.4 loose;
193.168.5.5 loose;
193.168.5.6 loose;
}
interface ge-1/0/0.220;
interface ge-1/0/1.221;
interface lo0.0;
SE
Step 4.5
AL
Using the show mpls lsp extensive ingress command, verify that your
LSPs are established and traversing the core network as expected based on your
explicit paths.
lab@mxB-1> show mpls lsp extensive ingress
Ingress LSP: 2 sessions
IN
TE
R
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: lsp-1
ActivePath: one (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
one
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 4)
172.22.220.2 S 172.22.201.2 S 172.22.206.2 S 172.22.222.1 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
5 May 20 10:34:48.179 Selected as active path
4 May 20 10:34:48.177 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.222.1
3 May 20 10:34:48.177 Up
2 May 20 10:34:48.132 Originate Call
1 May 20 10:34:48.132 CSPF: computation result accepted 172.22.220.2
172.22.201.2 172.22.206.2 172.22.222.1
Created: Mon May 20 10:34:48 2013
Lab 616 Miscellaneous MPLS Features (Detailed)
www.juniper.net
SE
N
LY
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: lsp-2
ActivePath: two (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
two
State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 4)
172.22.221.2 S 172.22.203.2 S 172.22.204.2 S 172.22.223.1 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.221.2 172.22.203.2 172.22.204.2 172.22.223.1
5 May 20 10:34:48.285 Selected as active path
4 May 20 10:34:48.284 Record Route: 172.22.221.2 172.22.203.2 172.22.204.2
172.22.223.1
3 May 20 10:34:48.284 Up
2 May 20 10:34:48.134 Originate Call
1 May 20 10:34:48.134 CSPF: computation result accepted 172.22.221.2
172.22.203.2 172.22.204.2 172.22.223.1
Created: Mon May 20 10:34:48 2013
Total 2 displayed, Up 2, Down 0
AL
IN
TE
R
Step 4.6
Enter into configuration mode, navigate to the [edit routing-options]
hierarchy, and define the static routes outlined on the network diagram for the
device you are configuring.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# edit routing-options
[edit routing-options]
lab@mxB-1# set static route route/24 receive
[edit routing-options]
lab@mxB-1# set static route route/24 receive
N
LY
[edit routing-options]
lab@mxB-1#
Step 4.7
[edit routing-options]
lab@mxB-1# top edit policy-options policy-statement export-static
SE
AL
TE
R
Step 4.8
Apply the new policy as an export policy to your IBGP group. Commit your
configuration changes and exit to operational mode.
IN
Step 4.9
Verify that your router is now sending these routes to your neighbor and that you are
receiving the remote static prefixes from the remote peer.
Lab 618 Miscellaneous MPLS Features (Detailed)
www.juniper.net
N
LY
AL
10.2.4.0/24
10.2.3.0/24
SE
lsp-1
lsp-2
IN
TE
R
...
lsp-1
lsp-2
Step 4.10
Enter into configuration mode and create a policy named lsp-policy. Create a
term named lsp-1. Under this term you will match the first BGP prefix received
from your peer and change the next-hop to your LSP named lsp-1. You will accept
this route. Then, you will create a second term named lsp-2, which will match on
the second BGP route and change the next-hop to lsp-2. This route also needs to
have the accept action.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# edit policy-options policy-statement lsp-policy
[edit policy-options policy-statement lsp-policy]
lab@mxB-1# set term lsp-1 from protocol bgp
[edit policy-options policy-statement lsp-policy]
lab@mxB-1# set term lsp-1 from route-filter first-received-route/24 exact
N
LY
SE
IN
TE
R
AL
Step 4.11
Navigate to the [edit routing-options] hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode.
Lab 620 Miscellaneous MPLS Features (Detailed)
www.juniper.net
N
LY
lab@mxB-1>
Step 4.12
Verify that the next hop for each of the remote BGP routes point to the correct LSP as
defined in your policy.
10.2.4.0/24
SE
10.2.3.0/24
AL
...
IN
TE
R
STOP
www.juniper.net
N
LY
Step 5.1
Enter into configuration mode and remove the policy you created in Part 4. You must
also remove the export policy applied to the forwarding table because it is no longer
defined. Commit your changes when you are ready to proceed.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# delete policy-options policy-statement lsp-policy
SE
[edit]
lab@mxB-1# delete routing-options forwarding-table export
Step 5.2
AL
[edit]
lab@mxB-1
[edit]
lab@mxB-1# commit
commit complete
Use the show route protocol bgp command to review the current status of
your BGP routes received from your peer.
TE
R
[edit]
lab@mxB-1# run show route protocol bgp
inet.0: 40 destinations, 40 routes (40 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
IN
10.2.3.0/24
10.2.4.0/24
...
lsp-1
lsp-2
lsp-1
lsp-2
www.juniper.net
N
LY
Step 5.3
Review the RSVP routes in inet.3 to determine what metric is being calculated by the
IGP. This status review provides the current values so that when you manually assign
a metric, you can verify that the changes have been applied correctly
[edit]
lab@mxB-1# run show route table inet.3
193.168.2.2/32
SE
AL
IN
TE
R
Step 5.4
Navigate to the [edit protocols mpls] hierarchy and set the metric to 8 for
lsp-2. After changing the metric, commit your configuration and exit to operational
mode.
[edit]
lab@mxB-1# edit protocols mpls
www.juniper.net
Step 5.5
N
LY
Use the show route protocol bgp command to review the BGP routes for
changes.
lab@mxB-1> show route protocol bgp
10.2.4.0/24
...
SE
10.2.3.0/24
AL
Step 5.6
TE
R
Answer: The two next hops for the BGP routes are
no longer available because they are no longer
equal cost paths.
View the inet.3 table to verify the metric change is reflected by the RSVP routes.
IN
www.juniper.net
N
LY
lab@mxB-1> configure
Entering configuration mode
SE
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Enable traffic-engineering bgp-igp. This will allow you to
traceroute over the MPLS LSPs to the remote teams loopback address. We will be
using traceroute to demonstrate the behavior with TTL handling. Commit the change
and exit to operational mode before proceeding. By using traffic engineering, it
allows internal traffic to use the RSVP routes to get to the remote teams loopback
address.
AL
[edit]
lab@mxB-1# edit protocols mpls
TE
R
IN
Step 6.2
Verify the default behavior by using the traceroute utility. You can now traceroute to
the remote teams loopback address.
N
LY
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure the router so that the TTL is not decremented by using the
no-decrement-ttl statement under the MPLS protocol. Commit the
configuration and exit to operational mode before proceeding to the next step.
lab@mxB-1> configure
Entering configuration mode
SE
[edit]
lab@mxB-1# edit protocols mpls
[edit protocols mpls]
lab@mxB-1# set no-decrement-ttl
Step 6.4
AL
lab@mxB-1>
TE
R
IN
www.juniper.net
N
LY
Use the show mpls lsp egress command to view the Labelin value before
you configure the router to signal explicit null. You should expect to see a value of 3
for both LSPs.
Step 7.2
SE
Enter into configuration mode and navigate to the [edit protocols mpls]
hierarchy. Configure your router to signal explicit null by using the
explicit-null command. This command tells the router to signal the upstream
LSR (penultimate router) that it expects to receive an MPLS label. In operation,
instead of signaling a value of 3 upstream (default behavior), the egress router will
signal a value of 0 upstream. Commit the changes and exit to operational mode
before proceeding to the next step.
AL
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols mpls
TE
R
IN
Step 7.3
Use the show mpls lsp egress command to view the Labelin value now that
you have configured the router to signal explicit null. You should expect to see a
value of 0 for both LSPs.
lab@mxB-1> show mpls lsp egress
Egress LSP: 2 sessions
To
From
State
193.168.2.1
193.168.2.2
Up
193.168.2.1
193.168.2.2
Up
www.juniper.net
N
LY
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
SE
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
Step 8.1
AL
lab@mxB-1> configure
Entering configuration mode
Enter into configuration mode and navigate to the [edit protocols mpls
statistics] hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the auto-bandwidth statement.
[edit]
lab@mxB-1# edit protocols mpls statistics
TE
R
IN
Step 8.2
www.juniper.net
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
N
LY
IN
TE
R
AL
SE
193.168.2.2
From: 193.168.2.1, State: Up, ActiveRoute: 0, LSPname: lsp-1
ActivePath: one (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Autobandwidth
AdjustTimer: 86400 secs
Max AvgBW util: 0bps, Bandwidth Adjustment in 86382 second(s).
Overflow limit: 0, Overflow sample count: 0
Underflow limit: 0, Underflow sample count: 0, Underflow Max AvgBW: 0bps
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary
one
State: Up, No-decrement-ttl
Priorities: 7 0
SmartOptimizeTimer: 180
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 4)
172.22.220.2 S 172.22.201.2 S 172.22.206.2 S 172.22.222.1 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.22.220.2 172.22.201.2 172.22.206.2 172.22.222.1
5 May 20 11:15:03.200 Selected as active path
4 May 20 11:15:03.199 Record Route: 172.22.220.2 172.22.201.2 172.22.206.2
172.22.222.1
3 May 20 11:15:03.198 Up
2 May 20 11:15:03.155 Originate Call
1 May 20 11:15:03.155 CSPF: computation result accepted 172.22.220.2
172.22.201.2 172.22.206.2 172.22.222.1
Created: Mon May 20 11:15:02 2013
Total 1 displayed, Up 1, Down 0
N
LY
SE
login:
IN
STOP
TE
R
mxB-1 (ttyu0)
lab@mxB-1> exit
AL
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
SE
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
Load the a baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
AL
Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
IN
TE
R
www.juniper.net
Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then enable Resource Reservation Protocol (RSVP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure
MP-BGP, and configure a route-distinguisher ID.
Note
N
LY
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
SE
IN
TE
R
AL
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab7-start.config and commit.
mxB-1 (ttyp0)
AL
login: lab
Password:
TE
R
IN
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1#
Step 1.5
Navigate to the [edit protocols] hierarchy. Issue the show command and
analyze the protocols that have been preconfigured for you.
[edit]
lab@mxB-1# edit protocols
www.juniper.net
N
LY
[edit protocols]
lab@mxB-1# show
bgp {
group my-int-group {
type internal;
local-address 193.168.2.1;
neighbor 193.168.2.2;
}
}
ospf {
area 0.0.0.0 {
interface ge-1/0/0.220;
interface ge-1/0/1.221;
interface lo0.0;
}
}
[edit protocols]
lab@mxB-1#
SE
AL
IN
TE
R
www.juniper.net
[edit protocols]
lab@mxB-1# exit configuration-mode
Exiting configuration mode
lab@mxB-1> show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
State
Full
Full
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
N
LY
SE
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
IN
TE
R
AL
Updates 2
Refreshes 0
Octets 175250
N
LY
SE
AL
TE
R
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
[edit interfaces] hierarchy and enable family mpls on both of the
core-facing interfaces.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit interfaces
IN
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family mpls
[edit interfaces]
lab@mxB-1#
Step 1.9
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Lab 76 L3VPN Static and BGP Routing (Detailed)
www.juniper.net
[edit interfaces]
lab@mxB-1# top edit protocols
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.unit
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.unit
Step 1.10
N
LY
[edit protocols]
lab@mxB-1#
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/0.unit
[edit protocols]
lab@mxB-1# set rsvp interface ge-1/0/1.unit
Step 1.11
SE
Step 1.12
AL
[edit protocols]
lab@mxB-1# set ospf traffic-engineering
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE routers BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
TE
R
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet unicast
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet-vpn unicast
IN
Step 1.13
[edit protocols]
lab@mxB-1# top edit routing-options
[edit routing-options]
lab@mxB-1# set route-distinguisher-id local-pe-loopback-address
www.juniper.net
[edit routing-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.14
Using show commands, verify that MPLS and RSVP are configured correctly on the
core-facing interfaces.
Available
BW
1000Mbps
1000Mbps
Reserved
BW
0bps
0bps
Static
BW
1000Mbps
1000Mbps
SE
N
LY
Highwater
mark
0bps
0bps
Step 1.15
AL
TE
R
Verify the state of your PE routers BGP neighbor relationship with the remote PE
router.
IN
www.juniper.net
AL
SE
N
LY
IN
TE
R
N
LY
[edit]
lab@mxB-1# edit protocols mpls
AL
SE
TE
R
IN
Step 2.2
Use the show mpls lsp command to verify that the RSVP LSP you just configured
is up and functional. Ensure that you have bidirectional LSPs before proceeding.
ActivePath
LSPname
pe1-to-pe2-B
www.juniper.net
N
LY
Use the show route table inet.3 command to review the inet.3 routing table
and verify that the RSVP route is present and ready to use.
lab@mxB-1> show route table inet.3
pe1-to-pe2-B
193.168.2.2/32
SE
TE
R
AL
Step 2.4
IN
lab@mxB-1:ceB-1>
Step 3.2
N
LY
IN
TE
R
AL
SE
www.juniper.net
routing-options {
static {
route 172.20.0.0/24 reject;
route 172.20.1.0/24 reject;
route 172.20.2.0/24 reject;
route 172.20.3.0/24 reject;
}
autonomous-system 65201;
}
N
LY
SE
AL
IN
TE
R
Step 3.3
Use the ping utility to attempt to ping the local PE routers ge-1/0/4 interface.
www.juniper.net
N
LY
SE
STOP
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 4.1
AL
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 4.2
TE
R
lab@mxB-1>
IN
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/4 vlan-tagging unit unit vlan-id vlan-id family inet
address address/24
www.juniper.net
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 4.3
Verify connectivity to the CE device using the ping utility with a count value of 3.
N
LY
--- 10.0.20.2 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.595/1.084/2.048/0.682 ms
SE
AL
TE
R
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route distinguisher and a unique route target. You will include your CE facing
interface within this instance. In this lab, you will be using the vrf-target option
because of its simplicity. Please note that vrf-import and vrf-export policies
would work also.
IN
Step 5.1
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-pod instance-type vrf
www.juniper.net
[edit routing-instances]
lab@mxB-1#
Step 5.2
Navigate to the [edit routing-instances vpn-pod] hierarchy. Create a
route distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should look like this:
loopback-address:1.
Step 5.3
N
LY
[edit routing-instances]
lab@mxB-1# edit vpn-pod
Target Community
Pod
SE
Configure your route target. As mentioned previously, you will be using the
vrf-target option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. Use the following
table to determine the format of your vrf-target.
AL
target:65512:1
target:65512:2
target:65512:3
target:65512:4
Step 5.4
TE
R
IN
Step 5.5
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
www.juniper.net
Step 5.6
N
LY
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE facing interface. You can accomplish this by issuing the
show route table vpn-pod.inet.0 command.
10.0.20.0/24
10.0.20.1/32
*[Direct/0] 00:01:07
> via ge-1/0/4.620
*[Local/0] 00:01:07
Local via ge-1/0/4.620
SE
AL
TE
R
STOP
IN
Step 6.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
www.juniper.net
Step 6.2
Enter configuration mode and navigate to the [edit routing-options]
hierarchy. Configure a static default route that points to the PE interface address as
the next hop.
N
LY
lab@mxB-1:ceB-1> configure
Entering configuration mode
[edit]
lab@mxB-1:ceB-1# edit routing-options
[edit routing-options]
lab@mxB-1:ceB-1# set static route 0/0 next-hop local-pe-address
SE
[edit routing-options]
lab@mxB-1:ceB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1:ceB-1>
Step 6.3
AL
Issue the show route command that the default route now exists in the CE
routers routing table.
lab@mxB-1:ceB-1> show route
*[Static/5] 00:02:37
> to 10.0.20.1 via ge-1/1/4.620
*[Direct/0] 03:49:54
> via ge-1/1/4.620
*[Local/0] 03:49:54
Local via ge-1/1/4.620
*[Static/5] 03:49:54
Reject
*[Static/5] 03:49:54
Reject
*[Static/5] 03:49:54
Reject
*[Static/5] 03:49:54
Reject
*[Direct/0] 03:49:54
> via lo0.1
TE
R
0.0.0.0/0
10.0.20.0/24
10.0.20.2/32
IN
172.20.0.0/24
172.20.1.0/24
172.20.2.0/24
172.20.3.0/24
193.168.12.1/32
www.juniper.net
N
LY
Step 6.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1:ceB-1> clear cli logical-system
Cleared default logical system
lab@mxB-1>
Step 6.5
AL
lab@mxB-1> configure
Entering configuration mode
SE
[edit]
lab@mxB-1# edit routing-instances vpn-pod routing-options
TE
R
IN
Step 6.6
Verify that you are advertising your routes to the remote PE router.
lab@mxB-1> show route advertising-protocol bgp remote-pe-loopback-address
N
LY
SE
AL
Step 6.7
Verify that you are receiving routes from the remote PE router.
lab@mxB-1> show route receive-protocol bgp remote-pe-address
TE
R
IN
www.juniper.net
*
*
*
*
193.168.2.2:1:172.20.5.0/24
193.168.2.2
193.168.2.2:1:172.20.6.0/24
193.168.2.2
193.168.2.2:1:172.20.7.0/24
193.168.2.2
193.168.2.2:1:193.168.12.2/32
193.168.2.2
100
100
100
100
N
LY
SE
Step 6.8
AL
TE
R
10.0.20.1/32
*[Direct/0] 00:51:46
> via ge-1/0/4.620
*[Local/0] 00:51:46
Local via ge-1/0/4.620
*[BGP/170] 00:48:05, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> to 172.22.221.2 via ge-1/0/1.221, label-switched-path
10.0.20.0/24
10.0.21.0/24
IN
pe1-to-pe2-B
172.10.4.0/24
pe1-to-pe2-B
172.10.5.0/24
pe1-to-pe2-B
172.10.6.0/24
pe1-to-pe2-B
www.juniper.net
172.10.7.0/24
pe1-to-pe2-B
172.20.0.0/24
*[Static/5] 00:23:54
> to 10.0.20.2 via ge-1/0/4.620
*[Static/5] 00:23:54
> to 10.0.20.2 via ge-1/0/4.620
*[Static/5] 00:23:54
> to 10.0.20.2 via ge-1/0/4.620
*[Static/5] 00:23:54
> to 10.0.20.2 via ge-1/0/4.620
*[Static/5] 00:23:54
> to 10.0.20.2 via ge-1/0/4.620
*[BGP/170] 00:48:05, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> to 172.22.221.2 via ge-1/0/1.221, label-switched-path
172.20.1.0/24
172.20.2.0/24
172.20.3.0/24
N
LY
193.168.12.1/32
193.168.12.2/32
pe1-to-pe2-B
SE
AL
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
TE
R
lab@mxB-1:ceB-1>
IN
Step 6.10
Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping
utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CEs loopback address. You will send five packets for this
test. This can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5
www.juniper.net
N
LY
STOP
SE
In this lab part, you will configure BGP routing to pass routes from your CE to your
PE router. These routes will be passed through the MP-BGP session to the remote
PE router so that traffic can be routed from the remote CE site. You will verify that
your routes are shared with the remote PE device and you will also need to verify
that you are receiving the routes from the remote PE. You will use the ping utility to
test the CE to CE connectivity over the Layer 3 VPN.
Note
Step 7.1
AL
TE
R
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Create an external group called my-ext-group and specify the local
PEs ge-1/0/4 interfaces as the neighbor address. You must also define your
peer-as (AS 65512). Apply the policy exp-policy that you analyzed earlier in
the lab as an export policy to your EBGP group. Review your BGP configuration
before proceeding.
IN
lab@mxB-1:ceB-1> configure
Entering configuration mode
[edit]
lab@mxB-1:ceB-1# edit protocols bgp
N
LY
Step 7.2
SE
lab@mxB-1:ceB-1>
Step 7.3
AL
[edit routing-options]
lab@mxB-1:ceB-1# commit and-quit
commit complete
Exiting configuration mode
[edit routing-options]
lab@mxB-1:ceB-1# delete static route 0/0
TE
R
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
IN
Step 7.4
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-instances vpn-pod routing-options
[edit routing-instances vpn-B routing-options]
lab@mxB-1# delete static
Lab 724 L3VPN Static and BGP Routing (Detailed)
www.juniper.net
Step 7.5
Navigate to the [edit routing-instances vpn-pod protocols bgp]
hierarchy. Create an external group called my-ext-group and specify the local CE
routers ge-1/1/4 address for the neighbor address. You must also define your
peer-as (the local CE routers AS number). Review your configuration, Commit,
and exit to operational mode before moving on to the next step.
N
LY
SE
AL
TE
R
lab@mxB-1>
Step 7.6
Verify on the PE that you are receiving the advertised BGP routes from your
CE router.
IN
www.juniper.net
* 172.20.2.0/24
* 172.20.3.0/24
* 193.168.12.1/32
10.0.20.2
10.0.20.2
10.0.20.2
65201 I
65201 I
65201 I
N
LY
SE
Step 7.7
Verify that your PE router is advertising your VPN routes to the remote PE router.
TE
R
AL
IN
Step 7.8
Verify that you are receiving the VPN routes being advertised from the remote
PE router.
www.juniper.net
N
LY
AL
SE
IN
TE
R
Answer: Yes, you should see all the routes that were
exported by the remote CE router and later
advertised from the remote PE router through the
VPN. If you do not see these routes, please review
your configuration and ensure that the remote team
has completed up through Step 7.6. Please request
assistance from your instructor, if needed.
Step 7.9
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
www.juniper.net
Step 7.10
Review the BGP routes you are receiving on your CE router.
lab@mxB-1:ceB-1> show route receive-protocol bgp local-pe-address
N
LY
SE
TE
R
Step 7.11
AL
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
IN
Step 7.12
www.juniper.net
N
LY
IN
TE
R
AL
SE
Metric: 4
Node path count: 1
Forwarding nexthops: 1
Nexthop: 172.22.220.2 via ge-1/0/0.220
bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
IN
TE
R
AL
SE
N
LY
www.juniper.net
N
LY
lab@mxB-1> configure
Entering configuration mode
SE
[edit]
lab@mxB-1# edit routing-instances vpn-pod protocols bgp
AL
TE
R
IN
Step 7.15
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 7.16
Verify that your CE router is now receiving the routes from your PE router after the
change.
lab@mxB-1:ceB-1> show route receive-protocol bgp local-pe-address
inet.0: 13 destinations, 18 routes (13 active, 0 holddown, 5 hidden)
www.juniper.net
*
*
*
*
*
*
Prefix
10.0.21.0/24
172.20.4.0/24
172.20.5.0/24
172.20.6.0/24
172.20.7.0/24
193.168.12.2/32
Nexthop
10.0.20.1
10.0.20.1
10.0.20.1
10.0.20.1
10.0.20.1
10.0.20.1
MED
Lclpref
AS path
65512 I
65512 65512
65512 65512
65512 65512
65512 65512
65512 65512
I
I
I
I
I
N
LY
SE
Step 7.17
Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the
ping utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CE routers loopback address. You will send five packets for
this test. This task can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5 .
TE
R
AL
IN
Step 7.18
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Lab 732 L3VPN Static and BGP Routing (Detailed)
www.juniper.net
Step 7.19
Log out of your assigned device using the exit command.
lab@mxB-1> exit
N
LY
mxB-1 (ttyu0)
login:
IN
TE
R
AL
SE
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will configure an internal
BGP (IBGP) session with a preconfigured route reflector in the core network. You will
implement route target filtering on your PE router and you will configure Internet access
for the customer edge (CE) router through your PE router.
SE
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
Configure your IBGP peering so that your router peers with the route reflector.
Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
IN
TE
R
AL
www.juniper.net
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline OSPF configuration and then enable Label Distribution Protocol (LDP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure a
MP-BGP peering session with the route reflector, and configure a route-distinguisher
ID.
Note
N
LY
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
SE
Step 1.2
AL
IN
TE
R
www.juniper.net
Step 1.3
N
LY
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
SE
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab8-start.config and commit.
mxB-1 (ttyp0)
AL
login: lab
Password:
TE
R
IN
[edit]
lab@mxB-1# commit
commit complete
[edit]
lab@mxB-1#
Step 1.5
Navigate to the [edit protocols] hierarchy. Issue the show command and
analyze the protocols that have been preconfigured for you.
[edit]
lab@mxB-1# edit protocols
www.juniper.net
[edit protocols]
lab@mxB-1# show
ospf {
area 0.0.0.0 {
interface ge-1/0/0.220;
interface ge-1/0/1.221;
interface lo0.0;
}
}
N
LY
[edit protocols]
lab@mxB-1#
SE
Step 1.6
State
Full
Full
AL
[edit protocols]
lab@mxB-1# run show ospf neighbor
Address
Interface
172.22.220.2
ge-1/0/0.220
172.22.221.2
ge-1/0/1.221
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
TE
R
IN
Step 1.7
Navigate to the [edit protocols bgp] hierarchy. Configure a IBGP peer group
called my-int-group. Use your routers loopback address as the source address
of all IBGP packets. Finally, configure your router to peer with the P2 router, which is
the acting route reflector for the core network.
[edit protocols]
lab@mxB-1# edit bgp
[edit protocols bgp]
lab@mxB-1# set group my-int-group type internal
www.juniper.net
Step 1.8
N
LY
To allow for the exchange of Layer 3 VPN routes, enable the inet-vpn unicast
network layer reachability information (NLRI) for your PE routers BGP session with
the P2 router. Make sure to also enable the exchange of standard unicast IP version
4 (IPv4) routes as well. Commit your configuration and exit to operation mode.
[edit protocols bgp]
lab@mxB-1# set group my-int-group family inet unicast
lab@mxB-1>
Step 1.9
SE
AL
Verify that your PE router has established an IBGP neighbor relationship with the P2
router.
IN
TE
R
Checked 36
Refreshes 0
Refreshes 0
Octets 166
Octets 177
N
LY
SE
AL
TE
R
IN
Step 1.10
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
[edit interfaces] hierarchy and enable family mpls on both of the
core-facing interfaces.
lab@mxB-1> configure
Entering configuration mode
www.juniper.net
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family mpls
[edit interfaces]
lab@mxB-1
N
LY
Step 1.11
[edit interfaces]
lab@mxB-1# top edit protocols
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.unit
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
SE
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.unit
[edit protocols]
lab@mxB-1#
Step 1.12
AL
Configure the LDP protocol on the core-facing interfaces as well as the loopback
interface.
[edit protocols]
lab@mxB-1# set ldp interface ge-1/0/0.unit
TE
R
[edit protocols]
lab@mxB-1# set ldp interface ge-1/0/1.unit
[edit protocols]
lab@mxB-1# set ldp interface lo0.0
IN
Step 1.13
[edit protocols]
lab@mxB-1# top edit routing-options
[edit routing-options]
lab@mxB-1# set route-distinguisher-id local-pe-loopback-address
[edit routing-options]
lab@mxB-1# commit and-quit
www.juniper.net
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.14
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.
N
LY
SE
Verify that your router has established LDP neighbor relationships with the
neighboring P routers.
AL
TE
R
Label space ID
193.168.5.1:0
193.168.5.4:0
Connection
Open
Open
Hold time
23
23
Hold time
13
10
Adv. Mode
DU
DU
IN
Step 1.16
Verify that the inet.3 routing table contains an LDP route to the remote PE router.
lab@mxB-1> show route table inet.3
inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
Lab 88 Route Reflection and Internet Access (Detailed)
www.juniper.net
*[LDP/9] 00:06:41,
> to 172.22.221.2
to 172.22.220.2
*[LDP/9] 00:06:41,
> to 172.22.220.2
*[LDP/9] 00:06:41,
> to 172.22.220.2
*[LDP/9] 00:06:41,
> to 172.22.220.2
*[LDP/9] 00:06:41,
> to 172.22.221.2
*[LDP/9] 00:06:41,
> to 172.22.221.2
*[LDP/9] 00:06:41,
> to 172.22.221.2
193.168.5.1/32
193.168.5.2/32
193.168.5.3/32
193.168.5.4/32
193.168.5.5/32
193.168.5.6/32
metric 1
via ge-1/0/1.221,
via ge-1/0/0.220,
metric 1
via ge-1/0/0.220
metric 1
via ge-1/0/0.220,
metric 1
via ge-1/0/0.220,
metric 1
via ge-1/0/1.221
metric 1
via ge-1/0/1.221,
metric 1
via ge-1/0/1.221,
Push 300064
Push 300096
Push 299840
Push 299824
Push 299776
N
LY
193.168.2.2/32
Push 299792
SE
AL
STOP
TE
R
In this lab part, you will view the configuration for the two CE routers (logical
systems) that were preconfigured as part of the loaded starting configuration in
Part 1 of this lab.
Step 2.1
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
IN
Step 2.2
Issue the show configuration command to view the configuration of the CE
router.
lab@mxB-1:ceB-1> show configuration
interfaces {
ge-1/1/4 {
unit 620 {
www.juniper.net
SE
TE
R
lab@mxB-1:ceB-1>
AL
}
policy-options {
policy-statement exp-policy {
term 10 {
from protocol static;
then accept;
}
term 20 {
from protocol direct;
then accept;
}
}
}
routing-options {
static {
route 172.20.0.0/24 reject;
route 172.20.1.0/24 reject;
route 172.20.2.0/24 reject;
route 172.20.3.0/24 reject;
}
autonomous-system 65201;
}
}
lo0 {
unit 1 {
family inet {
address 193.168.12.1/32;
}
}
}
N
LY
vlan-id 620;
family inet {
address 10.0.20.2/24;
}
IN
www.juniper.net
N
LY
SE
AL
Use the ping utility to attempt to ping the local PE routers ge-1/0/4 interface.
IN
TE
R
--- 10.0.20.1 ping statistics --1 packets transmitted, 0 packets received, 100% packet loss
Step 2.4
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
lab@mxB-1:ceB-1> set cli logical-system upper-ce-hostname
Logical system: ceB-3
lab@mxB-1:ceB-3>
www.juniper.net
Step 2.5
IN
TE
R
AL
SE
N
LY
lab@mxB-1:ceB-3>
www.juniper.net
N
LY
SE
AL
TE
R
IN
Step 2.6
Use the ping utility to attempt to ping the local PE routers ge-1/0/5 interface.
www.juniper.net
N
LY
SE
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 3.2
AL
lab@mxB-1> configure
Entering configuration mode
TE
R
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/4 vlan-tagging unit unit vlan-id vlan-id
IN
[edit interfaces]
lab@mxB-1# set ge-1/0/4 unit unit family inet address address/24
[edit interfaces]
lab@mxB-1# set ge-1/0/5 vlan-tagging unit unit vlan-id vlan-id
[edit interfaces]
lab@mxB-1# set ge-1/0/5 unit unit family inet address address/24
www.juniper.net
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 3.3
Verify reachability to both CE routers by pinging their interfaces five times.
time=7.201
time=0.598
time=0.550
time=0.576
time=0.558
ms
ms
ms
ms
ms
N
LY
--- 10.0.20.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.550/1.897/7.201/2.652 ms
SE
AL
time=6.616 ms
time=4.930 ms
time=3.992 ms
time=7.623 ms
time=12.433 ms
--- 10.1.20.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.992/7.119/12.433/2.943 ms
IN
TE
R
www.juniper.net
N
LY
In this lab part, you will configure two Layer 3 VPN instances. You will create a VPN
named vpn-lower, which will connect the lower CE routers (see diagram) of the
two sites. For example, if you are controlling mxB-1 or mxB-2 (pod B), you will create
a VPN that connects ceB-1 to ceB-2. You will then create a VPN named vpn-upper,
which will connect the upper CE routers. You will assign a unique route target to
each instance and you will include your CE-facing interface within the appropriate
instance. In this lab, you will be using the vrf-target option because of its
simplicity. Please note that vrf-import and vrf-export policies would work
also. Use the following table as your guide for configuring your target communities in
this part of the lab.
Lower Target
Upper Target
target:65512:101
target:65512:102
target:65512:201
target:65512:301
target:65512:302
target:65512:401
target:65512:402
Pod
SE
target:65512:202
Step 4.1
AL
TE
R
[edit]
lab@mxB-1# edit routing-instances vpn-lower
[edit routing-instances vpn-lower]
lab@mxB-1# set instance-type vrf
[edit routing-instances vpn-lower]
lab@mxB-1#
IN
Step 4.2
Configure your route target for the lower VPN. As mentioned previously, you will be
using the vrf-target option. See the table at the beginning of this part of the lab
to determine the appropriate target community value.
www.juniper.net
Step 4.4
Add the appropriate subinterface of ge-1/0/4 to the routing instance. Review your
configuration changes and commit when you are satisfied with the changes.
[edit routing-instances vpn-lower]
lab@mxB-1# set interface ge-1/0/4.unit
N
LY
Step 4.5
[edit routing-instances]
lab@mxB-1# edit vpn-upper
SE
AL
Step 4.6
TE
R
Configure your route target for the upper VPN using the vrf-target option. See
the table at the beginning of this part of the lab to determine the appropriate target
community value.
IN
Step 4.7
Add the appropriate subinterface of ge-1/0/5 to the routing instance. Review your
configuration changes and when satisfied, commit and exit to operational mode.
Step 4.8
Use the show route command to verify that both VRF tables are created and
contain the local network routes.
N
LY
10.0.20.1/32
*[Direct/0] 00:08:49
> via ge-1/0/4.620
*[Local/0] 00:08:49
Local via ge-1/0/4.620
SE
10.0.20.0/24
AL
10.1.20.1/32
*[Direct/0] 00:03:56
> via ge-1/0/5.621
*[Local/0] 00:03:56
Local via ge-1/0/5.621
10.1.20.0/24
TE
R
IN
Step 4.9
www.juniper.net
AS path: [65512] I
Communities: target:65512:201
vpn-upper.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
N
LY
SE
STOP
TE
R
AL
IN
www.juniper.net
In this lab part, you will configure BGP routing to pass routes from your CE routers to
your PE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE sites. You will
verify that your routes are shared with the remote PE device and you will also need
to verify that you are receiving the routes from the remote PE router for each of the
configured VPNs. You will use the ping utility to test the CE to CE connectivity over
the Layer 3 VPNs for each site.
Step 5.1
Enter into configuration mode and navigate to the [edit routing-instances
vpn-lower protocols bgp] hierarchy. Create an external group called
my-ext-group-lower and specify your locally attached CE routers neighbor
address. You must also define your peer-as. Remember to add the option
as-override to your BGP group, because both the local CE router and the remote
CE router are in the same AS. Review your configuration, commit, and exit to
operation mode before moving on to the next step.
N
LY
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-instances vpn-lower protocols bgp
SE
TE
R
AL
IN
lab@mxB-1>
Step 5.2
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
www.juniper.net
Step 5.3
Enter configuration mode and navigate to the [edit protocols bgp]
hierarchy. Create an external group called my-ext-group and specify your local
PE routers neighbor address. You must also define your peer-as. Apply the policy
exp-policy that you viewed earlier in the lab as an export policy to your EBGP
group. Review your configuration, commit, and exit to operational mode.
lab@mxB-1:ceB-1> configure
Entering configuration mode
N
LY
[edit]
lab@mxB-1:ceB-1# edit protocols bgp
SE
AL
TE
R
IN
lab@mxB-1:ceB-1>
Note
Step 5.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
www.juniper.net
Step 5.5
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the lower CE router at your PE router.
lab@mxB-1> show route receive-protocol bgp lower-ce-address
N
LY
SE
AL
TE
R
IN
Step 5.6
www.juniper.net
* 193.168.12.1/32
Self
100
65201 I
N
LY
SE
IN
TE
R
AL
N
LY
SE
AL
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
lab@mxB-1:ceB-1>
TE
R
Step 5.10
Verify reachability to the remote CE router by pinging the loopback address five
times. This task can be accomplished by issuing the ping
remote-ce-loopback source local-ce-loopback count 5 command.
IN
www.juniper.net
Note
N
LY
SE
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 5.12
AL
TE
R
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-instances vpn-upper protocols bgp
IN
type external;
peer-as 65202;
as-override;
neighbor 10.1.20.2;
N
LY
lab@mxB-1>
Step 5.13
SE
Step 5.14
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
AL
lab@mxB-1:ceB-3> configure
Entering configuration mode
[edit]
lab@mxB-1:ceB-3# edit protocols bgp
TE
R
IN
www.juniper.net
N
LY
SE
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 5.16
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the upper, local CE router at your PE router.
AL
TE
R
IN
www.juniper.net
N
LY
Step 5.17
Issue the show route advertising-protocol bgp 193.168.5.2
command to verify that you are sending the routes learned from the local, lower CE
router to the remote team through the route reflector.
lab@mxB-1> show route advertising-protocol bgp 193.168.5.2
SE
TE
R
AL
IN
Step 5.18
Issue the show route receive-protocol bgp 193.168.5.2 command to
verify that you are also receiving the remote, upper CE routers static routes at your
PE router from the route reflector.
lab@mxB-1> show route receive-protocol bgp 193.168.5.2
inet.0: 33 destinations, 33 routes (33 active, 0 holddown, 0 hidden)
Lab 828 Route Reflection and Internet Access (Detailed)
www.juniper.net
SE
N
LY
Step 5.19
AL
TE
R
IN
www.juniper.net
N
LY
Step 5.20
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
lab@mxB-1> set cli logical-system upper-ce-hostname
Logical system: ceB-3
lab@mxB-1:ceB-3>
Step 5.21
SE
Verify reachability to the remote, upper CE router by pinging the loopback address
five times. This task can be accomplished by issuing the ping
remote-ce-loopback source local-ce-loopback count 5 command.
AL
TE
R
--- 193.168.22.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.778/1.054/2.029/0.488 ms
IN
Note
www.juniper.net
STOP
N
LY
In this lab part, you will implement route filtering on your PE router. You will alter the
upper CE routers vrf-target, to demonstrate the purpose of route target filtering
at the route reflector. You will review the default route advertising behavior from the
route reflector by utilizing the keep all option. You will configure the PE router to
signal route target filtering and verify the route reflector is no longer sending you
routes with target values for which your PE router is not configured.
Step 6.1
SE
lab@mxB-1>
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.2
AL
PE
Target Community
pe1
target:65512:103
pe2
target:65512:104
pe1
target:65512:203
pe2
target:65512:204
pe1
target:65512:303
pe2
target:65512:304
pe1
target:65512:403
pe2
target:65512:404
IN
TE
R
Pod
www.juniper.net
Note
[edit]
lab@mxB-1# edit routing-instances vpn-upper
[edit routing-instances vpn-upper]
lab@mxB-1# set vrf-target new-target-value
lab@mxB-1>
SE
lab@mxB-1> configure
Entering configuration mode
N
LY
Step 6.3
AL
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table.
lab@mxB-1> show route table bgp.l3vpn.0
TE
R
IN
193.168.2.2:9:10.0.21.0/24
*[BGP/170] 03:33:01, localpref 100, from 193.168.5.2
AS path: I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.4.0/24
*[BGP/170] 01:31:33, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.5.0/24
*[BGP/170] 01:31:33, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
Lab 832 Route Reflection and Internet Access (Detailed)
www.juniper.net
SE
N
LY
300096(top)
193.168.2.2:9:172.20.6.0/24
*[BGP/170] 01:31:33, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.7.0/24
*[BGP/170] 01:31:33, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:193.168.12.2/32
*[BGP/170] 03:33:01, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
> to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
AL
IN
TE
R
Step 6.4
Answer: No, You should not see the routes since the
target communities are now mismatched. You
should not have routes with the prefixes advertised
by the remote CE router.
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit protocols bgp
[edit protocols bgp]
lab@mxB-1# set keep all
[edit protocols bgp]
lab@mxB-1# commit and-quit
commit complete
www.juniper.net
Step 6.5
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after adding the keep all functionality.
lab@mxB-1> show route table bgp.l3vpn.0
N
LY
IN
TE
R
AL
SE
193.168.2.2:9:10.0.21.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.4.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.5.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.6.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.7.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:193.168.12.2/32
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
> to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
Lab 834 Route Reflection and Internet Access (Detailed)
www.juniper.net
IN
TE
R
AL
SE
N
LY
193.168.2.2:10:10.1.21.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
193.168.2.2:10:172.21.4.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65202 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
193.168.2.2:10:172.21.5.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65202 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
193.168.2.2:10:172.21.6.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65202 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
193.168.2.2:10:172.21.7.0/24
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65202 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
193.168.2.2:10:193.168.22.2/32
*[BGP/170] 00:00:13, localpref 100, from 193.168.5.2
AS path: 65202 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300048, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300048, Push
300096(top)
www.juniper.net
Step 6.6
Enter into configuration mode and navigate to the [edit protocols bgp]
hierarchy. Configure your router to signal the route target NLRI for the IBGP session
to the route reflector. Commit your configuration and exit to operational mode.
lab@mxB-1> configure
Entering configuration mode
N
LY
[edit]
lab@mxB-1# edit protocols bgp
lab@mxB-1>
SE
Step 6.7
Review the routes that you have accepted and installed in your bgp.l3vpn.0
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.
AL
IN
TE
R
193.168.2.2:9:10.0.21.0/24
*[BGP/170] 00:00:11, localpref 100, from 193.168.5.2
AS path: I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.4.0/24
*[BGP/170] 00:00:11, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.5.0/24
*[BGP/170] 00:00:11, localpref 100, from 193.168.5.2
AS path: 65201 I, validation-state: unverified
to 172.22.221.2 via ge-1/0/1.221, Push 300032, Push
300064(top)
> to 172.22.220.2 via ge-1/0/0.220, Push 300032, Push
300096(top)
193.168.2.2:9:172.20.6.0/24
*[BGP/170] 00:00:11, localpref 100, from 193.168.5.2
Lab 836 Route Reflection and Internet Access (Detailed)
www.juniper.net
300064(top)
N
LY
SE
AL
IN
TE
R
Step 7.1
www.juniper.net
[edit]
lab@mxB-1# edit interfaces
[edit interfaces]
lab@mxB-1# set ge-1/0/4 unit unit vlan-id vlan-id family inet address address/24
[edit interfaces]
lab@mxB-1#
Step 7.2
N
LY
[edit interfaces]
lab@mxB-1# top edit routing-options
[edit routing-options]
lab@mxB-1# set static route network/22 next-hop ce-address
SE
[edit routing-options]
lab@mxB-1# set static route ce-loopback-address/32 next-hop ce-address
[edit routing-options]
lab@mxB-1#
Step 7.3
AL
[edit routing-options]
lab@mxB-1# top edit policy-options
TE
R
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxB-1# set policy-statement statics term 10 then accept
IN
[edit policy-options]
lab@mxB-1#
Step 7.4
Navigate to the [edit protocols ospf] hierarchy and add the non-VRF
interface as passive. Export the static routes you created in the previous step into
your IGP by using the policy statics. This action allows the core networks IGP to
route traffic back to the CE network through the non-VRF connection.
[edit policy-options]
lab@mxB-1# top edit protocols ospf
[edit protocols ospf]
lab@mxB-1# set area 0 interface ge-1/0/4.unit passive
Lab 838 Route Reflection and Internet Access (Detailed)
www.juniper.net
Step 7.5
N
LY
SE
AL
TE
R
IN
Step 7.6
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
www.juniper.net
Step 7.7
Issue the ping p-router-loopback source local-ce-loopback count 5
command to verify that you can ping the loopback address of one of the core routers
five times, sourced from your CE routers loopback address. You can review Part 1
diagram that shows the core network if you do not recall the loopback addresses of
the core routers.
N
LY
--- 193.168.5.6 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.716/0.753/0.801/0.028 ms
SE
AL
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 7.9
TE
R
lab@mxB-1>
IN
lab@mxB-1> exit
mxB-1 (ttyu0)
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
Lab
N
LY
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
SE
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE routers static routes into
OSPF.
IN
TE
R
AL
www.juniper.net
Redistribute the MP-BGP routes learned from the remote PE into OSPF.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then configure MP-BGP and a route-distinguisher ID.
Note
N
LY
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
SE
AL
Step 1.3
IN
TE
R
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
www.juniper.net
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab9-start.config and commit.
mxB-1 (ttyp0)
SE
[edit]
lab@mxB-1# commit
commit complete
N
LY
login: lab
Password:
[edit]
lab@mxB-1#
Step 1.5
AL
Navigate to the [edit protocols] hierarchy. Issue the show command and
analyze the protocols that have been preconfigured for you.
[edit]
lab@mxB-1# edit protocols
IN
TE
R
[edit protocols]
lab@mxB-1# show
bgp {
group my-int-group {
type internal;
local-address 193.168.2.1;
neighbor 193.168.2.2;
}
}
ospf {
area 0.0.0.0 {
interface ge-1/0/0.220;
interface ge-1/0/1.221;
interface lo0.0;
}
}
[edit protocols]
lab@mxB-1#
www.juniper.net
N
LY
SE
Step 1.6
[edit protocols]
lab@mxB-1# exit configuration-mode
Exiting configuration mode
AL
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
ID
193.168.5.1
193.168.5.4
Pri
128
128
Dead
34
39
State
Full
Full
IN
TE
R
Step 1.7
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
www.juniper.net
SE
N
LY
Number of flaps: 0
Peer ID: 193.168.2.2
Local ID: 193.168.2.1
Active Holdtime: 90
Keepalive Interval: 30
Group index: 0
Peer index: 0
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 65512)
Peer does not support Addpath
Table inet.0 Bit: 10001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
0
Received prefixes:
0
Accepted prefixes:
0
Suppressed due to damping:
0
Advertised prefixes:
0
Last traffic (seconds): Received 19
Sent 8
Checked 31
Input messages: Total 9219
Updates 4
Refreshes 0
Octets 175246
Output messages: Total 9218
Updates 2
Refreshes 0
Octets 175250
Output Queue[0]: 0
IN
TE
R
AL
www.juniper.net
Step 1.8
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
[edit interfaces] hierarchy and enable family mpls on both of the
core-facing interfaces.
lab@mxB-1> configure
Entering configuration mode
[edit interfaces]
lab@mxB-1# set ge-1/0/0 unit unit family mpls
[edit interfaces]
lab@mxB-1# set ge-1/0/1 unit unit family mpls
[edit interfaces]
lab@mxB-1#
N
LY
[edit]
lab@mxB-1# edit interfaces
SE
Step 1.9
[edit interfaces]
lab@mxB-1# top edit protocols
Navigate to the [edit protocols] hierarchy and configure the MPLS protocol
on the core-facing interfaces.
AL
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/0.unit
Step 1.10
[edit protocols]
lab@mxB-1# set mpls interface ge-1/0/1.unit
TE
R
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE routers BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
IN
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet unicast
[edit protocols]
lab@mxB-1# set bgp group my-int-group family inet-vpn unicast
Step 1.11
To allow for the automatic generation of route distinguishers, navigate to the
[edit routing-options] hierarchy and specify the
route-distinguisher-id using your PE routers loopback address. Commit
your configuration and exit out to operational mode.
[edit protocols]
lab@mxB-1# top edit routing-options
Lab 96 GRE Tunnel Integration (Detailed)
www.juniper.net
[edit routing-options]
lab@mxB-1# set route-distinguisher-id local-pe-loopback-address
[edit routing-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 1.12
N
LY
Using the show mpls interface command, verify that MPLS is configured
correctly on the core-facing interfaces.
SE
Step 1.13
AL
Verify the state of your PE routers BGP neighbor relationship with the remote PE
router.
IN
TE
R
SE
N
LY
AL
TE
R
IN
www.juniper.net
Step 2.2
N
LY
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
IN
TE
R
AL
SE
www.juniper.net
}
autonomous-system 65201;
}
lab@mxB-1:ceB-1>
N
LY
SE
AL
IN
TE
R
Step 2.3
Use the ping utility to attempt to ping the local PE routers ge-1/0/4 interface.
lab@mxB-1:ceB-1> ping local-pe-address count 1
PING 10.0.20.1 (10.0.20.1): 56 data bytes
--- 10.0.20.1 ping statistics --1 packets transmitted, 0 packets received, 100% packet loss
Lab 910 GRE Tunnel Integration (Detailed)
www.juniper.net
N
LY
STOP
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
SE
Step 3.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 3.2
AL
lab@mxB-1>
TE
R
IN
[edit interfaces]
lab@mxB-1# set ge-1/0/4 vlan-tagging unit unit vlan-id vlan-id family inet
address address/24
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
www.juniper.net
Step 3.3
Verify connectivity to the local CE device using the ping utility with a count value
of 3.
lab@mxB-1> ping local-ce-address count 3
PING 10.0.20.2 (10.0.20.2): 56 data bytes
64 bytes from 10.0.20.2: icmp_seq=0 ttl=64 time=2.024 ms
64 bytes from 10.0.20.2: icmp_seq=1 ttl=64 time=0.591 ms
64 bytes from 10.0.20.2: icmp_seq=2 ttl=64 time=0.552 ms
N
LY
--- 10.0.20.2 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.552/1.056/2.024/0.685 ms
SE
AL
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route target to the VPN. You will include your CE-facing interface within this instance.
In this lab, you will be using the vrf-target option because of its simplicity.
Please note that vrf-import and vrf-export policies would work also.
Step 4.1
TE
R
lab@mxB-1> configure
Entering configuration mode
IN
[edit]
lab@mxB-1# edit routing-instances
[edit routing-instances]
lab@mxB-1# set vpn-pod instance-type vrf
[edit routing-instances]
lab@mxB-1#
Step 4.2
Navigate to the [edit routing-instances vpn-pod] hierarchy. Configure
your route target. As mentioned earlier, you will be using the vrf-target option.
Use the table below to determine the target community for your router.
Lab 912 GRE Tunnel Integration (Detailed)
www.juniper.net
Target Community
target:65512:1
target:65512:2
target:65512:3
target:65512:4
[edit routing-instances]
lab@mxB-1# edit vpn-pod
[edit routing-instances vpn-B]
lab@mxB-1# set vrf-target target-community
N
LY
Pod
Step 4.3
SE
Step 4.4
AL
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
TE
R
IN
Step 4.5
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE-facing interface. You can accomplish this task by issuing
the show route table vpn-pod.inet.0 command.
www.juniper.net
*[Direct/0] 00:00:31
> via ge-1/0/4.620
GRE Tunnel Integration (Detailed) Lab 913
10.0.20.1/32
*[Local/0] 00:00:31
Local via ge-1/0/4.620
N
LY
In this lab part, you will configure OSPF routing between your PE and CE routers.
These routes will be passed through the MP-BGP session to the remote PE router.
You will verify that these routes are shared with the remote PE device and you will
also need to verify that you are receiving the routes from the remote PE router.
SE
Step 5.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
AL
lab@mxB-1:ceB-1>
Step 5.2
TE
R
[edit]
lab@mxB-1:ceB-1# edit policy-options
IN
[edit policy-options]
lab@mxB-1:ceB-1# set policy-statement statics term 10 from protocol static
[edit policy-options]
lab@mxB-1:ceB-1# set policy-statement statics term 10 then accept
[edit policy-options]
lab@mxB-1:ceB-1#
Step 5.3
Navigate to the [edit] hierarchy. Configure your CE routers loopback and
Ethernet interfaces as OSPF area 0.0.0.0 interfaces.
Lab 914 GRE Tunnel Integration (Detailed)
www.juniper.net
[edit policy-options]
lab@mxB-1:ceB-1# top
[edit]
lab@mxB-1:ceB-1# set protocols ospf area 0 interface lo0.1
[edit]
lab@mxB-1:ceB-1# set protocols ospf area 0 interface ge-1/1/4.unit
Step 5.4
N
LY
[edit]
lab@mxB-1:ceB-1#
Apply the statics policy as an export policy to your CE routers OSPF instance.
Commit your configuration and exit to operational mode.
lab@mxB-1:ceB-1>
Step 5.5
SE
[edit]
lab@mxB-1:ceB-1# commit and-quit
commit complete
Exiting configuration mode
[edit]
lab@mxB-1:ceB-1# set protocols ospf export statics
AL
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 5.6
TE
R
IN
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit routing-instances vpn-pod
[edit routing-instances vpn-B]
lab@mxB-1# set protocols ospf area 0 interface ge-1/0/4.unit
Step 5.7
Verify that the CE router and PE router have established an OSPF adjacency with
each other.
lab@mxB-1> show ospf neighbor instance vpn-pod
Address
Interface
State
10.0.20.2
ge-1/0/4.620
Full
ID
193.168.12.1
Pri
128
Dead
34
N
LY
Step 5.8
SE
Verify that the static routes that are being redistributed by the CE router can be
found in the VRF table of the PE router.
10.0.20.1/32
TE
R
172.20.0.0/24
*[Direct/0] 00:14:29
> via ge-1/0/4.620
*[Local/0] 00:14:29
Local via ge-1/0/4.620
*[OSPF/150] 00:02:28, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:02:28, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:02:28, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:02:28, metric 0, tag
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/10] 00:02:28, metric 1
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/10] 00:02:39, metric 1
MultiRecv
10.0.20.0/24
AL
172.20.1.0/24
172.20.2.0/24
IN
172.20.3.0/24
193.168.12.1/32
224.0.0.5/32
0
0
0
0
www.juniper.net
N
LY
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
lab@mxB-1> show route advertising-protocol bgp remote-pe-loopback-address
AL
SE
IN
TE
R
Step 5.10
Verify that you are receiving routes from the remote PE router.
lab@mxB-1> show route receive-protocol bgp remote-pe-loopback-address
inet.0: 39 destinations, 39 routes (39 active, 0 holddown, 0 hidden)
vpn-B.inet.0: 14 destinations, 14 routes (8 active, 0 holddown, 6 hidden)
www.juniper.net
N
LY
SE
Step 5.11
Determine whether any hidden routes are being received from the remote PE router.
AL
TE
R
10.0.21.0/24
172.10.4.0/24
IN
172.10.5.0/24
172.10.6.0/24
172.10.7.0/24
193.168.12.2/32
www.juniper.net
AL
SE
N
LY
193.168.2.2:11:10.0.21.0/24
[BGP/170] 00:17:39, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
193.168.2.2:11:172.10.4.0/24
[BGP/170] 00:17:39, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
193.168.2.2:11:172.10.5.0/24
[BGP/170] 00:17:39, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
193.168.2.2:11:172.10.6.0/24
[BGP/170] 00:17:39, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
193.168.2.2:11:172.10.7.0/24
[BGP/170] 00:17:39, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
193.168.2.2:11:193.168.12.2/32
[BGP/170] 00:17:39, MED 1, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
Unusable
IN
TE
R
lab@mxB-1> configure
Entering configuration mode
[edit]
lab@mxB-1# edit chassis
[edit chassis]
lab@mxB-1# set fpc 1 pic 0 tunnel-services bandwidth 1g
[edit chassis]
lab@mxB-1#
N
LY
Step 6.2
SE
[edit chassis]
lab@mxB-1# top edit interfaces
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 tunnel source local-pe-loopback-address
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 tunnel destination remote-pe-loopback-address
AL
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 family inet
[edit interfaces]
lab@mxB-1# set gr-1/0/10 unit 0 family mpls
TE
R
[edit interfaces]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
IN
Step 6.3
Local
Remote
www.juniper.net
N
LY
In this lab part, you will configure a static route to the loopback of the remote PE
such that it is placed in the inet.3 routing table.
Step 7.1
[edit]
lab@mxB-1# edit routing-options
lab@mxB-1> configure
Entering configuration mode
SE
AL
[edit routing-options]
lab@mxB-1# set rib inet.3 static route remote-pe-loopback-address/32 next-hop
gr-1/0/10.0
TE
R
[edit routing-options]
lab@mxB-1# commit and-quit
commit complete
Exiting configuration mode
lab@mxB-1>
Step 7.2
IN
Verify that the new static route exists in inet.3 and only inet.3.
www.juniper.net
193.168.2.2/32
*[Static/5] 00:00:28
> via gr-1/0/10.0
Step 7.3
N
LY
172.20.0.0/24
172.20.1.0/24
TE
R
172.20.2.0/24
10.0.21.0/24
AL
10.0.20.1/32
*[Direct/0] 00:28:39
> via ge-1/0/4.620
*[Local/0] 00:28:39
Local via ge-1/0/4.620
*[BGP/170] 00:05:10, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> via gr-1/0/10.0, Push 300064
*[OSPF/150] 00:16:38, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:16:38, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:16:38, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[OSPF/150] 00:16:38, metric 0, tag 0
> to 10.0.20.2 via ge-1/0/4.620
*[BGP/170] 00:00:14, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> via gr-1/0/10.0, Push 300064
*[BGP/170] 00:00:14, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> via gr-1/0/10.0, Push 300064
*[BGP/170] 00:00:14, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> via gr-1/0/10.0, Push 300064
*[BGP/170] 00:00:14, MED 0, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
> via gr-1/0/10.0, Push 300064
*[OSPF/10] 00:16:38, metric 1
> to 10.0.20.2 via ge-1/0/4.620
*[BGP/170] 00:05:10, MED 1, localpref 100, from 193.168.2.2
AS path: I, validation-state: unverified
10.0.20.0/24
SE
172.20.3.0/24
172.20.4.0/24
IN
172.20.5.0/24
172.20.6.0/24
172.20.7.0/24
193.168.12.1/32
193.168.12.2/32
www.juniper.net
224.0.0.5/32
N
LY
SE
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
lab@mxB-1:ceB-1>
Step 7.5
AL
TE
R
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
IN
www.juniper.net
N
LY
Step 7.6
Review the routes that are installed in the CE routers routing table.
lab@mxB-1:ceB-1> show route
172.20.2.0/24
172.20.3.0/24
193.168.12.1/32
TE
R
224.0.0.5/32
SE
172.20.1.0/24
172.20.0.0/24
AL
10.0.20.2/32
*[Direct/0] 6d 07:22:37
> via ge-1/1/4.620
*[Local/0] 6d 07:22:37
Local via ge-1/1/4.620
*[Static/5] 6d 07:22:37
Reject
*[Static/5] 6d 07:22:37
Reject
*[Static/5] 6d 07:22:37
Reject
*[Static/5] 6d 07:22:37
Reject
*[Direct/0] 6d 07:22:37
> via lo0.1
*[OSPF/10] 00:23:54, metric 1
MultiRecv
10.0.20.0/24
IN
Step 7.7
Review the LSAs that currently exist in the CE routers link state database.
lab@mxB-1:ceB-1> show ospf database
Area 0.0.0.0
Type
ID
Router
10.0.20.1
Router *193.168.12.1
Network *10.0.20.2
Adv Rtr
10.0.20.1
193.168.12.1
193.168.12.1
Seq
0x80000002
0x80000004
0x80000001
Age
1262
1261
1266
Opt
0x22
0x22
0x22
Cksum Len
0x278c 36
0xde98 48
0x46c5 32
www.juniper.net
Seq
0x80000002
0x80000002
0x80000001
0x80000001
Age
712
222
1501
1501
Opt
0x22
0x22
0x22
0x22
Cksum Len
0xd99f 36
0xcea9 36
0xc5b2 36
0xbabc 36
N
LY
SE
AL
IN
TE
R
STOP
www.juniper.net
Step 8.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1:ceB-1> clear cli logical-system
Cleared default logical system
lab@mxB-1>
Step 8.2
N
LY
[edit]
lab@mxB-1# edit policy-options
SE
[edit policy-options]
lab@mxB-1# set policy-statement bgp-to-ospf term 10 from protocol bgp
[edit policy-options]
lab@mxB-1# set policy-statement bgp-to-ospf term 10 then accept
AL
Step 8.3
[edit policy-options]
lab@mxB-1#
TE
R
[edit policy-options]
lab@mxB-1# top edit routing-instances vpn-pod
[edit routing-instances vpn-B]
lab@mxB-1# set protocols ospf export bgp-to-ospf
IN
Step 8.4
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
lab@mxB-1> set cli logical-system local-ce-hostname
Logical system: ceB-1
lab@mxB-1:ceB-1>
Lab 926 GRE Tunnel Integration (Detailed)
www.juniper.net
Step 8.5
Review the LSAs that currently exist in the CE routers link state database.
lab@mxB-1:ceB-1> show ospf database
Age
86
1697
2197
86
Opt
0x22
0x22
0x22
0xa2
Cksum Len
0xfc9c 36
0xb0af 48
0x18dc 32
0xc75c 28
N
LY
Seq
0x8000001a
0x8000001b
0x80000018
0x80000001
Age
86
1197
697
197
2697
86
86
86
86
Seq
0x80000001
0x80000019
0x80000019
0x80000019
0x80000018
0x80000001
0x80000001
0x80000001
0x80000001
SE
Area 0.0.0.0
Type
ID
Adv Rtr
Router
10.0.20.1
10.0.20.1
Router *193.168.12.1
193.168.12.1
Network *10.0.20.2
193.168.12.1
Summary 193.168.12.2
10.0.20.1
OSPF AS SCOPE link state database
Type
ID
Adv Rtr
Extern
10.0.21.0
10.0.20.1
Extern *172.20.0.0
193.168.12.1
Extern *172.20.1.0
193.168.12.1
Extern *172.20.2.0
193.168.12.1
Extern *172.20.3.0
193.168.12.1
Extern
172.20.4.0
10.0.20.1
Extern
172.20.5.0
10.0.20.1
Extern
172.20.6.0
10.0.20.1
Extern
172.20.7.0
10.0.20.1
Opt
0xa2
0x22
0x22
0x22
0x22
0xa2
0xa2
0xa2
0xa2
Cksum Len
0xbe7b 36
0xabb6 36
0xa0c0 36
0x95ca 36
0x8cd3 36
0x474d 36
0x3c57 36
0x3161 36
0x266b 36
AL
IN
TE
R
Step 8.6
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE routers loopback address while
sourcing the packets from your local CE routers loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
www.juniper.net
N
LY
SE
Step 8.7
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 8.8
AL
TE
R
lab@mxB-1> exit
mxB-1 (ttyu0)
IN
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
N
LY
SE
Step 8.7
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
lab@mxB-1>
Step 8.8
AL
TE
R
lab@mxB-1> exit
mxB-1 (ttyu0)
IN
login:
STOP
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net
IN
TE
R
AL
SE
N
LY
www.juniper.net