Professional Documents
Culture Documents
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1: MPLS Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Part 1: Configuring Network Interfaces and Baseline Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Part 2: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Part 3: Configuring a Static LSP Through the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Contents • iii
Lab 7: L3VPN Static and BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . .7-2
Part 2: Establishing an RSVP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Part 3: Verify CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Part 4: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Part 5: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Part 6: Configuring Static Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .7-8
Part 7: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . 7-10
iv • Contents
Lab 13: Carrier-of-Carriers VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1
Part 1: Creating the Baseline SP Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Part 3: Configuring the Subscriber CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-6
Part 4: Configuring a Layer 3 VPN on the Provider PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Part 5: Configuring the Customer CE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8
Part 6: Configuring the Customer PE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11
Part 7: Placing IBGP Learned Routes in
Part 8: Configuring a BGP VPLS Between Customer PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 13-14
Contents • v
vi • Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, BGP Layer 2 VPNs,
LDP Layer 2 Circuits, and virtual private LAN service (VPLS). This course also covers Junos
operating system-specific implementations of Layer 2 control instances and active interface for
VPLS.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations. This course uses Juniper Networks MX Series
3D Universal Edge Routers for the hands-on component, but the lab environment does not
preclude the course from being applicable to other Juniper hardware platforms running the
Junos OS. This course is based on the Junos OS Release 12.3R2.5.
Objectives
After successfully completing this course, you should be able to:
• Explain common terms relating to MPLS.
• Explain routers and the way they forward MPLS packets.
• Explain packet flow and handling through a label-switched path (LSP).
• Describe the configuration and verification of MPLS forwarding.
• Understand the information in the Label Information Base.
• Explain the two label distribution protocols used by the Junos OS.
• Configure and troubleshoot RSVP-signaled and LDP-signaled LSPs.
• Explain the constraints of both RSVP and LDP.
• Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
• Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
• Describe the CSPF algorithm and its path selection process.
• Describe administrative groups and how they can be used to influence path selection.
• Explain the behavior of inter-area traffic engineered LSPs
• Describe the default traffic protection behavior of RSVP-Signaled LSPs.
• Explain the use of primary and secondary LSPs.
• Explain LSP priority and preemption.
• Describe the operation and configuration of fast reroute.
• Describe the operation and configuration of link and node protection.
• Describe the LSP optimization options.
• Describe the behavior of fate sharing.
• Describe how SRLG changes the CSPF algorithm when computing the path of a
secondary LSP.
• Explain how extended admin groups can be used to influence path selection.
• Explain the purpose of several miscellaneous MPLS features.
• Explain the definition of the term “Virtual Private Network”.
• Describe the differences between provider-provisioned and customer-provisioned
VPNs.
Day 1
Chapter 1: Course Introduction
Chapter 2: MPLS Fundamentals
MPLS Fundamentals Lab
Chapter 3: Label Distribution Protocols
Label Distribution Protocols Lab
Chapter 4: Constrained Shortest Path First
CSPF Lab
Day 2
Chapter 5: Traffic Protection and LSP Optimization
Traffic Protection Lab
Chapter 6: Fate Sharing
Fate Sharing Lab
Chapter 7: Miscellaneous MPLS Features
Miscellaneous MPLS Features Lab
Chapter 8: VPN Review
Chapter 9: Layer 3 VPNs
Day 3
Chapter 10: Basic Layer 3 VPN Configuration
Layer 3 VPN with Static and BGP Routing Lab
Chapter 11: Troubleshooting Layer 3 VPNs
Chapter 12: Layer 3 VPN Scaling and Internet Access
Route Reflection and Internet Access Lab
Chapter 13: Layer 3 VPNs—Advanced Topics
GRE Tunnel Integration Lab
Day 4
Chapter 14: BGP Layer 2 VPNs
BGP Layer 2 VPNs Lab
Chapter 15: Layer 2 VPN Scaling and CoS
Chapter 16: LDP Layer 2 Circuits
Circuit Cross-Connect and LDP Layer 2 Circuits Lab
Chapter 17: Virtual Private LAN Service
Franklin Gothic Normal text. Most of what you read in the Lab Guide
and Student Guide.
Console text:
• Screen captures
• Noncommand-related
syntax
GUI text elements:
Select , and then click
• Menu names in the
text box.
• Text field entry
No distinguishing variant.
CLI Undefined Text where the variable’s value Type set policy policy-name.
is the user’s discretion and text
ping 10.0.x.y
where the variable’s value as
GUI Undefined shown in the lab guide might Select , and type
differ from the value the user filename in the field.
must input.
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Configure and verify proper operation of network interfaces.
• Configure and verify OSPF, BGP, and a virtual router.
• Configure and monitor a MPLS static LSP.
In this lab part, you will be using the lab diagram for part 1. You will configure
network interfaces on your assigned device. You will then verify that the interfaces
are operational and that the system adds the corresponding routing table entries for
the configured interfaces. After verifying your interfaces, you will configure the router
to participate in the OSPF area 0.0.0.0. Once you have completed this, you will set
up a internal BGP (IBGP) peering with the remote team’s router.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
Step 1.8
Issue the show route command to view the current route entries.
Step 1.9
Enter in to configuration mode and navigate to the
hierarchy level. Configure the core facing interfaces in area 0.0.0.0. Remember to
add the loopback interface.
Step 1.10
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 1.11
Using the ping utility, verify reachability to remote team’s interfaces. Remember to
verify the loopback address.
Step 1.12
Enter configuration mode and define the autonomous system number designated
for your network. Refer to the network diagram as necessary.
Step 1.13
Navigate to the hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote team’s PE router. Refer to the network diagram for this lab as necessary.
Step 1.14
Issue the run show bgp summary command to view the current BGP summary
information for your device.
In this lab part, you will reference the lab diagram for parts 2 and 3. You will
configure a virtual router instance on your router, representing the customer edge
(CE) router. You will configure the interfaces and networks needed to establish a
external BGP (EBGP) peering between the customer edge router and your provider
edge (PE) router. You will first configure your virtual router and all interfaces for both
routers. Second you will configure the EBGP peering session between the two
routers. Next you will advertise your loopback address from your
CE device to your PE router. You will share these routes with your IBGP peer.
Step 2.1
Refer to the lab diagram to ensure you navigate to the correct virtual router name.
Navigate to the instance-name hierarchy and
configure the instance to behave as a virtual router. Configure the interfaces that
should be members of the virtual router. Make sure you include a loopback
interface.
Step 2.2
Review the virtual router configuration up to this point by issuing the command
show.
Step 2.3
Navigate to the hierarchy. Configure both physical
interfaces required for the connection to the virtual router. Configure unit 1 under
the loopback interface. Consult the network diagram for proper IP addressing. After
verifying your configuration, commit and exit to operational mode to verify
connectivity.
Step 2.4
Verify connectivity from your CE router to your PE router using the ping utility.
Note
Use Ctrl + c to stop a continuous ping
operation.
Step 2.5
Return to configuration mode and configure the main instance (PE) to establish an
EBGP peering session, named my-ext-group, to your virtual router (CE). Verify
configuration looks correct before moving on. Please refer to the network diagram
for appropriate peer autonomous system numbers.
Step 2.6
Navigate to the instance-name hierarchy and
configure the autonomous system for the virtual router (CE). Next configure the
EBGP group named my-ext-group, on the CE router. Once you are satisfied with
the configuration commit and verify that the neighbor relationship is established
before moving on to the next step.
Step 2.7
Navigate to the hierarchy and configure a policy
named . Allow your CE router’s loopback address to be
exported. After creating the policy, navigate to the virtual router and apply this new
policy as an export policy to your EBGP group. Commit and exit to operational mode
after you are satisfied with your configuration.
Step 2.8
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 2.9
Verify that you are receiving the remote CE loopback from your IBGP neighbor. The
total destination routes may differ in your outputs.
Step 2.10
Take an extensive look at the hidden route and determine why the route is hidden.
Step 2.11
Enter into configuration mode. Navigate to the
hierarchy and create the policy named nhs. Configure this policy to take all bgp
routes learned from your CE neighbor and change the next-hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 2.12
Verify that the route to the remote CE router’s loopback address is now usable and
installed in the routing table.
In this lab part, you will reference the lab diagram for parts 2 and 3. You will
configure a static LSP that will be used for traffic that is destined to the network
connected to the remote PE router. After configuring the LSP we will verify CE to CE
router communication through the static LSP.
Step 3.1
Enter into configuration mode and navigate to the
hierarchy. Configure the core facing interface to allow MPLS traffic.
Step 3.2
Navigate to hierarchy and add the
statement. As good practice please be sure to disable the management interface.
Step 3.3
Commit the configuration changes. Issue the run show route table mpls.0
command to verify that the MPLS table has been created.
Step 3.4
Review the interfaces that are participating in MPLS to ensure that we have the
proper configuration by executing the run show mpls interface command.
Step 3.8
Review the route being used for the remote CE router’s loopback by issuing the
show route remote-ce-loopback-address command.
Step 3.9
Look at the traffic statistics for traffic traversing our new LSP. Execute the show
mpls static-lsp statistics ingress command to view the statistics for
the traffic the enters the LSP at this router.
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
remote-ce-loopback source local-ce-loopback count 10 rapid
routing-instance instance-name command.
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
STOP Tell your instructor that you have completed this lab.
Overview
This lab demonstrates configuration and monitoring of Resource Reservation Protocol
(RSVP) and Label Distribution (LDP) signaled label switched path (LSP) features on
routers running the Junos operating system. In this lab, you use the command-line
interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol
(BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Configure and verify proper operation of network interfaces.
• Configure and verify BGP, and a virtual router.
• Configure and monitor a RSVP LSP.
• Modify RSVP LSP by explicitly defining path requirements.
• Configure and monitor a LDP LSP.
• Manipulate the default behavior of RSVP and LDP, depending on network
requirements.
In this lab part, you will configure the virtual router representing the customer edge
(CE) router. You will load a configuration that will automatically configure the
interfaces and networks needed to establish an external BGP (EBGP) peering
between your customer edge router and your provider edge (PE) router. The loaded
configuration will configure your virtual router and all interfaces for both routers and
also configure the EBGP peering session between the two routers. You will then
configure your CE router to advertise the loopback address from your CE device to
your PE router. Your PE router will share these routes with your internal BGP (IBGP)
peer.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab2-start.config and commit.
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
Step 1.6
Verify connectivity from CE to PE router using the ping utility.
Step 1.7
Verify that the BGP neighbor relationship is established before moving on to the next
step.
Step 1.8
Use the run show route advertising-protocol bgp command to
determine which routes that your CE router is advertising to your PE router.
Step 1.9
Navigate to the hierarchy and configure a policy
named vr-export-loopback. Configure the policy to advertise your CE router’s
loopback address.
Step 1.10
Navigate to the instance-name hierarchy and
apply the new policy as an export policy to your EBGP group. Commit and exit to
operational mode after you are satisfied with your configuration.
Step 1.11
Verify that you are advertising your CE router’s loopback address to your EBGP peer.
Step 1.12
Verify the advertisement of the CE router’s loopback route from the local PE router to
the remote IBGP peer.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 1.13
Verify that the local PE is receiving the remote CE router’s loopback from the remote
PE neighbor.
Step 1.14
Take an extensive look at the hidden route and determine why the route is hidden.
Step 1.15
Enter into configuration mode. Navigate to the
hierarchy and create the policy named nhs. Configure this policy to take all BGP
routes learned from your CE neighbor and change the next hop to itself before
advertising these routes to your remote IBGP peer.
Step 1.16
Apply the new policy as an export policy to the BGP group my-int-group. After
you are satisfied with your policy and configuration commit your changes and exit to
operational mode.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 1.17
Verify that the remote loopback address is now usable and installed in the routing
table.
Step 1.18
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
STOP
Do not proceed until the remote team finishes Part 1.
In this lab part, you will configure a RSVP signaled LSP that will be used for traffic
that is destined to the network connected to the remote PE router. After configuring
the LSP we will verify CE to CE router communication through the RSVP LSP.
Step 2.1
Enter into configuration mode and navigate to the
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
Step 2.2
Navigate to hierarchy and add the
statement. As good practice please be sure to disable the management interface.
Step 2.3
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
Lab 2–6 • Label Distribution Protocols www.juniper.net
Junos MPLS and VPNs
Step 2.4
Navigate to the hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
Note
It is perfectly acceptable to use the
option when adding the
interfaces into RSVP. For this lab, however,
we ask that you explicitly identify the
interfaces to demonstrate the importance
of including the correct unit number when
manually configuring particular interfaces.
Step 2.5
Add the configuration for creating the LSP. Navigate to the
hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the
set no-cspf command. Next, create a named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peer’s loopback address.
Verify that the configuration looks correct. Commit and exit to operation mode when
you are satisfied with the changes.
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Step 2.7
Review the ingress LSP in more detail by including the and
options with the previous command.
Step 2.8
Verify traffic that is destined to the remote CE router’s loopback will use the LSP by
issuing the show route remote-CE-loopback-address command.
Step 2.9
Verify the remote CE router’s loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Make sure to source
the ICMP packets from the local CE router’s loopback address.
Step 2.10
Verify the ICMP packets traversed the LSP by displaying the traffic statistics for the
LSP.
In this lab part, you will create a path using both strict and loose path constraints.
You will apply the path as the primary path to your existing LSP, forcing the LSP to
signal along the specified path. You will decide which path the LSP will traverse. The
only criteria for this task is that you must have at least one strict hop and one loose
hop defined for the path. The example below is from the perspective of the local PE
router. The path example will have a strict hop requirement of the router and a
loose hop requirement of the router. This path was chosen for demonstration
purposes only—you might choose to engineer your LSP path differently.
Step 3.1
Enter into configuration mode and edit to the
hierarchy. Create a path named my-ER0 and configure the strict and loose hops you
want the LSP path to signal along.
Step 3.2
Apply the ERO you just created as the path used by the LSP you
configured in Part 2. If you do not remember what the LSP name was, you can use
the question mark option to display the LSPs that are configured on the router.
Review the configuration changes before committing and exiting to operational
mode.
Step 3.3
Verify the status of your LSP using the show mpls lsp ingress command.
Step 3.4
Review the output displayed from the show mpls lsp ingress detail
command to verify the LSP is following the path you created.
In this lab part, you will deactivate RSVP and add LDP to your network setup. Then
you will verify that traffic will transit the network using the LDP LSP.
Step 4.1
Enter into configuration mode and deactivate RSVP. Commit the configuration
change.
Step 4.2
Navigate to the hierarchy and add the
statement. As good practice, remember to disable the management interface.
After making the configuration changes commit and exit to operation mode for
verification.
Step 4.3
Verify the proper interfaces are participating in LDP by issuing the command show
ldp interface.
Step 4.4
Verify the status of the LSP by issuing the show ldp session command.
Step 4.5
Verify traffic that is destined to the remote CE router’s loopback will use the LSP by
issuing the show route remote-ce-loopback-address command.
Step 4.6
Verify the remote CE router’s loopback is reachable from your local CE router by
sending five ICMP packets.
Step 4.7
Verify these ICMP packets traversed the LSP by displaying the traffic statistics for
the LSP.
In this lab part, your network will be running both RSVP and LDP to signal LSPs. All
traffic destined for the remote CE router must use the LDP LSPs. You will use
protocol preference to manipulate the LSP that is chosen as the next hop.
Step 5.1
Enter into configuration mode and re-activate the RSVP protocol. Commit the
configuration changes.
Step 5.2
Review the routing table to determine what route is being used to carry traffic to the
remote CE network. Please note that the route might not change right away. It can
take a few moments to update the routing table.
Step 5.4
Lower the preference of the LDP protocol to be one lower than RSVP. You can
accomplish this by issuing the set protocols ldp preference 6 command.
Commit your changes and return to operational mode.
Step 5.5
After the commit has finished, review the route to the remote PE router in the
routing table to ensure LDP will be used for traffic to the CE network.
Step 5.6
View the route to the remote CE to determine which type of LSP will be used to
forward traffic to the remote CE.
Note
It is perfectly acceptable in our situation to
make all LDP routes more preferred than
RSVP routes. However, this might not
always be the case. You can increase the
route preference on RSVP routes on each
label-switched-path, which allows you to
alter the preference on a more granular
level than LDP.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Create a baseline network.
• Define three Resource Reservation Protocol (RSVP) signaled LSPs to the
remote provider edge (PE) router.
• Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
• Analyze the traffic engineering database (TED).
In this lab part, you will create the baseline network for the lab. You will load a
baseline configuration which will configure your router’s interfaces, Open Shortest
Path First (OSPF) topology, and the Internal Border Gateway Protocol (IBGP) peering
session between the two PE routers. You will then enable RSVP and MPLS on the
core-facing interfaces.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.7
Enter into configuration mode and navigate to the
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
Step 1.8
Navigate to hierarchy and add the
statement. As good practice please be sure to disable the management interface.
Step 1.9
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
Step 1.10
Navigate to the hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
Note
It is perfectly acceptable to use the
interface all option when adding the
interfaces into RSVP. For this lab, however,
we ask that you explicitly identify the
interfaces to demonstrate the importance
of including the correct unit number when
manually configuring particular interfaces.
Step 1.11
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
By default, the Junos operating system does not support the flooding the Opaque
LSAs used to build the TED. This feature must be enabled on every router in the
OSPF network. In this lab part, you will enable the TED and verify its operation.
Step 2.1
View the OSPF database and determine what types of link state advertisements
(LSAs) are currently being flooded in the network.
Step 2.2
View the TED and determine whether or not your router is using the LSAs
to build a TED.
Step 2.3
Enter configuration mode and navigate to the
hierarchy and enable traffic-engineering so that your router will flood its own
LSA and use these LSA types to build and use the TED for CSPF
calculations. Commit your configuration and exit to operational mode to determine if
your router is using the TED.
Step 2.4
Issue the show ospf database command and determine if you router is now
generating LSA s.
Step 2.5
Issue the show ted database command to determine if your router is using the
LSAs to build a TED database.
Step 2.6
View the TED and determine the colors (administrative groups) that have been
assigned to your PE router local interfaces.
In this lab part, you will configure gold, silver, and bronze RSVP-signaled LSPs.
www.juniper.net CSPF • Lab 3–5
Junos MPLS and VPNs
Step 3.1
Enter configuration mode and navigate to the
hierarchy. Configure an RSVP-signaled LSP named
lsp-gold-localPE-to-remotePE-pod. For example, if you are assigned
router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should
be named lsp-gold-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Create and a use a path called path1 to ensure that this
LSP traverses P2 as a loose hop.
Step 3.2
Configure an RSVP-signaled LSP named
lsp-silver-localPE-to-remotePE-pod. For example, if you are assigned
router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should
be named lsp-silver-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Use the path called path1 to ensure that this LSP
traverses P2 as a loose hop.
Step 3.3
Configure an RSVP-signaled LSP named
lsp-bronze-localPE-to-remotePE-pod. For example, if you are assigned
router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should
be named lsp-bronze-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Use the path called path1 to ensure that this LSP
traverses P2 as a loose hop. Commit your configuration and exit to operational
mode.
Step 3.4
Using the show rsvp session extensive ingress command, verify that
the new LSPs are up and are currently traversing P2.
In this lab part, you will add administrative groups to your core-facing interfaces.
Refer to the lab diagram to determine the administrative groups to be applied to the
interfaces. The P router interfaces have been preconfigured with the administrative
groups listed on the diagram.
Step 4.6
View the TED and determine whether your router is advertising the correct colors
(administrative groups) to all other routers in the network.
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.
Step 5.5
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will load a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using different traffic protection mechanisms.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load a baseline network.
• Define an Resource Reservation Protocol (RSVP) signaled LSP to the remote
provider edge (PE) router.
• Add primary/secondary path protection to an LSP.
• Add secondary/secondary path protection to an LSP.
• Add fast-reroute protection to an LSP.
• Add node-link protection to an LSP.
• Add link protection to an LSP.
In this lab part, you will create the baseline network for the lab. You will load a
baseline configuration which will configure your router’s interfaces, Open Shortest
Path First (OSPF) topology, and the Internal Border Gateway Protocol (IBGP) peering
session between the two PE routers. The configuration will also enable RSVP and
MPLS on the core-facing interfaces. Please refer to the lab diagram titled “Traffic
Protection Lab”.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
In this lab part, each PE router will be configured for a static route. You will then
redistribute that static route into BGP using policy. Review the lab diagram to verify
the static route.
Step 2.1
Enter configuration mode and navigate to the
hierarchy. Configure the static route associated with your PE. Configure a next hop of
reject for that route.
Step 2.5
Using the show route receive-protocol bgp command, verify that you are
receiving a route from your remote PE neighbor.
In this lab part, you will create an RSVP-signaled LSP from your PE to the remote PE.
The second router along the path of the LSP must be either P1 (for ingress router
PE1) or P3 (for ingress router PE2). You will specify a strict hop of the provider
router’s connecting interface. Refer to the lab diagram titled “Traffic Protection Lab”
to determine the path of your LSP.
Step 3.1
Enter configuration mode and navigate to the
hierarchy. Create a path for your LSP named strict-first-hop using the hops
listed in the following table:
Step 3.2
Configure an LSP named localPE-to-remotePE-pod to the remote PE with a
primary path using the path you created in the previous step. For example, if you are
assigned router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for
mxB-1 should be named pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Modify the LSP with the command. Commit your
configuration and exit configuration mode and verify that your LSP is up.
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P routers.
Step 3.6
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration.
Step 3.7
Verify that the LSP is up using the run show rsvp session ingress
command.
In this lab part, you will configure a secondary path for the LSP to add traffic
protection to the LSP.
Step 4.1
Navigate to the hierarchy. Create a secondary path
called any-path that lists no hops. That is, this path should make it as easy as
possible for the network to build a secondary path.
Step 4.2
To provide traffic protection to the existing LSP, apply the path created in the
previous step as a secondary path for the LSP. Commit your configuration and exit
configuration mode.
Step 4.3
Verify that the new LSP is up and is currently traversing the correct next-hop P router.
Step 4.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
Step 4.5
Verify the status of the LSP.
Step 4.6
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
Step 4.7
Use the show mpls lsp extensive command to verify the status of the LSP.
In this lab part, you will configure a secondary path that will be on hot standby for
the LSP to add even more traffic protection to the LSP.
Step 5.1
Enter configuration mode and navigate to the
hierarchy. To provide slightly more traffic protection to the existing LSP, apply the
any-path path as a standby secondary path for the LSP. Commit your
configuration and exit configuration mode and verify that your LSP is up.
Step 5.2
Use the show mpls lsp ingress extensive command to verify that the new
LSP is up using the primary path. Also, verify that the secondary path is up in a
standby state.
Step 5.3
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
Step 5.4
Verify the status of the LSP using the run show mpls lsp ingress
extensive command.
Step 5.5
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Step 5.7
After the LSP has reverted to the primary path, view the forwarding table to see the
next hop of the BGP route being advertised by the remote PE router.
Step 5.8
Enter configuration mode and navigate to the
hierarchy. Create a load balancing policy called load-balance that performs load
balancing on all prefixes.
Step 5.9
Navigate to the hierarchy. Apply the
load-balance policy as an export policy to the forwarding table. Commit your
configuration and exit to operational mode.
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.
In this lab part, you will familiarize yourself with the behavior of an LSP with no
primary path. Instead, the LSP will have two secondary paths.
Step 6.1
Enter configuration mode navigate to the hierarchy.
Delete the LSP from the previous sections of the lab.
Step 6.4
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
Step 6.5
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.
Step 6.6
Enable the interface on your PE that is used by the primary path of the LSP. Commit
your configuration and exit to operational mode.
Step 6.7
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
In this lab part, you will become familiar with an LSP that is protected by fast-reroute.
Step 7.1
Enter configuration mode navigate to the hierarchy.
Delete the LSP from the previous sections of the lab.
Step 7.2
Create an no-cspf LSP named localPE-to-remotePE-pod to the remote PE.
For example, if you are assigned router mxB-1, your peer router is mxB-2 and your
pod is B. The LSP for mxB-1 should be named pe1-to-pe2-B. Your LSP should
egress at your remote peer’s loopback address. The LSP should have fast-reroute
enabled. The LSP should have a primary path using the strict-first-hop path.
Commit your configuration and exit to operational mode.
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Step 7.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
Step 7.5
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.
Step 7.6
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration and exit to operational mode.
In this lab part, you will become familiar with an RSVP LSP that is protected by link
and node-link protection.
Step 8.1
Enter configuration mode navigate to the hierarchy.
Delete the LSP from the previous sections of the lab.
Step 8.2
Create an no-cspf LSP named localPE-to-remotePE-pod to the remote PE
router with node-link protection enabled. The LSP should have a primary path using
the strict-first-hop path.
Step 8.3
In the previous part of the lab, you found that the fast-reroute feature allowed the
ingress PE to signal to all downstream routers that they must build detour paths
around the immediate downstream node. In the case of fast-reroute, no special
configuration was needed on any downstream router to build detour paths. In the
case of link and node-link protection, you must specify each individual link within
your network topology that can be protected.
Navigate to the hierarchy and configure the
ge-1/0/0.unit interface to allow link protection capabilities. Commit your
configuration and exit to operational mode.
Step 8.4
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Step 8.7
Use the show rsvp session ingress detail command to verify the status
of the LSP.
In this lab part, you will become familiar with an LDP LSP that is protected by link
and protection.
Step 9.1
Enter configuration mode navigate to the hierarchy.
Delete the LSP from the previous sections of the lab.
Step 9.2
Navigate to the and enable LDP on every interface.
Step 9.3
Use the show ldp interfaces command to determine if LDP has been
enabled.
Step 9.4
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
Step 9.5
Navigate to the hierarchy. On the unit
interface, apply link protection. Commit your configuration.
Step 9.6
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
Question: Why did the next hops change for the LDP
routes when link protection was only configured
under OSPF?
Step 9.7
Navigate to the hierarchy. Configure a path called
avoid-top that ensure that an LSP will not traverse the ge-1/0/0 interface.
Step 9.8
Configure a RSVP LSP called protect that terminates on the P router
attached to your ge-1/0/0 interface. Apply the avoid-top path to the LSP. Also,
ensure that it can be used as a backup path for both OSPF routes and LDP routes by
configuring and .
Step 9.10
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
Step 9.11
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will load a baseline multiprotocol label switching (MPLS) network. You will
analyze the default fate sharing behavior of your Juniper router. You will then configure
fate sharing so that you can avoid a single point of failure between the primary and
secondary paths of an MPLS label switched path (LSP). Next, you will enable Shared Risk
Link Group (SRLG) values in the network such the IGP can help improve the Junos
operating system’s default fate sharing behavior. Finally, you will repurpose a set of SRLG
values for use as extended admin groups.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load a baseline network.
• Define an Resource Reservation Protocol (RSVP) signaled LSP to the remote
provider edge (PE) router.
• Add primary/secondary path protection to an LSP.
• Analyze the default fate sharing behavior of you Juniper routers.
• Modify the fate sharing behavior of you Juniper router.
• Enable and analyze the use of SRLG values.
• Enable extended admin groups to be used for signaling MPLS LSPs.
In this lab part, you will create the baseline network for the lab. You will load a
baseline configuration which will configure your router’s interfaces, six logical
systems that represent the core network (p1, p2, p3, p4, pe2, and VS), and the
Open Shortest Path First (OSPF) topology. Since the core network is already
configured for you, you will only be responsible for configure pe1 (the default logical
system). The loaded configuration will also enable RSVP and MPLS on the
core-facing interfaces of the pe1 router.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Use the show route command to verify that your PE router has learned routes to
the loopback address of all of the core routers in the network.
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
In this lab part, you will create an RSVP-signaled LSP from pe1 to pe2. You will
create two empty paths (no EROs or admin groups) called path1 and path2. You
will apply path1 as the primary path of your LSP and path2 as the secondary path
of your LSP while ensuring that the secondary LSP is in standby mode.
Step 2.1
Enter configuration mode and navigate to the
hierarchy. Create two empty paths called path1 and path2.
Step 2.2
Configure an LSP named lsp1 from pe1 to pe2 with a primary path of path1 and a
secondary path of path2. Ensure the secondary path is on standby. Your LSP
should egress at pe2’s loopback address.
Step 2.3
Enable traceoptions for MPLS by configuring a file name cspf-trace.log and
specify the flags of , , and . Commit your
configuration and exit to operational mode.
Step 2.4
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking.
Step 2.5
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
Step 2.6
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
Step 2.7
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking. It might take 30
seconds for the secondary to get to the up state.
Step 2.8
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
Question: Can you tell from the log file as to why the
primary and secondary LSPs do not take the exact
same path?
In this lab part, you will configure fate sharing so that the ingress router can attempt
to avoid the single point of failure (the Ethernet switch) when signaling the
secondary LSP.
Step 3.5
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
In this lab part, you will configure an SRLG so that the ingress router can attempt to
avoid the single point of failure (the Ethernet switch) when signaling the secondary
LSP. Use the diagram labeled “Fate Sharing Lab - Part 4” for this part of the lab.
Step 4.1
Enter configuration mode and navigate to the
hierarchy. Delete the entire configuration hierarchy at that level.
Step 4.2
Configure an SRLG called switch1. This SRLG should have a SRLG value of 1003
and an SRLG cost of 20000.
Step 4.3
Navigate to the hierarchy. Apply the switch1 SRLG
to the two ge-1/0/5 subinterfaces that attach to the Ethernet switch. Commit your
configuration and exit to operational mode.
Step 4.4
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
Step 4.5
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
Step 4.6
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking. It may take 30
seconds for the secondary to get to the up state.
Step 4.7
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
www.juniper.net Fate Sharing • Lab 5–7
Junos MPLS and VPNs
Question: During the CSPF calculation of the
secondary path, what is the CSPF metric being used
for the pe1-p2 link as well as the pe1-p3 link?
Step 4.8
Issue to the show mpls lsp extensive command to determine the SRLGs that
each path is currently traversing.
In this lab part, you will repurpose 100 SRLG values so that they can be used as
extended admin groups. You will then configure an LSP that will traverse links that
have been colored with extended admin groups.
Step 5.1
Enter configuration mode and navigate to the
hierarchy. Configure the extended admin group range to be from 100 to 900.
Step 5.2
Configure 3 extended admin group called gold (value 100), silver (value 101),
and bronze (value 102).
Step 5.3
Navigate to the hierarchy and apply (color) the
appropriate extended groups to your core facing interfaces.
Step 5.6
Issue to the show mpls lsp extensive name lsp-bronze command to
determine the SRLGs that each path is currently traversing.
Step 5.7
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
This lab demonstrates configuration and monitoring of miscellaneous Resource
Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers
running the Junos operating system. In this lab, you use the command-line interface (CLI)
to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous
features.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Configure an RSVP LSP to install a route in .
• Configure multiprotocol label switching (MPLS) traffic engineering to install a
route in .
• Use policy to control LSP selection.
• Use metrics to control LSP selection.
• Configure the network to not decrement time-to-live (TTL).
• Configure a router to signal explicit null.
• Configure a router to automatically adjust the RSVP reservation based on
observed bandwidth.
• Use MPLS pings to monitor connectivity.
In this lab part, you will load a configuration that will automatically configure the
interfaces and networks needed to establish an internal BGP (IBGP) peering
between your provider edge (PE) router and the remote PE router. The loaded
configuration will also enable RSVP and MPLS on the core-facing interfaces. After
loading the configuration, you will configure an LSP to traverse the network to
terminate at the remote provider edge (PE) router.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.7
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Step 1.8
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the hierarchy and create a LSP named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peer’s loopback address.
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
Step 1.9
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
In this lab part, you will add another interface to the OSPF network. Including the
new interface in OSPF will allow you to establish reachability for the remote team.
After establishing reachability, you will configure the router to install the remote
team’s route as a destination that will use the established LSP for all traffic to the
new network.
Step 2.1
Enter configuration mode and navigate to the
hierarchy and add the new interface to the existing configuration as a
interface. We are adding the interface as because we are
adding the interface for demonstrative purposes and will not be establishing a
neighbor relationship on that interface. After you are satisfied with the changes,
commit and exit to operational mode.
Step 2.2
Use the show ospf interface command to verify the new interface is
participating in your OSPF network.
Step 2.3
Verify with your remote team that they have completed the previous task. Once they
have completed these steps, you will verify that you are receiving the new remote
network as an OSPF route.
Step 2.6
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
routing table to resolve the BGP next hop and internal IPv4 traffic will only
use the next hop found in the routing table.
Step 2.7
Include the RSVP route in the routing table, so that internal traffic can also
use the LSP. Include this route by adding the option to the route you
installed under the LSP. After adding this option, commit your configuration,
Step 2.8
Verify that you can now see the RSVP route in your routing table.
In this lab part, you will configure MPLS traffic engineering to move routes from
into the routing table for both BGP and internal gateway protocol
(IGP) routes. You will then use the utility to verify that the traffic is
using the LSP for internal traffic.
Step 3.1
Remove the active option from the installed route. Review your configuration change
before proceeding. When you are satisfied with the change, issue a commit and exit
to operational mode.
Step 3.2
Verify that you no longer have the RSVP route in your routing table.
Step 3.3
Enter into configuration mode and navigate to the
hierarchy and enable traffic engineering to move routes from into the
routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode.
Step 3.4
Verify that your route table contains the RSVP route to the remote network
specified to use the LSP.
Step 3.5
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network (use the address on the remote PE router’s ge-1/0/4
interface as a destination).
In this lab part, you will use policy to control which LSP certain traffic traverses. You
will begin by disabling the extra interface from OSPF that was added in Part 2. You
will create two new LSPs that take different paths through the core network. You will
then create two static routes and export these routes to your BGP peer. Finally, you
will create and apply a policy to send traffic destined to the two routes—received
from your neighbor—down separate LSPs.
Step 4.1
Enter into configuration mode and begin by removing the ge-1/0/4 interface that we
added to OSPF area 0 in Part 2. You only need to remove this interface from your
OSPF configuration.
Step 4.2
Navigate to the hierarchy and delete the existing label
switched path and traffic engineering configuration.
Step 4.3
Create two paths named one and two. Specify the different loose hops that each
LSP path should signal along. Path one should traverse the top of the network using
the P1, P2, and P3 routers. Path two should traverse the bottom using P4, P5, and
P6 routers.
Step 4.4
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE router’s loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
Step 4.5
Using the show mpls lsp extensive ingress command, verify that your
LSPs are established and traversing the core network as expected based on your
explicit paths.
Step 4.10
Enter into configuration mode and create a policy named lsp-policy. Create a
term named lsp-1. Under this term you will match the first BGP prefix received
from your peer and change the next-hop to your LSP named lsp-1. You will accept
this route. Then, you will create a second term named lsp-2, which will match on
the second BGP route and change the next-hop to lsp-2. This route also needs to
have the accept action.
Step 4.11
Navigate to the hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode.
Step 4.12
Verify that the next hop for each of the remote BGP routes point to the correct LSP as
defined in your policy.
In this lab part, you will configure the router to use metrics to control LSP selection.
You will begin by removing the policy you created in the Part 4. You must also
remove the export policy applied to the forwarding table. You will look at the current
state of the BGP routes and determined the metric value calculated from the IGP for
each of the RSVP routes. You will then manually set the metric on one of the LSPs to
be higher than the IGP calculated value. You will then verify the changes and review
the changes to the routing table.
Step 5.1
Enter into configuration mode and remove the policy you created in Part 4. You must
also remove the export policy applied to the forwarding table because it is no longer
defined. Commit your changes when you are ready to proceed.
Step 5.2
Use the show route protocol bgp command to review the current status of
your BGP routes received from your peer.
Step 5.3
Review the RSVP routes in inet.3 to determine what metric is being calculated by the
IGP. This status review provides the current values so that when you manually assign
a metric, you can verify that the changes have been applied correctly
Step 5.6
View the inet.3 table to verify the metric change is reflected by the RSVP routes.
In this lab part, you will configure the router to not decrement the TTL. First, you will
look at the default TTL handling behavior. You will configure the router so that the
TTL is not decremented as packets traverse the MPLS network.
Step 6.1
Enter into configuration mode and navigate to the
hierarchy. Enable . This will allow you to
traceroute over the MPLS LSPs to the remote teams loopback address. We will be
using traceroute to demonstrate the behavior with TTL handling. Commit the change
and exit to operational mode before proceeding. By using traffic engineering, it
allows internal traffic to use the RSVP routes to get to the remote team’s loopback
address.
Step 6.2
Verify the default behavior by using the traceroute utility. You can now traceroute to
the remote team’s loopback address.
In this lab part, you will configure your router to signal explicit null. Using explicit null
notifies the penultimate label-switching router (LSR) that the egress router will
remove the MPLS label. You will compare the value before and after
configuring the router to signal explicit null.
Step 7.1
Use the show mpls lsp egress command to view the value before
you configure the router to signal explicit null. You should expect to see a value of 3
for both LSPs.
Step 7.2
Enter into configuration mode and navigate to the
hierarchy. Configure your router to signal explicit null by using the
command. This command tells the router to signal the upstream
LSR (penultimate router) that it expects to receive an MPLS label. In operation,
instead of signaling a value of 3 upstream (default behavior), the egress router will
signal a value of 0 upstream. Commit the changes and exit to operational mode
before proceeding to the next step.
Step 7.3
Use the show mpls lsp egress command to view the value now that
you have configured the router to signal explicit null. You should expect to see a
value of 0 for both LSPs.
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
Step 8.1
Enter into configuration mode and navigate to the
hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the statement.
Step 8.2
Navigate to the and enable
under the existing LSP . Commit your changes and exit to operational mode
before proceeding to the next step.
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
In this lab part, you will use MPLS Pings to verify LSP connectivity to the egress
node.
Step 9.1
Verify the connectivity of lsp-1 by executing the command ping mpls rsvp
lsp-1.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the a baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
• Create and establish a Layer 3 VPN over the core network.
• Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
• Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
• Verify connectivity and behavior using command-line interface (CLI)
operational mode commands including ping and commands used to examine
routing tables and PE-PE BGP announcements.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then enable Resource Reservation Protocol (RSVP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure
MP-BGP, and configure a route-distinguisher ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
Step 1.7
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.8
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
core-facing interfaces.
Step 1.9
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.10
Configure the RSVP protocol on the core-facing interfaces.
Step 1.11
Enable traffic-engineering under so that your router
will flood its own OpaqArea link state advertisement (LSA) and use these LSA types
to build and use the traffic engineering database (TED) for constrained shortest
path first (CSPF) calculations.
Step 1.12
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE router’s BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
Step 1.13
To allow for the automatic generation of route distinguishers, navigate to the
hierarchy and specify the
using your PE router’s loopback address. Commit
your configuration and exit out to operational mode.
Step 1.14
Using show commands, verify that MPLS and RSVP are configured correctly on the
core-facing interfaces.
In this lab part, you will configure an RSVP-signaled LSP between the PE routers. You
will verify reachability using the MPLS ping utility.
Step 2.1
Enter configuration mode and navigate to the
hierarchy and configure a called
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peer’s loopback address.
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
Step 2.2
Use the show mpls lsp command to verify that the RSVP LSP you just configured
is up and functional. Ensure that you have bidirectional LSPs before proceeding.
Step 2.3
Use the show route table inet.3 command to review the inet.3 routing table
and verify that the RSVP route is present and ready to use.
In this lab part you will view the configuration for CE router (logical system) that was
preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Step 3.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 3.2
Issue the show configuration command to view the configuration of the CE
router.
Step 3.3
Use the ping utility to attempt to ping the local PE router’s ge-1/0/4 interface.
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 4.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 4.2
Enter configuration mode and navigate to the hierarchy.
Configure the appropriate ge-1/0/4 interface properties found on the network
diagram. Commit your changes and exit to operational mode to verify reachability to
the CE interface.
Step 4.3
Verify connectivity to the CE device using the ping utility with a count value of 3.
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route distinguisher and a unique route target. You will include your CE facing
interface within this instance. In this lab, you will be using the option
because of its simplicity. Please note that and policies
would work also.
Step 5.1
Enter into configuration mode and navigate to the
hierarchy. Create a new VPN routing and
forwarding (VRF) instance named vpn-pod.. For example, if you are assigned router
mxB-1, your pod is B. The routing instance for mxB-1 should be named vpn-B.
Step 5.2
Navigate to the pod hierarchy. Create a
route distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should look like this:
loopback-address .
Step 5.4
Include the CE facing interface in your VRF instance.
Step 5.5
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 5.6
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE facing interface. You can accomplish this by issuing the
show route table vpn-pod.inet.0 command.
In this lab part, you will configure static routes to pass traffic from your PE router to
your CE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE site. You will
configure a default route on your CE router. You will configure static routes on your
PE router, under your VRF instance, for the four static routes already created on the
CE device. You will also configure a static route for the loopback address of your
CE router. You will verify that these routes are shared with the remote PE device and
you must also verify that you are receiving the routes from the remote PE. You will
use the ping utility to test the CE to CE connectivity over the Layer 3 VPN.
Step 6.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.5
Enter configuration mode and navigate to the
vpn-pod hierarchy. Configure the static routes in your PE
instance for the static networks that reside on your CE device. You must also
configure a static route for the loopback address of your CE device. All static route
next hops should point to the CE router’s ge-1/1/4 interface address.
Step 6.6
Verify that you are advertising your routes to the remote PE router.
Step 6.7
Verify that you are receiving routes from the remote PE router.
Step 6.8
Review the routes that are installed in your VRF table.
Step 6.9
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 6.10
Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping
utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CE’s loopback address. You will send five packets for this
test. This can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5
In this lab part, you will configure BGP routing to pass routes from your CE to your
PE router. These routes will be passed through the MP-BGP session to the remote
PE router so that traffic can be routed from the remote CE site. You will verify that
your routes are shared with the remote PE device and you will also need to verify
that you are receiving the routes from the remote PE. You will use the ping utility to
test the CE to CE connectivity over the Layer 3 VPN.
.
Note
Prior to starting this part of the lab, your CLI
should be set in the context of the CE
logical system.
Step 7.1
Enter into configuration mode and navigate to the
hierarchy. Create an external group called my-ext-group and specify the local
PE’s ge-1/0/4 interfaces as the neighbor address. You must also define your
(AS 65512). Apply the policy exp-policy that you analyzed earlier in
the lab as an export policy to your EBGP group. Review your BGP configuration
before proceeding.
Step 7.7
Verify that your PE router is advertising your VPN routes to the remote PE router.
Step 7.8
Verify that you are receiving the VPN routes being advertised from the remote
PE router.
Step 7.11
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 7.12
Verify that your PE router is advertising these routes to your CE router.
Step 7.13
Take an extensive look at one of the routes you are receiving from the remote
PE router but are not advertising to your CE router.
Step 7.17
Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the
ping utility. You will ping the remote CE router’s loopback address while sourcing the
packets from your local CE router’s loopback address. You will send five packets for
this test. This task can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5 .
Step 7.18
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 7.19
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will configure an internal
BGP (IBGP) session with a preconfigured route reflector in the core network. You will
implement route target filtering on your PE router and you will configure Internet access
for the customer edge (CE) router through your PE router.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the a baseline configuration for your router. This configuration includes
your baseline core OSPF configuration. The baseline also contains two logical
router configurations that will act as your CE routers for this lab.
• Configure your IBGP peering so that your router peers with the route reflector.
• Configure LDP-signaled label-switched paths (LSPs) to the remote PE router.
• Create and establish two Layer 3 VPNs over the core network.
• Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
• Implement route target filtering on your PE router.
• Configure Internet access for your CE router through your PE router.
• Verify connectivity and behavior throughout the lab using command-line
interface (CLI) operational mode commands including ping and commands
used to examine routing tables and PE-PE BGP announcements.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline OSPF configuration and then enable Label Distribution Protocol (LDP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure a
MP-BGP peering session with the route reflector, and configure a route-distinguisher
ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
Step 1.7
Navigate to the hierarchy. Configure a IBGP peer group
called my-int-group. Use your router’s loopback address as the source address
of all IBGP packets. Finally, configure your router to peer with the P2 router, which is
the acting route reflector for the core network.
Step 1.8
To allow for the exchange of Layer 3 VPN routes, enable the
network layer reachability information (NLRI) for your PE router’s BGP session with
the P2 router. Make sure to also enable the exchange of standard unicast IP version
4 (IPv4) routes as well. Commit your configuration and exit to operation mode.
Step 1.9
Verify that your PE router has established an IBGP neighbor relationship with the P2
router.
Step 1.10
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
core-facing interfaces.
Step 1.11
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.12
Configure the LDP protocol on the core-facing interfaces as well as the loopback
interface.
Step 1.13
To allow for the automatic generation of route distinguishers, navigate to the
hierarchy and specify the
using your PE router’s loopback address. Commit
your configuration and exit out to operational mode.
Step 1.14
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.
Step 1.15
Verify that your router has established LDP neighbor relationships with the
neighboring P routers.
Step 1.16
Verify that the routing table contains an LDP route to the remote PE router.
In this lab part, you will view the configuration for the two CE routers (logical
systems) that were preconfigured as part of the loaded starting configuration in
Part 1 of this lab.
Step 2.1
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
Step 2.2
Issue the show configuration command to view the configuration of the CE
router.
Step 2.3
Use the ping utility to attempt to ping the local PE router’s ge-1/0/4 interface.
Step 2.4
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
Step 2.5
Issue the show configuration command to view the configuration of the CE
router.
Step 2.6
Use the ping utility to attempt to ping the local PE router’s ge-1/0/5 interface.
In this lab part, you will configure both of the PE to CE interfaces.You will verify
reachability using the ping utility.
Step 3.3
Verify reachability to both CE routers by pinging their interfaces five times.
In this lab part, you will configure two Layer 3 VPN instances. You will create a VPN
named vpn-lower, which will connect the lower CE routers (see diagram) of the
two sites. For example, if you are controlling mxB-1 or mxB-2 (pod B), you will create
a VPN that connects ceB-1 to ceB-2. You will then create a VPN named vpn-upper,
which will connect the upper CE routers. You will assign a unique route target to
each instance and you will include your CE-facing interface within the appropriate
instance. In this lab, you will be using the option because of its
simplicity. Please note that and policies would work
also. Use the following table as your guide for configuring your target communities in
this part of the lab.
Step 4.1
Enter into configuration mode and navigate to the
vpn-lower hierarchy. Configure the routing instance specifying a routing
instance type of .
Step 4.9
Issue the show route advertising-protocol bgp extensive command to
view that routes that are being advertised to the route reflector.
In this lab part, you will configure BGP routing to pass routes from your CE routers to
your PE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE sites. You will
verify that your routes are shared with the remote PE device and you will also need
to verify that you are receiving the routes from the remote PE router for each of the
configured VPNs. You will use the ping utility to test the CE to CE connectivity over
the Layer 3 VPNs for each site.
Step 5.1
Enter into configuration mode and navigate to the
vpn-lower hierarchy. Create an external group called
my-ext-group-lower and specify your locally attached CE router’s neighbor
address. You must also define your . Remember to add the option
to your BGP group, because both the local CE router and the remote
CE router are in the same AS. Review your configuration, commit, and exit to
operation mode before moving on to the next step.
Step 5.2
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
Step 5.3
Enter configuration mode and navigate to the
hierarchy. Create an external group called my-ext-group and specify your local
PE router’s neighbor address. You must also define your . Apply the policy
exp-policy that you viewed earlier in the lab as an export policy to your EBGP
group. Review your configuration, commit, and exit to operational mode.
Note
Check with the team configuring the
remote CE router and ensure that they have
completed Step 5.3 before proceeding to
the next step.
Step 5.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 5.5
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the lower CE router at your PE router.
Step 5.6
Issue the show route advertising-protocol bgp 193.168.5.2
command to verify that you are sending the routes learned from the local lower CE
router to the remote team through the route reflector.
Step 5.7
Issue the show route receive-protocol bgp 193.168.5.2 command to
verify that you are also receiving the remote, lower CE router’s static routes at your
PE router from the route reflector.
Step 5.8
Issue the show route advertising-protocol bgp local-ce-address
command to verify that you are sending the routes learned from the remote, lower
CE router to the local, lower CE router.
Step 5.9
Use the set cli logical-system command to place the CLI in the context of
the lower CE router logical system (based on the location on diagram).
Note
If you are not receiving or sending any of
the routes from the previous steps, please
review your configuration and work with the
remote team for your pod. Request
assistance from the instructor as needed.
Step 5.11
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 5.12
Enter into configuration mode and navigate to the
vpn-upper hierarchy. Create an external group named
my-ext-group-upper and specify your neighbor address. You must also define
your . Remember to add the option to your BGP group,
because both the local CE router and the remote CE router are in the same AS.
Review your configuration, commit your configuration, and exit to operational mode
before proceeding to the next step.
Step 5.13
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
Step 5.14
Enter configuration mode and navigate to the
hierarchy. Create an external group named my-ext-group and specify your
neighbor address. You must also define your . Apply the policy
exp-policy that you viewed earlier in this lab as an export policy to your EBGP
group. Review your configuration, commit, and exit to operational mode.
Note
Check with the team configuring the
remote CE router and ensure that they have
completed Step 5.14 before proceeding to
the next step.
Step 5.16
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the upper, local CE router at your PE router.
Step 5.17
Issue the show route advertising-protocol bgp 193.168.5.2
command to verify that you are sending the routes learned from the local, lower CE
router to the remote team through the route reflector.
Step 5.18
Issue the show route receive-protocol bgp 193.168.5.2 command to
verify that you are also receiving the remote, upper CE router’s static routes at your
PE router from the route reflector.
Step 5.19
Issue the show route advertising-protocol bgp upper-ce-address
command to verify that you are sending the routes originated by the remote, upper
CE router to the local, upper CE router.
Step 5.20
Use the set cli logical-system command to place the CLI in the context of
the upper CE router logical system (based on the location on diagram).
Step 5.21
Verify reachability to the remote, upper CE router by pinging the loopback address
five times. This task can be accomplished by issuing the ping
remote-ce-loopback source local-ce-loopback count 5 command.
Note
If you are not receiving or sending any of
the routes from the previous steps, please
review your configuration and work with the
remote team for your pod. Request
assistance from the instructor as needed.
In this lab part, you will implement route filtering on your PE router. You will alter the
upper CE router’s , to demonstrate the purpose of route target filtering
at the route reflector. You will review the default route advertising behavior from the
route reflector by utilizing the option. You will configure the PE router to
signal route target filtering and verify the route reflector is no longer sending you
routes with target values for which your PE router is not configured.
Step 6.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.2
Enter into configuration mode and navigate to the
vpn-upper hierarchy. Alter the you have configured for this VPN
using the table below as your guide. After making this configuration change, commit
and exit to operational mode.
www.juniper.net Route Reflection and Internet Access • Lab 8–13
Junos MPLS and VPNs
Note
Your routes will be advertised to the route
reflector, but when you receive the routes
for the remote CE router, your PE router will
evaluate the target value against the
targets configured for your VPNs and reject
the routes that do not match the local
target values.
Step 6.3
Review the routes that you have accepted and installed in your
routing table.
Step 6.4
Enter configuration mode and navigate to the
hierarchy. Enable the functionality for your BGP session. This
functionality will cause the PE router to keep all VPN routes that are advertised to it
from the route reflector, regardless of value. Commit your
configuration changes and exit to operational mode.
Step 6.5
Review the routes that you have accepted and installed in your
routing table after adding the functionality.
Step 6.6
Enter into configuration mode and navigate to the
hierarchy. Configure your router to signal the route target NLRI for the IBGP session
to the route reflector. Commit your configuration and exit to operational mode.
Step 6.7
Review the routes that you have accepted and installed in your
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.
In this lab part, you will establish Internet access for your CE router connected to the
vpn-lower instance. You will create another logical unit on the same physical
interface connecting the CE router to the PE router. You will create a static default
route on the CE router that points to the PE router’s non-VRF interface as the next
hop. You will configure the PE router’s non-VRF interface as passive in your IGP, to
allow reachability to the CE router from the core network. You will ping one of the
core router’s loopback interfaces from your CE device to simulate connectivity to the
Internet (networks outside the VPN instance).
Step 7.1
Enter configuration mode and navigate to the hierarchy.
Configure the additional logical unit, VLAN, and IP address for the PE router
interface.
Step 7.2
Navigate to the hierarchy and create a static route
on your PE router that encompasses all of your static routes on your CE router in a
single prefix (it will be a /22 route). The next hop for this route will be the CE
interface address for the non-VRF connection. You will also need to add your CE
router’s loopback address as a static route with the same next hop.
Step 7.3
Navigate to the hierarchy. Create a policy named
statics that will be used to redistribute your static routes into OSPF.
Step 7.8
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 7.9
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load a baseline configuration for your router. This configuration includes your
baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
• Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE router’s static routes into
OSPF.
• Configure a GRE tunnel to the remote PE router.
• Create and add a static route to inet.3.
• Redistribute the MP-BGP routes learned from the remote PE into OSPF.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables, and PE-PE BGP
announcements.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then configure MP-BGP and a route-distinguisher ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab9-start.config and commit.
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
Step 1.7
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.8
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
core-facing interfaces.
Step 1.13
Verify the state of your PE router’s BGP neighbor relationship with the remote PE
router.
In this lab part, you will view the configuration for CE router (logical system) that was
preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Please refer to the diagram labeled “GRE Tunnel Integration Lab: Parts 2-8”.
Step 2.3
Use the ping utility to attempt to ping the local PE router’s ge-1/0/4 interface.
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 3.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 3.2
Enter into configuration mode and navigate to the
hierarchy. Configure the appropriate interface properties foe the PE router’s
ge-1/0/4 interface as found on the network diagram. Commit your change and exit
to operational mode to verify reachability to the CE interface.
Step 3.3
Verify connectivity to the local CE device using the ping utility with a value
of 3.
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route target to the VPN. You will include your CE-facing interface within this instance.
In this lab, you will be using the option because of its simplicity.
Please note that and policies would work also.
Step 4.1
Enter into configuration mode and navigate to the
hierarchy. Create a new VRF instance named vpn-pod.
For example, if you are configuring mxB-1, your VRF instance would be named
vpn-B.
Step 4.2
Navigate to the pod hierarchy. Configure
your route target. As mentioned earlier, you will be using the option.
Use the table below to determine the target community for your router.
Step 4.3
Include the CE-facing interface in your VRF instance.
Step 4.4
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 4.5
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE-facing interface. You can accomplish this task by issuing
the show route table vpn-pod.inet.0 command.
In this lab part, you will configure OSPF routing between your PE and CE routers.
These routes will be passed through the MP-BGP session to the remote PE router.
You will verify that these routes are shared with the remote PE device and you will
also need to verify that you are receiving the routes from the remote PE router.
Step 5.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 5.2
Enter into configuration mode and navigate to the
hierarchy. Create a policy named statics that will be used to redistribute your
CE router’s static routes into OSPF.
Step 5.3
Navigate to the hierarchy. Configure your CE router’s loopback and
Ethernet interfaces as OSPF area 0.0.0.0 interfaces.
Step 5.8
Verify that the static routes that are being redistributed by the CE router can be
found in the VRF table of the PE router.
Step 5.9
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
Step 5.10
Verify that you are receiving routes from the remote PE router.
Step 5.11
Determine whether any hidden routes are being received from the remote PE router.
In this lab part, you will configure a GRE tunnel between the PE routers.
Step 6.1
Enter configuration mode and navigate to the hierarchy. Enable
1 Gbps tunnel service on FPC 1/PIC 0.
Step 6.2
Navigate to the hierarchy and configure a tunnel interface
named gr-1/0/10.0. The interface should source packets from the local PE router’s
loopback address. The interface should be configured to send packets destined to
the remote PE router’s loopback address. Finally, enable forwarding of MPLS and
IPv4 traffic on the tunnel interface. Commit your configuration and exit to
operational mode.
Step 6.3
Verify that the GRE interface is up and functional.
In this lab part, you will configure a static route to the loopback of the remote PE
such that it is placed in the inet.3 routing table.
Step 7.1
Enter configuration mode and navigate to the
hierarchy. Create a static route to the loopback address of the remote PE router that
will exist only in inet.3 and has a next hop of the gr-1/0/10.0 interface. Commit your
configuration and exit to operational mode.
Step 7.2
Verify that the new static route exists in inet.3 and only inet.3.
Step 7.3
Review the routes that are installed in your VRF table.
Step 7.4
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 7.5
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE router’s loopback address while
sourcing the packets from your local CE router’s loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
Step 7.7
Review the LSAs that currently exist in the CE router’s link state database.
In this lab part, you will configure a routing policy that will take the BGP routes
learned from the remote PE router and redistribute them into OSPF.
Step 8.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 8.6
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE router’s loopback address while
sourcing the packets from your local CE router’s loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
Step 8.7
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN)
using LDP signaled label switched paths (LSP) between provider edge (PE) routers. Once
the virtual LAN (VLAN)-based Layer 2 VPN is operational, you will configure the customer
edge (CE) routers to run one of several available routing protocols and advertise their
static route and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE
routers will not interact with the routing protocols used on the CE routers.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration which includes OSPF. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
• Configure an LDP-signaled label-switched path (LSP) to the remote PE router.
• Add protocol BGP support for the Layer 2 VPN network layer reachability
information (NLRI).
• Create and establish a BGP Layer 2 VPN over the core network.
• Add OSPF to your CE network and create a neighborship between your
CE router and the remote CE router.
• Export your static routes into OSPF and share these routes with the remote
CE network.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 2 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline OSPF configuration and then enable Label Distribution Protocol (LDP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure a
MP-BGP peering session with the remote PE router, and configure a
route-distinguisher ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
Step 1.7
Navigate to the hierarchy. Configure a IBGP peer group
called my-int-group. Use your router’s loopback address as the source address
of all IBGP packets. Finally, configure your router to peer with the remote PE router.
Step 1.8
To allow for the exchange of BGP Layer 2 VPN routes, enable the
network layer reachability information (NLRI) for your PE router’s BGP
session with the remote PE router. Make sure to also enable the exchange of
standard unicast IP version 4 (IPv4) routes as well. Commit your configuration and
exit to operation mode.
Step 1.9
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.10
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
core-facing interfaces.
Step 1.11
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.12
Configure the LDP protocol on the core-facing interfaces as well as the loopback
interface.
Step 1.13
To allow for the automatic generation of route distinguishers, navigate to the
hierarchy and specify the
using your PE router’s loopback address. Commit
your configuration and exit out to operational mode.
Step 1.14
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.
Step 1.15
Verify that your router has established LDP neighbor relationships with the
neighboring P routers.
Step 1.16
Verify that the routing table contains an LDP route to the remote PE router.
Step 1.17
Verify MPLS connectivity using the MPLS ping utility.
In this lab part, you will verify (on the CE router) and configure (on the PE router) the
PE to CE interface. You will add the correct VLAN tag and ensure that the proper
encapsulation is configured. Later, you will add this interface to your BGP Layer 2
VPN instance.
Step 2.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 2.2
Issue the show configuration command to view the configuration of the CE
router.
Step 2.3
Use the ping utility to attempt to ping the remote CE router’s ge-1/1/4 interface.
Step 2.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 2.5
Enter configuration mode and navigate to the hierarchy.
Configure the PE to CE interface properties outlined in the lab diagram. You will start
with enabling for the interface. You will configure the interface to
handle encapsulation. When you configure the unit, you will also have to
specify the encapsulation for the logical interface also. Because we are configuring
a Layer 2 VPN there will not be any Layer 3 information associated with this
interface. Assign the correct value and commit your changes.
In this lab part, you will configure a BGP Layer 2 VPN instance. You begin by enabling
BGP to signal the Layer 2 NLRI. You will create your BGP Layer 2 VPN instance and
assign a unique route target. You will include your CE-facing interface within this
instance. In this lab you will be using the option because of its
simplicity. Please note that and policies would work
also. Use the following table as your guide for configuring your target communities in
this part of the lab.
Step 3.1
Navigate to the hierarchy. Create a new instance
called vpn-pod. For example, if you are using mxB-1, you are in pod B so your
instance would be called vpn-B. Configure the instance type as .
Step 3.2
Navigate to the pod hierarchy. Configure
your route target. Refer to the table above to determine the target community for
your pod.
Step 3.3
Include the CE-facing interface in your Layer 2 VPN instance.
Step 3.4
Navigate to the vpn-pod
hierarchy. Configure the protocol properties for the BGP Layer 2 VPN. You will be
using the encapsulation type . You will configure your site name to
reflect the name of your CE router. Please refer to lab diagram to determine which
site identifier you should use. Because we are only dealing with 2 sites, you will not
need to configure the remote site ID. You must also indicate the interface that will be
participating in your BGP Layer 2 VPN. Commit and exit to operational mode after
you have completed your changes.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 3.5
Verify your Layer 2 VPN connection by issuing the show l2vpn connections
command.
www.juniper.net BGP Layer 2 VPNs • Lab 10–7
Junos MPLS and VPNs
Question: What is the status of your connection?
Step 3.6
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 3.7
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE interface five times using the ping remote-ce-address count 5
command.
In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. You will peer with the
remote CE router across the BGP Layer 2 VPN you created in Part 4. You will
configure the CE router to share the static routes that you have configured. You will
verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 4.1
Enter configuration mode and navigate to the
hierarchy. Create a policy named statics that will be used to redistribute your
static routes into OSPF.
Step 4.2
Navigate to the hierarchy. Configure your loopback
and PE-facing interface under area 0.
Step 4.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This action will export your static routes to your peer. Commit and exit to operational
mode.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 4.4
Verify that the neighbor relationship has established between the CE routers by
issuing the show ospf neighbor command.
Step 4.5
Review the routes being learned by OSPF and ensure you have the remote
CE router’s static routes by issuing the show route protocol ospf
command.
Step 4.6
Verify you have reachability to the remote CE network by pinging the remote
CE router’s loopback address five times, while sourcing the packets from your local
CE router’s loopback address.
Step 4.7
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 4.8
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider
edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational,
you will configure the customer edge (CE) routers to run one of several available routing
protocols and advertise their static route and loopback address blocks. Because this is a
Layer 2 circuit, the PE routers will not interact with the routing protocols used on the
CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2
circuit configuration and configure a circuit cross connect (CCC) connection. You will then
verify the connection again from CE to CE.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration which includes OSPF. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
• Create and establish an LDP Layer 2 circuit over the core network.
• Add OSPF to your CE network and create a neighbor relationship between your
local CE router and the remote CE router.
• Export your static routes into OSPF and share these routes with the remote
CE network.
• Create and establish a CCC Layer 2 connection over the core network.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables.
In this lab part, you will configure the baseline network for the lab. You will load a
baseline OSPF configuration and then enable Resource Reservation Protocol (RSVP)
and multiprotocol label switching (MPLS) on the core-facing interfaces.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab11-start.config and commit.
Step 1.6
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
Step 1.7
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Navigate to the hierarchy
and enable on both of the core-facing interfaces.
Step 1.8
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.9
Configure the RSVP protocol on the core-facing interfaces. Commit your
configuration and exit to operational mode.
Step 1.10
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.
Step 1.11
Use the show rsvp interface command to verify that RSVP is configured
correctly on the core-facing interfaces.
In this lab part, you will use RSVP to signal an LSP to the remote PE router through
the core network. You will verify that the RSVP LSP is established and the RSVP route
is installed in your routing table. You will configure an extended LDP session by
adding your loopback interface to LDP protocol configuration, because an LDP
Layer 2 circuit requires LDP signaling for exchanging virtual circuit (VC) labels
between PE routers.
Step 2.1
Enter configuration mode and navigate to the
hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the set
no-cspf command. Then, create a named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peer’s loopback address.
Verify that the configuration looks correct.
Step 2.2
Navigate to the hierarchy and configure an extended
LDP session by adding the loopback interface to the LDP protocol. As mentioned
previously, this will allow LDP to exchange VC labels between the PE routers. Commit
your configuration changes and exit to operational mode.
Step 2.3
Verify that the LSP has been established and is ready for use.
Step 2.4
Verify that the routing table has been created and contains the RSVP route
to the remote PE router.
In this lab part, you will configure the PE to CE interface. You will add the correct
VLAN tag and ensure that the proper encapsulation is configured. Later, you will add
this interface to your LDP Layer 2 circuit instance. You will also reconfigure the CE to
PE interface because both the local CE interface and the remote CE interface must
be on the same network.
Step 3.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 3.2
Issue the show configuration command to view the configuration of the CE
router.
Step 3.3
Use the ping utility to attempt to ping the remote CE router’s ge-1/1/4 interface.
In this lab part, you will configure an LDP Layer 2 circuit. You will create the circuit to
the remote PE router’s loopback address and assign the correct CE-facing interface.
You will assign a unique VC identifier. You will then verify that the circuit has been
signaled and is functioning properly.
Step 4.1
Navigate to the hierarchy and specify the
address for the circuit. Add the PE to CE interface that will be
participating in this neighbor relationship. Use the table below to assign a VC
identifier value to the interface. Review your configuration changes, commit, and
exit to operational mode.
Pod VC
Identifier
A 1
B 2
C 3
D 4
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 4.2
Verify that the LDP Layer 2 circuit is up and functional by issuing the show
l2circuits connections command.
Step 4.3
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 4.4
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping remote-ce-address count 5 command.
In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. Your router’s OSPF neighbor
will be the remote CE router across the LDP Layer 2 circuit you created in Part 4. You
will configure the CE router to share the static routes that you have configured. You
will verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 5.1
Enter configuration mode and navigate to the
hierarchy. Create a policy named statics that will be used to redistribute your
static routes into OSPF.
Step 5.2
Navigate to the hierarchy. Configure your loopback
and PE-facing interface under area 0.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 5.4
Verify that the neighbor relationship has established between the CE routers by
issuing the show ospf neighbor command.
Step 5.5
Review the routes being learned by OSPF and ensure that you have the remote
CE router’s static routes by issuing the show route protocol ospf
command.
Step 5.6
Verify that you have reachability to the remote CE network by pinging the remote
CE router’s loopback address five times, while sourcing the packets from your local
CE router’s loopback address.
In this lab part, you will establish a point-to-point Layer 2 VPN using the Junos
operating system’s CCC feature in support of a VLAN environment. MPLS-tagged
VLAN frames will be transported between PE routers over an RSVP-signaled LSP.
Once the Layer 2 CCC connection is established, you will verify that your CE routers
can route using OSPF. Because this is a Layer 2 VPN, the PE routers will not interact
with the routing protocols used on the CE routers. Please refer to the lab diagram
titled “CCC and LDP L2 Circuits Lab – Part 6” for interface properties.
Lab 11–8 • Circuit Cross-Connect and LDP Layer 2 Circuits www.juniper.net
Junos MPLS and VPNs
Step 6.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.2
Enter configuration mode. Delete your LDP Layer 2 circuit configuration and delete
the ge-1/0/4 interface configuration. Commit your configuration changes.
Step 6.3
Navigate to the ge-1/0/5 hierarchy. Configure the PE to
CE interface properties outlined in the lab diagram. You will start with enabling
for the interface. You will configure the interface to handle
encapsulation. When you configure the unit, you will also have to specify
the encapsulation for the logical interface. Because we are configuring a Layer 2
connection, no Layer 3 information is associated with this interface. Assign the
correct value and commit your changes
Step 6.4
Navigate to the top of the hierarchy and issue the command replace
pattern ge-1/1/4 with ge-1/1/5. This action will change all references in
the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used
in the lab diagram. Verify that the interface being applied for the CE logical system
has been changed. Remember to verify the change also applied to your CE router’s
OSPF configuration. When you are satisfied with the change commit your
configuration.
Step 6.5
Navigate to the hierarchy and configure a
named vpn1. Assign your PE interface used to
connect to your CE router (ge-1/0/5) to the interface switch. For the interface you
assign, you have to specify the lsp-name and the
lsp-name for the traffic to use to get to and from the remote end
of the connection. You will assign the RSVP LSP that you configured in Part 2 as you
transmit LSP and you will assign the LSP that the remote team created as you
receive LSP. If you do not remember the names, you can view them in the output
from the run show mpls lsp command. Commit your configuration changes
and exit to operational mode.
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 6.6
Verify that the CCC connection is up and ready to use by issuing the show
connections command.
Step 6.7
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 6.8
Verify that you can ping five times through the CCC circuit you just configured.
Step 6.9
Verify that your OSPF neighborship has established over the CCC circuit.
Step 6.10
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.11
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS
between provider edge (PE) routers. You will also configure a virtual switch to act as the
customer edge (CE) router. There will be redundant links between the PE and CE routers
so you will be required to prevent any Layer 2 loops from forming.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the virtual private network (VPN) baseline configuration for your router.
This configuration includes your baseline core configuration including Open
Shortest Path First (OSPF). The baseline also contains a logical system
configuration that will be used to generate data traffic for this lab.
• Configure Layer 2 interfaces and apply them to a virtual switch that you will
configure to act as the CE router.
• Configure LDP signaling to enable MPLS label-switched paths (LSPs) between
PE routers.
• Configure an LDP VPLS.
• Configure a BGP VPLS.
• Configure redundant links between CE and PE routers and prevent Layer 2
loops from forming.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables, and PE to PE router BGP
announcements.
In this lab part, you will configure the baseline network for the lab. You will load a
baseline OSPF configuration and then enable Label Distribution Protocol (LDP) and
multiprotocol label switching (MPLS) on the core-facing interfaces.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab12-start.config and commit.
Step 1.6
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
Step 1.7
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Navigate to the hierarchy
and enable on both of the core-facing interfaces.
Step 1.8
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.9
Configure the LDP protocol on the core-facing interfaces as well as the loopback
interface. Commit your configuration and exit to operational mode.
Step 1.10
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.
Step 1.11
Verify that your router has established LDP neighbor relationships with the
neighboring P routers.
Step 1.12
Verify that the routing table contains an LDP route to the remote PE router.
Answer:
Step 1.13
Verify MPLS connectivity using the MPLS ping utility.
In this lab part, you will verify the state of the logical system that represents you
locally attached customer routers.
Step 2.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 2.2
Issue the show configuration command to view the configuration of the CE
router.
Step 2.3
Use the ping utility to attempt to ping the remote CE router’s ge-1/1/4 interface.
Step 2.4
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
In this lab part, you will configure a virtual switch that will act as a CE device for this
lab. The virtual switch will be configured to have one interface that connects to the
customer virtual router and two interfaces that connect to the PE router. Use the lab
diagram to see the intended connectivity.
Step 3.1
Enter configuration mode and navigate to the
hierarchy. Create a new virtual switch instance named ce-vs.
Step 3.2
Navigate to the hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of at the physical interface level
and an encapsulation of at the subinterface level.
Step 3.3
Navigate to the and configure a bridge
domain named vlan_vlan-id using the appropriate virtual LAN (VLAN) ID. Add
the three Layer 2 interfaces to the new bridge domain. Commit your configuration
and exit to operational mode.
In this lab part, you will configure an LDP VPLS instance. You will include the
CE router-facing interface within this instance.
Step 4.1
Enter configuration mode and navigate to the hierarchy.
Configure ge-1/0/6 interface to be used as the CE router-facing interface for the
VPLS.
Step 4.2
Navigate to the hierarchy. Create a new VPLS
instance named vpn1.
Step 4.3
Navigate to the vpn1 hierarchy. Add the
ge-1/0/6 interface to the routing instance.
Step 4.4
Create an LDP VPLS using a VPLS ID of 100 and specify the remote PE router as the
neighbor. Commit your configuration and exit to operational mode.
Step 4.5
Check the status of the VPLS connection using the show vpls connections
command.
Step 4.8
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 4.9
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer router’s ge-1/1/4 address. You will send five packets for this test.
Step 4.10
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 4.12
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
In this lab part, you will add an extra interface for redundancy between the PE and
CE routers that will cause a Layer 2 loop to form. To ensure that only one interface is
learning and forwarding at any one time, you will configure Multiple Spanning Tree
Protocol (MSTP) between the PE and CE routers using a Layer 2 control instance on
the PE router.
Step 5.1
Enter configuration mode and navigate to the hierarchy.
Configure the ge-1/0/7 interface to be used as the CE router-facing interface for the
VPLS. Remember that you have already added the peer interface to the CE router
(ge-1/1/7).
Step 5.2
Navigate to the hierarchy. Add the ge-1/0/7
interface to the VPLS. Commit your configuration and exit to operational mode.
Step 5.3
Be aware that you have now created a Layer 2 loop between the PE and CE routers!
Verify with the show vpls connections extensive command that the new
interface has been added to the VPLS.
Step 5.4
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 5.5
Verify that a Layer 2 loop is in the network by issuing a ping to the broadcast address
for the CE to PE subnet. Attempt to ping 5 times. For example, if you are operating
mxB-1, you would issue the command ping 10.0.20.255 count 5.
Step 5.6
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 5.7
Enter configuration mode and navigate to the
hierarchy. Create a new Layer 2 control instance named vpn1-l2control.
Step 5.8
In the vpn1-l2control instance, configure MSTP to run on the ge-1/0/6 and
ge-1/0/7 interfaces. Set the MSTP configuration name to vpn1 and the revision
level to 1.
Step 5.9
In the ce-vs virtual switch instance, configure MSTP to run on the ge-1/1/6 and
ge-1/1/7 interfaces. Set the MSTP configuration name to vpn1 and the revision
level to 1. Commit your configuration and exit to operational mode.
Step 5.10
Use the show spanning tree interface for both the virtual switch and the
Layer 2 control instance to determine which interfaces are in the (forwarding)
state and which interfaces are in the (blocking) state.
Step 5.11
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 5.12
Verify that a Layer 2 loop has been removed from the network by issuing a ping to
the broadcast address on the PE-CE link.
Step 5.13
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
In this lab part, you will add a new subinterface to ge-1/1/4 interface as shown in
the lab diagram. These changes will be made so the local customer router can be
used to generate ping traffic for testing the BGP VPLS.
Step 6.1
Enter configuration mode and navigate to the
customer-router-name hierarchy. Configure the appropriate
interface properties for the ge-1/1/4 interface as found on the lab diagram.
In this lab part, you will configure the virtual switch to have a another subinterface
that connects to the customer virtual router and two interfaces that connect to the
PE router. Use the lab diagram to see the intended connectivity.
Part 8: Configuring a BGP VPLS with Redundant Links between CE and PE Routers
In this lab part, you will configure a BGP VPLS instance. You will include the
ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a
Layer 2 loop from forming, your will use the command.
Step 8.1
Enter configuration mode and navigate to the
hierarchy. Configure a IBGP peer group called my-int-group. Use your router’s
loopback address as the source address of all IBGP packets. Finally, configure your
router to peer with the remote PE router.
Step 8.2
Configure your PE router to PE router BGP session to support .
Step 8.3
Navigate to the hierarchy. Configure the ge-1/0/8 and
ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.
Step 8.4
Navigate to the hierarchy. Create a new VPLS
instance named vpn2.
Step 8.5
Navigate to the vpn2 hierarchy. Add the
ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.
Step 8.7
Configure a route distinguisher for the VPLS. Use the following table as your guide
for configuring a route distinguisher in this part of the lab.
Router Route
Distinguisher
mxA-1 193.168.1.1:1
mxA-2 193.168.1.2:1
mxB-1 193.168.2.1:1
mxB-2 193.168.2.2:1
mxC-1 193.168.3.1:1
mxC-2 193.168.3.2:1
mxD-1 193.168.4.1:1
mxD-2 193.168.4.2:1
Step 8.8
Create a BGP VPLS. Use the following table to complete the configuration. Commit
your configuration and exit to operational mode.
Step 8.9
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 8.10
Verify that a Layer 2 loop is in the network by issuing a ping to the broadcast address
for the CE to PE subnet. Attempt to ping 5 times. For example, if you are operating
mxB-1, you would issue the ping 10.0.21.255 count 5 command.
Step 8.11
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 8.12
Enter configuration and mode and navigate to the
vpn2 hierarchy. To prevent that loop, configure the ge-1/0/8 interface as the
active-interface for the site. Commit your configuration and exit to operational mode.
Step 8.13
Check the status of the VPLS connection using the show vpls connections
extensive command. Ensure that the remote group has completed the previous
step of the lab.
Step 8.14
View the vpn2 routing table by using the show route table vpn2
extensive command. Analyze the route that was received from your remote
neighbor.
Step 8.15
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 8.16
Verify connectivity from the local customer router to the remote customer router
through the VPLS by using the ping utility. You will ping the remote customer
router’s ge-1/1/4 address. You will send five packets for this test.
Step 8.17
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 8.18
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
Step 8.21
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 8.22
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. Ping the remote customer
router’s ge-1/1/4 address. Send five packets for this test.
Step 8.23
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 8.24
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab you, will establish a BGP virtual private LAN service (VPLS) between two
provider edge (PE) routers that belong to different autonomous systems (ASs).
Carrier-of-carriers virtual private networks (VPNs) option C will be used to provide the PE
to PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from
the provider PE routers to pass customer internal routes between ASs. You will also use
address family when passing routes between the provider PE router
and the customer CE routers. Finally, you will configure the customer CE routers to pass
any learned routes from the provider (remote customer site routes) to the customer
PE router using the address family.
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP.
• Configure a logical system to generate traffic from the subscriber sites.
• Configure a Layer 3 VPN between the provider PE routers and configure an
multiprotocol EBGP session with the customer CE router using the
address family.
• Configure a bidirectional LSP between the provider PE routers and between the
customer PE and CE.
• Configure an IBGP session between the customer CE and PE using the
address family.
• Configure a multihop EBGP session between the customer CE routers using the
address family.
• Configure a BGP VPLS to provide connectivity between the subscriber
CE routers.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables, and PE-PE BGP
announcements.
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then enable Resource Reservation Protocol (RSVP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure
MP-BGP, and configure a route-distinguisher ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
Step 1.7
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Step 1.8
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
core-facing interfaces.
Step 1.14
Verify the state of your PE router’s BGP neighbor relationship with the remote PE
router.
In this lab part, you will use RSVP to signal an LSP to the remote PE router through
the core network. You will verify that the RSVP LSP is established and the RSVP route
is installed in your routing table.
Step 2.1
Enter configuration mode and navigate to the
hierarchy. Create a to your remote peer’s loopback
address. Use the table below to determine the name of your LSP. Verify that the
configuration looks correct. Commit and exit to operation mode when you are
satisfied with the changes.
Router LSP
Name
mxA-1 lsp1
mxA-2 lsp2
mxB-1 lsp1
mxB-2 lsp2
mxC-1 lsp1
mxC-2 lsp2
mxD-1 lsp1
mxD-2 lsp2
Step 2.2
Verify that the LSP has been established and is ready for use.
Step 2.3
Verify that the routing table has been created and contains the RSVP route
to the remote PE router.
In this lab part, you will create a logical router on your device. This logical router will
act as the subscriber CE router and will be used for testing connectivity between
sites.
Step 3.1
Familiarize yourself with the Lab network diagram. Notice that there is a provider AS,
two customer ASs, and two subscriber CE routers.
Step 3.2
Enter configuration mode and navigate to the hierarchy.
Configure the ge-1/1/6 interface to support vlan-tagging.
Step 3.3
Navigate to the s-ce-name
hierarchy and configure the ge-1/1/6 using the properties specified on the lab
diagram. Commit your configuration and exit to operational mode.
Step 3.4
Verify that the ge-1/1/6 interface is operational and configured with the correct
properties by viewing the routing table of the subscriber CE router.
In this lab part, you will configure a Layer 3 VPN routing instance on the provider
PE router. You will include the customer CE-facing interface within this instance. You
will also configure an MP-EBGP session with the customer CE router using the
address family.
Step 4.1
Enter configuration mode and navigate to the hierarchy.
Configure the ge-1/0/4 interface (with no VLAN tagging) to be used as the CE-facing
interface for the Layer 3 VPN. Be sure to enable this interface for MPLS forwarding
because it will be sending and receiving labeled packets.
Step 4.2
Navigate to the hierarchy. Create a new Layer 3
VPN instance named vpn-to-extend-lsp.
Step 4.3
Navigate to the
hierarchy. Add the ge-1/0/4 interface to the routing instance and specify a route
target community for this VRF. Use the following table as your guide for configuring
your target communities in this part of the lab.
Step 4.4
Within the vpn-to-extend-lsp routing instance, create a BGP group called
customer. Configure an MP-EBGP session using the address
family between the provider PE router and your customer CE router. Remember that
the session will not establish because you have not configured the customer CE
router yet. Commit your configuration so far.
Step 4.5
Navigate to the hierarchy. Configure the ge-1/0/4 interface
to run the MPLS protocol. Commit your configuration so far.
In this lab part, you will use the logical system feature of the Junos OS to represent
the customer CE router. You will configure the customer CE router to have an
MP-IBGP session with the customer PE router and MP-EBGP session with the
provider PE router using the address family. You will also
configure an MPLS LSP to the customer PE router using LDP.
Step 5.1
Navigate to the c-ce-name hierarchy. Configure
the ge-1/1/4 and ge-1/0/5 interfaces (with no VLAN tagging). Be sure to enable
these interfaces for MPLS forwarding because they will be sending and receiving
labeled packets.
Step 5.2
Configure interface lo0.1 with the IP address listed on the lab diagram.
Step 5.3
Navigate to the c-ce-name
hierarchy. Configure the AS number for the customer CE router.
Step 5.4
Navigate to the c-ce-name
hierarchy. Configure ge-1/0/4 and ge-1/0/5 to run the MPLS protocol.
Step 5.5
Configure ge-1/0/5 to run the LDP protocol.
Step 5.6
Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.
Step 5.7
Create a BGP group called int. Configure an MP-IBGP session using the
address family between the customer CE router and the
customer PE router. Remember that the session will not establish because you have
not configured the customer PE router yet.
Step 5.13
Use the show ldp interface command to verify that LDP has been enabled on
the correct interfaces on the customer CE router.
Step 5.14
Use the show ospf interface command to verify that OSPF has been enabled
on the correct interfaces on the customer CE router.
Step 5.16
Use the show route advertising-protocol bgp p-pe-address
command to verify that the customer CE router is advertising its loopback address to
the provider PE router. Remember that it will not advertise the customer PE router’s
loopback until the customer PE router is configured. You will configure the customer
PE router in the next part of the lab.
Step 5.17
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your provider PE router).
In this lab part, you will use the logical system feature of the Junos OS to represent
the customer PE router. You will configure the customer PE router to have an
MP-IBGP session with the customer CE router using the
address family. You will also configure an MPLS LSP to the customer CE router using
LDP.
Step 6.1
Enter configuration mode and navigate to the
c-pe-name hierarchy. Configure the ge-1/1/5 interface (with no VLAN tagging).
Be sure to enable this interface for MPLS forwarding because it will be sending and
receiving labeled packets.
Step 6.2
Configure interface lo0.2 with the IP address listed on the lab diagram.
Step 6.3
Navigate to the c-pe-name
hierarchy. Configure the AS number for the customer PE router.
Step 6.4
Navigate to the c-pe-name
hierarchy. Configure ge-1/1/5 to run the MPLS protocol.
Step 6.5
Configure ge-1/1/5 to run the LDP protocol.
Step 6.6
Configure OSPF (Area 0) on the lo0.2 and ge-1/1/5 interfaces.
Step 6.7
Create a BGP group called int. Configure an MP-IBGP session using the
address family between the customer PE router and the
customer CE router. Commit your configuration and exit to operational mode.
Step 6.8
Use the set cli logical-system command to place the CLI in the context of
the customer PE router logical system.
Step 6.9
Use the show mpls interface command to verify that MPLS has been
enabled on the correct interfaces on the customer PE router.
Step 6.11
Use the show ldp database command to verify that LSPs have been created to
and from the customer CE router.
Step 6.12
Use the show bgp summary command to verify that a BGP neighbor relationship
has been established with the customer CE router.
In this lab part, you will analyze the BGP routes that have been learned by the
customer PE router (originated in remote AS). You will ensure that these routes can
be used for the BGP next-hop recursive lookup for Layer 2 VPN NLRI that will be
advertised in the next part of the lab.
Step 7.1
Use the show route protocol bgp command to view the BGP routes that
have been learned from the remote autonomous system.
Step 7.2
Enter configuration mode and navigate to the hierarchy.
Configure the option for the address family.
Commit your configuration and exit to operational mode.
Step 7.3
Use the show route protocol bgp command to view the BGP routes that
have been learned from the remote AS.
In this lab part, you will create a BGP VPLS between PE routers in two different ASs.
You will configure a multihop MP-EBGP session with the remote PE router using the
address family.
Step 8.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your provider PE router).
Step 8.2
Enter configuration mode and navigate to the hierarchy. Enable
tunnel services on FPC 1 PIC 0 at speed of 1 g.
Step 8.3
Navigate to the c-pe-name
hierarchy. Create a BGP group called ext. Configure a multihop EBGP session with
the remote customer PE router using loopback addresses for peering and the
address family.
Step 8.4
Navigate to the hierarchy. Configure the ge-1/0/6 to allow
for and an encapsulation of . Do not specify any
logical interface properties at this hierarchy.
Step 8.5
Navigate to the c-pe-name
hierarchy. Configure ge-1/0/6 interface to be used as the subscriber CE
router-facing interface for the VPLS.
Step 8.6
Navigate to the c-pe-name
hierarchy. Create a new VPLS instance called vpn1.
Step 8.7
Navigate to the c-pe-name
vpn1 hierarchy. Add the ge-1/0/6 interface to the
routing instance.
Step 8.8
Configure a route target community for the VPLS. Use the following table as your
guide for configuring your target communities in this part of the lab.
Step 8.9
Configure a route distinguisher using the loopback of the customer PE router. Use
the following table as your guide for configuring a route distinguisher in this part of
the lab.
Router Route
Distinguisher
mxA-1 193.168.11.3:1
mxA-2 193.168.11.4:1
mxB-1 193.168.12.3:1
mxB-2 193.168.12.4:1
mxC-1 193.168.13.3:1
mxC-2 193.168.13.4:1
mxD-1 193.168.14.3:1
mxD-2 193.168.14.4:1
Step 8.10
Create a BGP VPLS. Use the following table to complete the configuration. Commit
your configuration and exit to operational mode.
Step 8.11
Check the status of the VPLS connection using the show vpls connections
extensive logical-systems c-pe-name command. Ensure that the
remote group has completed the previous step of the lab.
Step 8.12
Use the set cli logical-system command to place the CLI in the context of
the subscriber CE router logical system.
Step 8.13
Verify that you have connectivity from the local subscriber CE router to the remote
subscriber CE router through the VPLS by using the ping utility. You will ping the
remote subscriber CE router’s ge-1/1/6 address. Send 5 packets for this test.
Step 8.14
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your provider PE router).
Step 8.15
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.
Overview
In this lab, you will establish a multicast layer 3 VPN (MVPN) between provider edge (PE)
routers. You will configure both inclusive and selective provider tunnels using the point to
multipoint (P2MP) version of both Resource Reservation Protocol (RSVP) and Label
Distribution Protocol (LDP).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
By completing this lab, you will perform the following tasks:
• Load the a baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that represents all of the other routers in
the diagram (p1, p2, pe2, pe3, ce2, and ce3).
• Configure a Layer 3 VPN which will provide connectivity between the source
server, ce2, and ce3.
• Enable the Protocol Independent Multicast (PIM) for the VPN.
• Configure an inclusive provider tunnel that uses a P2MP RSVP-signaled label
switched path (LSP) in the data plane using the default template.
• Configure a non-default template for the P2MP LSP.
• Configure the selective provider tunnel to use LDP-signaled LSPs instead of
RSVP-signaled LSPs and analyze the differences between selective and
inclusive tunnels.
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 MVPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then enable RSVP, LDP, and multiprotocol label switching
(MPLS) on the core-facing interfaces. You will then configure MP-BGP, and a
route-distinguisher ID.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxB-1 using the Secure CRT program.
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.
Step 1.7
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE routers.
Step 1.16
Use the show ldp database to see if LDP LSPs have been established to both of
the remote PEs.
Step 1.17
Verify the state of your PE router’s BGP neighbor relationship with the remote PE
routers.
In this lab part, you will view the configuration for a CE router (logical system) that
was preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Step 2.1
Use the set cli logical-system command to place the CLI in the context of
the ce2 router logical system.
Step 2.2
Issue the show configuration command to view the configuration of the CE
router.
Answer:
Step 2.3
Issue the show ospf neighbor command to determine the state of the ce2
router’s OSPF neighbors.
Step 2.4
Issue the show pim join command to determine if the ce2 router is currently
sending PIM joins for the two multicast groups.
Step 2.6
Issue the show route 193.168.1.11 command to verify that the ce2 router has
learned a route to the RP.
Step 2.7
Issue the show route protocol ospf command to determine what OSPF
routes that the ce2 router has learned so far.
Step 2.8
Enter configuration mode and navigate to the
hierarchy. Disable IGMP on the ge-1/0/5.0 interface. Commit your configuration and
exit to operational mode.
Step 2.9
Verify that the ce2 router is no longer attempting to find an upstream interface to
send a PIM (*,G) join by issuing the show pim join command.
Step 2.10
Use the set cli logical-system command to place the CLI in the context of
the pe2 router logical system.
Step 2.11
Issue the show configuration routing-instances command to view the VRF
configuration for the pe2 router.
Step 2.12
The ce3 and pe3 routers are in a similar state to ce2 and pe2, respectively.
Optionally, verify the state of the pe3 and ce3 routers before moving on to the next
part.
Step 2.13
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
In this lab part, you will configure the PE to source interface. You will verify
reachability using the ping utility.
Step 3.3
At this point in the lab, the multicast sources should be sending multicast traffic.
Issue the show multicast usage command to determine if you are receiving
multicast traffic.
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route target community to the VPN. You will include your source-facing interface
within this instance.
Step 4.1
Enter configuration mode and navigate to the hierarchy.
Configure the loopback interface for the VRF with the appropriate IP addressing.
Step 4.2
Navigate to the hierarchy. Create a new VPN
routing and forwarding (VRF) instance named vpn1.
Step 4.3
Navigate to the hierarchy. Configure your
route target. The route target for vpn1 is .
Step 4.4
Include the CE facing interface in your VRF instance.
Step 4.5
Include the lo0.11 interface in your VRF instance.
Step 4.6
Configure the option for your VRF instance.
Step 4.7
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 4.9
Issue the show route advertising-protocol bgp 193.168.1.4
command to view the routes that you are advertising to the remote sites.
Step 4.10
Use the set cli logical-system command to place the CLI in the context of
the ce2 router logical system.
Step 4.11
Issue the show route command to determine if the ce2 router has learned routes
to both the RP and the multicast sources.
Step 4.12
Use the set cli logical-system command to place the CLI in the context of
the ce3 router logical system.
Step 4.13
Issue the show route command to determine if the ce3 router has learned routes
to both the RP and the multicast sources.
Step 4.14
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
In this lab part, you will enable the MVPN such that multicast is delivered to the
remote sites over an RSVP-signaled P2MP provider tunnel.
Step 5.1
Enter configuration mode and navigate to the
hierarchy. Create an LSP template called p2mp-template that will support a
bandwidth of 200M.
Step 5.2
Navigate to the hierarchy. Enable the PIM
protocol (sparse mode) on all interfaces of the VRF.
Step 5.3
Configure pe1 to be the RP (using lo0.11 address) for the customer’s PIM domain.
Step 5.4
Under the MVPN protocol, enable this site to only be a sender site. Also, enable the
MVPN to operate in shortest path tree only mode. Commit your configuration.
Step 5.5
Configure a provider tunnel that will use an RSVP-signaled P2MP LSP. Ensure that
the P2MP LSP uses the p2mp-template template that you configured earlier.
Commit your configuration and exit to operational mode.
Step 5.6
Issue the show RSVP session command to verify that the P2MP LSP is established.
Step 5.7
Issue the show multicast route instance vpn1 extensive command
to see if you router can forward the incoming multicast packets.
Step 5.8
Issue the show pim join instance vpn1 command to view the status of the
PIM forwarding tree.
Step 5.9
Issue the show route table vpn1.mvpn.0 command to view the MP-BGP
MVPN routes that have been learned/created by the PE routers.
Step 5.10
Issue the show route advertising-protocol bgp 193.168.1.4 command to
view the routes that the pe1 router is advertising to the remote PE routers.
Step 5.11
Use the set cli logical-system command to place the CLI in the context of
the ce2 router logical system.
Step 5.12
Issue the show multicast route command to determine the type of multicast
packets that the ce2 router is currently forwarding.
Step 5.13
Enter configuration mode and delete the statement that you added to the
ge-1/0/5.0 interface earlier in the lab. View your configuration, commit your
configuration, and exit to operational mode.
Step 5.14
Issue the show pim join command to determine if the ce2 router is attempting
to join the PIM source tree for the two multicast groups.
Step 5.15
Issue the show multicast route command to determine the type of multicast
packets that the ce2 router is currently forwarding.
Step 5.16
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 5.17
Issue the show route table vpn1.mvpn.0 command to seen if any new
MVPN routes have been learned from the remote PEs.
Step 5.18
Use the set cli logical-system command to place the CLI in the context of
the ce3 router logical system.
Step 5.19
Issue the show pim join command to see of the ce3 router has joined the PIM
source tree
Step 5.20
Use the set cli logical-system command to place the CLI in the context of
the pe3 router logical system.
Step 5.21
Issue the show multicast route extensive instance vpn1 command
to determine if the pe3 router is receiving any multicast traffic.
In this part of the lab, you will configure a selective provider tunnel (using an LDP
signaled P2MP LSP) that will deliver multicast traffic to only the interested receiving
sites.
Step 6.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.2
Enter configuration and enable LDP for P2MP signaling.
Step 6.3
Navigate to the hierarchy. Configure a
LDP-signaled P2MP LSP-based selective provider tunnel for any group in the
224.8.8/24 range. Make sure to specify your router’s source for that group range.
Use the following table to determine the source’s address. Commit your
configuration and exit to operational mode.
Step 6.4
Issue the show ldp database command to determine if an LDP-signaled P2MP
LSP has been established.
Step 6.5
Issue the show rsvp session command again to determine the outbound label
for the RSVP P2MP LSP.
Step 6.6
Issue the show route table vpn1.inet.1 command to determine which
multicast groups will be forwarded using the RSVP or the LDP P2MP LSP.
Step 6.7
Issue the show route advertising-protocol bgp 193.168.1.4
command to determine if any new routes have been advertised to the remote PE
routers.
Step 6.8
Use the set cli logical-system command to place the CLI in the context of
the ce2 router logical system.
Step 6.10
Use the set cli logical-system command to place the CLI in the context of
the pe3 router logical system.
Step 6.11
Issue the show multicast route extensive instance vpn1 command
to determine if the pe3 router is receiving any multicast traffic.
Step 6.12
Use the set cli logical-system command to place the CLI in the context of
the ce3 router logical system.
Step 6.13
Enter configuration mode and navigate to the
hierarchy. View the ce2 router’s IGMP configuration. Delete the disable statement
under the ge-1/0/4 interface. Commit your configuration and exit to operational
mode.
Step 6.14
Issue the show pim join command to verify that the ce3 router is now sending
PIM joins for the multicast groups.
Step 6.15
Issue the show multicast route extensive command to view the rate at
which multicast packets are being received by the ce3 router.
Step 6.16
Use the set cli logical-system command to place the CLI in the context of
the p2 router logical system.
Step 6.17
Issue the show ldp database command to view the branches of the LDP
signaled P2MP LSP.
Step 6.18
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 6.19
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.